RMAN加密備份的三種方式
前言:為了資料備份的安全性,在某些特定的情況下我們需要對備份進行加密操作。一般是加密廠商或者Oracle自帶的加密方式進行加密。如果使用Oracle自帶的加密方式,顯然是增加了Oracle管理員的維護成本,如果使用廠商加密,一旦金鑰丟失,那麼恢復起來基本上就是不太可能的。但對於Oracle自帶的加密,如果金鑰丟失,還有一定的挽回方式。在我接觸的資料庫維護中,基本上很少使用加密備份的方式。
RMAN備份可以建立加密的備份集,加密方式分為三種模式
-
透明模式
-
口令模式
-
雙體模式
透明模式和雙體模式要求將主金鑰存放錢包的安全檔案中,錢包的路徑由sqlnet.ora檔案生命
一:開啟錢包加密
##1.編輯sqlnet.ora檔案,新增以下內容,並建立對應的目錄
[oracle@orcl:/u01/app/oracle/product/12.2.0/db/network/admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION = (SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/product/12.2.0/db/lhh/wallet/)))
[oracle@orcl:/home/oracle]$ mkdir -p /u01/app/oracle/product/12.2.0/db/lhh/wallet
##2.建立錢包、設定其密碼,開啟錢包及在其內建立主金鑰
sys@ORCL 09:28:29> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "qwe123!@#";
System altered.
#設定完成之後生成一個ewallet.p12檔案,我們設定的密碼會存放到這個檔案中
[oracle@orcl:/u01/app/oracle/product/12.2.0/db/lhh/wallet]$ ll
total 4
-rw------- 1 oracle oinstall 2848 Mar 19 09:28 ewallet.p12
##3.檢視錢包是否已經開啟
sys@ORCL 09:31:35> select * from V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
---------- --------------------------------------------- ---------- -------------------- --------- --------- ----------
FILE /u01/app/oracle/product/12.2.0/db/lhh/wallet/
OPEN PASSWORD SINGLE NO 0
二:加密備份
##1.開啟備份加密功能
RMAN> set encryption on;
executing command: SET encryption
#指定演算法加密
RMAN> set encryption on using 'AES256';
executing command: SET encryption
#以下命令永久開啟透明模式加密功能或設定加密演算法
RMAN> configure encryption for database on;
RMAN> configure encryption algorithm 'AES256';
##2.測試透明加密備份
RMAN> set encryption on;
executing command: SET encryption
RMAN> backup tablespace users;
Starting backup at 19-MAR-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00007 name=/oradata/orcl/users01.dbf
input datafile file number=00002 name=/oradata/orcl/users02.dbf
channel ORA_DISK_1: starting piece 1 at 19-MAR-22
channel ORA_DISK_1: finished piece 1 at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T094108_k3bf5n7v_.bkp tag=TAG20220319T094108 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 19-MAR-22
Starting Control File and SPFILE Autobackup at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/autobackup/2022_03_19/o1_mf_s_1099734069_k3bf5ojb_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 19-MAR-22
#關閉錢包,嘗試恢復
sys@ORCL 09:42:45> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "qwe123!@#";
System altered.
還原過程提示錢包沒有開啟
RMAN> restore tablespace users;
Starting restore at 19-MAR-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00002 to /oradata/orcl/users02.dbf
channel ORA_DISK_1: restoring datafile 00007 to /oradata/orcl/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T094108_k3bf5n7v_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 03/19/2022 09:43:34
ORA-19870: error while restoring backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T094108_k3bf5n7v_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
三:不開啟錢包的加密
##1.直接設定加密金鑰
#手工方式直接定義口令的加密備份方式,過程不需要開啟錢包,值需要給出匹配的口令即可
RMAN> set encryption on IDENTIFIED BY "qwe123!@#" only;
executing command: SET encryption
using target database control file instead of recovery catalog
##2.備份users表空間
RMAN> backup tablespace users;
Starting backup at 19-MAR-22
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=58 device type=DISK
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00007 name=/oradata/orcl/users01.dbf
input datafile file number=00002 name=/oradata/orcl/users02.dbf
channel ORA_DISK_1: starting piece 1 at 19-MAR-22
channel ORA_DISK_1: finished piece 1 at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T102532_k3bhrwpf_.bkp tag=TAG20220319T102532 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 19-MAR-22
Starting Control File and SPFILE Autobackup at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/autobackup/2022_03_19/o1_mf_s_1099736733_k3bhrxx9_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 19-MAR-22
##不輸入金鑰進行還原操作提示ORA-19913
RMAN> restore tablespace users;
