- 29 Mar, 2022
- 0 Comments
- 6 Mins Read
rman backup on s3?
BACKUP ORACLE DATABASES TO AWS S3
There are different options for backing up Oracle databases to Cloud, but using Oracle Secure Backup module to take backups into AWS S3 is one of the most efficient methods in terms of costs and backup/restore performance.
Oracle Secure Backup module must be installed into database Oracle Home. Using installed libraries you can then take backups via RMAN into AWS S3 the same way you backup to sbt_tape.
1- An AWS account and an IAM user with access to S3:
For setting up backups to AWS you will require an AWS account and an IAM user with full access to AWS S3. During setup Access Keys and Secret Access Key of this IAM user will be used. There is no need to have access to AWS Console.
You can use AWS Free tire for test purposes.
At step 2, create a group and attach the AmazonS3FullAccess policy.
Download the .csv user credential file on your laptop which keeps record of AWSID and secret security key
2- Oracle Secure Backup module for AWS:
You can download Oracle Secure Backup module for AWS from here
https://www.oracle.com/database/technologies/secure-backup-s3.html
3- OTN account:
During installation you need to provide an OTN account or oracle free account
4- Java 1.7 or higher:
Java 1.7 or higher must be installed on your server before you can proceed.which is already present under $ORACLE_HOME/jdk/bin/java
Installation:
1- Create Oracle Wallet Directory:
If Oracle Wallet directory does not exist, create one. This folder will be used to store AWS Access Keys and Secret Access Key.
Create this directory in $ORACLE_HOME/dbs/:
$ cd $ORACLE_HOME/dbs ip-99-99-12-118.ec2.internal:(AWSD) $ pwd /u01/app/oracle/product/19.3.0/dbhome_1/dbs ip-99-99-12-118.ec2.internal:(AWSD) $ mkdir osbws_wallet ip-99-99-12-118.ec2.internal:(AWSD) $ ls -ld osbws_wallet drwxr-xr-x 2 oracle oinstall 6 Mar 26 10:52 osbws_wallet ip-99-99-12-118.ec2.internal:(AWSD) $
2- Download osbws_installer.zip from the link provided below and put in your installation folder, in this example $ORACLE_HOME/dbs/osbws_wallet ,
https://www.oracle.com/database/technologies/secure-backup-s3.html
and you will have two files as shown below:
3- Install OSB Cloud Module for Amazon S3 into your Oracle Home:
You need to have AWS account SID and KEY , along with that you need to have OTN username and password this can also be your free oracle account and password .
Create a script that will invoke the OSB Cloud Module for Amazon S3 installer and provide all the inputs
p-99-99-12-118.ec2.internal:(AWSD) $ cat osbws_install.sh $ORACLE_HOME/jdk/bin/java -jar osbws_install.jar \ -AWSID ********************************************** \ -AWSKey ******************************************* \ -otnUser *******************@gmail.com \ -otnPass *********************** \ -walletDir $ORACLE_HOME/dbs/osbws_wallet \ -libDir $ORACLE_HOME/lib \ -configFile $ORACLE_HOME/dbs/osbwsawsd.ora chmod +x osbws_install.sh
$ ./osbws_install.sh $ ./osbws_install.sh Oracle Secure Backup Web Service Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-06-12 AWS credentials are valid. Oracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0/dbhome_ 1/dbs/osbws_wallet. Oracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora created. Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip. Download complete. ip-99-99-12-118.ec2.internal:(AWSD)
The following files get created after osb installation
$ ls -ltr $ORACLE_HOME/lib | grep libosbws.so -rw-r--r-- 1 oracle oinstall 93414656 Mar 28 11:21 libosbws.so $ ls -ltr $ORACLE_HOME/dbs | grep osbw drwxr-xr-x 2 oracle oinstall 124 Mar 28 11:21 osbws_wallet -rw-r--r-- 1 oracle oinstall 153 Mar 28 11:21 osbwsawsd.ora $ cat $ORACLE_HOME/dbs/osbwsawsd.ora OSB_WS_HOST=http://s3.amazonaws.com OSB_WS_WALLET='location=file:/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet CREDENTIAL_AL IAS=inkisar2_aws' ip-99-99-12-118.ec2.internal:(AWSD)
./osbws_install.sh Oracle Secure Backup Web Service Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-06-12 AWS credentials are valid. Oracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet. Oracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora created. Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip. Download complete. ip-99-99-12-118.ec2.internal:(AWSD) $ pwd /u01/app/oracle/product/19.3.0/dbhome_1/jdk/bin ip-99-99-12-118.ec2.internal:(AWSD)
ip-99-99-12-118.ec2.internal:(AWSD) $ cd /u01/app/oracle/product/19.3.0/dbhome_1/jdk/bin ip-99-99-12-118.ec2.internal:(AWSD) $ ls -ltr $ORACLE_HOME/lib | grep libosbws.so -rw-r--r-- 1 oracle oinstall 93414656 Mar 28 11:21 libosbws.so ip-99-99-12-118.ec2.internal:(AWSD) $
$ ls -ltr $ORACLE_HOME/dbs | grep osbw drwxr-xr-x 2 oracle oinstall 124 Mar 28 11:21 osbws_wallet -rw-r--r-- 1 oracle oinstall 153 Mar 28 11:21 osbwsawsd.ora ip-99-99-12-118.ec2.internal:(AWSD) $
ip-99-99-12-118.ec2.internal:(AWSD) $ cat $ORACLE_HOME/dbs/osbwsawsd.ora OSB_WS_HOST=http://s3.amazonaws.com OSB_WS_WALLET='location=file:/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet CREDENTIAL_ALIAS=inkisar2_aws' ip-99-99-12-118.ec2.internal:(AWSD) $
At this point we’re ready to backup directly to the AWS S3 cloud.
