测试local clone和remote clone基于设置TDE的pdb

最新推荐文章于 2024-06-29 22:36:32 发布
最新推荐文章于 2024-06-29 22:36:32 发布
阅读量323 收藏
点赞数
分类专栏: orale 文章标签: oracle
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wgz7747147820/article/details/111699226
版权

在一个配置了TDE 的cdb环境里,测试一下local clone和remote clone
Source CDB :tdetest2
Target CDB:tdetest3

先创建PDB tdetest2pdb10501

03:18:48 SQL> create pluggable database tdetest2pdb10501 admin user pdbadmin identified by tdetest2;

Pluggable database created.

Elapsed: 00:00:03.50

因为默认这个pdb的TDE没有配置master encryttion key,下面的步骤是创建master encryption key
03:20:18 SQL> alter session set container=tdetest2pdb10501;

Session altered.

Elapsed: 00:00:00.01
03:20:28 SQL> select status from v$encryption_wallet;

STATUS
------------------------------
CLOSED

Elapsed: 00:00:00.00
03:21:00 SQL> administer key management set keystore open identified by "WelCome-123#";

keystore altered.

Elapsed: 00:00:00.09
03:21:24 SQL> SELECT status from v$encryption_wallet;

STATUS
------------------------------
OPEN_NO_MASTER_KEY

Elapsed: 00:00:00.01
03:21:35 SQL> administer key management set key identified by "WelCome-123#" with backup;

keystore altered.

Elapsed: 00:00:00.56
03:22:06 SQL> select status from v$encryption_wallet;

STATUS
------------------------------
OPEN

Elapsed: 00:00:00.01

local clone很简单,就是创建一个基于tdetest2pdb10501的pdb
03:31:44 SQL> create pluggable database tdetest2pdb10501_clone from tdetest2pdb10501;

Pluggable database created.

Elapsed: 00:00:08.67
新clone的pdb需要open keystore及open pdb
03:33:34 SQL> alter session set container=tdetest2pdb10501_clone;

Session altered.

Elapsed: 00:00:00.00
03:34:19 SQL> administer key management set keystore open identified by "WelCome-123#";

keystore altered.

Elapsed: 00:00:00.02
03:34:37 SQL> select status from v$encryption_wallet;

STATUS
------------------------------
OPEN

Elapsed: 00:00:00.01
03:34:45 SQL> alter pluggable database open read write instances=all;

Pluggable database altered.

Elapsed: 00:00:07.40
03:35:12 SQL> select name,open_mode from gv$pdbs;

NAME			       OPEN_MODE
------------------------------ ----------
TDETEST2PDB10501_CLONE	       READ WRITE
TDETEST2PDB10501_CLONE	       READ WRITE

Elapsed: 00:00:00.02

新clone的pdb是和原来的pdb共享一个master encryption key的

03:36:36 SQL> alter session set container=cdb$root;

Session altered.

Elapsed: 00:00:00.00
03:36:45 SQL> select key_id,activating_pdbname from v$encryption_keys where activating_pdbname in ('TDETEST2PDB10501','TDETEST2PDB10501_CLONE');

KEY_ID									       ACTIVATING_PDBNAME
------------------------------------------------------------------------------ ------------------------------
ASJeSux/109bvyb1H9ddqKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA			       TDETEST2PDB10501

Elapsed: 00:00:00.10

我们可以看到新的pdb是在v$encryption_keys查不到的,它和原来的pdb共享一个master encryption key

对新clone的pdb做rekey操作

06:18:48 SQL> connect sys/tdetest2@tdetest2pdb10501_clone as sysdba
Connected.
06:24:18 SQL> administer key management set key identified by "WelCome-123#" with backup;

keystore altered.

Elapsed: 00:00:00.85
06:32:09 SQL> alter session set container=cdb$root;

Session altered.

Elapsed: 00:00:00.00


06:33:28 SQL> select key_id,activating_pdbname from v$encryption_keys where activating_pdbname in ('TDETEST2PDB10501_CLONE','TDETEST2PDB10501');

KEY_ID									       ACTIVATING_PDBNAME
------------------------------------------------------------------------------ ------------------------------
ASJeSux/109bvyb1H9ddqKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA			       TDETEST2PDB10501
AQqQPTCSWE+Yv2jPkzr2E0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAA			       TDETEST2PDB10501_CLONE

现在就可以查到了,做了rekey操作之后,就可以查到了


06:13:21 SQL> create public database link tdetest2pdb10501_clone_link connect to pdbadmin identified by tdetest2 using 'tdetest2pdb10501_clone';

Database link created.

