我们首先测试去用错误的密码去打开一个united keystore
united keystore mode的pdb的tde_configuration参数是没有值的,如果tde_configuration有值的话,一种是配置好的isolated keystore mode的pdb,还有另外一种是本来这个pdb的key是存在于cdb的那个keystore的,只是不小心将这个tde_configuration参数修改错了,这算是一种假的,没有配置好的isolated keystore
01:46:43 SQL> show con_name;
CON_NAME
------------------------------
TDETEST2PDB10896
01:46:51 SQL> select status,keystore_mode from v$encryption_wallet;
STATUS KEYSTORE
------------------------------ --------
CLOSED UNITED
01:47:18 SQL> show parameter tde_configuration;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
tde_configuration string
01:47:24 SQL> administer key management set keystore open identified by "tdetest2pdb10896";
administer key management set keystore open identified by "tdetest2pdb10896"
*
ERROR at line 1:
ORA-46627: keystore password mismatch
Elapsed: 00:00:00.00
这个报错信息很清楚,就是密码错误,下面输入正确的密码,则可以将keystore open成功
01:50:52 SQL> administer key management set keystore open identified by "WelCome-123#";
keystore altered.
Elapsed: 00:00:00.02
01:52:00 SQL> select status,keystore_mode from v$encryption_wallet;
STATUS KEYSTORE
------------------------------ --------
OPEN UNITED
Elapsed: 00:00:00.01
01:52:20 SQL> alter pluggable database open read write instances=all;
Pluggable database altered.
Elapsed: 00:00:04.10
01:52:45 SQL> column name format a20
01:52:50 SQL> select inst_id,name,open_mode from gv$pdbs;
INST_ID NAME OPEN_MODE
---------- -------------------- ----------
1 TDETEST2PDB10896 READ WRITE
2 TDETEST2PDB10896 READ WRITE
Elapsed: 00:00:00.04
tde在open isolated keystore时,如果输错密码,则只报错说打不开wallet,但不报密码错误,这样就不好排查问题,不好解决问题
01:55:01 SQL> select status,keystore_mode from v$encryption_wallet;
STATUS KEYSTORE
------------------------------ --------
CLOSED ISOLATED
Elapsed: 00:00:00.02
01:57:48 SQL> show parameter tde_configuration;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
tde_configuration string keystore_configuration=file
01:34:19 SQL> administer key management set keystore open identified by "WelCome-123";
administer key management set keystore open identified by "WelCome-123"
*
ERROR at line 1:
ORA-28353: failed to open wallet
Elapsed: 00:00:00.02
01:34:38 SQL> administer key management set keystore open identified by "tdetest2pdb10888";
keystore altered.
Elapsed: 00:00:00.06
01:56:21 SQL> select status,keystore_mode from v$encryption_wallet;
STATUS KEYSTORE
------------------------------ --------
OPEN ISOLATED
Elapsed: 00:00:00.01
01:56:35 SQL> alter pluggable database open read write instances=all;
Pluggable database altered.
Elapsed: 00:00:02.46
01:57:37 SQL> select inst_id,name,open_mode from gv$pdbs;
INST_ID NAME OPEN_MODE
---------- -------------------- ----------
1 TDETEST2PDB10888 READ WRITE
2 TDETEST2PDB10888 READ WRITE
Elapsed: 00:00:00.03