if you do not specify OSB_WS_BUCKET Oracle will automatically create an s3 bucket on your behalf.
Perform the backup by allocating the channel as SBT type, just as you would for a tape backup and provide the lib details.
Now we have every thing in place, let’s try a performing a test backup of the user tablespace.
$ rman target /
Recovery Manager: Release 19.0.0.0.0 - Production on Mon Mar 28 12:24:28 2022
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
connected to target database: AWSD (DBID=3195976811)
RMAN> run {
allocate channel dev1 type
sbt parms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0/dbhome_1/lib/libosbws.so,
SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora
)';
backup tablespace users;
release channel dev1;
}
2> 3> 4> 5> 6> 7> 8>
using target database control file instead of recovery catalog
allocated channel: dev1
channel dev1: SID=35 device type=SBT_TAPE
channel dev1: Oracle Secure Backup Web Services Library VER=19.0.0.1
Starting backup at 28-MAR-22
channel dev1: starting full datafile backup set
channel dev1: specifying datafile(s) in backup set
input datafile file number=00007 name=/u14/oradata/AWSD/users01.dbf
channel dev1: starting piece 1 at 28-MAR-22
channel dev1: finished piece 1 at 28-MAR-22
piece handle=010ph813_1_1 tag=TAG20220328T122505 comment=API Version 2.0,MMS Version 19.0.0.1
channel dev1: backup set complete, elapsed time: 00:00:37
Finished backup at 28-MAR-22
Starting Control File and SPFILE Autobackup at 28-MAR-22
piece handle=c-3195976811-20220328-00 comment=API Version 2.0,MMS Version 19.0.0.1
Finished Control File and SPFILE Autobackup at 28-MAR-22
released channel: dev1
RMAN> list backup;
List of Backup Sets
===================
BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1 Full 3.50M SBT_TAPE 00:00:26 28-MAR-22
BP Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20220328T122505
Handle: 010ph813_1_1 Media: s3.amazonaws.com/oracle-data-inkisar2-1
List of Datafiles in backup set 1
File LV Type Ckp SCN Ckp Time Abs Fuz SCN Sparse Name
---- -- ---- ---------- --------- ----------- ------ ----
7 Full 4348258 28-MAR-22 NO /u14/oradata/AWSD/users01.dbf
BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
2 Full 10.25M SBT_TAPE 00:00:02 28-MAR-22
BP Key: 2 Status: AVAILABLE Compressed: NO Tag: TAG20220328T122545
Handle: c-3195976811-20220328-00 Media: s3.amazonaws.com/oracle-data-inkisar2-1
SPFILE Included: Modification time: 28-MAR-22
SPFILE db_unique_name: AWSD
Control File Included: Ckp SCN: 4348320 Ckp time: 28-MAR-22
RMAN>
Finally let’s log back into the AWS Console to confirm our RMAN backup has arrived in our specified AWS S3 bucket.
From the above we can see our RMAN backup piece handle 010ph813_1_1
has been created in the rontestbucket S3 bucket.
Advance rman setting :
Similar to how backups using the OSB cloud module do not require encryption, they also transfer the data without SSL security by default.
However we can easily remedy this by changing the URL in the configuration/initialization file to use the “https” address:
Note : To secure the backup in the cloud encrypt the backup before taking the backup :
RMAN > set encryption on for all tablespaces algorithm ‘*******’ identified by myPassword only;
Hope it Helps!!