Archive
securing passwords with Oracle Wallet
To prevent hard coding passwords in any script is not a good idea, specially for rman backup scripts as the account bring used need sysdba privileges
steps to store the password in a wallet
1. create a wallet
Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the “orapki” command, instead of the “mkstore” command.
orapki wallet create -wallet "/u02/wallet" -pwd "mypassword" -auto_login_local
Once the wallet is created , it can be modified using the “mkstore” command
2. Add database connection ( including connection_string, username and password )
mkstore -wrl -createCredential <db_connection_string> <username> <password> E.g. mkstore -wrl /u01/app/wallet -createCredential rmancpr rman rmanpwd
3. Add the following code to your sqlnet.ora
SQLNET.WALLET_OVERRIDE=TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/wallet)
)
)
If you are using RAC make sure that the sqlnet.ora is updated on all nodes
WALLET_LOCATION: points to the directory where the wallet resides.
SQLNET.WALLET_OVERRIDE: will force all connections as /@db_connection_string to use the information being stored on the wallet to authenticate to databases.
4. test the connection
we can replace
rman/rmanpwd@rmancpr
by
/@rmancpr
Other options that wallet offer
1.- list the content being stored on the wallet: mkstore -wrl /u01/app/wallet -listCredential 2.- Add credentials: mkstore -wrl /u01/app/wallet -createCredential <db_connection_string> <username> <password> 3.- Modify credentials: mkstore -wrl /u01/app/wallet -modigyCredential <db_connection_string> <username> <password> 4.- Delete credentials: mkstore -wrl /u01/app/wallet -deleteCredential <db_connection_string>
Add New Post ‹ Mike Desouza’s Blog — WordPress
Monitor RMAN backups
To see what RMAN is doing now and how much work its got left to do you can run the following SQL
select sid, start_time, totalwork, sofar, (sofar/totalwork) * 100 pct_done from v$session_longops where totalwork > sofar AND opname NOT LIKE '%aggregate%' AND opname like 'RMAN%' /
you got 4 channels running the rman backup
The following query will show you a history of your BACKUP and RESTORE operations
select to_char(start_time, 'dd-mon-yyyy@hh24:mi:ss') "Date", status, operation, mbytes_processed from v$rman_status vs where start_time > sysdate -1 order by start_time /
By changing the where start_time > sysdate -1 clause you control how much in the past you want to look at
Check status of rman backups
col STATUS format a9 col hrs format 999.99 select SESSION_KEY, INPUT_TYPE, STATUS, to_char(START_TIME,'mm/dd/yy hh24:mi') start_time, to_char(END_TIME,'mm/dd/yy hh24:mi') end_time, elapsed_seconds/3600 hrs from V$RMAN_BACKUP_JOB_DETAILS order by session_key;
