To guard against the loss of data on a computer used to make backups, Oracle Secure Backup protects its own catalog and settings data. Without this metadata the backups that Oracle Secure Backup has made are just so many assorted tapes. If the real-time Oracle Secure Backup catalog data is lost, then you can use the metadata from an Oracle Secure Backup catalog backup to restore Oracle Secure Backup to the state that it was in at the time of its last catalog backup.
Data which defines an Oracle Secure Backup administrative domain resides on the administrative host in the $OSB_HOME/admin
directory and usr/etc/ob
directory. During an Oracle Secure Backup installation, a dataset description file OSB-CATALOG-DS
is automatically generated to back up these critical directories. Ideally, you must perform a backup of these directories daily, after completing all other backups so that the latest state of the administrative host can be captured for restore, in case of a hardware failure on the administrative host.
Oracle Secure Backup catalog recovery protects only the catalog and settings on an administrative server. The operating system and other installed software are not automatically backed up.
This chapter contains these sections:
The following Catalog Recovery objects are created during an initial Oracle Secure Backup install. These objects are reserved for Oracle Secure Backup Catalog Backups for the purpose of disaster recovery.
All reserved catalog recovery objects are instances of the usual Oracle Secure Backup objects with some added restrictions. The restrictions are meant to prevent you from accidentally disabling the catalog backup or changing the backup settings to something that does not perform correctly.
Catalog Recovery Objects are similar to standard Oracle Secure Backup objects but they have some restrictions to prevent them from being changed, disabled, or accidentally deleted. The Oracle Secure Backup Web Tool, obtool
, or Oracle Enterprise Manager can be used to make changes to these objects using the commands chsched
, chmf
, chsum
, and edds
in the same way their regular equivalents can be modified.
This object is associated with a catalog recovery dataset object, which specifies the data to be backed up, and a catalog recovery media family object, which specifies characteristics of the tape volume.
The catalog recovery schedule object is created by the Oracle Secure Backup installer to perform a full backup at midnight each day. The priority is set at 50, rather than the default 100. A suitably-privileged Oracle Secure Backup user can:
Add or remove a trigger
Modify the priority
Change tape drive restrictions
Add or remove comments
By default, catalog backups are disabled after you install Oracle Secure Backup. You must explicitly set the trigger date to enable the scheduled backups of the catalog.
The associated dataset of the catalog object cannot be changed. Only unencrypted full backups are permitted. An incremental backup of the catalog data is disallowed because it would add complexity to the restore operation, which must be kept simple because it is performed without catalog data.
Note:
A backup using an automatically generated encryption key would be useless without the key store on disk, which would be lost if the administrative server were destroyed.
A catalog recovery media family object defines the tape volumes that result from a catalog recovery backup. The Oracle Secure Backup installer creates a catalog recovery media family object with a write window of 7 days, and a retention period of 14 days. It is recommended that backups be rotated between two volume sets.
A suitably privileged Oracle Secure Backup user can:
Alter the write window
Alter the retention time
Modify the volume ID generation parameters
Modify volume duplication attributes
Associate a rotation policy with the media family
Add or remove comments
The catalog recovery media family object must have a time-managed expiration policy. Oracle Secure Backup does not allow the catalog recovery media family object to be content-managed, because backups are comprised of file-system data which cannot be content-managed.
A catalog recovery dataset object specifies what data is to be backed up. It incorporates an include
catalog
dataset directive to specify catalog data. This directive is expanded by Oracle Secure Backup to a definition of all files and databases that must be included in a catalog recovery backup. The catalog data itself is always backed up unencrypted regardless of any local encryption policies.
Other files and hosts can be added to the catalog recovery dataset object. To add files and paths on the administrative server to the catalog backup, enclose them within block delimiters beneath the include
catalog
directive in a dataset. You can add the following directives to an include
catalog
block:
include
path
exclude
path
exclude
name
No other directives are allowed within the include
catalog
block. The following example directive would cause the files in /usr/local/bin
on the administrative host to be included in every catalog backup:
include catalog { include path "/usr/local/bin" }
Note:
The include
catalog
directive cannot be added within an include
host
block, because it implicitly applies only to the administrative server. The dataset parser reports an error in this case.
