1.Exploring CDB Architecture and Structures.

Tasks:

1.1 Check if the database is a multitenant container database.

SQL> SELECT name, cdb, con_id FROM v$database;

NAME CDB CON_ID
-------------------- --- ------
ORCL YES 0
SQL>

Check the instance name.

SQL> SELECT instance_name, status, con_id FROM v$instance;
INSTANCE_NAME STATUS CON_ID
---------------- ------------ ------
ORCL OPEN 0
SQL> EXIT

List the services automatically created for each container.

$ sqlplus / AS SYSDBA
SQL> SELECT name, con_id FROM v$services;

1.2 Display the pluggable databases.

SQL> SELECT con_id, name, open_mode FROM v$pdbs;

Use the new commands SHOW CON_NAME and CON_ID to know which container you
are connected to.
SQL> SHOW con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> SHOW con_id
CON_ID
------------------------------
1
SQL>
1.3 View some of the family of view CDB_xxx:

SQL> SELECT pdb_id, pdb_name, dbid, con_id FROM cdb_pdbs;

PDB_ID PDB_NAME DBID CON_ID
------ -------- ---------- ------
3 PDB1 3637697889 3
2 PDB$SEED 814247809 2

Check all the files of the CDB.

a. View the redo log files of the CDB.
SQL> COL member format A45
SQL> SELECT group#, con_id, member FROM v$logfile;
GROUP# CON_ID MEMBER
---------- ------ ----------------------------------------
4 0 /u04/app/oracle/redo/ORCL/redo01.log
5 0 /u04/app/oracle/redo/ORCL/redo02.log
6 0 /u04/app/oracle/redo/ORCL/redo03.log

1.4 View the control files of the CDB.

SQL> COL name FORMAT A55

SQL> SELECT name, con_id FROM v$controlfile;
NAME CON_ID
------------------------------------------------------- ------
/u02/app/oracle/oradata/ORCL/control01.ctl 0
/u03/app/oracle/fast_recovery_area/ORCL/control02.ctl 0
SQL>

With the CDB_DATA_FILES view:

SQL> COL file_name FORMAT A55
SQL> SET linesize 100
SQL> SELECT file_name, tablespace_name, con_id CID
FROM cdb_data_files ORDER BY con_id;
FILE_NAME TABLESPA CID
----------------------------------------------- -------- -----
/u02/app/oracle/oradata/ORCL/system01.dbf SYSTEM 1
/u02/app/oracle/oradata/ORCL/users01.dbf USERS 1
/u02/app/oracle/oradata/ORCL/undotbs01.dbf UNDOTBS1 1
/u02/app/oracle/oradata/ORCL/sysaux01.dbf SYSAUX 1
/u02/app/oracle/oradata/ORCL/PDB1/system01.dbf SYSTEM 3
/u02/app/oracle/oradata/ORCL/PDB1/users01.dbf USERS 3
/u02/app/oracle/oradata/ORCL/PDB1/undotbs01.dbf UNDOTBS1 3
/u02/app/oracle/oradata/ORCL/PDB1/sysaux01.dbf SYSAUX 3
8 rows selected.
SQL>
Now use the V$TABLESPACE and V$DATAFILE views.
SQL> COL name FORMAT A12
SQL> SELECT file#, ts.name, ts.ts#, ts.con_id
FROM v$datafile d, v$tablespace ts
WHERE d.ts# = ts.ts#
AND d.con_id = ts.con_id
ORDER BY 4,3;
FILE# NAME TS# CON_ID
---------- ------------ ---------- ------
1 SYSTEM 0 1
3 SYSAUX 1 1
4 UNDOTBS1 2 1
7 USERS 4 1
5 SYSTEM 0 2
6 SYSAUX 1 2
8 UNDOTBS1 2 2
9 SYSTEM 0 3
10 SYSAUX 1 3
11 UNDOTBS1 2 3
12 USERS 5 3
11 rows selected.
SQL>

===========================

Verify that the SYSTEM user is created.

