meta données pour cette page
  •  

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
oracle:database:cloning_pdb_in_an_isolated_tde_environment [15/04/2025 08:58] mdloracle:database:cloning_pdb_in_an_isolated_tde_environment [15/04/2025 09:08] (Version actuelle) mdl
Ligne 1: Ligne 1:
-== source == +== Source == 
-cdb TSTTDECL   with wallet password  : pwdtsttdecl +  cdb TSTTDECL 
-pdb PDB1TDE   with wallet password :  pwdpdb1tde    --isolated mode+     with wallet password  : pwdtsttdecl 
 +  pdb PDB1TDE 
 +     with wallet password :  pwdpdb1tde    --isolated mode 
  \\  \\
-== target == +== Target == 
-cdb TARTDECL  with wallet password : pwdtartdecl +  cdb TARTDECL 
-pdb PDBTARTDE with wallet password : pwdpdbtartde   --isolated+     with wallet password : pwdtartdecl 
 +  pdb PDBTARTDE  
 +     with wallet password : pwdpdbtartde   --isolated 
  \\  \\
  
 +== 1/ Log in to the source isolated mode PDB PDB1TDE and verify that the wallet is opened ==
 +<code PLSQL>
 +SQL> show pdbs
  
-Goal : Clone PDBs+    CON_ID CON_NAME                       OPEN MODE  RESTRICTED 
 +---------- ------------------------------ ---------- ---------- 
 +         3 PDB1TDE                        READ WRITE NO
  
-source CDB:PDB  TSTTDECL:PDB1TDE 
  
-target CDB:PDB  TARTDECL:PDB1TDECLNE2 
  
 +SQL> SELECT CON_ID, KEYSTORE_MODE,status,wallet_type from gV$ENCRYPTION_WALLET;
 +    CON_ID KEYSTORE STATUS                         WALLET_TYPE
 +---------- -------- ------------------------------ --------------------
 +         3 ISOLATED OPEN                           PASSWORD
 +</code>         
 +
 + \\
 +== 2/ On target CDB TARTDECL create a database link for the PDB PDB1TDE that you want to clone remotely. ==
 +<code PLSQL>
 +SQL> show con_name
 +
 +CON_NAME
 +------------------------------
 +CDB$ROOT
 +
 +SQL> create database link forclone connect to system identified by ZicZac##4523Pec using '//moros:1521/PDB1TDE.COE.CORP';
 +Database link created.
 +
 +
 +SQL> alter session set global_names=false;
 +Session altered.
 +
 +SQL> select * from dual@forclone;
 +D
 +-
 +X
 +SQL>
 +</code>         
 +
 + \\
 +== 3/ On source cdb give following privilege ==
 +<code PLSQL>
 +SQL> show parameter db_un
 +
 +NAME                                 TYPE        VALUE
 +------------------------------------ ----------- ------------------------------
 +db_unique_name                       string      TSTTDECL
 +
 +SQL> grant create pluggable database to system container=all;
 +Grant succeeded.
 +</code>  
 +
 + \\
 +== 4/ CREATE PLUGGABLE DATABASE statement with the KEYSTORE IDENTIFIED BY clause to perform the clone of the PDB. ==
 +<code PLSQL>
 +alter session set global_names=false;
 +
 +SQL> show parameter tde
 +
 +NAME                                 TYPE        VALUE
 +------------------------------------ ----------- ------------------------------
 +one_step_plugin_for_pdb_with_tde     boolean     FALSE
 +tde_configuration                    string      KEYSTORE_CONFIGURATION=FILE
 +
 +
 +
 +SQL> alter system set one_step_plugin_for_pdb_with_tde=true;
 +System altered.
 +
 +SQL>  create pluggable database PDB1TDECLNE2 from PDB1TDE@forclone keystore identified by pwdtartdecl;  --with target cdb tde passwd
 +Pluggable database created.
 +
 +SQL> alter pluggable database PDB1TDECLNE2 open;
 +Pluggable database altered.
 +</code>  
 +
 + \\
 +== 5/ Rekey the master encryption key of the remotely cloned PDB ==
 +<code PLSQL>
 +SQL> show pdbs
 +    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
 +---------- ------------------------------ ---------- ----------
 +         6 PDB1TDECLNE2                   READ WRITE NO
 +
 +SQL> ADMINISTER KEY MANAGEMENT SET KEY  FORCE KEYSTORE IDENTIFIED BY pwdtartdecl WITH BACKUP USING 'after_clne_key_backup';
 +keystore altered.
 +</code>  
 +
 + \\
 +==  6/ Change password for the PDB ==
 +<code PLSQL>
 +SQL> show pdbs
 +    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
 +---------- ------------------------------ ---------- ----------
 +         6 PDB1TDECLNE2                   READ WRITE NO
 +
 +SQL> ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD IDENTIFIED BY pwdtartdecl  SET pwdpdbclne2 WITH BACKUP ;
 +keystore altered.
 +</code>  
 +
 + \\
 +== 7/ Create Auto login for the PDB ==
 +<code PLSQL>
 +SQL> show pdbs
 +    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
 +---------- ------------------------------ ---------- ----------
 +         6 PDB1TDECLNE2                   READ WRITE NO
  
 +SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE  IDENTIFIED BY pwdpdbclne2;
 +keystore altered.
 +</code>  
  
-target pdb PDBCLNE2 new password  pwdpdbclne2  after the clone