Elapsed: 00:00:00.05

06:24:34 SQL> create pluggable database tdetest3pdb10501_clone from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3;
create pluggable database tdetest3pdb10501_clone from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3
*
ERROR at line 1:
ORA-17628: Oracle error 46659 returned by remote Oracle server
ORA-46659: master keys for the given PDB not found


Elapsed: 00:00:00.39

错误ora-46659的原因是因为source pdb clone之后没有做rekey操作,解决这个错误有两种方法,一种就是做source pdb做rekey操作,另外一种就是在这个remote clone 后面加including shared key 子句

加including shared key子句会解决这个错误ora-46659

06:27:34 SQL> create pluggable database tdetest3pdb10501_clone from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3 including shared key;

Pluggable database created.

Elapsed: 00:00:11.43


或者对source pdb进行rekey操作后,也可以解决这个问题
在remote clone上指定的keystore密码是target cdb这边的keystore 密码

06:40:15 SQL> create pluggable database tdetest3pdb10501_clone2 from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3;

Pluggable database created.

Elapsed: 00:00:11.90

对新创建的pdb做rekey操作
remote clone的pdb就算不做rekey操作,也是可以在v$encryption_keys里面查到,但还是建议做rekey操作

06:44:08 SQL> administer key management set key force keystore identified by tdetest3 with backup;

keystore altered.

Elapsed: 00:00:00.99

06:25:28 SQL> create pluggable database tdetest3pdb10501_clone from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3 including shared key;
create pluggable database tdetest3pdb10501_clone from tdetest2pdb10501_clone@tdetest2pdb10501_clone_link keystore identified by tdetest3 including shared key
*
ERROR at line 1:
ORA-65169: error encountered while attempting to copy file +D001/TDETEST2/B7471E8E84EE142CE053D629850A1E83/DATAFILE/sysaux.1898.1060054345
ORA-17627: ORA-12154: TNS:could not resolve the connect identifier specified
ORA-17629: Cannot connect to the remote database server


