Installation and Configuring Recovery Manager Catalog on OCI DBaaS

Introduction

Oracle Recovery Manager (RMAN) is a sophisticated tool that database administrators have been using to take the backup of their on-premises databases. As the organizations move their databases to cloud, the database administrators may want to continue to use RMAN to perform backup and recovery operations.

Oracle Cloud Infrastructure (OCI) offers several services and options, including RMAN, to take the backup of your databases. In this blog I will not be discussing the different options OCI allows to backup your databases. These can be reviewed at “Backing up a Database”. In this blog, I will only talk about RMAN for DBaaS Service.

RMAN allows you to directly backup the target database to OCI Object Storage Standard buckets. However, for OCI DBaaS Service the option offered out-of-the-box is to keep RMAN control file as part of the target database. If control file becomes very large, it adversely effects the performance of the target database. This limits the number of days that you can keep the database backups. Usually, RMAN with control file in target database is used for maximum retention period of 30 days only. For longer retention periods you need to install RMAN Catalog on a separate DBaaS VM on OCI. Now, the RMAN control file is kept in a catalog on a database that is separate from the target database. If you use this option you will need a separate DBaaS VM in addition to your target database DBaaS VM.

This blog describes the steps to install RMAN Catalog on a separate DBaaS VM on OCI.

Audience

The primary audiences for this blog are:

• Database administrators who have been using RMAN Backup for their on-premises systems.

• OCI administrators who want to setup RMAN for their database administrators.

Use Case

This blog addresses the use case where you have an on-premises Oracle database and are in the process of migrating the database to Oracle OCI DBaaS VM system. You are using RMAN backup for your on-premises system and would like to continue to use the same procedures for backup of OCI DBaaS system to OCI Object Storage.

If you previously used backups for your target database through OCI Console or the API and then you switch to using RMAN, a new backup configuration is created and associated with your target database. This means that you can no longer rely on your previously taken backups to work.

Advantages of Installing RMAN Catalog on a Separate DBaaS System

There are several advantages of installing RMAN Catalog on a DBaaS system other than your target database system. These are:

• You can keep database backup for any length of time, without affecting the performance of your target database.

• Multiple target databases’ RMAN catalog can be contained in a single database. Thus, if you have say four different target databases, you need only one RMAN Catalog DBaaS system.

• Having RMAN Catalog in a separate DBaaS system allows you to implement backup, HA and DR policy for the RMAN Catalog database independent of the HA and DR policy for the target database. The HA/DR for RMAN Catalog can be implemented using RAC or Data Guard. But, if you need HA/DR only for your target database and not for RMAN Catalog database, you do not have to implement HA/DR for RMAN Catalog database

Prerequisites

Before you can install the RMAN Catalog, you will need the following setup:

1. A target database on a DBaaS VM in OCI. This is the database that RMAN will backup to OCI Object Storage. For information about how to install DBaaS System see “Creating DBaaS on a VM in OCI”.

2. You need an Object Storage bucket as the destination for backup. If a bucket does not exist, you should create one. It is strongly recommended that you use separate buckets for each database that you want to backup and use a naming convention to easily identify the database whose backup is kept in the bucket. Also make sure you create a “private” bucket and not a “public” bucket. You can create a bucket either from OCI Console, or by using API.

For information about Object Storage see “Overview of Object Storage”.

3. The DB system's cloud network (VCN) and subnet must be configured with access to Object Storage. If your Object Storage is in the same region as the target database system, it is recommended that you use a Service Gateway to establish connectivity with the Object Storage. If the Object Storage is in a different region, you will need an Internet Gateway. Subnet’s Route Table must have the appropriate rules and Security List must allow egress traffic to Object Storage (specify stateful rules).

4. An Auth Token generated by Oracle Cloud Infrastructure. You can use the OCI Console or the IAM API to generate the Auth Token. If you use OCI Console to generate Auth Token, go to User Settings, and generate a Auth Token. Note the Auth Token, as it will not be displayed again. The Auth Token is used to validate against the Object Storage. For more information, see Working with Auth Tokens.

