X

Best Practices from Oracle Development's A‑Team

Installation and Configuring Recovery Manager Catalog on OCI DBaaS

Vivek Singh
Principal Solutions Architect

Introduction

Oracle Recovery Manager (RMAN) is a sophisticated tool that database administrators have been using to take the backup of their on-premises databases. As the organizations move their databases to cloud, the database administrators may want to continue to use RMAN to perform backup and recovery operations.

Oracle Cloud Infrastructure (OCI) offers several services and options, including RMAN, to take the backup of your databases. In this blog I will not be discussing the different options OCI allows to backup your databases. These can be reviewed at “Backing up a Database”. In this blog, I will only talk about RMAN for DBaaS Service.

RMAN allows you to directly backup the target database to OCI Object Storage Standard buckets. However, for OCI DBaaS Service the option offered out-of-the-box is to keep RMAN control file as part of the target database. If control file becomes very large, it adversely effects the performance of the target database. This limits the number of days that you can keep the database backups. Usually, RMAN with control file in target database is used for maximum retention period of 30 days only. For longer retention periods you need to install RMAN Catalog on a separate DBaaS VM on OCI. Now, the RMAN control file is kept in a catalog on a database that is separate from the target database. If you use this option you will need a separate DBaaS VM in addition to your target database DBaaS VM.

This blog describes the steps to install RMAN Catalog on a separate DBaaS VM on OCI.

Audience

The primary audiences for this blog are:

• Database administrators who have been using RMAN Backup for their on-premises systems.

• OCI administrators who want to setup RMAN for their database administrators.

Use Case

This blog addresses the use case where you have an on-premises Oracle database and are in the process of migrating the database to Oracle OCI DBaaS VM system. You are using RMAN backup for your on-premises system and would like to continue to use the same procedures for backup of OCI DBaaS system to OCI Object Storage.

If you previously used backups for your target database through OCI Console or the API and then you switch to using RMAN, a new backup configuration is created and associated with your target database. This means that you can no longer rely on your previously taken backups to work.

Advantages of Installing RMAN Catalog on a Separate DBaaS System

There are several advantages of installing RMAN Catalog on a DBaaS system other than your target database system. These are:

• You can keep database backup for any length of time, without affecting the performance of your target database.

• Multiple target databases’ RMAN catalog can be contained in a single database. Thus, if you have say four different target databases, you need only one RMAN Catalog DBaaS system.

• Having RMAN Catalog in a separate DBaaS system allows you to implement backup, HA and DR policy for the RMAN Catalog database independent of the HA and DR policy for the target database. The HA/DR for RMAN Catalog can be implemented using RAC or Data Guard. But, if you need HA/DR only for your target database and not for RMAN Catalog database, you do not have to implement HA/DR for RMAN Catalog database

Prerequisites

Before you can install the RMAN Catalog, you will need the following setup:

1. A target database on a DBaaS VM in OCI. This is the database that RMAN will backup to OCI Object Storage. For information about how to install DBaaS System see “Creating DBaaS on a VM in OCI”.

2. You need an Object Storage bucket as the destination for backup. If a bucket does not exist, you should create one. It is strongly recommended that you use separate buckets for each database that you want to backup and use a naming convention to easily identify the database whose backup is kept in the bucket. Also make sure you create a “private” bucket and not a “public” bucket. You can create a bucket either from OCI Console, or by using API.

For information about Object Storage see “Overview of Object Storage”.

3. The DB system's cloud network (VCN) and subnet must be configured with access to Object Storage. If your Object Storage is in the same region as the target database system, it is recommended that you use a Service Gateway to establish connectivity with the Object Storage. If the Object Storage is in a different region, you will need an Internet Gateway. Subnet’s Route Table must have the appropriate rules and Security List must allow egress traffic to Object Storage (specify stateful rules).

4. An Auth Token generated by Oracle Cloud Infrastructure. You can use the OCI Console or the IAM API to generate the Auth Token. If you use OCI Console to generate Auth Token, go to User Settings, and generate a Auth Token. Note the Auth Token, as it will not be displayed again. The Auth Token is used to validate against the Object Storage. For more information, see Working with Auth Tokens.

5. A user name is required when you will install and use the backup module. This user must have tenancy-level access to Object Storage. This can be done by adding the user name to the administrators group. However, that will allow the user to access all of the cloud services. Instead, an administrator should create a policy like the following that limits access to only the required resources in Object Storage for backing up and restoring the database.

Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name = '<bucket_name>'

Allow group <group_name> to read buckets in compartment <compartment_name>

 

Special License Rights

For certain use cases Oracle provides special license rights. You can review these "Special License Rights" and discuss with your account manager if you will need additional database licenses for Recovery Manager Catalog’s DBaaS system.

 

Creating DBaaS for RMAN Catalog

You will need a database to install RMAN Catalog. You can install the RMAN Catalog database in the same VCN as the target database. However, you may want to keep it in a different Availability Domain or Fault Domain. This provides an additional layer of redundancy. The diagrams below show the target database and the RMAN Catalog database for OCI Regions having single and multiple Availability Domains.

DBaaS Deployment

The diagrams above also show the Object Storage and the Service Gateway to access Object Storage. Since the Object Storage is in the same region, Service Gateway is used to access it. Keeping the Object Storage in the same region as the databases gives better performance for backup and recovery. If the Object Storage is in a different region, it increases the latency between databases and Object Storage and increase the time taken for backup and recovery operations.

You can create the RMAN Catalog database using the OCI Console. You will need to provide the following information:

Login in to OCI Console, under Database select ‘Bare Metal, VM, Exadata'

Click on ‘Create DB System’

Provide the following information:

1. Select a compartment: Select a compartment for your database. It can be same compartment where you have your target database.

2. DB System Name: Give a descriptive name.

3. Select an availability domain: It could be any, but preferable to use an AD other than the AD for your target database.

4. Select a shape type: Select Virtual Machine.

5. Select a Shape: For most clients VM Standard 2 node system (VM Standard 2.2) is enough.

6. Oracle Database software edition: Select Enterprise Edition.

7. Your Security Key: Browse or upload your public key file.

8. Specify the network information: Select the VCN and Subnet where you want to create RMAN Catalog. These can be same as VCN and Subnet for your target database.

9. Host prefix: Specify a prefix, such as rcat.

10. Database Name: Specify a database name, such as rcatdb.

11. Database version. Keep it same as your target database.

12. PDB Name: Make sure you specify the PDB Name: Specify a PDB name, such as rcatpdb.

13. Password: Provide a password.

 

After database is created, note the Public and Private IP for database node as well as the long connection string from OCI Console.

Public IP: <public ip for your db node>

Private IP: <private ip for your db node>

Long Connection String:

(DESCRIPTION=(CONNECT_TIMEOUT=5)(TRANSPORT_CONNECT_TIMEOUT=3) (RETRY_COUNT=3)(ADDRESS_LIST=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=<PrivateIP>)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=<service name>)))

 

Backup for RMAN Catalog Database System

Protection of the information in the RMAN Catalog database is also important. The simplest approach is to enable automatic backups - 7 day retention should be sufficient for most clients.

 

Create Recovery Catalog User on Recovery Catalog Database

After creating the database for RMAN Catalog, you need to create a tablespace, a user and grant permissions to the user. For this first ssh into the RMAN Catalog database node, and then use SQLPLUS as shown below.

/* ssh to RMAN Catalog DB Node’s public IP and sudo to Oracle user */

vivessin-Mac:~ vivessin$ ssh opc@<DB Node public IP>

Last login: Mon Jul 22 20:47:46 2019 from 69.245.178.224

[opc@rcat ~]$ sudo su - oracle

[oracle@rcat ~]$

[oracle@rcat ~]$ sqlplus / as sysdba

SQL*Plus: Release 12.2.0.1.0 Production on Mon Jul 22 21:29:42 2019

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Connected to:

Oracle Database 12c EE High Perf Release 12.2.0.1.0 - 64bit Production

2.4 SQL> CONNECT SYS/<passwprd>@(DESCRIPTION=(CONNECT_TIMEOUT=5)(TRANSPORT_CONNECT_TIMEOUT=3)(RETRY_COUNT=3)(ADDRESS_LIST=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=<privateIP>)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=<service name from long connection string>))) as sysdba

Connected.

/* connect to PDB */

2.5 SQL> ALTER SESSION SET CONTAINER =<pdb Name>;

Session altered.

2.6 SQL> CREATE TABLESPACE tools;

Tablespace created.

2.7 SQL> CREATE USER <user name> IDENTIFIED BY <password> TEMPORARY TABLESPACE temp DEFAULT TABLESPACE tools QUOTA UNLIMITED ON tools;

User created.

