Oracle RMAN(Recovery Manager) – 安全性与监控

原创 xiangjingtao 2021-01-21

895

Oracle RMAN(Recovery Manager) – 安全性与监控
Eygle在DBA手记4(全称：Oracle DBA手记4：数据安全警示录)里强调了备份安全，不光我们的数据需要安全，备份也要安全。
说道安全离不开加密，RMAN同样可以加密备份，这样的备份文件即使落入他手，也提升了一定的安全性。
RMAN的加密分为3种模式：透明模式(Transparent Encryption of Backups)、口令模式(Password Encryption of Backups)和双休模式(Dual Mode Encryption of Backups)。
参考联机文档RMAN之Configuring the Backup Compression Algorithm部分
其中对三种模式的简介如下：
•Transparent Encryption of Backups
This is the default mode and uses the Oracle wallet. A wallet is a password-protected container used to store authentication and signing credentials, including private keys, certificates, and trusted certificates needed by SSL.
•Password Encryption of Backups
This mode uses only password protection. You must provide a password when creating and restoring encrypted backups.
•Dual Mode Encryption of Backups
This mode requires either the wallet or a password.
透明模式(Transparent Encryption of Backups)
RMAN默认的加密模式，需要将主密钥存放在Wallet里，Wallet的路径在sqlnet.ora里面指定。
首先创建一个Wallet目录：
[root@maa3 ~]# mkdir /u02/wallet -p
[root@maa3 ~]# chown oracle.oinstall /u02 -R
然后修改sqlnet.ora，注意，如果安装GI，那么监听和sqlnet等都是由Clustware管理，配置文件也就在GRID_HOME目录下：
[grid@maa3 ~]$ vi ORACLE_HOME/network/admin/sqlnet.ora 添加如下内容： ENCRYPTION_WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=/u01/wallet) ) ) 创建wallet并设置密码，它会在wallet里创建主密钥： SQL> alter system set encryption key identified by "oracle"; alter system set encryption key identified by "oracle" * ERROR at line 1: ORA-28368: cannot auto-create wallet – 报错了，这个错误大部分原因是找不到wallet路径 MOS ID 395252.1找到答案 The location for the ewallet.p12 file can be any of the following : ORACLE_BASE/admin/WALLET $ORACLE_BASE/admin/$ ORACLE_SID /WALET$ORACLE_BASE/admin
Comment: In a RAC system there is a difference between the Oracle database name and the ORACLE_SID, it will use the ORACLE_BASE/admin//WALLET as a default location 我就按照如上要求重新指定wallet位置： [oracle@maa3 ~] mkdir $ORACLE_BASE/admin/maa/wallet -p

[grid@maa3 ~]$ cat $ORACLE_HOME/network/admin/sqlnet.ora

sqlnet.ora Network Configuration File: /u01/app/11.2.0/grid/network/admin/sqlnet.ora# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ADR_BASE = /u01/app/grid

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/maa/wallet)))

SQL> alter system set encryption key identified by “oracle”;
System altered.-- OK，执行好了
[oracle@maa3 ~]$ ls $ORACLE_BASE/admin/maa/wallet
total 12-rw-r–r-- 1 oracle asmadmin 1573 Nov 7 20:35 ewallet.p12

将来如果实例需要使用wallet中的密钥，比如加密、解密备份集，就必须实现通过下面命令打开wallet：SQL> alter system set encryption wallet open identified by “oracle”;
System altered.
上面这条是永久生效的，而下面命令是临时打开透明模式加密功能：RMAN> set encryption on;
executing command: SET encryption

RMAN> backup tablespace l;
Starting backup at 07-NOV-2012 20:44:07using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backup setchannel ORA_DISK_1: specifying datafile(s) in backup setinput datafile file number=00005 name=+MSDATA/maa/datafile/l.266.798569345input datafile file number=00006 name=+MSDATA/maa/datafile/l.267.798570165input datafile file number=00007 name=+MSDATA/maa/datafile/l.268.798572257channel ORA_DISK_1: starting piece 1 at 07-NOV-2012 20:44:07channel ORA_DISK_1: finished piece 1 at 07-NOV-2012 20:44:08piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T204407_89nowqkx_.bkp tag=TAG20121107T204407 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01Finished backup at 07-NOV-2012 20:44:08
为了测试效果，我们手动关闭wallet：SQL> alter system set encryption wallet close identified by “oracle”;
System altered.
RMAN> startup force mount