5. A user name is required when you will install and use the backup module. This user must have tenancy-level access to Object Storage. This can be done by adding the user name to the administrators group. However, that will allow the user to access all of the cloud services. Instead, an administrator should create a policy like the following that limits access to only the required resources in Object Storage for backing up and restoring the database.

Special License Rights

For certain use cases Oracle provides special license rights. You can review these "Special License Rights" and discuss with your account manager if you will need additional database licenses for Recovery Manager Catalog’s DBaaS system.

Creating DBaaS for RMAN Catalog

You will need a database to install RMAN Catalog. You can install the RMAN Catalog database in the same VCN as the target database. However, you may want to keep it in a different Availability Domain or Fault Domain. This provides an additional layer of redundancy. The diagrams below show the target database and the RMAN Catalog database for OCI Regions having single and multiple Availability Domains.

The diagrams above also show the Object Storage and the Service Gateway to access Object Storage. Since the Object Storage is in the same region, Service Gateway is used to access it. Keeping the Object Storage in the same region as the databases gives better performance for backup and recovery. If the Object Storage is in a different region, it increases the latency between databases and Object Storage and increase the time taken for backup and recovery operations.

You can create the RMAN Catalog database using the OCI Console. You will need to provide the following information:

After database is created, note the Public and Private IP for database node as well as the long connection string from OCI Console.

Backup for RMAN Catalog Database System

Protection of the information in the RMAN Catalog database is also important. The simplest approach is to enable automatic backups - 7 day retention should be sufficient for most clients.

Create Recovery Catalog User on Recovery Catalog Database

After creating the database for RMAN Catalog, you need to create a tablespace, a user and grant permissions to the user. For this first ssh into the RMAN Catalog database node, and then use SQLPLUS as shown below.

Install Backup Module on Target DBaaS VM

For taking RMAN backup to OCI Object Storage you first need to install the Oracle Database Cloud Backup Module for OCI on the target DBaaS. When you create a DBaaS VM System opc_install.jar is copied to the system.This module is used to send the backup files to OCI Object Storage. It is a System Backup to Tape (SBT) module and is referenced when allocating a RMAN channel. It uses OCI Auth Tokens for authentication.

Install Backup Module using opc_install

To install the backup module ssh to a target database system node, sudo to oracle user, change the directory to /opt/oracle/oak/pkgrepos/oss/odbcs folder containing opc_install.jar and install the backup module. The details are given in the document ‘Backing up a Database to Object Storage Using RMAN’ - scroll down to the section about “Installing the Backup Module on the DB System”. Sample commands are shown below:

Create RMAN Catalog, Register Database and Set Retention Policy

To create RMAN Catalog you need to ssh to the target database, add RMAN connection entry to the tnsnames.ora, start RMAN, create RMAN Catalog, register database and then set the retention policy.

For making the RMAN connection entry, note the IP address and connection string for RMAN Catalog database. The commands for these steps are shown below:

Configure RMAN

After creating RMAN Catalog, you need to configure channel device type, default device type and a few other parameters. The commands for these is shown below. First you will need to ssh to target database, and switch over to Oracle user.

Testing the Installation

You can quickly test if your installation is successful, by taking a backup and then viewing the Object Storage bucket and seeing the backup files there.

RMAN Catalog can now be used to take backup of your target database running on DBaaS to the OCI Object Storage.

References

• https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/backingup.htm

• https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/creatingDBsystem.htm

• https://docs.cloud.oracle.com/iaas/Content/Object/Concepts/objectstorageoverview.htm

• https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/network.htm#service_gateway

• https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingIGs.htm

• https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcredentials.htm#Working

• https://docs.oracle.com/en/database/oracle/oracle-database/18/dblic/Licensing-Information.html#GUID-75262092-CD86-4B30-A21B-92ECC1C2E130

• https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/backingupOSrman.htm