DB2 online backup and offline restore procedures for Security Directory Server

Edit online

You can learn about the procedure of online backup and offline restore through the information provided here.

About this task

Setting up online backup for the directory database (without change log)
  1. Use a secure location to store files to be used for backup and recovery, such as a backup machine, separate media, etc.In the examples listed, the /safeplace directory is used as a location to store files. The DB2® instance owner must have write permission for the /safeplace directory. In the examples, the Security Directory Server instance and database are named ldapdb2.
  2. Save Security Directory Server configuration and schema files in the secure location. These files need to be updated only if you change the topology, configuration parameters, or schema. 
    cp /home/ldapdb2/idsslapd-ldapdb2/etc/* /safeplace/etc
  3. Make sure that ibmslapd is not running. 
    ibmslapd –I ldapdb2 -k
  4. For recovery purposes, log files should be kept on a different physical drive than the database.In this example, the /safeplace/db2logs-ldapdb2 directory is used as the secure location. You must run all DB2 commands as the DB2 instance owner. 
    db2 update db config for ldapdb2 using newlogpath /safeplace/db2logs-ldapdb2
  5. Update the directory server database for online backup support with log archiving on. 
    db2 update db config for ldapdb2 using logarchmeth1 logretain 
db2 force applications all
db2stop
db2start
  6. After archival logging is set, you must make a full offline backup. Create a full offline backup of database. 
    db2 backup db ldapdb2 to /safeplace/sun-full-ldapdb2
  7. Start the directory server instance. 
    ibmslapd –I ldapdb2
Creating full online backup for the directory database
  1. On a nightly basis (or more frequently if necessary), create full backup and copy log files from the log file path.
    Note: You can use an online backup image for recovery only if you have the logs that span the time during which the backup operation was running.
    db2 backup db ldapdb2 online to /safeplace/mon-ldapdb2
  2. Verify the log path. DB2 appends the node to the path specified. 
    db2 get db config for ldapdb2 | grep –i “Path to log files”
The following example shows the information that is returned: 
Path to log files= /safeplace/db2logs-ldapdb2/NODE0000/
Restoring the directory database
Suppose that a disk drive failed on Wednesday morning on the machine being used, since the /safeplace directory is used to back up the files and logs was not affected, it can be used for restore.

If a different machine is being used to restore the database, the /safeplace directory on the backed up machine must be set up on the new machine to a local /safeplace directory.This must include all backup directories being used, as well as the log files in the /safeplace/db2log-ldapdb2/NODE0000 directory.

  1. If necessary, install Security Directory Server.
  2. Configure a database, using the same information that was specified on the backup machine.
  3. Copy or tar the configuration and schema files backed up previously. 
    cp/safeplace/etc/*/home/ldapdb2/idsslapd-ldapdb2/etc
  4. Restore the directory database from Tuesday. 
    db2 restore db ldapdb2 from /safeplace/tues-ldapdb2 taken 
at <timestamp_of_backup>
    Note: The <timestamp_of_backup> option is only required if there are more than one backup image in the specified directory path.
    If you are restoring on a new machine, the following warning message is displayed: 
    SQL2523WWarning!Restoring to an existing database that 
is different from the database on the backup image, but 
have matching names. The target database will be 
overwritten by the backup version. The Roll-forward 
recovery logs associated with the target database will be deleted.
Do you want to continue ? (y/n) y
DB20000IThe RESTORE DATABASE command completed successfully.
  5. Set the new database’s log path to the same path that was used for the log files. If you are restoring on a new system, you must copy the log files from the old system to the new. 
    db2 update db config for ldapdb2 using 
newlogpath /safeplace/db2logs-ldapdb2
  6. .Roll forward all logs located in the log directory, which include changes since the Tuesday night backup. 
    db2 rollforward db ldapdb2 to end of logs and stop
Note: In this case, recovery requires only the last full backup image and the logs spanning the time since the backup was made.
Setting up incremental online backup for both the directory and change log database to be used for recovery
This section and the following sections are based on a backup strategy with a weekly schedule of doing full backups on Sundays, and then using incremental backups during the week.
Figure 1. Incremental cumulative and Delta backup
This figure illustrates incremental cumulative and delta backup
  1. Use a secure location to store files to be used for backup and recovery, such as a backup machine, separate media, etc.In the examples listed, the directory /safeplace is used as a location to store files. If the change log is not configured, all commands containing ldapclog can be ignored.
  2. Save the Security Directory Server configuration and schema files in a secure location. These files need to be updated only if you change the topology, configuration parameters, or schema. In this example, ldapdb2 is used as the Security Directory Server instance and database instance name. 
    cp /home/ldapdb2/idsslapd-ldapdb2/etc/*/safeplace/etc
  3. Make sure that ibmslapd is not running. 
    ibmslapd –I ldapdb2 –k
    Note: In this example, the path of the log files has not been modified from the default locations. Here, the default log path locations are used for both directory and change log databases. For recovery purposes, log files should be kept on a different physical drive than the databases.
  4. Update the directory server database and change log database for online backup support with archival logging on, and incremental backup with trackmod on.
    Note: Setting trackmod on for incremental backup support can have an impact on the runtime performance for database update or insert operation.
    db2 update db cfg for ldapdb2 using logarchmeth1 logretain trackmod on
db2 update db config for ldapclog using logarchmeth1 logretain trackmod on
db2 force applications all
db2stop
db2start
Creating full offline backups for both the directory and change log databases
  1. Create full database offline backups for both directory and change log databases on Sunday. 
    db2 backup db ldapdb2 to /safeplace/sun-full-ldapdb2 
db2 backup db ldapclog to /safeplace/sun-full-ldapclog
  2. Start the directory server instance. 
    ibmslapd –I ldapdb2
Creating incremental online backups for both the directory and change log databases
  1. On a daily basis or more frequently if determined necessary, create incremental backups.
    Note: You can only use an online backup image for recovery if you have the logs that span the time during which the backup operation was running. Note that the directory and change log database logs are kept in different paths with identical names, for example, S0000000.LOG and S0000001.LOG, so they need to be saved in different directories if the change log is configured.
    db2 backup db ldapdb2 online incremental to /safeplace/mon-ldapdb2
  2. Verify the path to the log files for the directory database. 
    db2 get db config for ldapdb2 | grep –i “Path to log files”
    An example of the output displayed: 
    Path to log files = /home/ldapdb2/ldapdb2/NODE0000/SQL00001/SQLOGDIR/

cp /home/ldapdb2/ldapdb2/NODE0000/SQL00001/SQLOGDIR/* 
/safeplace/db2logs-ldapdb2
db2 backup db ldapclog online incremental to /safeplace/mon-ldapclog
  3. Verify the path to the log files for the change log database. 
    db2 get db config for ldapclog | grep “Path to log files”
    An example of the output displayed: 
    Path to log files= /home/ldapdb2/ldapdb2/NODE0000/SQL00002/SQLOGDIR/

cp /home/ldapdb2/ldapdb2/NODE0000/SQL00002/SQLOGDIR/* 
/safeplace/db2logs-ldapclog
Restoring the directory and change log databases

Suppose a disk drive failed on Wednesday morning on the machine being used, since the /safeplace directory used to backup the files was not affected, it can be used for restore.

If a different system is being used to restore the database, the /safeplace directories on the backed up system must be set up on the new system to the local /safeplace directory.This must include all backup directories being used, as well as the log files in the /safeplace/db2log-ldapdb2/NODE0000 and the /safeplace/db2log-ldapclog/NODE0000 directories.

