01-20-2015 02:49 AM
Hello,
I backup and restore OK for Oracle RAC with my script.
Now I need to hide password in backup script.
Current script ===================
if [ "$NB_ORA_FULL" = "1" ]
then
BACKUP_TYPE="INCREMENTAL LEVEL=0"
NB_SCHED="app-full"
elif [ "$NB_ORA_INCR" = "1" ]
then
BACKUP_TYPE="INCREMENTAL LEVEL=1"
NB_SCHED="app-diff"
elif [ "$NB_ORA_CINC" = "1" ]
then
BACKUP_TYPE="INCREMENTAL LEVEL=1 CUMULATIVE"
NB_SCHED="app-diff"
elif [ "$BACKUP_TYPE" = "" ]
then
BACKUP_TYPE="INCREMENTAL LEVEL=0"
NB_SCHED="app-full"
fi
.....
RUN {
ALLOCATE CHANNEL ch00 TYPE 'SBT_TAPE' PARMS='ENV=(NB_ORA_CLIENT=ora1-backup)' CONNECT='sys/oracle@oravn1';
ALLOCATE CHANNEL ch01 TYPE 'SBT_TAPE' PARMS='ENV=(NB_ORA_CLIENT=ora2-backup)' CONNECT='sys/oracle@oravn2';
SEND 'NB_ORA_SCHED=$SCHED_NAME,NB_ORA_POLICY=Backup-Oracle-oravn,NB_ORA_SERV=dr-backup-01';
BACKUP
AS COMPRESSED BACKUPSET
$BACKUP_TYPE
FORMAT 'bk_d%u_s%s_p%p_t%t'
DATABASE;
release ch00;
release ch01;
}
===========================================
The Oracle Administrator suggest to pre allocate channel from RMAN;
CONFIGURE CHANNEL 1 DEVICE TYPE 'SBT_TAPE' CONNECT='sys/oracle@oravn1';
CONFIGURE CHANNEL 2 DEVICE TYPE 'SBT_TAPE' CONNECT='sys/oracle@oravn2';
But we cannot pass the value of $NB_ORA_SCHED to the channel. We need this parameter to configure SLP for each schedule.
===========================================
If we use Secure External Password Store, the Oracle Administrator worry that clients will need to change the method to connect to database. This database is in production and it make impact with such change.
===========================================
Is there a way to hide password in script ?
01-20-2015 03:23 AM
Two suggestions: if OIP can backup RAC then consider using it. The credentials you enter via the gui but they are not visible. NB Would be interesting to get Symantecs input on this because I dont know if the account info IS put somewhere thats "visible".
*Ive just read a technote, Symantec recommend not using OIP for RAC*
Second suggestion possbily for your DBA is: can an encrypted passwd be used in the script? This may not prove a good solution if you can see the encrypted version and someone else picks up on it.
Jim
01-20-2015 05:11 AM
Hi,
If you create a OS user that has access (sysdba) to the datbase, then you don't need to specify the username/password.
You can just specify / as the connect string. NetBackup will SU to the user, and then connect as that user.
That's how I understand the process.
01-20-2015 06:49 PM
we already test OIP to backup RAC but not work. RAC has different database name and instance name of each node
@Rian: In the script, i need to connect to second node of RAC. Then I need to provide password for the second node.
01-20-2015 08:31 PM
That makes sense now. Forgot about the connection to the other instance.
I found this, but I don't have a RAC to test on. Don't know if it can work from within the netbackup script.
https://docs.oracle.com/cd/A97630_01/server.920/a96566/rcmcnctg.htm#445078
See the section on.
"Hiding Passwords When Connecting to Databases"
01-27-2015 12:00 AM
Hello,
If RMAN connect to Catalog I cannot hide password of Catalog in script.
I just create a case to ask. Symantec staff confirmed that script cannot hide password.
So I can conclude that If I use to backup RAC with load balanced I cannot hide the password.
I have to backup RAC from 1 node.