ORACLE RMAN ENCRYPTION(WALLET)

如下这篇文章，主要是做一个简单的rman加密的演示

启用db的加密

RMAN> CONFIGURE ENCRYPTION FOR DATABASE on
2> ;


new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored

查看数据库默认的加密算法

SQL> select * from v$rman_encryption_algorithms;

ALGORITHM_ID ALGORITHM_NAME  ALGORITHM_DESCR IS_DEFAUL RESTORE_O
------------ --------------- --------------- --------- ---------
       1 AES128      AES 128-bit key        YES       NO
       2 AES192      AES 192-bit key        NO        NO
       3 AES256      AES 256-bit key        NO        NO



RMAN> show encryption algorithm;

RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

设定密码

RMAN> set encryption on identified by "Oracle123" only;

executing command: SET encryption

尝试去备份

RMAN> set decryption identified by "Oracle123";

executing command: SET decryption

RMAN> backup database;

Starting backup at 11-AUG-17
using channel ORA_DISK_1
using channel ORA_DISK_2
using channel ORA_DISK_3
using channel ORA_DISK_4
using channel ORA_DISK_5
using channel ORA_DISK_6
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
××× ××××
continuing other job steps, job failed will not be re-run
RMAN-03009: failure of backup command on ORA_DISK_3 channel at 08/11/2017 12:05:50
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open
continuing other job steps, job failed will not be re-run
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_4 channel at 08/11/2017 12:05:50
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open

RMAN> 

ORA-28365: wallet is not open 
该错误的解释：

[oracle@hdp backupset]$ oerr ora 28365
28365, 0000, "wallet is not open"
// *Cause:  The security module wallet has not been opened.
// *Action: Open the wallet.

去相应目录创建wallet文件夹就可以了

– 创建钱夹

[oracle@hdp orcl]$ mkdir wallet
[oracle@hdp orcl]$ pwd
/u01/app/oracle/admin/orcl
[oracle@hdp orcl]$ ls
adump  dpdump  pfile  wallet
[oracle@hdp orcl]$ sqlplus /  as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Fri Aug 11 12:12:35 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Oracle123"
  2  ;

System altered.

SQL> 


ALTER SYSTEM SET DECRYPTION KEY IDENTIFIED BY "Oracle123"

再次去备份的时候发现可以正常备份了。

然后我们再试着去恢复

RMAN> set decryption identified by "Oracle123";

RMAN> restore database;

Starting restore at 11-AUG-17
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=63 device type=DISK
allocated channel: ORA_DISK_2
channel ORA_DISK_2: SID=129 device type=DISK
××× ××××
channel ORA_DISK_3: restoring datafile 00001 to /u01/app/oracle/oradata/orcl/system01.dbf
channel ORA_DISK_3: reading from backup piece /u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfq0_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 08/11/2017 12:19:20
ORA-19870: error while restoring backup piece /u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfsk_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> 

原来是wallet没有打开

 1*  SELECT * FROM V$ENCRYPTION_WALLET
SQL> /

WRL_TYPE                             WRL_PARAMETER   STATUS
------------------------------------------------------------ --------------- ------------------------------------------------------
file                                 /u01/app/oracle **CLOSED**
                                 /admin/orcl/wal
                                 let


SQL> alter system set wallet open identified by "Oracle123"
  2  /

System altered.

SQL>  SELECT * FROM V$ENCRYPTION_WALLET;

WRL_TYPE                             WRL_PARAMETER   STATUS
------------------------------------------------------------ --------------- ------------------------------------------------------
file                                 /u01/app/oracle OPEN
                                 /admin/orcl/wal
                                 let


SQL> 

打开钱包后的操作,我们才可以继续我们的操作

[oracle@hdp ~]$ rman target/

Recovery Manager: Release 11.2.0.4.0 - Production on Fri Aug 11 12:36:52 2017

Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.

connected to target database: ORCL (DBID=1477533441, not open)

RMAN> restore database;

Starting restore at 11-AUG-17
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=129 device type=DISK
allocated channel: ORA_DISK_2
channel ORA_DISK_2: SID=194 device type=DISK
allocated channel: ORA_DISK_3
channel ORA_DISK_3: SID=5 device type=DISK
******        [ignore something]                  ******
channel ORA_DISK_3: piece handle=/u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfq0_.bkp tag=TAG20170811T121333
channel ORA_DISK_3: restored backup piece 1
channel ORA_DISK_3: restore complete, elapsed time: 00:00:15
Finished restore at 11-AUG-17

RMAN> recover database;

Starting recover at 11-AUG-17
using channel ORA_DISK_1
using channel ORA_DISK_2
using channel ORA_DISK_3
using channel ORA_DISK_4
using channel ORA_DISK_5
using channel ORA_DISK_6
datafile 4 not processed because file is offline

starting media recovery
media recovery complete, elapsed time: 00:00:00

Finished recover at 11-AUG-17

RMAN> sql 'alter database open'
2> ;

sql statement: alter database open

RMAN>