RMAN备份与恢复之加密备份

其他 2019-01-22 01:18:17 阅读次数: 0

ORACLE从10g R2开始为备份提供加密功能,通过加密获得的备份,可以保护备份文件,防止备份泄露带来的安全问题。

显示当前数据库的加密算法:

SQL> select * from v$rman_encryption_algorithms;

ALGORITHM_ID ALGORITHM_NAME ALGORITHM_DESCRIPTION IS_ RES

       1 AES128               AES 128-bit key                YES NO
       2 AES192               AES 192-bit key                NO  NO
       3 AES256               AES 256-bit key                NO  NO

RMAN> show encryption algorithm;

using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE ENCRYPTION ALGORITHM ‘AES128’; # default

RMAN中更改加密算法:
RMAN> configure encryption algorithm ‘AES192’;

口令模式加密
该加密方式通过在生成备份集是设置口令,在使用备份集时设置解密口令来实现对备份集的加密,适合转存备份集时使用。
设置备份口令:
RMAN> set encryption on identified by ‘oracle’ only;
executing command: SET encryption

RMAN> run{
2> allocate channel c1 type disk format ‘/u01/rman_dest/rman_users_%p_%M-%D_%t.bak’;
3> backup tablespace users channel c1;
4> release channel c1;
5> }

SQL> select file#,name from v$datafile;

 FILE# NAME

     1 /u01/app/oracle/oradata/orcl_dup/system01.dbf
     3 /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
     4 /u01/app/oracle/oradata/orcl_dup/users01.dbf
     5 /u01/app/oracle/oradata/orcl_dup/example01.dbf
     6 /u01/app/oracle/oradata/orcl_dup/tts01.dbf
     7 /u01/app/oracle/oradata/orcl_dup/tts02.dbf
     8 /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf

模拟损坏,进行测试
[oracle@node1 ~]$ rm -rf /u01/app/oracle/oradata/orcl_dup/users01.dbf

RMAN> shutdown abort;

using target database control file instead of recovery catalog
Oracle instance shut down

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area 167772160 bytes

Fixed Size 1218316 bytes
Variable Size 88082676 bytes
Database Buffers 75497472 bytes
Redo Buffers 2973696 bytes

此时恢复数据文件会提示wallet is not open错误
RMAN> restore datafile 4;

Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 11:05:00
ORA-19870: error reading backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

指定解密密码
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption

RMAN> restore datafile 4;

Starting restore at 09-JUL-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/rman_users_1_07-09_852462004.bak tag=TAG20140709T110003
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 09-JUL-14

RMAN> recover datafile 4;

Starting recover at 09-JUL-14
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:03

Finished recover at 09-JUL-14

RMAN> alter database open;
database opened

透明模式
该方式通过本地配置Wallet来实现本地备份集的安全,该加密方式适用于本地的备份安全维护。

Oracle Encryption Wallet的简单使用配置:

SQLNET.ORA指定Wallet的地址

[oracle@node1 ~]$ cd O R A C L E H O M E / n e t w o r k / a d m i n [ o r a c l e @ n o d e 1 a d m i n ] ORACLE_HOME/network/admin [oracle@node1 admin] visqlnet.ora
设置Wallet地址:
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/wallet)))
[oracle@node1 admin]$ mkdir -p /u01/wallet

SYS用户创建wallet
SQL> alter system set encryption key authenticated by “oracle”;
System altered.

SQL> !ls /u01/wallet
ewallet.p12

打开关闭Wallet的方法
SQL> alter system set encryption wallet open identified by “oracle”;
System altered.

SQL> alter system set encryption wallet close;
System altered.
如果报错
SQL> alter system set encryption wallet close;
alter system set encryption wallet close
*
ERROR at line 1:
ORA-28390: auto login wallet not open but encryption wallet may be open
那么执行
SQL> alter system set encryption wallet close identified by “oracle”;

System altered.

RMAN> configure encryption for database on;

new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored

RMAN> set encryption on;
executing command: SET encryption

此时如果关闭wallet,去备份数据库会报如下错误
RMAN> backup database format ‘/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak’;
Starting backup at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 07/09/2014 15:49:07
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open

打开wallet,再次执行备份即可
SQL> alter system set encryption wallet open identified by “oracle”;
System altered.

