A Miscellaneous Programs
makedev
Purpose
Use the makedev
tool to configure a tape device for use with Oracle Secure Backup. This tool provides an alternative to creating a device special file with installob
.
Prerequisites
You must run this utility as root
on a Linux or UNIX system.
Usage Notes
Note the following aspects of makedev
usage:
-
The
makedev
tool creates device special files for a UNIX media server. For each tape drive that you define, makedev creates one special file. For each tape library you define, makedev creates a single device file. -
The
makedev
tool prompts you for any required information that you do not supply on the command line. You can respond to any prompt with a question mark (?
) to display more information.
Syntax
install/makedev [ -u unit ] [ -d ] [ -b bus ] [ -t target ] [ -l lun ] [ -f ] [ -n ] [ -x ] [ -y ] [ -z ] [ -h | ? | -? ] [ -dr | -mh ]
Semantics
- -u unit
-
Creates the device special file for the tape device specified by Oracle Secure Backup logical unit number, which can range in value from 0 through 31.
The Oracle Secure Backup logical unit number of a tape device is a number assigned by you and used by makedev to create unique filenames for the tape devices connected to the media server. Although it is not a requirement, unit numbers usually start at 0.
- -d
-
Uses the default value for each unspecified option instead of prompting for it. Note that you must always specify a unit number (
-u
) even if you use this option. - -b bus
-
Specifies the SCSI bus number, address, or instance (depending on operating system type), to which the tape device is attached.
Table A-1 lists the default SCSI bus designation for each supported operating system type.
Table A-1 Default SCSI Bus Designations
Operating System Default SCSI Bus Type Solaris
esp0 (driver name/instance)
- -t target
-
Specifies the SCSI target ID of the tape device, which can range from 0 through 15. The default depends on the logical unit number that you specified with the
-u
option. - -l lun
-
Specifies the SCSI LUN of the tape device. Most operating systems support only LUN 0 and 1.The default LUN is 0.
Be careful not to confuse the SCSI LUN with the Oracle Secure Backup logical unit number. The LUN is part of the hardware address of the tape device; the Oracle Secure Backup logical unit number is part of the device special file name.
- -f
-
Replaces any existing files or drivers without prompting for confirmation. By default, makedev prompts you to confirm replacement of any existing device special files.
- -n
-
Displays the commands that is processed by
makedev
to generate device special files, but does not actually create the files. - -x
-
Displays all commands as they are processed by
makedev
. - -y
-
Traces entry and exit from each subscript as it is processed by
makedev
. - -z (AIX only)
-
Generates a trace file,
makedev.trc
, in the current directory. This file contains the output of the methods used to define and configure the tape device. - [ -h | | -? ]
-
Displays a summary of makedev usage. You might be required to type
-\?
instead of-?
to avoid shell wildcard expansion. - -dr
-
Creates special files for a tape drive. This the default.
- -mh
-
Creates special files for a SCSI tape library.
Example
Example A-1 Creating a Device Special File for a Tape Drive
This example uses makedev
to create a device special file. The example creates a special file for a tape drive, unit 0, at the default SCSI bus and target.
# install/makedev -u 0 -d
obcleanup
Purpose
Use the obcleanup
tool to generate an editable file listing the volumes in the Oracle Secure Backup catalog and to remove unneeded records.
If previously used volumes are unlabeled or overwritten, then the index daemon automatically removes expired backups from the catalog at the interval set by the indexcleanupfrequency index policy (the default is 21 days). In this case, no manual intervention is necessary.
If volumes expire but are not unlabeled or overwritten, then their catalog entries persist unless you remove them with obcleanup
. You can also use obcleanup
to remove references to volumes that are no longer needed but are not set to expire. Because the catalogs can consume considerable disk space, you might want to run obcleanup
periodically to keep the admin subdirectory of the Oracle Secure Backup home to a manageable size.
Prerequisites
The obcleanup
utility operates only on the administrative server.
