Purpose
Use the makedev tool to configure a tape device for use with Oracle Secure Backup. This tool provides an alternative to creating a device special file with installob.
Prerequisites
You must run this utility as root on a Linux or UNIX system.
Usage Notes
Note the following aspects of makedev usage:
The makedev tool creates device special files for a UNIX media server. For each tape drive that you define, makedev creates one special file. For each tape library you define, makedev creates a single device file.
The makedev tool prompts you for any required information that you do not supply on the command line. You can respond to any prompt with a question mark (?) to display more information.
Syntax
install/makedev [ -u unit ] [ -d ] [ -b bus ] [ -t target ] [ -l lun ] [ -f ] [ -n ] [ -x ] [ -y ] [ -z ] [ -h | ? | -? ] [ -dr | -mh ]
Semantics
Creates the device special file for the tape device specified by Oracle Secure Backup logical unit number, which can range in value from 0 through 31.
The Oracle Secure Backup logical unit number of a tape device is a number assigned by you and used by makedev to create unique filenames for the tape devices connected to the media server. Although it is not a requirement, unit numbers usually start at 0.
Uses the default value for each unspecified option instead of prompting for it. Note that you must always specify a unit number (-u) even if you use this option.
Specifies the SCSI bus number, address, or instance (depending on operating system type), to which the tape device is attached.
Table A-1 lists the default SCSI bus designation for each supported operating system type.
Table A-1 Default SCSI Bus Designations
| Operating System | Default SCSI Bus Type |
|---|---|
|
Solaris |
esp0 (driver name/instance) |
Specifies the SCSI target ID of the tape device, which can range from 0 through 15. The default depends on the logical unit number that you specified with the -u option.
Specifies the SCSI LUN of the tape device. Most operating systems support only LUN 0 and 1.The default LUN is 0.
Be careful not to confuse the SCSI LUN with the Oracle Secure Backup logical unit number. The LUN is part of the hardware address of the tape device; the Oracle Secure Backup logical unit number is part of the device special file name.
Replaces any existing files or drivers without prompting for confirmation. By default, makedev prompts you to confirm replacement of any existing device special files.
Displays the commands that is processed by makedev to generate device special files, but does not actually create the files.
Displays all commands as they are processed by makedev.
Traces entry and exit from each subscript as it is processed by makedev.
Generates a trace file, makedev.trc, in the current directory. This file contains the output of the methods used to define and configure the tape device.
Displays a summary of makedev usage. You might be required to type -\? instead of -? to avoid shell wildcard expansion.
Creates special files for a tape drive. This the default.
Creates special files for a SCSI tape library.
Example
Example A-1 Creating a Device Special File for a Tape Drive
This example uses makedev to create a device special file. The example creates a special file for a tape drive, unit 0, at the default SCSI bus and target.
# install/makedev -u 0 -d
Purpose
Use the obcleanup tool to generate an editable file listing the volumes in the Oracle Secure Backup catalog and to remove unneeded records.
If previously used volumes are unlabeled or overwritten, then the index daemon automatically removes expired backups from the catalog at the interval set by the indexcleanupfrequency index policy (the default is 21 days). In this case, no manual intervention is necessary.
If volumes expire but are not unlabeled or overwritten, then their catalog entries persist unless you remove them with obcleanup. You can also use obcleanup to remove references to volumes that are no longer needed but are not set to expire. Because the catalogs can consume considerable disk space, you might want to run obcleanup periodically to keep the admin subdirectory of the Oracle Secure Backup home to a manageable size.
Prerequisites
The obcleanup utility operates only on the administrative server.
Usage Notes
When you run the obcleanup program on the command line, it lists the contents of the catalogs in a file, which is opened in an editor. The default text editor is set by the EDITOR environment variable. On Linux and UNIX, the default is /bin/vi if the EDITOR environment variable is not set. On Windows the default is Notepad.
Each line in the file contains a reference to a volume that you could purge from the catalogs. For example:
#Item Identification Created Where Notes
#---- ---------------------------- -------------- ----- ---------------------
1 VOL000001 2004/06/07.15:51 IS IX volume is full
Volumes that have expiration policies associated with them are noted in this file. If you have discarded or overwritten tapes, then use a text editor to delete the lines corresponding to these tapes from the file, save the modified file, and exit the editor.
After you delete records from the generated file and save it, obixd runs in the background and automatically removes the deleted records from the catalogs. You can configure the obixd cycle time in the index policy. The default cycle time is 21 days.
Syntax
etc/obcleanup [ -a ] [ -d ] [ -s { d | v | t } ] [ -v ]...
etc/obcleanup [ -V ]
Semantics
Shows individual archive records in addition to volume records.
Shows previously deleted records.
Sorts the list by date (d), volume ID (v), or volume tag (t).
Operates in verbose mode. The more -v options you specify, the more verbose the output.