Oracle instance started
database mounted

Total System Global Area 1252663296 bytes

Fixed Size 2227944 bytes
Variable Size 771752216 bytes
Database Buffers 469762048 bytes
Redo Buffers 8921088 bytes

然后恢复加密备份的表空间：RMAN> restore tablespace l;
Starting restore at 07-NOV-2012 20:45:36using channel ORA_DISK_1

skipping datafile 5; already restored to file +MSDATA/maa/datafile/l.266.798569345channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup setchannel ORA_DISK_1: restoring datafile 00006 to +MSDATA/maa/datafile/l.267.798570165channel ORA_DISK_1: restoring datafile 00007 to +MSDATA/maa/datafile/l.268.798572257channel ORA_DISK_1: reading from backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T204407_89nowqkx_.bkp
channel ORA_DISK_1: piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T204407_89nowqkx_.bkp tag=TAG20121107T204407
channel ORA_DISK_1: restored backup piece 1channel ORA_DISK_1: restore complete, elapsed time: 00:00:01Finished restore at 07-NOV-2012 20:59:01
打开数据库：RMAN> sql ‘alter database open’;
sql statement: alter database open
下面看一下如何指定算法：
临时方法：
RMAN> set encryption on using ‘AES256’;
永久方法：
RMAN> configure encryption for database on;
– 永久打开透明模式加密功能
RMAN> configure encryption algorithm ‘AES256’;
口令模式(Password Encryption of Backups)
口令模式是手动第一密钥加密备份集的方式，因此，它不需要打开wallet，我们打开备份集的时候只要提供正确的口令即可。
看下面示例：
首先还原上面遗留的配置：RMAN> configure encryption for database off;
old RMAN configuration parameters:CONFIGURE ENCRYPTION FOR DATABASE ON;new RMAN configuration parameters:CONFIGURE ENCRYPTION FOR DATABASE OFF;new RMAN configuration parameters are successfully stored

SQL> alter system set encryption wallet close identified by “oracle”;
System altered.
设置加密口令，然后进行备份RMAN> set encryption on identified by “luocs” only;
executing command: SET encryption

RMAN> backup tablespace l;
Starting backup at 07-NOV-2012 21:57:28allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=24 device type=DISK
channel ORA_DISK_1: starting full datafile backup setchannel ORA_DISK_1: specifying datafile(s) in backup setinput datafile file number=00005 name=+MSDATA/maa/datafile/l.266.798569345input datafile file number=00006 name=+MSDATA/maa/datafile/l.267.798570165input datafile file number=00007 name=+MSDATA/maa/datafile/l.268.798572257channel ORA_DISK_1: starting piece 1 at 07-NOV-2012 21:57:29channel ORA_DISK_1: finished piece 1 at 07-NOV-2012 21:57:30piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T215729_89nt69rz_.bkp tag=TAG20121107T215729 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01Finished backup at 07-NOV-2012 21:57:30
在我们想要restore的时候它又抛出ORA-19913错误：RMAN> restore tablespace l;
Starting restore at 07-NOV-2012 21:57:38using channel ORA_DISK_1

我们声明正确的口令：RMAN> set decryption identified by “luocs”;
executing command: SET decryption