2.8 SQL> GRANT RECOVERY_CATALOG_OWNER TO <user name>;

Grant succeeded.

SQL>COMMIT;

Commit complete.

SQL>EXIT

 

Install Backup Module on Target DBaaS VM

For taking RMAN backup to OCI Object Storage you first need to install the Oracle Database Cloud Backup Module for OCI on the target DBaaS. When you create a DBaaS VM System opc_install.jar is copied to the system.This module is used to send the backup files to OCI Object Storage. It is a System Backup to Tape (SBT) module and is referenced when allocating a RMAN channel. It uses OCI Auth Tokens for authentication.

Install Backup Module using opc_install

To install the backup module ssh to a target database system node, sudo to oracle user, change the directory to /opt/oracle/oak/pkgrepos/oss/odbcs folder containing opc_install.jar and install the backup module. The details are given in the document ‘Backing up a Database to Object Storage Using RMAN’ - scroll down to the section about “Installing the Backup Module on the DB System”. Sample commands are shown below:

/* ssh to target database node’s public IP and sudo to Oracle user */

vivessin-Mac:~ vivessin$ ssh opc@<database public IP>

Last login: Tue Sep 10 21:43:16 2019 from 71.233.70.120

[opc@testdb ~]$ sudo su - oracle

[oracle@tst odbcs]$

[oracle@tst ~]$ cd /opt/oracle/oak/pkgrepos/oss/odbcs

[oracle@tst odbcs]$

/* Create the folder ~/lib if it does not exist*/

[oracle@tst odbcs]$ mkdir /home/oracle/lib/

[oracle@tst odbcs]$ java -jar opc_install.jar -opcID ‘<user name>' -opcPass ‘<auth token>' -container <Object Storage Bucket name> -walletDir ~/hsbtwallet/ -libDir ~/lib/ -configfile ~/config -host https://swiftobjectstorage.<region>.oraclecloud.com/v1/<tenancy>

Oracle Database Cloud Backup Module Install Tool, build

12.2.0.1.0DBBKPCSBP_2018-06-12

Oracle Database Cloud Backup Module credentials are valid.

Backups would be sent to container tstdbbackups.

Oracle Database Cloud Backup Module wallet created in directory /home/

oracle/hsbtwallet.

Oracle Database Cloud Backup Module initialization file /home/oracle/

config created.

Downloading Oracle Database Cloud Backup Module Software Library from file

opc_linux64.zip.

Download complete.

[oracle@tst odbcs]$

 

Create RMAN Catalog, Register Database and Set Retention Policy

To create RMAN Catalog you need to ssh to the target database, add RMAN connection entry to the tnsnames.ora, start RMAN, create RMAN Catalog, register database and then set the retention policy.

For making the RMAN connection entry, note the IP address and connection string for RMAN Catalog database. The commands for these steps are shown below:

/* ssh to target database node’s public IP and sudo to Oracle user */

vivessin-Mac:~ vivessin$ ssh opc@<database public IP>

[opc@testdb ~]$ sudo su - oracle

[oracle@tst ~]$ cd $ORACLE_HOME/network/admin

[oracle@tst admin]$

/* Add entry like given below to tnsnames.ora for connecting to rman. Make sure you specify PDB service name.

rman =

(DESCRIPTION =(ADDRESS = (PROTOCOL = TCP)(HOST = <RMAN Catalog DB Private Address>)(PORT = 1521))(CONNECT_DATA =(SERVER = DEDICATED)(SERVICE_NAME = <full name full service name for RMAN Cat pdb such as rcatpdb.db1.vcn1v.oraclevcn.com>)))

*/

/* Start rman and connect to db*/

[oracle@tst admin]$ rman

Recovery Manager: Release 12.2.0.1.0 - Production on Wed Sep 4 02:44:03

2019

Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights

reserved.

RMAN> CONNECT TARGET /

connected to target database: TSTDB03 (DBID=1584174955)

/* Connet to RMAN Catalog. RMAN CONNECT CATALOG <User name created on RMAN Catalog Database>/<Password>@<connection entry you added to tnsnames */

RMAN> CONNECT CATALOG <user>/<password>@rman

connected to recovery catalog database

RMAN>

RMAN> CREATE CATALOG

recovery catalog created

RMAN> REGISTER DATABASE;

 database registered in recovery catalog

starting full resync of recovery catalog

full resync complete

/* Configure Retention policy for required number of days (here 60)*/

RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 60 DAYS;

new RMAN configuration parameters:

CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 60 DAYS;

new RMAN configuration parameters are successfully stored

starting full resync of recovery catalog

full resync complete

RMAN> exit

 Recovery Manager complete.

