Skip Headers
Oracle® Secure Backup Administrator's Guide
Release 10.3

Part Number E12834-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

11 Recovering the Oracle Secure Backup Catalog

To guard against the loss of data on a computer used to make backups, Oracle Secure Backup protects its own catalog and settings data. Without this metadata the backups that Oracle Secure Backup has made are just so many assorted tapes. If the catalog data is lost, then you can restore it to its state before the failure.

When Oracle Secure Backup is first installed on your administrative server, a scheduled job is set up by the installer to back up the catalog daily at midnight.

Oracle Secure Backup catalog recovery protects only the catalog and settings on an administrative server. The operating system and other installed software are not automatically backed up.

This chapter contains these sections:

11.1 Catalog Recovery Concepts

Oracle Secure Backup catalog recovery creates the following reserved objects:

All reserved catalog recovery objects are instances of the usual Oracle Secure Backup objects with some added restrictions. These reserved objects cannot be deleted, and some of their properties cannot be changed. The restrictions are meant to prevent you from accidentally disabling the catalog backup or changing the backup settings to something that does not perform correctly.

To modify catalog recovery objects, you can use obtool commands chsched, chmf, chsum, and edds. You can also use the Web tool or Oracle Enterprise Manager equivalents. The interface does not allow some things to be changed, but for everything else the reserved objects act just like normal objects.

11.1.1 Catalog Recovery Schedule Object

This object drives the catalog recovery backup. It is associated with a catalog recovery dataset object, which specifies the data to be backed up, and a catalog recovery media family object, which specifies characteristics of the tape volume.

The catalog recovery schedule object is created by the Oracle Secure Backup installer to perform a full backup at midnight each day. The priority is set at 50, rather than the default 100. A suitably-privileged Oracle Secure Backup user can:

  • Add or remove a trigger

  • Modify the priority

  • Change tape drive restrictions

  • Add or remove comments

By default, catalog backups are disabled after you install Oracle Secure Backup. You must explicitly set the trigger date to enable the scheduled backups of the catalog.

The associated dataset of the catalog object cannot be changed. Only unencrypted full backups are permitted. An incremental backup of the catalog data is disallowed because it would add complexity to the restore operation, which must be kept simple because it is performed without catalog data.

Note:

A backup using an automatically generated encryption key would be useless without the key store on disk, which would be lost if the administrative server were destroyed.

11.1.2 Catalog Recovery Media Family Object

A catalog recovery media family object describes the tape volumes that result from a catalog recovery backup. The Oracle Secure Backup installer creates a catalog recovery media family object with a write window of 7 days, and a retention period of 14 days. Oracle recommends rotating backups across two volume sets.

A suitably privileged Oracle Secure Backup user can:

  • Alter the write window

  • Alter the retention time

  • Modify the volume ID generation parameters

  • Modify volume duplication attributes

  • Associate a rotation policy

  • Add or remove comments

The catalog recovery media family object must have a time-managed expiration policy. Oracle Secure Backup does not allow the catalog recovery media family object to be content-managed, because backups of file-system data cannot be content-managed.

11.1.3 Catalog Recovery Dataset Object

A catalog recovery dataset object specifies what data is to be backed up. It incorporates an include catalog dataset directive to specify catalog data. This directive is expanded by Oracle Secure Backup to a definition of all files and databases that must be included in a catalog recovery backup. The catalog data itself is always backed up without storage encryption, regardless of the encryption policy.

Other files and hosts can be added to the catalog recovery dataset object. To add files and paths on the administrative server to the catalog backup, enclose them within block delimiters beneath the include catalog directive in a dataset. You can add the following directives to an include catalog block:

  • include path

  • exclude path

  • exclude name

No other directives are allowed within the include catalog block. The following example directive would cause the files in /usr/local/bin on the administrative host to be included in every catalog backup:

include catalog {
    include path "/usr/local/bin"
}

Note:

The include catalog directive cannot be added within an include host block, because it implicitly applies only to the administrative server. The dataset parser reports an error in this case.

You can add the include catalog directive to other datasets as well. There is no restriction on what else might be backed up by a dataset that includes it. The expanded catalog directive and its children, however, are handled as a separate job by the scheduler.

A suitably-privileged Oracle Secure Backup user can modify the catalog recovery dataset object using the standard dataset language. But Oracle Secure Backup does not allow you to remove the include catalog directive from the catalog recovery dataset object.

