Architecture
Actions
Backup of the RDS database to Oracle directory, which is located on internal RDS server
Copy the backup to S3 bucket
Mount the S3 bucket as a directory on the staging host
Mount Accelario disk to the staging server
Restore from the mounted directory to staging Oracle instance (the instance is located on Accelario disk that was mounted in action 4)
Create standard VDB
Prerequisites
RDS Oracle database
Staging EC2 Linux server with Oracle Database software installed - same version as the RDS database
Preparations
Create a Standard S3 Bucket with a one folder inside.
In our example, we created a bucketrds-ora19
with folderora19-folder
Create IAM policy. It will be used for S3 bucket access from both RDS and EC2 servers.
In our example we called itloki-s3-access-policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::*" ] } ] }
In order to get files from S3 to EC2 server (action 3 in the architecture diagram) you have to decide how to authenticate.
There are 2 modes :
Access Key with Secret Key
IAM role
If you plan to use Access Key with Secret Key then create an IAM user with the above access policy.
After the users creation, generate its access key and store it in a safe place - you will use them when you will be configuring GI
Regardless of what choice you made in point 3 , create IAM role and attach the S3 policy with it.
It is important since RDS is accessing S3 (action 2 in the architecture diagram) using IAM role only.
Make sure to choose “AWS service”, then “RDS”, then “RDS - Add Role to Database”
Ignore error: Policy AmazonRDSServiceRolePolicy not attached
In the end the role should look like this (in our example we called it loki-s3-access-role):
Goto RDS and create an Option group for oracle engine and version that are the same as your RDS instance (
oracle-ee
stands for Enterprise Edition,oracle-se2
stands for Standard Edition Two).
In our example we called its3-option-group-oracle-se2
Once option group is created, select it and click on Add Option for the group.
Add
S3_INTEGRATION
from Option name dropdown, chooseVersion 1.0
, check Yes for Apply immediately and press Add Option.Now apply this option group with RDS database.
Choose the required RDS database, click Modify
Under the Additional configuration find Option group, open the list and choose the option group that you have created in the previous point.
Verify that the RDS database has backups enabled. It is needed to enable Archive Log Mode.
Setup the backup retention period to be long enough to accommodate future refreshes from Accelario.
Recommended value is at least 7 days.Add the IAM role created in Step 5, with
S3_INTEGRATION
feature
Go to the RDS database, select tab Connectivity & security, scroll down to Manage IAM roles, choose the role from step 5 (in our exampleloki-s3-access-role
)In the end it should look like this:
Perform some admin configuration in the RDS database. Connect to RDS database using an admin user.
Set Archive Log retention.
Check current value:set serveroutput on EXEC rdsadmin.rdsadmin_util.show_configuration;
If the value is under 48 – set it to 48
begin rdsadmin.rdsadmin_util.set_configuration( name => 'archivelog retention hours', value => '48'); end; /
Enable Force Logging.
exec rdsadmin.rdsadmin_util.force_logging(p_enable => true);
Enable Block Change Tracking – optionally, but highly recommended
exec rdsadmin.rdsadmin_rman_util.enable_block_change_tracking;
Source/Staging host config
Install
s3fs
on Staging Server.yum install epel-release yum install s3fs-fuse
If the rpm package is not available, you can download it from our repository and install:
wget https://accelarioapp.s3.eu-central-1.amazonaws.com/s3fs-fuse-1.92-1.el7.x86_64.rpm sudo yum localinstall s3fs-fuse-1.92-1.el7.x86_64.rpm
Apply the IAM role to the server. Choose it in the EC2 console, go to
Actions
>Security
>Modify IAM role
Make sure that the server has Oracle Database software installed - same version as the RDS database