Anthony Key
asked on
How to execute RMAN backup windows script w/out passwords and other variables made visable?
Hi, I have a windows .bat file that I would like to schedule in a .cmd file where I can execute the .bat file and not have to show the variables for the user and password. When I access RMAN. The command that I used for testing is:
rman_backup_hot_full_10g.b at "DBA_USERNAME" "DBA_PASSWORD" "TNS_ALIAS"
where the variables in the quotes are the actual variables that I need to hide when I schedule this script.
Here is a copy of the script:
rman_backup_hot_full_10g.b
where the variables in the quotes are the actual variables that I need to hide when I schedule this script.
Here is a copy of the script:
@echo off
REM | FILE : rman_backup_hot_full_10g.bat modified 07/14/2011 |
REM | CLASS : WINDOWS Shell Scripts |
REM | PURPOSE : Used to perform a physical backup of an Oracle database |
REM | using RMAN. This script uses the database control file as |
REM | the RMAN repository. A command script will be dynamically |
REM | written to a temporary directory and run through RMAN. |
REM | |
REM | PARAMETERS : DBA_USERNAME Database username RMAN will use to login |
REM | to the database. This user must have |
REM | the SYSDBA role. |
REM | DBA_PASSWORD Database password RMAN will use to login |
REM | to the database. |
REM | TNS_ALIAS TNS connect string to the target |
REM | database. |
REM | USAGE : |
REM | |
REM | rman_backup_hot_full_10g.bat "DBA_USERNAME" "DBA_PASSWORD" "TNS_ALIAS" |
REM | |
REM | NOTE : As with any code, ensure to test this script in a |
REM | development environment. |
REM | |
REM +--------------------------------------------------------------------------+
REM +--------------------------------------------------------------------------+
REM | VALIDATE COMMAND-LINE PARAMETERS |
REM +--------------------------------------------------------------------------+
if (%1)==() goto USAGE
if (%2)==() goto USAGE
if (%3)==() goto USAGE
REM +--------------------------------------------------------------------------+
REM | VALIDATE ENVIRONMENT VARIABLES |
REM +--------------------------------------------------------------------------+
set ORALOG=X:\rman\logs
set ORATMP=X:\rman\temp
if (%ORALOG%)==() goto ENV_VARIABLES
if (%ORATMP%)==() goto ENV_VARIABLES
REM +--------------------------------------------------------------------------+
REM | DECLARE ALL GLOBAL VARIABLES. |
REM +--------------------------------------------------------------------------+
set FILENAME=rman_backup_hot_full_10g
set DB_USERNAME=%1%
set DB_PASSWORD=%2%
set TNS_ALIAS=%3%
set CMDFILE=%ORATMP%\%FILENAME%_%TNS_ALIAS%.rcv
set LOGFILE=%ORALOG%\%FILENAME%_%TNS_ALIAS%.log
REM +--------------------------------------------------------------------------+
REM | REMOVE OLD LOG AND RMAN COMMAND FILES. |
REM +--------------------------------------------------------------------------+
del /q %CMDFILE%
del /q %LOGFILE%
REM +--------------------------------------------------------------------------+
REM | WRITE RMAN COMMAND SCRIPT. |
REM +--------------------------------------------------------------------------+
echo.
echo run { > %CMDFILE%
echo.