restore就正常了。RMAN> restore tablespace l;
Starting restore at 07-NOV-2012 21:58:34using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup setchannel ORA_DISK_1: restoring datafile 00005 to +MSDATA/maa/datafile/l.266.798569345channel ORA_DISK_1: restoring datafile 00006 to +MSDATA/maa/datafile/l.267.798570165channel ORA_DISK_1: restoring datafile 00007 to +MSDATA/maa/datafile/l.268.798572257channel ORA_DISK_1: reading from backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T215729_89nt69rz_.bkp
channel ORA_DISK_1: piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T215729_89nt69rz_.bkp tag=TAG20121107T215729
channel ORA_DISK_1: restored backup piece 1channel ORA_DISK_1: restore complete, elapsed time: 00:00:01Finished restore at 07-NOV-2012 21:58:35
– 注意，这些操作需要在mount模式下进行。
双休模式(Dual Mode Encryption of Backups)
双体模式会动态地生成一个密钥，然后用wallet的主密钥和手动指定的口令分别加密该密钥，加密后的密钥及被其加密的备份集保存在一起。
还原时，只要打开wallet或者声明口令即可解密密钥，进而解密备份集。
要想使用双体模式，必须先打开wallet，然后在set encryption命令设置口令，注意，不能带ONLY关键字：
RMAN> set encryption on identified by ‘luocs’;
然后进行备份操作即可。
这些加密模式虽然提供了一定级别的安全性，但同时也增加了DBA维护的开销。
如果使用加密功能，请DBA务必维护好口令和wallet，免得出现有备份却忘了口令或者丢了wallet的尴尬局面。
备份有效性
Todd Bao在书里没有加上备份有效性验证相关内容，我在这里加上。
我们拥有损坏了的备份是毫无用处的，所以定期进行备份有效性校验也是DBA日常工作中的一项任务。
参考官方联机文档：Validating Database Files and Backups
RMAN提供三种的备份有效性校验方法：
• VALIDATE
• BACKUP … VALIDATE
• RESTORE … VALIDATE
1、VALIDATE
我们可以使用VALIDATE命令手动检测数据文件的物理和逻辑损坏，它执行效果和BACKUP VALIDATE一样，只是VALIDATE能够检测更多的对象，比如，我们可以使用VALIDATE DATAFILE … BLOCK对个别块进行校验。
看看示例：
校验1号数据文件的10号块：RMAN> VALIDATE DATAFILE 1 BLOCK 10;
Starting validate at 07-NOV-2012 22:40:15using channel ORA_DISK_1
channel ORA_DISK_1: starting validation of datafile
channel ORA_DISK_1: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857channel ORA_DISK_1: validation complete, elapsed time: 00:00:01List of Datafiles=================File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------1 OK 0 0 1 26
File Name: +MSDATA/maa/datafile/system.260.792009857 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 0
Index 0 0
Other 0 1

Finished validate at 07-NOV-2012 22:40:16
而我们使用BACKUP VALIDATE就会抛出语法错误：RMAN> BACKUP VALIDATE DATAFILE 1 BLOCK 10;
RMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-00558: error encountered while parsing input commands
RMAN-01009: syntax error: found “block”: expecting one of: "archivelog, auxiliary, backupset, backup, channel, controlfilecopy, copy, current, database, datafilecopy, datafile, db_recovery_file_dest, delete, diskratio, filesperset, force, format, from, include, keep, maxsetsize, noexclude, nokeep, not, plus, pool, recovery, reuse, section, skip readonly, skip, spfile, tablespace, tag, to, comma, (, ;"RMAN-01007: at line 1 column 28 file: standard input

检测整个数据库，这个效果和BACKUP VALIDATE DATABASE一样：RMAN> VALIDATE DATABASE;
Starting validate at 07-NOV-2012 22:58:01using channel ORA_DISK_1
channel ORA_DISK_1: starting validation of datafile
channel ORA_DISK_1: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857input datafile file number=00002 name=+MSDATA/maa/datafile/sysaux.261.792009871input datafile file number=00003 name=+MSDATA/maa/datafile/undotbs1.262.792009883input datafile file number=00004 name=+MSDATA/maa/datafile/users.264.798743713input datafile file number=00005 name=+MSDATA/maa/datafile/l.266.798569345input datafile file number=00006 name=+MSDATA/maa/datafile/l.267.798570165input datafile file number=00007 name=+MSDATA/maa/datafile/l.268.798572257channel ORA_DISK_1: validation complete, elapsed time: 00:00:25List of Datafiles=================File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------1 OK 0 48518 89600 582995
File Name: +MSDATA/maa/datafile/system.260.792009857 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 29943
Index 0 8121
Other 0 3018