Displays the obcleanup version and exits.
Example
Example A-2 Sample Output from obcleanup
This example shows the editable file generated by the obcleanup utility for host brhost2.
% etc/obcleanup
# This file lists all volumes described in Oracle Secure Backup's
# "volumes" and "index" databases on brhost2.
#
# Edit this file to delete entries from Oracle Secure Backup's databases.
# Delete each line whose corresponding database entry you want
# to remove. Do not change the contents of the undeleted lines!
#
# Once you've finished, save your changes and exit the editor.
# obcleanup will ask you to confirm these changes before applying
# them to the databases.
#
#Item Identification Created Where Notes
#---- ---------------------------- -------------- ----- ---------------------
1 tag 00000105 IS
2 tag 00000110 IS
3 tag 00000111 IS
4 tag 00000121 IS
5 tag 00000155 IS
6 tag 00000156 IS
7 tag 00000157 IS
8 tag 00000158 IS
9 tag AEA649S IS
10 tag AEA650S IS
11 tag AEA655S IS
12 tag AFX935 IS
13 tag AFX936 IS
14 tag AFX936 IS
15 full-000001 2008/01/17.18:12 IX
16 full-000002 2008/01/17.18:12 IX
17 full-000003 2008/01/17.18:12 IX
18 full-000004 2008/06/05.01:02 IX
19 full-000005 2008/07/04.01:02 IX
20 full-000006 2008/08/06.01:04 IX
21 full-000007 2008/09/06.01:00 IX
22 full-000008 2008/09/06.01:00 IX
23 full-000009 2008/11/04.15:05 IX
24 full-000010 2008/11/04.15:05 IX
Purpose
Use the obcm tool to renew, export, or import an identity certificate, to manage the encryption key wallet, to update domain certificates, and to create a wallet used for cloud storage devices. Importing or exporting an identity certificate is required if you do not accept the default Oracle Secure Backup security behavior, which is for the Certification Authority (CA) to issue a signed certificate to each host over the network.
When using a cloud storage device, use the obcm tool to create and manage the cloud wallet.
The observiced daemon on the administrative server acts as the CA. The CA has two responsibilities for certificates: it accepts certificate signing requests from hosts within the system as part of the mkhost process and sends signed certificates back to the requesting host.
In manual certificate provisioning mode, you run obcm export --certificate on the administrative server to export a signed certificate for the newly configured host. You must manually transfer this signed certificate to the newly configured host.
After manually transferring the certificate to the host, run obcm import on the newly configured host to import the signed certificate into the host's wallet. In this case, obcm directly accesses the wallet of the host. After it has made changes to the local wallet, obcm notifies the local observiced so that the local observiced can re-create the obfuscated wallet.
Prerequisites
All obcm commands should be run as root in Linux or UNIX or as an administrative user in Windows.
You must have write permissions in the wallet directory, which by default is /usr/etc/ob/wallet on Linux and UNIX and C:\Program Files\Oracle\Backup\db\wallet on Windows.
Syntax
obcm chpass --keywallet/-k name [ --newpass/-n new_psword ] [ --oldpass/-o old_psword ] obcm decertify [ --nq | --resign ] obcm display [--cloudwallet/-c | --idwallet/-i | --keywallet/-k | --crl/-l] [--password/-p password] [--verbose/-v] obcm export { --certificate/-c | --request/-r } --file/-f cert_file --host/-h hostname obcm import --file/-f signed_certificate_file obcm mkow --keywallet/-k key_wallet [ --password/-p psword ] obcm recertifydomain [ --nocomm/-h ] [ --expires/-e months ] [ --noquery/--nq ] obcm ca [ enable | disable ] certification authority obcm verifycomm obcm wallet [--create/-c] [--cloudwallet/-L | --wpath/-w wallet path] [--add/-a certificate path]
Semantics
Changes the password for the Oracle Secure Backup encryption key wallet. The --keywallet argument is required. If --newpass or --oldpass is not specified, then you are prompted for the corresponding password.
Deletes local host certification data. If you specify --nq, then the command does not display a confirmation message. If you do not specify this option, then the command displays a confirmation message. "Command Execution in Interactive Mode" describes the message.
Specify the --resign option to remove the client host from the Oracle Secure Backup administrative domain. This option is necessary when moving a host from one backup domain to another.
For proper decertification of a host, Oracle recommends that you first close all obtool sessions and Oracle Secure Backup processes running on that host.
If you run obcm decertify as a user other than root in Linux or UNIX or an administrative user in Windows, then Oracle Secure Backup does not display an error but the host is not decertified. An attempt to decertify the administrative server fails with an error. The obcm decertify command can be run more than once on other hosts, but only the first operation actually decertifies the host.
You can use the rmhost --nocomm/-N hostname command to remove a decertified host from the Oracle Secure Backup domain.