Starting restore at 19-MAR-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00002 to /oradata/orcl/users02.dbf
channel ORA_DISK_1: restoring datafile 00007 to /oradata/orcl/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T102532_k3bhrwpf_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 03/19/2022 10:25:48
ORA-19870: error while restoring backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T102532_k3bhrwpf_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
#輸入密碼進行還原操作
RMAN> set decryption identified by "qwe123!@#";
RMAN> restore tablespace users;
Starting restore at 19-MAR-22
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=42 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00002 to /oradata/orcl/users02.dbf
channel ORA_DISK_1: restoring datafile 00007 to /oradata/orcl/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T102532_k3bhrwpf_.bkp
channel ORA_DISK_1: piece handle=/home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T102532_k3bhrwpf_.bkp tag=TAG20220319T102532
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 19-MAR-22
四:雙體備份模式
簡而言之:就是錢包處於開啟狀態,並且進行備份的時候手工指定一個金鑰,這樣恢復的過程中,只要錢包開啟或者輸入口令解密兩種方式選擇其一,就可以進行還原
#1.開啟錢包加密
idle 19-MAR-22> ALTER SYSTEM SET ENCRYPTION WALLET open IDENTIFIED BY "qwe123!@#";
#2.手工設定備份口令並備份users表空間
##這裡注意,手工指定的口令和錢包口令是不一致的
RMAN> set encryption identified by "123456";
executing command: SET encryption
RMAN> backup tablespace users;
Starting backup at 19-MAR-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00007 name=/oradata/orcl/users01.dbf
input datafile file number=00002 name=/oradata/orcl/users02.dbf
channel ORA_DISK_1: starting piece 1 at 19-MAR-22
channel ORA_DISK_1: finished piece 1 at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T105003_k3bk6vso_.bkp tag=TAG20220319T105003 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 19-MAR-22
Starting Control File and SPFILE Autobackup at 19-MAR-22
piece handle=/home/oracle/fra/ORCL/autobackup/2022_03_19/o1_mf_s_1099738204_k3bk6x1p_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 19-MAR-22
#3.關閉錢包並講資料庫啟動到mount狀態
idle 19-MAR-22> ALTER SYSTEM SET ENCRYPTION WALLET close IDENTIFIED BY "qwe123!@#";
idle 19-MAR-22> startup mount force
ORACLE instance started.
Total System Global Area 1493172224 bytes
Fixed Size 8620896 bytes
Variable Size 788530336 bytes
Database Buffers 687865856 bytes
Redo Buffers 8155136 bytes
Database mounted.
#4.使用set decryption執行解密,並還原users表空間
##這裡我們使用的是手工輸入口令,輸入的是我們動態生成的金鑰
RMAN> set decryption identified by "123456";
executing command: SET decryption
RMAN> restore tablespace users;
Starting restore at 19-MAR-22
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=42 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00002 to /oradata/orcl/users02.dbf
channel ORA_DISK_1: restoring datafile 00007 to /oradata/orcl/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T105003_k3bk6vso_.bkp
channel ORA_DISK_1: piece handle=/home/oracle/fra/ORCL/backupset/2022_03_19/o1_mf_nnndf_TAG20220319T105003_k3bk6vso_.bkp tag=TAG20220319T105003
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 19-MAR-22
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/31462978/viewspace-2874054/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 【RMAN】Oracle中如何備份控制檔案?備份控制檔案的方式有哪幾種?Oracle
- 【備份】RMAN中對控制檔案的幾種備份方法
- 【RMAN】RMAN的備份保留策略
- RMAN的備份原理
- 【RMAN】RMAN備份至ASMASM
- RMAN備份概述
- RMAN備份恢復典型案例——RMAN備份&系統變慢
- RMAN備份進度
- rman 備份指令碼指令碼
- RMAN 備份相關的概念
- RMAN備份恢復技巧
- 【rman備份策略】實驗
- Oracle RMAN備份實戰Oracle
- Oracle OCP(60):RMAN 備份Oracle
- rman 增量備份恢復
- MPLS-VPN的幾種備份方式——VecloudCloud
- MySql資料庫備份的幾種方式MySql資料庫
- 分享Oracle Rman的備份指令碼Oracle指令碼
- 【RMAN】同時建立多個備份(建立多重備份)
- 【RMAN】在備庫執行rman備份時報錯RMAN-06820 ORA-17629
- [20190522]rman備份問題.txt
- RMAN備份異機恢復
- RMAN備份詳解(轉載)
- 使用RMAN備份資料庫資料庫
- rman開啟備份優化對備份歸檔的影響優化
- MySQL 資料庫定時備份的幾種方式MySql資料庫
- 達夢DSC各種方式備份還原
- Oracle ADG環境下的RMAN備份策略Oracle
- RMAN備份的最佳化和調整
- [20190510]rman備份的疑問8.txt
- [20190510]rman備份的疑問7.txt
- [20190509]rman備份的疑問5.txt
- RMAN備份恢復效能優化優化
- RMAN備份中發現壞塊
- RMAN自動備份任務新增
- oracle 12c rman備份pdbOracle
- 利用RMAN備份重建資料庫資料庫
- RMAN備份與恢復測試