Avatar of 7Souls
7Souls
Flag for United States of America asked on

How to execute RMAN backup windows script w/out passwords and other variables made visable?

Hi, I have a windows .bat file that I would like to schedule in a .cmd file where I can execute the .bat file and not have to show the variables for the user and password. When I access RMAN. The command that I used for testing is:

rman_backup_hot_full_10g.bat  "DBA_USERNAME"  "DBA_PASSWORD" "TNS_ALIAS"

where the variables in the quotes are the actual variables that I need to hide when I schedule this script.

Here is a copy of the script:

@echo off
REM | FILE       : rman_backup_hot_full_10g.bat modified 07/14/2011            |
REM | CLASS      : WINDOWS Shell Scripts                                       |
REM | PURPOSE    : Used to perform a physical backup of an Oracle database     |
REM |              using RMAN. This script uses the database control file as   |
REM |              the RMAN repository. A command script will be dynamically   |
REM |              written to a temporary directory and run through RMAN.      |
REM |                                                                          |
REM | PARAMETERS : DBA_USERNAME       Database username RMAN will use to login |
REM |                                 to the database. This user must have     |
REM |                                 the SYSDBA role.                         |
REM |              DBA_PASSWORD       Database password RMAN will use to login |
REM |                                 to the database.                         |
REM |              TNS_ALIAS          TNS connect string to the target         |
REM |                                 database.                                |
REM | USAGE      :                                                             |
REM |                                                                          |
REM | rman_backup_hot_full_10g.bat  "DBA_USERNAME"  "DBA_PASSWORD" "TNS_ALIAS" |
REM |                                                                          |
REM | NOTE       : As with any code, ensure to test this script in a           |
REM |              development environment.                                    |
REM |                                                                          |
REM +--------------------------------------------------------------------------+

REM +--------------------------------------------------------------------------+
REM | VALIDATE COMMAND-LINE PARAMETERS                                         |
REM +--------------------------------------------------------------------------+

if (%1)==() goto USAGE
if (%2)==() goto USAGE
if (%3)==() goto USAGE


REM +--------------------------------------------------------------------------+
REM | VALIDATE ENVIRONMENT VARIABLES                                           |
REM +--------------------------------------------------------------------------+

set ORALOG=X:\rman\logs
set ORATMP=X:\rman\temp

if (%ORALOG%)==() goto ENV_VARIABLES
if (%ORATMP%)==() goto ENV_VARIABLES


REM +--------------------------------------------------------------------------+
REM | DECLARE ALL GLOBAL VARIABLES.                                            |
REM +--------------------------------------------------------------------------+

set FILENAME=rman_backup_hot_full_10g
set DB_USERNAME=%1%
set DB_PASSWORD=%2%
set TNS_ALIAS=%3%
set CMDFILE=%ORATMP%\%FILENAME%_%TNS_ALIAS%.rcv
set LOGFILE=%ORALOG%\%FILENAME%_%TNS_ALIAS%.log


REM +--------------------------------------------------------------------------+
REM | REMOVE OLD LOG AND RMAN COMMAND FILES.                                   |
REM +--------------------------------------------------------------------------+