You can add the include
catalog
directive to other datasets as well. There is no restriction on what else might be backed up by a dataset that includes it. The expanded catalog directive and its children, however, are handled as a separate job by the scheduler.
A suitably-privileged Oracle Secure Backup user can modify the catalog recovery dataset object using the standard dataset language. But Oracle Secure Backup does not allow you to remove the include
catalog
directive from the catalog recovery dataset object.
See Also:
Oracle Secure Backup Reference for more information on Oracle Secure Backup dataset language
A catalog recovery summary object causes Oracle Secure Backup to generate a summary report detailing each backup operation within the last 24 hours. This report is generated with a --catalog
option that causes Oracle Secure Backup to include extended information about catalog recovery backups. When a summary report is generated with --catalog
, Oracle Secure Backup also checks for catalog backup failures and generates an e-mail to the backup administrator if any are found.
Note:
The Oracle Secure Backup installer asks for the e-mail address of the admin
user. On Windows, the installer also asks for an e-mail server. If no e-mail address is specified, or if no e-mail server is specified on Windows, then e-mail notifications are not sent.
A report generated with the --catalog
option set includes:
The volume ID and barcode for the catalog backup
The file number for the catalog backup
Results of the verification step
Catalog backups also appear in summary reports that include information on each backup job, but they are not flagged as catalog backups, and they are mixed with the other backup jobs. The --catalog
option is intended to help a backup administrator to check the status of catalog backups separately from other backup jobs.
Catalog recovery backup jobs always include a catalog backup, and they can include other files as well. Catalog backup jobs use the include
catalog
dataset extension to specify that all catalog data for the administrative server is included in the backup. Every catalog backup job is a full backup. Oracle Secure Backup is configured on installation to perform regular catalog backup jobs.
Storage encryption is disabled for all catalog backup jobs. You cannot recover encrypted backup data without the encryption wallet. But in a disaster scenario the encryption wallet would be lost, because it is part of the catalog data. So if the catalog backup data were encrypted, there would be no way to decipher it. Catalog backups can use transient passphrase encryption, because this does not require a wallet. Transient passphrase encryption is not enabled for catalog backup by default, but it can be added following the standard procedure.
See Also:
"About Transient Backup Encryption" for more information about transient passphrase encryption
If the Oracle Secure Backup administrative server fails or important directories are inadvertently deleted or damaged, then the administrative domain can be recovered by performing a restore of the Oracle Secure Backup Catalog. The dataset used for this backup is included in the default install of an Oracle Secure Backup administrative role and is called OSB-CATALOG-DS
. This section describes the procedure for restoring the admin
and ob
(on *nix or db on windows) directories which contain the information necessary to recover your administrative domain. Oracle strongly recommends that you perform regular backups of the OSB-CATALOG-DS
dataset and also maintain a record of your Oracle Secure Backup device attachments, especially for devices you intend to use during disaster recovery. Having the following information readily available will facilitate the speed of the operation:
A copy of the lsdevice
--long
output from obtool
.
The attachment information.
A copy of your most recent e-mail of the job summary report for a catalog backup. The job summary for a catalog backup provides the information required to identify the volume and file number that holds the latest catalog backup.
This section assumes that you are using a remote media server. If you are using a locally attached tape drive on your administrative server, then you can substitute the steps for locally attached drives for the steps for remote tape drives. The procedure points out these steps where appropriate.
To restore the Oracle Secure Backup catalog, perform the following tasks in order:
Before restoring the catalog data, perform a clean Oracle Secure Backup install on the machine selected to be the substitute or replacement Oracle Secure Backup administrative server. The easiest approach is to attach a tape drive to the administrative server. However, this option is not always available. If the administrative server does not have an attached tape device, then a remote media server needs to be reconfigured or added to the domain. This section lists the steps for adding a remote media server to the newly installed administrative host.
To prepare to restore the Oracle Secure Backup catalog:
Choose one of the following options:
If the tape drive is locally attached to the administrative server, skip to Step 3.
If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 3.
If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the tasks described in Step 2:
Perform the following steps:
On the remote media server, stop the Oracle Secure Backup processes.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
Move the /usr/etc/ob
directory to an alternate location to save it.