Usage Notes
When you run the obcleanup
program on the command line, it lists the contents of the catalogs in a file, which is opened in an editor. The default text editor is set by the EDITOR
environment variable. On Linux and UNIX, the default is /bin/vi
if the EDITOR
environment variable is not set. On Windows the default is Notepad.
Each line in the file contains a reference to a volume that you could purge from the catalogs. For example:
#Item Identification Created Where Notes #---- ---------------------------- -------------- ----- --------------------- 1 VOL000001 2004/06/07.15:51 IS IX volume is full
Volumes that have expiration policies associated with them are noted in this file. If you have discarded or overwritten tapes, then use a text editor to delete the lines corresponding to these tapes from the file, save the modified file, and exit the editor.
After you delete records from the generated file and save it, obixd
runs in the background and automatically removes the deleted records from the catalogs. You can configure the obixd
cycle time in the index policy. The default cycle time is 21 days.
Syntax
etc/obcleanup [ -a ] [ -d ] [ -s { d | v | t } ] [ -v ]... etc/obcleanup [ -V ]
Semantics
- -a
-
Shows individual archive records in addition to volume records.
- -d
-
Shows previously deleted records.
- -s
-
Sorts the list by date (
d
), volume ID (v
), or volume tag (t
). - -v
-
Operates in verbose mode. The more
-v
options you specify, the more verbose the output. - -V
-
Displays the
obcleanup
version and exits.
Example
Example A-2 Sample Output from obcleanup
This example shows the editable file generated by the obcleanup
utility for host brhost2
.
% etc/obcleanup # This file lists all volumes described in Oracle Secure Backup's # "volumes" and "index" databases on brhost2. # # Edit this file to delete entries from Oracle Secure Backup's databases. # Delete each line whose corresponding database entry you want # to remove. Do not change the contents of the undeleted lines! # # Once you've finished, save your changes and exit the editor. # obcleanup will ask you to confirm these changes before applying # them to the databases. # #Item Identification Created Where Notes #---- ---------------------------- -------------- ----- --------------------- 1 tag 00000105 IS 2 tag 00000110 IS 3 tag 00000111 IS 4 tag 00000121 IS 5 tag 00000155 IS 6 tag 00000156 IS 7 tag 00000157 IS 8 tag 00000158 IS 9 tag AEA649S IS 10 tag AEA650S IS 11 tag AEA655S IS 12 tag AFX935 IS 13 tag AFX936 IS 14 tag AFX936 IS 15 full-000001 2008/01/17.18:12 IX 16 full-000002 2008/01/17.18:12 IX 17 full-000003 2008/01/17.18:12 IX 18 full-000004 2008/06/05.01:02 IX 19 full-000005 2008/07/04.01:02 IX 20 full-000006 2008/08/06.01:04 IX 21 full-000007 2008/09/06.01:00 IX 22 full-000008 2008/09/06.01:00 IX 23 full-000009 2008/11/04.15:05 IX 24 full-000010 2008/11/04.15:05 IX
obcm
Purpose
Use the obcm
tool to renew, export, or import an identity certificate, to manage the encryption key wallet, to update domain certificates, and to create a wallet used for cloud storage devices. Importing or exporting an identity certificate is required if you do not accept the default Oracle Secure Backup security behavior, which is for the Certification Authority (CA) to issue a signed certificate to each host over the network.
When using a cloud storage device, use the obcm
tool to create and manage the cloud wallet.
The observiced
daemon on the administrative server acts as the CA. The CA has two responsibilities for certificates: it accepts certificate signing requests from hosts within the system as part of the mkhost
process and sends signed certificates back to the requesting host.
In manual certificate provisioning mode, you run obcm export
--certificate
on the administrative server to export a signed certificate for the newly configured host. You must manually transfer this signed certificate to the newly configured host.
