Oracle RMAN integration with Oracle Cloud Infrastructure (OCI) Object Storage using the Oracle Database Cloud Backup Module for OCI (OSB).
This repository contains scripts and configuration files to automate Oracle RMAN backups directly to OCI Object Storage. It includes RMAN command files, helper shell snippets, and environment configuration for secure and efficient backup management.
Oracle Recovery Manager (RMAN)
Using Oracle Database Backup Cloud Service
Creating an Object Storage Bucket
Step-by-Step procedure to place On-Premise Database backup on Oracle Cloud (Doc ID 2225766.1)
Oracle Database Backup Service - FAQ (Doc ID 1640149.1)
Cloud Backup Module Installation Failing with '401 Unauthorized' (Doc ID 2748200.1)
Refer to the repository Oracle-ENV-Scripts for the Oracle environment scripts.
The Oracle MML library (libopc.so) is not pre-installed. It is downloaded by the Oracle Database Cloud Backup Module installer (oci_install.jar).
# Adjust to your environment
ORACLE_DB_NAME=orcl
ORACLE_BASE=/u01/app/oracle
OCI_REGION=sa-vinhedo-1
OCI_BUCKET=oracle-backups
# Path to the installer ZIP
OPC_INSTALLER_ZIP=/tmp/opc_installer.zip
# Path to the installer JAR (after unzipping)
# opc_install.jar should not be used as it's used on OCI-Classic
OPC_JAR_LOCATION=/tmp/opc_installer/oci_installer/oci_install.jar
# Where to write the RMAN opc parameter file, the wallet and the library
OPC_RMAN_CONFIG=${ORACLE_BASE}/admin/${ORACLE_DB_NAME}/opc/opc${ORACLE_DB_NAME}.ora
OPC_WALLET_DIR=${ORACLE_BASE}/admin/${ORACLE_DB_NAME}/opc/wallet
OPC_LIB_DIR=${ORACLE_BASE}/admin/${ORACLE_DB_NAME}/opc/lib
# OCI API key identity (masked)
UOCID="<USER_OCID>" # e.g., ocid1.user.oc1..********
TOCID="<TENANCY_OCID>" # e.g., ocid1.tenancy.oc1..********
FOCID="<API_KEY_FINGERPRINT>" # e.g., 84:c3:bc:...:fa:b8mkdir -pv ${OPC_WALLET_DIR} ${OPC_LIB_DIR}unzip -od /tmp ${OPC_INSTALLER_ZIP}Generate a new OCI API key pair for signing requests. The wallet directory will receive oci_pvt (private) and oci_pub (public).
java -jar ${OPC_JAR_LOCATION} -newrsakeypair -walletDir ${OPC_WALLET_DIR}Sample output:
Oracle Database Cloud Backup Module Install Tool, build 19.3.0.0.0DBBKPCSBP_2019-10-16
OCI API signing keys are created:
PRIVATE KEY --> ${OPC_WALLET_DIR}/oci_pvt
PUBLIC KEY --> ${OPC_WALLET_DIR}/oci_pub
Please upload the public key in the OCI console (Identity > Users > User > API Keys).
-
Display and copy your PUBLIC key contents (include the BEGIN/END lines):
cat ${OPC_WALLET_DIR}/oci_pub -
In the OCI Console, go to your profile (top-right) > User Settings > API Keys > Add API Key.
-
Choose “Paste Public Key”, paste the copied public key content, and click Add.
-
Copy the generated Fingerprint value (for example,
84:c3:bc:...:fa:b8). Use this as the value forFOCID.