On Unix/Linux, use the following command:
# mv /usr/etc/ob /usr/etc/ob.save
On Windows, use the following commands:
C:\> cd C:\Program Files\Oracle\Backup C:\Program Files\Oracle\Backup > move /Y db db-save
Restart the Oracle Secure Backup processes on the remote media server.
On the administrative server host, do the following:
Install Oracle Secure Backup and choose the administrative server option.
If you are installing on Windows, and if the tape device is attached locally, then in the Select the Program Features dialog box select Configure locally attached media devices.
See Oracle Secure Backup Reference for more information on obtool
commands.
On the administrative server, log in to obtool
as a user with administrative privileges and list the hosts in the domain.
The following example logs in to Oracle Secure Backup on host brhost1
:
$ obtool Oracle Secure Backup 12.2.0.1.0 login: admin ob> lshost brhost1 admin,client (via OB) in service
Choose one of the following options depending on whether your media server is separate from your administrative server:
If the administrative server is acting as the media server, then add the media server role to the administrative server.
For example, enter the following command to add the media server role to administrative server brhost1
:
ob> chhost --addrole mediaserver brhost1
If the remote media server already has Oracle Secure Backup installed, then do the following:
Stop the Oracle Secure Backup processes.
Save the ob directory (in *nix) or db directory (on Windows) which contains data identifying it as a member of the original administrative domain to an alternate location.
On Unix/Linux, use the following command:
# mv /usr/etc/ob /usr/etc/ob.save
On Windows, use the following commands:
C:\> cd C:\Program Files\Oracle\Backup
C:\Program Files\Oracle\Backup > move /Y db db-save
Restart the Oracle Secure Backup processes on the remote media server.
If a remote media server is being used, then create the media server host using the mkhost
command.
Do one of the following:
If the remote host is not an NDMP media server, then install the Oracle Secure Backup package and add it to the administrative domain using the syntax shown in the following example:
ob> mkhost --role mediaserver brhost2 Info: waiting for host to update certification status...
If the remote host is an NDMP media server, do not install Oracle Secure Backup on it, just add it to the administrative domain and ping it using the syntax shown in the following example:
ob> mkhost -r mediaserver -u root --ndmppass passwd -a ndmp brhost2 ob> pinghost brhost2
Run the discoverdev
command to automatically discover and configure tape devices.
The following example discovers the tape devices on NDMP tape server brhost2
:
ob> discoverdev -ic -h brhost2 Device-Type Device-Model Serial-Number Attachpoint Library SL3000 571020201053 brhost2:/dev/scsi/changer/c0t500104F000AFE4F7d0 create device object brhost2_lib_1? (a, n, q, y, ?) [y]: y Tape T10000C 576004000570 brhost2:/dev/rmt/0bn create device object brhost2_tape_1? (a, n, q, y, ?) [y]: y Tape Ultrium 5-SCSI HU1113FT2L brhost2:/dev/rmt/10bn create device object brhost2_tape_2? (a, n, q, y, ?) [y]: y Tape Ultrium 5-SCSI HU1113FT2P brhost2:/dev/rmt/11bn create device object brhost2_tape_3? (a, n, q, y, ?) [y]: y Tape Ultrium 5-SCSI HU1113FT0L brhost2:/dev/rmt/12bn create device object brhost2_tape_4? (a, n, q, y, ?) [y]: y Tape Ultrium 5-SCSI HU1113FT0T brhost2:/dev/rmt/13bn
The following example discovers the tape devices on a Linux media server, storabck06:
ob> discoverdev -ic -h storabck06 Device-Type Device-Model Serial-Number Attachpoint create device object storabck06_lib_3? (a, n, q, y, ?) [y]: y Library STK SL500 559000101874 storabck06:/dev/sg30 create device object storabck06_tape_1? (a, n, q, y, ?) [y]: y Tape HP Ultrium 5-SCSI HU19487T7J storabck06:/dev/sg11 create device object storabck06_tape_2? (a, n, q, y, ?) [y]: y Tape STK T10000C 576004000570 storabck06:/dev/sg12 create device object storabck06_tape_3? (a, n, q, y, ?) [y]: y Tape HP Ultrium 5-SCSI HU1113FT0K storabck06:/dev/sg13 create device object storabck06_tape_4? (a, n, q, y, ?) [y]: y Tape STK T10000C 576004000554 storabck06:/dev/sg14 create device object storabck06_tape_5? (a, n, q, y, ?) [y]: y Tape IBM ULTRIUM-TD2 1110349363 storabck06:/dev/sg15
The following example shows discoverdev
on a Windows media server:
ob> discoverdev -ic -h STORABCK56 Device-Type Device-Model Serial-Number Attachpoint Library STK SL150 464970G+1333SY1401 STORABCK56://./obl0 create device object STORABCK56_lib_1? (a, n, q, y, ?) [y]: y Tape HP Ultrium 5-SCSI HU1327WEYJ STORABCK56://./obt0 create device object STORABCK56_tape_1? (a, n, q, y, ?) [y]: y Tape HP Ultrium 5-SCSI HU1328WGF6 STORABCK56://./obt1 create device object STORABCK56_tape_2? (a, n, q, y, ?) [y]: y Associating discovered drives to libraries... *** th0__warning: number of storage elements default (42) differs from current (30) *** th0__warning: number of import export elements default (5) differs from current (4) no. of DTEs in library STORABCK56_lib_1 are: 2 drive serial number at dte: 1 for STORABCK56_lib_1 library is: HU1328WGF6 drive serial number at dte: 2 for STORABCK56_lib_1 library is: HU1327WEYJ
Ping the tape library to ensure that it is accessible.
For example, enter the following commands to ping library brhost2_lib_1
:
ob> pingdev brhost2_lib_1 Info: library brhost2_lib_1 accessible. Info: drive 1 tape1 accessible.
Perform an initial inventory on the library containing the volume before using it for the first time.
For example, run the following command on library brhost2_lib_1
:
ob> inventory --force -L brhost2_lib_1
This step is required even if you know which volume contains the OSB_CATALOG
backup.
List the volumes in the tape library.
For example, enter the following command to list the volumes in library brhost2_lib_1
:
ob> lsvol -L brhost2_lib_1 Inventory of library brhost2_lib_1: in 1: occupied in 2: occupied in 3: occupied in 4: unlabeled in 5: unlabeled in 6: unlabeled in 7: unlabeled in 8: unlabeled in 9: unlabeled
Identify the volume that contains the catalog backup.
Choose one of the following options:
If you have a job summary for a catalog backup, then obtain the volume ID, bar code, and file number for the catalog backup from the summary.
The following example shows a job summary for a catalog backup:
III. Successful jobs. Sceduled or Content or Backup Job ID *Introduced at Completed at *Catalog Backup Size #(Barcodes) ----- --------------- ------------- ---------------- ------ ------------- 1 2014/06/25.01:05 2014/06/25.15:26 dataset OSB-CATALOG-DS \ 1.1 2014/06/25.01:05 2014/06/25.15:26 *catalog brhost1 17.9 MB 1 VOL000001 (000268) admin/5 *2014/06/25.17:41 2014/06/25.17:42 dataset OSB-CATALOG-DS admin/5.1*2014/06/25.17:41 2014/06/25.17:42 *catalog brhost1 18.5 MB OSB-CATALOG-MF-000001(000016)
If the volume containing your catalog backup is in the tape library, but if you do not know which volume contains the backup, then run the identifyvol
and lsvol
commands to find the volume. If you have a barcode reader this won't be necessary, just run identifyvol -import
on the tape with the barcode label you need to use for the catalog restore
The following example shows how to identify a catalog volume:
ob> identifyvol --import -D brhost2_tape_1 1-2 Seq Volume Volume Archive Client Backup Archive Create # ID Tag File Sect Host Level Date & Time 1 VOL000001 000268 1 1 brhost1 0 2014/06/25 15:25:58 End of volume set. Seq Volume Volume Archive Client Backup Archive Create # ID Tag File Sect Host Level Date & Time 1 OSB-CATALOG-MF-000001 000016 1 1 brhost1 0 2014/06/25 17:42:16 End of volume set.