SQL> SELECT username, common, con_id FROM cdb_users
WHERE username ='SYSTEM';
USERNAME COM CON_ID
---------------------- --- ------
SYSTEM YES 3
SYSTEM YES 1

==============================

2. Creating a New CDB

1.Create the CDB by using DBCA in silent mode
==================================

export ORACLE_HOME=/u01/app/oracle/product/19.1.0/dbhome_1
export ORACLE_SID=cdb19
PATH=$ORACLE_HOME/bin:$PATH; export PATH
cd /home/oracle/labs/admin

mkdir -p /u04/app/oracle/redo/CDB19

$ORACLE_HOME/bin/dbca -silent -createDatabase -templateName

General_Purpose.dbc -gdbname cdb19 -sid cdb19 -
createAsContainerDatabase true -numberOfPDBs 0 -
useLocalUndoForPDBs true -responseFile NO_VALUE -characterSet
AL32UTF8 -totalMemory 1800 -sysPassword Welcome_1 -
systemPassword Welcome_1 -emConfiguration DBEXPRESS -
dbsnmpPassword Welcome_1 -emExpressPort 5502 -enableArchive true
-recoveryAreaDestination /u03/app/oracle/fast_recovery_area -
recoveryAreaSize 15000 -datafileDestination
/u02/app/oracle/oradata

Note: please change directories according to your availability.

2.create redo logs on CDB

====================

Alter system set local_listener='' scope=both;

ALTER DATABASE ADD LOGFILE GROUP 4
'/u04/app/oracle/redo/CDB19/redo01.log' size 50M;
ALTER DATABASE ADD LOGFILE GROUP 5
'/u04/app/oracle/redo/CDB19/redo02.log' size 50M;
ALTER DATABASE ADD LOGFILE GROUP 6
'/u04/app/oracle/redo/CDB19/redo03.log' size 50M;
ALTER SYSTEM SWITCH LOGFILE;
ALTER SYSTEM SWITCH LOGFILE;

=============
3. Verify that the characteristics of the database are satisfied.
======================
a. Check that the CDB is a CDB.
$ . oraenv
ORACLE_SID = [ORCL] ? cdb19
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> SELECT cdb FROM v$database;
CDB
---
YES
SQL>
b. Check that the data files are located in the /u02/app/oracle/oradata/cdb19
directory.
SQL> COL name FORMAT A58
SQL> SELECT name FROM v$datafile ORDER BY 1;
NAME
----------------------------------------------------------
/u02/app/oracle/oradata/CDB19/pdbseed/sysaux01.dbf
/u02/app/oracle/oradata/CDB19/pdbseed/system01.dbf

c. Verify that the permanent tablespaces USERS and UNDO tablespaces are created and
that there is the TEMP temporary tablespace.
SQL> SELECT tablespace_name, contents FROM dba_tablespaces;
TABLESPA CONTENTS
-------- ---------------------
SYSTEM PERMANENT
SYSAUX PERMANENT
UNDOTBS1 UNDO
TEMP TEMPORARY
USERS PERMANENT

3.Creating a New PDB:

Tasks
1. Create a directory for the pdb19 data files.
$ mkdir –p /u02/app/oracle/oradata/CDB19/pdb19
$
2. Run SQL*Plus and connect to the CDB root with a user with the CREATE PLUGGABLE
DATABASE privilege.
$ . oraenv
ORACLE_SID = [ORCL] ? cdb19
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> CREATE PLUGGABLE DATABASE pdb19
ADMIN USER pdb19_admin IDENTIFIED BY password
ROLES=(CONNECT)
CREATE_FILE_DEST='/u02/app/oracle/oradata/CDB19/pdb19';
234
Pluggable database created.
SQL>

3. Observe the status of the PDB.

SQL> Col pdb_name format A10
SQL> SELECT pdb_id, pdb_name, status FROM cdb_pdbs;
PDB_ID PDB_NAME STATUS
------ -------- ----------
2 PDB$SEED NORMAL
3 PDB19 NEW
SQL>
4. Open the PDB.
SQL> ALTER PLUGGABLE DATABASE pdb19 OPEN;
Pluggable database altered.
SQL> SELECT pdb_id, pdb_name, status FROM cdb_pdbs;
PDB_ID PDB_NAME STATUS
------ -------- ----------
2 PDB$SEED NORMAL
3 PDB19 NORMAL
SQL>
5. Connect to the PDB (the net service name has been pre-created for you in
tnsnames.ora) and check that the data files are in the expected location.
SQL> CONNECT system@pdb19
Enter password:
Connected.
SQL>
SQL> COL name FORMAT A78
SQL> SELECT name FROM v$datafile;
NAME
--------------------------------------------------------------
/u02/app/oracle/oradata/CDB19/pdb19/CDB19/4559EDF875437DA7E053C5
10ED0A0616/datafile/o1_mf_system_d6wlq27z_.dbf
/u02/app/oracle/oradata/CDB19/pdb19/CDB19/4559EDF875437DA7E053C5
10ED0A0616/datafile/o1_mf_sysaux_d6wlq290_.dbf
/u02/app/oracle/oradata/CDB19/pdb19/CDB19/4559EDF875437DA7E053C5
10ED0A0616/datafile/o1_mf_undotbs1_d6wlq291_.dbf

