Prepare for the backup

Before you back up data, you need to perform some preparatory tasks, such as configuring the backup destination and the backup key.

Configure the backup destination

When you configure the backup destination, the sys tenant, which is a cluster management tenant and does not contain user data, is not supported for backup and restore. Therefore, you do not need to configure the DATA_BACKUP_DEST parameter for the sys tenant.

Considerations

Procedure

1. Log in to the database as the tenant administrator of the sys tenant or a user tenant.

   Note

   In MySQL mode, the administrator user is root. In Oracle mode, the administrator user is SYS.

2. Configure the destination for backups.

   • Configure the destination for backups of a specified tenant in the sys tenant

     ALTER SYSTEM SET DATA_BACKUP_DEST= 'data_backup_path' TENANT = mysql_tenant;
     

   • Configure the destination for backups of the current tenant as the current tenant

     The sample statement is as follows:

     ALTER SYSTEM SET DATA_BACKUP_DEST= 'data_backup_path';
     

   Notice

   After upgrading from OceanBase Database V4.0.x to V4.1.0, you need to change the backup path. After upgrading from OceanBase Database V4.1.x to V4.2.0, you do not need to change the backup path.

   At present, OceanBase Database supports NFS, Alibaba Cloud OSS, Tencent Cloud COS, AWS S3, and object storage services compatible with the S3 protocol, such as Huawei Cloud OBS and Google Cloud GCS. Some basic requirements may need to be met before you can use certain backup media. For more information, see the Backup media requirements section in Overview of physical backup and restore.

   For more information about how to configure the destination for backups, see the following examples.

   Alibaba Cloud OSS

   NFS

   Tencent Cloud COS

   AWS S3

   Object storage services compatible with the S3 protocol

   When you use OSS as the destination for backups, you can also use the delete_mode parameter to specify the cleanup mode for backup files. The delete_mode parameter supports the delete mode and the tagging mode. If you do not specify the delete_mode parameter, the delete mode will be used by default. For more information about the delete_mode parameter, see View parameters for data backup.

   Notice

   When you use an object storage service as the backup media, separate the parameters in the backup path with &. Make sure that the parameters contain only uppercase and lowercase English letters, numbers, /-_$+=, and wildcard characters. If the parameters contain other characters, the setting may fail.

   • Use OSS as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant and specifies the cleanup mode for backup files.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='oss://oceanbase-test-bucket/backup/data?host=***.aliyun-inc.com&access_id=***&access_key=***&delete_mode=delete' TENANT = mysql_tenant;
     

   • Use OSS as the backup media. The user tenant configures the destination for backups of the current tenant and specifies the cleanup mode for backup files.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='oss://oceanbase-test-bucket/backup/data?host=***.aliyun-inc.com&access_id=***&access_key=***&delete_mode=delete';
     

   In the following example, oss:// indicates that Alibaba Cloud OSS is used as the backup media. The bucket name is oceanbase-test-bucket, and the path within the bucket is /backup/data. The parameters in the path are separated with ?. host is used to set the host address of the bucket, which is the endpoint address (excluding the bucket name). access_id and access_key are used to set the access key of OSS. The cleanup mode is set to delete.

   After you set the delete mode or the tagging mode, for more information about how to automatically clear expired backup data, see Automatic cleanup of backup data.

   Notice

   When you use NFS as the backup media, note that:

   • The value of the data_backup_dest parameter must not contain a question mark (?).
   • The value of the data_backup_dest parameter must be an absolute path. The OBServer node must have write permissions for data_backup_dest.
   • All OBServer nodes must mount the same NFS server. To ensure smooth backup, it is recommended to use the parameters specified in this topic to mount NFS. For more information, see Deploy an NFS client.

   • Use NFS as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST= 'file:///data/nfs/backup/data' TENANT = mysql_tenant;
     

   • Use NFS as the backup media. The user tenant configures the destination for backups of the current tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='file:///data/nfs/backup/data';
     

   In the following example, file:// indicates that NFS is used as the backup media. The backup path is file:///data/nfs/backup/data.

   COS supports the delete_mode parameter to specify the cleanup mode for backup files. The configuration of the delete_mode parameter is the same as that for Alibaba Cloud OSS.

   Notice

   When you use an object storage service as the backup media, separate the parameters in the backup path with &. Make sure that the parameters contain only uppercase and lowercase English letters, numbers, /-_$+=, and wildcard characters. If the parameters contain other characters, the setting may fail.

   • Use COS as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='cos://oceanbase-test-appid/backup/data?host=cos.ap-****.myqcloud.com&access_id=***&access_key=***&appid=***' TENANT = mysql_tenant;
     

   • Use COS as the backup media. The user tenant configures the destination for backups of the current tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='cos://oceanbase-test-appid/backup/data?host=cos.ap-****.myqcloud.com&access_id=***&access_key=***&appid=***';
     

   In the following example, cos:// indicates that Tencent Cloud COS is used as the backup media. The bucket name is oceanbase-test-appid, and the path within the bucket is /backup/data. The parameters in the path are separated with ?. host is used to set the host address of COS, which is the endpoint address (excluding the bucket name). access_id and access_key are used to set the access key of COS. The optional parameter appid is used to set the APPID of the Tencent cloud account. The cleanup mode is set to delete.

   AWS S3 supports the delete_mode parameter to specify the cleanup mode for backup files. The configuration of the delete_mode parameter is the same as that for Alibaba Cloud OSS and Tencent Cloud COS.

   Notice

   When you use an object storage service as the backup media, separate the parameters in the backup path with &. Make sure that the parameters contain only uppercase and lowercase English letters, numbers, /-_$+=, and wildcard characters. If the parameters contain other characters, the setting may fail.

