ORACLE重要数据库安全备份方案
对于重要的oracle数据库,需要及时进行备份,并且在发生故障或数据库遭到攻击的时候,能以最快的速度恢复数据库到以前任意时间点,如何实现这一需求呢?
一、开启数据库闪回功能,通过设置闪回时间范围,可以将数据库快速恢复到以前任意时间点。
二、通过rman热备功能,定时将数据库进行备份,在需要的时候,可以将数据库恢复到以前某一时间点,或在另外一台服务器上恢复数据库,不影响原数据库的使用。
实验方案:
建立一台nfs共享文件服务器,在oracle数据库上新建挂载点:/home/rmanbak/model_database,连接到nfs共享文件服务器共享目录。一台catalog恢复目录服务器,IP地址:192.168.4.152 实例名:catalog1,将oracle数据库定时备份,备份文件存放到nfs共享服务器上,数据库的备份信息存放到catalog目录服务器上。
以上环境能实现以下场景需求:
1、当数据库遭到攻击,数据被恶意修改、删除时,使用闪回功能快速将数据库恢复到以前某一时间点。
2、当数据库物理损坏,不能启动时,使用rman备份的数据异机恢复数据库。
实验步骤:
一、开启归档:
[oracle@oracle]sqlplus / as sysdba
Sql>shutdown immediate;
Sql>startup mount
Sql>ALTER DATABASE ARCHIVELOG;
设置归档目录:
Sql>alter system set log_archive_dest_state_1=enable scope=both;
Sql>alter system set log_archive_dest_1=‘location=/home/oracle/oradata/DATAMODEL/archivelog/’ scope=both;
Sql>alter database open;
相关知识:
查看数据库是否归档:
Sql>archive log list
Sql>SELECT log_mode FROM v
d
a
t
a
b
a
s
e
查看
s
p
f
i
l
e
归档参数:
S
q
l
>
S
E
L
E
C
T
n
a
m
e
,
v
a
l
u
e
F
R
O
M
v
database 查看spfile归档参数: Sql>SELECT name, value FROM v
database查看spfile归档参数:Sql>SELECTname,valueFROMvparameter WHERE name LIKE ‘%archive%’;
二、开启闪回:
修改闪回目录路径:
Sql>alter system set db_recovery_file_dest=‘/home/oracle/oradata/DATAMODEL/db_recovery_file_dest’ scope=both;
修改闪回目录大小:
Sql>alter system set db_recovery_file_dest_size=60G scope=both;
修改闪回保留时间:以分钟为单位,默认为1440分钟,即一天 7天10080
Sql>alter system set db_flashback_retention_target=10080 scope=both;
激活闪回:
Sql>alter database flashback on
相关知识:
查看是否开启闪回:
Sql>select flashback_on from v$database;
查看闪回信息:
Sql>show parameter recover
三、Rman环境设置:
(一) 开启块跟踪:
SQL>alter database enable block change tracking
或者:
SQL>alter database enable block change tracking using file ‘/home/oracle/oradata/DATAMODEL/blocktracking/change_tracking.f’;
相关知识:
查看跟踪状态:
SQL>select status, filename from v$block_change_tracking;
禁用Block Change Tracking:
SQL> alter database disable block change tracking;
(二) 调整rman备份参数:
[oracle@oracle]rman target / catalog rmanuser/dhz770320@192.168.4.152/catalog1;
rman>show all;
rman>configure rman output keep for 30 days;
rman>configure controlfile autobackup off;
(三) 注册rman数据库:
rman>register database;
rman>quit;
四、手动备份:
(一) 备份密码文件:
[oracle@oracle]cp /opt/oracle/product/19c/dbhome_1/dbs/orapwdatamodel /home/rmanbak/model_database/orapwdatamodel
[oracle@oracle]rman target / catalog rmanuser/dhz770320@192.168.4.152/catalog1;
(二) 备份参数文件:
RMAN>backup spfile format ‘/home/rmanbak/model_database/spfile_%d_%I_%T_%t_%s_%p.log’;
(三) 备份数据文件(0级备份):
RMAN>backup incremental level 0 database format ‘/home/rmanbak/model_database/data_inc0_%d_%I_%T_%t_%s_%p.dbf’;
(四) 备份控制文件:
RMAN>backup current controlfile format ‘/home/rmanbak/model_database/control_%d_%I_%T_%t_%s_%p.ctl’;
(五) 备份归档日志文件:
RMAN>backup archivelog all format ‘/home/rmanbak/model_database/archivelog_%d_%I_%T_%t_%s_%p.ora’;
(六) 备份数据文件(1级增量备份):
RMAN>backup incremental level 1 database format ‘/home/rmanbak/model_database/data_inc1_%d_%I_%T_%t_%s_%p.dbf’;
五、自动备份:
创建自动备份脚本目录:
[oracle@oracle]mkdir -p /home/oracle/oradata/DATAMODEL/backupscript
定时备份脚本:
(一) 0级备份参数文件及执行脚本:
- 制作参数文件:
[oracle@oracle]vim /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level0_backup.rcv
粘贴以下内容:
connect target / ;
connect catalog rmanuser/dhz770320@192.168.4.152/catalog1;
run{
allocate channel d1 type disk;
allocate channel d2 type disk;
backup spfile format ‘/home/rmanbak/model_database/spfile_%d_%I_%T_%t_%s_%p.log’;
backup incremental level 0 database format ‘/home/rmanbak/model_database/data_inc0_%d_%I_%T_%t_%s_%p.dbf’;
backup current controlfile format ‘/home/rmanbak/model_database/control_%d_%I_%T_%t_%s_%p.ctl’;
backup archivelog from time “sysdate-8” format ‘/home/rmanbak/model_database/archivelog_%d_%I_%T_%t_%s_%p.ora’;
