Miguel Anjo

Extend partition from VMWare in Oracle Linux – part 2   Recently updated !

This entry was posted in Linux and tagged Oracle Linux 9 on by

The client uses VMWare as virtualization platform for the Oracle Database VMs (yes, he is aware of the License implications).

The VM is running out of space in two partitions. The VMWare Admin extended the disks on their platform. Now I need to make this extension visible in Oracle Linux. This things we do once every 10 years, when versions, filesystems and tools already changed.

For this post in 2025, I’m using Oracle Linux 9, xfs filesystems. All operation are online, with databases running.

I divide this post in two parts:

Extend a mountpoint within several partitions in a block device

oracle@vmware-vm01 MIG01C $ cat /etc/system-release 
Oracle Linux Server release 9.6

The partition tree is below, and I need to increase the /u01 from 50G to 100G. The disk is /dev/sda

[root@vmware-vm01 ~]# lsblk
NAME                             MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda                                8:0    0   774G  0 disk 
├─sda1                             8:1    0   250M  0 part /boot/efi
├─sda2                             8:2    0     1G  0 part /boot
└─sda3                             8:3    0    77G  0 part 
  ├─ol_vmware-vm02-root          252:0    0    10G  0 lvm  /
  ├─ol_vmware-vm02-swap          252:1    0     4G  0 lvm  [SWAP]
  ├─ol_vmware-vm02-var_log_audit 252:2    0     1G  0 lvm  /var/log/audit
  ├─ol_vmware-vm02-u01           252:3    0    50G  0 lvm  /u01
  ├─ol_vmware-vm02-home          252:4    0     5G  0 lvm  /home
  ├─ol_vmware-vm02-var_log       252:5    0     2G  0 lvm  /var/log
  └─ol_vmware-vm02-var           252:6    0     5G  0 lvm  /var
sdb                                8:16   0   100G  0 disk 
└─sdb1                             8:17   0   100G  0 part 
  └─vg_u02-lv_u02                252:7    0   100G  0 lvm  /u02
(more…)

Extend partition from VMWare in Oracle Linux – part 1   Recently updated !

This entry was posted in Linux Oracle and tagged Oracle Linux 9 on by

The client uses VMWare as virtualization platform for the Oracle Database VMs (yes, he is aware of the License implications).

The VM is running out of space in two partitions. The VMWare Admin extended the disks on their platform. Now I need to make this extension visible in Oracle Linux. This things we do once every 10 years, when versions, filesystems and tools already changed.

For this post in 2025, I’m using Oracle Linux 9, xfs filesystems. All operation are online, with databases running.

I divide this post in two parts:

Extend single partition of block device

oracle@vmware-vm01 MIG01C $ cat /etc/system-release 
Oracle Linux Server release 9.6

The partition tree is below, and I need to increase the /u02 from 100G to 300G. The disk is /dev/sdb

[root@vmware-vm02 ~]# lsblk 
NAME                             MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda                                8:0    0   774G  0 disk 
├─sda1                             8:1    0   250M  0 part /boot/efi
├─sda2                             8:2    0     1G  0 part /boot
└─sda3                             8:3    0    77G  0 part 
  ├─ol_vmware-vm02-root          252:0    0    10G  0 lvm  /
  ├─ol_vmware-vm02-swap          252:1    0     4G  0 lvm  [SWAP]
  ├─ol_vmware-vm02-var_log_audit 252:2    0     1G  0 lvm  /var/log/audit
  ├─ol_vmware-vm02-u01           252:3    0    50G  0 lvm  /u01
  ├─ol_vmware-vm02-home          252:4    0     5G  0 lvm  /home
  ├─ol_vmware-vm02-var_log       252:5    0     2G  0 lvm  /var/log
  └─ol_vmware-vm02-var           252:6    0     5G  0 lvm  /var
sdb                                8:16   0   100G  0 disk 
└─sdb1                             8:17   0   100G  0 part 
  └─vg_u02-lv_u02                252:7    0   100G  0 lvm  /u02
sr0                               11:0    1 356.9M  0 rom
(more…)

TDE misconfigured and ORA-28353: failed to open wallet

This entry was posted in Oracle Oracle 19c Oracle 23ai Security TDE on by

I did script the TDE wallet configuration for my client.

  • Script 1 – Set the static parameters TABLESPACE_ENCRYPTION and WALLET_ROOT in the spfile.
  • Script 2 – Restart the database
  • Script 3 – Create the wallet, open the wallet, set the Masterkey, create the autologin wallet.

When running this 3rd script on a database it failed on the second command:

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY  "wallet_password";
keystore altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "wallet_password";
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "wallet_password"
*
ERROR at line 1:
ORA-28353: failed to open wallet
(more…)

Recover missing Masterkey – the famous ORA-28374

This entry was posted in Oracle Oracle 19c Oracle 23ai Security on by

The client plugged a non-encrypted PDB into a CDB with TDE Encryption Wallet enabled. All works fine, we can read the data. However when trying to create a tablespace we get:

CDB1 SQL> create tablespace TBS_NEW;
Error starting at line : 1 in command -
create tablespace t1
Error report -
ORA-28374: typed master key not found in wallet
28374. 0000 -  "typed master key not found in wallet"
*Cause:    You attempted to access encrypted tablespace or redo logs with a typed master key not existing in the wallet.
*Action:   Copy the correct Oracle Wallet from the instance where the tablespace was created.

