Oracle RMAN to MinIO Backup
Good DevOps teams know the usefulness of storing business-critical backups offsite. Traditional enterprise Disaster Recovery / Business Continuity has looked like writing backups to tape and shipping them offsite. This is a very complex and costly procedure requiring dedicated hardware and engineers to follow procedures to ensure those tape backups are up-to-date and readable. While you can outsource some of these tasks, ultimately the onus is on the enterprise to ensure these backups are usable in case of a real disaster.
MinIO supports a wide range of use cases from storing external SQL tables and ElasticSearch Indices, to storing Salt and Puppet configurations and Veeam and Commvault backups. Narrowing our focus to databases, the Oracle Database’s ability to back up to MinIO has been a standard part of their cloud module for almost a decade, beginning with Oracle 9i. Backing up to MinIO is preferred over traditional tape backups because this process provides fast backups and more importantly quick restores. Gone are the days when you needed expensive tape drives in dedicated machines, as MinIO sets you free from this technology that’s past its prime, prone to failure, and limited in capacity with no possibility of scaling.
MinIO’s predictable subscription pricing makes it a compelling choice as a cloud-native backup target when compared to traditional tapes. MinIO makes it easy to predict and control workloads by offering a simple cost model based on capacity and the ability to scale as your data needs increase – while providing security, multi-region redundancy and availability, site-to-site replication and scalability with geographically distributed clusters in various regions around the globe. Use MinIO to simplify backup complexity and you will no longer be required to rotate tapes and ship them to a secure location, among other tasks. You can rest easy that data stored in MinIO is protected as MinIO encrypts objects at the storage layer by using Server-Side Encryption (SSE) to protect them as they are written to drives. MinIO does this with extreme efficiency – benchmarks show that MinIO is capable of encrypting/decrypting at close to wire speed.
One of the concerns DevOps engineers have is transferring large amounts of data over the network. Besides security, some serious bandwidth is required to transfer huge databases or such transfers can become prohibitively long. MinIO solves this issue with the ability to run anywhere object storage infrastructure is required and the ability to leverage underlying hardware fully to provide the best performance. For example, if you have 2 data centers, generally there is a 10-100 Gbps pipe between them and you can set up MinIO to make your initial backup in the site closest to your data and then conduct site-to-site replication to copy the data to the database in the second location. This way your backups happen quickly and you leave the intricacies of Disaster Recovery to MinIO.
Returning to the Oracle ecosystem, the Oracle Secure Backup (OSB) cloud module allows you to back up your Oracle Database to a MinIO bucket. It leverages RMAN’s encryption to ensure the security of the database backup. When you store backups on MinIO running in your datacenter, on your machines, there are fewer security concerns than in public clouds where the underlying hardware is shared across multiple organizations. When used in a shared environment, MinIO relies on IAM/PBAC to prevent unauthorized data access and provides a comforting added layer of security in encryption when the data is in transit and at rest.
How to Migrate
Let’s take a look at how we can set up MinIO and OSB Cloud Module to start making the backups.
We’ll bring up a MinIO node with 4 disks. MinIO runs anywhere - physical, virtual or containers - and in this overview, we will use containers created using Docker.
For the 4 disks, create directories on the host for minio
:
Launch the Docker container with the following specifications for the MinIO node:
The above will launch a MinIO service in Docker with the console port listening on 20091
on the host. It will also mount the local directories we created as volumes in the container and this is where MinIO will store its data. You can access your MinIO service via http://localhost:20091
.
If you see 4 Online
that means you’ve successfully set up the MinIO node with 4 drives.
Go to the browser to load the MinIO console using http://localhost:20091
, log in using minioadmin
and minioadmin
for username and password respectively. Click on the Create Bucket
button and create testbucket123
.
Once you have MinIO set up, register for an Oracle.com Oracle Technology Network (OTN) Account; this is required to install the Oracle Secure Backup Cloud module. Next, let’s download the Oracle Secure Backup Cloud module install tool from OTN's Cloud web page and run it to install and configure Cloud backups. Once you untar the file there are a couple of readme files and a file named osbws_install.jar
which we’ll use below to install.
$java -jar osbws_install.jar -awsEndpoint <minio_endpoint> -AWSID <AWS ID> -AWSKey <AWS Secret Key> -
otnUser <OTN User ID> -otnPass <OTN Password> -walletDir <Wallet
Directory> -configFile <Cloud Backup Configuration File Name> -libDir
<Location to store Cloud Backup Module/Library> -proxyHost wwwproxy.yourcompany.com –proxyPort <your proxy port>
Oracle Secure Backup Database Web-Service Install Tool
OTN userid is valid.
AWS credentials are valid.
Creating new registration for this S3 user.
Created new log bucket.
Registration ID: 0f0a8aac-dad0-6254-7d70-be4ac4f112c4
S3 Logging Bucket: oracle-log-jane-doe-1
Create credential oracle.security.client.connect_string1
OSB web-services wallet created in directory /orclhome/dbs/osbws_wallet.
OSB web-services initialization file /orclhome/dbs/osbwst1.ora created.
Downloading OSB Web Services Software Library.
Downloaded 13165919 bytes in 204 seconds.
Transfer rate was 64538 bytes/second.
Download complete.
Extracted file /orclhome/lib/libosbws.so
Once you have the module installed, let's configure RMAN to use the configuration we set up so every time a backup runs it will use the MinIO bucket as a target.
RMAN> configure channel device type sbt parms
'SBT_LIBRARY=/orclhome/lib/libosbws.so
ENV=(OSB_WS_PFILE=/orclhome/dbs/osbwst1.ora)';
using target database control file instead of recovery catalog
new RMAN configuration parameters:
CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS
'SBT_LIBRARY=/orclhome/lib/libosbws.so
ENV=(OSB_WS_PFILE=/orclhome/dbs/osbwst1.ora)';
new RMAN configuration parameters are successfully stored
Once you have RMAN configured to use the MinO bucket, perform a test backup to ensure everything is working as expected.
RMAN> backup device type sbt current controlfile;
All Cloud backup operations will be cataloged by RMAN in the same manner as tape backups. This ensures a single pane of glass to view your backups, which is especially helpful during the restore/recovery process. When a restore/recovery operation is initiated, RMAN and Oracle
Secure Backup Cloud module will automatically restore the required data from the MinIO bucket without requiring any special user intervention.
Final Thoughts
We strongly recommend encrypting the backup to ensure the data is secure not only during rest but also in transit. Keep in mind that while MinIO can handle the rapid intake of a tremendous amount of data, the bottleneck will likely be the RMAN process itself, which could take several hours to do a single backup because everything is in a single stream. In order to take full advantage of MinIO’s infrastructure and capabilities, we recommend you split the backup into multiple chunks and increase the parallelism beyond the number of datafiles available using something like the command below
BACKUP DEVICE TYPE SBT DATABASE SECTION SIZE 1g;
For more information on increasing parallelism, please see Using Oracle Database Backup Cloud Service. What are you waiting for? Go ahead and try configuring, creating and restoring a backup with MinIO bucket and let us know how it goes! If you have any questions be sure to reach out to us on Slack!