Security :: How To Automate Wallet Open Operation In Standby Instance
Dec 14, 2012
My database is 11.1.0.7 and 11.2.0.3 with TDE tablespace encryption, ASM db storage. The wallet needs to be opened for MRP to work in physical standby database. I already have the solution for the primary instances to automate wallet open (e.g. using startup trigger for 11.1.0.7). However, I cannot find solution to automate wallet open operation in standby instances (to issue ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY ""').
Manual operation everytime standby instance is started is not feasible.
I want to create a wallet on RAC setup.I have two node setup.I have created the wallet directory under shared folder /u01/oradata/$ORACLE_SID/wallet
I am Unable to open wallet.I tried this using the below command
SQL> alter system set encryption key identified by "aryabhat"; alter system set encryption key identified by "aryabhat" * ERROR at line 1: ORA-28353: failed to open wallet
I successfully created a Oracle Wallet in AIX. The wallet is belong to user "oracle" and permission is 755. I can access it with non-oracle user. Note: the non-oracle user is under the same group as "oracle" id.
But when I try to change the Oracle Waller permission to less than 755, I am not able to access it anymore. The error is "ORA-12578: TNS:wallet open failed".
My question is how can I access the Oracle Wallet without using 755 permission?
Find an appropriate script to automate Oracle DBs in one server? This db server have 6 instances. We always done the starting up and shutting down manually, although we have a reference script that does this but in Oracle v7.3.4. We do want to include the automatic start/stop of dbconsole for accessing it via OEM.
I'm reviewing the method of setting up transparent data encryption (TDE) and the role Oracle Wallet plays in that process. One statement that caught my attention was this statement in the documentation:
Quote:You can also choose to create a local auto login wallet. Local auto login wallets cannot be moved to another computer. They must be used on the host on which they are created." URL....
Why an auto-login wallet can't be moved to another computer? For example, if my Oracle database server goes down and I'm in a recovery situation, would an autologin Oracle wallet file restored from tape not work?
I have TDE enable in system. Now i want to remove wallet from the server and keep another secure place so that it can't be put in wrong hand. Is there any way that i can remove the wallet folder from the server while encryption and decryption on?
Is there a way to have separate wallets for each windows user? Well, I have found a way, but does not seem to work always properly and that is with %USERNAME% environment variable.
This is how our customer want's to have - so separate wallet for each windows user, how to accomplish this without using %USERNAME%?
If i have Oracle Wallet installed for a Oracle 10.2 Client, i am able to connect to the database. But , while generations a report , when my oracle report server tries to connect to the DB using Oracle Wallet
(i.e. sqlplus /@<dbname> ) , I am not able to establish a connection.
I need few clarifications regarding oracle wallet.
db version: 11.2.0.3.2 (Enterprise Edition)
We have a requirement to run shell scripts calling stored procedures for specific activities, which are run on database server. We do not want to store passwords in shell scripts and decided to use Secure External Password Store for hiding passwords instead of os authentication method. need few clarifications on the below.
1) Currently, we are creating oracle wallet entry on db server and making modifications in sqlnet.ora file accordingly. Is it good to use like this or we should do this only on a client machine? 2) Do we need any licensing to use this option? 3) Any knows issues with using oracle wallet? 4) Can we use orapki for creating oracle wallet instead of mkstore? 5) Any knows issues we face during startup and shutdown of db activities?
5) issued command as sysdba - ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "ASHISH123";
6) restarted the database.
7) since i want to made it autologin. so I open wallet through the below mentioned path program file >>oracle_home>> integrated management tool >> wallet But when it asked the password I typed the same password but it was not accepting. So i made new wallet with the same specified path. Also I clicked on auto login.
8) Now, i have restarted the database and tried to issue the command "ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "suresh123";
While issuing the command, getting error "ora-28374 typed master key not found in wallet". "
i tried with the recreation of new folder again on the same path as -"C:appAdministratoradmin estwallet" and same entry updated on sqlnet.ora. But facing the same error.
Is there any way to re-create or modify the encryption of tablespace?