6. Check that the service is pdb19.

SQL> SELECT name FROM v$services;
NAME
--------------------
pdb19
SQL> EXIT

7. Let’s explore the ADR (Automatic Diagnostic Repository) for the CDB and PDBs.
a. Check the alert_cdb19.log file of the CDB instance.
$ cd $ORACLE_BASE/diag/rdbms/cdb19/cdb19/trace
$ tail -20 alert_cdb19.log
PDB19(4):Deleting old file#8 from file$

Observe that all operations related to PDBs in the CDB are reported in the single
alert_cdb19.log file of the CDB instance.
b. Find the CREATE PLUGGABLE DATABASE and ALTER PLUGGABLE DATABASE
operations in the alert.log.
$ grep -i "create pluggable database" alert_cdb19.log
CREATE PLUGGABLE DATABASE PDB$SEED AS CLONE USING
'/u01/app/oracle/product/19.1.0/dbhome_1/assistants/dbca/templat
es/pdbseed.xml' source_file_name_convert =
('/oradata/SEEDDATA/pdbseed/system01.dbf','/u02/app/oracle/orada
ta/CDB19/pdbseed/system01.dbf',
Completed: CREATE PLUGGABLE DATABASE

4.Relocating PDBs
1.verify that the source remote CDB is configured to use local UNDO.
$ . oraenv
ORACLE_SID = [cdb19] ? ORCL
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> SELECT property_name, property_value
FROM database_properties
WHERE property_name = 'LOCAL_UNDO_ENABLED';
23
PROPERTY_NAME PROPERTY_VALUE
------------------ --------------
LOCAL_UNDO_ENABLED TRUE
SQL> CONNECT test@PDB1
Enter password:
Connected.
SQL> SELECT LABEL, COUNT(*) FROM test.bigtab GROUP BY label;
LABEL COUNT(*)
------------------------------ ----------
DATA FROM test.bigtab 10000
SQL>

2.relocate pdb1 from ORCL into cdb19 as PDB_RELOCATED

create the database link to access cdb19.

SQL> CONNECT / AS SYSDBA
Connected.
SQL> DROP PUBLIC DATABASE LINK link_cdb19;
DROP PUBLIC DATABASE LINK link_CDB19
*
ERROR at line 1:
ORA-02024: database link not found
SQL> CREATE PUBLIC DATABASE LINK link_cdb19
CONNECT TO system IDENTIFIED BY password
USING 'cdb19';
23
Database link created.
SQL>

create the database link to access pdb1 in ORCL.

$ . oraenv
ORACLE_SID = [ORCL] ? cdb19
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> DROP PUBLIC DATABASE LINK link_ORCL;
DROP PUBLIC DATABASE LINK link_ORCL
*
ERROR at line 1:
ORA-02024: database link not found
SQL> CREATE PUBLIC DATABASE LINK link_ORCL
CONNECT TO system IDENTIFIED BY password
USING 'ORCL';
23
Database link created.
SQL>

3. Relocate pdb1. Display the status of the new PDB.

SQL> !mkdir /u02/app/oracle/oradata/CDB19/pdb_relocated
SQL> ALTER SESSION SET db_create_file_dest =
‘/u02/app/oracle/oradata/CDB19/pdb_relocated';

SQL> CREATE PLUGGABLE DATABASE pdb_relocated

FROM pdb1@link_ORCL RELOCATE;

===========================================

5.Querying Data Across CDBs by Using Proxy PDBs

1.CREATE PLUGGABLE DATABASE pdb1 AS PROXY FROM

pdb1@pdb1_link;
6.Dropping Unnecessary PDBs

1.close pluggable database.

