In this post I want to configure TDE on RAC database .
On Node1 :
1- Config ACFS file system
using the following commands as the root user.
$ $GRID_HOME/bin/acfsload start –s
--------------------------------------------------------------------------------------------------------------------------
2- Connect to asmcmd as the grid user
ASMCMD> volcreate -G FRA -s 10G TDE_WALLET1
ASMCMD> volinfo -G fra TDE_WALLET1
Diskgroup Name: FRA
Volume Name: TDE_WALLET1
Volume Device: /dev/asm/tde_wallet1-306
State: ENABLED
Size (MB): 10240
Resize Unit (MB): 32
Redundancy: UNPROT
Stripe Columns: 4
Stripe Width (K): 128
Usage:
Mountpath:
--------------------------------------------------------------------------------------------------------------------------
3- Set the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora to the newly created directory:
[oracle@test]$ vi sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE)
(METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))
--------------------------------------------------------------------------------------------------------------------------
4- Create a file system with the Oracle ACFS mkfs command.
[grid@test]$ /sbin/mkfs -t acfs /dev/asm/tde_wallet1-306
--------------------------------------------------------------------------------------------------------------------------
5- Making the required path
[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/
--------------------------------------------------------------------------------------------------------------------------
6- Optionally register the file system with the acfsutil registry command.
[grid@test]$ /sbin/acfsutil registry -a /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------
7- Mount the file system with the Oracle ACFS mount command.
[root@test]# cd $GRID_HOME
[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------
8- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:
SQL> alter system set encryption key identified by "password";
--------------------------------------------------------------------------------------------------------------------------
9- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:
[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login
SQL> alter system set encryption wallet open identified by "password";
SQL> select status from gv$encryption_wallet;
STATUS
-----------
OPEN
--------------------------------------------------------------------------------------------------------------------------
1- On Node2 :
using the following commands as the root user.
$ $GRID_HOME/bin/acfsload start –s
--------------------------------------------------------
2- Set the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora to the newly created directory:
[oracle@test]$ vi sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE)
(METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))
--------------------------------------------------------
3- Making the required path
[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/
--------------------------------------------------------
4- Mount the file system with the Oracle ACFS mount command.
[root@test]# cd $GRID_HOME
[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------
5- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:
SQL> alter system set encryption key identified by "password";
--------------------------------------------------------
6- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:
[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login
SQL> alter system set encryption wallet open identified by "password";
SQL> select status from gv$encryption_wallet;
STATUS
-----------
OPEN
OPEN
On Node1 :
1- Config ACFS file system
using the following commands as the root user.
$ $GRID_HOME/bin/acfsload start –s
--------------------------------------------------------------------------------------------------------------------------
2- Connect to asmcmd as the grid user
ASMCMD> volcreate -G FRA -s 10G TDE_WALLET1
ASMCMD> volinfo -G fra TDE_WALLET1
Diskgroup Name: FRA
Volume Name: TDE_WALLET1
Volume Device: /dev/asm/tde_wallet1-306
State: ENABLED
Size (MB): 10240
Resize Unit (MB): 32
Redundancy: UNPROT
Stripe Columns: 4
Stripe Width (K): 128
Usage:
Mountpath:
--------------------------------------------------------------------------------------------------------------------------
3- Set the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora to the newly created directory:
[oracle@test]$ vi sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE)
(METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))
--------------------------------------------------------------------------------------------------------------------------
4- Create a file system with the Oracle ACFS mkfs command.
[grid@test]$ /sbin/mkfs -t acfs /dev/asm/tde_wallet1-306
--------------------------------------------------------------------------------------------------------------------------
5- Making the required path
[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/
--------------------------------------------------------------------------------------------------------------------------
6- Optionally register the file system with the acfsutil registry command.
[grid@test]$ /sbin/acfsutil registry -a /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------
7- Mount the file system with the Oracle ACFS mount command.
[root@test]# cd $GRID_HOME
[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------
8- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:
SQL> alter system set encryption key identified by "password";
--------------------------------------------------------------------------------------------------------------------------
9- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:
[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login
SQL> alter system set encryption wallet open identified by "password";
SQL> select status from gv$encryption_wallet;
STATUS
-----------
OPEN
--------------------------------------------------------------------------------------------------------------------------
1- On Node2 :
using the following commands as the root user.
$ $GRID_HOME/bin/acfsload start –s
--------------------------------------------------------
[oracle@test]$ vi sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
(SOURCE = (METHOD = FILE)
(METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))
--------------------------------------------------------
3- Making the required path
[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/
--------------------------------------------------------
4- Mount the file system with the Oracle ACFS mount command.
[root@test]# cd $GRID_HOME
[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------
5- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:
SQL> alter system set encryption key identified by "password";
--------------------------------------------------------
6- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:
[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login
SQL> alter system set encryption wallet open identified by "password";
SQL> select status from gv$encryption_wallet;
STATUS
-----------
OPEN
OPEN
No comments:
Post a Comment