After manually transferring the certificate to the host, run obcm import
on the newly configured host to import the signed certificate into the host's wallet. In this case, obcm directly accesses the wallet of the host. After it has made changes to the local wallet, obcm
notifies the local observiced
so that the local observiced
can re-create the obfuscated wallet.
Prerequisites
All obcm
commands should be run as root
in Linux or UNIX or as an administrative user in Windows.
You must have write permissions in the wallet directory, which by default is /usr/etc/ob/wallet
on Linux and UNIX and C:\Program Files\Oracle\Backup\db\wallet
on Windows.
Syntax
obcm chpass --keywallet/-k name [ --newpass/-n new_psword ] [ --oldpass/-o old_psword ] obcm decertify [ --nq | --resign ] obcm display [--cloudwallet/-c | --idwallet/-i | --keywallet/-k | --crl/-l] [--password/-p password] [--verbose/-v] obcm export { --certificate/-c | --request/-r } --file/-f cert_file --host/-h hostname obcm import --file/-f signed_certificate_file obcm mkow --keywallet/-k key_wallet [ --password/-p psword ] obcm recertifydomain [ --nocomm/-h ] [ --expires/-e months ] [ --noquery/--nq ] obcm ca [ enable | disable ] certification authority obcm verifycomm obcm wallet [--create/-c] [--cloudwallet/-L | --wpath/-w wallet path] [--add/-a certificate path]
Semantics
- chpass --keywallet/-k name [--newpass/-n new_psword [--oldpass/-o old_psword]
-
Changes the password for the Oracle Secure Backup encryption key wallet. The
--keywallet
argument is required. If--newpass
or--oldpass
is not specified, then you are prompted for the corresponding password. - decertify [--nq | --resign]
-
Deletes local host certification data. If you specify
--nq
, then the command does not display a confirmation message. If you do not specify this option, then the command displays a confirmation message. "Command Execution in Interactive Mode" describes the message.Specify the
--resign
option to remove the client host from the Oracle Secure Backup administrative domain. This option is necessary when moving a host from one backup domain to another.For proper decertification of a host, Oracle recommends that you first close all
obtool
sessions and Oracle Secure Backup processes running on that host.If you run
obcm decertify
as a user other thanroot
in Linux or UNIX or an administrative user in Windows, then Oracle Secure Backup does not display an error but the host is not decertified. An attempt to decertify the administrative server fails with an error. Theobcm decertify
command can be run more than once on other hosts, but only the first operation actually decertifies the host.You can use the
rmhost
--nocomm/-N
hostname
command to remove a decertified host from the Oracle Secure Backup domain.To recertify a decertified host, Oracle recommends that you use the
updatehost
command with therecertify
option, rather than using thermhost
andmkhost
commands inobtool
. Because thermhost
and themkhost
commands remove the host and then add it back in to the domain, they attribute some Oracle Secure Backup objects asdeleted
. Thermhost
command also deletes the catalog restore data for that host. - display {[ cloudwallet/-c | -idwallet/-I ] | [ keywallet/-k | --crl/-l]} [password/-p password] [verbose/-v]
-
Displays the contents of the identity, encryption key, or cloud wallet. The
--crl
option displays the certificate revocation list. If no wallet type is specified, then data from the identity wallet is displayed. You can use the--password
option to display the contents of the password-protected encryption key wallet. This can be useful during a recovery from a lost catalog, when the obfuscated version of the encryption key wallet has been lost. - export {--certificate/-c | --request/-r} [--file/-f cert_file] [--host/-h hostname]
-
The
--certificate
option exports a signed certificate chain for the specified host to the specified text file. The--request
option exports a certificate request for the specified host to the specified text file. Both the--file
and--hostname
arguments are required. - import [--file/ -f signed_certificate_chain]
-
Imports a signed_certificate_chainfrom the specified text file. The
--file
argument is required. - mkow [--keywallet/-k key_wallet] [--password/-p password]
-
Re-creates the obfuscated encryption key wallet with the existing password, in instances like Oracle Secure Backup disaster recovery. If
--password
is not specified, then you are prompted for the password. - recertifydomain [ --nocomm/-h ] [ --expires/-e months ] [ --noquery/--nq ]
- Triggers the renewal of the signing certificate of your domain. This command must be run on the administrative host.
