To guard against the loss of data on a computer used to make backups, Oracle Secure Backup protects its own catalog and settings data. Without this metadata the backups that Oracle Secure Backup has made are just so many assorted tapes. If the catalog data is lost, then you can restore it to its state before the failure.
When Oracle Secure Backup is first installed on your administrative server, a scheduled job is set up by the installer to back up the catalog daily at midnight.
Oracle Secure Backup catalog recovery protects only the catalog and settings on an administrative server. The operating system and other installed software are not automatically backed up.
This chapter contains these sections:
Oracle Secure Backup catalog recovery creates the following reserved objects:
All reserved catalog recovery objects are instances of the usual Oracle Secure Backup objects with some added restrictions. These reserved objects cannot be deleted, and some of their properties cannot be changed. The restrictions are meant to prevent you from accidentally disabling the catalog backup or changing the backup settings to something that does not perform correctly.
To modify catalog recovery objects, you can use obtool
commands chsched
, chmf
, chsum
, and edds
. You can also use the Web tool or Oracle Enterprise Manager equivalents. The interface does not allow some things to be changed, but for everything else the reserved objects act just like normal objects.
This object drives the catalog recovery backup. It is associated with a catalog recovery dataset object, which specifies the data to be backed up, and a catalog recovery media family object, which specifies characteristics of the tape volume.
The catalog recovery schedule object is created by the Oracle Secure Backup installer to perform a full backup at midnight each day. The priority is set at 50, rather than the default 100. A suitably-privileged Oracle Secure Backup user can:
Add or remove a trigger
Modify the priority
Change tape drive restrictions
Add or remove comments
By default, catalog backups are disabled after you install Oracle Secure Backup. You must explicitly set the trigger date to enable the scheduled backups of the catalog.
The associated dataset of the catalog object cannot be changed. Only unencrypted full backups are permitted. An incremental backup of the catalog data is disallowed because it would add complexity to the restore operation, which must be kept simple because it is performed without catalog data.
Note:
A backup using an automatically generated encryption key would be useless without the key store on disk, which would be lost if the administrative server were destroyed.A catalog recovery media family object describes the tape volumes that result from a catalog recovery backup. The Oracle Secure Backup installer creates a catalog recovery media family object with a write window of 7 days, and a retention period of 14 days. Oracle recommends rotating backups across two volume sets.
A suitably privileged Oracle Secure Backup user can:
Alter the write window
Alter the retention time
Modify the volume ID generation parameters
Modify volume duplication attributes
Associate a rotation policy
Add or remove comments
The catalog recovery media family object must have a time-managed expiration policy. Oracle Secure Backup does not allow the catalog recovery media family object to be content-managed, because backups of file-system data cannot be content-managed.
A catalog recovery dataset object specifies what data is to be backed up. It incorporates an include
catalog
dataset directive to specify catalog data. This directive is expanded by Oracle Secure Backup to a definition of all files and databases that must be included in a catalog recovery backup. The catalog data itself is always backed up without storage encryption, regardless of the encryption policy.
Other files and hosts can be added to the catalog recovery dataset object. To add files and paths on the administrative server to the catalog backup, enclose them within block delimiters beneath the include
catalog
directive in a dataset. You can add the following directives to an include
catalog
block:
include
path
exclude
path
exclude
name
No other directives are allowed within the include
catalog
block. The following example directive would cause the files in /usr/local/bin
on the administrative host to be included in every catalog backup:
include catalog { include path "/usr/local/bin" }
Note:
Theinclude
catalog
directive cannot be added within an include
host
block, because it implicitly applies only to the administrative server. The dataset parser reports an error in this case.You can add the include
catalog
directive to other datasets as well. There is no restriction on what else might be backed up by a dataset that includes it. The expanded catalog directive and its children, however, are handled as a separate job by the scheduler.
A suitably-privileged Oracle Secure Backup user can modify the catalog recovery dataset object using the standard dataset language. But Oracle Secure Backup does not allow you to remove the include
catalog
directive from the catalog recovery dataset object.
