Pro Oracle Database 11g Administration (92 page)

Read Pro Oracle Database 11g Administration Online

Authors: Darl Kuhn

Tags: #Oracle DBA

To determine the rights of class admin, issue the lsclass command, as shown here: ob> lsclass -l admin

Here is some sample output:

admin:

552

CHAPTER 20 ■ ORACLE SECURE BACKUP

browse backup catalogs with this access: privileged

access Oracle database backups: all

access file system backups: all

display administrative domain's configuration: yes

modify own name and password: yes

modify administrative domain's configuration: yes

modify catalog: yes

perform file system backups as self: yes

perform file system backups as privileged user: yes

list any jobs owned by user: yes

modify any jobs owned by user: yes

perform file system restores as self: yes

perform file system restores as privileged user: yes

receive email requesting operator assistance: yes

receive email describing internal errors: yes

receive email regarding expired passphrase keys: yes

query and display information about devices: yes

manage devices and change device state: yes

list any job, regardless of its owner: yes

modify any job, regardless of its owner: yes

perform Oracle database backups and restores: yes


Note
To display the complete syntax of an OSB command, issue the help command followed by the OSB

command.

To create an OSB user, issue the mkuser command. In the following example, OSB user apress_oracle is created and assigned with oracle rights:

ob> mkuser --class oracle apress_oracle --preauth BLLNX3:oracle+cmdline+rman The +cmdline attribute in the --preauth option grants the oracle OS user preauthorized access to obtool utility, while the +rman attribute grants Oracle Database SBT backups via RMAN. If no +rman preauthorization is defined for the server hosting the target database that you want to backup, then the RMAN backup fails with ORA-19511 error, as shown here:

ORA-19511: Error received from media manager layer, error text:

sbt__rpc_cat_query: Query for piece u8lr5bs6_1_1 failed.

(Oracle Secure Backup error: 'no preauth config found for OS user (OB tools) oracle').

If you want to view all OSB users, issue the lsuser command:

ob> lsuser

Table 20–1 describes the various OSB commands used to maintain the OSB user accounts.

553

CHAPTER 20 ■ ORACLE SECURE BACKUP

Table 20–1.
OSB Commands to Maintain OSB User

Command Meaning

mkuser

To create an OSB user.

lsuser

To display information about OSB users.

renuser

To rename an OSB user.

chuser

To modify the attributes of an OSB user.

rmuser

To delete an OSB user.

Configuring Media Families

The media family classifies and defines the characteristics of the tape volume, such as the volume ID, volume expiration, and write window. The volume ID, which is used by OSB to uniquely identify the tape volume, consists of the name of the media family affixed with a six-digit sequence number generated by OSB. For example, if the name of the media family is APRESS_BACKUP, then the first volume ID is APRESS_BACKUP-000001, the second is APRESS_BACKUP-000002, and so on.

There are two types of volume expiration policies: time-managed and content-managed. The tape volumes in a time-managed media family can expire after surpassing the expiration time; in a contentmanaged media family, they expire when all of the backup pieces on the volume are marked as deleted.

For file-system backups, you must use a time-managed media family to let OSB manage the volume expiration. For RMAN backups, you must use content-managed media family to let RMAN manage the expiration of the backup pieces on the tape volume instead of OSB. This avoids inconsistency between the RMAN metadata and contents of the tapes.

To create a time-managed media family, issue the mkmf command. In the following example, media family APRESS_OS has 7 days of write-period and 14 days of retention period. This means the volumes of media family APRESS_OS will expire and are ready for recycling after 21 days since the first backup piece is created on the tape volume:

ob> mkmf --writewindow 7days --retain 14days APRESS_OS

To create a content-managed media family, issue the mkmf, as shown here. Since the default volume expiration policy is content-managed, you can omit the --contentmanaged option.

ob> mkmf --contentmanaged APRESS_RMAN

Table 20–2 describes OSB commands used to maintain the media families.

