000029626 - How to Configure Database Backups to write to an NFS File Share instead of Local Directory '/home/oracle/AveksaExportImportDir' in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jun 18, 2020
Version 7Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000029626
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Product/Service Type: Appliance
Platform: SUSE, Red Hat Enterprise Linux (RHEL)
RSA Version/Condition: All
 
IssueBy default when backing up the RSA Identity Governance & Lifecycle Oracle database using one of the options outlined in RSA Knowledge Base Article 000038174 -- How to perform a database backup (export) and a database restore (import) in RSA Identity Governance & Lifecycle, the RSA Identity Governance & Lifecycle database backups are written to the /home/oracle/AveksaExportImportDir local directory. The purpose of this RSA Knowledge Base Article is to provide steps on how to configure your server to switch the database backup location from the default local directory to an NFS file share.
 
ResolutionTo change the storage location of an RSA Identity Governance & Lifecycle database backup from the default local directory to a remote NFS file share, follow the steps below.

NOTE: Your NFS server should be connected, configured, and tuned for the best transfer speed possible.The network performance to the NFS server will have a direct impact on the amount of time that the backup will take to complete. If there are issues with backups failing, the failure will need to be demonstrated or reproduced using the default local directory in order for RSA Identity Governance & Lifecycle Customer Support to assist.




SUSE



To configure:



  1. Login as root.
  2. Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:


mkdir /home/oracle/backups-local
mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/


  1. Use the /home/oracle/AveksaExportImportDir as your mount point for your NFS file share.

Here is an example using a non-persistent command.



mount -t nfs -o proto=tcp,port=2049 192.168.26.107:/nfs-backups /home/oracle/AveksaExportImportDir
mount | grep nfs
192.168.26.107:/nfs-backups on /home/oracle/AveksaExportImportDir type nfs 
(rw,proto=tcp,port=2049,addr=192.168.26.120)


The remote NFS server's IP is 192.168.26.107 and it has a shared folder named /nfs-backups.
 


Here is an example of a persistent configuration. This is done by creating an entry in /etc/fstab.  

User-added image

 

Once this change is in effect, the local directory /home/oracle/AveksaExportImportDir will be a pointer to the remote NFS file share. The backup will continue to write to the /home/oracle/AveksaExportImportDir directory but will write to the file location that this directory points to. In this case the NFS file share.



 



To reverse:


To reverse these steps so that backups are still written to the local directory /home/oracle/AveksaExportImportDir, login as root and:


  • To reverse the non-persistent command  




    umount /home/oracle/AveksaExportImportDir


  • To reverse the persistent command:  



  1. Edit /etc/fstab and comment out or remove the line that references /home/oracle/AveksaExportImportDir  


vi /etc/fstab


  1. Dismount the NFS file share  


umount /home/oracle/AveksaExportImportDir

  

RHEL



  1. Login as root.
  2. Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:


mkdir /home/oracle/backups-local
mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/


  1. Create a directory for the backup files. Ensure there is a server that has sufficient storage off of the root partition:


mkdir /nfs-backups


  1. Grant write access to the directory:  


chmod 777 /nfs-backups



  1. Edit the /etc/exports file to define the directory as an NFS file share and grant the remote host access:



Example contents of /etc/exports:




cat /etc/exports
/nfs-backups       192.168.26.113(rw,sync)


  1. Backup your existing configuration.


cp /etc/sysconfig/nfs /etc/sysconfig/nfs.backup_date


  1. Edit the configuration file and set the ports used for NFS:


vi /etc/sysconfig/nfs


Uncomment these lines:




LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662


  1. Backup your iptables configuration:


cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup_date


  1. Edit the iptables configuration file and add the following rules (if they do not already exist):


vi /etc/sysconfig/iptables


Add these lines:




-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT


  1. Restart iptables and nfs for the changes to take effect:


/sbin/service iptables restart
/sbin/service nfs restart


  1. To test the connectivity and view the NFS file shares, you can run the following command:


showmount -e 192.168.26.107


where 192.168.26.107 is the RedHat Server’s IP address.



 

Attachments

    Outcomes