RMAN> backup database format ‘/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak’;
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
channel ORA_DISK_1: finished piece 1 at 09-JUL-14
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak tag=TAG20140709T155359 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:02:25
Finished backup at 09-JUL-14

Starting Control File and SPFILE Autobackup at 09-JUL-14
piece handle=/u01/FRA/orcl_dup/ORCL_DUP/autobackup/2014_07_09/o1_mf_s_852479786_9vsxforn_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 09-JUL-14

此时如果关闭wallet,rman中同样无法执行恢复数据库操作

SQL> alter system set encryption wallet close;
RMAN> restore database;

Starting restore at 09-JUL-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 16:21:43
ORA-19870: error reading backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

再次开启wallet,恢复得意顺利进行
SQL> alter system set encryption wallet open identified by “oracle”;
System altered.

RMAN> restore database;

Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852479639.bak tag=TAG20140709T155359
channel ORA_DISK_1: restore complete, elapsed time: 00:02:08
Finished restore at 09-JUL-14

混合模式
所谓混合模式,就是在进行备份时,即启用口令加密,又启动透明加密。在本地模式下,启用透明模式,在异地恢复时启用口令加密。

在设置加密密码时去掉后面的only即可
RMAN> set encryption on identified by “oracle”;
executing command: SET encryption

SQL> alter system set encryption wallet open identified by “oracle”;
System altered.

做一次混合模式的备份
RMAN> backup database format ‘/u01/rman_dest/orcl_whole_back_%p_%M-%D_%t.bak’;
Starting backup at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=149 devtype=DISK
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00001 name=/u01/app/oracle/oradata/orcl_dup/system01.dbf
input datafile fno=00003 name=/u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
input datafile fno=00004 name=/u01/app/oracle/oradata/orcl_dup/users01.dbf
input datafile fno=00005 name=/u01/app/oracle/oradata/orcl_dup/example01.dbf
input datafile fno=00008 name=/u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
input datafile fno=00006 name=/u01/app/oracle/oradata/orcl_dup/tts01.dbf
input datafile fno=00007 name=/u01/app/oracle/oradata/orcl_dup/tts02.dbf
channel ORA_DISK_1: starting piece 1 at 09-JUL-14
channel ORA_DISK_1: finished piece 1 at 09-JUL-14
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak tag=TAG20140709T163635 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:01:36
Finished backup at 09-JUL-14

Starting Control File and SPFILE Autobackup at 09-JUL-14
piece handle=/u01/FRA/orcl_dup/ORCL_DUP/autobackup/2014_07_09/o1_mf_s_852482292_9vszvopx_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 09-JUL-14

启动数据库到mount模式,进行测试
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down

RMAN> startup mount
connected to target database (not started)
Oracle instance started
database mounted

此时无法直接执行数据库的恢复
RMAN> restore database;
Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 16:41:05
ORA-19870: error reading backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

此时启用数据库的wallet或者设置解密口令都可以进行恢复:
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption
或者
SQL> alter system set encryption wallet open identified by “oracle”;
System altered.

RMAN> restore database;
Starting restore at 09-JUL-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to /u01/app/oracle/oradata/orcl_dup/system01.dbf
restoring datafile 00003 to /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
restoring datafile 00005 to /u01/app/oracle/oradata/orcl_dup/example01.dbf
restoring datafile 00006 to /u01/app/oracle/oradata/orcl_dup/tts01.dbf
restoring datafile 00007 to /u01/app/oracle/oradata/orcl_dup/tts02.dbf
restoring datafile 00008 to /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/orcl_whole_back_1_07-09_852482195.bak tag=TAG20140709T163635
channel ORA_DISK_1: restore complete, elapsed time: 00:01:46
Finished restore at 09-JUL-14

RMAN> recover database;
一切正常,启动数据库即可
RMAN> alter database open;
database opened

猜你喜欢

转载自blog.csdn.net/weixin_44524950/article/details/86574811
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022