Protecting and securing data is a core responsibility of a database administrator. DBAs must be proficient with backup and recovery skills. As shown in Chapters 17 through 19, you can use RMAN to manage and automate the backup of Oracle databases. RMAN is easily configured to back up and restore database files to and from disk.
Most production database environments will have an additional requirement to store database backups on tape. If your database server experiences a complete failure, you can use tape backups to restore and recover. Furthermore, tape backups are easily transported outside of the data center to provide additional protection in the event an entire data center experiences a complete failure (like a tornado or flood), the idea being that the tapes are safely stored offsite and can be brought back when disaster strikes.
To this end, Oracle provides a centralized tape backup solution, Oracle Secure Backup (OSB). This tool is a full-feature enterprise backup management system that automates the tape backup and restore of operating system files. More importantly to you as the DBA, OSB can also be configured as a media management layer with RMAN. This means you can implement RMAN and OSB together for the backup and restore of database files directly to and from tape.
There are myriad tape management solutions available. Why consider OSB? OSB is particularly compelling if one of your main goals is database backups to tape. Since OSB is an Oracle product, it is tightly integrated with RMAN. OSB is aware of the Oracle database file format and can take advantage of block level validation, encrypting backups as they are written to tape, integration with Oracle's Enterprise Manager, and so on.
There are two different editions of Oracle Secure Backup:
The Oracle Secure Backup Express edition is free (well, “free” when you purchase a license for the Oracle database). It provides core features such as backup and restore of operating system files and RMAN integration, but is limited to use on a single host with one directly attached tape device.
The Oracle Secure Backup edition requires an extra license and is well suited for tape backup and restore in a distributed server environment with heterogeneous file systems (Linux, Unix, Windows, and Network Attached Storage). The Oracle Secure Backup edition contains the following additional features not available with the Express edition:
If you are a small shop with just one production database server, then Oracle Secure Backup Express may satisfy your business requirements, whereas the full fledged Oracle Secure Backup edition is more suitable for environments with multiple distributed hosts that require advanced data protection requirements.
Note OSB is available on most Linux and Unix platforms as well as Windows. See My Oracle Support's certification matrix for a current list (https://support.oracle.com).
Take some time to familiarize yourself with the architectural terms used with OSB. This section gives a brief description of the major OSB parts, starting with an administrative domain.
An administrative domain is collection of servers (hosts) that you manage as a single group for backup and restore operations. Within an OSB administrative domain, each server can be assigned one or more of the following roles:
For each administrative domain, as shown in Figure 20–1, there is only one administrative server that controls the backup, restore, and scheduling operations. An administrative server manages one or more media servers and one or more clients.
Figure 20–1. Oracle Secure Backup Administrative Domain
A media server is a host that has at least one physical tape device connected to it. Media servers are responsible for transferring data to and from the attached tape devices.
The client host is the server where the Oracle databases and file-system data reside that you want to back up (and potentially restore). For a single-host environment, a server can be the admin server, media server, and client host in the OSB administrative domain.
There are four tools you can use to run and manage OSB backup and restore tasks:
obtool
)rman
)While the graphical interfaces are somewhat intuitive and easy to use, I'm a strong believer in learning how to run a tool from the command line. There's something about running a tool from the command line gives you a better understanding of the underlying architecture. This knowledge is invaluable when troubleshooting and diagnosing problems. In that vein, this chapter focuses on using obtool
and rman
to configure and run OSB backup and restore tasks operations.
Tip For complete details on all of the OSB interfaces, see the Oracle Secure Backup Administrator's Guide and Oracle Secure Backup Reference available at www.oracle.com/technetwork/database/secure-backup/documentation/.
An Oracle Secure Backup user is an account defined within an OSB administrative domain. These users are separate from operating system users. OSB user information is stored in the OSB administrative domain server. You are required to enter a username and password when accessing OSB through its interfaces such as obtool
or OSB Web tool.
An OSB class is a set of privileges and rights granted to a user. Each user can be assigned to only one OSB class. OSB classes help maintain a consistent user experience across all servers in an administrative domain.
Oracle Secure Backup uses seven different background processes (daemons) to manage the configuration, backup, and restore operations. The executables that start the daemons are in the OSB_HOME/etc
directory on each of the servers. These processes are described in this list:
Schedule daemon runs only on the administrative server and manages the scheduled backups.
Index daemon runs only on the administrative server and manages the backup catalog for each client.
Apache web server daemon runs only on the administrative server and services the OSB web tool.
Service Daemon runs on the administrative, media, and client servers. On the administrative server, it runs jobs as requested by the schedule daemon. When running on the media or client server, it allows for remote administration of the host.
Network data management protocol (NDMP) daemon runs on the administrative, media, and client servers; it provides data communication between servers in the administrative domain.
Robot Daemon runs only on the media server and helps manage communication to tape devices.
Proxy Daemon runs only on the client server and verifies user access for
SBT
backup and restore operations.
Now that you have a basic understanding of the OSB architecture, you are ready to download and install the OSB software.
You can download the OSB software from Oracle's Technology Network (OTN) site at www.oracle.com/technetwork/database/secure-backup/downloads/.
