使用DMRMAN工具执行加密备份与设置跟踪日志
下面介绍使用DMRMAN工具执行加密备份与设置跟踪日志
1.加密备份
DMRMAN同DIsql工具一样可使用加密的方式备份数据库,没有权限的用户无法访问加密的备份集。
DMRMAN备份命令中通过指定IDENTIFIED BY…WITH ENCRYPTION…ENCRYPT WITH…命令执行加密备份。
加密备份过程中参数IDENTIFIED BY必须指定,参数WITH ENCRYPTION和参数ENCRYPT WITH可不指定。加密备份时不指定WITH ENCRYPTION参数,该参数默认为1,不指定ENCRYPT WITH参数,该参数默认值为AES256_CFB。例如,以下两种加密备份命令都是合法的:
RMAN> backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_01' identified by "abcd123456"; backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_01' identified by ******; checking if the database under system path [E:\dmdbms\data\jydm] is running...[4]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[3]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[2]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[1]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[0]. checking if the database under system path [E:\dmdbms\data\jydm] is running, write dmrman info. EP[0] max_lsn: 904411 BACKUP DATABASE [jydm], execute...... CMD CHECK LSN...... BACKUP DATABASE [jydm], collect dbf...... CMD CHECK ...... DBF BACKUP SUBS...... total 1 packages processed... total 2 packages processed... total 3 packages processed... total 4 packages processed... total 5 packages processed... total 6 packages processed... total 7 packages processed... total 8 packages processed... DBF BACKUP MAIN...... BACKUPSET [E:\dmdbms\backup\db_jydm_bak_for_encrypt_01] END, CODE [0]...... META GENERATING...... total 9 packages processed... total 9 packages processed! CMD END.CODE:[0] backup successfully! time used: 8271.759(ms) RMAN> backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_02' identified by "abcd123456" encrypt with rc4; backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_02' identified by ****** encrypt with ******; checking if the database under system path [E:\dmdbms\data\jydm] is running...[4]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[3]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[2]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[1]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[0]. checking if the database under system path [E:\dmdbms\data\jydm] is running, write dmrman info. EP[0] max_lsn: 904411 BACKUP DATABASE [jydm], execute...... CMD CHECK LSN...... BACKUP DATABASE [jydm], collect dbf...... CMD CHECK ...... DBF BACKUP SUBS...... total 1 packages processed... total 2 packages processed... total 3 packages processed... total 4 packages processed... total 5 packages processed... total 6 packages processed... total 7 packages processed... total 8 packages processed... DBF BACKUP MAIN...... BACKUPSET [E:\dmdbms\backup\db_jydm_bak_for_encrypt_02] END, CODE [0]...... META GENERATING...... total 9 packages processed... total 9 packages processed! CMD END.CODE:[0] backup successfully! time used: 7166.572(ms)
若指定了加密密码,但加密类型WITH ENCRYPTION参数指定为0,则为非加密备份,如下所示:
RMAN> backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_03' identified by "abcd123456" with encryption 0; backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_03' identified by ****** with encryption *; checking if the database under system path [E:\dmdbms\data\jydm] is running...[4]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[3]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[2]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[1]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[0]. checking if the database under system path [E:\dmdbms\data\jydm] is running, write dmrman info. EP[0] max_lsn: 904411 BACKUP DATABASE [jydm], execute...... CMD CHECK LSN...... BACKUP DATABASE [jydm], collect dbf...... CMD CHECK ...... DBF BACKUP SUBS...... total 1 packages processed... total 2 packages processed... total 3 packages processed... total 4 packages processed... total 5 packages processed... total 6 packages processed... total 7 packages processed... total 8 packages processed... DBF BACKUP MAIN...... BACKUPSET [E:\dmdbms\backup\db_jydm_bak_for_encrypt_03] END, CODE [0]...... META GENERATING...... total 9 packages processed... total 9 packages processed! CMD END.CODE:[0] backup successfully! time used: 7278.945(ms)
下面以数据库完全备份为例,创建加密密码为“abcd123456”,加密算法为“rc4”的复杂加密类型的数据库加密备份,完整步骤如下:
1) 保证数据库处于关闭状态。
2) 备份数据库。启动DMRMAN工具并输入以下命令。