2.drop pdb:
SQL> DROP PLUGGABLE DATABASE doodles INCLUDING DATAFILES;
Pluggable database dropped.

7.Starting Up and Shutting Down a CDB

Shut down the CDB.

SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> EXIT
$

SQL> STARTUP
ORACLE instance started.
Total System Global Area 4697620480 bytes
Fixed Size 2923760 bytes
Variable Size 989856528 bytes
Database Buffers 3690987520 bytes
Redo Buffers 13852672 bytes
Database mounted.
Database opened.

SQL> ALTER PLUGGABLE DATABASE ALL OPEN;

Pluggable database altered.
SQL> SELECT con_id, name, open_mode FROM v$pdbs;
Show pdbs
CON_ID NAME OPEN_MODE
------ --------------- ----------
2 PDB$SEED READ ONLY
3 PDB1 READ WRITE
4 TOYS_ROOT READ WRITE
5 ROBOTS READ WRITE
6 DOLLS READ WRITE
SQL>

Opening and Closing PDBs

=========
SQL> ALTER PLUGGABLE DATABASE operations OPEN;
Pluggable database altered.
SQL> ALTER PLUGGABLE DATABASE hr_root CLOSE;
Pluggable database altered.

8.Setting Parameter Values for PDBs

====================
Not all instance parameters are modifiable at the PDB level. A modifiable one,
OPTIMIZER_USE_SQL_PLAN_BASELINES, has been chosen for the example so as to
show how instance parameters behave at PDB and CDB level

$ . oraenv
ORACLE_SID = [ORCL] ? ORCL
The Oracle base has been set to /u01/app/oracle
$ sqlplus / AS SYSDBA
Connected.
SQL> SELECT ispdb_modifiable FROM v$parameter
WHERE name = 'optimizer_use_sql_plan_baselines';
2
ISPDB
-----
TRUE

Check the current value of instance parameter OPTIMIZER_USE_SQL_PLAN_BASELINES.

SQL> SHOW PARAMETER optimizer_use_sql_plan_baselines
NAME TYPE VALUE
------------------------------------ ----------- ---------
optimizer_use_sql_plan_baselines boolean TRUE
SQL>

Connect to pdb1 in ORCL and check the current value of the same instance parameter
OPTIMIZER_USE_SQL_PLAN_BASELINES.
SQL> CONNECT sys@pdb1 AS SYSDBA
Enter password:
Connected.
SQL> SHOW PARAMETER optimizer_use_sql_plan_baselines
NAME TYPE VALUE
------------------------------------ ----------- ---------
optimizer_use_sql_plan_baselines boolean TRUE

Change the instance parameter value to FALSE in pdb1.

SQL> ALTER SYSTEM SET optimizer_use_sql_plan_baselines=FALSE
SCOPE=BOTH;
System altered.
SQL>
SQL> SHOW PARAMETER optimizer_use_sql_plan_baselines
NAME TYPE VALUE
------------------------------------ ----------- ---------
optimizer_use_sql_plan_baselines boolean FALSE
SQL>

9.Storage:
========

View permanent and temporary tablespaces properties in ORCL.

$ . oraenv
ORACLE_SID = [CDB18] ? ORCL
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> SELECT property_name, property_value
FROM database_properties
WHERE property_name LIKE 'DEFAULT_%TABLE%';
23
PROPERTY_NAME PROPERTY_VALUE
---------------------------- --------------
DEFAULT_PERMANENT_TABLESPACE USERS
DEFAULT_TEMP_TABLESPACE TEMP
SQL> SELECT tablespace_name, CON_ID from CDB_TABLESPACES;
TABLESPACE_NAME CON_ID
--------------- ------
SYSTEM 1
SYSAUX 1
UNDOTBS1 1
TEMP 1

Create a permanent tablespace CDATA in the CDB root.

SQL> CREATE TABLESPACE CDATA
DATAFILE '/u02/app/oracle/oradata/ORCL/cdata_01.dbf'
SIZE 10M;
23
Tablespace created.
SQL> SELECT tablespace_name, CON_ID from CDB_TABLESPACES
WHERE TABLESPACE_NAME = 'CDATA';
2
TABLESPACE_NAME CON_ID
--------------- ------
CDATA 1
SQL>

Make the CDATA tablespace the default tablespace in the root container.
SQL> ALTER DATABASE DEFAULT TABLESPACE CDATA;
Database altered.