554

CHAPTER 20 ■ ORACLE SECURE BACKUP

Table 20–2.
OSB Commands to Maintain Media Family

Command Meaning

mkmf

To create a media family.

lsmf

To display information about media families.

renmf

To rename a media family.

chmf

To modify the attributes of a media family.

rmmf

To delete a media family.

To increase security and better manage your tape backups, you may create separate media families for different environments, such as production, test, and development. In this way, the backup of the production database and test database are not sharing the same tape volumes.

Configuring Database Backup Storage Selector

The default media family for RMAN backup is RMAN-DEFAULT. To use a different media family when running RMAN backup, create a database backup storage selector using the mkssel command. In the following example, the database backup storage selector name is BLLNX3-DB11R2.ssel, which assigns the media family APRESS_RMAN for RMAN backups on Oracle database DB11R2 hosted on client server BLLNX3: ob> mkssel --host BLLNX3 --dbname DB11R2 --family APRESS_RMAN BLLNX3-DB11R2.ssel


Note
If an RMAN backup matches the Oracle database and/or client host defined on a database backup storage selector, then you don’t have to pass the OS environment variable OB_MEDIA_FAMILY parameter when allocating the RMAN channel for SBT_TAPE.

Refer to Table 20–3 for descriptions of OSB commands related to maintaining the database backup storage selector.

555

CHAPTER 20 ■ ORACLE SECURE BACKUP

Table 20–3. OSB Commands to Maintain Database Backup Storage Selector
Command

Meaning

mkssel

To create a database backup storage selector.

lsssel

To display information about database backup storage selectors.

renssel

To rename a database backup storage selector.

chssel

To modify the attributes of a database backup storage selector.

rmssel

To delete a database backup storage selector.

Database Backup

In Chapter 18, you learned how to use RMAN to back up database files to disk. In this section, you will use OSB and RMAN to create backups on tape. There are two ways to configure RMAN for a backup to tape:

• Allocating a channel

• Configuring a channel

The first option is to allocate an RMAN channel for SBT_TAPE inside the run{} block. In the following example, the media family APRESS_RMAN is passed as a parameter to the environment variable OB_MEDIA_FAMILY. The tape volumes will have a volume ID of APRESS_RMAN affixed with a six-digit sequence number generated by OSB.

RMAN> run {

allocate channel t1 type sbt_tape parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)'; backup database;

}

You can configure multiple channels for SBT_TAPE equivalent to the number of available physical tape devices. However, if you allocate two channels and only have one physical tape device, the other channel will just wait for the tape resource to become available. You can also use the CONFIGURE

command to set the RMAN channel for SBT_TAPE, as shown here:

RMAN> configure channel device type sbt_tape

parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)';

RMAN> backup device type sbt_tape database;

To monitor the backup jobs you have submitted, refer to the “OSB Job Monitoring” section in this chapter. For descriptions of other OSB media management parameters, refer to Table 20–4.

556

CHAPTER 20 ■ ORACLE SECURE BACKUP


Note
If no media family is explicitly passed when allocating/configuring RMAN channel for SBT_TAPE or no Database Backup Storage Selector defined for the specific host and/or database, OSB will use the default media family RMAN-DEFAULT, which is created when OSB is installed.

Table 20–4.
OSB Media Management Parameters

Parameter Meaning

OB_MEDIA_FAMILY

To specify the media family that defines the characteristics of the tape volumes.

OB_DEVICE

To specify the tape drives to use during backup.

OB_RESOURCE_WAIT_TIME

To specify the wait time for resources to become available.

OB_ENCRYPTION

To specify the OSB encryption. If this is set, then OSB does not perform further encryption.

OB_RESTORE_DEVICE

To specify the tape drives to use during restore.

