RMAN備份與恢復之加密備份
RMAN備份與恢復之加密備份
ORACLE從10g R2開始為備份提供加密功能,透過加密獲得的備份,可以保護備份檔案,防止備份洩露帶來的安全問題。
顯示當前資料庫的加密演算法:
SQL> select * from v$rman_encryption_algorithms;
ALGORITHM_ID ALGORITHM_NAME ALGORITHM_DESCRIPTION IS_ RES
------------ -------------------- ------------------------------ --- ---
1 AES128 AES 128-bit key YES NO
2 AES192 AES 192-bit key NO NO
3 AES256 AES 256-bit key NO NO
RMAN> show encryption algorithm;
using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
RMAN中更改加密演算法:
RMAN> configure encryption algorithm 'AES192';
口令模式加密
該加密方式透過在生成備份集是設定口令,在使用備份集時設定解密口令來實現對備份集的加密,適合轉存備份集時使用。
設定備份口令:
RMAN> set encryption on identified by 'oracle' only;
executing command: SET encryption
RMAN> run{
2> allocate channel c1 type disk format '/u01/rman_dest/rman_users_%p_%M-%D_%t.bak';
3> backup tablespace users channel c1;
4> release channel c1;
5> }
SQL> select file#,name from v$datafile;
FILE# NAME
---------- ------------------------------------------------
1 /u01/app/oracle/oradata/orcl_dup/system01.dbf
3 /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
4 /u01/app/oracle/oradata/orcl_dup/users01.dbf
5 /u01/app/oracle/oradata/orcl_dup/example01.dbf
6 /u01/app/oracle/oradata/orcl_dup/tts01.dbf
7 /u01/app/oracle/oradata/orcl_dup/tts02.dbf
8 /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
模擬損壞,進行測試
[oracle@node1 ~]$ rm -rf /u01/app/oracle/oradata/orcl_dup/users01.dbf
RMAN> shutdown abort;
using target database control file instead of recovery catalog
Oracle instance shut down
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 167772160 bytes
Fixed Size 1218316 bytes
Variable Size 88082676 bytes
Database Buffers 75497472 bytes
Redo Buffers 2973696 bytes
此時恢復資料檔案會提示wallet is not open錯誤
RMAN> restore datafile 4;
Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 11:05:00
ORA-19870: error reading backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
指定解密密碼
RMAN> set decryption identified by 'oracle';
executing command: SET decryption
RMAN> restore datafile 4;
Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/rman_users_1_07-09_852462004.bak tag=TAG20140709T110003
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 09-JUL-14
RMAN> recover datafile 4;
Starting recover at 09-JUL-14
using channel ORA_DISK_1
starting media recovery
media recovery complete, elapsed time: 00:00:03
Finished recover at 09-JUL-14
RMAN> alter database open;
database opened
透明模式
該方式透過本地配置Wallet來實現本地備份集的安全,該加密方式適用於本地的備份安全維護。
Oracle Encryption Wallet的簡單使用配置:
SQLNET.ORA指定Wallet的地址
[oracle@node1 ~]$ cd $ORACLE_HOME/network/admin
[oracle@node1 admin]$ visqlnet.ora
設定Wallet地址:
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/wallet)))
[oracle@node1 admin]$ mkdir -p /u01/wallet
SYS使用者建立wallet
SQL> alter system set encryption key authenticated by "oracle";
System altered.
SQL> !ls /u01/wallet
ewallet.p12
開啟關閉Wallet的方法
SQL> alter system set encryption wallet open identified by "oracle";
System altered.
SQL> alter system set encryption wallet close;
System altered.
RMAN> configure encryption for database on;
new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored
RMAN> set encryption on;
executing command: SET encryption
此時如果關閉wallet,去備份資料庫會報如下錯誤
RMAN> backup database format '/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak';
Starting backup at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 07/09/2014 15:49:07
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open
開啟wallet,再次執行備份即可
SQL> alter system set encryption wallet open identified by "oracle";
System altered.
RMAN> backup database format '/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak';
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
channel ORA_DISK_1: finished piece 1 at 09-JUL-14
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak tag=TAG20140709T155359 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:02:25
Finished backup at 09-JUL-14
Starting Control File and SPFILE Autobackup at 09-JUL-14
piece handle=/u01/FRA/orcl_dup/ORCL_DUP/autobackup/2014_07_09/o1_mf_s_852479786_9vsxforn_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 09-JUL-14
此時如果關閉wallet,rman中同樣無法執行恢復資料庫操作
SQL> alter system set encryption wallet close;
RMAN> restore database;
Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 16:21:43
ORA-19870: error reading backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
再次開啟wallet,恢復得意順利進行
SQL> alter system set encryption wallet open identified by "oracle";
System altered.