   • Use S3 as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant and specifies the delete mode as the cleanup mode.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=s3.<region>.amazonaws.com&access_id=***&access_key=***&s3_region=***&delete_mode=delete' TENANT = mysql_tenant;
     

   • Use S3 as the backup media. The user tenant configures the destination for backups of the current tenant and specifies the delete mode as the cleanup mode.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=s3.<region>.amazonaws.com&access_id=***&access_key=***&s3_region=***&delete_mode=delete';
     

   In the following example, s3:// indicates that AWS S3 is used as the backup media. The bucket name is oceanbase-test-bucket, and the path within the bucket is /backup/data. The parameters in the path are separated with ?. host is used to set the domain name of the Amazon S3 service. access_id and access_key are used to set the access key of AWS. The optional parameter s3_region is used to specify the region where the S3 bucket is located. The cleanup mode is set to delete.

   Most object storage services are compatible with the S3 protocol. You can use these object storage services as the backup media for OceanBase Database after they meet the requirements for OceanBase Database. You can access compatible object storage services in the same way as you access S3, for example, OBS and GCS.

   Notice

   When you use an object storage service as the backup media, separate the parameters in the backup path with &. Make sure that the parameters contain only uppercase and lowercase English letters, numbers, /-_$+=, and wildcard characters. If the parameters contain other characters, the setting may fail.

   The following example shows how to configure an object storage service compatible with the S3 protocol as the destination for backups:

   • Use OBS as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=obs.****.myhuaweicloud.com&access_id=****&access_key=****' TENANT = mysql_tenant;
     

   • Use OBS as the backup media. The user tenant configures the destination for backups of the current tenant and specifies the cleanup mode.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=obs.****.myhuaweicloud.com&access_id=****&access_key=****';
     

   In the preceding example, s3:// indicates that an object storage service compatible with the S3 protocol is used as the backup media. The bucket name is oceanbase-test-bucket, and the path within the bucket is /backup/data. The parameters in the path are separated with ?. host is used to set the domain name of the OBS service. access_id and access_key are used to set the access key of the OBS service.

   The following example shows how to configure GCS as the destination for backups:

   • Use GCS as the backup media. The sys tenant configures the destination for backups of the mysql_tenant tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=https://storage.googleapis.com&access_id=****&access_key=****' TENANT = mysql_tenant;
     

   • Use GCS as the backup media. The user tenant configures the destination for backups of the current tenant.

     obclient> ALTER SYSTEM SET DATA_BACKUP_DEST='s3://oceanbase-test-bucket/backup/data?host=https://storage.googleapis.com&access_id=****&access_key=****';
     

   In the preceding example, s3:// indicates that an object storage service compatible with the S3 protocol is used as the backup media. The bucket name is oceanbase-test-bucket, and the path within the bucket is /backup/data. The parameters in the path are separated with ?. host is used to set the domain name of the GCS service. access_id and access_key are used to set the access key of the GCS service.

Considerations and notes after configuration

After the data_backup_dest parameter is successfully configured, the default system creates a format file in the specified directory as a verification file to check the validity of the backup destination and the integrity of the data in the destination. Therefore, when you configure the data_backup_dest parameter, note the following considerations:

• If the format file does not exist, the specified destination directory must be empty. Otherwise, an error -9080 will occur, indicating that the format file does not exist.

• If the format file already exists, its content must pass the verification. Otherwise, an error -9081 will occur, indicating that the format file is mismatched. The verification of the format file checks whether the cluster, tenant, and backup destination type are the same as those of the current operation.

• If the format file does not exist or its content verification fails during a backup task, the task will fail.

Back up the keys

Before you back up data, check the encryption status of the source tenant. If transparent encryption is configured for the source tenant, you must also back up the keys of the source tenant.

1. Log in to the database as the tenant administrator of the sys tenant or a user tenant.

2. Back up the keys.

   • Back up the keys of a specified tenant in the sys tenant

     ALTER SYSTEM BACKUP KEY TENANT = tenant_name TO 'backup_key_path' ENCRYPTED BY 'password';
     

   • Back up the keys of the current tenant in a user tenant

     Execute the following statement:

     ALTER SYSTEM BACKUP KEY TO 'backup_key_path' ENCRYPTED BY 'password';
     

   In the statements:

   • backup_key_path: the path where the keys are to be backed up. You need to specify this parameter. It cannot be the same as the path for backing up data or archiving logs. You can customize this path.

   • password: the password for encrypting the keys at the specified backup path.

   Here is an example of backing up the keys of the mysql_tenant tenant to the file:///data_backup_dest/key path in the sys tenant:

   obclient [(none)]> ALTER SYSTEM BACKUP KEY TENANT = mysql_tenant TO 'file:///data_backup_dest/key' ENCRYPTED BY '******';
   

3. After the configuration is successful, you can query the view for the path where the keys are backed up.

   • Query the CDB_OB_BACKUP_STORAGE_INFO view in the sys tenant for the path where the keys are backed up

     SELECT * FROM oceanbase.CDB_OB_BACKUP_STORAGE_INFO;
     

   • Query the DBA_OB_BACKUP_STORAGE_INFO view in a user tenant for the path where the keys are backed up

     MySQL mode

     Oracle mode

     Execute the following statement:

     SELECT * FROM oceanbase.DBA_OB_BACKUP_STORAGE_INFO;
     

     Execute the following statement:

     SELECT * FROM SYS.DBA_OB_BACKUP_STORAGE_INFO;
     

     For more information about the fields in the CDB_OB_BACKUP_STORAGE_INFO and DBA_OB_BACKUP_STORAGE_INFO views, see CDB_OB_BACKUP_STORAGE_INFO and DBA_OB_BACKUP_STORAGE_INFO.