Create a permanent tablespace, ldata, in pdb1.

SQL> CONNECT system@PDB1
Enter password:
Connected.
SQL> CREATE TABLESPACE ldata DATAFILE
'/u02/app/oracle/oradata/ORCL/pdb1/ldata_01.dbf'
SIZE 10M;
23
Tablespace created.
SQL>

Make the ldata tablespace the default tablespace in the pdb1 container.
SQL> ALTER PLUGGABLE DATABASE DEFAULT TABLESPACE ldata;
Pluggable database altered.
SQL> SELECT property_name, property_value
FROM database_properties
WHERE property_name LIKE 'DEFAULT_%TABLE%';
23
PROPERTY_NAME PROPERTY_VALUE
---------------------------- --------------
DEFAULT_PERMANENT_TABLESPACE LDATA
DEFAULT_TEMP_TABLESPACE TEMP
SQL>

Managing UNDO Tablespaces

=====================

Display the UNDO tablespaces used in the CDB.

SQL> CONNECT system
Enter password:
Connected.
SQL> SELECT file#, ts.name, ts.ts#, ts.con_id
FROM v$datafile d, v$tablespace ts
WHERE d.ts#=ts.ts#
AND d.con_id=ts.con_id
AND ts.name like 'UNDO%';
2345
FILE# NAME TS# CON_ID
---------- --------------- ---------- ------
4 UNDOTBS1 2 1
8 UNDOTBS1 2 2
159 UNDOTBS1 2 5
164 UNDOTBS1 2 3
SQL>

Verify that the UNDO mode is local.

SQL> SELECT property_name, property_value
FROM database_properties
WHERE property_name = 'LOCAL_UNDO_ENABLED';
23
PROPERTY_NAME PROPERTY_VALUE
------------------ --------------
LOCAL_UNDO_ENABLED TRUE
SQL>

Create a user-defined UNDO tablespace undopdb1 for pdb1 PLUGGABLE DATABASE.

SQL> CONNECT system@PDB1
Enter password:
Connected.
SQL> CREATE UNDO TABLESPACE undopdb1;
Tablespace created.

Set undopdb1 as the new DEFAULT UNDO TABLESPACE for pdb1, drop the old UNDO
TABLESPACE UNDOTBS1, and validate the result.
SQL> ALTER SYSTEM SET undo_tablespace='undopdb1' SCOPE=BOTH;
System altered.
SQL> DROP TABLESPACE UNDOTBS1;
Tablespace dropped.
SQL> SELECT file#, ts.name, ts.ts#, ts.con_id
FROM v$datafile d, v$tablespace ts
WHERE d.ts#=ts.ts#
AND d.con_id=ts.con_id
AND ts.name like 'UNDO%';
2345
FILE# NAME TS# CON_ID
---------- --------------- ---------- ------
63 UNDOPDB1 8 4
SQL> EXIT

====================

10. Security
=================

1.View all common and local users in ORCL.

$ . oraenv
ORACLE_SID = [ORCL] ? ORCL
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> SELECT username, common, con_id FROM cdb_users;
USERNAME COMMON CON_ID
------------------------ ------ ------
SYS YES 1
SYSTEM YES 1

SQL> SELECT username, common, con_id FROM cdb_users

WHERE username = 'SYSTEM';
2
USERNAME COMMON CON_ID
------------------------ ------ ------
SYSTEM YES 1
SYSTEM YES 3
SQL> SELECT distinct username FROM cdb_users
WHERE common=‘YES';

4. Create a common user c##_user.

SQL> CREATE USER c##_user IDENTIFIED BY password
CONTAINER=ALL;
2
User created.
SQL>
5. View the new common user C##_user.
SQL> SELECT distinct username, con_id FROM cdb_users
WHERE username='C##_USER';
2
USERNAME CON_ID
------------------------ ------
C##_USER 1
C##_USER 3
SQL>
Notice that the common user exists in each container.
6. Grant CREATE SESSION as a common privilege.
SQL> GRANT CREATE SESSION TO c##_user CONTAINER=ALL;
Grant succeeded.
SQL>
7. Connect to the CDB root and pdb1 as c##_user.
SQL> CONNECT c##_user@PDB1
Enter password:
Connected.
SQL> CONNECT c##_user@ORCL
Enter password:
Connected.
SQL>