echo sql "alter system archive log current"; >> %CMDFILE%
echo. >> %CMDFILE%
echo CONFIGURE CONTROLFILE AUTOBACKUP ON; >> %CMDFILE%
echo. >> %CMDFILE%
echo backup database >> %CMDFILE%
REM echo filesperset 5 >> %CMDFILE%
REM echo format 'X:\rman\BACKUPSET\ora_df%%t_s%%s_s%%p' >> %CMDFILE%
echo (database include current controlfile); >> %CMDFILE%
echo. >> %CMDFILE%
echo backup archivelog all >> %CMDFILE%
echo format 'X:\rman\\ARCHIVE\log_%%t_%%s_%%r.arc'; >> %CMDFILE%
echo. >> %CMDFILE%
echo } >> %CMDFILE%
echo. >> %CMDFILE%
echo. >> %CMDFILE%
echo. >> %CMDFILE%
echo show all; >> %CMDFILE%
echo. >> %CMDFILE%
REM echo backup database plus archivelog delete input; >> %CMDFILE%
REM echo crosscheck backup of database; >> %CMDFILE%
REM echo crosscheck backup of controlfile; >> %CMDFILE%
REM echo crosscheck archivelog all; >> %CMDFILE%
REM echo delete noprompt force obsolete;>> %CMDFILE%
REM echo delete force noprompt expired backup of database; >> %CMDFILE%
REM echo delete force noprompt expired backup of controlfile; >> %CMDFILE%
REM echo delete force noprompt expired archivelog all; >> %CMDFILE%
echo exit; >> %CMDFILE%
REM +--------------------------------------------------------------------------+
REM | PERFORM RMAN BACKUP. |
REM +--------------------------------------------------------------------------+
rman target %DB_USERNAME%/%DB_PASSWORD%@%TNS_ALIAS% nocatalog cmdfile=%CMDFILE% msglog %LOGFILE%
REM +--------------------------------------------------------------------------+
REM | SCAN THE RMAN LOGFILE FOR ERRORS. |
REM +--------------------------------------------------------------------------+
find /i "error" "%LOGFILE%"
if %errorlevel% EQU 1 (
"C:\WINDOWS\sendmail\sendmail.exe" -messagefile=X:\somedirectorypath\logs\rman_backup_hot_full_10g.log -subject="RMAN Online Backup was Successful" email1@domain
) else (
"C:\WINDOWS\sendmail\sendmail.exe" -messagefile=X:\somedirectorypath\logs\rman_backup_hot_full_10g.log -subject="RMAN Online Backup Failed" email1@domain
)
echo ...
echo END OF FILE REPORT
echo Filename : %FILENAME%
echo Database : %TNS_ALIAS%
echo Hostname : %COMPUTERNAME%
echo Date : %DATE%
echo Time : %TIME%
echo RMAN Log File : %LOGFILE%
REM +--------------------------------------------------------------------------+
REM | END THIS SCRIPT. |
REM +--------------------------------------------------------------------------+
goto END
:END
@echo on
ASKER
Hi slightwv, did you make it to the RMAN class yet? I haven't used windows in a while I tried to add a scheduled task but the wizard comes up with a bunch of programs none saying 'task scheduler' am I looking in the right place?
Thanks,
7Souls
Thanks,
7Souls
Didn't know I was planning on going to the RMAN class but I forget a lot these days.
Don't have 2003 left around any more but a quick Google came up with:
http://www.iopus.com/guides/winscheduler.htm
Don't have 2003 left around any more but a quick Google came up with:
http://www.iopus.com/guides/winscheduler.htm
ASKER
I looked at this but I don't think it addresses my problem. I need to pass 3 variables after the '.bat' file.
rman_backup_hot_full_10g.b at "DBA_USERNAME" "DBA_PASSWORD" "TNS_ALIAS"
As I stated earlier I went to the add a task wizard all it asked for was a username and password of my login nothing else. If this could work I sure would like to use it.
Thanks,
7Souls
rman_backup_hot_full_10g.b
As I stated earlier I went to the add a task wizard all it asked for was a username and password of my login nothing else. If this could work I sure would like to use it.
Thanks,
7Souls
When you add the 'command' you wish to schedule just provide that command. Just like you would from the CMD prompt.
>>Hi slightwv, did you make it to the RMAN class yet?
I'm going by the name slightwv when I want to throw people off my trail when I give bad answers... :)
I'm going by the name slightwv when I want to throw people off my trail when I give bad answers... :)
ASKER
This is exactly what I'm asking how do I hide these variables within the '.cmd' line?
here are copies of some command files that were scheduled.
"C:\Program Files\Windows Resource Kits\Tools\robocopy" X:\ORACLE_BACKUPS\RMAN\SIS GTID X:\FilesToDelete * /MINAGE:4 /E /MOV /LOG:X:\ORACLE_BACKUPS\RMA N\SISGTID\ delete_bac kup%date:~ 4,2%%date: ~7,2%%date :~12,2%.lo g
DEL X:\FilesToDelete\*.* /q 2>nul
set ORACLE_SID=sisgtid
set ORACLE_HOME=D:\ORACLE\ORA9 2
rman target / nocatalog msglog X:\ORACLE_BACKUPS\RMAN\SIS GTID\full_ backup%dat e:~4,2%%da te:~7,2%%d ate:~12,2% .log cmdfile D:\ORACLE_RMAN_SCRIPTS\ful l_backup.r cv
"C:\Program Files\windmail\windmail" -n X:\ORACLE_BACKUPS\RMAN\SIS GTID\full_ backup%dat e:~4,2%%da te:~7,2%%d ate:~12,2% .log -b "SISGTID RMAN Full Backup" sserre@doe.k12.ga.us padusumi@doe.k12.ga.us
Here he just used the RMAN command line but I would like to run the .bat file instead but with passing the user password and the sid.