See Also:
Oracle Secure Backup Reference for more information on Oracle Secure Backup dataset languageA catalog recovery summary object causes Oracle Secure Backup to generate a summary report detailing each backup operation within the last 24 hours. This report is generated with a --catalog
option that causes Oracle Secure Backup to include extended information about catalog recovery backups. When a summary report is generated with --catalog
, Oracle Secure Backup also checks for catalog backup failures and generates an e-mail to the backup administrator if any are found.
Note:
The Oracle Secure Backup installer asks for the e-mail address of theadmin
user. On Windows, the installer also asks for an e-mail server. If no e-mail address is specified, or if no e-mail server is specified on Windows, then e-mail notifications are not sent.A report generated with the --catalog
option set includes:
The volume ID and barcode for the catalog backup
The file number for the catalog backup
Results of the verification step
Catalog backups also appear in summary reports that include information on each backup job, but they are not flagged as catalog backups, and they are mixed with the other backup jobs. The --catalog
option is intended to help a backup administrator to check the status of catalog backups separately from other backup jobs.
Catalog recovery backup jobs always include a catalog backup, and they can include other files as well. Catalog backup jobs use the include
catalog
dataset extension to specify that all catalog data for the administrative server is included in the backup. Every catalog backup job is a full backup. Oracle Secure Backup is configured on installation to perform regular catalog backup jobs.
Storage encryption is disabled for all catalog backup jobs. You cannot recover encrypted backup data without the encryption wallet. But in a disaster scenario the encryption wallet would be lost, because it is part of the catalog data. So if the catalog backup data were encrypted, there would be no way to decipher it. Catalog backups can use transient passphrase encryption, because this does not require a wallet. Transient passphrase encryption is not enabled for catalog backup by default, but it can be added in the usual way.
See Also:
"Transient Backups" for more information on transient passphrase encryptionIf the Oracle Secure Backup catalog on the administrative server is corrupted or lost, then you must restore the catalog. This section describes the basic procedure for restoring the admin
directory if the media fails or the administrative server is lost.
Oracle highly recommends that you maintain a record of Oracle Secure Backup device attachments, especially for devices you intend to use for disaster recovery, because it is invaluable when reinstalling Oracle Secure Backup after a disaster. The recommended way to prepare for a catalog recovery emergency is to:
Retain a copy of the lsdevice
--long
output from obtool
.
Note the attachment information listed.
Retain a copy of your most recent e-mail of the job summary report for a catalog backup. The job summary for a catalog backup provides the information required to identify the volume and file number that holds the latest catalog backup.
This section assumes that you are using a remote media server. If you are using a locally attached tape drive on your administrative server, then you can substitute the steps for locally attached drives for the steps for remote tape drives. The procedure points out these steps where appropriate.
To restore the Oracle Secure Backup catalog, perform the following tasks in order:
Before you can restore the catalog you must install the Oracle Secure Backup administrative server from scratch. The easiest way to restore the catalog backup is to attach a tape drive to the administrative server. However, this option is not always available. If the administrative server does not have an attached tape device, then you must add a remote media server to the newly created domain.
To prepare to restore the Oracle Secure Backup catalog:
Choose one of the following options:
If the tape drive is locally attached to the administrative server, skip to Step 2.
If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 2.
If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the following steps:
On the remote media server, stop the Oracle Secure Backup processes.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
On the media server, remove the host certification data using the decertify
option of the obcm
command as shown below.
# obcm decertify Decertify this host (n, y) [n]: y Host certification data has been deleted
On the remote media server, restart the Oracle Secure Backup processes.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
On the administrative server host, do the following:
Install Oracle Secure Backup and choose the administrative server option.
If you are installing on Windows, and if the tape device is attached locally, then in the Select the program features dialog box select Configure locally attached media devices.
See Oracle Secure Backup Installation and Configuration Guide for instructions on installing Oracle Secure Backup.
On the administrative server, log in to obtool
as a user with administrative privileges and list the hosts in the domain.
The following example logs in to Oracle Secure Backup on host brhost1
:
$ obtool Oracle Secure Backup 10.3.0.3.0 login: admin ob> lshost brhost1 admin,client (via OB) in service
Choose one of the following options depending on whether your media server is separate from your administrative server:
If the media server is on a separate host, then create the media server host using the mkhost
command.