  1. If necessary, install Security Directory Server. Configure a new database, using the same information that was specified earlier. Copy the configuration and schema files backed up previously. 
    cp/safeplace/etc/*/home/ldapdb2/idsslapd-ldapdb2/etc
  2. Make sure that ibmslapd is not running. 
    ibmslapd –I ldapdb2 –k
  3. Restore the directory database. The last backup image to be restored is called the target image. The target image must be restored twice, once at the start of the restore procedure and again at the end. In order to restore Tuesday’s incremental backup. 
    db2 restore db ldapdb2 incremental from /safeplace/tues-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/sun-full-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/tues-ldapdb2
  4. Copy the log files backed up previously to the default log path locations. 
    cp /safeplace/db2logs-ldapdb2/* 
/home/ldapdb2/ldapdb2/NODE0000/SQL00001/SQLOGDIR

db2 rollforward db ldapdb2 to end of logs and stop
  5. Restore the change log database. 
    db2 restore db ldapclog incremental from /safeplace/tues-ldapclog
db2 restore db ldapclog incremental from /safeplace/sun-full-ldapclog
db2 restore db ldapclog incremental from /safeplace/tues-ldapclog
  6. Copy the log files backed up previously to the default log path locations. 
    cp /safeplace/db2logs-ldapclog/* 
/home/ldapdb2/ldapdb2/NODE0000/SQL00002/SQLOGDIR

db2 rollforward db ldapclog to end of logs and stop
Note: In this case, recovery requires a full backup image and the last incremental backup. Note that the Monday incremental backup is not needed to restore up through Tuesday.
Using incremental delta backups

In the examples using incremental backup, the incremental backup increases in size until the next full backup.This is because the backup contains accumulated changes over time, so there are many more changes saved for Saturday than there were for Monday. DB2 also allows “delta” backups, which save only changes made since the last backup of any kind.These delta backups are much smaller and can be done in lesser time. When restoring, you must have all deltas since the last full or incremental backup.

The commands to perform online delta backups for the ldapdb2 database on a daily basis are listed: 
db2 backup db ldapdb2 online incremental delta to /safeplace/mon-delta-ldapdb2
db2 backup db ldapdb2 online incremental delta to /safeplace/tues-delta-ldapdb2
db2 backup db ldapdb2 online incremental delta to /safeplace/wed-delta-ldapdb2
db2 backup db ldapdb2 online incremental delta to /safeplace/thurs-delta-ldapdb2
db2 backup db ldapdb2 online incremental delta to /safeplace/fri-delta-ldapdb2 
db2 backup db ldapdb2 online incremental delta to /safeplace/sat-delta-ldapdb2

When using delta backups, the log files for the database must be kept in a secure location.If you are using the default log paths, you must copy them to the /safeplace/db2logs-ldapdb2 directory or modify the database configuration to save them directly in the /safeplace/db2logs-ldapdb2 directory.

Restoring from incremental delta backups

In the examples, the log files for the database from the backup machine must be available on the machine being used for restoring the delta backups.If you are using the default log paths, you must copy them from the /safeplace/db2logs-ldapdb2/NODE0000 directory on the backup machine to the default log path on the machine being restored, or modify the database configuration newlogpath on the new machine and copy them directly to the /safeplace/db2logs-ldapdb2/NODE000 directory. When restoring from delta backups, you must have ALL deltas since the last full or incremental backup.

The commands to restore online delta backups for the ldapdb2 database are as listed: 
db2 restore db ldapdb2 incremental from /safeplace/sat-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/sun-full-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/mon-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/tues-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/wed-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/thurs-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/fri-delta-ldapdb2
db2 restore db ldapdb2 incremental from /safeplace/sat-delta-ldapdb2
Note: The target image must be restored twice, at the beginning and at the last restore.
Copy the logs and do rollforward: 
cp /safeplace/db2logs-ldapdb2/* 
/home/ldapdb2/ldapdb2/NODE0000/SQL0001/SQLOGDIR/

db2 rollforward db ldapdb2 to end of logs and stop