This topic is not applicable to Exadata DB systems. For Exadata DB systems, see Backing Up an Exadata Database.
This topic explains how to use Recovery Manager (RMAN) to manage backups of your Bare Metal or Virtual Machine DB system database to your own Object Storage. For backups managed by Oracle Cloud Infrastructure, see Backing Up to Oracle Cloud Infrastructure Object Storage.
To back up to the service you'll need to create an Object Storage bucket for the backups, generate a password for the service, install the Oracle Database Cloud Backup Module, and then configure RMAN to send backups to the service. The backup module is a system backup to tape (SBT) interface that’s tightly integrated with RMAN, so you can use familiar RMAN commands to perform backup and recovery operations.
You'll notice Swift mentioned in the Console and in the endpoint URL for the service. That's because the backup module is typically used to back up to the Oracle Database Backup Cloud Service, which is an OpenStack Swift object store.
On a 1-node DB system, you can use the database command line interface (
dbcli)to back up to Object Storage. This is an alternative to installing the backup module and using RMAN for backups. For more information, see Objectstoreswift Commands. Note that the
dbcli commands are not available for a 2-node RAC DB system.
You'll need the following:
- A DB system and a database to back up. For more information, see Managing Bare Metal and Virtual Machine DB Systems.
- The DB system's cloud network (VCN) must be configured with an internet gateway. Note that the network traffic between the DB system and Object Storage does not leave the cloud and never reaches the public internet. For more information, see Internet Gateway.
- An existing Object Storage bucket to use as the backup destination. You can use the Console or the Object Storage API to create the bucket. For more information, see Managing Buckets.
- An auth token generated by Oracle Cloud Infrastructure. You can use the Console or the IAM API to generate the password. For more information, see Working with Auth Tokens.
The user name (specified when you install and use the backup module) must have tenancy-level access to Object Storage. An easy way to do this is to add the user name to the Administrators group. However, that allows access to all of the cloud services. Instead, an administrator should create a policy like the following that limits access to only the required resources in Object Storage for backing up and restoring the database:
Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name = '<bucket_name>'
Allow group <group_name> to read buckets in compartment <compartment_name>
SSH to the DB system, log in as opc, and sudo to the oracle user.
ssh -i <SSH_key_used_when_launching_the_DB_system> opc@<DB_system_IP_address_or_hostname> login as: opc sudo su - oracle
Change to the directory that contains the backup module
Use the following command syntax to install the backup module.
java -jar opc_install.jar -opcId <user_id> -opcPass '<auth_token>' -container <bucket_name> -walletDir ~/hsbtwallet/ -libDir ~/lib/ -configfile ~/config -host https://swiftobjectstorage.<region_name>.oraclecloud.com/v1/<tenant>
The parameters are:
Parameter Description -opcId The user name for the Oracle Cloud Infrastructure user account, for example:
This is the user name you use to sign in to the Console.
The user name must be a member of the Administrators group, as described in Prerequisites.
You can also specify the user name in single quotes. This might be necessary if the name contains special characters, for example:
Make sure to use straight single quotes and not slanted apostrophes.
The auth token generated by using the Console or IAM API, in single quotes, for example:
Make sure to use straight single quotes and not slanted apostrophes.
For more information, see Managing User Credentials.
This is not the password for the Oracle Cloud Infrastructure user.
The name of an existing bucket in Object Storage to use as the backup destination, for example:
The directory where the install tool will create an Oracle Wallet containing the Oracle Cloud Infrastructure user name and auth token.
-walletDir ~/hsbtwalletcreates the wallet in the current user (oracle) home directory.
The directory where the SBT library is stored. The directory must already exist before you run the command. This parameter causes the latest SBT library to be downloaded.
-libDir ~/lib/downloads the
libopc.sofile to the current user's home directory, for example,
The name of the initialization parameter file that will be created by the install tool. This file will be referenced by your RMAN jobs.
-configfile ~/configcreates the file in the current user's home directory, for example,
The endpoint URL to which backups are to be sent:
where <tenant> is the lowercase tenant name (even if it contains uppercase characters) that you specify when signing in to the Console, for example:
Do not add a slash after the tenant name.
See Regions and Availability Domains to look up the region name.
This section describes how to configure RMAN to use the bucket as the default backup destination. The following assumes you are still logged in to the DB system.
On the DB system, set the ORACLE_HOME and ORACLE_SID environment variables using the oraenv utility.
Connect to the database using RMAN.
rman target /
Configure RMAN to use the SBT device and point to the
configfile that was created when you installed the backup module. A sample command for a version 12 database is shown here.
RMAN> CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=/home/oracle/lib/libopc.so, SBT_PARMS=(OPC_PFILE=/home/oracle/config)';
Configure RMAN to use SBT_TAPE by default. The following sample enables the controlfile and spfile autobackup to SBT_TAPE and configures encryption (recommended). There are other settings that may apply to your installation such as compression, number of backup and recovery channels to use, backup retention policy, archived log deletion policy, and more. See the Oracle Backup and Recovery documentation for your version of Oracle for more information on choosing the appropriate settings.
RMAN> CONFIGURE DEFAULT DEVICE TYPE TO SBT_TAPE; RMAN> CONFIGURE BACKUP OPTIMIZATION ON; RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON; RMAN> CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE SBT_TAPE TO '%F'; RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
Once the RMAN configuration is complete, you can use the same RMAN commands that you regularly use for tape backups.
Backing up the Database
This section provides examples of commonly used backup commands.
Set the database encryption:
RMAN> SET ENCRYPTION IDENTIFIED BY "password" ONLY;
Note that this setting is not permanent; you must set it for each new RMAN session.
Back up the database and archivelogs. Below are some example commands. See the Oracle Backup and Recovery documentation for your version of Oracle for more information about choosing a back up procedure that meets your needs. Be sure to back up regularly to minimize potential data loss and always include a copy of the spfile and controlfile. Note that the example below uses multi-section incremental backups, which is a feature introduced in 12c. When using 11g, omit the
RMAN> BACKUP INCREMENTAL LEVEL 0 SECTION SIZE 512M DATABASE PLUS ARCHIVELOG;
RMAN> BACKUP INCREMENTAL LEVEL 1 SECTION SIZE 512M DATABASE PLUS ARCHIVELOG;
RMAN> BACKUP INCREMENTAL LEVEL 1 CUMULATIVE SECTION SIZE 512M DATABASE PLUS ARCHIVELOG;
Backup archivelogs frequently to minimize potential data loss, and keep multiple backup copies as a precaution.
RMAN> BACKUP ARCHIVELOG ALL NOT BACKED UP 2 TIMES;
When the backup job completes, you can display the backup files in your bucket in the Console on the Storage page, by selecting Object Storage.