[oracle@tst admin]$

 

Configure RMAN

After creating RMAN Catalog, you need to configure channel device type, default device type and a few other parameters. The commands for these is shown below. First you will need to ssh to target database, and switch over to Oracle user.

 /* ssh to target database public IP & sudo to Oracle user */

vivessin-Mac:~ vivessin$ ssh opc@<database public IP>

[opc@testdb ~]$ sudo su - oracle

[oracle@tst ~]$ echo $ORACLE_HOME

/u01/app/oracle/product/12.2.0.1/dbhome_1

[oracle@tst ~]$

[oracle@tst ~]$ . oraenv

ORACLE_SID = [tstdb03] ?

The Oracle base has been set to /u01/app/oracle

[oracle@tst ~]$

[oracle@tst ~]$ rman TARGET /

Recovery Manager: Release 12.2.0.1.0 - Production on Wed Sep 4 03:59:52 2019

Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.

connected to target database: TSTDB03 (DBID=1584174955)

RMAN> CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/home/oracle/config)';

using target database control file instead of recovery catalog

new RMAN configuration parameters:

CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/home/oracle/config)';

new RMAN configuration parameters are successfully stored

RMAN> CONFIGURE DEFAULT DEVICE TYPE TO SBT_TAPE;

new RMAN configuration parameters:

CONFIGURE DEFAULT DEVICE TYPE TO 'SBT_TAPE';

new RMAN configuration parameters are successfully stored

RMAN> CONFIGURE BACKUP OPTIMIZATION ON;

new RMAN configuration parameters:

CONFIGURE BACKUP OPTIMIZATION ON;

new RMAN configuration parameters are successfully stored

RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON;

new RMAN configuration parameters:

CONFIGURE CONTROLFILE AUTOBACKUP ON;

new RMAN configuration parameters are successfully stored

RMAN> CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE SBT_TAPE TO '%F';

new RMAN configuration parameters:

CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE 'SBT_TAPE' TO '%F';

new RMAN configuration parameters are successfully stored

RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters:

CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters are successfully stored

RMAN> EXIT

Recovery Manager complete.

[oracle@tst ~]$

 

Testing the Installation

You can quickly test if your installation is successful, by taking a backup and then viewing the Object Storage bucket and seeing the backup files there.

/* ssh to target database public IP & sudo to oracle user */

vivessin-Mac:~ vivessin$ ssh opc@<database public IP>

[opc@testdb ~]$ sudo su - oracle

[oracle@tst ~]$ rman

Recovery Manager: Release 12.2.0.1.0 - Production on Wed Sep 4 04:41:01 2019

Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.

RMAN> connect target /

connected to target database: TSTDB03 (DBID=1584174955)

RMAN> connect catalog <username>/<password>@<Connection entry>

 connected to recovery catalog database

RMAN> BACKUP INCREMENTAL LEVEL 0 SECTION SIZE 512M DATABASE PLUS ARCHIVELOG;

starting full resync of recovery catalog

full resync complete

Starting backup at 04-SEP-19

.

.

.

Starting Control File and SPFILE Autobackup at 04-SEP-19

piece handle=c-1584174955-20190904-01 comment=API Version 2.0,MMS Version

12.2.0.2

Finished Control File and SPFILE Autobackup at 04-SEP-19

RMAN> EXIT

Recovery Manager complete.

[oracle@tst ~]$

 

RMAN Catalog can now be used to take backup of your target database running on DBaaS to the OCI Object Storage.

 

References

  • https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/backingup.htm

  • https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/creatingDBsystem.htm

  • https://docs.cloud.oracle.com/iaas/Content/Object/Concepts/objectstorageoverview.htm

  • https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/network.htm#service_gateway

  • https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingIGs.htm

  • https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcredentials.htm#Working

  • https://docs.oracle.com/en/database/oracle/oracle-database/18/dblic/Licensing-Information.html#GUID-75262092-CD86-4B30-A21B-92ECC1C2E130

  • https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/backingupOSrman.htm

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha