This blog post covers the steps necessary to restore backups made using the Oracle Database Cloud backup Service, onto Exadata Cloud Service in the event of DR situation.
In this post, I am going to assume that you have already configured an ExaCS environment and have a VM defined to restore the database into.
The database I am going to use for testing has the characteristics below.
DBNAME: bgrenndb
DB version: 19.19
DB_UNIQUE_NAME: BGRENNDB_HS7_IAD/
NOTE: have been creating "KEEP" backups for this database and I want to use one of them to restore from in OCI. This may not be case, you might be sending a weekly full backup, and a daily incremental backup.
Prerequisites:
There are some prerequisites that I found are important to make the restoration go smoothly
- Backup your TDE encryption wallet - It is important to make sure you have the encryption keys for your database. When using the Oracle Database backup service, ALL backup pieces are encrypted, including the backups of the spfile, and controlfile. It is critical to have the encryption wallet to restore the backups. You want to backup just the "ewallet.p12" file. I recommend you DO NOT backup the cwallet.sso file, as this is the autologin wallet. Best MSA (Maximum Security Architecture) practice is to backup the wallet stored separate from the database backups, and recreate the autologin wallet using the password. This is much more secure than backing up the autologin wallet.
- Store the backup logs in a bucket - When restoring from a database backup you need to determine the backup pieces that are needed, especially when restoring the controlfile. If you store the log files, it will make it much easier to restore the database without an RMAN catalog.
- Create a bucket for DB backups and Metadata - This is where the database backups will be stored, and I recommend adding a retention lock to the bucket. Instructions on creating the retention lock can be found here.
PRO TIP : The easiest way to upload the RMAN backup log files, and backups of the wallets is to use Pre-Authenticated URLs (PARS). These make it secure (because they can only be used to drop the backup into a bucket), and they also make it easier to deal with authentication.
Steps to restore a database from object storage.
1) Create a stub database
Because I want to use the tooling in OCI to manage my database, I am starting with a "stub" database with the same name as my backed up database, and it should be the same DB release or higher.
NOTE: When creating the stub database, you should use the same password as you are using for the original database. In my case the SYS password, and the wallet password are the same. If your wallet password is different from the SYS password, you can create the stub database with different passwords.
Stub database
DBNAME: bgrenndb
DB version: 19.22
DB_UNIQUE_NAME: BGRENNDB_S39_IAD
PRO TIP - In hindsight, I should have named the DB_UNIQUE_NAME the same as my production database to make it easier to restore.
2) Backup a copy of the stub SPFILE
In sqlplus I backed up the SPFILE to a PFILE that I will use later to ensure my parameters which are local to this VM are correct when I restore my database.
SQL> create pfile='/tmp/bgrenndb.origpfile' from spfile;
3) Shutdown the database and delete all files.
I shut down the database in srvctl since this is a RAC instance
#> srvctl stop database -d bgrenndb_s39_iad
I deleted all the files on ASM from both +DataC1 and +RecoC1 for this database
4) Download and configure the Oracle Database Backup Service
You need to download the Oracle Database backup service installation jar file. Once this is downloaded, you need to run the installation which will download the library, create a wallet file, and create the configuration file used by the library.
Instructions on how to do this are documented in my last blog post you can find here.
Pro Tip : Since the I am restoring the database to a RAC cluster it would be easier if I install the Database Service configuration to a shared locations across all nodes. In my environment, I am going to install the Backup Service configuration in "/acfs01/dbaas_acfs/bgrenndb" in a directory called opc.
Once I go through the installation, I will have the following directories
/acfs01/dbaas_acfs/bgrenndb/opc/lib --> contains libopc.so used during restore
/acfs01/dbaas_acfs/bgrenndb/opc/config --> backupconfig.ora containg the library parameters
/acfs01/dbaas_acfs/bgrenndb/opc/wallet --> contains the authentication information
5) Download and configure the TDE Wallet from my backup
The easiest way to to download the most current wallet from OCI object storage is by using a Pre-authenticated URL (PAR). I created a PAR on the object and then used curl to download my wallet file.
curl -o {name of the restored file } {PAR which is a long URL pointing to the object}
Once I download the wallet, I am going to :
- Go to the wallet directory (under WALLET_ROOT/tde and delete the original wallet files (ewallet.p12 and cwallet.sso).
- Replace the ewallet.p12 with my downloaded wallet from my source database.
Now that I have the wallet downloaded, I need to create the autologin wallet.
NOTE: it is not recommended to backup the autologin wallet, just the passworded wallet
To create the autologin wallet from the passworded wallet I execute
>mkstore -wrl {wallet_location} -createSSO
I enter the password for the wallet, and it creates the autologin wallet for me.
6) Startup the database nomount and validate wallet
Now that I have the wallet in the correct location, I created a basic pfile. I only need the following parameters. You can look at the backup of the stub spfile to get the appropriate setting for the "control_files", "db_unque_name", and proper disk groups for DATA and RECO.
*.control_files='+DATAC1/BGRENNDB_S39_IAD/CONTROLFILE/current.327.1166013711'
*.db_name='bgrenndb'
*.enable_pluggable_database=true
*.db_recovery_file_dest='+RECOC1'
*.db_recovery_file_dest_size=6538932518912
*.db_unique_name='bgrenndb_s39_iad'
*.diagnostic_dest='/u02/app/oracle'
*.pga_aggregate_target=5000m
*.processes=2048
*.sga_target=7600m
*.tde_configuration='keystore_configuration=FILE'
*.wallet_root='/var/opt/oracle/dbaas_acfs/bgrenndb/wallet_root'
NOTE: I am going to restore the spfile, so this is only temporary.
