Após a criação de um novo pdb em um ambiente Oracle database cloud service tivemos o erro abaixo ao criar uma nova tablespace.
SQL> create tablespace teste;create tablespace teste*ERROR at line 1:ORA-28361: master key not yet set
ALERTLOG2022-03-10T08:27:35.587135-03:00PIRA2011(5):create tablespace teste2022-03-10T08:27:35.587301-03:00PIRA2011(5):Force tablespace TESTE to be encryptedPIRA2011(5):Master key not set for this container (5). Please ensure that wallet is configured and master key is set.PIRA2011(5):ORA-28361 signalled during: create tablespace teste...Status do wallet no PDB.
SQL> set lines 210SQL> col WRL_PARAMETER for a45SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;WRL_PARAMETER STATUS WALLET_TYPE--------------------------------------------- ------------------------------ --------------------OPEN_NO_MASTER_KEY AUTOLOGINSQL> SQL>
O erro ocorre pois após a criação de um novo PDB é esperado que a master key seja criada e ativada. Para a criação e ativação da master key, basta seguir os passos abaixo.
Desabilitar a opção de auto-login movendo o arquivo de wallet para um diretório de backup. Confirmar que não existam arquivos .sso no diretório do wallet.
mv /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/cwallet.sso /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01_bkp
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE close;
keystore altered.
SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/ CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "SENHA";
keystore altered.
SQL> show pdns;
SP2-0158: unknown SHOW option "pdns"
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PRD01 READ WRITE NO
4 ANS2011 READ WRITE NO
5 PIRA2011 READ WRITE NOConectar no PDB que estava apresentando erro execute os passos abaixo.
SQL> alter session set container=PIRA2011;
Session altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "pzlv##qZv43fED";
keystore altered.
SQL> administer key management set key identified by "pzlv##qZv43fED" with backup;
keystore altered.
SQL> set lines 210
col wrl_parameter for a60
SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;SQL> SQL>
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
OPEN PASSWORDApos o processo feito no PDB criado, é necessário conectar no CDB, executar o comando para ativar o auto-login e então realizar um restart da base.
No comando abaixo é passado o caminho do wallet (/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01) e a senha.
SQL> alter session set container=CDB$ROOT; Session altered. SQL> administer key management create AUTO_LOGIN keystore from keystore '/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01' identified by "SENHA;
keystore altered. SQL> shutdown immediate; Database closed. Database dismounted. ORACLE instance shut down. SQL> SQL> startup; ORACLE instance started. Total System Global Area 1.4361E+10 bytes Fixed Size 9151448 bytes Variable Size 6710886400 bytes Database Buffers 7616856064 bytes Redo Buffers 24399872 bytes Database mounted. Database opened. SQL>
Assim que o banco iniciar novamente, podemos validar que o status da wallet está open e com autologin.
SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/ OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PRD01 READ WRITE NO
4 ANS2011 READ WRITE NO
5 PIRA2011 READ WRITE NO
SQL> alter session set container=PIRA2011;
Session altered.
SQL> create tablespace teste;
Tablespace created.
SQL> drop tablespace teste;
Tablespace dropped.Provided in [OCI-C, OCI]: Newly Created PDB Inside The Container Database Shows Wallet Error "OPEN_NO_MASTER_KEY" Note 2443398.1
OCI : Create Create Tablespace in-PDB Fails with 'ORA-28374: Typed Master Key Not Found In Wallet' (Doc ID 2496205.1)
Comentários
Postar um comentário