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------2 OK 0 39541 76800 583118
File Name: +MSDATA/maa/datafile/sysaux.261.792009871 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 10061
Index 0 8333
Other 0 18865

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------3 OK 0 228 51840 583014
File Name: +MSDATA/maa/datafile/undotbs1.262.792009883 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 0
Index 0 0
Other 0 51612

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------4 OK 0 414 3680 514896
File Name: +MSDATA/maa/datafile/users.264.798743713 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 3063
Index 0 0
Other 0 203

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------5 OK 0 1 1281 406405
File Name: +MSDATA/maa/datafile/l.266.798569345 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 0
Index 0 0
Other 0 1279

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------6 OK 0 1 1281 407089
File Name: +MSDATA/maa/datafile/l.267.798570165 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 0
Index 0 0
Other 0 1279

File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------7 OK 0 1 1281 408639
File Name: +MSDATA/maa/datafile/l.268.798572257 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 0
Index 0 0
Other 0 1279

channel ORA_DISK_1: starting validation of datafile
channel ORA_DISK_1: specifying datafile(s) for validation
including current control file for validation
including current SPFILE in backup setchannel ORA_DISK_1: validation complete, elapsed time: 00:00:01List of Control File and SPFILE
===============================File Type Status Blocks Failing Blocks Examined------------ ------ -------------- ---------------SPFILE OK 0 2
Control File OK 0 600
Finished validate at 07-NOV-2012 22:58:28
校验备份集，我的备份里有个123号备份集：RMAN> VALIDATE BACKUPSET 123;
Starting validate at 07-NOV-2012 23:01:10using channel ORA_DISK_1
channel ORA_DISK_1: starting validation of datafile backup setchannel ORA_DISK_1: reading from backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T214004_89ns5nyr_.bkp
RMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03009: failure of validate command on ORA_DISK_1 channel at 11/07/2012 23:01:10ORA-19870: error while restoring backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T214004_89ns5nyr_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
– 这是上面遗留下的口令加密，这说明在校验的时候也会检测加密模式的。
提供正确的口令之后校验正常：RMAN> set decryption identified by “luocs”;
executing command: SET decryption

RMAN> VALIDATE BACKUPSET 123;
Starting validate at 07-NOV-2012 23:01:43using channel ORA_DISK_1
channel ORA_DISK_1: starting validation of datafile backup setchannel ORA_DISK_1: reading from backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T214004_89ns5nyr_.bkp
channel ORA_DISK_1: piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_nnndf_TAG20121107T214004_89ns5nyr_.bkp tag=TAG20121107T214004
channel ORA_DISK_1: restored backup piece 1channel ORA_DISK_1: validation complete, elapsed time: 00:00:00Finished validate at 07-NOV-2012 23:01:43
备份集校验是不支持BACKUP VALIDATE校验：RMAN> BACKUP VALIDATE BACKUPSET 123;
Starting backup at 07-NOV-2012 23:03:23using channel ORA_DISK_1
RMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03002: failure of backup command at 11/07/2012 23:03:23RMAN-06464: BACKUP BACKUPSET is not supported with VALIDATE option

当校验整个文件时候，RMAN检测每个输入文件的每个块，如果发现了讹误块，RMAN会更新VDATABASE_BLOCK_CORRUPTION。SQL> select * from VDATABASE_BLOCK_CORRUPTION;
no rows selected
– 目前没有任何讹误块
另外，我们还可以设置通道并行校验，这时候我们需要用到SECTION SIZE子句。
如下面的示例：
RMAN> run {2> allocate channel a1 device type disk;3> allocate channel a2 device type disk;4> validate datafile 1 section size 200M;5> }
released channel: ORA_DISK_1
allocated channel: a1
channel a1: SID=24 device type=DISK