I started the database nomount with this small pfile
SQL> startup nomount pfile=bgrenndb.ora;
Once the database started, I used the first TDE query f
rom my blog to check the status of the wallet. You want to make sure the encryption wallet is OPEN before proceeding.
INST_ID PDB Name Type WRL_PARAMETER Status WALLET_TYPE KEYSTORE Backed Up
---------- ---------- ---------- -------------------------------------------------- ------------------------------ -------------------- -------- ----------
1 FILE /var/opt/oracle/dbaas_acfs/bgrenndb/wallet_root/td OPEN UNKNOWN NONE NO
e/
7) Locate the name of the SPFILE and Controlfile backup pieces
As part of my backup script, I also uploaded the log file associated with the backup. This gave me
- The DBID
- The name of the spfile backup piece associated with the backup I am going to restore
- The name of the controlfile backup piece associated with the backup I am going to restore
8) Restore the spfile and update it.
Using the backup piece name, I restored my spfile to the file system, and created a pfile copy of it so that I can make a few changes.
RMAN>
run {
allocate CHANNEL c1 TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=/acfs01/dbaas_acfs/bgrenndb/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/acfs01/dbaas_acfs/bgrenndb/opc/config/backupconfig.ora)';
set dbid=367184428;
restore spfile to '/tmp/bgrenndb.spfile' from 'BGRENNDB_KEEP_20240227_3776_1' ;
}
RMAN> 2> 3> 4> 5>
allocated channel: c1
channel c1: SID=2142 device type=SBT_TAPE
channel c1: Oracle Database Backup Service Library VER=19.0.0.1
executing command: SET DBID
Starting restore at 12-APR-24
channel c1: restoring spfile from AUTOBACKUP BGRENNDB_KEEP_20240227_3776_1
channel c1: SPFILE restore from AUTOBACKUP complete
Finished restore at 12-APR-24
released channel: c1
RMAN> create pfile='/tmp/bgrenndb.pfile' from spfile='/tmp/bgrenndb.spfile';
Statement processed
I then edited my pfile, "/tmp/bgrenndb.pfile" and made the following changes.
- I changed custer_interconnects to match the entries in the original spfile from the stub.
- I changed entries that were pointing to DATAC6 and RECOC6 to DATAC1 and RECOC1 to match the VM I am restoring to.
- I changed the REMOTE_LISTENER to match the original spfile.
- I changed the bgrenndb_hs7_iad to bgrenndb_s39_iad since that will be new db_unique_name.
I then bounced the database and started it up NOMOUNT again with the new pfile
9) Restore the controlfile
Now I am going to identify the backup location of the controlfile I want, and restore the control file
RMAN>
run {
allocate CHANNEL c1 TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=/acfs01/dbaas_acfs/bgrenndb/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/acfs01/dbaas_acfs/bgrenndb/opc/config/backupconfig.ora)';
set dbid=367184428;
restore controlfile from 'BGRENNDB_KEEP_20240227_3777_1' ;
}
4> 5>
using target database control file instead of recovery catalog
allocated channel: c1
channel c1: SID=9 instance=bgrenndb1 device type=SBT_TAPE
channel c1: Oracle Database Backup Service Library VER=19.0.0.1
executing command: SET DBID
Starting restore at 12-APR-24
channel c1: restoring control file
channel c1: restore complete, elapsed time: 00:00:04
output file name=+DATAC1/BGRENNDB_S39_IAD/CONTROLFILE/current.332.1166124375
Finished restore at 12-APR-24
released channel: c1
Once restored the controlfile, I updated the pfile to the location the controlfile was restored to.
Then I created the spfile from pfile.
SQL> create spfile from pfile='/tmp/bgrenndb.pfile';
I then shutdown the instance and started it mount and ensured the parameters were correct, and once again ensured the wallet was open.
10) Change the channel configuration in RMAN and restore
I changed the channel configuration to match the backup service settings, and restored the database using the TAG
restore database from tag=KEEP_BGRENNDB_HS7_IAD_20240227;
recover database from tag=KEEP_BGRENNDB_HS7_IAD_20240227;
11) I opened the database reset logs
RMAN> alter database open resetlogs;
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of sql statement command at 04/12/2024 19:59:12
ORA-19751: could not create the change tracking file
ORA-19750: change tracking file: '+DATAC6/BGRENNDB_HS7_IAD/CHANGETRACKING/ctf.898.1160234109'
ORA-17502: ksfdcre:4 Failed to create file +DATAC6/BGRENNDB_HS7_IAD/CHANGETRACKING/ctf.898.1160234109
ORA-15046: ASM file name '+DATAC6/BGRENNDB_HS7_IAD/CHANGETRACKING/ctf.898.1160234109' is not in single-file creation form
ORA-17503: ksfdopn:2 Failed to open file +DATAC6/BGRENNDB_HS7_IAD/CHANGETRACKING/ctf.898.1160234109
ORA-15001: diskgroup "DATAC6" does not ex
Oops, I then disabled block change tracking.
RMAN> alter database disable block change tracking;
RMAN> alter database open resetlogs;
Statement processed
PL/SQL package SYS.DBMS_BACKUP_RESTORE version 19.19.00.00 in TARGET database is not current
PL/SQL package SYS.DBMS_RCVMAN version 19.19.00.00 in TARGET database is not current
Now it was successful, and I see I have to upgrade the database.
12) Patch the database from 19.19 to 19.22
I ran through the patch upgrade process
> cd $ORACLE_HOME/OPatch
>./datapatch -verbose
Summary :
Once I patched the database, I turned on automatic backups which was successful. This was a great sign that I had everything correct and my new database ready to go !