For the examples in this chapter, I downloaded OSB version 10.3.0.3.0, and saved the zip file osb-10.3.0.3.0_linux32.zip
under a staging directory /stage/osb
of my admin server in the OSB administrative domain. You can stage this binary file in a choice of your location on your server.
Oracle recommends installing the OSB software under the directory /usr/local/oracle/backup
for Unix and Linux platforms and C::Program FilesOracleBackup
for the Windows platform. Once you have downloaded the OSB zip file and copied it to the appropriate directory, then you may proceed to the installation steps, as shown here:
root
.
$ su - root
uncompress
utility is not available, create a link.
# ln -s /bin/gunzip /bin/uncompress
# cd /stage/osb
# unzip osb-10.3.0.3.0_linux32.zip
# mkdir -p /usr/local/oracle/backup
setup
script.
# cd /usr/local/oracle/backup
# /stage/osb/osb-10.3.0.3.0_linux32/setup
The following output is displayed:
Welcome to Oracle's setup program for Oracle Secure Backup. This
program loads Oracle Secure Backup software from the CD-ROM to a
filesystem directory of your choosing.
This CD-ROM contains Oracle Secure Backup version 10.3.0.3.0_LINUX32.
Please wait a moment while I learn about this host... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
1. linux32
administrative server, media server, client
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Loading Oracle Secure Backup installation tools... done.
Loading linux32 administrative server, media server, client... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Oracle Secure Backup has installed a new obparameters file.
Your previous version has been saved as install/obparameters.savedbysetup.
Any changes you have made to the previous version must be
made to the new obparameters file.
Would you like the opportunity to edit the obparameters file
Please answer 'yes' or 'no' [no]:
Enter
key. The following output is displayed:
Loading of Oracle Secure Backup software from CD-ROM is complete.
You may unmount and remove the CD-ROM.
Would you like to continue Oracle Secure Backup installation with
'installob' now? (The Oracle Secure Backup Installation Guide
contains complete information about installob.)
Please answer 'yes' or 'no' [yes]:
Enter
key to proceed with running the installob
. The following output is displayed:
Welcome to installob, Oracle Secure Backup's installation program.
For most questions, a default answer appears enclosed in square brackets.
Press Enter to select this answer.
Please wait a few seconds while I learn about this machine... done.
Have you already reviewed and customized install/obparameters for your
Oracle Secure Backup installation [yes]?
Enter
to proceed with the OSB installation. The following output is displayed:
Oracle Secure Backup is already installed on this machine (BLLNX4).
Would you like to re-install it preserving current configuration data[no]?
yes
to retain the previous configuration. The following output is displayed:
Oracle Secure Backup's Web server has been loaded, but is not yet configured.
Choose from one of the following options. The option you choose defines
the software components to be installed.
Configuration of this host is required after installation completes.
You can install the software on this host in one of the following ways:
(a) administrative server, media server and client
(b) media server and client
(c) client
If you are not sure which option to choose, please refer to the Oracle
Secure Backup Installation Guide. (a,b or c) [a]? a
Enter
to accept the default value a
, which is to configure the server as the administrative server, media server, and client. The following output is displayed:
Beginning the installation. This will take just a minute and will produce
several lines of informational output.
Installing Oracle Secure Backup on BLLNX4 (Linux version 2.6.9-67.EL)
You must now enter a password for the Oracle Secure Backup admin user.
Oracle suggests you choose a password of at least eight characters in length,
containing a mixture of alphabetic and numeric characters.
Please enter the admin password:
Re-type password for verification:
admin
user. The following output is displayed:
You should now enter an email address for the Oracle Secure Backup 'admin'
user. Oracle Secure Backup uses this email address to send job summary
reports and to notify the user when a job requires input. If you leave this
blank, you can set it later using the obtool's 'chuser' command.
Please enter the admin email address: [email protected]
generating links for admin installation with Web server
checking Oracle Secure Backup's configuration file (/etc/obconfig)
protecting the Oracle Secure Backup directory
creating /etc/rc.d/init.d/observiced
activating observiced via chkconfig
upgrading the administrative domain (where required)
****************************** N O T E ******************************
On Linux systems Oracle recommends that you answer no to the next two
questions. The preferred mode of operation on Linux systems is to use
the /dev/sg devices for attach points as described in the 'ReadMe'
and in the 'Installation and Configuration Guide'.
Is BLLNX4 connected to any tape libraries that you'd like to use with
Oracle Secure Backup [no]? no
Is BLLNX4 connected to any tape drives that you'd like to use with
Oracle Secure Backup [no]? no
no
for both prompts. The following final output is displayed showing the installation summary:
Installation summary:
Installation Host OS Driver OS Move Reboot
Mode Name Name Installed? Required? Required?
admin BLLNX4 Linux no no no
Oracle Secure Backup is now ready for your use.
Note To remove the Oracle Secure Backup, as root
run the uninstallob
shell script located in the OSB_HOME/install
directory. The operating system variable OSB_HOME
is commonly set to the /usr/local/oracle/backup
directory.
All the examples in this chapter use either obtool
or RMAN to access OSB and perform tasks such as creating backups and restoring files. This section focuses on connecting to the obtool
utility. The first time you run the obtool
utility, you will be prompted for the password of the admin
user, which is the default OSB user created when you installed OSB. When prompted, use the password you specified when you installed the OSB software:
$ obtool
Oracle Secure Backup 10.3
login:
To launch obtool
utility and logon to a specific user, use the -u
option, as shown here. You will learn on how to maintain OSB users in the next section.
$ obtool -u apress_oracle
To verify the OSB user that you are logged in as, issue the id
command:
ob> id
apress_oracle
To view a list of obtool
help topics, enter the following command:
ob> help topics
Here is a small snippet of the output:
Help is available on the following topics:
advanced .. advanced and seldom-used commands
backups .. data backup operations
backupwindow .. backup window definition
browser .. file system browser
checkpoint .. checkpoint management
class .. user class rights
To exit the obtool
utility, issue either exit
or quit
commands, as shown here:
ob> exit
Once OSB is installed, you can run a simple backup command. However, for an environment where security is one of the top priorities, you may want to change the OSB default settings first. Imagine that tight security is strictly enforced on your production database, and a single OSB user account is used to backup both production and test databases. You are in a vulnerable situation because a DBA on your testing team can restore the backup of your production database to another server and access the data from there. To increase security and better manage your tape backups, I recommend creating new user accounts and assigning specific roles, as well as creating media families and database backup storage selectors. These topics are discussed in the next several subsections.
When OSB is installed, the default user account created is named admin
, which has all of the privileges relating to OSB. For security reasons, create separate OSB user accounts to access the different environments, such as production, test, and development. Also, assign specific classes (or roles) to these users, such as admin
, operator
, oracle
, user
, and reader. Monitor
them to limit their rights to modify OSB administrative domain configurations and perform backup and restore operations. Limiting rights ensures that a particular OSB user can back up the test database, but has no rights to, say, restore the production database.
To determine the rights of class admin, issue the lsclass
command, as shown here:
ob> lsclass -l admin
Here is some sample output:
admin:
browse backup catalogs with this access: privileged
access Oracle database backups: all
access file system backups: all
display administrative domain's configuration: yes
modify own name and password: yes
modify administrative domain's configuration: yes
modify catalog: yes
perform file system backups as self: yes
perform file system backups as privileged user: yes
list any jobs owned by user: yes
modify any jobs owned by user: yes
perform file system restores as self: yes
perform file system restores as privileged user: yes
receive email requesting operator assistance: yes
receive email describing internal errors: yes
receive email regarding expired passphrase keys: yes
query and display information about devices: yes
manage devices and change device state: yes
list any job, regardless of its owner: yes
modify any job, regardless of its owner: yes
perform Oracle database backups and restores: yes
Note To display the complete syntax of an OSB command, issue the help
command followed by the OSB command.
To create an OSB user, issue the mkuser
command. In the following example, OSB user apress_oracle
is created and assigned with oracle
rights:
ob> mkuser --class oracle apress_oracle --preauth BLLNX3:oracle+cmdline+rman
The +cmdline
attribute in the --preauth
option grants the oracle
OS user preauthorized access to obtool utility, while the +rman
attribute grants Oracle Database SBT backups via RMAN. If no +rman
preauthorization is defined for the server hosting the target database that you want to backup, then the RMAN backup fails with ORA-19511 error, as shown here:
ORA-19511: Error received from media manager layer, error text:
sbt__rpc_cat_query: Query for piece u8lr5bs6_1_1 failed.
(Oracle Secure Backup error: 'no preauth config found for OS user (OB tools) oracle').
If you want to view all OSB users, issue the lsuser
command:
ob> lsuser
Table 20–1 describes the various OSB commands used to maintain the OSB user accounts.
Table 20–1. OSB Commands to Maintain OSB User
Command | Meaning |
mkuser |
To create an OSB user. |
lsuser |
To display information about OSB users. |
renuser |
To rename an OSB user. |
chuser |
To modify the attributes of an OSB user. |
rmuser |
To delete an OSB user. |
The media family classifies and defines the characteristics of the tape volume, such as the volume ID, volume expiration, and write window. The volume ID, which is used by OSB to uniquely identify the tape volume, consists of the name of the media family affixed with a six-digit sequence number generated by OSB. For example, if the name of the media family is APRESS_BACKUP
, then the first volume ID is APRESS_BACKUP-000001
, the second is APRESS_BACKUP-000002
, and so on.
There are two types of volume expiration policies: time-managed and content-managed. The tape volumes in a time-managed media family can expire after surpassing the expiration time; in a content-managed media family, they expire when all of the backup pieces on the volume are marked as deleted. For file-system backups, you must use a time-managed media family to let OSB manage the volume expiration. For RMAN backups, you must use content-managed media family to let RMAN manage the expiration of the backup pieces on the tape volume instead of OSB. This avoids inconsistency between the RMAN metadata and contents of the tapes.