Use the
--nocomm
option to request the renewal of certification authority, with no interaction with other Oracle Secure Backup components. Note that in the case where the Oracle Secure Backup service daemon cannot start, using the--nocomm
parameter is mandatory.Use the
--expires
option to set the lifetime duration, in months, for the renewed certificates in your domain. This value overrides the lifetime set using the certlifetime policy.Using the--expires
parameter is mandatory in the following scenarios:-
The certificates have already expired.
-
obcm
version 12.2.0.1 is executing within an Oracle Secure Backup 12.2.0.1 or prior domain.
Before using the
obcm recertifydomain
command, you must meet the following requirements:-
Ensure that observiced is running on your domain
-
Temporarily suspend the backup scheduler
-
Ensure that the current host is the administrative server
-
Ensure that there are no active or pending jobs
-
- ca [ enable | disable ] certification authority
- Manages host certification on support versions of Oracle Secure Backup. This command temporarily enables or disables recertification of signing certificates.
To permanently disable renewal of certificates, see how to renew certificates in manual certificate provisioning mode in the Oracle Secure Backup Installation and Configuration Guide..
- verifycomm
- Verifies the validity of host certificates by determining whether
obcm
can successfully communicate withobserviced
. Run this command to diagnose connection errors in your domain. - wallet [--create/-c] [--cloudwallet/-L | --wpath/-w wallet path] [--add/-a certificate path]
- Creates a user wallet and imports certificates into the wallet. The following are the
wallet
options:-
indicates that the certificate management function will be applied to the cloud wallet--cloudwallet
-
--wpath
specifies a path for the wallet to be created -
using the specified certificate--add
adds a trust point to the wallet
-
Examples
Example A-3 Exporting a Signed Certificate Chain
This example exports a signed certificate chain for host new_client
to the file new_client_cert.f
. The utility runs on the administrative server.
obcm export -c -f /tmp/new_client_cert.f -h new_client
Example A-4 Importing a Signed Certificate Chain
This example imports a signed certificate chain from the file client_cert.f
. The utility is run on the host being added to the administrative domain.
obcm import -f /tmp/new_client_cert.f
Example A-5 Creating a Cloud Wallet Containing Trust Points Using Certificate Files
This example creates a cloud wallet containing trust points using certificate files.
-
Create a cloud wallet.
#obcm wallet --create --cloudwallet
-
Add the downloaded certificate to the cloud wallet just created.
#obcm wallet --cloudwallet --add /tmp/cacertificate1.crt
-
Add the intermediate CA certificate.
#obcm wallet --cloudwallet --add /tmp/cacertificate2.crt
-
You can use the
obcm
commanddisplay --cloudwallet -v
to validate that the certificates were added correctly to the cloud wallet. The output should show two trust points in the wallet, as follows:There are 0 certificate requests in the wallet There are 0 certificates in the wallet There are 2 trust points in the wallet Trust point: DN: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US Type: NZDST_CLEAR_PTP Public key size: 2048 Key usage: CA CERT SIGNING Serial number: 0x513FB9743870B73440418D30930699FF Version: NZTTVERSION_X509v3 Signature algorithm: NZDCATSHA256RSA Valid from: 2013/10/31.00:00:00 (UTC) Valid to: 2023/10/30.23:59:59 (UTC) Trust point: DN: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US Type: NZDST_CLEAR_PTP Public key size: 2048 Key usage: CA CERT SIGNING Serial number: 0x18DAD19E267DE8BB4A2158CDCC6B3B4A Version: NZTTVERSION_X509v3 Signature algorithm: NZDCATSHA1RSA Valid from: 2006/11/08.00:00:00 (UTC) Valid to: 2036/07/16.23:59:59 (UTC)
obsum
Purpose
Use the obsum
tool to generate summary reports without
affecting the Oracle Secure Backup job scheduler.
