- Berkeley DB Reference Guide:
- Transaction Protected Applications
|
|
The third component of the administrative infrastructure, archival for catastrophic recovery, concerns the recoverability of the database in the face of catastrophic failure. Recovery after catastrophic failure is intended to minimize data loss when physical hardware has been destroyed, for example, loss of a disk that contains databases or log files. While the application may still experience data loss in this case, it is possible to minimize it.
First, you may want to periodically create snapshots (i.e., backups) of your databases to make it possible to recover from catastrophic failure. These snapshots are either a standard backup which creates a consistent picture of the databases as of a single instant in time, or an on-line backup (also known as a hot backup), which creates a consistent picture of the databases as of an unspecified instant during the period of time when the snapshot was made. The advantage of a hot backup is that applications may continue to read and write the databases while the snapshot is being taken. The disadvantage of a hot backup is that more information must be archived, and recovery based on a hot backup is to an unspecified time between the start of the backup and when the backup is completed.
Second, after taking a snapshot, you should periodically archive the log files being created in the environment. It is often helpful to think of database archival in terms of full and incremental filesystem backups. A snapshot is a full backup, while the periodic archival of the current log files is an incremental. For example, it might be reasonable to take a full snapshot of a database environment weekly or monthly, and then archive additional log files daily. Using both the snapshot and the log files, a catastrophic crash at any time can be recovered to the time of the most recent log archival, a time long after the original snapshot.
To create a standard backup of your database that can be used to recover from catastrophic failure, take the following steps:
If the database files are stored in a separate directory from the other Berkeley DB files, it may be simpler to archive the directory itself instead of the individual files (see DBENV->set_data_dir for additional information). If you are performing a hot backup, the utility you use to copy the files must read database pages atomically (as described by Berkeley DB recoverability).
Note: if any of the database files did not have an open DB handle during the lifetime of the current log files, db_archive will not list them in its output! For this reason, it may be simpler to use a separate database file directory, and archive the entire directory instead of only the files listed by db_archive.
To create a hot backup of your database that can be used to recover from catastrophic failure, take the following steps:
To archive your log files, run the db_archive utility, using the -l option, to identify all of the database log files, and copy them to your backup media. If the database log files are stored in a separate directory from the other database files, it may be simpler to archive the directory itself instead of the individual files (see the DBENV->set_lg_dir function for more information).
Once these steps are completed, your database can be recovered from catastrophic failure (see Recovery procedures for more information).
To update your snapshot so that recovery from catastrophic failure is possible up to a new point in time, repeat step #2 under the hot backup instructions, copying all existing log files to a backup device. This is applicable to both standard and hot backups, that is, you can update snapshots made in either way. Each time both the database and log files are copied to backup media, you may discard all previous database snapshots and saved log files. Archiving additional log files does not allow you to discard either previous database snapshots or log files.
The time to restore from catastrophic failure is a function of the number of log records that have been written since the snapshot was originally created. Perhaps more importantly, the more separate pieces of backup media you use, the more likely that you will have a problem reading from one of them. For these reasons, it is often best to make snapshots on a regular basis.
For archival safety, ensure that you have multiple copies of your database backups, verify that your archival media is error-free and readable, and that copies of your backups are stored off-site!
The functionality provided by the db_archive utility is also available directly from the Berkeley DB library. The following code fragment prints out a list of log and database files that need to be archived.
void
log_archlist(DB_ENV *dbenv)
{
int ret;
char **begin, **list;
/* Get the list of database files. */
if ((ret = log_archive(dbenv,
&list, DB_ARCH_ABS | DB_ARCH_DATA, NULL)) != 0) {
dbenv->err(dbenv, ret, "log_archive: DB_ARCH_DATA");
exit (1);
}
if (list != NULL) {
for (begin = list; *list != NULL; ++list)
printf("database file: %s\n", *list);
free (begin);
}
/* Get the list of log files. */
if ((ret = log_archive(dbenv,
&list, DB_ARCH_ABS | DB_ARCH_LOG, NULL)) != 0) {
dbenv->err(dbenv, ret, "log_archive: DB_ARCH_LOG");
exit (1);
}
if (list != NULL) {
for (begin = list; *list != NULL; ++list)
printf("log file: %s\n", *list);
free (begin);
}
}
|
|