<\/p>\n\n\n\n
Installation<\/h2>\n\n\n\n
The installation process is straightforward, you need to get the installer from this link https:\/\/docs.oracle.com\/en\/cloud\/paas\/db-backup-cloud\/csdbb\/installing-oracle-database-cloud-backup-module-oci.html the module supports from version 11.2.0.4 (Enterprise or Standard) and for Standard you need a patch to enable the encryption option.<\/p>\n\n\n\n
Besides the installer, you will need an account from OCI with rights to write and manage objects in buckets.<\/p>\n\n\n\n
Go to OCI console and create two buckets, one to store the protected backups(bucket-imutavel in my case) and another to keep temporary metadatas files(bucket-imutavel-tmp).<\/p>\n\n\n\n
For the backup bucket, create a retention rule, you can find it in the left side of the page, this option will guarantee the backup security.<\/p>\n\n\n\n The retention time is based on the Last modified metadata of file and you can define it in days or years, my tip here is to start with a lower retention time and grow it after you feel safe about the options.<\/p>\n\n\n\n Besides the retention time, you can enable a Rule Lock, this mean if you have objects in the retention period, no one can delete the Retention Rule, this is a nice feature and I suggest to you to enable it.<\/p>\n\n\n\n <\/p>\n\n\n\n With buckets and retention rule in place we need to run the installer:<\/p>\n\n\n\n And after it, adjust the opc file with the new parameters:<\/p>\n\n\n\n Now that we have everything in place, we can configure our RMAN channel to use the library file and run a simple backup.<\/p>\n\n\n\n The opcSID.ora file store the parameters that you used to install the module:<\/p>\n\n\n\n We need to specify one type of encryption, to keep it simple, I will use a password based encryption:<\/p>\n\n\n\n I can run a backup<\/p>\n\n\n\n And confirm it in the right bucket<\/p>\n\n\n\n If I try to remove the backup I will get an error<\/p>\n\n\n\n You can configure Service connector Hub to monitor the logs from bucket and send notifications if someone try to delete files.<\/p>\n\n\n\n Monitor the data.message when it have RetentionRuleViolation value.<\/p>\n","protected":false},"excerpt":{"rendered":" Some organizations need to comply with Government regulations about backup retention and protection, in OCI we have a feature called Retention Rule in Object Storage, combine this feature with the new version of RMAN opc module and we can achieve Immutability in Oracle backups (running in cloud or on premises). In this article I will […]<\/p>\n","protected":false},"author":1,"featured_media":1216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"material-hide-sections":[],"footnotes":""},"categories":[19,45,8,6],"tags":[],"class_list":["post-1206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cli","category-database","category-oci","category-oracle"],"_links":{"self":[{"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/posts\/1206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/comments?post=1206"}],"version-history":[{"count":8,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/posts\/1206\/revisions"}],"predecessor-version":[{"id":1297,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/posts\/1206\/revisions\/1297"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/media\/1216"}],"wp:attachment":[{"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/media?parent=1206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/categories?post=1206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adrianotanaka.com.br\/index.php\/wp-json\/wp\/v2\/tags?post=1206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/adrianotanaka.com.br\/wp-content\/uploads\/2023\/07\/image-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/adrianotanaka.com.br\/wp-content\/uploads\/2023\/07\/image.png\")
[oracle@dbcs19c opc_imm]$ java -jar oci_install.jar \\\n> -host https:\/\/objectstorage.us-ashburn-1.oraclecloud.com \\\n> -pvtKeyFile \/home\/oracle\/.oci\/api_key.pem \\\n> -pubFingerPrint xxxxxxxxx\\\n> -uOCID ocid1.user.oc1..xxxxxxxx \\\n> -tOCID ocid1.tenancy.oc1..xxxxxxxxxx \\\n> -walletDir \/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/wallet_opc\/ \\\n> -libDir \/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/lib\/ \\\n> -cOCID ocid1.compartment.oc1..xxxxxxxxx \n<\/code><\/pre>\n\n\n\nOPC_CONTAINER=bucket-imutavel\nOPC_TEMP_CONTAINER=bucket-imutave-tmp<\/code><\/pre>\n\n\n\nTests<\/h2>\n\n\n\n