del /q %CMDFILE%
del /q %LOGFILE%


REM +--------------------------------------------------------------------------+
REM | WRITE RMAN COMMAND SCRIPT.                                               |
REM +--------------------------------------------------------------------------+
echo.
echo run { > %CMDFILE%  
echo.                    
echo sql "alter system archive log current"; >> %CMDFILE%
echo.     >> %CMDFILE%              
echo CONFIGURE CONTROLFILE AUTOBACKUP ON; >> %CMDFILE%
echo.     >> %CMDFILE%
echo backup database >> %CMDFILE%
REM echo filesperset 5 >> %CMDFILE%    
REM echo format 'X:\rman\BACKUPSET\ora_df%%t_s%%s_s%%p' >> %CMDFILE%  
echo (database include current controlfile); >> %CMDFILE%  
echo.    >> %CMDFILE%
echo backup archivelog all >> %CMDFILE%  
echo format 'X:\rman\\ARCHIVE\log_%%t_%%s_%%r.arc'; >> %CMDFILE%  
echo.    >> %CMDFILE%
echo   } >> %CMDFILE%    
echo.    >> %CMDFILE%
echo.    >> %CMDFILE%                
echo.    >> %CMDFILE%
echo show all; >> %CMDFILE%  
echo.          >> %CMDFILE%
REM echo backup database plus archivelog delete input; >> %CMDFILE%
REM echo crosscheck backup of database; >> %CMDFILE%
REM echo crosscheck backup of controlfile; >> %CMDFILE%
REM echo crosscheck archivelog all; >> %CMDFILE%
REM echo delete noprompt force obsolete;>> %CMDFILE%
REM echo delete force noprompt expired backup of database; >> %CMDFILE%
REM echo delete force noprompt expired backup of controlfile; >> %CMDFILE%
REM echo delete force noprompt expired archivelog all; >> %CMDFILE%

echo exit; >> %CMDFILE%  

REM +--------------------------------------------------------------------------+
REM | PERFORM RMAN BACKUP.                                                     |
REM +--------------------------------------------------------------------------+

rman target %DB_USERNAME%/%DB_PASSWORD%@%TNS_ALIAS% nocatalog cmdfile=%CMDFILE% msglog %LOGFILE%  


REM +--------------------------------------------------------------------------+
REM | SCAN THE RMAN LOGFILE FOR ERRORS.                                        |
REM +--------------------------------------------------------------------------+

find /i "error" "%LOGFILE%"
if %errorlevel% EQU 1 (
"C:\WINDOWS\sendmail\sendmail.exe" -messagefile=X:\somedirectorypath\logs\rman_backup_hot_full_10g.log -subject="RMAN Online Backup was Successful" email1@domain
) else (
"C:\WINDOWS\sendmail\sendmail.exe" -messagefile=X:\somedirectorypath\logs\rman_backup_hot_full_10g.log -subject="RMAN Online Backup Failed" email1@domain
)

echo ...
echo END OF FILE REPORT
echo Filename      : %FILENAME%
echo Database      : %TNS_ALIAS%
echo Hostname      : %COMPUTERNAME%
echo Date          : %DATE%
echo Time          : %TIME%
echo RMAN Log File : %LOGFILE%


REM +--------------------------------------------------------------------------+
REM | END THIS SCRIPT.                                                         |
REM +--------------------------------------------------------------------------+
goto END

:END
@echo on

Open in new window

Microsoft DOSWindows Server 2003Oracle Database

Avatar of undefined
Last Comment
7Souls

8/22/2022 - Mon
slightwv (䄆 Netminder)

Use windows task scheduler to set up to job.  

You will need to hard code the username and password somewhere or us OS authentication.
7Souls

ASKER
Hi slightwv, did you make it to the RMAN class yet? I haven't used windows in a while I tried to add a scheduled task but the wizard comes up with a bunch of programs none saying 'task scheduler' am I looking in the right place?

Thanks,
7Souls
slightwv (䄆 Netminder)

Didn't know I was planning on going to the RMAN class but I forget a lot these days.

Don't have 2003 left around any more but a quick Google came up with:
http://www.iopus.com/guides/winscheduler.htm
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
7Souls

ASKER
I looked at this but I don't think it addresses my problem. I need to pass 3 variables after the '.bat' file.

rman_backup_hot_full_10g.bat  "DBA_USERNAME"  "DBA_PASSWORD" "TNS_ALIAS"

As I stated earlier I went to the add a task wizard all it asked for was a username and password of my login nothing else. If this could work I sure would like to use it.