RMAN> backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_04' identified by "abcd123456" with encryption 2 encrypt with rc4 backup database 'E:\dmdbms\data\jydm\dm.ini' full backupset 'E:\dmdbms\backup\db_jydm_bak_for_encrypt_04' identified by ****** with encryption * encrypt with ******; checking if the database under system path [E:\dmdbms\data\jydm] is running...[4]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[3]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[2]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[1]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[0]. checking if the database under system path [E:\dmdbms\data\jydm] is running, write dmrman info. EP[0] max_lsn: 904411 BACKUP DATABASE [jydm], execute...... CMD CHECK LSN...... BACKUP DATABASE [jydm], collect dbf...... CMD CHECK ...... DBF BACKUP SUBS...... total 1 packages processed... total 2 packages processed... total 3 packages processed... total 4 packages processed... total 5 packages processed... total 6 packages processed... total 7 packages processed... total 8 packages processed... DBF BACKUP MAIN...... BACKUPSET [E:\dmdbms\backup\db_jydm_bak_for_encrypt_04] END, CODE [0]...... META GENERATING...... total 9 packages processed... total 9 packages processed! CMD END.CODE:[0] backup successfully! time used: 7280.960(ms)
对于增量备份加密,如果基备份存在加密,则使用的加密算法和加密密码必须与基备份中一致;如果基备份未进行加密处理,则对增量备份使用的加密密码和算法没有特殊要求。
RMAN> backup database 'E:\dmdbms\data\jydm\dm.ini' increment with backupdir 'E:\dmdbms\backup' backupset 'E:\dmdbms\backup\db_jydm_bak_incr_for_encrypt_01' identified by "abcd123456" with encryption 2 encrypt with rc4; backup database 'E:\dmdbms\data\jydm\dm.ini' increment with backupdir 'E:\dmdbms\backup' backupset 'E:\dmdbms\backup\db_jydm_bak_incr_for_encrypt_01' identified by ****** with encryption * encrypt with ******; checking if the database under system path [E:\dmdbms\data\jydm] is running...[4]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[3]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[2]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[1]. checking if the database under system path [E:\dmdbms\data\jydm] is running...[0]. checking if the database under system path [E:\dmdbms\data\jydm] is running, write dmrman info. EP[0] max_lsn: 904411 BACKUP DATABASE [jydm], execute...... CMD CHECK LSN...... BACKUP DATABASE [jydm], collect dbf...... CMD CHECK ...... DBF BACKUP SUBS...... total 1 packages processed... total 2 packages processed... total 3 packages processed... total 4 packages processed... total 5 packages processed... total 6 packages processed... total 7 packages processed... total 8 packages processed... DBF BACKUP MAIN...... BACKUPSET [E:\dmdbms\backup\db_jydm_bak_incr_for_encrypt_01] END, CODE [0]...... META GENERATING...... total 0 packages processed... total 9 packages processed! CMD END.CODE:[-8088],DESC:[无任何数据更新或者日志产生,无需备份] [-8088]:无任何数据更新或者日志产生,无需备份 RMAN>
2.设置跟踪日志文件
DMRMAN备份时可选择生成跟踪日志文件,跟踪日志记录了SBT接口的调用过程,用户通过查看日志可跟踪备份还原过程。
与生成跟踪日志文件相关的参数有两个,TRACE FILE和TRACE LEVEL。TRACE FILE用于指定生成的跟踪日志文件路径。与DIsql工具不同的是,DMRMAN不可在备份时指定参数生成跟踪文件,只能使用CONFIGURE命令进行事先配置。
使用CONFIGURE DEFAULT…TRACE FILE…TRACE LEVEL命令启用TRACE功能并设TRACE文件路径,以下命令生成TRACE文件到E:\dmdbms\trace目录:
RMAN> configure
configure
THE DMRMAN DEFAULT SETTING:
DEFAULT DEVICE:
MEDIA : DISK
DEFAULT TRACE :
FILE : ..\dm_SBTTRACE_202005.log
LEVEL : 1
DEFAULT BACKUP DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\backup
DEFAULT ARCHIVE DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\data\arch
time used: 37.758(ms)
RMAN> configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 2;
configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 2;
configure default trace successfully!
time used: 3.387(ms)
RMAN> configure
configure
THE DMRMAN DEFAULT SETTING:
DEFAULT DEVICE:
MEDIA : DISK
DEFAULT TRACE :
FILE : E:\dmdbms\trace\db_jydm_trace.log
LEVEL : 2
DEFAULT BACKUP DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\backup
DEFAULT ARCHIVE DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\data\arch
time used: 40.347(ms)
指定参数TRACE FILE但TRACE LEVEL值设置为1即不启用TRACE功能,会生成TRACE文件,但不会写入TRACE信息。如下所示:
RMAN> configure default trace clear;
configure default trace clear;
configure default trace clear successfully!
time used: 2.183(ms)
RMAN> configure
configure
THE DMRMAN DEFAULT SETTING:
DEFAULT DEVICE:
MEDIA : DISK
DEFAULT TRACE :
FILE :
LEVEL : 1
DEFAULT BACKUP DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\backup
DEFAULT ARCHIVE DIRECTORY:
TOTAL COUNT :1
E:\dmdbms\data\arch
time used: 46.771(ms)
RMAN> configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 1;
configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 1;
configure default trace successfully!
time used: 4.799(ms)
TRACE LEVEL值设置为2即启用TRACE功能,但若TRACE FILE没有指定,系统默认在执行码路径的log目录下生成DM_SBTTRACE_年月.log文件。
如下所示:
RMAN> configure default trace level 2; configure default trace level 2; configure default trace successfully! time used: 3.124(ms)
若TRACE FILE使用相对路径,日志文件则生成在执行码同级目录下。
为数据库脱机备份设置跟踪日志文件的操作步骤如下:
1) 保证数据库处于关闭状态。
2) 使用CONFIGURE命令配置生成跟踪日志文件。
RMAN> configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 2; configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 2; configure default trace successfully! time used: 2.705(ms)
查看E:\dmdbms\trace\db_jydm_trace.log文件即可跟踪本次备份的SBT接口调用过程。
如果指定的TRACE文件已存在,服务器不会覆盖已存在的文件而是在已有文件基础上继续记录日志。
RMAN> configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 1; configure default trace file 'E:\dmdbms\trace\db_jydm_trace.log' trace level 1; [-8086]:无效的TRACE文件[E:\dmdbms\trace\db_jydm_trace.log]