rman backup on s3?

Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
  • User AvatarKiran Dalvi
  • 29 Mar, 2022
  • 0 Comments
  • 6 Mins Read

rman backup on s3?

BACKUP ORACLE DATABASES TO AWS S3

There are different options for backing up Oracle databases to Cloud, but using Oracle Secure Backup module to take backups into AWS S3 is one of the most efficient methods in terms of costs and backup/restore performance.

Oracle Secure Backup module must be installed into database Oracle Home. Using installed libraries you can then take backups via RMAN into AWS S3 the same way you backup to sbt_tape.

1- An AWS account and an IAM user with access to S3:

For setting up backups to AWS you will require an AWS account and an IAM user with full access to AWS S3. During setup Access Keys and Secret Access Key of this IAM user will be used. There is no need to have access to AWS Console.

You can use AWS Free tire for test purposes.


At step 2, create a group and attach the AmazonS3FullAccess policy.

 

Download the .csv user credential file on your laptop which keeps record of AWSID and secret security key 

2- Oracle Secure Backup module for AWS:

You can download Oracle Secure Backup module for AWS from here

 

https://www.oracle.com/database/technologies/secure-backup-s3.html

3- OTN account:

During installation you need to provide an OTN account or oracle free account

 

4- Java 1.7 or higher:

Java 1.7 or higher must be installed on your server before you can proceed.which is already present under  $ORACLE_HOME/jdk/bin/java

Installation:

1- Create Oracle Wallet Directory:

If Oracle Wallet directory does not exist, create one. This folder will be used to store AWS Access Keys and Secret Access Key.

Create this directory in $ORACLE_HOME/dbs/:

$ cd $ORACLE_HOME/dbs
ip-99-99-12-118.ec2.internal:(AWSD)
$ pwd
/u01/app/oracle/product/19.3.0/dbhome_1/dbs
ip-99-99-12-118.ec2.internal:(AWSD)
$ mkdir osbws_wallet
ip-99-99-12-118.ec2.internal:(AWSD)
$ ls -ld  osbws_wallet
drwxr-xr-x 2 oracle oinstall 6 Mar 26 10:52 osbws_wallet
ip-99-99-12-118.ec2.internal:(AWSD)
$

2- Download osbws_installer.zip from the link provided below and put in your installation folder, in this example $ORACLE_HOME/dbs/osbws_wallet , 

 

https://www.oracle.com/database/technologies/secure-backup-s3.html

and you will have two files as shown below:

3- Install OSB Cloud Module for Amazon S3 into your Oracle Home:

You need to have AWS account SID and KEY , along with that you need to have OTN username and password this can also be your free oracle account and password .

Create a script that will invoke the OSB Cloud Module for Amazon S3 installer and provide all the inputs

p-99-99-12-118.ec2.internal:(AWSD)
$ cat osbws_install.sh
 $ORACLE_HOME/jdk/bin/java -jar osbws_install.jar \
 -AWSID ********************************************** \
 -AWSKey ******************************************* \
 -otnUser *******************@gmail.com \
 -otnPass *********************** \
 -walletDir $ORACLE_HOME/dbs/osbws_wallet \
 -libDir $ORACLE_HOME/lib \
 -configFile $ORACLE_HOME/dbs/osbwsawsd.ora

 chmod +x osbws_install.sh

$ ./osbws_install.sh

$  ./osbws_install.sh
Oracle Secure Backup Web Service Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-06-12
AWS credentials are valid.
Oracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0/dbhome_ 1/dbs/osbws_wallet.
Oracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora created.
Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip.
Download complete.
ip-99-99-12-118.ec2.internal:(AWSD)

The following files get created after osb installation

$ ls -ltr $ORACLE_HOME/lib | grep libosbws.so
-rw-r--r-- 1 oracle oinstall  93414656 Mar 28 11:21 libosbws.so

$ ls -ltr $ORACLE_HOME/dbs | grep osbw
drwxr-xr-x 2 oracle oinstall  124 Mar 28 11:21 osbws_wallet
-rw-r--r-- 1 oracle oinstall  153 Mar 28 11:21 osbwsawsd.ora

$ cat  $ORACLE_HOME/dbs/osbwsawsd.ora
OSB_WS_HOST=http://s3.amazonaws.com
OSB_WS_WALLET='location=file:/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet CREDENTIAL_AL            IAS=inkisar2_aws'
ip-99-99-12-118.ec2.internal:(AWSD)

./osbws_install.sh
Oracle Secure Backup Web Service Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-06-12
AWS credentials are valid.
Oracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet.
Oracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora created.
Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip.
Download complete.
ip-99-99-12-118.ec2.internal:(AWSD)
$ pwd
/u01/app/oracle/product/19.3.0/dbhome_1/jdk/bin
ip-99-99-12-118.ec2.internal:(AWSD)

ip-99-99-12-118.ec2.internal:(AWSD)
$ cd /u01/app/oracle/product/19.3.0/dbhome_1/jdk/bin
ip-99-99-12-118.ec2.internal:(AWSD)
$ ls -ltr $ORACLE_HOME/lib | grep libosbws.so
-rw-r--r-- 1 oracle oinstall  93414656 Mar 28 11:21 libosbws.so
ip-99-99-12-118.ec2.internal:(AWSD)
$