================

11.Managing PDB Lockdown Profiles

============================
Create lockdown profile at the CDB level.
a. Create CDB_prof1 lockdown profile in the CDB root and define lockdown rules.
$ . oraenv
ORACLE_SID = [ORCL] ? ORCL
The Oracle base remains unchanged with value /u01/app/oracle
$ sqlplus / AS SYSDBA
SQL> CREATE LOCKDOWN PROFILE CDB_prof1;
Lockdown Profile created.
SQL> ALTER LOCKDOWN PROFILE CDB_prof1
DISABLE STATEMENT = ('alter system');
2
Lockdown Profile altered.
SQL> ALTER LOCKDOWN PROFILE CDB_prof1
ENABLE STATEMENT = ('alter system')
CLAUSE = ('set');
23
Lockdown Profile altered.

Verify the existence of lockdown profiles.

SQL> COL profile_name FORMAT A15
SQL> COL rule FORMAT A15
SQL> COL clause FORMAT A20
SQL> SELECT profile_name, rule, clause, status
FROM cdb_lockdown_profiles;

Observe lockdown profile behavior in pdb1 when the CDB root lockdown profile is set.
a. Set the CDB_prof1 lockdown profile in the CDB root.
SQL> SHOW PARAMETER pdb_lockdown
NAME TYPE VALUE
----------------------------- ----------- --------------------
pdb_lockdown string
SQL> ALTER SYSTEM SET pdb_lockdown = CDB_prof1 SCOPE = BOTH;
System altered.
SQL> SHOW PARAMETER pdb_lockdown
NAME TYPE VALUE
----------------------------- ----------- --------------------
pdb_lockdown string CDB_PROF1
SQL>
b. Observe how the pdb1 PDB inherits the restrictions of the CDB root lockdown

Observe how the pdb1 PDB inherits the restrictions of the CDB root lockdown profile.
SQL> CONNECT sys@PDB1 AS SYSDBA
Enter password:
Connected.
SQL> SHOW PARAMETER pdb_lockdown
NAME TYPE VALUE
----------------------------- ----------- --------------------
pdb_lockdown string CDB_PROF1
SQL> ALTER SYSTEM SET ddl_lock_timeout=30 SCOPE = BOTH;
System altered.

SQL> ALTER SYSTEM flush shared_pool;

ALTER SYSTEM flush shared_pool

*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> ALTER SYSTEM CHECKPOINT;
ALTER SYSTEM CHECKPOINT
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL>

Clean up lockdown profiles.

CONNECT / AS SYSDBA
Connected.
SQL> ALTER SYSTEM SET pdb_lockdown = '' SCOPE = BOTH;
System altered.
SQL> DROP LOCKDOWN PROFILE CDB_prof1;
Lockdown Profile dropped.
SQL> exit

===================
Managing PDB Keystores
===================

Configure the wallet root location and restart the database instance.

SQL> SHOW PARAMETER wallet

NAME TYPE VALUE
------------------------------ -------- ---------------------
ssl_wallet string
wallet_root string

SQL> ALTER SYSTEM SET

wallet_root = '/u01/app/oracle/admin/ORCL/tde_keystore'
SCOPE=SPFILE;
SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted

Configure the default keystore type for any future isolated PDB. In our case, the
isolated keystores will be stored as OS files.
SQL> ALTER SYSTEM SET tde_configuration =
'KEYSTORE_CONFIGURATION=FILE'
SCOPE=BOTH;
23
System altered.
SQL>

SQL> SELECT wrl_parameter, status, keystore_mode

FROM v$encryption_wallet;
2
WRL_PARAMETER STATUS
KEYSTORE
-------------------------------------------- -------------- ----
----
/u01/app/oracle/admin/ORCL/tde_keystore/tde/ NOT_AVAILABLE NONE

Create the CDB root keystore with its own password.

