sup-cloudb
commented
2 years ago SESSION_ID
/var/opt/oracle/log/pilot_checkpoints/root/convert_tde_keystore
Open sup-cloudb opened 2 years ago
sup-cloudb
commented
2 years ago SESSION_ID
/var/opt/oracle/log/pilot_checkpoints/root/convert_tde_keystore
sup-cloudb
commented
2 years ago Migrar via console de FILE TO HSM e com o OCI INSTALADO, deixa o banco em estado updating.
sup-cloudb
commented
2 years ago criando um banco apontando para o vault sem o OCI CLI no root......NAO ROLOU, DEU ERRO E TIVE QUE TERMINAR.
sup-cloudb
commented
2 years ago ja o banco com wallet local foi criado com sucesso, sem o oci cli no root.
sup-cloudb
commented
2 years ago VIA CONSOLE, move o key de local PARA HSM, sem o OCI CLI instalado no ROOT, funciona de boa.
sup-cloudb
commented
2 years ago Dar um Terminate em um DBCS nao apaga a KEY NO VAULT.
sup-cloudb
commented
2 years ago Fiz um drop no banco de dados via dbaascli em um db que estava com status de UPDATING.
dbaascli database delete --dbname BDHSM2^C-deleteArchiveLogs true --deleteBackups true --waitForCompletion true
sup-cloudb
commented
2 years ago Limpei tudo, so deixei o bin no root e mandei criar o banco pela CONSOLE e funcionou.
sup-cloudb
commented
2 years ago se tiver alguma "sujeira" como : pasta lib no usuario root, ele nao consegue criar o banco usando vault pela CONSOLE
sup-cloudb
commented
2 years ago Criacao do banco usando o key BRSAFEPR2 com sucesso pela CONSOLE
sup-cloudb
commented
2 years ago POLICY NO AUTONOMOUS POLICY PARA O DATABASE MANAGEMENT POLICY PARA O DATA SAFE
sup-cloudb
commented
2 years ago ROTATE DAS KEYS, sem nenhum (ROOT & ORACLE) CLI instalado: [root@exa1brscan-8ilfa1 ~]# dbaascli tde rotate masterkey --dbname BDHSM15 DBAAS CLI version 22.3.1.0.1 Executing command tde rotate masterkey Enter keystore password:
Rotating Master Key with password provided.... INFO: Please check logfile /var/opt/oracle/log/BDHSM15/tde/tde_2022-08-24_09:16:56.707232102363.log for details. Precheck for rotate masterkey : Successful INFO: Rotating Masterkey for BDHSM15 ..... Successfully rotated TDE masterkey
[root@exa1brscan-8ilfa1 ~]# dbaascli tde listKeys --dbname BDHSM15 DBAAS CLI version 22.3.1.0.1 Executing command tde listKeys INFO: Logfile Location: /var/opt/oracle/log/listkeys/listkeys_2022-08-24_09:19:18.907809117907.log [ { "creation_date" : "24-AUG-22", "age_days" : "0", "key" : "0699DA61BB87604F7DBFA1D10DCF91CA1D" }, { "creation_date" : "24-AUG-22", "age_days" : "0", "key" : "06038DC08DB88D4F2DBF9E49DE7CC6C688" }, { "creation_date" : "24-AUG-22", "age_days" : "0", "key" : "068F1CF7601CB84F32BFD046999488C875" } ]
[root@exa1brscan-8ilfa1 ~]# dbaascli tde getHSMKeys --dbname BDHSM15 DBAAS CLI version 22.3.1.0.1 Executing command tde getHSMKeys Getting Primary KMS key for database "BDHSM15" Getting Secondary KMS keys for database "BDHSM15" { "secondary_kms_key_ocid_list" : [], "primary_kms_key_ocid" : "ocid1.key.oc1.sa-saopaulo-1.czrpnjaaaacna.abtxeljr5fymvu4bmgldug7ksn657eioamproqxf2534h2ygtqupulsho2aq", "active_master_keys" : { "068F1CF7601CB84F32BFD046999488C875" : { "con_name" : "PDB1", "master_key_id" : "068F1CF7601CB84F32BFD046999488C875", "con_id" : "3", "key_version_ocid" : "ocid1.keyversion.oc1.sa-saopaulo-1.czrpnjaaaacna.eceummc46haaa.abtxeljrig6mn7p73tuldf7xcp3zfsqgxvlw2p522lycbg6aqogeu6lc63na" }, "06038DC08DB88D4F2DBF9E49DE7CC6C688" : { "con_name" : "CDB$ROOT", "master_key_id" : "06038DC08DB88D4F2DBF9E49DE7CC6C688", "con_id" : "1", "key_version_ocid" : "ocid1.keyversion.oc1.sa-saopaulo-1.czrpnjaaaacna.eceummdbntaaa.abtxeljrsg72ot5eycxkh6yekckots55kbqox55znygq5wwor7mgzpoeihfa" } } }
[root@exa1brscan-8ilfa1 ~]# dbaascli tde status --dbname BDHSM15
DBAAS CLI version 22.3.1.0.1
Executing command tde status
TDE is configured on this instance with:
keystore login: auto
keystore status:
Instance is a CDB with PDB's: PDB1
TDE configuration matches with CDB on: PDB1
[root@exa1brscan-8ilfa1 ~]# dbaascli tde getPrimaryHSMKey --dbname BDHSM15 DBAAS CLI version 22.3.1.0.1 Executing command tde getPrimaryHSMKey Getting Primary KMS key for database "BDHSM15" ocid1.key.oc1.sa-saopaulo-1.czrpnjaaaacna.abtxeljr5fymvu4bmgldug7ksn657eioamproqxf2534h2ygtqupulsho2aq
sup-cloudb
commented
2 years ago Nao deu certo fazer o export :(
[root@exa1brscan-8ilfa1 ~]# dbaascli tde exportTDEKey --dbname BDHSM15 --tdeKeyFilePath /tmp/tdexport15.p12 DBAAS CLI version 22.3.1.0.1 Executing command tde exportTDEKey --tdeKeyFilePath /tmp/tdexport15.p12 Job id: c0026e44-cad7-46e2-9f71-098a9961f497 Enter TDE_KEY_FILE_SECRET:
Enter TDE_KEY_FILE_SECRET (reconfirmation):
TDE_WALLET_PASSWORD_PROMPT ***** [FATAL] [DBT-08123] Export TDE keys operation is not supported on 'OKV' based TDE keystore type [FATAL] [DBAAS-60071] Operation has failed with following error message. [FATAL] [DBT-08123] Export TDE keys operation is not supported on 'OKV' based TDE keystore type SUMMARY:
sup-cloudb
commented
2 years ago VIA CONSOLE - Criando um DATABASE COM WALLET LOCAL
Pasta para ver todos os logs 👍 /var/opt/oracle/dbaastools_base/jobs