SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000029626
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Product/Service Type: Appliance
Platform: SUSE, Red Hat Enterprise Linux (RHEL)
RSA Version/Condition: All
RSA Product/Service Type: Appliance
Platform: SUSE, Red Hat Enterprise Linux (RHEL)
RSA Version/Condition: All
Issue
By default when backing up the RSA Identity Governance & Lifecycle Oracle database using one of the options outlined in RSA Knowledge Base Article 000038174 -- How to perform a database backup (export) and a database restore (import) in RSA Identity Governance & Lifecycle, the RSA Identity Governance & Lifecycle database backups are written to the /home/oracle/AveksaExportImportDir local directory. The purpose of this RSA Knowledge Base Article is to provide steps on how to configure your server to switch the database backup location from the default local directory to an NFS file share.
Resolution
To change the storage location of an RSA Identity Governance & Lifecycle database backup from the default local directory to a remote NFS file share, follow the steps below.
NOTE: Your NFS server should be connected, configured, and tuned for the best transfer speed possible.The network performance to the NFS server will have a direct impact on the amount of time that the backup will take to complete. If there are issues with backups failing, the failure will need to be demonstrated or reproduced using the default local directory in order for RSA Identity Governance & Lifecycle Customer Support to assist.
SUSE
To configure:
- Login as root.
- Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:
mkdir /home/oracle/backups-local
mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/
- Use the /home/oracle/AveksaExportImportDir as your mount point for your NFS file share.
Here is an example using a non-persistent command.
mount -t nfs -o proto=tcp,port=2049 192.168.26.107:/nfs-backups /home/oracle/AveksaExportImportDir
mount | grep nfs
192.168.26.107:/nfs-backups on /home/oracle/AveksaExportImportDir type nfs
(rw,proto=tcp,port=2049,addr=192.168.26.120)
The remote NFS server's IP is 192.168.26.107 and it has a shared folder named /nfs-backups.
Here is an example of a persistent configuration. This is done by creating an entry in /etc/fstab.
Image description
Image descriptionOnce this change is in effect, the local directory /home/oracle/AveksaExportImportDir will be a pointer to the remote NFS file share. The backup will continue to write to the /home/oracle/AveksaExportImportDir directory but will write to the file location that this directory points to. In this case the NFS file share.
To reverse:
To reverse these steps so that backups are still written to the local directory /home/oracle/AveksaExportImportDir, login as root and:-
To reverse the non-persistent command
umount /home/oracle/AveksaExportImportDir -
To reverse the persistent command:
- Edit /etc/fstab and comment out or remove the line that references /home/oracle/AveksaExportImportDir
vi /etc/fstab- Dismount the NFS file share
umount /home/oracle/AveksaExportImportDirRHEL
- Login as root.
- Move the existing contents of the local backup folder (/home/oracle/AveksaExportImportDir) to a different location for safe keeping:
mkdir /home/oracle/backups-local
mv /home/oracle/AveksaImportExportDir/* /home/oracle/backups-local/- Create a directory for the backup files. Ensure there is a server that has sufficient storage off of the root partition:
mkdir /nfs-backups- Grant write access to the directory:
chmod 777 /nfs-backups-
Edit the /etc/exports file to define the directory as an NFS file share and grant the remote host access:
Example contents of /etc/exports:
cat /etc/exports
/nfs-backups 192.168.26.113(rw,sync)- Backup your existing configuration.
cp /etc/sysconfig/nfs /etc/sysconfig/nfs.backup_date- Edit the configuration file and set the ports used for NFS:
vi /etc/sysconfig/nfsUncomment these lines:
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662- Backup your iptables configuration:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup_date- Edit the iptables configuration file and add the following rules (if they do not already exist):
vi /etc/sysconfig/iptablesAdd these lines:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT- Restart iptables and nfs for the changes to take effect:
/sbin/service iptables restart
/sbin/service nfs restart- To test the connectivity and view the NFS file shares, you can run the following command:
showmount -e 192.168.26.107where 192.168.26.107 is the RedHat Server’s IP address.
In this article