Do one of the following:
If the remote host is not an NDMP tape server, then add it to the administrative domain using the syntax shown in the following example:
ob> mkhost --role mediaserver brhost2 Info: waiting for host to update certification status...
If the remote host is an NDMP tape server, then add it to the administrative domain and ping it using the syntax shown in the following example:
ob> mkhost -r mediaserver -u root --ndmppass passwd -a ndmp brhost2 ob> pinghost brhost2
If the administrative server is acting as the media server, then add the media server role to the administrative server.
For example, enter the following command to add the media server role to administrative server brhost1
:
ob> chhost --addrole mediaserver brhost1
Configure or discover the library and tape drive containing the catalog backup.
Do one of the following:
If the media server is not an NDMP tape server, then run the mkdev
command to configure the devices.
For example, on Linux or UNIX you could enter the following commands to add library lib1
and tape drive tape1
to remote media server brhost2
:
ob> mkdev --type library --attach brhost2:/dev/obl0 lib1 ob> mkdev --type tape --attach brhost2:/dev/obt0 -d 1 -l lib1 tape1
The following example show the analogous commands on a Windows media server:
ob> mkdev --type library --attach brhost2://./obl0 lib1 ob> mkdev --type tape --attach brhost2://./obt0 -d 1 -l lib1 tape1
If the media server is an NDMP tape server, then run the discoverdev
command to detect tape devices attached through NDMP.
The following example discovers the tape devices on NDMP tape server brhost2
:
ob> discoverdev --host brhost2 Info: beginning device discovery for brhost2. lib1 (new library) WWN: [none] new attach-point on brhost2, rawname mc0 tape1 (new drive) WWN: [none] new attach-point on brhost2, rawname nrst1a
Ping the tape library to ensure that it is accessible.
For example, enter the following commands to ping library lib1
:
ob> pingdev lib1 Info: library lib1 accessible. Info: drive 1 tape1 accessible.
Perform an initial inventory on the library containing the volume before using it for the first time.
For example, run the following command on library lib1
:
ob> inventory --force -L lib1
This step is required even if you know which volume contains the OSB_CATALOG
backup.
List the volumes in the tape library.
For example, enter the following command to list the volumes in library lib1
:
ob> lsvol -L lib1 Inventory of library lib1: in 3: occupied in 4: unlabeled in 5: unlabeled in 6: unlabeled in 7: unlabeled in 8: unlabeled in 9: unlabeled
Identify the volume that contains the catalog backup.
Choose one of the following options:
If you have a job summary for a catalog backup, then obtain the volume ID, bar code, and file number for the catalog backup from the summary.
The following example shows a job summary for a catalog backup:
Job ID Scheduled At Completed At Content Backup Size File # Volume ID (Bar Code) admin/1.1 2008/03/26.11:48 2008/03/26.11:49 *catalog brhost1 455 KB 1 OSB-CATALOG-MF-000002 (e744f09c4eeb4dabf3ac02ae2d332c0)
If the volume containing your catalog backup is in the tape library, and if you do not know which volume contains the backup, then run the identifyvol
and lsvol
commands to find the volume.
The following example shows how to identify a catalog volume:
ob> identifyvol --import -D tape1 3-9 Seq Volume Volume Archive Client Backup # ID Tag File Sect Host Level 1 OSB-CATALOG-MF-000002 1 1 brhost1 0 Archive Create Date & Time 2008/03/23 10:39:54s ob> lsvol -L lib1 Inventory of library lib1: in 3: volume OSB-CATALOG-MF-000002, 6891336 kb remaining, expires 2008/04/13.10:39
If the volume containing your catalog backup is not in the tape library, and if you do not know which volume contains the backup, then you must perform additional work. You must perform the following steps until you locate the correct volume:
Unload the volumes in the library.
Load new volumes
Run the inventory
command from Step 7
Run the identifyvol
command for each volume.
Load the OSB-CATALOG-MF
backup volume into the tape drive.
For example, enter the following commands to load the tape from storage element 3 to drive tape1
:
ob> loadvol -D tape1 3
The examples in this section assume that file number 1 on the loaded tape contains the required catalog backup.
When restoring the files, follow the syntax and spacing in the obtar
command exactly to avoid overwriting the new Oracle Secure Backup installation on the administrative server, which then requires you to uninstall and reinstall the software.