If the volume containing your catalog backup is not in the tape library, and if you do not know which volume contains the backup, then you must perform additional work. You must perform the following steps until you locate the correct volume:
Unload the volumes in the library.
Load new volumes
Run the inventory
command from Step 8
Run the identifyvol
command for each volume until you find a likely candidate, then you can move on to Step 11.
Once you have identified the tape containing the most recent OSB-CATALOG-BACKUP
, you can generate a browsable index for it using the catalog
command. To do this, perform the following commands:
ob> identifyvol -import -D <drive> <storage element number>
(Skip this step if you've performed it earlier. This step is necessary to get the volume ID for use in the catalog command)
ob> catalog -v OSB-CATALOG-MF-000001 -D brhost2_tape_1 Info: catalog import request 1 submitted; job id is.admin/1
Restore the catalog data to alternate directories to stage it for recovering the administrative server, this example is for *nix and uses the default Oracle Secure Backup paths, but the equivalent can be done on Windows as well:
ob> set host brhost1 ob> cd /usr/local/oracle/backup ob> restore admin --aspath /usr/local/oracle/backup/admin-restored -h brhost1 --go Info: 1 catalog restore request item submitted; job id is admin/7. ob> ob> cd /usr/etc/ ob> ls ob/ ob> pwd /usr/etc on host brhost1 (browsing catalog data) ob> restore ob --aspath /usr/etc/ob-restored --go Info: 1 catalog restore request item submitted; job id is admin/8. ob>
The following example shows the Windows case for a restore of the catalog data using the default Oracle Secure Backup paths:
ob> set host brhost1 ob> cd "C:\Program Files\Oracle\Backup" ob> restore admin --aspath C:\admin-restored -h brhost1 --go Info: 1 catalog restore request item submitted; job id is admin/1. ob> ob> cd "C:\Program Files\Oracle\Backup" ob> restore db --aspath C:\db-restored --go Info: 1 catalog restore request item submitted; job id is admin/2
On the administrative server, stop all Oracle Secure Backup services.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
On the media server, stop all Oracle Secure Backup services.
See Oracle Secure Backup Reference for the operating system-specific command syntax to startup and shutdown Oracle Secure Backup services.
Confirm that catalog files have been restored properly by listing the contents of the restored directories.
The following Linux and UNIX example lists the restored ob
and admin
directories:
$ ls /usr/local/oracle/backup/admin-restored config encryption history log security state $ ls /usr/etc/ob-restored osbdevs report wallet xcr
The following Windows example lists the restored db
and admin
directories:
C:\>dir /w c:\admin-restored Volume in drive C has no label. Volume Serial Number is 240F-6921 Directory of c:\admin-restored [.] [..] [config] [encryption] [history] [log] [security] [state] 0 File(s) 0 bytes 8 Dir(s) 254,307,901,952 bytes free C:\>dir /w c:\db-restored Volume in drive C has no label. Volume Serial Number is 240F-6921 Directory of c:\db-restored [.] [..] .hostid obconfig.txt [report] [wallet] [xcr] 2 File(s) 488 bytes 5 Dir(s) 254,307,901,952 bytes free
On the administrative server, remove the following directories from the Oracle Secure Backup home:
ob
(Linux and UNIX) or db
(Windows) directory
admin
directory
The following Linux and UNIX example deletes the /usr/etc/ob
and /usr/local/oracle/backup/admin
directories:
$ rm -rf /usr/etc/ob $ rm -rf /usr/local/oracle/backup/admin
The following Windows example deletes the C:\Program
Files\Oracle\Backup\admin and C:\Program Files\Oracle\Backup\db directories. C:\>cd C:\Program Files\Oracle\Backup C:\Program Files\Oracle\Backup>del /S admin C:\Program Files\Oracle\Backup>del /S db
Move the restored Oracle Secure Backup directories to their original locations on the administrative domain.