Thanks,
7Souls
here are copies of some command files that were scheduled.
"C:\Program Files\Windows Resource Kits\Tools\robocopy" X:\ORACLE_BACKUPS\RMAN\SIS
DEL X:\FilesToDelete\*.* /q 2>nul
set ORACLE_SID=sisgtid
set ORACLE_HOME=D:\ORACLE\ORA9
rman target / nocatalog msglog X:\ORACLE_BACKUPS\RMAN\SIS
"C:\Program Files\windmail\windmail" -n X:\ORACLE_BACKUPS\RMAN\SIS
Here he just used the RMAN command line but I would like to run the .bat file instead but with passing the user password and the sid.
Thanks,
7Souls
ASKER
Hi Mrjoltcola,
Can you help me with this?
Thanks,
7Souls
Can you help me with this?
Thanks,
7Souls
>>This is exactly what I'm asking how do I hide these variables within the '.cmd' line?
I've already said this. You will have to hard code them somewhere or use OS authentication.
I've already said this. You will have to hard code them somewhere or use OS authentication.
ASKER
I think I will need to hard code them in the '.bat' file, but I have to make the file unaccessable to the causal user do you know how I can do this.
Thanks,
7Souls
Thanks,
7Souls
>>I have to make the file unaccessable to the causal user do you know how I can do this.
ACLs.
http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
I'm not a Windows Admin but you might also be able to set up some local security policies to restrict access.
That said:
I would think hard-coding them on the command line in task scheduler would keep it out of the hands of the 'casual' user.
ACLs.
http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
I'm not a Windows Admin but you might also be able to set up some local security policies to restrict access.
That said:
I would think hard-coding them on the command line in task scheduler would keep it out of the hands of the 'casual' user.
>>Can you help me with this?
slightwv is at least as skilled in Windows batch files as I. I will monitor, but rather not clutter the conversation if he has it in hand.
slightwv is at least as skilled in Windows batch files as I. I will monitor, but rather not clutter the conversation if he has it in hand.
ASKER
Okay slightwv, so if any one tried to open the '.cmd' file that has the '.bat' file command line with the user and password would not be able to see it, is this correct?
Thanks,
7Souls
Thanks,
7Souls
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>Alternatively I would use the ORACLE scheduler.
I would probably only do this if you were running Grid Control. Otherwise you have the database actually backing itself up. Not sure I would do that.
I would probably only do this if you were running Grid Control. Otherwise you have the database actually backing itself up. Not sure I would do that.
>>Otherwise you have the database actually backing itself up.
Nothing really wrong with that. Oracle needs to be functional for RMAN to run anyway.
Like you, I still prefer an external system script because I prefer not to fiddle with the scheduler as I don't use Enterprise Manager except as a last resort.
Also I want my scripts for multiple dbs in the same location so I know I don't accidentally schedule 2 instances to backup in parallel.
Nothing really wrong with that. Oracle needs to be functional for RMAN to run anyway.
Like you, I still prefer an external system script because I prefer not to fiddle with the scheduler as I don't use Enterprise Manager except as a last resort.
Also I want my scripts for multiple dbs in the same location so I know I don't accidentally schedule 2 instances to backup in parallel.
ASKER
Hi, I would like to keep this question open a bit longer. I will return to it in a few days. Is this possible.
Thanks,
7Souls
Thanks,
7Souls
I have no problem with keeping it open.
ASKER
Hi slightwv,
Thanks, I just sent a new question regarding retaining at least 7 days of backup records in the control file. Do you think you have time to look at.
Thanks,
7Souls
Thanks, I just sent a new question regarding retaining at least 7 days of backup records in the control file. Do you think you have time to look at.
Thanks,
7Souls
You will need to hard code the username and password somewhere or us OS authentication.