To change the storage location of an RSA Identity Governance & Lifecycle database backup from the default local directory to a remote NFS file share, follow the steps below.
NOTE: Your NFS server should be connected, configured, and tuned for the best transfer speed possible.The network performance to the NFS server will have a direct impact on the amount of time that the backup will take to complete. If there are issues with backups failing, the failure will need to be demonstrated or reproduced using the default local directory in order for RSA Identity Governance & Lifecycle Customer Support to assist.
SUSE
To configure:
- Login as root.
- Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:
mkdir /home/oracle/backups-local mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/
- Use the /home/oracle/AveksaExportImportDir as your mount point for your NFS file share.
Here is an example using a non-persistent command.
mount -t nfs -o proto=tcp,port=2049 192.168.26.107:/nfs-backups /home/oracle/AveksaExportImportDir mount | grep nfs 192.168.26.107:/nfs-backups on /home/oracle/AveksaExportImportDir type nfs (rw,proto=tcp,port=2049,addr=192.168.26.120)
The remote NFS server's IP is 192.168.26.107 and it has a shared folder named /nfs-backups.
Here is an example of a persistent configuration. This is done by creating an entry in /etc/fstab. 
Once this change is in effect, the local directory /home/oracle/AveksaExportImportDir will be a pointer to the remote NFS file share. The backup will continue to write to the /home/oracle/AveksaExportImportDir directory but will write to the file location that this directory points to. In this case the NFS file share.
To reverse: To reverse these steps so that backups are still written to the local directory /home/oracle/AveksaExportImportDir, login as root and:
To reverse the non-persistent command
umount /home/oracle/AveksaExportImportDir
To reverse the persistent command:
- Edit /etc/fstab and comment out or remove the line that references /home/oracle/AveksaExportImportDir
vi /etc/fstab
- Dismount the NFS file share
umount /home/oracle/AveksaExportImportDir
RHEL
- Login as root.
- Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:
mkdir /home/oracle/backups-local mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/
- Create a directory for the backup files. Ensure there is a server that has sufficient storage off of the root partition:
mkdir /nfs-backups
- Grant write access to the directory:
chmod 777 /nfs-backups
Edit the /etc/exports file to define the directory as an NFS file share and grant the remote host access:
Example contents of /etc/exports:
cat /etc/exports /nfs-backups 192.168.26.113(rw,sync)
- Backup your existing configuration.
cp /etc/sysconfig/nfs /etc/sysconfig/nfs.backup_date
- Edit the configuration file and set the ports used for NFS:
vi /etc/sysconfig/nfs
Uncomment these lines:
LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662
- Backup your iptables configuration:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup_date
- Edit the iptables configuration file and add the following rules (if they do not already exist):
vi /etc/sysconfig/iptables
Add these lines:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
- Restart iptables and nfs for the changes to take effect:
/sbin/service iptables restart /sbin/service nfs restart
- To test the connectivity and view the NFS file shares, you can run the following command:
showmount -e 192.168.26.107
where 192.168.26.107 is the RedHat Server’s IP address.
|