allocated channel: a2
channel a2: SID=27 device type=DISK

Starting validate at 07-NOV-2012 23:06:53channel a1: starting validation of datafile
channel a1: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857validating blocks 1 through 25600channel a2: starting validation of datafile
channel a2: specifying datafile(s) for validation
including current SPFILE in backup setchannel a2: validation complete, elapsed time: 00:00:00List of Control File and SPFILE
===============================File Type Status Blocks Failing Blocks Examined------------ ------ -------------- ---------------SPFILE OK 0 2
channel a2: starting validation of datafile
channel a2: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857validating blocks 25601 through 51200channel a1: validation complete, elapsed time: 00:00:02channel a1: starting validation of datafile
channel a1: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857validating blocks 51201 through 76800channel a2: validation complete, elapsed time: 00:00:03channel a2: starting validation of datafile
channel a2: specifying datafile(s) for validation
input datafile file number=00001 name=+MSDATA/maa/datafile/system.260.792009857validating blocks 76801 through 89600channel a1: validation complete, elapsed time: 00:00:03channel a1: starting validation of datafile
channel a1: specifying datafile(s) for validation
including current control file for validation
channel a1: validation complete, elapsed time: 00:00:01List of Control File and SPFILE
===============File Type Status Blocks Failing Blocks Examined------------ ------ -------------- ---------------Control File OK 0 600
channel a2: validation complete, elapsed time: 00:00:02List of Datafiles=File Status Marked Corrupt Empty Blocks Blocks Examined High SCN
---- ------ -------------- ------------ --------------- ----------1 OK 0 48518 89597 582995
File Name: +MSDATA/maa/datafile/system.260.792009857 Block Type Blocks Failing Blocks Processed ---------- -------------- ---------------- Data 0 29943
Index 0 8121
Other 0 3015