Elapsed: 00:00:03.90

上面这个错误的原因是因为连接串没有在所有的node上配置,需要将连接串在所有的node上配置
wgz7747147820
关注
专栏目录
git clone出现fatal: unable to access: SSL certificate problem: certificate has expired的解决方案
weixin_43178406的博客
06-06 10万+
本文主要介绍了git clone出现fatal: unable to access: SSL certificate problem: certificate has expired的解决方案,希望能对使用git的同学们有所帮助。 文章目录 1. 问题描述 2. 解决方案
git clone出现fatal: unable to access Failed to connect to github.com port 443: Timed out解决方案
weixin_43178406的博客
06-18 9万+
本文主要介绍了git clone出现fatal: unable to access Failed to connect to github.com port 443: Timed out解决方案,希望能对使用git的同学们有所帮助。 文章目录 1. 问题描述 2. 解决方案
Oracle 12C -- clone a remote pdb
weixin_34113237的博客
10-31 110
Connect to the remote CDB and prepare the remote PDB for cloning. SQL> select con_id,dbid,name,open_mode from v$pdbs; CON_ID DBID NAME OPEN_MODE ---------...
pdb remote clone
wgz7747147820的博客
07-08 370
第一步: 给source端的system赋予create pluggable database权限,否则在remoe clone会碰到下前面的错误 SQL> create pluggable database yudianpdb10001_clone from yudianpdb10001@yudianpdb10001_link; create pluggable database yudianpdb10001_clone from yudianpdb10001@yudianpdb10001_link
Oracle 19C PDB迁移报错 ORA-17628 error 65338 returned by remote Oracle server
最新发布
weixin_43937159的博客
06-29 134
3、使用数据库链接(dblink)从一个容器数据库(CDB)迁移可插拔数据库(PDB)到另一个CDB时,创建的dblink需要指向源CDB的服务名。这个服务名是源数据库对外提供的访问入口,它让目标数据库能够通过网络定位并连接到源数据库。4、检查两边用户的权限,是否有创建PDB的权限。5、源库CDB是否处于本地 UNDO 模式。2、注意源库需要开启归档模式。1、检查两边数据库的字符集。
remote clone的时候碰到的几个问题
wgz7747147820的博客
09-12 244
默认system用户是没有create pluggable database这个权限的 需要赋予system这个权限 SQL> create public database link cdbs5_link1 connect to system identified by cdbs5 using 'cdbs5'; Database link created. SQL> select * from dual@cdbs5_link1; D - X SQL> create plugg...
oracle如何enable一个pdbTDE
wgz7747147820的博客
08-01 306
oracle如何enable一个pdbtde
分享一个最简便的Oracle PDB克隆/迁移方式
gollen_gou的博客
05-11 651
Oracle PDB在线克隆,主库业务无需停机,适用场景非常广泛。
windows下Idea使用git clone failed. Could not read from remote repository.
10-14
主要介绍了windows下Idea使用git clone failed. Could not read from remote repository.,本文给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account 解决方案
weixin_43178406的博客
09-26 9万+
本文主要介绍了remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of password解决方案,希望能对使用git clone的同学们有所帮助。 文章目录 1. 问题描述 2. 解决方案
linux git clone出现fatal: unable to access Failed to connect to github.com port 443: Timed out解决方案
热门推荐
herosunly的博客
04-09 12万+
本文主要介绍了linux git clone出现fatal: unable to access Failed to connect to github.com port 443: Timed out解决方案,希望对在Linux环境下使用git的同学有所帮助。 文章目录 1. 问题描述 2. 解决方案
ORA-17628: Oracle error 19505 returned by remote Oracle server
喝醉酒的小白
02-23 5474
备库控制文件路径
搭建dg在duplicate过程中报错ORA-17628: Oracle error 19505 returned by remote Oracle server
zongzizz的博客
11-17 1044
搭建dg在duplicate过程中报错ORA-17628: Oracle error 19505 returned by remote Oracle server
oracle 11g active dataguard,oracle 11gR2 active dataguard duplicate database ORA-17628
weixin_35662417的博客
04-12 599
搭建adg的时候 报错ORA-17628,检查备份脚本信息,发现convert 涉及的目录没有创建,比如datafile onlinelog tempfile 目录相当于datafile copy 无法copy 应该报个linux 的no directory 就好了创建后 重新startup nomount force 重新duplicate 就ok了rman target ...
二、Git远程操作详解
怪蜀黍
12-29 1495
出处:http://www.ruanyifeng.com/blog/2014/06/git_remote.html 作者: 阮一峰 日期: 2014年6月12日 Git是目前最流行的版本管理系统,学会Git几乎成了开发者的必备技能。 Git有很多优势,其中之一就是远程操作非常简便。本文详细介绍5个Git命令,它们的概念和用法,理解了这些内容,你就会完全掌握Git远程
活动复制数据库时由于控制文件路径不存在报错ORA-17628
cqszpx的博客
08-02 998
在使用活动复制方式复制数据库搭建物理备库时报错: RMAN-03002:failure of Duplicate Db command at 05/14/2021 12:07:58 RMAN-05501:aborting duplication of target database RMAN-03015:error occurred in stored script Memory Script RMAN-03009:failure of backup command on ORA_DISK_1 .
git remote add和git clone 的区别
Zero丶轩
10-15 4287
两者之间的区别 区别 git remote add 只是在您的git config中创建一个条目,指定特定URL的名称。你必须有一个现有的git仓库来使用它。需要init git clone通过复制位于您指定的URI上的现有git存储库来创建新的git存储库。不需要init 配置 Git - 本地初始化项目 - git remote 链接地址 https://blog.csdn.net/m0_37712637/article/details/109091808 Git - 本地初始化项目
DG中DUPLICATE时报ORA-17628错误
08-09 762
在搭建dg时,将DUPLICATE的过程中,在脚本中指定了文件转换路径,也确认路径无误,可在最后报错,错误如下: RMAN-00571:================================...
Git命令详解与Eclipse中使用EGit和GitClone
本文将深入介绍Git的基本原理和常用命令,同时涵盖如何在Eclipse中使用EGit工具以及如何执行`git clone`操作。通过理解Git的状态转换图,我们可以更好地掌握Git的工作流程。此外,还将讨论如何初始化Git仓库,设置...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值