The following sections provide information and procedures for backing up the primary configuration artifacts of a Oracle Communications Services Gatekeeper domain:
Recovery from the failure of a server instance requires access to the domain’s configuration and security data. Oracle Communications Services Gatekeeper can be configured to perform certain domain backups automatically. The administrator must also perform a manual backup of the domain configuration artifacts and store those backups outside of the actual domain directory.
By default, the Administration Server stores a domain’s primary configuration data in a file called domain_name
/config/config.xml
, where domain_name
is the root directory of the domain. The primary configuration file may reference additional configuration files for specific WebLogic Server services, such as JDBC and JMS. The configuration for specific services are stored in additional XML files in subdirectories of the domain_name
/config
directory, such as domain_name
/config/jms
and domain_name
/config/jdbc
.
The Administration Server can automatically archive multiple versions of the domain configuration (the entire domain-name
/config
directory). The configuration archives can be used for system restoration in cases where accidental configuration changes need to be reversed. For example, if an administrator accidentally removes a configured resource, the prior configuration can be restored by using the last automated backup.
The Administration Server stores a finite number of automated backups locally in domain-name
\config
. For this reason, automated domain backups are limited in their ability to guard against data corruption, such as a failed hard disk. Automated backups also do not preserve certain configuration data that are required for full domain restoration, such as LDAP repository data and server start-up scripts. Oracle recommends that you also maintain multiple backup copies of the configuration and security offline, in a source control system, as described in Backing Up Domain Security Data.
Follow these steps to enable automatic domain configuration backups on the Administration Server for your domain:
When you enable configuration archiving, the Administration Server automatically creates a configuration JAR file archive each time the Administrator uses the Activate Changes button in the Administration Console to change the active configuration. The JAR file contains a complete copy of the previous configuration (the complete contents of the domain-name
\config
directory). JAR file archive files are stored in the domain-name
\configArchive
directory. The files use the naming convention config-
number
.jar
, where number
is the sequential number of the archive.
When you save a change to a domain’s configuration, the Administration Server saves the previous configuration in domain-name
\configArchive\config.xml#
n
. Each time the Administration Server saves a file in the configArchive
directory, it increments the value of the #
n
suffix, up to a configurable number of copies—5 by default. Thereafter, each time you change the domain configuration:
Keep in mind that configuration archives are stored locally within the domain directory, and they may be overwritten according to the maximum number of revisions you selected. For these reasons, you must also create your own off-line archives of the domain configuration, as described in Storing the Domain Configuration Offline.
Although automatic backups protect against accidental configuration changes, they do not protect against data loss caused by a failure of the hard disk that stores the domain configuration, or accidental deletion of the domain directory. To protect against these failures, you must also store a complete copy of the domain configuration offline, preferably in a source control system.
Oracle recommends storing a copy of the domain configuration at regular intervals. For example, back up a new revision of the configuration when:
The domain configuration backup should contain the complete contents of the domain_name
/config
directory. For example:
cd ~/bea/user_projects/domains/mydomain
tar cvf domain-backup-06-17-2007.jar config
Store the new archive in a source control system, preserving earlier versions should you need to restore the domain configuration to an earlier point in time.
The WebLogic Security service stores its configuration data config.xml
file, and also in an LDAP repository and other files. As with the domain_name
/config
directory, a copy of the LDAP repository and security files should be stored offline each time you make a change to the security configuration.
The default Authentication, Authorization, Role Mapper, and Credential Mapper providers that are installed with Oracle Communications Services Gatekeeper store their data in an LDAP server. Each Oracle Communications Services Gatekeeper server instance contains an embedded LDAP server. The Administration Server contains the master LDAP server, which is replicated on all Managed Servers. If any of your security realms use these installed providers, you should maintain an up-to-date backup of the following directory tree:
domain_name
\servers\adminServer
\data\ldap
where domain_name
is the domain’s root directory and adminServer
is the directory in which the Administration Server stores runtime and security data.
Each Oracle Communications Services Gatekeeper server has an LDAP directory, but you only need to back up the LDAP data on the Administration Server—the master LDAP server replicates the LDAP data from each Managed Server when updates to security data are made. WebLogic security providers cannot modify security data while the domain’s Administration Server is unavailable. The LDAP repositories on Managed Servers are replicas and cannot be modified.
The ldap
/ldapfiles
subdirectory contains the data files for the LDAP server. The files in this directory contain user, group, group membership, policies, and role information. Other subdirectories under the ldap
directory contain LDAP server message logs and data about replicated LDAP servers.
Do not update the configuration of a security provider while a backup of LDAP data is in progress. If a change is made—for instance, if an administrator adds a user—while you are backing up the ldap
directory tree, the backups in the ldapfiles
subdirectory could become inconsistent. If this does occur, consistent, but potentially out-of-date, LDAP backups are available.
Once a day, a server suspends write operations and creates its own backup of the LDAP data. It archives this backup in a ZIP
file below the ldap\backup
directory and then resumes write operations. This backup is guaranteed to be consistent, but it might not contain the latest security data.
For information about configuring the LDAP backup, see Oracle WebLogic Server Administration Console on-line help at http://download.oracle.com/docs/cd/E12840_01/wls/docs103/ConsoleHelp/core/index.html.
All servers create a file named SerializedSystemIni.dat
and place it in the domain_name
/security
directory. This file contains encrypted security data that must be present to boot the server. You must back up this file.
If you configured a server to use SSL, also back up the security certificates and keys. The location of these files is user-configurable.
Certain additional files maintained at the operating system level can be helpful when recovering from a system failure. Consider backing up the following information as necessary for your system:
As with offline backups of the domain configuration, Oracle recommends storing multiple copies of the above files in a source control repository.