C:Documents and SettingsAdministrator>sqlplus /@db10g SQL*Plus: Release 10.2.0.4.0 - Production on Wed Apr 13 22:53:06 2011 Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR: ORA-12534: TNS:operation not supported
Enter user-name:
so I Google around for the solution to the ORA-12534 error, one of the site,
[URL].......
here's my lsnrctl services
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) Services Summary... Service "MIKEXDB" has 1 instance(s). Instance "mike", status READY, has 1 handler(s) for this service... Handler(s): [code].....
The command completed successfully
right now I think I will be a fool to think that the solution is to resolve the ERROR: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor. so what is wrong with my setup, or is it some patch that I need to apply?
i, I've Two database one for primary(GISC) and one for standby (GISCST) when i start open standby database i appeare erro :
ORA-16004: backup database requires recovery ORA-01152: file 1 was not restored from a sufficiently old backup ORA-01110: data file 1: 'D:\ORACLE\ORADATA\ORCLSB\SYSTEM01.DBF'
I take the copy the datafiles from primary database and Pase them to the Standby database and the Enviroment of two database is :
SPfile for primary(GISC) IS: *.compatible='10.2.0.3' *.control_files='C:\oracle\product\10.2.0\oradata\gisc\CONTROL01.CTL','C:\oracle\product\10.2.0\oradata\gisc\CONTROL02.CTL','C:\oracle\product\10.2.0\oradata\gisc\CONTROL03.CTL' *.db_block_size=8192 [code]....
Suddenly I can't open any of my physical standby databases read only. Alert log snippet and trace files follow post. I'm running 9.2.0.1.0 on all hosts, which are running AIX 5.2. I've successfully opened all physical standby databases read only numerous times in the past. Is it possible that these standby databases cannot be switched over to primary should the need arise?
Here's how I typically open a physical standby database read only:
alter database recover managed standby database cancel; alter database open read only;
Errors in file /ora/product/9.2.0.1.0/rdbms/log/icps1_ora_27382.trc: ORA-00604: error occurred at recursive SQL level 1 ORA-16000: database open for read-only access Error 604 happened during db open, shutting down database USER: terminating instance due to error 604
I did standby before and it works wighout any disturbations and even configuration seems to me not very complicated - but it was before. now i am trying to do standby configuration once again. there is database named DESK.
two physical serwers: sczepl-db07 - primary r00979 - standby
on each for this serwer there is listener listening on port 1521, and on each is tnsnames configured properly:
Suddenly I can't open any of my physical standby databases read only. Alert log snippet and trace files follow post. I'm running 9.2.0.1.0 on all hosts, which are running AIX 5.2. I've successfully opened all physical standby databases read only numerous times in the past. solve this? Is it possible that these standby databases cannot be switched over to primary should the need arise?
Here's how I typically open a physical standby database read only:
alter database recover managed standby database cancel; alter database open read only;
Errors in file /ora/product/9.2.0.1.0/rdbms/log/icps1_ora_27382.trc: ORA-00604: error occurred at recursive SQL level 1 ORA-16000: database open for read-only access
Brand new box, and I installed 11.1.0.6 (software only)
I have a brand new box set-up for a single-instance standby database, and I have installed 11.1.0.6 software only.
Do I need to patch 11.1.0.6 to 11.1.0.7 before I send a copy of the primary over to be set-up as a standby? If so, how do I patch 11.1.0.6 without having a local database in place as this server will only be used for a standby? Can patching the oracle_home only be done?
I'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2) return boolean is begin begin if dbms_ldap.success = dbms_ldap.simple_bind_s( [code]........
I am not able to find any document that shows steps to create a SINGLE INSTANCE LOGICAL STANDBY database for a 2 NODE ORACLE RAC database. I have found documents for RAC to Single Instance Physical standby database. But not for Logical Standby.
Details:
OS: Redhat 5 DB: 10.2.0.4(shared file system, not using ASM/Standby also file system) Status: Single instance physical standby database created, need to convert it to Logical standby.
1) If i do changes in table on primary database and if i open standby database in Read-Only mode, i can see those changes immediately only if Real Time Apply is enabled. Am i correct? Database version is 10.2.0.4
2) From 11g, It is possible to apply redo while the standby is open in read only mode. prior to 11g, it was not possible. Right?