See Also:

Oracle Secure Backup Reference for more information on Oracle Secure Backup dataset language

11.1.4 Catalog Recovery Summary Object

A catalog recovery summary object causes Oracle Secure Backup to generate a summary report detailing each backup operation within the last 24 hours. This report is generated with a --catalog option that causes Oracle Secure Backup to include extended information about catalog recovery backups. When a summary report is generated with --catalog, Oracle Secure Backup also checks for catalog backup failures and generates an e-mail to the backup administrator if any are found.

Note:

The Oracle Secure Backup installer asks for the e-mail address of the admin user. On Windows, the installer also asks for an e-mail server. If no e-mail address is specified, or if no e-mail server is specified on Windows, then e-mail notifications are not sent.

A report generated with the --catalog option set includes:

  • The volume ID and barcode for the catalog backup

  • The file number for the catalog backup

  • Results of the verification step

Catalog backups also appear in summary reports that include information on each backup job, but they are not flagged as catalog backups, and they are mixed with the other backup jobs. The --catalog option is intended to help a backup administrator to check the status of catalog backups separately from other backup jobs.

11.2 Catalog Backup Jobs

Catalog recovery backup jobs always include a catalog backup, and they can include other files as well. Catalog backup jobs use the include catalog dataset extension to specify that all catalog data for the administrative server is included in the backup. Every catalog backup job is a full backup. Oracle Secure Backup is configured on installation to perform regular catalog backup jobs.

Storage encryption is disabled for all catalog backup jobs. You cannot recover encrypted backup data without the encryption wallet. But in a disaster scenario the encryption wallet would be lost, because it is part of the catalog data. So if the catalog backup data were encrypted, there would be no way to decipher it. Catalog backups can use transient passphrase encryption, because this does not require a wallet. Transient passphrase encryption is not enabled for catalog backup by default, but it can be added in the usual way.

See Also:

"Transient Backups" for more information on transient passphrase encryption

11.3 Restoring the Oracle Secure Backup Catalog

If the Oracle Secure Backup catalog on the administrative server is corrupted or lost, then you must restore the catalog. This section describes the basic procedure for restoring the admin directory if the media fails or the administrative server is lost.

Oracle highly recommends that you maintain a record of Oracle Secure Backup device attachments, especially for devices you intend to use for disaster recovery, because it is invaluable when reinstalling Oracle Secure Backup after a disaster. The recommended way to prepare for a catalog recovery emergency is to:

This section assumes that you are using a remote media server. If you are using a locally attached tape drive on your administrative server, then you can substitute the steps for locally attached drives for the steps for remote tape drives. The procedure points out these steps where appropriate.

To restore the Oracle Secure Backup catalog, perform the following tasks in order:

  1. Preparing to Restore the Oracle Secure Backup Catalog

  2. Restoring the Oracle Secure Backup Catalog with obtar

  3. Making the Administrative Domain Operational

11.3.1 Preparing to Restore the Oracle Secure Backup Catalog

Before you can restore the catalog you must install the Oracle Secure Backup administrative server from scratch. The easiest way to restore the catalog backup is to attach a tape drive to the administrative server. However, this option is not always available. If the administrative server does not have an attached tape device, then you must add a remote media server to the newly created domain.

To prepare to restore the Oracle Secure Backup catalog: 

  1. Choose one of the following options:

    • If the tape drive is locally attached to the administrative server, skip to Step 2.

    • If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 2.

    • If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the following steps:

    1. On the remote media server, stop the Oracle Secure Backup processes.

      See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.

    2. On the media server, remove the host certification data using the decertify option of the obcm command as shown below.

      # obcm decertify
      Decertify this host (n, y) [n]: y
      Host certification data has been deleted
      
    3. On the remote media server, restart the Oracle Secure Backup processes.

      See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.

  2. On the administrative server host, do the following:

    1. Install Oracle Secure Backup and choose the administrative server option.

    2. If you are installing on Windows, and if the tape device is attached locally, then in the Select the program features dialog box select Configure locally attached media devices.

    See Oracle Secure Backup Installation and Configuration Guide for instructions on installing Oracle Secure Backup.

  3. On the administrative server, log in to obtool as a user with administrative privileges and list the hosts in the domain.

    The following example logs in to Oracle Secure Backup on host brhost1:

    $ obtool
    Oracle Secure Backup 10.3.0.3.0
    login: admin
    ob> lshost
    brhost1          admin,client        (via OB)   in service
    
  4. Choose one of the following options depending on whether your media server is separate from your administrative server:

    • If the media server is on a separate host, then create the media server host using the mkhost command.

      Do one of the following:

      • If the remote host is not an NDMP tape server, then add it to the administrative domain using the syntax shown in the following example:

        ob> mkhost --role mediaserver brhost2
        Info: waiting for host to update certification status...
        