To create a time-managed media family, issue the mkmf
command. In the following example, media family APRESS_OS
has 7 days of write-period and 14 days of retention period. This means the volumes of media family APRESS_OS will expire and are ready for recycling after 21 days since the first backup piece is created on the tape volume:
ob> mkmf --writewindow 7days --retain 14days APRESS_OS
To create a content-managed media family, issue the mkmf
, as shown here. Since the default volume expiration policy is content-managed, you can omit the ----contentmanaged
option.
ob> mkmf --contentmanaged APRESS_RMAN
Table 20–2 describes OSB commands used to maintain the media families.
Table 20–2. OSB Commands to Maintain Media Family
Command | Meaning |
mkmf |
To create a media family. |
lsmf |
To display information about media families. |
renmf |
To rename a media family. |
chmf |
To modify the attributes of a media family. |
rmmf |
To delete a media family. |
To increase security and better manage your tape backups, you may create separate media families for different environments, such as production, test, and development. In this way, the backup of the production database and test database are not sharing the same tape volumes.
The default media family for RMAN backup is RMAN-DEFAULT
. To use a different media family when running RMAN backup, create a database backup storage selector using the mkssel
command. In the following example, the database backup storage selector name is BLLNX3-DB11R2.ssel
, which assigns the media family APRESS_RMAN
for RMAN backups on Oracle database DB11R2
hosted on client server BLLNX3
:
ob> mkssel --host BLLNX3 --dbname DB11R2 --family APRESS_RMAN BLLNX3-DB11R2.ssel
Note If an RMAN backup matches the Oracle database and/or client host defined on a database backup storage selector, then you don't have to pass the OS environment variable OB_MEDIA_FAMILY parameter when allocating the RMAN channel for SBT_TAPE.
Refer to Table 20–3 for descriptions of OSB commands related to maintaining the database backup storage selector.
Table 20–3. OSB Commands to Maintain Database Backup Storage Selector
Command | Meaning |
mkssel |
To create a database backup storage selector. |
lsssel |
To display information about database backup storage selectors. |
renssel |
To rename a database backup storage selector. |
chssel |
To modify the attributes of a database backup storage selector. |
rmssel |
To delete a database backup storage selector. |
In Chapter 18, you learned how to use RMAN to back up database files to disk. In this section, you will use OSB and RMAN to create backups on tape. There are two ways to configure RMAN for a backup to tape:
The first option is to allocate an RMAN channel for SBT_TAPE
inside the run{}
block. In the following example, the media family APRESS_RMAN
is passed as a parameter to the environment variable OB_MEDIA_FAMILY
. The tape volumes will have a volume ID of APRESS_RMAN
affixed with a six-digit sequence number generated by OSB.
RMAN> run {
allocate channel t1 type sbt_tape parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)';
backup database;
}
You can configure multiple channels for SBT_TAPE equivalent to the number of available physical tape devices. However, if you allocate two channels and only have one physical tape device, the other channel will just wait for the tape resource to become available. You can also use the CONFIGURE
command to set the RMAN channel for SBT_TAPE
, as shown here:
RMAN> configure channel device type sbt_tape
parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)';
RMAN> backup device type sbt_tape database;
To monitor the backup jobs you have submitted, refer to the “OSB Job Monitoring” section in this chapter. For descriptions of other OSB media management parameters, refer to Table 20–4.
Note If no media family is explicitly passed when allocating/configuring RMAN channel for SBT_TAPE or no Database Backup Storage Selector defined for the specific host and/or database, OSB will use the default media family RMAN-DEFAULT
, which is created when OSB is installed.
Table 20–4. OSB Media Management Parameters
Parameter | Meaning |
OB_MEDIA_FAMILY |
To specify the media family that defines the characteristics of the tape volumes. |
OB_DEVICE |
To specify the tape drives to use during backup. |
OB_RESOURCE_WAIT_TIME |
To specify the wait time for resources to become available. |
OB_ENCRYPTION |
To specify the OSB encryption. If this is set, then OSB does not perform further encryption. |
OB_RESTORE_DEVICE |
To specify the tape drives to use during restore. |
For RMAN restore and recover, you have to allocate an RMAN channel for SBT_TAPE
. In the following example, the RMAN channel for SBT_TAPE
is allocated inside the run{}
block:
RMAN> run {
allocate channel t1 type sbt_tape;
restore database;
recover database;
}
Another option is to run the CONFIGURE
command. Unlike the previous example, you must include the PARMS
clause in the CONFIGURE
command (if you don't use the PARMS
clause, a syntax error is returned):
RMAN> configure channel device type sbt_tape
parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)';
RMAN> restore device type sbt_tape database;
RMAN> recover device type sbt_tape database;
Suppose you have a scenario where the production server is completely gone due to a catastrophic event, but luckily you have an offsite tape backup of the database. In addition, you are not using an RMAN recovery catalog, and control file autobackup is disabled. You discover that the latest backup of the control file is corrupted, but you are able to restore the control file from a backup taken two days ago. After mounting the database, you realize that the latest RMAN backups taken yesterday are not in the list when you issue the RMAN LIST BACKUP
command (because the control file restored was from two days ago and has no knowledge of yesterday's RMAN backup).