The command syntax is as follows, where tape_path
is the name of the directory to be restored and disk_dir
is the destination of the restored directory:
obtar -R -Fn -xvf drive -s,tape_path,disk_dir, tape_path
Include a space between the -s,
tape_path
,
disk_dir
, string and the second instance of tape_path
.
Caution:
You must specify an alternative path to avoid overwriting critical data or operating system files on the administrative server.To restore the Oracle Secure Backup catalog:
List the contents of the loaded volume to ensure that you have the correct volume and file section.
For example, on Linux and UNIX run obtar
as follows to list the contents of the tape in tape1
(sample output included):
$ obtar -R -tf tape1 -F 1 Searching tape for requested file. Please wait... /usr/local/oracle/backup/admin/ /usr/local/oracle/backup/admin/config/ /usr/local/oracle/backup/admin/config/class/ . . . /usr/etc/ob/wallet/b64certificate.txt /usr/etc/ob/wallet/crl.txt /usr/etc/ob/wallet/ewallet.p12 /usr/etc/ob/wallet/nscreq.txt /usr/etc/ob/xcr/
For example, on Windows run obtar
as follows to list the contents of the tape in tape1
(sample output included):
C:\>obtar -R -F1 -tf tape1 C:/Program Files/Oracle/Backup/admin/ C:/Program Files/Oracle/Backup/admin/config/ C:/Program Files/Oracle/Backup/admin/config/class/ C:/Program Files/Oracle/Backup/admin/config/class/admin C:/Program Files/Oracle/Backup/admin/config/class/operator C:/Program Files/Oracle/Backup/admin/config/class/oracle . . . C:/Program Files/Oracle/Backup/db/xcr/1195 C:/Program Files/Oracle/Backup/db/xcr/1198 C:/Program Files/Oracle/Backup/db/xcr/1200
Use obtar
to restore the ob
directory (Linux or UNIX) or db
directory (Windows) to disk.
Example 11-1 restores the Linux or UNIX directory /usr/etc/ob
directory on tape to /usr/etc/ob-restored
on disk. Note the space in front of the second occurrence of /usr/etc/ob
.
Example 11-1 Restoring the ob Directory on Linux and UNIX
$ obtar -R -F1 -xvf drive1 -s,/usr/etc/ob,/usr/etc/ob-restored, /usr/etc/ob /usr/etc/ob-restored/ /usr/etc/ob-restored/.hostid . . . /usr/etc/ob-restored/wallet/nscreq.txt /usr/etc/ob-restored/xcr/
Example 11-2 restores the Windows directory C:\Program Files\Oracle\Backup\db
on tape to C:\db-restored
on disk. Note the space before the second occurrence of C:\Program Files\Oracle\Backup\db
. The caret (^
) denotes line continuation and is not an element of the syntax.
Example 11-2 Restoring the db Directory on Windows
C:\>obtar -R -xvf tape1 -F1 ^ -s,"C:\Program Files\Oracle\Backup\db",C:\db-restored, "C:\Program Files\Oracle\Backup\db" C:\db-restored/ C:\db-restored/.hostid C:\db-restored/obconfig.txt C:\db-restored/report/ . . . C:\db-restored/xcr/1195 C:\db-restored/xcr/1198 C:\db-restored/xcr/1200
Use obtar
to restore the admin
directory to disk.
Example 11-3 restores the Linux or UNIX /usr/local/oracle/backup/admin
directory on tape to /usr/local/oracle/backup/admin-restored
on disk. The backslash (\
) denotes line continuation and is not an element of the syntax.
Example 11-3 Restoring the admin Directory on Linux and UNIX
$ obtar -R -F1 -xvf tape1 \ -s,/usr/local/oracle/backup/admin,/usr/local/oracle/backup/admin-restored, /usr/local/oracle/backup/admin
Example 11-4 restores the Windows directory C:\Program Files\Oracle\Backup\admin
on tape to C:\admin-restored
on disk. The caret (^
) denotes line continuation and is not an element of the syntax.