To recertify a decertified host, Oracle recommends that you use the updatehost command with the recertify option, rather than using the rmhost and mkhost commands in obtool. Because the rmhost and the mkhost commands remove the host and then add it back in to the domain, they attribute some Oracle Secure Backup objects as deleted. The rmhost command also deletes the catalog restore data for that host.
Displays the contents of the identity, encryption key, or cloud wallet. The --crl option displays the certificate revocation list. If no wallet type is specified, then data from the identity wallet is displayed. You can use the --password option to display the contents of the password-protected encryption key wallet. This can be useful during a recovery from a lost catalog, when the obfuscated version of the encryption key wallet has been lost.
The --certificate option exports a signed certificate chain for the specified host to the specified text file. The --request option exports a certificate request for the specified host to the specified text file. Both the --file and --hostname arguments are required.
Imports a signed_certificate_chainfrom the specified text file. The --file argument is required.
Re-creates the obfuscated encryption key wallet with the existing password, in instances like Oracle Secure Backup disaster recovery. If --password is not specified, then you are prompted for the password.
Use the --nocomm option to request the renewal of certification authority, with no interaction with other Oracle Secure Backup components. Note that in the case where the Oracle Secure Backup service daemon cannot start, using the --nocomm parameter is mandatory.
Use the --expires option to set the lifetime duration, in months, for the renewed certificates in your domain. This value overrides the lifetime set using the certlifetime policy.
--expires parameter is mandatory in the following scenarios:
The certificates have already expired.
obcm version 12.2.0.1 is executing within an Oracle Secure Backup 12.2.0.1 or prior domain.
Before using the obcm recertifydomain command, you must meet the following requirements:
Ensure that observiced is running on your domain
Temporarily suspend the backup scheduler
Ensure that the current host is the administrative server
Ensure that there are no active or pending jobs
To permanently disable renewal of certificates, see how to renew certificates in manual certificate provisioning mode in the Oracle Secure Backup Installation and Configuration Guide..
obcm can successfully communicate with observiced. Run this command to diagnose connection errors in your domain.wallet options:
--cloudwallet
--wpath specifies a path for the wallet to be created
--add adds a trust point to the wallet
Examples
Example A-3 Exporting a Signed Certificate Chain
This example exports a signed certificate chain for host new_client to the file new_client_cert.f. The utility runs on the administrative server.
obcm export -c -f /tmp/new_client_cert.f -h new_client
Example A-4 Importing a Signed Certificate Chain
This example imports a signed certificate chain from the file client_cert.f. The utility is run on the host being added to the administrative domain.
obcm import -f /tmp/new_client_cert.f
Example A-5 Creating a Cloud Wallet Containing Trust Points Using Certificate Files
This example creates a cloud wallet containing trust points using certificate files.
#obcm wallet --create --cloudwallet Wallet Password:
#obcm wallet --cloudwallet --add /tmp/cacertificate1.crt Wallet password:
#obcm wallet --cloudwallet --add /tmp/cacertificate2.crt Wallet Password:
obcm command display --cloudwallet -v to validate that the certificates were added correctly to the cloud wallet. The output should show two trust points in the wallet, as follows:
There are 0 certificate requests in the wallet
There are 0 certificates in the wallet
There are 2 trust points in the wallet
Trust point:
DN: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For
authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Type: NZDST_CLEAR_PTP
Public key size: 2048
Key usage: CA CERT SIGNING
Serial number: 0x513FB9743870B73440418D30930699FF
Version: NZTTVERSION_X509v3
Signature algorithm: NZDCATSHA256RSA
Valid from: 2013/10/31.00:00:00 (UTC)
Valid to: 2023/10/30.23:59:59 (UTC)
Trust point:
DN: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For
authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For
authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Type: NZDST_CLEAR_PTP
Public key size: 2048
Key usage: CA CERT SIGNING
Serial number: 0x18DAD19E267DE8BB4A2158CDCC6B3B4A
Version: NZTTVERSION_X509v3
Signature algorithm: NZDCATSHA1RSA
Valid from: 2006/11/08.00:00:00 (UTC)
Valid to: 2036/07/16.23:59:59 (UTC)
Purpose
Use the uninstallob tool to uninstall Oracle Secure Backup from your system. The uninstallob script gives the user the choice to save the administrative directory if uninstalling an administrative server or to save the system's identity if uninstalling a media server or client.
Prerequisites
You must run this utility as root on a Linux or UNIX system.
Syntax
install/uninstallob
Example
Example A-6 Uninstalling Oracle Secure Backup
This example uses uninstallob to uninstall Oracle Secure Backup from an administrative server.
# install/uninstallob Do you want to save the admin directory (y or n) [y]? :y Do you want to continue (y or n) [n]? : y Oracle Secure Backup was successfully uninstalled