In this situation, the control file restored from a backup taken two days ago has no information about the backup pieces created on tape yesterday. To make the RMAN repository (control file in this scenario) aware of backup pieces on tape, do the following:
Next, issue the CATALOG DEVICE TYPE SBT_TAPE BACKUPPIECE
command, followed by the name of the backup piece. In this example, one backup piece is cataloged:
RMAN> catalog device type sbt_tape backuppiece 'silr06fk_1_1';
If you have multiple backup pieces that you want to catalog, you must issue the CATALOG DEVICE TYPE SBT_TAPE BACKUPPIECE
command for each individual backup piece. The key in cataloging the RMAN backup pieces on tape is you must know the exact names of the backup pieces.
Note As mentioned in Chapter 19, for disk-based backups, you can easily make the RMAN repository aware of multiple backup pieces via the CATALOG START WITH <directory> command. However, this technique only works for disk-based backups and not tape backups.
What if you don't know the names of the back pieces? One way to figure out their names is to check the RMAN log file generated during the RMAN backup. In the snippet of the RMAN log file shown here, the RMAN backup piece is silr06fk_1_1
:
channel ORA_SBT_TAPE_1: finished piece 1 at 21-OCT-2010 08:29:35
piece handle=silr06fk_1_1 tag=TAG20101021T082105 comment=API Version 2.0,MMS Version 10.3.0.2
channel ORA_SBT_TAPE_1: backup set complete, elapsed time: 00:08:26
But what if the RMAN log file is not available? You can issue the lspiece
command using the obtool
utility. In the following example, the output is filtered to display only the backup pieces for the hostname BLLNX3
that hosts the database DB11R2
:
The following is the snippet of the output of the LSPIECE
command:
POID Database Content Copy Created Host Piece name
8830 DB11R2 incremental 0 10/21.08:23 BLLNX3 silr06fk_1_1
This listing shows information such as the creation date and backup piece name. In this example, the missing RMAN backup piece is silr06fk_1_1
. After you catalog the missing RMAN backup pieces, you can proceed with the RMAN restore and recovery.
Like any backup job, you need to define the three Ws and one H. What data to backup? When to run the backup? Where to store the backup? How the backup runs? To accomplish these 3 Ws and 1 H using OSB, you need to create a dataset file, as well configure a backup window, a schedule, and a trigger.
Dataset files define the directories and files on the client hosts that you want to backup. In the following example, this dataset file specifies to include all files under the directory /home/oracle
on the client hosts BLLNX1
except for files under the directory /home/oracle/temp
and Oracle database-related files:
include host BLLNX1
include path /home/oracle {
exclude path /home/oracle/temp
exclude oracle database files
}
To create a dataset file named bllnx1_home-oracle.ds
, perform the following steps using the obtool
utility, as shown here:
mkds
command and followed by the name of the dataset file.
ob> mkds bllnx1_home-oracle.ds
vi
editor is invoked, and a dataset template is displayed.include host BLLNX1
include path /home/oracle {
exclude oracle database files
exclude path /home/oracle/temp
}
Esc
key, :
and wq!
Enter
key to confirm the changes.
Apply your changes, if any [yes]?
You just created a dataset file. For descriptions of other dataset commands, refer to Table 20–5.
Command | Meaning |
catds |
To display the contents of a dataset file. |
cdds |
To change the dataset directory. |
chkds |
To check the syntax in a dataset file. |
edds |
To modify a dataset file. |
lsds |
To list the dataset file and dataset directory names. |
mkds |
To create a dataset file or dataset directory. |
pwdds |
To show the current directory in the dataset directory tree. |
rends |
To rename a dataset file or dataset directory. |
rmds |
To delete a dataset file or dataset directory. |
The backup window defines the range of time the scheduled backups are allowed to run. The default backup window is daily 00:00 to 24:00. If there is no backup window defined, the scheduled backups are not going to run at all.
For production servers, you may want the backups to run daily only between 1 a.m. and 5 a.m. when there is minimal database traffic. To define a range of time for your backup window, perform the following steps:
rmbw
command, as shown here:
ob> rmbw daily
lsbw
command.
ob> lsbw
There are no backup windows.
This result indicates that the daily backup window is already removed.
addbw
command. The following example defines the backup window daily from 01:00 to 0500:
ob> addbw --times '01:00-05:00' ,mon,tue,wed,thu,fri,sat,sun
For other backup window commands, refer to Table 20–6.
Table 20–6. Backup Window Commands
Command | Meaning |
addbw |
To add a backup window. |
chkbw |
To check whether there is a backup window defined. |
lsbw |
To list the backup windows. |
rmbw |
To remove a backup window. |
setbw |
To modify a backup window. |
The backup schedule defines what data to backup, where to store the backup, and how the backup runs, while the triggers define when a backup is scheduled to run. For what data to backup, set the specific datasets. For where to store the backup, set the specific tape drives. If no specific tape drive is selected, then any available tape drive will be used. For how the backup runs, set the job priority and backup encryption options. The lower the value of the job priority number, the greater preference is assigned to the job by the scheduler. The default value of the job priority is 100 and no for the encryption option.
The following example uses the MKSCHED
command to create a backup schedule named bllnx1_home-oracle.sched
for dataset bllnx1_home-oracle.ds
:
After creating the backup schedule, create a trigger to define when to run the scheduled backup. The following example uses the CHSCHED
command to define a trigger for schedule bllnx1_home-oracle.sched
to run daily at 02:00 (2 a.m.). The -a option means the addtrigger, the –d option means day, the –t option means time, and the –f means media family.
ob> chsched -a -d daily -t 02:00 -f APRESS_OS bllnx1_home-oracle.sched
To display the information about the backup schedules, issue the lssched
command, like so:
ob> lssched -l bllnx1_home-oracle.sched
bllnx1_home-oracle.sched:
Type: backup
State: enabled
Dataset: bllnx1_home-oracle.ds
Encryption: no
UUID: 1ea82008-bfdd-102d-a743-0002a530c867
Trigger 1:
Day/date: daily
At: 02:00
Backup level: full
Media family: APRESS_OS
You just scheduled a backup named bllnx1_home-oracle.sched
that is going to run daily at 2 a.m. To monitor the jobs, refer to the “OSB Job Monitoring” section in this chapter.
To remove a backup schedule, issue the rmsched
command, as shown here:
ob> rmsched bllnx1_home-oracle.sched
To run a one-time backup on a specific client host use the backup
command. In the following example, the dataset file is bllnx1_home-oracle.ds
, which was created earlier:
ob> backup --dataset bllnx1_home-oracle.ds --go
If you omit the --go
option, the backup request is still in the queue. You can issue the lsbackup
command to display the backup requests that are queued, as shown here:
ob> lsbackup
Item # Save data
1 dataset bllnx1_home-oracle.ds
To forward the backup request to the OSB scheduler, issue the following backup
command with the GO
option, as shown here:
ob> backup --go
To manually back up the OSB catalog of the admin server, issue the following backup
command:
ob> backup --level 0 --dataset OSB-CATALOG-DS --go
To monitor the backup jobs you have submitted, refer to the “OSB Job Monitoring” section of this chapter.
Note By default, OSB-CATALOG-SCHED
is scheduled to run daily at 1 a.m. to backup the OSB catalog using the dataset file OSB-CATALOG-DS
.
There are three options on how you can restore from a file-system backup:
obtar
commandIn a catalog-based restore, you provide the directory and file, which you can browse from the OSB catalog. In both the raw restore and the obtar
command, you provide the volume ID and file number. The volume ID is the unique name (that contains the media family) assigned to a tape volume, and the file number is the number of the backup image on the tape volume. Both the catalog-based restore and raw restore are performed using the obtool
utility, while the obtar
commands are issued at the operating system prompt.
For a catalog-based restore, you can browse the OSB catalog to determine and verify the files you want to restore. In the following example, you want to restore the file /home/oracle/scripts/rmanbkup.sh
of the client host BLLNX1
. To restore the files using the OSB catalog, perform the following steps:
BLLNX1
, which is the source host.
ob> set host BLLNX1
cd
command to navigate to the directory.
ob> cd /home/oracle/scripts
ls
command to verify the files in the directory.
ob> ls -l rmanbkup.sh
-rwxr-xr-x oracle.oinstall 782 2010/01/13.18:14 rmanbkup.sh (0)
restore
command.
ob> restore '/home/oracle/scripts/rmanbkup.sh' --go
To monitor the restore job, refer to the OSB Job Monitoring section (covered a bit later in this chapter).
To restore a data using the raw restore, you must know the volume ID and file number where to extract the data from. However, you know that the backups are using a particular media family, which can make the search a bit easier.
In the following example, you are going to restore the file /home/oracle/scripts/rmanbkup.sh
from a tape volume that has media family APRESS_OS
.
lsvol
command with --contents
option to display the contents of the volumes associated to media family APRESS_OS
:
ob> lsvol --contents --family APRESS_OS --nobarcode
VOID OOID Seq Volume ID Family Created Attributes
2845 2845 1 APRESS_OS-000001 APRESS_OS 10/21.04:41 open; closes 10/28.04:41
BSOID File Sect Level Host Size Created Attributes
31250 1 1 0 BLLNX1 208.6 MB 10/21.04:41
31258 2 1 0 BLLNX1 208.8 MB 10/21.06:04
31260 3 1 0 BLLNX1 210.1 MB 10/21.12:23
31261 4 1 0 BLLNX1 210.1 MB 10/21.12:34
10/21.06:04
(i.e. October 21 at 6:04am). The corresponding file number is 2
, and the volume ID is APRESS_OS-000001
. Issue the following restore
command, as shown here. The -R
option indicates a raw restore operation and does not use an OSB catalog, while the –F option means the filenumber, and the –v option means the volume ID.
ob> restore -R -F 2 -v APRESS_OS-000001 /home/oracle/scripts/rmanbkup.sh --go
To monitor the restore job, refer to the “OSB Job Monitoring section” of this chapter.
When you run the OSB restores, they are actually translated to obtar
commands in the background. The obtar
commands are issued at the operating system level. The obtar
command is seldom used to perform restore operations, since you need to provide the volume ID and file number, which is not readily available especially if you have no access to the OSB catalog.
In the following example, you are going to restore the file /home/oracle/scripts/rmanbkup.sh
from the tape that has volume ID APRESS_OS-000001
at file number 2
.
loadvol
command to manually load the tape that has volume ID APRESS_OS-000001
to an available tape drive. Here I used tape drive vdrive8
.
ob> loadvol -D vdrive8 --volume APRESS_OS-000001
-t
option.
$ obtar -t -f vdrive8
obtar
command, issue the following command with the -x
option. The -F
option means the file number, and the -k
option avoids overwriting the existing file.
$ obtar -F 2 -x -f vdrive8 -k /home/oracle/scripts/rmanbkup.sh
obtar
command, which is executed at the operating system level, you can't monitor the restore job using the obtool
utility. However, one way to verify whether the file is restored is to issue the ls
OS command.
$ ls -l /home/oracle/scripts/rmanbkup.sh
You submitted a backup or restore operation for an Oracle database using RMAN or file-system data using Oracle Enterprise Manager (OEM), OSB Web tool, or obtool
utility, and you want to check whether the job is active, pending, or completed. To check the status of an OSB job, issue the lsjob
command and catxcr
command to show the details about the operation of a job.
To display the jobs that are still running, issue lsjob
command with the --active
or -a
option. For other job states, use --complete
or -c
option for completed jobs, --pending
or -p
for pending jobs, --inputrequest
or -i
for jobs currently requesting input, and --all
or -A
to display all jobs regardless of the job state. For example, to list active jobs:
ob> lsjob --active
For RMAN jobs, use the --dbname
or -d
option to limit the output for a specific Oracle database. If you know the database ID, you can use the --dbid
or -I
option instead. This example uses the dbname
parameter:
ob> lsjob --active --dbname DB11R2
In the following output, the State column indicates that the job is still running. Once the job is done without errors, the State column displays “completed successfully.”
Job ID Sched time Contents State
---------------- ---------- ------------------ -----------------------------
apress_oracle/83.1 none incremental backup running since 2010/10/22.22:13
For file-system jobs, use the --host
or -h
option to limit the output for a specific client host, as shown here:
ob> lsjob --active --host BLLNX1
Job ID Sched time Contents State
---------------- ----------- ------------- --------------------------------
apress_admin/36.1 none backup BLLNX1 running since 2010/10/22.22:11
To monitor active jobs, use the lsjob
command. If there are several active jobs running, you can filter the output by providing the job ID. However, if the job is already completed, you can use the same command, but you need to remove the -a
option and provide the corresponding job ID. I usually run the lsjob
command with the following options:
ob> lsjob -a -l -j -o -R -L -C
The prior command displays detailed information about the status of the job. Here is some sample output:
apress_oracle/83:
Type: database DB11R2 (dbid=4187425583)
Scheduled time: none
Introduction time: 2010/10/22.22:12
Earliest exec time: 10/22.22:12
Last update time: 2010/10/22.22:12
Expire time: never
State: processed; Oracle job(s) scheduled
Priority: 100
Run on host: (administrative server)
Attempts: 0
Log:
apress_oracle/83.1:
Type: incremental backup
Backup piece: tclr1n5v_1_1
Family: APRESS_RMAN
Encryption: awaiting job completion
Scheduled time: none
Introduction time: 2010/10/21.22:12
Earliest exec time: 10/21.22:12
Last update time: 2010/10/22.22:15
Expire time: never
State: running since 2010/10/22.22:15
Priority: 100
Run on host: BLLNX3
Requires: family APRESS_RMAN and any device
Attempts: 4
Processed: 744.7 MB
Log:
2010/10/22.22:12:35 Dispatching job to run on BLLNX3.
2010/10/22.22:12:46 Drive or volume on which mount attempted is unusable.
2010/10/22.22:13:52 Dispatching job to run on BLLNX3.
2010/10/22.22:14:05 Drive or volume on which mount attempted is unusable.
2010/10/22.22:14:52 Dispatching job to run on BLLNX3.
2010/10/22.22:15:11 Drive or volume on which mount attempted is unusable.
2010/10/22.22:15:52 Dispatching job to run on BLLNX3.
In the output shown above, the lsjob
command displays all active jobs using the -a
option. Aside from showing the information about the job ID, scheduled time, contents and job state, the -l
option shows more information, such as the RMAN backup piece, media family, encryption status, priority number, the host where the job runs, and number of times OSB attempted to run the job. The --subjobs
or -j
shows the subordinate job (subjob), which is apress_oracle/83.1
. The --progress
or -o
option shows the progress of the active job, which is 744.7 MB processed
so far. The --requires
or -R
option show resources required to run each job, which is media family APRESS_RMAN
and any device. The --log
or -L
option shows the log associated for the job, which is the log information shown at the bottom of the output. The --times
or -C
option shows all relevant times for each job, such as introduction time, earliest exec time, last update time, and expire time.
