This post is also available in:
Português
Those days I was trying to create a database using the "CREATE DATABASE" syntax in a IaaS Compute in Oracle Cloud to build a lab for one of my sessions.
SQL> CREATE DATABASE db21c USER SYS IDENTIFIED BY Oracle11__ USER SYSTEM IDENTIFIED BY Oracle11__ EXTENT MANAGEMENT LOCAL UNDO TABLESPACE undotbs1 DEFAULT TEMPORARY TABLESPACE tempts1 DEFAULT TABLESPACE users ENABLE PLUGGABLE DATABASE SEED SYSTEM DATAFILES SIZE 125M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED SYSAUX DATAFILES SIZE 100M; CREATE DATABASE db21c * ERROR at line 1: ORA-00603: ORACLE server session terminated by fatal error ORA-01092: ORACLE instance terminated. Disconnection forced ORA-01501: CREATE DATABASE failed ORA-01519: error while processing file '?/rdbms/admin/dtxnspc.bsq' near line 21 ORA-00604: error occurred at recursive SQL level 1 ORA-28427: cannot create, import or restore unencrypted tablespace: USERS in Oracle Cloud Process ID: 1934 Session ID: 21 Serial number: 28368
The database somehow knew I was running under OCI and enforced the encryption of my tablespaces. I tried to create the wallet and get it working... however, I couldn't set a Master Key as the database was not opened:
SQL> administer key management set key FORCE KEYSTORE identified by welcome1 with backup; administer key management set key FORCE KEYSTORE identified by welcome1 with backup * ERROR at line 1: ORA-28388: database is not open in read/write mode
And I end up with a ORA-28361: master key not yet set. So my solution was to keep the encrypt_new_tablespaces=DDL and block the OCI metadata access so my instance would bypass this enforcement:
[root@lab21c ~]# curl 169.254.169.254 <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> </body> </html> [root@lab21c ~]# iptables -I OUTPUT --dst 169.254.169.254 -p tcp --dport 80 -j REJECT [root@lab21c ~]# curl 169.254.169.254 curl: (7) Failed connect to 169.254.169.254:80; Connection refused
Now when I retried the exact same CREATE DATABASE command, I didn't get any error.
Have you enjoyed? Please leave a comment or give a 👍!