Example 11-4 Restoring the admin Directory on Windows
C:\>obtar -R -xvf tape1 -F1 ^ -s,"C:\Program Files\Oracle\Backup\admin",C:\admin-restored, "C:\Program Files\Oracle\Backup\admin" C:\admin-restored/ C:\admin-restored/.hostid C:\admin-restored/obconfig.txt C:\admin-restored/report/ . . . C:\admin-restored/xcr/1195 C:\admin-restored/xcr/1198 C:\admin-restored/xcr/1200
On the administrative server, stop the Oracle Secure Backup processes.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
On the media server, stop the Oracle Secure Backup processes.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
Confirm that catalog files have been properly restored by listing the contents of the restored directories.
The following Linux and UNIX example lists the restored ob
and admin
directories:
$ ls /usr/local/oracle/backup/admin-restored config encryption history log security state $ ls /usr/etc/ob-restored osbdevs report wallet xcr
The following Windows example lists the restored db
and admin
directories:
C:\>dir /w c:\admin-restored Volume in drive C has no label. Volume Serial Number is 240F-6921 Directory of c:\admin-restored [.] [..] [config] [encryption] [history] [log] [security] [state] 0 File(s) 0 bytes 8 Dir(s) 254,307,901,952 bytes free C:\>dir /w c:\db-restored Volume in drive C has no label. Volume Serial Number is 240F-6921 Directory of c:\db-restored [.] [..] .hostid obconfig.txt [report] [wallet] [xcr] 2 File(s) 488 bytes 5 Dir(s) 254,307,901,952 bytes free
On the administrative server, remove the following directories from the Oracle Secure Backup home:
ob
(Linux and UNIX) or db
(Windows) directory
admin
directory
The following Linux and UNIX example deletes the /usr/etc/ob
and /usr/local/oracle/backup/admin
directories:
$ rm -rf /usr/etc/ob $ rm -rf /usr/local/oracle/backup/admin
The following Windows example deletes the C:\Program Files\Oracle\Backup\admin
and C:\Program Files\Oracle\Backup\db
directories.
C:\>cd C:\Program Files\Oracle\Backup C:\Program Files\Oracle\Backup>del /S admin C:\Program Files\Oracle\Backup>del /S db
Move the restored Oracle Secure Backup directories to their original locations on the administrative example.
The following Linux and UNIX example renames the restored directories:
$ mv /usr/local/oracle/backup/admin-restored /usr/local/oracle/backup/admin $ mv /usr/etc/ob-restored /usr/etc/ob
The following Windows example renames the restored directories:
C:\>cd C:\Program Files\Oracle\Backup C:\Program Files\Oracle\Backup>move /Y C:\db-restored db C:\Program Files\Oracle\Backup>move /Y C:\admin-restored admin
After you have restored the catalog files and re-created the wallet, the administrative domain is not yet ready for normal operation. This section explains how to ready the domain for normal use.
To make the administrative domain operational:
Choose one of the following options:
If the tape drive is locally attached to the administrative server, skip to Step 2.
If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 2.
If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the following step:
On the remote media server, start the observiced
daemon.
See Oracle Secure Backup Reference for operating system-specific observiced
command syntax.
On the administrative server, re-create the obfuscated encryption wallet.
Although Oracle Secure Backup restores the password-protected encryption wallet to the administrative server, for security reasons the obfuscated encryption wallet is not backed up. You must re-create it manually after a restore operation, specifying the password used to create the original encryption wallet.
Note:
You must know your original encryption wallet password to accomplish this task.The following example uses the mkow
command to re-create the wallet:
obcm mkow -k -p wallet_password
On the administrative server, start the observiced
daemon.
See Oracle Secure Backup Reference for operating system-specific observiced
command syntax.
See Also:
"Managing Daemons"If the catalog restore was performed from a remote media server, recertify that media server.
On the administrative server, use the updatehost
command with the recertify
option to recertify a media server. The following example recertifies a media server named brhost2
:
# updatehost --recertify brhost2
On the administrative server, perform an initial inventory on the library containing the volume before using it for the first time.
For example, run the following command on library lib1
:
ob> inventory -L lib1
Confirm that the restored Oracle Secure Backup administrative domain is intact.
Check devices, datasets, volumes, jobs, media families, and other associated Oracle Secure Backup objects to confirm they are present and working in the restored domain.