Aside from the lsjob
command to help monitor the OSB job, you can issue the catxcr
command to gather detailed information about the operation of the job. The --folow
or -f
option shows the transcript as the file grows, which is useful when monitoring active jobs. The --msgno
or -m
shows the number for each line in the transcript. The --level
or -l
option indicates the message level, which is useful to generate additional messages for debugging or troubleshooting. For example:
If you run an RMAN backup and allocated two RMAN channels for SBT_TAPE
, then two sub-jobs are created. The lsjob
command with the --subjobs
option displays details for each sub-job. For example:
ob> lsjob --active --subjobs
Job ID Sched time Contents State
---------------- ----------- -------------------- -----------------------------
apress_oracle/88 none database DB11R2 (dbid=4187425583) processed;
Oracle job(s) scheduled
apress_oracle/88.1 none incremental backup running since 2010/10/22.23:34
apress_oracle/88.2 none incremental backup running since 2010/10/22.23:34
The prior output shows two sub-job IDs, namely apress_oracle/88.1
and apress_oracle/88.2
, which is one for each of the two RMAN channels. To show the transcript of a particular sub-job, provide the sub-job ID apress_oracle/88.2
, as shown here:
ob> catxcr -f -m -l 0 apress_oracle/88.2
You may relate to the expression “experience is the best teacher.” You have read this chapter, and you want to try the OSB commands and examples yourself. However, you don't have a physical tape device connected to any test servers in your environment. In this situation, where you are going to install and experiment with OSB? Well, you can configure a virtual test device solely for testing purposes.
Caution You should not implement virtual test devices in a production environment. Oracle Support does not provide support for virtual test devices.
To configure a virtual test device, perform the following steps. In this example, the hostname of the media server is BLLNX3
.
$ su - oracle
$ mkdir /osb_vdevices
admin
user to the obtool
utility, and provide the corresponding password.
$ obtool -u admin
Password:
mkdev
command using the -t
option to specify the device as a tape library and the -v
option to specify as a virtual tape library. The -S
option specifies the number of storage elements. The -I
option specifies the number of export and import elements. The -o
option specifies that the tape device is logically available to OSB. The -B
option with the yes
value specifies that the barcode reader is present. The -a
option attaches the virtual library vlib1
to directory /osb_vdevices/vlib1
of host BLLNX3
.
ob> mkdev -t library -v -S20 -I2 -o -B yes -a BLLNX3:/osb_vdevices/vlib1 vlib1
mkdev
command using the -t
option to specify the device as a tape device and the -v
option to specify as a virtual tape device. The -o
option specifies that the tape device is logically available to OSB. The -l
option specifies the name of the associated tape library. The -d
option specifies the data transfer element (DTE). The -a
option attaches the virtual tape vdrive1
to directory /osb_vdevices/vdrive1
of host BLLNX3
. To configure additional virtual tape devices, run the same mkdev
command. However, for the second virtual tape device, change the name vdrive1
and directory /osb_vdevices/vdrive1
to vdrive2
and directory /osb_vdevices/vdrive2
, respectively, and so on.
ob> mkdev -t tape -v -o -l vlib1 -d1 -a BLLNX3:/osb_vdevices/vdrive1 vdrive1
insertvol
command to manually insert a volume to the tape library. The -L
option specifies the library name, which is vlib1
. Since there are 20 storage elements defined when the virtual library is created, then issue unlabeled 1-20
to insert 20 new volumes.
ob> insertvol -L vlib1 unlabeled 1-20
lsvol
command to display the volumes in the tape library vlib1.
ob> lsvol -l -L vlib1
You have an older version of the OSB installed and you want to upgrade to the current release. To perform an OSB upgrade, perform steps similar to installing OSB. However, before performing the OSB upgrade, make sure to backup the OSB catalog in the admin server and stop the OSB daemons and services at all hosts in the administrative domain. Also, upgrade the admin server first, then the media servers and client hosts.
For OS-specific commands to start and stop OSB services, refer to Table 20–7. You must have root
privilege on Linux/Unix or be a member of the Administrators group for Windows to run these commands.
Table 20–7. OSB Service Shutdown and Startup Commands
Operating System | Shutdown Command | Startup Command |
Linux | /etc/init.d/observiced stop |
/etc/init.d/observiced start |
Solaris | /etc/init.d/OracleBackup stop |
/etc/init.d/OracleBackup start |
AIX | /etc/rc.d/init.d/OracleBackup stop |
/etc/rc.d/init.d/OracleBackup start |
HP-UX | /sbin/init.d/OracleBackup stop |
/sbin/init.d/OracleBackup start |
Windows | net stop observiced |
net start observiced |
Note Oracle Secure Backup release 10.3 is not backward compatible with previous releases, such 10.1 and 10.2.
OSB is a tool you can use to back up and restore operating system files to and from tape. OSB is a full-featured tape management utility. OSB can be integrated with RMAN to facilitate the backup of database files directly to tape. This provides you with extra data protection in the event that the entire server or data center experiences a failure.
OSB is available in two editions: Oracle Secure Backup Express and Oracle Secure Backup. The Express version is available for use without extra licensing costs and is suitable for small shops with one server and one physical tape device. The full-fledged Oracle Secure Backup edition is suitable for distributed servers across multiple platforms (Linux, Unix, Windows).
You can access OSB through graphical tools like Enterprise Manager and OSB Web tool or through command line tools such as obtool
. This chapter focused on demonstrating how to use the command line obtool
for backup and restore operations.
This chapter concludes the section covering backup and recovery. The next chapter focuses on automating jobs and database troubleshooting.
18.227.111.33