Recently,
one of my junior colleague had a requirement to clone a production database.
While doing so he faced the following error while opening the database
|
ORA-28374:
typed master key not found in wallet |
The
Production database had TDE enabled so
it was obvious oracle will look for the wallet before opening the database.
Now this is
a situation where no tricks or workaround would work unless the correct wallet(ewallet.p12
) is provided.
Thankfully
, we have been following a practice to keep our wallet backup as part of backup
strategy. This is very critical in case TDE is enabled and should be adopted by
DBA’s .
Sharing the
shell script we are using for taking
wallet backup . This script also takes backup of sqlnet.ora which is also important.
|
#!/bin/bash #
============================================================================== # Script Name: wallet_backup.sh # Description: Backs up Oracle TDE
wallet files AND sqlnet.ora with retention. # Run as: oracle user #
============================================================================== # Load Oracle environment
variables (CRITICAL FOR CRON JOBS) . ~/.bash_profile # --- Configuration Variables --- # The active wallet location WALLET_DIR="/opt/oracle/dcs/commonstore/wallets/prddb_dsmc19c/tde" # Location of sqlnet.ora (Uses the
standard ORACLE_HOME network path) SQLNET_FILE="$ORACLE_HOME/network/admin/sqlnet.ora" # The destination for the backups BACKUP_DEST="/u01/backup/wallet_bkp" # How many days to keep old
backups RETENTION_DAYS=30 # Generate a timestamp for the
filenames (Format: YYYYMMDD_HHMMSS) TIMESTAMP=$(date
+"%Y%m%d_%H%M%S") LOG_FILE="${BACKUP_DEST}/wallet_backup_${TIMESTAMP}.log" # --- Pre-flight Checks --- # Ensure destination directory
exists mkdir -p "$BACKUP_DEST" echo
"==================================================" | tee -a
"$LOG_FILE" echo " Starting TDE Wallet
& Config Backup at $(date)" | tee -a "$LOG_FILE" echo " Destination:
$BACKUP_DEST" | tee -a "$LOG_FILE" echo
"==================================================" | tee -a
"$LOG_FILE" # --- Backup Execution --- echo "Copying files..."
| tee -a "$LOG_FILE" # 1. Backup ewallet.p12 if [ -f
"${WALLET_DIR}/ewallet.p12" ]; then
cp -p "${WALLET_DIR}/ewallet.p12"
"${BACKUP_DEST}/ewallet_${TIMESTAMP}.p12"
echo " -> SUCCESS: ewallet.p12 backed up." | tee -a
"$LOG_FILE" else
echo " -> WARNING: ewallet.p12 NOT FOUND in $WALLET_DIR."
| tee -a "$LOG_FILE" fi # 2. Backup cwallet.sso if [ -f
"${WALLET_DIR}/cwallet.sso" ]; then
cp -p "${WALLET_DIR}/cwallet.sso"
"${BACKUP_DEST}/cwallet_${TIMESTAMP}.sso"
echo " -> SUCCESS: cwallet.sso backed up." | tee -a
"$LOG_FILE" else
echo " -> WARNING: cwallet.sso NOT FOUND in $WALLET_DIR."
| tee -a "$LOG_FILE" fi # 3. Backup sqlnet.ora if [ -f "$SQLNET_FILE"
]; then
cp -p "$SQLNET_FILE"
"${BACKUP_DEST}/sqlnet_${TIMESTAMP}.ora"
echo " -> SUCCESS: sqlnet.ora backed up." | tee -a
"$LOG_FILE" else
echo " -> WARNING: sqlnet.ora NOT FOUND at $SQLNET_FILE."
| tee -a "$LOG_FILE" fi # --- Housekeeping (Retention
Policy) --- echo "Cleaning up backups
older than $RETENTION_DAYS days..." | tee -a "$LOG_FILE" find "$BACKUP_DEST"
-name "ewallet_*.p12" -type f -mtime +$RETENTION_DAYS -exec rm -f
{} \; find "$BACKUP_DEST"
-name "cwallet_*.sso" -type f -mtime +$RETENTION_DAYS -exec rm -f
{} \; find "$BACKUP_DEST"
-name "sqlnet_*.ora" -type f -mtime +$RETENTION_DAYS -exec rm -f {}
\; find "$BACKUP_DEST"
-name "wallet_backup_*.log" -type f -mtime +$RETENTION_DAYS -exec
rm -f {} \; echo "Cleanup complete."
| tee -a "$LOG_FILE" echo "Backup process finished
at $(date)" | tee -a "$LOG_FILE" echo
"==================================================" | tee -a
"$LOG_FILE" |
Automate
the script via cronjob
|
[oracle@prddb
~]$ crontab -e 0 1 * * *
/u01/backup/scripts/wallet_backup.sh |