Validate credentials, create the wallet, download the library, and write the config file.
java -jar ${OPC_JAR_LOCATION} \
-host https://objectstorage.${OCI_REGION}.oraclecloud.com \
-pvtKeyFile ${OPC_WALLET_DIR}/oci_pvt \
-pubFingerPrint "${FOCID}" \
-uOCID ${UOCID} \
-tOCID ${TOCID} \
-walletDir ${OPC_WALLET_DIR} \
-libDir ${OPC_LIB_DIR} \
-bucket ${OCI_BUCKET} \
-configfile ${OPC_RMAN_CONFIG} \
-debugExample with concrete values (masked):
java -jar /tmp/opc_installer/oci_installer/oci_install.jar \
-host https://objectstorage.sa-vinhedo-1.oraclecloud.com \
-pvtKeyFile /u01/app/oracle/admin/orcl/opc/wallet/oci_pvt \
-pubFingerPrint 84:c3:bc:...:fa:b8 \
-uOCID ocid1.user.oc1..******** \
-tOCID ocid1.tenancy.oc1..******** \
-walletDir /u01/app/oracle/admin/orcl/opc/wallet \
-libDir /u01/app/oracle/admin/orcl/opc/lib \
-bucket oracle-backups \
-configfile /u01/app/oracle/admin/orcl/opc/opcorcl.ora \
-debugSample output:
Oracle Database Cloud Backup Module Install Tool, build 19.3.0.0.0DBBKPCSBP_2019-10-16
Debug: os.name = Linux
Debug: os.arch = amd64
Debug: os.version = 5.15.0-312.187.5.2.el9uek.x86_64
Debug: file.separator = /
Debug: Platform = PLATFORM_LINUX64
Debug: StringToSign:
date: Mon, 27 Oct 2025 20:42:52 GMT
(request-target): get /n/
host: objectstorage.sa-vinhedo-1.oraclecloud.com
Debug: OCI User Namespace: axmi8sezswsb
Oracle Database Cloud Backup Module credentials are valid.
Debug: StringToSign:
date: Mon, 27 Oct 2025 20:42:52 GMT
(request-target): get /n/axmi8sezswsb/b/oracle-backups
host: objectstorage.sa-vinhedo-1.oraclecloud.com
Debug: Bucket oracle-backups compartment ID: ocid1.tenancy.oc1..********
Backups would be sent to bucket oracle-backups.
Debug: Certificate Success:
Subject : CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Validity : Thu Aug 01 09:00:00 BRT 2013 - Fri Jan 15 09:00:00 BRT 2038
Issuer : CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Oracle Database Cloud Backup Module wallet created in directory /u01/app/oracle/admin/orcl/oci/wallet.
Oracle Database Cloud Backup Module initialization file /u01/app/oracle/admin/orcl/oci/odcbmorcl.ora created.
Downloading Oracle Database Cloud Backup Module Software Library from Oracle Cloud Infrastructure.
Debug: Temp zip file = /tmp/opc_linux64235220637774072303.zip
Debug: Downloaded 27842982 bytes in 2 seconds.
Debug: Transfer rate was 13921491 bytes/second.
Download complete.
Debug: Delete RC = true
After running the installer successfully, you should see these artifacts:
- Shared library
${OPC_LIB_DIR}/libopc.so
- Wallet contents (API signing keys)
- Private key:
${OPC_WALLET_DIR}/oci_pvt - Public key:
${OPC_WALLET_DIR}/oci_pub
- Private key:
- RMAN parameter file for SBT
${OPC_RMAN_CONFIG}(for example,/u01/app/oracle/admin/orcl/opc/opcorcl.ora)
In RMAN, set SBT_PARMS to include OPC_PFILE=<path> pointing to the parameter file, and ensure SBT_LIBRARY points to libopc.so.
