DBCSの新規インスタンスを作成した後、create pluggable database文で新規のPDBを作成。
その後、そのPDBで表領域を作成しようとすると、ORA-28361エラーが発生して、表領域が作成できません。
SQL> create pluggable database TESTPDB admin user TESTPDB identified by TestTest123#;
プラガブル・データベースが作成されました。
SQL> alter session set container=TESTPDB;
セッションが変更されました。
SQL> startup open;
プラガブル・データベースがオープンされました。
SQL> select tablespace_name, file_name, status, bytes/1024/1024 mbytes, increment_by, autoextensible, online_status from dba_data_files;
TABLESPACE_NAME FILE_NAME STATUS MBYTES INCREMENT_BY AUT ONLINE_
------------------------------ ---------------------------------------------------------------------------------------------------- --------- ---------- ------------ --- -------
UNDOTBS1 +DATA/TEST_NRT1CC/C7770153156D7E14E0538401000A3517/DATAFILE/undotbs1.291.1078336873 AVAILABLE 50 640 YES ONLINE
SYSAUX +DATA/TEST_NRT1CC/C7770153156D7E14E0538401000A3517/DATAFILE/sysaux.305.1078336873 AVAILABLE 410 1280 YES ONLINE
SYSTEM +DATA/TEST_NRT1CC/C7770153156D7E14E0538401000A3517/DATAFILE/system.304.1078336873 AVAILABLE 340 1280 YES SYSTEM
SQL> create tablespace test datafile '/u02/app/oracle/oradata/DB0707_iad1s2/test01.dbf' size 100M;
create tablespace test datafile '/u02/app/oracle/oradata/DB0707_iad1s2/test01.dbf' size 100M
*
行1でエラーが発生しました。:
ORA-28361: マスター鍵が設定されていません
新しいPDBを作成する場合は、PDB用の暗号化マスターキーを有効にする必要があります。1 ノードまたは 2 ノード RAC で新しいプラガブル・データベースを作成または接続した後、dbcli update-tdekey を使用して、その PDB 用のマスター暗号化キーを作成して有効にします。
dbcli update-tdekeyを使用した暗号化キー作成・有効化
- rootユーザで
dbcli list-databasesを実行し、データベースのIDを確認します。
※実行結果の[ID]が該当箇所
DBIDの確認
[root@dbcstest ~]# cd /opt/oracle/dcs/bin
[root@dbcstest bin]# ./dbcli list-databases
ID DB Name DB Type DB Version CDB Class Shape Storage Status DbHomeID
---------------------------------------- ---------- -------- -------------------- ---------- -------- -------- ---------- ------------ ----------------------------------------
cf4c9d18-0aaf-4d60-9668-ed3d1b99a873 DB0707 Si 19.11.0.0.0 true Oltp LVM Configured 0fedc6f6-f1af-4009-8e96-f6c1445605a3
2.rootユーザでdbcli update-tdekeyを実行し、暗号化キーを作成して有効化します。
※TDE Admin wallet password:には、DBCS作成時に指定したsysユーザのパスワードを入力
暗号化キー作成と有効化
[root@dbcstest bin]# ./dbcli update-tdekey -i cf4c9d18-0aaf-4d60-9668-ed3d1b99a873 -n APTGTEST -p <=====#5
TDE Admin wallet password:
{
"jobId" : "811039cf-f750-4f55-b55b-7ead4ba39086",
"status" : "Created",
"message" : null,
"reports" : [ ],
"createTimestamp" : "July 19, 2021 09:57:36 AM UTC",
"resourceList" : [ ],
"description" : "TDE update DB0707 - PDBs: [APTGTEST]",
"updatedTime" : "July 19, 2021 09:57:37 AM UTC",
"percentageProgress" : "0%",
"cause" : null,
"action" : null
}
[root@dbcstest ~]#
3.rootユーザでdbcli list-jobsを実行し、暗号化キー作成状況を確認。StatusがSuccessになればOK。
暗号化キー作成状況確認
[root@dbcstest ~]# dbcli list-jobs
ID Description Created Status
---------------------------------------- --------------------------------------------------------------------------- ----------------------------------- ----------
b8df0343-7a6f-44e7-b92a-dfe40b315ac8 Provisioning service creation Wednesday, July 07, 2021, 06:30:05 UTC Success
7e9987ca-98fb-4075-b197-c3abafd910d9 SSH keys update Wednesday, July 07, 2021, 06:36:16 UTC Success
2a861ed5-3110-408f-9286-1fbffb76343b SSH key delete Wednesday, July 07, 2021, 06:36:41 UTC Success
8dfba5f3-2ed5-4519-a152-b3eadbd783e5 Infra upgrade Wednesday, July 07, 2021, 06:37:50 UTC Success
79394c43-fad6-46f3-a7a0-0ac5b42804d4 Authentication key update for DCS_ADMIN Wednesday, July 07, 2021, 06:37:51 UTC Success
3c4265cb-1ae5-4839-89c3-f20bd4d78a60 Manage AHF telemetry Wednesday, July 07, 2021, 06:40:21 UTC Success
7084c256-6fe9-4847-a806-bffdba0af62b Create Pluggable Database :pdb02 in database:DB0707 Wednesday, July 07, 2021, 06:43:33 UTC Success
