Friday, July 3, 2020

A Quick how-to RMAN backup to OCI Object Storage

This is a quick how-to article on setting up RMAN to backup to Object Storage on OCI. This is applicable when you build your on Oracle database on an OCI instance, or when you have a database on-premise you wish to backup to the (OCI) cloud.

Database Tutorial and Material, Database Exam Prep, Database Certification

What do you need? Off course an Oracle Cloud tenancy,but to be more specific: you need an user (principal) that is permitted to manage objects in a bucket (or if you like, to manage buckets in a compartment). The creation of the user, bucket and relevant permissions is not in the scope of this article.

RMAN can backup to the Oracle Cloud using a SBT library “plugin”, the installer can be downloaded from here. This installer will take care of configuring and downloading the right binaries. It will require Java.

This installer services both the classic Oracle Public Cloud and the new Oracle Cloud. In this article, only the new Oracle cloud will be used. The zipfile can be unzipped anywhere, but keep the resulting jar file available for later use. We need the OCI version, so make use of opc_installer/oci_installer/oci_install.jar.

To authenticate against OCI the library needs a keypair, where the public key will be uploaded to the user in OCI. The oci_install.jar program has an option to generate a keypair for you:

java –jar oci_install.jar -newRSAKeyPair -walletDir /home/oracle/oci/wallet
Oracle Database Cloud Backup Module Install Tool, build 19.3.0.0.0DBBKPCSBP_2019-10-16
Please specify parameter -configFile: /home/oracle/oci/opcxxx.ora
OCI API signing keys are created:
   PRIVATE KEY --> /home/oracle/oci/wallet/oci_pvt
   PUBLIC  KEY --> /home/oracle/oci/wallet/oci_pub
Please upload the public key in the OCI console.

The tool tells you what your next step will be: upload the public key to the OCI account to be used for authenticating. See the image below for the way to upload the key.

Database Tutorial and Material, Database Exam Prep, Database Certification

After uploading the file you can see the key’s fingerprint. Copy this for the next step, or if you want to determine it on your own, use the OpenSSL commandline tool:

openssl rsa -pubout -outform DER -in oci_pvt | openssl md5 –c

Now it’s time to configure the RMAN SBT library, use the oci_installer tool again:

java -jar oci_install.jar \
  -configFile /path/to/configfile.ora
  -host https://objectstorage.eu-frankfurt-1.oraclecloud.com \
  -pvtKeyFile /home/oracle/the/path/to/the/private/key \
  -pubFingerPrint THE_FINGERPRINT_YOU_FOUND \
  -tOCID ocid1.tenancy.oc1..YOURTENANCY_OCID \
  -uOCID ocid1.user.oc1..THE_USERS_OCID \
  -libDir /home/oracle/lib \
  -walletDir /home/oracle/oci/wallet \
  -bucket YOUR_FAVOURITE_BUCKET
Oracle Database Cloud Backup Module Install Tool, build 19.3.0.0.0DBBKPCSBP_2019-10-16
Oracle Database Cloud Backup Module credentials are valid.
Backups would be sent to bucket YOUR_FAVOURITE_BUCKET.
Oracle Database Cloud Backup Module wallet created in directory /home/oracle/oci/wallet.
Oracle Database Cloud Backup Module initialization file /path/to/configfile.ora created.
Downloading Oracle Database Cloud Backup Module Software Library from Oracle Cloud Infrastructure.
Download complete.

With this step a wallet is generated, the library for the correct platform is downloaded and a configuration file is built. Note that when your database server is on a private subnet in OCI (or a subnet on-premise) that there needs to be a way to reach the object storage. On OCI this is best done using a service gateway, on-premise it may be necessary to use a proxy server.

The last step is to configure rman to use the SBT library:

rman target /

configure channel device type sbt parms='SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/path/to/configfile.ora)';

Please note that when you make a backup to the cloud, this SBT library requires encryption of the backupset, so use SET ENCRYPTION when you take a backup.

RMAN> set encryption on identified by "A_Difficult_passphrase" only;
executing command: SET encryption
RMAN> backup device type sbt database;

You should save this passphrase, as restoring without this passphrase will not work.

When you need to restore your database, you can follow the next steps. If the configuration for the SBT library has been lost the first steps should be recreating the configuration. When the connection is restored to the Object Store then RMAN can restore the database. In the example below we assume complete loss of the database, including controlfile and spfile.

rman target /

-- find the dbid in the snapshot controlfile name: in your bucket:
-- in sbt_catalog/c-nnnnnnnnnn-YYYYMMDD-nn –> nnnnnnn is the dbid
RMAN> set dbid = 2384917801;
RMAN> startup nomount
-- this will give a warning about a missing pfile
-- it's safe to ignore
RMAN> set controlfile autobackup format for device type sbt to '%F';
RMAN> set decryption identified by ‘YourVerySecurePassPhrase’;
RMAN> run {
allocate channel c1 device type sbt PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/path/to/your/config.ora)';
restore spfile from autobackup;
}
-- restart database with your spfile:
RMAN> startup nomount force;
-- restore controlfie
RMAN> run {
allocate channel c1 device type sbt PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/path/to/your/config.ora)';
restore controlfile from autobackup;
}
RMAN> alter database mount;
RMAN> run {
allocate channel c1 device type sbt PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/path/to/your/config.ora)';
allocate channel c2 device type sbt PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/path/to/your/config.ora)'
restore database;
recover database;
}
RMAN> alter database open resetlogs;

Related Posts

0 comments:

Post a Comment