#DICA - Apos criar um novo pdb no OCI - ORA-28361: master key not yet set


Após a criação de um novo pdb em um ambiente Oracle database cloud service tivemos o erro abaixo ao criar uma nova tablespace.

SQL> create tablespace teste;
create tablespace teste
*
ERROR at line 1:
ORA-28361: master key not yet set


ALERTLOG
2022-03-10T08:27:35.587135-03:00
PIRA2011(5):create tablespace teste
2022-03-10T08:27:35.587301-03:00
PIRA2011(5):Force tablespace TESTE to be encrypted
PIRA2011(5):Master key not set for this container (5). Please ensure that wallet is configured and master key is set.
PIRA2011(5):ORA-28361 signalled during: create tablespace teste...
Status do wallet no PDB.

SQL> set lines 210
SQL> col WRL_PARAMETER for a45
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;
WRL_PARAMETER STATUS WALLET_TYPE
--------------------------------------------- ------------------------------ --------------------
OPEN_NO_MASTER_KEY AUTOLOGIN
SQL> SQL>



O erro ocorre pois após a criação de um novo PDB é esperado que a master key seja criada e ativada. Para a criação e ativação da master key, basta seguir os passos abaixo.

Desabilitar a opção de auto-login movendo o arquivo de wallet para um diretório de backup. Confirmar que não existam arquivos .sso no diretório do wallet.

mv /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/cwallet.sso /opt/oracle/dcs/commonstore/wallets/tde/cdbprd01_bkp

Fechar e reabrir a wallet usando a senha, no cdb.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE close;

keystore altered.

SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;

WRL_PARAMETER                                                STATUS                         WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/            CLOSED                         UNKNOWN
                                                             CLOSED                         UNKNOWN
                                                             CLOSED                         UNKNOWN
                                                             CLOSED                         UNKNOWN
                                                             CLOSED                         UNKNOWN

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "SENHA";

keystore altered.

SQL> show pdns;
SP2-0158: unknown SHOW option "pdns"
SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 PRD01                          READ WRITE NO
         4 ANS2011                        READ WRITE NO
         5 PIRA2011                       READ WRITE NO

Conectar no PDB que estava apresentando erro execute os passos abaixo.

SQL> alter session set container=PIRA2011;

Session altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY "pzlv##qZv43fED";

keystore altered.

SQL> administer key management set key identified by  "pzlv##qZv43fED" with backup;

keystore altered.

SQL>  set lines 210
col wrl_parameter for a60
SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;SQL> SQL>

WRL_PARAMETER                                                STATUS                         WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
                                                             OPEN                           PASSWORD

Apos o processo feito no PDB criado, é necessário conectar no CDB, executar o comando para ativar o auto-login e então realizar um restart da base.

No comando abaixo é passado o caminho do wallet (/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01) e a senha.

SQL> alter session set container=CDB$ROOT;

Session altered.

SQL>  administer key management create AUTO_LOGIN keystore from keystore '/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01' identified by  "SENHA;
keystore altered. SQL> shutdown immediate; Database closed. Database dismounted. ORACLE instance shut down. SQL> SQL> startup; ORACLE instance started. Total System Global Area 1.4361E+10 bytes Fixed Size 9151448 bytes Variable Size 6710886400 bytes Database Buffers 7616856064 bytes Redo Buffers 24399872 bytes Database mounted. Database opened. SQL>

Assim que o banco iniciar novamente, podemos validar que o status da wallet está open e com autologin.

SQL> set lines 210
SQL> col wrl_parameter for a60
SQL> SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;

WRL_PARAMETER                                                STATUS                         WALLET_TYPE
------------------------------------------------------------ ------------------------------ --------------------
/opt/oracle/dcs/commonstore/wallets/tde/cdbprd01/            OPEN                           AUTOLOGIN
                                                             OPEN                           AUTOLOGIN
                                                             OPEN                           AUTOLOGIN
                                                             OPEN                           AUTOLOGIN
                                                             OPEN                           AUTOLOGIN

SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 PRD01                          READ WRITE NO
         4 ANS2011                        READ WRITE NO
         5 PIRA2011                       READ WRITE NO
SQL> alter session set container=PIRA2011;

Session altered.

SQL> create tablespace teste;

Tablespace created.

SQL> drop tablespace teste;

Tablespace dropped.

Provided in [OCI-C, OCI]: Newly Created PDB Inside The Container Database Shows Wallet Error "OPEN_NO_MASTER_KEY" Note 2443398.1

OCI : Create Create Tablespace in-PDB Fails with 'ORA-28374: Typed Master Key Not Found In Wallet' (Doc ID 2496205.1)

Comentários