Finished validate at 07-NOV-2012 23:07:04released channel: a1

released channel: a2
2、BACKUP … VALIDATE
我们可以使用BACKUP VALIDATE命令做如下校验：
• 校验数据文件物理和逻辑快讹误
• 确认数据库文件存在性和其正确的位置
我们不能让BACKUP VALIDATE和BACKUPSET、MAXCORRUPT、PROXY结合使用，上面已经验证，可以使用VALIDATE校验备份集(BACKUPSET)。
看下面几个示例：
校验数据库连同归档文件：RMAN> BACKUP VALIDATE DATABASE ARCHIVELOG ALL;-- 输出内容省略。
只校验归档文件，默认它校验的是物理损坏：RMAN> BACKUP VALIDATE ARCHIVELOG ALL;
Starting backup at 07-NOV-2012 23:20:12using channel ORA_DISK_1
channel ORA_DISK_1: starting archived log backup setchannel ORA_DISK_1: specifying archived log(s) in backup setinput archived log thread=1 sequence=40 RECID=6 STAMP=798639312input archived log thread=1 sequence=41 RECID=5 STAMP=798639310input archived log thread=1 sequence=42 RECID=7 STAMP=798639312input archived log thread=1 sequence=43 RECID=8 STAMP=798639313input archived log thread=1 sequence=44 RECID=9 STAMP=798675471input archived log thread=1 sequence=45 RECID=10 STAMP=798699604input archived log thread=1 sequence=46 RECID=11 STAMP=798740897input archived log thread=1 sequence=47 RECID=12 STAMP=798757448input archived log thread=1 sequence=48 RECID=13 STAMP=798758626input archived log thread=1 sequence=49 RECID=14 STAMP=798759591channel ORA_DISK_1: backup set complete, elapsed time: 00:00:00List of Archived Logs=Thrd Seq Status Blocks Failing Blocks Examined Name---- ------- ------ -------------- --------------- ---------------1 40 OK 0 77330 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_40_89k3pg9o_.arc
1 41 OK 0 6808 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_41_89k3pgbq_.arc
1 42 OK 0 2 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_42_89k3phrs_.arc
1 43 OK 0 28549 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_43_89k3pjwh_.arc
1 44 OK 0 98268 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_44_89l70g0w_.arc
1 45 OK 0 74665 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_45_89lyllpl_.arc
1 46 OK 0 28626 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_46_89n6x19y_.arc
1 47 OK 0 57432 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_47_89nq27b5_.arc
1 48 OK 0 2535 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_48_89nr727w_.arc
1 49 OK 0 146 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_49_89ns571y_.arc
Finished backup at 07-NOV-2012 23:20:13
我们可以指定CHECK LOGICAL子句：RMAN> BACKUP VALIDATE CHECK LOGICAL ARCHIVELOG ALL;
Starting backup at 07-NOV-2012 23:22:26using channel ORA_DISK_1
channel ORA_DISK_1: starting archived log backup setchannel ORA_DISK_1: specifying archived log(s) in backup setinput archived log thread=1 sequence=40 RECID=6 STAMP=798639312input archived log thread=1 sequence=41 RECID=5 STAMP=798639310input archived log thread=1 sequence=42 RECID=7 STAMP=798639312input archived log thread=1 sequence=43 RECID=8 STAMP=798639313input archived log thread=1 sequence=44 RECID=9 STAMP=798675471input archived log thread=1 sequence=45 RECID=10 STAMP=798699604input archived log thread=1 sequence=46 RECID=11 STAMP=798740897input archived log thread=1 sequence=47 RECID=12 STAMP=798757448input archived log thread=1 sequence=48 RECID=13 STAMP=798758626input archived log thread=1 sequence=49 RECID=14 STAMP=798759591channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01List of Archived Logs=Thrd Seq Status Blocks Failing Blocks Examined Name---- ------- ------ -------------- --------------- ---------------1 40 OK 0 77330 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_40_89k3pg9o_.arc
1 41 OK 0 6808 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_41_89k3pgbq_.arc
1 42 OK 0 2 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_42_89k3phrs_.arc
1 43 OK 0 28549 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_43_89k3pjwh_.arc
1 44 OK 0 98268 /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_44_89l70g0w_.arc
1 45 OK 0 74665 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_45_89lyllpl_.arc
1 46 OK 0 28626 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_46_89n6x19y_.arc
1 47 OK 0 57432 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_47_89nq27b5_.arc
1 48 OK 0 2535 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_48_89nr727w_.arc
1 49 OK 0 146 /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_49_89ns571y_.arc
Finished backup at 07-NOV-2012 23:22:27
3、RESTORE … VALIDATE
我们可以执行RESTORE … VALIDATE测试还原特定文件或一组备份文件。RMAN会选择能够使用的备份文件。
想使用此命令数据库必须mount或者open着，我们在使用RESTORE … VALIDATE的时候不需要将数据文件脱机，因为校验的时候只会读取备份文件，不影响产品的数据文件(production datafiles)。
当被校验的文件在磁盘上或者磁带上，RMAN会读取备份片或者镜像复制里所有的数据块。RMAN还可以异地备份验证。
RESTORE … VALIDAT并不是一个真正的恢复操作，它不会真正写出文件。
看下面几个示例：
验证恢复控制文件RMAN> restore controlfile validate;
Starting restore at 07-NOV-2012 23:56:27using channel ORA_DISK_1

channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_40_89k3pg9o_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_41_89k3pgbq_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_42_89k3phrs_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_43_89k3pjwh_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_06/o1_mf_1_44_89l70g0w_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_45_89lyllpl_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_46_89n6x19y_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_47_89nq27b5_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_48_89nr727w_.arc
channel ORA_DISK_1: scanning archived log /u01/recovery/MAA/archivelog/2012_11_07/o1_mf_1_49_89ns571y_.arc
Finished restore at 07-NOV-2012 23:54:39
验证恢复数据文件：RMAN> restore database all validate;-- 输出省略
其实有趣的是，我们使用"restore validate …"达到同样的效果：RMAN> restore validate controlfile;
Starting restore at 07-NOV-2012 23:52:06using channel ORA_DISK_1