What is wrong?

(more…)

Configuring Hybrid Dataguard and have standby on OCI without the need of advanced security license

This entry was posted in Cloud DataGuard OCI Oracle Security and tagged OCI tde on by

Hybrid Dataguard is a relatively new 19c feature that allows to have one side of a Dataguard configuration not encrypted. This is particularly useful when having a primary on premises and standby on a OCI, where tablespaces need to be encrypted. The main point is that it allows to spare a Advanced Security licenses on premises site.

Usages of Hybrid Dataguard can be during migration to the cloud or just as a high availability solution, when we have a small on-premises data center.

In the tutorial below I assume to have a primary database on premises without TDE, a we will create a standby in OCI with encryption enabled. The connection between on-premises and OCI is already configured and not explained.

(more…)

Oracle TDE – the basic information you need to know when encrypting the whole database

This entry was posted in Cloud Engineering Systems ExaCC Exadata OCI Oracle Oracle 19c and tagged OCI oracle 19c tde on by

TDE – Transparent Data Encryption – is the Oracle solution for protecting data at rest. This refers, protecting data that is stored in one file or one disk. This data will be encrypted. Only after the database is open and the wallet password is given, you can query the data and see it.

Recently I’ve been working more with ExaCC and migrating databases from on-premises to the Cloud. Took quite some days to get into TDE and sometimes confusing terms used in the documentation and on the web.

This post summarizes all the concepts to have in mind when working with Oracle encrypted databases, which is the default in the Cloud and Exadata systems.

(more…)

DataGuard in RAC and redo apply performance in consolidated environments

This entry was posted in DataGuard Oracle 19c on by

My customer has five standby databases in the same 2-node RAC cluster. Today, after an ASM data diskgroup full, several databases had to recover quite some archivelogs.

The load on the first node immediately went to the roof when I restarted the redo apply, after adding space to the diskgroup.

This because, by default, the redo apply starts on the first available instance of the RAC cluster, which in this case was the first instance for all DBs.

Two things I learned:

(more…)

Commvault backup timeout and too many objects in Oracle recycle bin

This entry was posted in Oracle on by

Since a few weeks there was an error during backups of one of my clients databases. They use Commvault to trigger the backups.

In the background, for some reason, Commvault asks the primary instance for some information about the free space in the tablespaces, using the following query:

SELECT 'D,' || c.NAME || ':' || t.NAME || ':' || c.dbId  || ',' || d.STATUS || ',' || d.ENABLED || ',' || TO_CHAR(d.BYTES) || ',' || TO_CHAR(d.BYTES - NVL(ff.fbytes,0)) || ',' || TRIM(' ' FROM d.NAME) || ',' || TRIM(' ' FROM d.FILE#) AS PDB_TS_DF 
FROM v$datafile d, v$tablespace t, v$CONTAINERS c, (SELECT f.CON_ID CON_ID, f.file_id file_id, SUM(f.bytes) fbytes FROM CDB_FREE_SPACE f GROUP BY f.file_id,f.CON_ID) ff 
WHERE c.CON_ID = d.CON_ID and d.CON_ID = t.CON_ID and d.TS#=t.TS# AND ff.file_id (+)= d.FILE#  
ORDER BY PDB_TS_DF;

The important part is this one:

(more…)

New mandatory unified audit policy on 19.26

This entry was posted in Audit Oracle Oracle 19c Oracle 23ai on by

This feature was just backported from Oracle 23ai. The new ORA$MANDATORY audit policy was added with the Oracle 19.26 RU. This policy is not visible at UNIFIED_AUDIT_POLICIES or AUDIT_UNIFIED_ENABLED_POLICIES.

After patching the database to 19.26, then you see entries on UNIFIED_AUDIT_TRAIL:

SYS@CDB2.CDB$ROOT> select EVENT_TIMESTMAP, SYSTEM_PRIVILEGE_USED, ACTION_NAME 
from UNIFIED_AUDIT_TRAIL 
where UNIFIED_AUDIT_POLICIES='ORA$MANDATORY' 
order by EVENT_TIMESTMAP;

                  EVENT_TIMESTAMP     SYSTEM_PRIVILEGE_USED       ACTION_NAME
_________________________________ _________________________ _________________
02-FEB-2025 21:54:56.192982000    SYSDBA                    LOGON
02-FEB-2025 21:54:56.216549000    SYSDBA                    SELECT
02-FEB-2025 21:55:00.381577000    SYSDBA, ALTER DATABASE    ALTER DATABASE
02-FEB-2025 21:55:00.393882000    SYSDBA                    LOGOFF
...

The actions that are audited by ORA$MANDATORY policy are described on Oracle 23ai documentation.

What I find interesting, is that the “ALTER DATABASE MOUNT” during startup is audited, so we can have a good history of database startups.

(more…)