OceanBase Database supports dynamically updating the access_id and access_key information for backup paths or archive paths. After configuring the backup path or archive path, if the user changes the key information of the object storage for security or other reasons, this method can be used to update the access_id and access_key for the already configured backup path or archive path to ensure the normal execution of backups or archiving.
Limitations
For V4.3.5, support for updating the key information of backup paths or archive paths is available starting from V4.3.5 BP2.
Only the
access_idandaccess_keyinformation of object storage paths can be updated.Only user tenants are allowed to update the key information of their own backup paths or archive paths. System tenants are not allowed to update the key information of backup paths or archive paths for specific user tenants.
Considerations
During the backup or archiving process, if the key information corresponding to the object storage path is changed, the
access_idandaccess_keyinformation for the backup path or archive path must be updated promptly. Failure to do so may result in backup task execution failures or issues with archiving progress.In physical standby scenarios based on log archiving, if the key information corresponding to the object storage path is changed, the
access_idandaccess_keyinformation in the log restore path of the standby database (standby tenant) must be updated as soon as possible. Otherwise, it may cause issues with log synchronization progress. For detailed steps on updating theaccess_idandaccess_keyinformation in the log restore path of the standby database (standby tenant), see Set the log restore source.
Procedure
Log in to the user tenant of the cluster as the tenant administrator of the user tenant.
Note
In MySQL mode, the administrator user is the
rootuser, and in Oracle mode, the administrator user is theSYSuser.An example of the connection is shown below. Please adjust the connection settings according to the actual environment.
obclient -h10.xx.xx.xx -P2883 -uroot@mysql_tenant#obdemo -p***** -AExecute the following statement to change the key information of the backup path or archive path.
The sample SQL statement is as follows:
ALTER SYSTEM {ALTER|CHANGE|MODIFY} EXTERNAL_STORAGE_DEST PATH [=] 'path' SET ACCESS_INFO = 'access_id=new_access_id&access_key=new_access_key';The parameters in the statement are described as follows:
path: the backup path or archive path for which the key information is to be updated. The path must be a backup path or archive path already configured for the current tenant, and it must be an object storage path. Additionally, the path must include thehostinformation.For example, in the case of OSS, the path format is as follows:
oss://oceanbase-test-bucket/backup/data?host=***.access_id=new_access_id&access_key=new_access_key: the newaccess_idandaccess_keyafter the update. You must specify bothaccess_idandaccess_key.
For example, assuming that the backup path and archive path configured for the current user tenant during backup are
oss://oceanbase-test-bucket/backup/data?host=cn-****.aliyuncs.comandoss://oceanbase-test-bucket/backup/archive?host=cn-****.aliyuncs.comrespectively, the key information of the backup path and archive path can be updated as follows:Update the key information of the backup path
obclient> ALTER SYSTEM CHANGE EXTERNAL_STORAGE_DEST PATH='oss://oceanbase-test-bucket/backup/data?host=cn-****.aliyuncs.com' SET ACCESS_INFO = 'access_id=******&access_key=******';Update the key information of the archive path
obclient> ALTER SYSTEM CHANGE ARCHIVELOG DESTINATION PATH='oss://oceanbase-test-bucket/backup/archive?host=cn-****.aliyuncs.com' SET ACCESS_INFO = 'access_id=******&access_key=******';
For more information, see ALTER/CHANGE/MODIFY EXTERNAL_STORAGE_DEST.
Query the
DBA_OB_BACKUP_STORAGE_INFOview to confirm the change.MySQL modeOracle modeConfirm the
access_idandaccess_keyof the backup path.obclient[oceanbase]> SELECT AUTHORIZATION FROM oceanbase.DBA_OB_BACKUP_STORAGE_INFO WHERE PATH='oss://oceanbase-test-bucket/backup/data' AND ENDPOINT = 'host=cn-****.aliyuncs.com';The query result is as follows:
+-------------------------------------+ | AUTHORIZATION | +-------------------------------------+ | access_id=******&encrypt_key=****** | +-------------------------------------+ 1 row in setConfirm the
access_idandaccess_keyof the archive path.obclient[oceanbase]> SELECT AUTHORIZATION FROM oceanbase.DBA_OB_BACKUP_STORAGE_INFO WHERE PATH='oss://oceanbase-test-bucket/backup/archive' AND ENDPOINT = 'host=cn-****.aliyuncs.com';The query result is as follows:
+-------------------------------------+ | AUTHORIZATION | +-------------------------------------+ | access_id=******&encrypt_key=****** | +-------------------------------------+ 1 row in set
Confirm the
access_idandaccess_keyof the backup path.obclient[SYS]> SELECT AUTHORIZATION FROM SYS.DBA_OB_BACKUP_STORAGE_INFO WHERE PATH='oss://oceanbase-test-bucket/backup/data' AND ENDPOINT = 'host=cn-****.aliyuncs.com';The query result is as follows:
+-------------------------------------+ | AUTHORIZATION | +-------------------------------------+ | access_id=******&encrypt_key=****** | +-------------------------------------+ 1 row in setConfirm the
access_idandaccess_keyof the archive path.obclient[SYS]> SELECT AUTHORIZATION FROM SYS.DBA_OB_BACKUP_STORAGE_INFO WHERE PATH='oss://oceanbase-test-bucket/backup/archive' AND ENDPOINT = 'host=cn-****.aliyuncs.com';The query result is as follows:
+-------------------------------------+ | AUTHORIZATION | +-------------------------------------+ | access_id=******&encrypt_key=****** | +-------------------------------------+ 1 row in set