A scheduled summary report created using mksum
can overload the
scheduler, if there are large number of jobs in the system. This may result in
unresponsive scheduler and backup jobs getting suspended.
Run the obsum
utility to generate summary reports to avoid this
problem, as obsum
runs independent of the scheduler.
Prerequisites
You must run this command-line utility,
$OSB_HOME/bin/obsum
, as root on the administrative server.
Usage Notes
Note the following aspects of obsum
usage:
-
Log into
obtool
and view the job summary schedule formysum
.lssum -l mysum
mysum: Produce on: daily at 00:00 Covers preceding: 72 hours In the report, include: Backup jobs: yes Restore jobs: yes Oracle backup jobs: yes Oracle restore jobs: yes Duplication jobs: yes Scheduled jobs: yes User jobs: yes Subordinate jobs: yes Superseded jobs: no Catalog backup jobs: no Media movement jobs: yes Catalog import jobs: yes Copy instance jobs: yes Copy from stage jobs: yes
-
Modify the summary report and remove the
Produce on days
.chsum -d "" mysum
-
View the job summaries again with the
lssum
command. Note that theProduce on days
is removed.mysum: Include activity since: Monday at 00:00 Mail to: email@address.com Limit report to hosts: localhost In the report, include: Backup jobs: yes Restore jobs: yes Oracle backup jobs: yes Oracle restore jobs: yes Duplication jobs: yes Scheduled jobs: yes User jobs: yes Subordinate jobs: yes Superseded jobs: no Catalog backup jobs: no Media movement jobs: yes Catalog import jobs: yes Copy instance jobs: yes Copy from stage jobs: yes
-
Run
obsum
to generate a summary report on demand. You can also use this command withcrontab
to generate reports on schedule basis.obsum -s mysum
Syntax
obsum { -s/--sum summary_name } [ -h/--help ] [ -v/--verbose ] [ -V/--version ]
Semantics
- -s/--sum summary_name
-
Indicates the name of the summary report object created using the
mksum
command. The summary report objects defines the job to be included in the report.See Also:
The mksum command for more details. - -h/--help
-
Displays brief help text for the command.
- -v/--verbose
-
Shows verbose information when a generating summary report.
- -V/--version
-
Displays the version and banner information for the command.
Example
Example A-6 Generating a summary report
This example generates a summary report mysum
using the
obsum
utility.
./obsum -s mysum -v Generating mysum summary report Using file create time to limit enumeration of jobs Total number of jobs in list: 11 email 'Oracle Secure Backup (localhost) summary report "mysum"' queued for delivery Summary report mysum created Summary report took 0 seconds Tmr Run Elapsed System User Total Xitions Timer # now? Time CPU Time CPU Time CPU Time to 'on' Name 0. 0.003 0.001 0.002 0.003 1 1. 0.000 0.000 0.000 0.000 1 2. 0.000 0.000 0.000 0.000 1 3. 0.000 0.000 0.000 0.000 1 4. 0.003 0.001 0.002 0.003 1 5. 0.003 0.002 0.000 0.002 1
uninstallob
Purpose
Use the uninstallob
tool to uninstall Oracle Secure Backup from your system. The uninstallob
script gives the user the choice to save the administrative directory if uninstalling an administrative server or to save the system's identity if uninstalling a media server or client.
Prerequisites
You must run this utility as root
on a Linux or UNIX system.
Syntax
install/uninstallob
Example
Example A-7 Uninstalling Oracle Secure Backup
This example uses uninstallob
to uninstall Oracle Secure Backup from an administrative server.
# install/uninstallob Do you want to save the admin directory (y or n) [y]? :y Do you want to continue (y or n) [n]? : y Oracle Secure Backup was successfully uninstalled