channel ORA_DISK_1: starting validation of datafile backup setchannel ORA_DISK_1: reading from backup piece /u01/recovery/MAA/backupset/2012_11_07/o1_mf_ncsn1_EVERYDAY_89n8jswn_.bkp
channel ORA_DISK_1: piece handle=/u01/recovery/MAA/backupset/2012_11_07/o1_mf_ncsn1_EVERYDAY_89n8jswn_.bkp tag=EVERYDAY
channel ORA_DISK_1: restored backup piece 1channel ORA_DISK_1: validation complete, elapsed time: 00:00:00Finished restore at 07-NOV-2012 23:52:06
监控
下面开始说一下监控。
vsession_longops可以展现RMAN任务进度。RMAN任务开始执行之后，RMAN会向这个视图"insert"、"update"相应的行。在OPNAME字段中带有"aggregate"的为聚合行，该行的SID字段是RMAN主会话号(不是监控会话号，监控会话自身不会出现在vsession_longops中)，它表示RMAN命令中所有任务总的进度；其他行表示每个通道当前的子任务的进度，称为细节行，该行的SID字段是通道的会话号。
TOTALWORK字段表示该行(聚合行或细节行)的任务需要处理的工作量，
SOFAR字段表示已经完成的工作量，
UNITS字段表示工作量的单位，不同的任务单位可能会不同。
但我们会更关心细节航的SOFAR与TOTALWORK的比值随时间变化的速度。
我们通过下面的查询监控：
set line 150
col OPNAME for a50
col PROGRESS for a20
col UNITS for a20
SELECT
SID,
CASE WHEN opname LIKE ‘%aggregate%’ THEN ‘Total’ ELSE opname END opname,
TRUNC(sofar*100/totalwork,2) || ‘%’ progress,
UNITS
FROM
v$session_longops
WHERE
opname LIKE ‘RMAN%’ AND totalwork > sofar;
看下面示例：
RMAN运行备份所有数据库
RMAN> run{
allocate channel a1 device type disk;
allocate channel a2 device type disk;
allocate channel a3 device type disk;
backup as backupset database;
}
然后不断监控：
SQL> /

   SID OPNAME                                             PROGRESS             UNITS
复制

     1 Total                                              0%                   Blocks
复制

– 刚开始，通道的子任务还没分配

SQL> /
SID OPNAME PROGRESS UNITS
---------- -------------------------------------------------- -------------------- -------------------- 1 Total 0% Blocks 23 RMAN: full datafile backup 3.54% Blocks 24 RMAN: full datafile backup 34.71% Blocks-- 工作开始之后，会出现两个细节航对应的两个通道，这时候聚合行的进度一直是0%，一直到一个备份集的完成。
SQL> /

   SID OPNAME                                             PROGRESS             UNITS
复制

     1 Total                                              0%                   Blocks
    23 RMAN: full datafile backup                         46.93%               Blocks
复制

– 执行了一段时间后，SID为24号的通道小时了，说明其子任务完成了，可是聚合行的进度依然为0%

SQL> /
SID OPNAME PROGRESS UNITS
---------- -------------------------------------------------- -------------------- -------------------- 1 Total 39.57% Blocks 23 RMAN: full datafile backup 53.54% Blocks-- 再执行一段时间，聚合行的进度有了，这时候SID为23的会话还在进行。
SQL> /

   SID OPNAME                                             PROGRESS             UNITS
复制

     1 Total                                              39.57%               Blocks
复制

– 继续观察，所有通道的子任务都结束了，说明三个数据文件的备份集已经创建完毕，但还有控制文件盒参数文件的备份集需要完成，所以聚合行还没有消失

SQL> /
SID OPNAME PROGRESS UNITS
---------- -------------------------------------------------- -------------------- -------------------- 1 Total 99.99% Blocks-- 到这里可能是聚合行的延迟
SQL> /
no rows selected

– 到这里备份结束。
另外，根据Oracle官方文档，如果隔两分钟以上查询vsession_longops，若发现SOFAR没有增长，则RMAN极有可能遭遇了不健康的等待事件，此时应该观察vsession_wait，看RMAN会话在等待什么事件，根据事件的定义再查出造成RMAN停摆的根本原因。
声明：此文章大部分理论内容来自书籍《临危不惧：Oracle 11g数据库恢复技术》。

oracle

「喜欢这篇文章，您的关注和赞赏是给作者最好的鼓励」

关注作者

Oracle RMAN(Recovery Manager) – 安全性与监控

sqlnet.ora Network Configuration File: /u01/app/11.2.0/grid/network/admin/sqlnet.ora# Generated by Oracle configuration tools.

评论

相关阅读