Background
Historically most of the conversations I have regarding Oracle Recovery Manager (RMAN) have been around the use of NFS storage, and Oracle Direct NFS (dNFS).
However, more recently with the explosion in the use of Amazon S3 object storage, the topic of RMAN and S3 gets frequently raised.
In Part 1 of this series I shared how we can use Amazon AWS S3 Cloud Object Storage for backups, in Part 3 will look at OCI.
In this post I will show how we can use a Pure Storage FlashBlade Object Store to deliver an on-premises S3 backup destination.
Obtain Oracle Secure Backup
Before we can start using an FlashBlade S3 Object Store for Oracle RMAN (Recovery Manager) backups we need to get the Oracle Secure Backup (OSB) installer (osbws_installer.jar).
The osbws_installer.zip is now shipped with Oracle 19c and can be found within the $ORACLE_HOME/lib directory.
$ ls -l $ORACLE_HOME/lib/osbws_installer.zip -rw-r--r--. 1 oracle oinstall 966004 Apr 17 2019 /u01/app/oracle/product/19.0.0/dbhome_1/lib/osbws_installer.zip
Alternatively you can find the Oracle 12.2 OSB Web Services Module for Amazon S3 here.

Create Object Store Account
Logon to the Pure Storage FlashBlade and navigate to Storage -> Object Store
In the Account panel Click on the + and enter Name

Select Account name, and Create User, for example

Select the required permissions for the new user and click on the Add button.

After the access policies are added, Add Access Key to the user, select Create a new key

Save Access Key ID and Secret Access Key when prompted as these will be required by OSB.
Create Object Store S3 Bucket
From the Object Store Account, navigate to the Bucket area and click Create Bucket, for example:


List Object Store Buckets
Install and configure AWS CLI to test access if not already available, remember to add the FlashBlade credentials to ~/.aws/credentials
The AWS CLI provides a rich set of options which you read-up on here, we can list use the AWS to show our newly created bucket with the aws s3api list-buckets command.
$ aws s3api list-buckets --query "Buckets[].Name" --endpoint-url http://10.225.112.70 --profile default ------------------------ | ListBuckets | +----------------------+ | bigdata | | kubernetes | | oracle-bucket | +----------------------+
Prepare Oracle Environment
You will need to create an Oracle wallet in your Oracle Home is you don’t already have one, for example:
$ cd $ORACLE_HOME/dbs $ mkdir osbws_wallet
Note: for RAC repeat on all nodes.
The Oracle Secure Cloud Backup Module requires a Java version of 1.7 or higher, you can check this with java -version e.g.
$ java -version openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
Unzip the Oracle 19c osbws_installer.zip or the file previously downloaded.
Please note the installer needs internet access.
The installer will download the library appropriate to the platform it is running on. It will also create the library configuration file and the Oracle Wallet where the S3 credentials are stored.
Let’s run the installer without any options to find a list of command line parameters, I have highlighted the parameters we will be using.
$ java -jar osbws_install.jar Oracle Secure Backup Web Service Install Tool, build 19.3.0.0.0DBRU_2019-04-17 No arguments supplied Usage: java -jar osbws_install.jar -AWSID: AWS Access Key ID -AWSKey: AWS Secret Access Key -IAMRole: AWS IAM role name -IAMRoleMetaUri: Metadata URI for the specified IAM role -awsEndPoint: non default host name -awsPort: non default HTTP/HTTPS port -location: Location to store backups -useHttps: setup HTTPS -useSigV2: setup authentication scheme -walletDir: Directory to store wallet -trustedCerts: SSL certificates to be imported -import-all-trustcerts: Import all certificates from Java truststore -configFile: File name of config file -libDir: Directory to store library -libPlatform: Platform of library to download -lib-download-only: Download library only -proxyHost: HTTP proxy host -proxyPort: HTTP proxy port -proxyID: HTTP proxy userid, if needed -proxyPass: HTTP proxy password, if needed -argFile: File name of arguments file -help: Print this usage information and exit
Oracle OSB Installer
The osbws_install Java utility will try to perform the following:
- Install an osbws library file into ‘-libDir’ location e.g. ‘$ORACLE_HOME/lib’
- Create a configuration file in ‘$ORACLE_HOME/dbs’
- Create a wallet file in the ‘-walletDir’ location e.g. ‘$ORACLE_HOME/dbs/osbs_wallet’
Below is the example the script I used for my FlashBlade.
#!/bin/bash
export AWSID=<AWS ID>
export AWSKey=<AWS Secret Key>
export awsEndpoint=<FB IP address>
export location=on-prem
java -jar osbws_install.jar \
-AWSID ${AWSID} \
-AWSKey ${AWSKey} \
-walletDir ${ORACLE_HOME}/dbs/osbws_wallet \
-libDir ${ORACLE_HOME}/lib \
-awsEndPoint ${awsEndPoint} \
-location ${location} \
-no-import-certificate \
-debug
Check you are using the correct Oracle SID and then install, for example
$ ./osbws_install.sh Install OSB Library Oracle Secure Backup Web Service Install Tool, build 19.3.0.0.0DBRU_2019-04-17 Debug: os.name = Linux Debug: os.arch = amd64 Debug: os.version = 4.14.35-1902.3.1.el7uek.x86_64 Debug: file.separator = / Debug: Platform = PLATFORM_LINUX64 Debug: Verifying AWS account using endpoint 10.225.112.70 Debug: Canoical Request: GET / host:10.225.112.70 x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20211102T121344Z host;x-amz-content-sha256;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Debug: String to sign: AWS4-HMAC-SHA256 20211102T121344Z 20211102/on-prem/s3/aws4_request 4a3f821656f5b9e129fe7f834bcf6c703078dbf36989623a4b7705a39b50dc21 Debug: AWS Success, owner=DefaultDisplayName, id=DefaultID AWS credentials are valid. Oracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.0.0/dbhome_1/dbs/osbws_wallet. Oracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.0.0/dbhome_1/dbs/osbwsDEMO.ora created. Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip. Debug: Temp zip file = /tmp/osbws_linux642753652670299358730.zip Debug: Downloaded 27721116 bytes in 96 seconds. Debug: Transfer rate was 288761 bytes/second. Download complete. Debug: Delete RC = true
OSB Database file
From the above we can see a osbw<ORACLE_SID>.ora has been created in ${ORACLE_HOME}/dbs.
Before we perform a backup, open up the osbw<ORACLE_SID>.ora file and add an entry for OSB_WS_BUCKET providing the bucket name previously created.
$ cat /u01/app/oracle/product/19.0.0/dbhome_1/dbs/osbwsDEMO1.ora OSB_WS_HOST=http://10.225.112.70 OSB_WS_BUCKET=oracle-bucket OSB_WS_LOCATION=on-prem OSB_WS_VIRTUAL_HOST=FALSE OSB_WS_WALLET='location=file:/u01/app/oracle/product/19.0.0/dbhome_1/dbs/osbws_wallet CREDENTIAL_ALIAS=defaultd_aws'
OSB_WS_LOCATION should be set to the keyword on-prem.
OSB_WS_HOST should be set to the S3 Data VIP, not the management address.
OSB supports a number of other parameters and a few undocumented, non-supported underscore parameters which may be useful for debugging purposes e.g. _OBS_WS_TRACE_LEVEL
Set this to 100 to enable tracing and 0 to disable e.g. _OSB_WS_TRACE_LEVEL=100
If used the trace information can be found in sbtio.log file in $ORACLE_BASE/diag/rdbms/../../trace/
Oracle RMAN Backup to Object Store
Now we have every thing in place, let’s try a performing database backup.
Below is my example backup script for my 2 node RAC database, reduce / increase the parallelism as required.
#!/bin/bash
export ORACLE_SID=DEMO
#
rman target=/ catalog=rman/rman@RCAT<<EOF
CONFIGURE DEVICE TYPE 'SBT_TAPE' PARALLELISM 64 BACKUP TYPE TO BACKUPSET;
CONFIGURE CHANNEL DEVICE TYPE SBT parms='SBT_LIBRARY=/u01/app/oracle/product/19.0.0/dbhome_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.0.0/dbhome_1/dbs/osbwsDEMOL.ora)' CONNECT 'sys/<password>@DEMO';
CONFIGURE DEFAULT DEVICE TYPE TO SBT;
CONFIGURE COMPRESSION ALGORITHM clear;
SHOW ALL;
RUN
{
BACKUP DATABASE SECTION SIZE = 4G PLUS ARCHIVELOG DELETE INPUT TAG 'FlashBlade_S3';
}
EXIT
EOF
Object Store objects
We can use the s3api to list all objects in a bucket, for example.
$ aws s3api list-objects --bucket oracle-bucket --endpoint-url http://10.225.112.70
However, there could be many, many files, so we could try limiting using –max-items for example.
$ aws s3api list-objects --bucket oracle-bucket --endpoint-url http://10.225.112.70 --max-items 2 ---------------------------------------------------------------------------------------------------------------------- | ListObjects | +------------------+-------------------------------------------------------------------------------------------------+ | NextToken | eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAyfQ== | +------------------+-------------------------------------------------------------------------------------------------+ || Contents || |+---------------+--------------------------------------------------------------------------------------------------+| || ETag | 1b2ea9d852b4fd101412f3103a8399da-41 || || Key | file_chunk/3784643325/DEMO/backuppiece/2021-11-02/000d5uvh_22528_1_1/gxp5NdM8Zxg1/0000000001 || || LastModified | 2021-11-02T14:47:01.000Z || || Size | 4288937984 || || StorageClass | STANDARD || |+---------------+--------------------------------------------------------------------------------------------------+| ||| Owner ||| ||+--------------------------------------------+-------------------------------------------------------------------+|| ||| DisplayName | DefaultDisplayName ||| ||| ID | DefaultID ||| ||+--------------------------------------------+-------------------------------------------------------------------+|| || Contents || |+--------------+---------------------------------------------------------------------------------------------------+| || ETag | f28974156304683c2e126c72d9a4688a || || Key | file_chunk/3784643325/DEMO/backuppiece/2021-11-02/000d5uvh_22528_1_1/gxp5NdM8Zxg1/metadata.xml || || LastModified| 2021-11-02T14:47:01.000Z || || Size | 1799 || || StorageClass| STANDARD || |+--------------+---------------------------------------------------------------------------------------------------+| ||| Owner ||| ||+--------------------------------------------+-------------------------------------------------------------------+|| ||| DisplayName | DefaultDisplayName ||| ||| ID | DefaultID ||| ||+--------------------------------------------+-------------------------------------------------------------------+||
We can use s3api to also check the number of objects:
$ aws s3api list-objects --bucket oracle-bucket --endpoint-url http://10.225.112.70 --query "[length(Contents[])]" ------------- |ListObjects| +-----------+ | 4920 | +-----------+
And to get size and object count:
$ aws s3api list-objects --bucket oracle-bucket --endpoint-url http://10.225.112.70 --output json --query "[sum(Contents[].Size), length(Contents[])]" | awk 'NR!=2 {print $0;next} NR==2 {print $0/1024/1024/1024" GB"}' [ 2822.37 GB 4920 ]
We can confirm size, object count and data reduction achieved by logging onto the FlashBlade UI and navigating to Storage -> Object Store -> Accounts -> Buckets.

