Após a criação de um novo pdb em um ambiente Oracle database cloud service tivemos o erro abaixo ao criar uma nova tablespace.
SQL> create tablespace teste;
create tablespace teste
*
ERROR at line 1:
ORA-28361: master key not yet set
ALERTLOG
2022-03-10T08:27:35.587135-03:00
PIRA2011(5):create tablespace teste
2022-03-10T08:27:35.587301-03:00
PIRA2011(5):Force tablespace TESTE to be encrypted
PIRA2011(5):Master key not set for this container (5). Please ensure that wallet is configured and master key is set.
PIRA2011(5):ORA-28361 signalled during: create tablespace teste...
Status do wallet no PDB.
SQL> set lines 210
SQL> col WRL_PARAMETER for a45
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
--------------------------------------------- ------------------------------ --------------------
OPEN_NO_MASTER_KEY AUTOLOGIN
SQL> SQL>
O erro ocorre pois após a criação de um novo PDB é esperado que a master key seja criada e ativada. Para a criação e ativação da master key, basta seguir os passos abaixo.
Desabilitar a opção de auto-login movendo o arquivo de wallet para um diretório de backup. Confirmar que não existam arquivos .sso no diretório do wallet.
mv /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/cwallet.sso /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01_bkp
Fechar e reabrir a wallet usando a senha, no cdb.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE close;
keystore altered.
SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/ CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
CLOSED UNKNOWN
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "SENHA";
keystore altered.
SQL> show pdns;
SP2-0158: unknown SHOW option "pdns"
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PRD01 READ WRITE NO
4 ANS2011 READ WRITE NO
5 PIRA2011 READ WRITE NOConectar no PDB que estava apresentando erro execute os passos abaixo.
SQL> alter session set container=PIRA2011;
Session altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "pzlv##qZv43fED";
keystore altered.
SQL> administer key management set key identified by "pzlv##qZv43fED" with backup;
keystore altered.
SQL> set lines 210
col wrl_parameter for a60
SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;SQL> SQL>
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
OPEN PASSWORDApos o processo feito no PDB criado, é necessário conectar no CDB, executar o comando para ativar o auto-login e então realizar um restart da base.
No comando abaixo é passado o caminho do wallet (/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01) e a senha.
SQL> alter session set container=CDB$ROOT;
Session altered.
SQL> administer key management create AUTO_LOGIN keystore from keystore '/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01' identified by "SENHA;
keystore altered.
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL>
SQL> startup;
ORACLE instance started.
Total System Global Area 1.4361E+10 bytes
Fixed Size 9151448 bytes
Variable Size 6710886400 bytes
Database Buffers 7616856064 bytes
Redo Buffers 24399872 bytes
Database mounted.
Database opened.
SQL>
Assim que o banco iniciar novamente, podemos validar que o status da wallet está open e com autologin.
SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/ OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
OPEN AUTOLOGIN
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PRD01 READ WRITE NO
4 ANS2011 READ WRITE NO
5 PIRA2011 READ WRITE NO
SQL> alter session set container=PIRA2011;
Session altered.
SQL> create tablespace teste;
Tablespace created.
SQL> drop tablespace teste;
Tablespace dropped.
Provided in [OCI-C, OCI]: Newly Created PDB Inside The Container Database Shows Wallet Error "OPEN_NO_MASTER_KEY" Note 2443398.1
OCI : Create Create Tablespace in-PDB Fails with 'ORA-28374: Typed Master Key Not Found In Wallet' (Doc ID 2496205.1)