Database Restore

For RMAN restore and recover, you have to allocate an RMAN channel for SBT_TAPE. In the following example, the RMAN channel for SBT_TAPE is allocated inside the run{} block: RMAN> run {

allocate channel t1 type sbt_tape;

restore database;

recover database;

}

Another option is to run the CONFIGURE command. Unlike the previous example, you must include the PARMS clause in the CONFIGURE command (if you don't use the PARMS clause, a syntax error is returned): RMAN> configure channel device type sbt_tape

parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)';

RMAN> restore device type sbt_tape database;

RMAN> recover device type sbt_tape database;

Suppose you have a scenario where the production server is completely gone due to a catastrophic event, but luckily you have an offsite tape backup of the database. In addition, you are not using an RMAN recovery catalog, and control file autobackup is disabled. You discover that the latest backup of the control file is corrupted, but you are able to restore the control file from a backup taken two days ago. After mounting the database, you realize that the latest RMAN backups taken yesterday are not in the list when you issue the RMAN LIST BACKUP command (because the control file restored was from two days ago and has no knowledge of yesterday's RMAN backup).

557

CHAPTER 20 ■ ORACLE SECURE BACKUP

In this situation, the control file restored from a backup taken two days ago has no information about the backup pieces created on tape yesterday. To make the RMAN repository (control file in this scenario) aware of backup pieces on tape, do the following:

1. Configure a channel for tape.

2. Make the RMAN repository aware of the backup piece via the CATALOG

command.

Next, issue the CATALOG DEVICE TYPE SBT_TAPE BACKUPPIECE command, followed by the name of the backup piece. In this example, one backup piece is cataloged:

RMAN> catalog device type sbt_tape backuppiece 'silr06fk_1_1';

If you have multiple backup pieces that you want to catalog, you must issue the CATALOG DEVICE

TYPE SBT_TAPE BACKUPPIECE command for each individual backup piece. The key in cataloging the RMAN backup pieces on tape is you must know the exact names of the backup pieces.


Note
As mentioned in Chapter 19, for disk-based backups, you can easily make the RMAN repository aware of multiple backup pieces via the CATALOG START WITH command. However, this technique only works for disk-based backups and not tape backups.

What if you don't know the names of the back pieces? One way to figure out their names is to check the RMAN log file generated during the RMAN backup. In the snippet of the RMAN log file shown here, the RMAN backup piece is silr06fk_1_1:

channel ORA_SBT_TAPE_1: finished piece 1 at 21-OCT-2010 08:29:35

piece handle=
silr06fk_1_1
tag=TAG20101021T082105 comment=API Version 2.0,MMS Version 10.3.0.2

channel ORA_SBT_TAPE_1: backup set complete, elapsed time: 00:08:26

But what if the RMAN log file is not available? You can issue the lspiece command using the obtool utility. In the following example, the output is filtered to display only the backup pieces for the hostname BLLNX3 that hosts the database DB11R2:

The following is the snippet of the output of the LSPIECE command:

POID Database Content Copy Created Host Piece name 8830 DB11R2 incremental 0 10/21.08:23 BLLNX3
silr06fk_1_1

This listing shows information such as the creation date and backup piece name. In this example, the missing RMAN backup piece is silr06fk_1_1. After you catalog the missing RMAN backup pieces, you can proceed with the RMAN restore and recovery.

File System Backup

Like any backup job, you need to define the three Ws and one H. What data to backup? When to run the backup? Where to store the backup? How the backup runs? To accomplish these 3 Ws and 1 H using OSB, you need to create a dataset file, as well configure a backup window, a schedule, and a trigger.

558

CHAPTER 20 ■ ORACLE SECURE BACKUP

Creating Dataset Files

Dataset files define the directories and files on the client hosts that you want to backup. In the following example, this dataset file specifies to include all files under the directory /home/oracle on the client hosts BLLNX1 except for files under the directory /home/oracle/temp and Oracle database-related files: include host BLLNX1

include path /home/oracle {

exclude path /home/oracle/temp

exclude oracle database files

}

To create a dataset file named bllnx1_home-oracle.ds, perform the following steps using the obtool utility, as shown here:

Other books

Visitors by R. L. Stine
Vostok by Steve Alten
Night Kills by Ed Gorman
A Christmas Memory by Vos, Max
Poison Princess by Kresley Cole