Appendix: OSB Parameters
Below I have listed the supported and undocumented Oracle 19c OSB parameters for troubleshooting / educational purposes.
$ strings $ORACLE_HOME/lib/libosbws.so | grep '^_OSB_' $ strings $ORACLE_HOME/lib/libosbws.so | grep '^OSB_'
Documented / Supported | Undocumented / Unsupported |
---|---|
OSB_WS_PFILE | _OSB_WS_ALLOCBUF_DISABLE |
OSB_WS_HOST | _OSB_WS_AUTH_SCHEME |
OSB_WS_PROXY | _OSB_WS_SEND_BUF_SIZE |
OSB_WS_BUCKET | _OSB_WS_RECV_BUF_SIZE |
OSB_WS_LOCATION | _OSB_WS_SDU_SIZE |
OSB_WS_CHUNK_SIZE | _OSB_WS_TDU_SIZE |
OSB_WS_LICENSE_ID | _OSB_WS_REUSE_CONNECTION |
OSB_WS_LICENSE_MAX_SESSIONS | _OSB_WS_SESSION_RETENTION_TIME |
OSB_WS_WALLET | _OSB_WS_CHECKER_RETENTION_TIME |
OSB_WS_VIRTUAL_HOST | _OSB_WS_PURGE_LIMIT |
OSB_WS_IAM_ROLE | _OSB_WS_CLEANER |
OSB_WS_IAM_ROLE_META_URI | _OSB_WS_CLEANER_RETENTION_TIME |
OSB_WS_CREDENTIAL_OBJECT | _OSB_WS_RUN_CLEANER |
_OSB_WS_CONNECT_TIMEOUT | |
_OSB_WS_RESPONSE_TIMEOUT | |
_OSB_WS_SEND_TIMEOUT | |
_OSB_WS_RETRY_WAIT_TIME | |
_OSB_WS_UPLOAD_DELAY | |
_OSB_WS_EVENT | |
_OSB_WS_TRACE_LEVEL | |
_OSB_WS_100_CONTINUE | |
_OSB_WS_DEFERRED_DELETE | |
_OSB_WS_FOLLOW_REDIRECT | |
_OSB_WS_BUFFER_WRITE | |
_OSB_WS_BUFFER_READ | |
_OSB_WS_USE_IPV6 | |
_OSB_WS_NO_SSL | |
_OSB_WS_VALIDATE_CERT | |
_OSB_WS_UNLOAD_DLL | |
_OSB_WS_NO_PROXY | |
_OSB_WS_USE_BULK_DELETE | |
_OSB_WS_CHUNK_PARTS |
Summary
In Part 1 I have shown how we can use RMAN and Oracle Secure Backup (OSB) to backup an on-premises database to an AWS S3 Object Store.
In Part 2 I have shown how we can do the same but this time to an on-premises Pure Storage FlashBlade S3 Object Storage.
In Part 3 I will show how can use RMAN to backup to a Oracle Cloud Infrastructure (OCI) Object Storage.
[twitter-follow screen_name=’RonEkins’ show_count=’yes’]