Archiv des Autor: Martin Berger

Oracle Database Backup Service – Encrypt your 12.2 Database Backups to the Cloud

The Oracle RMAN backup encryption is necessary if you want to backup your database into the Oracle cloud. In Oracle 12c, you have three methods available to encrypt an Oracle RMAN backup:

  • with a passphrase
  • with a master encryption key
  • hybrid with a passphrase and an encryption key

On docs.oracle.com, the basic setup is described here: https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/configuring-encryption-backups.html#GUID-4A1F5CF5-7EAF-4D71-9B7F-B46412F552CE

In this blog post, I show you how to configure your database environment with a master encryption key and a keystore. I use this solution to to backup and recovery to and into the Oracle cloud. And in the cloud, I don’t like to type in passwords manually for every action or write passwords in backup and restore scripts.

There are also some issues reports like in My Oracle Support Note TDE Wallet Problem in 12c: Cannot do a Set Key operation when an auto-login wallet is present (Doc ID 1944507.1).

Here are steps to create an autologin wallet.

Configure SQLNET.ora in $TNS_ADMIN to use a Keystore

Create Keystore as SYSDBA

Open Keystore

The status is set to OPEN_NO_MASTER_KEY.

Set Master Key

Now the master key has to defined. When you have already defined a wallet earlier and deleted the keys,  you have to set the undocumented parameter to set the master key again. This works here too to set the key. Otherwise you get an ORA-28374: typed master key not found in wallet error. See Master Note For Transparent Data Encryption ( TDE ) (Doc ID 1228046.1) for further information.

Now the status is set to OPEN.

Activate Auto Login

Restart the Database

Verify if the keystore is available and WALLET_TYPE is AUTOLOGIN.

Configure RMAN for Encryption

RMAN Backup Test

A simple RMAN controlfile backup into the Oracle cloud (OPC Backup Module is already configured).

Error message if you want to backup into the Oracle cloud and the encryption is not configured correctly:

Backup Verification in V$BACKUP_PIECE – Column ENCRYPTED

Links

http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf

http://www.oracle.com/technetwork/database/security/index-095354.html

Oracle Database Appliance X6 – resize your /u01

Basically on an ODA X6-L the directory /u01 has the size of 100 GB. With seven different ORACLE_HOME directories for the Oracle databases and the Grid Infrastructure software, there is no disk space left for patching the Oracle Database Appliance. ODA patches require between 13 GB and 15 GB free space on /u01 for the new software. Just FYI – during the patch process a new stage directory called /u01/patching is created where the new software is temporarily located.

Patch Apply failed – Not enough free Space

If there is not enough free space available, update processes like updating a database home fail.

Verify the actual Situation and the Disk Configuration

There is not enough free space for the update process – but we see that /u01 is a logical volume. 

Let’s verify the physical volume for free space, we can see 7214 free physical extents are available.

This is the actual size of the logical volume, the actual logical volume size is 100 GB.

Extend /u01

Now we extend online the LVM with the lvextend command from 100 GB to 150 GB.

The logical volume is now 150 GB.

Finally the filesystem has to be resized.

Now we have enough space for patching.

Summary

Resizing the /u01 on an Oracle Database Appliance is very easy and straightforward. There are no special actions required, it’s just a logical volume, no downtime required. And there is more space left on the physical volume for other resize actions.

Get your Oracle 18c Instance in the Oracle Infrastructure Cloud OCI Classic

Do you want to work with Oracle 18c in the Oracle Cloud but the database version is not selectable in the webinterface? You can create an 18c instance in the command-line interface with the PaaS Service Manager (psm). The installation is very well described here, for example you need Python and OpenSSL. My personal installation of the psm executable runs in the Windows 10 integrated Ubuntu system.

Link to the PaaS Service Manager: https://docs.oracle.com/en/cloud/paas/java-cloud/pscli/abouit-paas-service-manager-command-line-interface.html

After the successful psm setup, you can create an DBaaS instance with this command

The file db18c-ee.json contains all the information you need to create an 18c instance. Here is my example – I have created a cloud storage container called dbcsbackup in advance because I want to use the OCI backup service.

Some minutes later you can login by terminal and user SQL*Plus. Oracle 18c: Here we are!

And in the OCI dashboard it looks fine too.

Addtional Info: If you want a Standard Edition, just replace the line “edition”: “SE”, happy 18c.