$ ls -ltr $ORACLE_HOME/dbs | grep osbw
drwxr-xr-x 2 oracle oinstall  124 Mar 28 11:21 osbws_wallet
-rw-r--r-- 1 oracle oinstall  153 Mar 28 11:21 osbwsawsd.ora
ip-99-99-12-118.ec2.internal:(AWSD)
$

ip-99-99-12-118.ec2.internal:(AWSD)
$ cat  $ORACLE_HOME/dbs/osbwsawsd.ora
OSB_WS_HOST=http://s3.amazonaws.com
OSB_WS_WALLET='location=file:/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbws_wallet CREDENTIAL_ALIAS=inkisar2_aws'
ip-99-99-12-118.ec2.internal:(AWSD)
$

At this point we’re ready to backup directly to the AWS S3 cloud.

if you do not specify OSB_WS_BUCKET Oracle will automatically create an s3 bucket on your behalf.

Perform the backup by allocating the channel as SBT type, just as you would for a tape backup and provide the lib details.

 

Now we have every thing in place, let’s try a performing a test backup of the user tablespace.

$ rman target /

Recovery Manager: Release 19.0.0.0.0 - Production on Mon Mar 28 12:24:28 2022
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle and/or its affiliates.  All rights reserved.

connected to target database: AWSD (DBID=3195976811)

RMAN> run {
allocate channel dev1 type
sbt parms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0/dbhome_1/lib/libosbws.so,
SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0/dbhome_1/dbs/osbwsawsd.ora
)';
backup tablespace users;
release channel dev1;
}
2> 3> 4> 5> 6> 7> 8>
using target database control file instead of recovery catalog
allocated channel: dev1
channel dev1: SID=35 device type=SBT_TAPE
channel dev1: Oracle Secure Backup Web Services Library VER=19.0.0.1

Starting backup at 28-MAR-22
channel dev1: starting full datafile backup set
channel dev1: specifying datafile(s) in backup set
input datafile file number=00007 name=/u14/oradata/AWSD/users01.dbf
channel dev1: starting piece 1 at 28-MAR-22
channel dev1: finished piece 1 at 28-MAR-22
piece handle=010ph813_1_1 tag=TAG20220328T122505 comment=API Version 2.0,MMS Version 19.0.0.1
channel dev1: backup set complete, elapsed time: 00:00:37
Finished backup at 28-MAR-22

Starting Control File and SPFILE Autobackup at 28-MAR-22
piece handle=c-3195976811-20220328-00 comment=API Version 2.0,MMS Version 19.0.0.1
Finished Control File and SPFILE Autobackup at 28-MAR-22

released channel: dev1

RMAN> list backup;


List of Backup Sets
===================


BS Key  Type LV Size       Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1       Full    3.50M      SBT_TAPE    00:00:26     28-MAR-22
        BP Key: 1   Status: AVAILABLE  Compressed: NO  Tag: TAG20220328T122505
        Handle: 010ph813_1_1   Media: s3.amazonaws.com/oracle-data-inkisar2-1
  List of Datafiles in backup set 1
  File LV Type Ckp SCN    Ckp Time  Abs Fuz SCN Sparse Name
  ---- -- ---- ---------- --------- ----------- ------ ----
  7       Full 4348258    28-MAR-22              NO    /u14/oradata/AWSD/users01.dbf

BS Key  Type LV Size       Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
2       Full    10.25M     SBT_TAPE    00:00:02     28-MAR-22
        BP Key: 2   Status: AVAILABLE  Compressed: NO  Tag: TAG20220328T122545
        Handle: c-3195976811-20220328-00   Media: s3.amazonaws.com/oracle-data-inkisar2-1
  SPFILE Included: Modification time: 28-MAR-22
  SPFILE db_unique_name: AWSD
  Control File Included: Ckp SCN: 4348320      Ckp time: 28-MAR-22

RMAN>

Finally let’s log back into the AWS Console to confirm our RMAN backup has arrived in our specified AWS S3 bucket.

From the above we can see our RMAN backup piece handle  010ph813_1_1 

  has been created in the rontestbucket S3 bucket.

Advance rman setting :

Similar to how backups using the OSB cloud module do not require encryption, they also transfer the data without SSL security by default.

However we can easily remedy this by changing the URL in the configuration/initialization file to use the “https” address:

 

Note : To secure the backup in the cloud encrypt the backup before taking the backup :

RMAN > set encryption on for all tablespaces algorithm ‘*******’ identified by myPassword only;

 

Hope it Helps!!