The contents of the file ${OPC_RMAN_CONFIG} should be similar to:
OPC_HOST=https://objectstorage.sa-vinhedo-1.oraclecloud.com/n/ax********sb
OPC_WALLET='LOCATION=file:/u01/app/oracle/admin/orcl/opc/wallet CREDENTIAL_ALIAS=alias_oci'
OPC_CONTAINER=oracle-backups
OPC_AUTH_SCHEME=BMCThe script below is an example. The only difference in your script should be the channel allocation, which you can configure in various ways (for example, by using CONFIGURE CHANNEL ...).
set encryption on identified by "set#your#password#here" only;
RUN {
allocate channel osb_01
device type sbt
parms='SBT_LIBRARY=/u01/app/oracle/admin/orcl/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/u01/app/oracle/admin/orcl/opc/opcorcl.ora)';
backup tablespace SYSTEM;
release channel osb_01;
}RMAN> set encryption on identified by * only;
2>
3> RUN {
4> allocate channel osb_01
5> device type sbt
6> parms='SBT_LIBRARY=/u01/app/oracle/admin/orcl/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/u01/app/oracle/admin/orcl/opc/opcorcl.ora)';
7>
8> backup tablespace SYSTEM;
9> release channel osb_01;
10> }
11>
executing command: SET encryption
allocated channel: osb_01
channel osb_01: SID=400 device type=SBT_TAPE
channel osb_01: Oracle Database Backup Service Library VER=19.0.0.1
Starting backup at 27/10/2025 19:06
channel osb_01: starting full datafile backup set
channel osb_01: specifying datafile(s) in backup set
input datafile file number=00001 name=/u01/app/oracle/oradata/orcl/datafile/o1_mf_system_lw74lfg6_.dbf
channel osb_01: starting piece 1 at 27/10/2025 19:06
channel osb_01: finished piece 1 at 27/10/2025 19:11
piece handle=o147a32h_24321_1_1 tag=TAG20251027T190657 comment=API Version 2.0,MMS Version 19.0.0.1
channel osb_01: backup set complete, elapsed time: 00:04:35
Finished backup at 27/10/2025 19:11
Starting Control File and SPFILE Autobackup at 27/10/2025 19:11
piece handle=orcl_cfile_auto_c-1269851242-20251027-0b comment=API Version 2.0,MMS Version 19.0.0.1
Finished Control File and SPFILE Autobackup at 27/10/2025 19:11
released channel: osb_01
Recovery Manager complete.
RMAN>set encryption on identified by "set#your#password#here" only;
RUN {
allocate channel osb_01
device type sbt
parms='SBT_LIBRARY=/u01/app/oracle/admin/orcl/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/u01/app/oracle/admin/orcl/opc/opcorcl.ora)';
BACKUP BACKUPSET 249203; # "BS Key" example
release channel osb_01;
}RMAN> set encryption on identified by * only;
2>
3> RUN {
4> allocate channel osb_01
5> device type sbt
6> parms='SBT_LIBRARY=/u01/app/oracle/admin/orcl/opc/lib/libopc.so,SBT_PARMS=(OPC_PFILE=/u01/app/oracle/admin/orcl/opc/opcorcl.ora)';
7>
8> BACKUP BACKUPSET 249203;
9>
10> release channel osb_01;
11> }
12>
executing command: SET encryption
allocated channel: osb_01
channel osb_01: SID=27 device type=SBT_TAPE
channel osb_01: Oracle Database Backup Service Library VER=19.0.0.1
Starting backup at 27/10/2025 19:38
channel osb_01: input backup set: count=2971, stamp=1170558043, piece=1
channel osb_01: starting piece 1 at 27/10/2025 19:38
channel osb_01: backup piece /u01/repository/backup/db/acst/orcl/orcl_df_full_sr2saj2r_2971_1_1_1170558043
piece handle=sr2saj2r_2971_1_2 comment=API Version 2.0,MMS Version 19.0.0.1
channel osb_01: finished piece 1 at 27/10/2025 19:38
channel osb_01: backup piece complete, elapsed time: 00:00:07
Finished backup at 27/10/2025 19:38
Starting Control File and SPFILE Autobackup at 27/10/2025 19:38
piece handle=orcl_cfile_auto_c-1269851242-20251027-0c comment=API Version 2.0,MMS Version 19.0.0.1
Finished Control File and SPFILE Autobackup at 27/10/2025 19:38
released channel: osb_01
Recovery Manager complete.