The following Linux and UNIX example renames the restored directories:
$ mv /usr/local/oracle/backup/admin-restored /usr/local/oracle/backup/admin $ mv /usr/etc/ob-restored /usr/etc/ob
The following Windows example renames the restored directories:
C:\>cd C:\Program Files\Oracle\Backup C:\Program Files\Oracle\Backup>move /Y C:\db-restored db C:\Program Files\Oracle\Backup>move /Y C:\admin-restored admin
After you have restored the catalog files, the administrative domain is not yet ready for normal operation. This section explains how to return the domain for normal use.
To make the administrative domain operational:
Choose one of the following options:
If the tape drive is locally attached to the administrative server, skip to Step 3.
If the tape drive is attached to a remote media server, and if this remote host does not run Oracle Secure Backup software, skip to Step 3.
If the tape drive is attached to a remote media server, and if this remote host does run Oracle Secure Backup software, then perform the tasks in Step 2.
Perform the following steps:
On the remote media server, stop the Oracle Secure Backup services.
See Oracle Secure Backup Reference for operating system-specific command syntax.
Move the original /usr/etc/ob directory back into place:
On Unix, use the following command:
# mv /usr/etc/ob.sav /usr/etc/ob
On Windows, use the following command:
C:\>cd C:\Program Files\Oracle\Backup
C:\Program Files\Oracle\Backup>del /S db
C:\ Program Files\Oracle\Backup> move /Y db-save db
On the remote media server, start the Oracle Secure Backup services.
On the administrative server, re-create the obfuscated encryption wallet.
Although Oracle Secure Backup restores the password-protected encryption wallet to the administrative server, for security reasons the obfuscated encryption wallet is not backed up. You must re-create it manually after a restore operation, specifying the password used to create the original encryption wallet.
Note:
You must know your original encryption wallet password to accomplish this task.
The following example uses the obcm
command to re-create the wallet:
obcm mkow --keywallet
When prompted, enter the wallet password.
After you run the above command, when you attempt to run obtool
, you may encounter the following error:
obtool: Error: can't connect to administrative observiced - Network is unreachable
You can resolve this error by stopping and restarting the Oracle Secure Backup services.
On the administrative server, stop and restart the Oracle Secure Backup services.
See Oracle Secure Backup Reference for operating system-specific command syntax.
See Also:
If the catalog restore was performed using a remote media server, cycle the Oracle Secure Backup daemons on that server.
If the daemons have not been cycled, the following error message may be displayed indicating that you must first cycle daemons before your administrative domain will be operational:
Error: can't connect to Oracle Secure Backup service daemon on brhost2 - observiced not running
brhost2: no services are available
On the administrative server, perform an initial inventory on the library before using it for the first time.
For example, run the following command on library brhost2_lib_1
:
ob> inventory -L brhost2_lib_1
Confirm that the recovered Oracle Secure Backup administrative domain is intact.
Check devices, datasets, volumes, jobs, media families, and other associated Oracle Secure Backup objects to confirm they are present and working as expected in the domain.
If an Oracle Secure Backup domain does not contain tape devices, a disk pool device can be used for catalog backups. It is recommended that a separate disk pool device be created exclusively for use by catalog backups. In the event of a catastrophic failure involving the administrative server, having a separate disk pool device reserved for this purpose will simplify and expedite restoring the Oracle Secure Backup domain.
For example:
ob> mkdev --type disk --attach <AdminHost>:<disk-pool-storage-location-path> CatalogDiskPool
The storage location selected for the disk pool should be on a remote disk, physically separate from the Oracle Secure Backup administrative server but easily accessible by NFS or another mounting protocol. The disk should be selected so that a failure of the administrative server does not impact the accessibility of the <disk-pool-storage-location-path>
by a substitute server on the network.
In order to automate the process, the OSB-CATALOG-SCHED
should be modified to restrict the catalog backup to the disk pool.
For example:
ob> chsched --restrict <CatalogDiskPool> OSB-CATALOG-SCHED
The following procedure describes an example of a disaster recovery of an Oracle Secure Backup administrative domain on a Linux administrative server. The steps for accessing the Oracle Secure Backup catalog backup data from a diskpool device are the same for all platforms, although the particulars of disaster recovery will differ slightly.
See Also:
Restoring the Oracle Secure Backup Catalog in a Tape Domain for more information on the restore details associated with a tape environment
To restore the Oracle Secure Backup Catalog, complete the following steps: