Configuring Replication between Recovery Appliances Using RACLI
This section describes the RACLI tasks for establishing replication between two Recovery Appliances, named RA1 and RA2. Most of the tasks are performed on RA1 with an admin_user account.
The replication user and replication wallet are managed within racli create replication_server and racli delete replication_server. The Recovery Appliance partner user manages the replication user, replication wallet, and replication server parameters.
Note:
If the replication was established with a version earlier than Recovery Appliance 23.1 and DBMS_RA, the recommendation is to use the RACLI commands going forward. To change replication to RACLI replication, useracli add ra_partner and racli enable replication_management as provided later in this section.
Upon completion of this, the client database sends its backups to RA1. RA1 as part of replication sends those backups to RA2 as well.
Note:
The replication server in this case is RA1. The replication user that is created is for RA2.
Task 1: Create the admin_user user types needed for replication.
Both Recovery Appliances require an admin_user, preferably named the same. On both RA1 and RA2, run:
racli add admin_user --user_name=REPL_ADMIN_NAME If the new user (REPL_ADMIN_NAME) did not already exist, you are prompted for a password.
Note:
The replication user has the following password requirements.
- At least 15 characters in total
- At least 1 lower case letter
- At least 1 upper case letter
- At least 1 number
- At least 1 special character
For example: Welcome*123456789
Verify that the admin_user was created.
racli list admin_userMake a note for later the user_name, user_uid, and user_gud of the newly creaded admin_user (REPL_ADMIN_NAME) on RA2.
Task 2: Create a replication db_user for replication on both Recovery Appliances.
This replication db_user for should be the same for both Recovery Appliances, RA1 and RA2. In this example, the db_users are REP_USER_FROM_DB1_TO_DB2 and REP_USER_FROM_DB2_TO_DB1. This is performed on both RA1 and RA2.
racli add db_user -user_name=<REPL_VPC_USER> --user_type=replication This replication db_user is different from the partner user (admin_user).
Task 3: Create a partnership between two Recovery Appliances.
On RA1, create the partner connection with RA2 --admin_user credentials.
Note:
If replication is two-way, the command does not need to be run on RA2 and later racli create replication_server should specify --type=bidrectional.
racli add ra_partner --target_host=<RA2>
--partner_user=REPL_PARTNER_RA1 --partner_uid=UID
--admin_user=REPL_ADMIN_NAME --admin_key=VALUE--target_hostspecifies the fully qualified domain name (FQDN) of the first compute node from the downstream Recovery Appliance. If running command from upstream RA1, the--target_hostis RA2.--partner_userspecifies the designated partner's name. This should be a non-root user with limited privileges to manage certificates and pass the SSH key for building two-way authentication and authority.--partner_uidspecifies the numeric user id (UID) for the partner user. The UID value needs to be less than 3000 for cloud system.--admin_userspecifies the administrative user if the cluster is not accessible using the root user. It can be eitherrootor anyadminuser with access to RA2 with a password or SSH key. Required for cloud-based instances, but optional for on-premise.--admin_keyspecifies theadminuser SSH key if the cluster is not accessible using therootuser. Required for cloud-based instances or when an--admin_useris specified.
Task 4: Create a replication server.
This operation is run from RA1. The credential information for the RA2 replication user is put into the replication wallet for RA1.
Note:
This racli create replication_server command has a password prompt for the replication user. It creates a replication wallet if one did not exist. You do not need to create a replication user and replication wallet separately.
racli create replication_server --target_host=PATH2TARGET
--type=bidirectional [--certificates=YOURLIST]--target_hostspecifies full path to the first node of the target Recovery Appliance to be paired.--type=bidirectionalspecifies two-way replication.--certificates=cert1,cert2,cert3...specifies one or more certificates with their full paths. If RA1 and RA2 share the same trusted certificate, then only one trusted certificate is needed.
The command racli list listener provides information on whether TCP or TCPS is used.
Example 1: Two-way replication.
racli create replication_server --target_host=<RA2> --backup_anywhere
–certificates=/raacfs/raadmin/cert/raCA.pemExample 2: One-way replication with TLS enabled on only the downstream Recovery Appliance. Copy the trusted certificate to RA1 from RA2
scp root@RA2:<TRUSTED CERT FROM RA2> /tmp/<CERTNAME>.pem
racli create replication_server --target_host=<RA2> – certificates=/tmp/<CERTNAME>.pemExample 2: Two-way replication with TLS enabled on only the downstream Recovery Appliance. Copy the trusted certificate to RA1 from RA2
scp root@RA2:<TRUSTED CERT FROM RA2> /tmp/<CERTNAME>.pem
racli create replication_server --target_host=<RA2> --type=backup_anywhere
--certificates=/tmp/<CERTNAME>.pem,/raacfs/raadmin/cert/<raCA>.pem Note:
After this task, replication is managed completely through RACLI commands include theTask 5: Create protection policy.
If a suitable protection policy does not exist, you can create one appropriate for the replication. If this is one-way replication, create this protection policy on the upstream Recovery Appliance. If this is two-way replication, run the same command on both Recovery Appliances.
racli create protection_policy --protection_policy_name=YOUR_POLICY
--storage_location_name=<YOURLOC> --recovery_window_goal=11day --autotune_reserved_space=YESRefer to racli create protection_policy for other appropriate arguments.
Task 6: Add protected databases.
If the database has not been assigned a protection policy by other means (DBMS_RA API or Enterprise Manager Cloud Control), then issue a command similar to.
racli add protected_db --db_unique_name=<yourDB>
--protection_policy_name=<YOUR_POLICY> --reserved_space-10GNote:
Assigning the same database to two different protection policies is not supported. If database gets a new protection policy, you'll need to run racli delete protected_db and then racli add protected_db with the new protection policy information.
Task 7: Grant protected database access to replication user on both ZDLRAs
If this is one-way replication, run this on the upstream Recovery Appliance. If this is two-way replication, run the same commands on both Recovery Appliances.
racli grant db_access --db_unique_name=test_db --username=REP_USER_FROM_DB1_TO_DB2 racli grant db_access --db_unique_name=test_db --username=REP_USER_FROM_DB2_TO_DB1 Task 8: Grant protected database access.
Refer to the replication db_user user names created in earlier steps. In this example, the db_users are REP_USER_FROM_DB1_TO_DB2 and REP_USER_FROM_DB2_TO_DB1.
racli list db_user
With the appropriate replication user name, grant access.
racli grant db_access --db_unique_name=<yourDB> --username=REP_USER_FROM_DB1_TO_DB2 Task 9: Add replication server
This command is run on both RA1 and RA2.
racli add replication_server --replication_server_name=<REPL> --protection_policy_name=YOUR_POLICY
--replication_user_name=rep_user_from_DB1_to_DB2
--ra_partner_user=REPL_PARTNER_RA1The RACLI commands for replication server management are:
racli add replication_serverracli delete replication_serverracli list replication_serverracli remove replication_serverracli status replication_serverracli update replication_server
The RACLI commands for replication user management are:
racli add replication_userracli alter replication_user[for changing the password]racli list replication_userracli remove replication_user
The RACLI commands for replication wallet management are:
racli add replication_walletracli alter replication_walletracli list replication_walletracli remove replication_wallet