release channel d2;
release channel d1;
} - 制作定时执行脚本文件:
[oracle@oracle]vim /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level0_backup.sh
粘贴以下内容:
#!/bin/bash
#.bash_profile
#Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
#User specific environment and startup programs
export ORACLE_HOSTNAME=oracle
export ORACLE_UNQNAME=datamodel
export ORACLE_SID=datamodel
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=
O
R
A
C
L
E
B
A
S
E
/
p
r
o
d
u
c
t
/
19
c
/
d
b
h
o
m
e
1
e
x
p
o
r
t
O
R
A
C
L
E
I
N
V
E
N
T
O
R
Y
=
ORACLE_BASE/product/19c/dbhome_1 export ORACLE_INVENTORY=
ORACLEBASE/product/19c/dbhome1exportORACLEINVENTORY=ORACLE_BASE/oraInventory
export PATH=
O
R
A
C
L
E
H
O
M
E
/
b
i
n
:
ORACLE_HOME/bin:
ORACLEHOME/bin:PATH
export LD_LIBRARY_PATH=KaTeX parse error: Expected group after '_' at position 198: …/orapwdatamodel_̲{dateTime}
rman cmdfile=/home/oracle/oradata/DATAMODEL/backupscript/datamodel_level0_backup.rcv msglog=/home/oracle/oradata/DATAMODEL/backupscript/datamodel_level0_backup_${dateTime}.log
(二) 1级备份参数文件及执行脚本:
- 制作参数文件:
[oracle@oracle]vim /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level1_backup.rcv
粘贴以下内容:
connect target /
connect catalog rmanuser/dhz770320@192.168.4.152/catalog1;
run{
allocate channel d1 type disk;
allocate channel d2 type disk;
backup incremental level 1 database format ‘/home/rmanbak/model_database/data_inc1_%d_%I_%T_%t_%s_%p.dbf’;
backup current controlfile format ‘/home/rmanbak/model_database/control_%d_%I_%T_%t_%s_%p.ctl’;
backup archivelog from time “sysdate-1” format ‘/home/rmanbak/model_database/archivelog_%d_%I_%T_%t_%s_%p.ora’;
release channel d2;
release channel d1;
}
- 制作定时执行脚本文件:
vim /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level1_backup.sh
粘贴以下内容:
#!/bin/bash
#.bash_profile
#Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
#User specific environment and startup programs
export ORACLE_HOSTNAME=oracle
export ORACLE_UNQNAME=datamodel
export ORACLE_SID=datamodel
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=
O
R
A
C
L
E
B
A
S
E
/
p
r
o
d
u
c
t
/
19
c
/
d
b
h
o
m
e
1
e
x
p
o
r
t
O
R
A
C
L
E
I
N
V
E
N
T
O
R
Y
=
ORACLE_BASE/product/19c/dbhome_1 export ORACLE_INVENTORY=
ORACLEBASE/product/19c/dbhome1exportORACLEINVENTORY=ORACLE_BASE/oraInventory
export PATH=
O
R
A
C
L
E
H
O
M
E
/
b
i
n
:
ORACLE_HOME/bin:
ORACLEHOME/bin:PATH
export LD_LIBRARY_PATH=KaTeX parse error: Expected group after '_' at position 198: …/orapwdatamodel_̲{dateTime}
rman cmdfile=/home/oracle/oradata/DATAMODEL/backupscript/datamodel_level1_backup.rcv msglog=/home/oracle/oradata/DATAMODEL/backupscript/datamodel_level1_backup_${dateTime}.log
(三) 定时服务:
使用crontab定时执行
编辑定时任务:
[oracle@oracle]crontab -e
粘贴以下内容:
0 0 * * 1 sh /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level0_backup.sh (每周一0点执行0级备份)
0 0 * * 2,3,4,5,6,7 sh /home/oracle/oradata/DATAMODEL/backupscript/datamodel_level1_backup.sh (除了星期1每天执行1级增量备份)
重启定时任务(root用户下):
[root@oracle]systemctl restart crond.service //重启服务
相关知识:
#Example of job definition:
#.---------------- minute (0 - 59)
#| .------------- hour (0 - 23)
#| | .---------- day of month (1 - 31)
#| | | .------- month (1 - 12) OR jan,feb,mar,apr …
#| | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
#| | | | |
#* * * * * user-name command to be executed
查询当前用户定时任务:
[oracle@oracle]crontab -l
服务控制:
systemctl start crond.service //启动服务
systemctl stop crond.service //关闭服务
systemctl restart crond.service //重启服务
systemctl reload crond.service //重新载入配置
systemctl status crond.service //查看状态
//或者
crond start
crond stop
crond restart
crond reload
crond status
学习交流:
QQ群号:957883494
群主QQ:3683801473
扫一扫
114
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