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY
password;
keystore altered.
SQL>

SQL> SELECT wrl_parameter, status, keystore_mode

FROM v$encryption_wallet;
2
WRL_PARAMETER STATUS
KEYSTORE
-------------------------------------------- -------------- ----
----
/u01/app/oracle/admin/ORCL/tde_keystore/tde/ CLOSED NONE
CLOSED
UNITED
CLOSED
UNIT

Open the CDB root keystore.

SQL> ADMINISTER KEY MANAGEMENT
SET KEYSTORE OPEN IDENTIFIED BY password
CONTAINER=ALL;

SQL> SELECT con_id, wrl_parameter, status, keystore_mode

FROM v$encryption_wallet;
2
CON_ID WRL_PARAMETER STATUS KEYSTORE
------ -------------------------------------- ------- --------
1 /u01/app/oracle/admin/ORCL/tde_keystor OPEN_NO NONE
e/tde/ _MASTER
_KEY
2 OPEN_NO UNITED
_MASTER
_KEY
3 OPEN_NO UNITED
_MASTER
_KEY

SQL> ADMINISTER KEY MANAGEMENT

SET KEY IDENTIFIED BY password WITH BACKUP
CONTAINER=ALL;
23
keystore altered.
SQL>

Set the key in pdb1.

SQL> CONNECT sys@PDB1 AS SYSDBA
Enter password:
Connected.
SQL> ADMINISTER KEY MANAGEMENT
SET KEY IDENTIFIED BY password WITH BACKUP;
2
keystore altered.
SQL>

==============================

Unplugging and Plugging Encrypted PDBs

=========================

$ sqlplus sys@PDB1 AS SYSDBA

Enter password:
Connected.
SQL> SELECT key_id, activating_pdbname, p.name
FROM v$encryption_keys e, v$pdbs p
WHERE e.con_id = p.con_id;
23
KEY_ID
----------------------------------------------------
ACTIVATING_PDBNAME NAME
------------------ --------------------
AXdh6AH4T0/rv7kpUe+KsHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
PDB1 PDB1
SQL>

Unplug and drop pdb1.

SQL> CONNECT / AS SYSDBA
Connected.
SQL> ALTER PLUGGABLE DATABASE pdb1 CLOSE;
Pluggable database altered.
SQL> ALTER PLUGGABLE DATABASE pdb1
UNPLUG INTO '/tmp/PDB1.xml' ENCRYPT USING pass_plug;
Pluggable database altered.
SQL>

SQL> DROP PLUGGABLE DATABASE pdb1 KEEP DATAFILES;

Pluggable database dropped.
SQL> EXIT

SQL> CREATE PLUGGABLE DATABASE pdb_encrypt

USING '/tmp/PDB1.xml' NOCOPY
KEYSTORE IDENTIFIED BY password
DECRYPT USING pass_plug;
234
Pluggable database created.
SQL> ALTER PLUGGABLE DATABASE pdb_encrypt OPEN;
Pluggable database created.

=======================================

Backup and Duplicate

====================

RMAN> BACKUP DATABASE PLUS ARCHIVELOG

RMAN PDB Backup

=======
BACKUP PLUGGABLE DATABASE pdb1;

Duplicating a PDB into an Existing CDB

================
rman
RMAN> CONNECT TARGET sys@ORCL
target database Password:
connected to target database: ORCL (DBID=1572499547)
RMAN>

RMAN> CONNECT AUXILIARY sys@cdb19

auxiliary database Password:
connected to auxiliary database: CDB19 (DBID=3826147549)
RMAN>

RMAN> DUPLICATE PLUGGABLE DATABASE pdb1 AS pdb1_in_cdb19

FROM ACTIVE DATABASE
DB_FILE_NAME_CONVERT ('ORCL', ‘CDB19');

Recovery and Flashback

==================
RMAN Recovery from Nonessential PDB Data File Loss

ALTER TABLESPACE ldata OFFLINE IMMEDIATE;

RESTORE TABLESPACE PDB1:LDATA;
RECOVER TABLESPACE PDB1:LDATA;
ALTER TABLESPACE ldata ONLINE;

PDB PITR
======
RMAN> RUN {
SET UNTIL SCN = 3267497;
RESTORE PLUGGABLE DATABASE pdb1;
RECOVER PLUGGABLE DATABASE pdb1 AUXILIARY
DESTINATION='/u02/app/oracle/oradata';
ALTER PLUGGABLE DATABASE pdb1 OPEN RESETLOGS;
}