      • If the remote host is an NDMP tape server, then add it to the administrative domain and ping it using the syntax shown in the following example:

        ob> mkhost -r mediaserver -u root --ndmppass passwd -a ndmp brhost2
        ob> pinghost brhost2
        
    • If the administrative server is acting as the media server, then add the media server role to the administrative server.

      For example, enter the following command to add the media server role to administrative server brhost1:

      ob> chhost --addrole mediaserver brhost1
      
  5. Configure or discover the library and tape drive containing the catalog backup.

    Do one of the following:

    • If the media server is not an NDMP tape server, then run the mkdev command to configure the devices.

      For example, on Linux or UNIX you could enter the following commands to add library lib1 and tape drive tape1 to remote media server brhost2:

      ob> mkdev --type library --attach brhost2:/dev/obl0 lib1
      ob> mkdev --type tape --attach brhost2:/dev/obt0 -d 1 -l lib1 tape1
      

      The following example show the analogous commands on a Windows media server:

      ob> mkdev --type library --attach brhost2://./obl0 lib1
      ob> mkdev --type tape --attach brhost2://./obt0 -d 1 -l lib1 tape1
      
    • If the media server is an NDMP tape server, then run the discoverdev command to detect tape devices attached through NDMP.

      The following example discovers the tape devices on NDMP tape server brhost2:

      ob> discoverdev --host brhost2
      Info: beginning device discovery for brhost2.
       
         lib1  (new library)
            WWN: [none]
            new attach-point on brhost2, rawname mc0
       
         tape1  (new drive)
            WWN: [none]
            new attach-point on brhost2, rawname nrst1a
      
  6. Ping the tape library to ensure that it is accessible.

    For example, enter the following commands to ping library lib1:

    ob> pingdev lib1
    Info: library lib1 accessible.
    Info: drive 1 tape1 accessible.
    
  7. Perform an initial inventory on the library containing the volume before using it for the first time.

    For example, run the following command on library lib1:

    ob> inventory --force -L lib1
    

    This step is required even if you know which volume contains the OSB_CATALOG backup.

  8. List the volumes in the tape library.

    For example, enter the following command to list the volumes in library lib1:

    ob> lsvol -L lib1
    Inventory of library lib1:
        in    3:             occupied
        in    4:             unlabeled
        in    5:             unlabeled
        in    6:             unlabeled
        in    7:             unlabeled
        in    8:             unlabeled
        in    9:             unlabeled
    
  9. Identify the volume that contains the catalog backup.

    Choose one of the following options:

    • If you have a job summary for a catalog backup, then obtain the volume ID, bar code, and file number for the catalog backup from the summary.

      The following example shows a job summary for a catalog backup:

      Job ID      Scheduled At        Completed At       Content
        Backup Size  File #   Volume ID (Bar Code)
      admin/1.1   2008/03/26.11:48    2008/03/26.11:49   *catalog brhost1
        455 KB         1      OSB-CATALOG-MF-000002 (e744f09c4eeb4dabf3ac02ae2d332c0)
      
    • If the volume containing your catalog backup is in the tape library, and if you do not know which volume contains the backup, then run the identifyvol and lsvol commands to find the volume.

      The following example shows how to identify a catalog volume:

      ob> identifyvol --import -D tape1 3-9
      
      Seq       Volume              Volume    Archive     Client      Backup  
       #         ID                  Tag     File Sect     Host        Level
       1    OSB-CATALOG-MF-000002              1   1    brhost1     0      
      Archive Create 
       Date & Time
      2008/03/23 10:39:54s
       
      ob> lsvol -L lib1
      Inventory of library lib1:
         in    3:             volume OSB-CATALOG-MF-000002, 6891336 kb remaining, expires 2008/04/13.10:39
      
    • If the volume containing your catalog backup is not in the tape library, and if you do not know which volume contains the backup, then you must perform additional work. You must perform the following steps until you locate the correct volume:

      • Unload the volumes in the library.

      • Load new volumes

      • Run the inventory command from Step 7

      • Run the identifyvol command for each volume.

  10. Load the OSB-CATALOG-MF backup volume into the tape drive.

    For example, enter the following commands to load the tape from storage element 3 to drive tape1:

    ob> loadvol -D tape1 3
    

11.3.2 Restoring the Oracle Secure Backup Catalog with obtar

The examples in this section assume that file number 1 on the loaded tape contains the required catalog backup.