RMAN> CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/lib\/libopc.so,SBT_PARMS=(OPC_PFILE=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/opcorcl19.ora)';\n\nold RMAN configuration parameters:\nCONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/lib_bkp\/libopc.so,SBT_PARMS=(OPC_PFILE=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/opcorcl19.ora)';\nnew RMAN configuration parameters:\nCONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS 'SBT_LIBRARY=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/lib\/libopc.so,SBT_PARMS=(OPC_PFILE=\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/opcorcl19.ora)';\nnew RMAN configuration parameters are successfully stored\n<\/code><\/pre>\n\n\n\n[oracle@dbcs19c ~]$ cat \/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/opcorcl19.ora\nOPC_HOST=https:\/\/objectstorage.us-ashburn-1.oraclecloud.com\/n\/NAMESPACE\nOPC_WALLET='LOCATION=file:\/u01\/app\/oracle\/product\/19.0.0\/dbhome_1\/dbs\/wallet_opc CREDENTIAL_ALIAS=alias_oci'\nOPC_CONTAINER=bucket-imutavel\nOPC_TEMP_CONTAINER=bucket-imutavel-tmp<\/strong>\nOPC_COMPARTMENT_ID=ocid1.compartment.oc1..XXXXX\nOPC_AUTH_SCHEME=BMC\n<\/code><\/pre>\n\n\n\nRMAN> set encryption on identified by 'PASSWORD' only;<\/code><\/pre>\n\n\n\nRMAN> backup current controlfile;\n\nStarting backup at xxxxxxxxx\nallocated channel: ORA_SBT_TAPE_1\nchannel ORA_SBT_TAPE_1: SID=49 device type=SBT_TAPE\nchannel ORA_SBT_TAPE_1: Oracle Database Backup Service Library VER=xxxxxxx\nchannel ORA_SBT_TAPE_1: starting compressed full datafile backup set\nchannel ORA_SBT_TAPE_1: specifying datafile(s) in backup set\nincluding current control file in backup set\nchannel ORA_SBT_TAPE_1: starting piece 1 at xxxxxxx\nchannel ORA_SBT_TAPE_1: finished piece 1 at xxxxxxx\npiece handle=da0s5jds_28074_1_1 tag=TAGxxxxxxxxx comment=API Version 2.0,MMS Version xxxxxxx\nchannel ORA_SBT_TAPE_1: backup set complete, elapsed time: 00:00:03\nFinished backup at xxxx\n\nStarting Control File and SPFILE Autobackup at xxxxxxx\n\npiece handle=c-xxxxxxxxx comment=API Version 2.0,MMS Version xxxxxxx\nFinished Control File and SPFILE Autobackup at xxxxxxx\n\n\nRMAN>\n<\/code><\/pre>\n\n\n\nBS Key Type LV Size Device Type Elapsed Time Completion Time\n------- ---- -- ---------- ----------- ------------ ---------------\n27830 <\/strong>Full 3.00M SBT_TAPE 00:00:02 xxxxx \n BP Key: 27830 <\/strong>Status: AVAILABLE Compressed: YES Tag: TAGxxxxx\n Handle: c-xxxxx-xxxxx Media: objectstorag~.us-ashburn-~.oraclecloud.com\/n\/id~\/bucket-imutavel<\/strong>\n Control File Included: Ckp SCN: 106913659 Ckp time: 2xxxx\n<\/code><\/pre>\n\n\n\nRMAN> delete backuppiece 27830<\/strong>;\n\nusing target database control file instead of recovery catalog\nallocated channel: ORA_DISK_1\nchannel ORA_DISK_1: SID=69 device type=DISK\nallocated channel: ORA_SBT_TAPE_1\nchannel ORA_SBT_TAPE_1: SID=204 device type=SBT_TAPE\nchannel ORA_SBT_TAPE_1: Oracle Database Backup Service Library VER=xxxxxx\n\nList of Backup Pieces\nBP Key BS Key Pc# Cp# Status Device Type Piece Name\n------- ------- --- --- ----------- ----------- ----------\n27830 27830 1 1 AVAILABLE SBT_TAPE c-xxxxx-xxxxx\n\nDo you really want to delete the above objects (enter YES or NO)? yes\nRMAN-00571: ===========================================================\nRMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============\nRMAN-00571: ===========================================================\nRMAN-03009: failure of delete command on ORA_SBT_TAPE_1 channel at xxxxxxx 14:05:54\nORA-19509: failed to delete sequential file, handle=\"c-xxxxxxxxxxx\", parms=\"\"\nORA-27027: sbtremove2 returned error\nORA-19511: non RMAN, but media manager or vendor specific failure, error text:\n KBHS-01404: See trace file \/u01\/app\/oracle\/diag\/rdbms\/orcl19_iad224\/orcl19\/trace\/sbtio_53270_140555879019520.log for details\nKBHS-00719: Error 'RetentionRuleViolation'; The operation was blocked by a retention rule.\nKBHS-00700: HTTP response error 'Forbi<\/strong>\n<\/code><\/pre>\n\n\n\nBonus tip<\/h2>\n\n\n\n
![\"\"](\"https:\/\/adrianotanaka.com.br\/wp-content\/uploads\/2023\/07\/image-2-1024x412.png\")
<\/figure>\n\n\n\n