RMAN> restore database;
Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak tag=TAG20140709T155359
channel ORA_DISK_1: restore complete, elapsed time: 00:02:08
Finished restore at 09-JUL-14
混合模式
所謂混合模式,就是在進行備份時,即啟用口令加密,又啟動透明加密。在本地模式下,啟用透明模式,在異地恢復時啟用口令加密。
在設定加密密碼時去掉後面的only即可
RMAN> set encryption on identified by "oracle";
executing command: SET encryption
SQL> alter system set encryption wallet open identified by "oracle";
System altered.
做一次混合模式的備份
RMAN> backup database format '/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak';
Starting backup at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=149 devtype=DISK
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
channel ORA_DISK_1: finished piece 1 at 09-JUL-14
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak tag=TAG20140709T163635 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:01:36
Finished backup at 09-JUL-14
Starting Control File and SPFILE Autobackup at 09-JUL-14
piece handle=/u01/FRA/orcl_dup/ORCL_DUP/autobackup/2014_07_09/o1_mf_s_852482292_9vszvopx_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 09-JUL-14
啟動資料庫到mount模式,進行測試
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down
RMAN> startup mount
connected to target database (not started)
Oracle instance started
database mounted
此時無法直接執行資料庫的恢復
RMAN> restore database;
Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 16:41:05
ORA-19870: error reading backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
此時啟用資料庫的wallet或者設定解密口令都可以進行恢復:
RMAN> set decryption identified by 'oracle';
executing command: SET decryption
或者
SQL> alter system set encryption wallet open identified by "oracle";
System altered.
RMAN> restore database;
Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak tag=TAG20140709T163635
channel ORA_DISK_1: restore complete, elapsed time: 00:01:46
Finished restore at 09-JUL-14
RMAN> recover database;
一切正常,啟動資料庫即可
RMAN> alter database open;
database opened
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29320885/viewspace-1214663/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- rman備份恢復命令之switch
- RMAN備份恢復原理
- 循序漸進oracle第7章:備份與恢復之RMAN的簡單備份與恢復Oracle
- Oracle資料庫備份與恢復之RMANOracle資料庫
- RMAN加密備份之口令加密加密
- RMAN 備份與恢復深入解析(二)
- RMAN 備份與恢復深入解析(一)
- 【轉】 RMAN備份與恢復實踐
- rman備份恢復-rman入門
- MongoDB之備份與恢復MongoDB
- RMAN備份、恢復實驗室 之 備份篇 【rman: can't open target】
- RMAN備份恢復典型案例——RMAN備份&系統變慢
- RMAN備份、恢復實驗室 之 備份篇 【歸檔模式】模式
- RMAN備份恢復——備份到帶庫的效能
- 【RMAN】RMAN備份恢復3 RMAN增量備份指令碼與crontab計劃任務指令碼
- 備份&恢復之四:非歸檔模式下的備份與恢復模式
- Oracle備份恢復之熱備份恢復及異機恢復Oracle
- Oracle 備份恢復篇之RMAN catalogOracle
- Mysql備份與恢復(1)---物理備份MySql
- 備份與恢復:polardb資料庫備份與恢復資料庫
- 循序漸進oracle第7章:備份與恢復之RMAN完整備份指令碼Oracle指令碼
- RMAN例項備份與恢復詳解
- RMAN備份恢復——備份到帶庫的效能(二)
- RMAN備份恢復——備份集儲存位置改變
- RMAN備份恢復之控制檔案的恢復(三)
- RMAN備份恢復之控制檔案的恢復(二)
- RMAN備份恢復之控制檔案的恢復(一)
- Effective MySQL之備份與恢復MySql
- MySQL備份與恢復——基於Xtrabackup物理備份恢復MySql
- 備份與恢復--利用備份的控制檔案恢復
- Oracle資料庫備份與恢復之RMAN2Oracle資料庫
- RMAN備份恢復效能優化優化
- RMAN備份恢復整個庫
- oracle RMAN 備份恢復總結Oracle
- oracle RMAN 備份恢復總結Oracle
- oracle rman備份恢復的例子Oracle
- 備份與恢復系列 十一 控制檔案的備份與恢復
- Mysql備份與恢復(2)---邏輯備份MySql