When restoring the files, follow the syntax and spacing in the obtar command exactly to avoid overwriting the new Oracle Secure Backup installation on the administrative server, which then requires you to uninstall and reinstall the software.

The command syntax is as follows, where tape_path is the name of the directory to be restored and disk_dir is the destination of the restored directory:

obtar -R -Fn -xvf drive -s,tape_path,disk_dir, tape_path

Include a space between the -s,tape_path,disk_dir, string and the second instance of tape_path.

Caution:

You must specify an alternative path to avoid overwriting critical data or operating system files on the administrative server.

To restore the Oracle Secure Backup catalog:

  1. List the contents of the loaded volume to ensure that you have the correct volume and file section.

    For example, on Linux and UNIX run obtar as follows to list the contents of the tape in tape1 (sample output included):

    $ obtar -R -tf tape1 -F 1
    Searching tape for requested file.  Please wait...
     
    /usr/local/oracle/backup/admin/
    /usr/local/oracle/backup/admin/config/
    /usr/local/oracle/backup/admin/config/class/
    .
    .
    .
    /usr/etc/ob/wallet/b64certificate.txt
    /usr/etc/ob/wallet/crl.txt
    /usr/etc/ob/wallet/ewallet.p12
    /usr/etc/ob/wallet/nscreq.txt
    /usr/etc/ob/xcr/
    

    For example, on Windows run obtar as follows to list the contents of the tape in tape1 (sample output included):

    C:\>obtar -R -F1 -tf tape1
     
    C:/Program Files/Oracle/Backup/admin/
    C:/Program Files/Oracle/Backup/admin/config/
    C:/Program Files/Oracle/Backup/admin/config/class/
    C:/Program Files/Oracle/Backup/admin/config/class/admin
    C:/Program Files/Oracle/Backup/admin/config/class/operator
    C:/Program Files/Oracle/Backup/admin/config/class/oracle
    .
    .
    .
    C:/Program Files/Oracle/Backup/db/xcr/1195
    C:/Program Files/Oracle/Backup/db/xcr/1198
    C:/Program Files/Oracle/Backup/db/xcr/1200
    
  2. Use obtar to restore the ob directory (Linux or UNIX) or db directory (Windows) to disk.

    Example 11-1 restores the Linux or UNIX directory /usr/etc/ob directory on tape to /usr/etc/ob-restored on disk. Note the space in front of the second occurrence of /usr/etc/ob.

    Example 11-1 Restoring the ob Directory on Linux and UNIX

    $ obtar -R -F1 -xvf drive1 -s,/usr/etc/ob,/usr/etc/ob-restored, /usr/etc/ob
     
    /usr/etc/ob-restored/
    /usr/etc/ob-restored/.hostid
    .
    .
    .
    /usr/etc/ob-restored/wallet/nscreq.txt
    /usr/etc/ob-restored/xcr/
    

    Example 11-2 restores the Windows directory C:\Program Files\Oracle\Backup\db on tape to C:\db-restored on disk. Note the space before the second occurrence of C:\Program Files\Oracle\Backup\db. The caret (^) denotes line continuation and is not an element of the syntax.

    Example 11-2 Restoring the db Directory on Windows

    C:\>obtar -R -xvf tape1 -F1 ^
    -s,"C:\Program Files\Oracle\Backup\db",C:\db-restored, "C:\Program Files\Oracle\Backup\db"
    
    C:\db-restored/
    C:\db-restored/.hostid
    C:\db-restored/obconfig.txt
    C:\db-restored/report/
    .
    .
    .
    C:\db-restored/xcr/1195
    C:\db-restored/xcr/1198
    C:\db-restored/xcr/1200
    
  3. Use obtar to restore the admin directory to disk.

    Example 11-3 restores the Linux or UNIX /usr/local/oracle/backup/admin directory on tape to /usr/local/oracle/backup/admin-restored on disk. The backslash (\) denotes line continuation and is not an element of the syntax.

    Example 11-3 Restoring the admin Directory on Linux and UNIX

    $ obtar -R -F1 -xvf tape1 \ 
    -s,/usr/local/oracle/backup/admin,/usr/local/oracle/backup/admin-restored, /usr/local/oracle/backup/admin
    

    Example 11-4 restores the Windows directory C:\Program Files\Oracle\Backup\admin on tape to C:\admin-restored on disk. The caret (^) denotes line continuation and is not an element of the syntax.