3) Should I first cancel Managed Recovery prior to issuing “ALTER DATABASE COMMIT TO SWITCHOVER TO PRIMARY”?
I have a requirement to change the instance parameter of the primary database and standby in the data guard. Any procedure to do the same. I have to do it directly on production and there is no test set up so I cannot experiment . The procedure I am thinking of is as below.
1. Stop the standby
2. backup the primary
3. Change the parameter and restart to make it effective
4. Start the primary
5. Go to stand by
6. Change the parameter and mount the database.
7. Check if both are in sync and apply logs if not.
I am using Oracle RAC 11.2.0.3 as primary database, we are going to start using Oracle data guard. So I am designing my infrastructure and planing to use Oracle 11.2.0.3 Single instance as my physical stand by database.
My question is it feasible to have my standby database as single instance while the primary is RAC? is it feasible to build my Oracle single instance standby database from the RMAN backup of the RAC primary database? Is there any restrictions (or any points to be taken into consideration) since my primary database is RAC while the physical standby is Oracle single instance?
in the below link
[URL].......
it was mentioned that primary can be RAC or single and same for standby, but my question is it feasible to have primary as RAC while standby as single instance? or it should be like each others?
The primary database can be either a single-instance Oracle database or an Oracle Real Application Clusters (RAC) database. Similar to a primary database, a standby database can be either a single-instance Oracle database or an Oracle RAC database.
How to configure Oracle EM with newly created Oracle Instance on Oracle 10g DB,which is Single Instance DB but not RAC ,when I start the Oracle EM it is starting the default DB which created during Oracle Server Installation.
how to automate a data from oracle into excel...i have a table "emp" in oracle database now i need colums of emp ex:firstname ,last name, id from that table into excel.
so i need a script which when you schedule it it should create a excel file in particular postion,i was told we have to crete a directory from sql and using utl_file then we have to write a script and then schedule that.out look in excel should be
I'm trying to create an install script to install Discoverer 10g R2 with its needed patch and opatches applied without any user interaction. I've already created the necesary response files and a batch file to sequence it. The installer should work when the it is placed on a server with the main folder shared and it does so flawlessly.
the user sees a dos window which is kindly stating that he has to wait for the primary installer to finish before hitting enter to start the patch installer.The problem I'm having is that, on slow networks, it takes a while for the primary installer of discoverer 10g to show up a window and of course the user isn't always patient enough to wait for it and hits enter before the primary installer is showing itself causing the patch installer to start before discoverer is completely installed.
Is there a way to avoid this? Or am I wrong in using a batch file to sequence this install? second problem is the needed interaction while applying opatches, can this be automated as well?
here is the contents of my batch file:
net use x: /delete net use X: \\servername\Oracle_cd\disco10gr2 /persistent:no @ECHO off cls :start
We have two databases one localdb with user rakdb and another one remotely remotedb with user rakdb .We need to be in sync with data in one table called om_item, where the users are inserting data on daily basis and the user sends us the insert script everday to run it on local databse to insert the new records in local database.I managed to create a file which records all the inserts into one text file in one directory.Can we have a scheduler to pick this text file from the specified folder and send mail using utl_mail.
CREATE TABLE ITEM (IT_CODE VARCHAR2(12),IT_NAME VARCHAR2(20)); INSERT INTO ITEM VALUES ('A','AAA'); CREATE OR REPLACE DIRECTORY MY_DIR AS 'C:TEMP'; CREATE OR REPLACE PROCEDURE it_status
[Code]..
Procedure created.
EXEC it_status HOST TYPE c: empaaaa.txt INSERT INTO ITEM (IT_CODE, ITEM_NAME) VALUES ('A','AAA'); COMMIT;
- one ASM instance - X DB instances - each DB instance uses 2 or more dedicated diskgroups from the ASM instance - there is one diskgroup named FREEDISK that contains spare disks
On each DB instance you can see:
- the list and global parameters of all diskgroups using v$asm_diskgroup view - the list and parameters of all disks the instance is using with v$asm_disk view
So my question is: how (if this is possible) to know the list of (spare) disks in FREE DISK disk group?