Thanks,
7Souls
slightwv (䄆 Netminder)

When you add the 'command' you wish to schedule just provide that command.  Just like you would from the CMD prompt.
mrjoltcola

>>Hi slightwv, did you make it to the RMAN class yet?

I'm going by the name slightwv when I want to throw people off my trail when I give bad answers... :)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
7Souls

ASKER
This is exactly what I'm asking how do I hide these variables within the '.cmd' line?
here are copies of some command files that were scheduled.
"C:\Program Files\Windows Resource Kits\Tools\robocopy" X:\ORACLE_BACKUPS\RMAN\SISGTID X:\FilesToDelete * /MINAGE:4 /E /MOV /LOG:X:\ORACLE_BACKUPS\RMAN\SISGTID\delete_backup%date:~4,2%%date:~7,2%%date:~12,2%.log
DEL X:\FilesToDelete\*.* /q 2>nul
set ORACLE_SID=sisgtid
set ORACLE_HOME=D:\ORACLE\ORA92
rman target / nocatalog msglog X:\ORACLE_BACKUPS\RMAN\SISGTID\full_backup%date:~4,2%%date:~7,2%%date:~12,2%.log cmdfile D:\ORACLE_RMAN_SCRIPTS\full_backup.rcv
"C:\Program Files\windmail\windmail" -n X:\ORACLE_BACKUPS\RMAN\SISGTID\full_backup%date:~4,2%%date:~7,2%%date:~12,2%.log -b "SISGTID RMAN Full Backup" sserre@doe.k12.ga.us padusumi@doe.k12.ga.us

Here he just used the RMAN command line but I would like to run the .bat file instead but with passing the user password and the sid.


Thanks,
7Souls
7Souls

ASKER
Hi Mrjoltcola,

Can you help me with this?

Thanks,
7Souls
slightwv (䄆 Netminder)

>>This is exactly what I'm asking how do I hide these variables within the '.cmd' line?

I've already said this.  You will have to hard code them somewhere or use OS authentication.

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
7Souls

ASKER
I think I will need to hard code them in the '.bat' file, but I have to make the file unaccessable to the causal user do you know how I can do this.

Thanks,
7Souls
slightwv (䄆 Netminder)

>>I have to make the file unaccessable to the causal user do you know how I can do this.

ACLs.

http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html

I'm not a Windows Admin but you might also be able to set up some local security policies to restrict access.

That said:
I would think hard-coding them on the command line in task scheduler would keep it out of the hands of the 'casual' user.
mrjoltcola

>>Can you help me with this?

slightwv is at least as skilled in Windows batch files as I. I will monitor, but rather not clutter the conversation if he has it in hand.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
7Souls

ASKER
Okay slightwv, so if any one tried to open the '.cmd' file that has the '.bat' file command line with the user and password would not be able to see it, is this correct?

Thanks,
7Souls
ASKER CERTIFIED SOLUTION
slightwv (䄆 Netminder)

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
slightwv (䄆 Netminder)

>>Alternatively I would use the ORACLE scheduler.

I would probably only do this if you were running Grid Control.  Otherwise you have the database actually backing itself up.  Not sure I would do that.
mrjoltcola

>>Otherwise you have the database actually backing itself up.  

Nothing really wrong with that. Oracle needs to be functional for RMAN to run anyway.

Like you, I still prefer an external system script because I prefer not to fiddle with the scheduler as I don't use Enterprise Manager except as a last resort.

Also I want my scripts for multiple dbs in the same location so I know I don't accidentally schedule 2 instances to backup in parallel.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
7Souls

ASKER
Hi, I would like to keep this question open a bit longer. I will return to it in a few days. Is this possible.

Thanks,
7Souls
slightwv (䄆 Netminder)

I have no problem with keeping it open.
7Souls

ASKER
Hi slightwv,

Thanks, I just sent a new question regarding retaining at least 7 days of backup records in the control file. Do you think you have time to look at.

Thanks,
7Souls
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.