    Example 11-4 Restoring the admin Directory on Windows

    C:\>obtar -R -xvf tape1 -F1 ^
    -s,"C:\Program Files\Oracle\Backup\admin",C:\admin-restored, "C:\Program Files\Oracle\Backup\admin"
    
    C:\admin-restored/
    C:\admin-restored/.hostid
    C:\admin-restored/obconfig.txt
    C:\admin-restored/report/
    .
    .
    .
    C:\admin-restored/xcr/1195
    C:\admin-restored/xcr/1198
    C:\admin-restored/xcr/1200
    
  4. On the administrative server, stop the Oracle Secure Backup processes.

    See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.

  5. On the media server, stop the Oracle Secure Backup processes.

    See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.

  6. Confirm that catalog files have been properly restored by listing the contents of the restored directories.

    The following Linux and UNIX example lists the restored ob and admin directories:

    $ ls /usr/local/oracle/backup/admin-restored
    config  encryption  history  log  security  state
     
    $ ls /usr/etc/ob-restored
    osbdevs  report  wallet  xcr
    

    The following Windows example lists the restored db and admin directories:

    C:\>dir /w c:\admin-restored
     Volume in drive C has no label.
     Volume Serial Number is 240F-6921
     
     Directory of c:\admin-restored
     
    [.]              [..]        [config]     [encryption] 
    [history]        [log]       [security]   [state]
                   0 File(s)               0 bytes
                   8 Dir(s)  254,307,901,952 bytes free
     
    C:\>dir /w c:\db-restored
     Volume in drive C has no label.
     Volume Serial Number is 240F-6921
     
     Directory of c:\db-restored
     
    [.]         [..]           .hostid     obconfig.txt  
    [report]    [wallet]       [xcr]
                   2 File(s)             488 bytes
                   5 Dir(s)  254,307,901,952 bytes free
    
  7. On the administrative server, remove the following directories from the Oracle Secure Backup home:

    • ob (Linux and UNIX) or db (Windows) directory

    • admin directory

    The following Linux and UNIX example deletes the /usr/etc/ob and /usr/local/oracle/backup/admin directories:

    $ rm -rf /usr/etc/ob
    $ rm -rf /usr/local/oracle/backup/admin
    

    The following Windows example deletes the C:\Program Files\Oracle\Backup\admin and C:\Program Files\Oracle\Backup\db directories.

    C:\>cd C:\Program Files\Oracle\Backup
    C:\Program Files\Oracle\Backup>del /S admin
    C:\Program Files\Oracle\Backup>del /S db
    
  8. Move the restored Oracle Secure Backup directories to their original locations on the administrative example.

    The following Linux and UNIX example renames the restored directories:

    $ mv /usr/local/oracle/backup/admin-restored /usr/local/oracle/backup/admin
    $ mv /usr/etc/ob-restored /usr/etc/ob
    

    The following Windows example renames the restored directories:

    C:\>cd C:\Program Files\Oracle\Backup
    C:\Program Files\Oracle\Backup>move /Y C:\db-restored db
    C:\Program Files\Oracle\Backup>move /Y C:\admin-restored admin
    

11.3.3 Making the Administrative Domain Operational

After you have restored the catalog files and re-created the wallet, the administrative domain is not yet ready for normal operation. This section explains how to ready the domain for normal use.

To make the administrative domain operational: 

  1. Choose one of the following options:

    • If the tape drive is locally attached to the administrative server, skip to Step 2.

    • If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 2.

    • If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the following step:

      On the remote media server, start the observiced daemon.

      See Oracle Secure Backup Reference for operating system-specific observiced command syntax.

  2. On the administrative server, re-create the obfuscated encryption wallet.

    Although Oracle Secure Backup restores the password-protected encryption wallet to the administrative server, for security reasons the obfuscated encryption wallet is not backed up. You must re-create it manually after a restore operation, specifying the password used to create the original encryption wallet.

    Note:

    You must know your original encryption wallet password to accomplish this task.

    The following example uses the mkow command to re-create the wallet:

    obcm mkow -k -p wallet_password
    
  3. On the administrative server, start the observiced daemon.

    See Oracle Secure Backup Reference for operating system-specific observiced command syntax.

  4. If the catalog restore was performed from a remote media server, recertify that media server.

    On the administrative server, use the updatehost command with the recertify option to recertify a media server. The following example recertifies a media server named brhost2:

    # updatehost --recertify brhost2
    
  5. On the administrative server, perform an initial inventory on the library containing the volume before using it for the first time.

    For example, run the following command on library lib1:

    ob> inventory -L lib1
    
  6. Confirm that the restored Oracle Secure Backup administrative domain is intact.

    Check devices, datasets, volumes, jobs, media families, and other associated Oracle Secure Backup objects to confirm they are present and working in the restored domain.