search

sup-cloudb / kms

Bancos exacs utilizando KMS
0 stars 0 forks source link

novo #1

Open sup-cloudb opened 2 years ago

sup-cloudb commented 2 years ago

O clone dos PDBS nao funciona com KMS :

image

Cada PDB criado, se cria tambm o service com o seguinte πŸ‘

image

Converter TDE em HSM πŸ‘ . Necessario 15 minutos.

image

Funciona migrar de TDE para HSM ou TDE para software

image

[root@dbn-exad-mpf-0pjc01 ~]# dbaascli tde FileToHsm --kmskeyOCID ocid1.key.oc1.sa-saopaulo-1.czrpcl44aabdg.abtxeljrh3ypdyja7kwyzhig4wmg5w4pjcza3wcxwsdkccnpaog3cd5dihxq --dbname DB0812 DBAAS CLI version 22.3.1.0.1 Executing command tde FileToHsm --kmskeyOCID ocid1.key.oc1.sa-saopaulo-1.czrpcl44aabdg.abtxeljrh3ypdyja7kwyzhig4wmg5w4pjcza3wcxwsdkccnpaog3cd5dihxq Job id: a252cb8e-633d-4d59-9333-6f27f8daf819 Loading PILOT... Session ID of the current execution is: 63 Log file location: /var/opt/oracle/log/DB0812/tde/fileToHSM/pilot_2022-08-09_11-23-30-PM_386072

Running Plugin_initialization job Completed Plugin_initialization job

Running Perform_dbca_prechecks job Completed Perform_dbca_prechecks job

Running Validate_tablespaces_status job Completed Validate_tablespaces_status job

Running Convert_tde_keystore job Completed Convert_tde_keystore job

Running Update_creg job Completed Update_creg job

Running Backup_Database job Completed Backup_Database job dbaascli execution completed [root@dbn-exad-mpf-0pjc01 ~]#

image

sup-cloudb commented 2 years ago

Workaround para o bug πŸ‘

@ workaround for this issue: @ - create libkms-tde directory in /var/opt/oracle/log as oracle user

sup-cloudb commented 2 years ago

O .bash_profile do usuario root deve estar limpo, in fabric. quando se coloca as variaveis de proxy, da erro :

Result of node:localnode [Execution of Plugin_initialization failed, [FATAL] [DBAAS-60022] Command '/u02/app/oracle/product/12.2.0/dbhome_3/bin/srvctl 'config' 'database' '-db' 'BDHSM1_pqn_gru' ' execution has failed on nodes [localnode]., ACTION: Refer application log file for more information., MORE DETAILS, Result of node:localnode, [PRCD-1012 : Failed to retrieve disk group list for database BDHSM1_pqn_gru., PRCA-1084 : Failed to retrieve ASM Mode, PRKH-1059 : Failed to get ASM mode, PRKH-1056 : Unexpected CSS error(error code[0]), PRKH-1002 : Internal HASContext Error: JNI Native Call Failure], Exit code of the operation:1, [FATAL] [DBAAS-70006] Plugin setup bean not found in job context.] Exit code of the operation:255

sup-cloudb commented 2 years ago

[root@exa1brscan-8ilfa1 ~]# dbaascli tde filetohsm --dbname BDHSM1 --kmsKeyOCID ocid1.key.oc1.sa-saopaulo-1.czrpnjaaaacna.abtxeljrkbyite3i35ijqbkrvgblmm3xx7dubzq3i7wtxjqvj3v6xivunmva DBAAS CLI version 22.3.1.0.1 Executing command tde filetohsm --kmsKeyOCID ocid1.key.oc1.sa-saopaulo-1.czrpnjaaaacna.abtxeljrkbyite3i35ijqbkrvgblmm3xx7dubzq3i7wtxjqvj3v6xivunmva Job id: 69bff12f-93d5-4753-ab93-548bd920f864 Loading PILOT... Session ID of the current execution is: 34 Log file location: /var/opt/oracle/log/BDHSM1/tde/fileToHSM/pilot_2022-08-19_02-03-31-PM_245673

Running Plugin_initialization job Completed Plugin_initialization job

Running Perform_dbca_prechecks job Completed Perform_dbca_prechecks job

Running Validate_tablespaces_status job Completed Validate_tablespaces_status job

Running Convert_tde_keystore job Completed Convert_tde_keystore job

Running Update_creg job Completed Update_creg job

Running Backup_Database job Completed Backup_Database job dbaascli execution completed [root@exa1brscan-8ilfa1 ~]#

sup-cloudb commented 2 years ago

Se for instalar o oci em 1 node, tera que instalar nos 2 com o usuario ROOT, pois senao a integracao com o HSM nao funcionara.