2673b8d1-0a79-4b66-afad-2c8278076f18 Remove Audit files for DB: DB0707 Thursday, July 08, 2021, 00:00:00 UTC Success
a69fbd67-8887-4e52-9954-d01c806852a8 Infra upgrade Thursday, July 08, 2021, 00:00:00 UTC Success
8d99044e-4676-45fe-9d25-7aade53571df Remove Audit files for DB: DB0707 Friday, July 09, 2021, 00:00:00 UTC Success
3e9fd1c8-a415-4807-bc1d-0f6b82d822ac Remove Audit files for DB: DB0707 Saturday, July 10, 2021, 00:00:00 UTC Success
454c93b8-73a7-4bb2-ae8f-f38e5e50aaf1 Remove Audit files for DB: DB0707 Sunday, July 11, 2021, 00:00:00 UTC Success
3c3f8532-e2d9-4008-b093-00095aac668c Remove Audit files for DB: DB0707 Monday, July 12, 2021, 00:00:00 UTC Success
6b3f2e33-8ccb-448b-bc96-7d3a2adb0bae Remove Audit files for DB: DB0707 Tuesday, July 13, 2021, 00:00:00 UTC Success
956cbdbe-1701-4636-8c93-630a5fd9ee9b Remove Audit files for DB: DB0707 Wednesday, July 14, 2021, 00:00:00 UTC Success
e3f05015-2b7d-449f-9fbb-3271a8f0d99a Remove Audit files for DB: DB0707 Thursday, July 15, 2021, 00:00:00 UTC Success
95549dc5-7517-4e81-9fd7-8760ebbce888 Infra upgrade Thursday, July 15, 2021, 00:00:00 UTC Success
0c74e3c8-e4df-401b-bef6-ae8b6a8fbee5 Remove Audit files for DB: DB0707 Friday, July 16, 2021, 00:00:00 UTC Success
714e71b9-ea6e-4cfd-a983-332672351574 Remove Audit files for DB: DB0707 Saturday, July 17, 2021, 00:00:00 UTC Success
9d65d172-f064-4aa1-a0d2-c713ac217487 Remove Audit files for DB: DB0707 Sunday, July 18, 2021, 00:00:00 UTC Success
9a4b14ea-5c74-44ee-8332-754a8462105c Remove Audit files for DB: DB0707 Monday, July 19, 2021, 00:00:00 UTC Success
811039cf-f750-4f55-b55b-7ead4ba39086 TDE update DB0707 - PDBs: [APTGTEST] Monday, July 19, 2021, 09:57:36 UTC Success <=====★★★★★
4.表領域の作成
[oracle@dbcstest ~]$ sqlplus /nolog
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 19 10:01:19 2021
Version 19.11.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
SQL> conn /as sysdba
Connected.
SQL> alter session set container=TESTPDB;
Session altered.
SQL> create tablespace test datafile '/u02/app/oracle/oradata/DB0707_iad1s2/test01.dbf' size 100M;
Tablespace created.
SQL> select tablespace_name, file_name, status, bytes/1024/1024 mbytes, increment_by, autoextensible , online_status from dba_data_files;
TABLESPACE_NAME
------------------------------
FILE_NAME
--------------------------------------------------------------------------------
STATUS MBYTES INCREMENT_BY AUT ONLINE_
--------- ---------- ------------ --- -------
SYSTEM
/u02/app/oracle/oradata/DB0707_iad1s2/DB0707_IAD1S2/C7778B04C12862EEE053C101000A
39FA/datafile/o1_mf_system_jhbkcn6g_.dbf
AVAILABLE 330 1280 YES SYSTEM
SYSAUX
/u02/app/oracle/oradata/DB0707_iad1s2/DB0707_IAD1S2/C7778B04C12862EEE053C101000A
TABLESPACE_NAME
------------------------------
FILE_NAME
--------------------------------------------------------------------------------
STATUS MBYTES INCREMENT_BY AUT ONLINE_
--------- ---------- ------------ --- -------
39FA/datafile/o1_mf_sysaux_jhbkcn6p_.dbf
AVAILABLE 470 1280 YES ONLINE
UNDOTBS1
/u02/app/oracle/oradata/DB0707_iad1s2/DB0707_IAD1S2/C7778B04C12862EEE053C101000A
39FA/datafile/o1_mf_undotbs1_jhbkcn6t_.dbf
AVAILABLE 215 640 YES ONLINE
TABLESPACE_NAME
------------------------------
FILE_NAME
--------------------------------------------------------------------------------
STATUS MBYTES INCREMENT_BY AUT ONLINE_
--------- ---------- ------------ --- -------
TEST
/u02/app/oracle/oradata/DB0707_iad1s2/test01.dbf
AVAILABLE 100 0 NO ONLINE
SQL>
dbcli update-tdekeyとは
dbcli update-tdekeyコマンドを使用して、TDE Wallet内のTDE暗号化キーを更新します。プラガブル・データベース(-pdbNamesが指定されている場合)またはコンテナ・データベース(-rootDatabaseが指定されている場合)の暗号化キー(あるいはその両方)を更新できます。
詳細は[マニュアル][link-1]をご覧ください。
[link-1]:https://docs.oracle.com/ja-jp/iaas/Content/Database/References/dbacli.htm