The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter explains how to maintain the Cisco Prime IP Express databases.
Because the Cisco Prime IP Express databases do a variety of memory caching and can be active at any time, you cannot rely on third-party system backups to protect the database. They can cause backup data inconsistency and an unusable replacement database.
For this purpose, Cisco Prime IP Express provides a shadow backup utility, cnr_shadow_backup. Once a day, at a configurable time, Cisco Prime IP Express takes a snapshot of the critical files. This snapshot is guaranteed to be a consistent view of the databases.
Backing Up All CNRDBs Using tar or Similar Tools
Recovering CNRDB Data from Backups
Recovering All CNRDBs Using tar or Similar Tools
Be sure to understand that the notation “.../data/db” in the following sections refers to directories in the Cisco Prime IP Express product data location path, depending on the operating system:
Cisco Prime IP Express database utility programs mentioned in the following sections are located in the “.../bin” directory, which you run as its full path name:
Note | Use only the approved utilities for each type of database. In Windows, if you want to run the utility from outside the installed path, you must set the CNR_HOME environment variable. |
or
Shutting down Cisco Prime IP Express and performing a backup using TAR or other similar tools.
Use the cnr_shadow_backup utility to back up the following databases:
Note | If you change the location of the data directory, you must edit the cnr.conf file, which is located in .../conf (see Modifying the cnr.conf File). Change the cnr.datadir variable to the full path to the data directory. For example, the following is the default value on Windows: cnr.datadir=C:\\IPExpress\\{Local|Regional}\\data
|
The most basic component of a backup strategy is the daily shadow backup. When problems occur with the operational database, you might need to try recovering based on the shadow backup of the previous day. Therefore, you must recognize and correct any problems that prevent a successful backup.
The most common problem is disk space exhaustion. To get a rough estimate of disk space requirements, take the size of the .../data directory and multiply by 10. System load, such as usage patterns, application mix, and the load on Cisco Prime IP Express itself, may dictate that a much larger reserve of space be available.
You should regularly archive existing shadow backups (such as to tape, other disks, or other systems) to preserve them for possible future recovery purposes.
Caution | Using a utility on the wrong type of database other than the one recommended can cause database corruption. Use only the utilities indicated. Also, never use the database utilities on the operational database, only on a copy. |
You can set the time at which an automatic backup should occur by editing the cnr.conf file (in .../conf). Change the cnr.backup-time variable to the hour and minute of the automatic shadow backup, in 24-hour HH:MM format, then restart the server agent. For example, the following is the preset value:
cnr.backup-time=23:45
You can also initiate a manual backup with the cnr_shadow_backup utility, which requires root privileges. Enter the cnr_shadow_backup command at the prompt to perform the backup.
Note | To restore DHCP data from a failover partner that is more up to date than a backup, see Restoring DHCP Data from a Failover Server. |
You should avoid scheduling third-party backup programs while cnr_shadow_backup is operating. Third-party backup programs should be run either an hour earlier or later than the cnr_shadow_backup operation. As described in Setting Automatic Backup Time, the default shadow backup time is daily at 23:45.
Configure third-party backup programs to skip the Cisco Prime IP Express operational database directories and files, and to back up only their shadow copies.
The operational files are listed in Backup Strategy. On Linux, Cisco Prime IP Express also maintains lock files in the following directories:
The lock files are recreated during a reboot. These files are important while a system is running. Any maintenance process (such as virus scanning and archiving) should exclude the temporary directories, operational database directories, and files.
Windows does not maintain lock files, but uses named-pipes instead.
In the case of the CNRDB databases, the cnr_shadow_backup utility copies the database and all log files to a secondary directory in the directory tree of the installed Cisco Prime IP Express product. For:
The actual file naming convention is:
This section describes the procedure for backing up all Cisco Prime IP Express databases using tar or similar tools.
Cisco Prime IP Express uses the CNRDB database. The following table lists the types of CNRDB database that must be backed up and recovered.
Subdirectory |
Cluster |
Type |
Description |
---|---|---|---|
ccm |
local, regional |
CNRDB |
Central Configuration Management database. Stores local centrally managed cluster and the SNMP server data. |
dns |
local |
CNRDB |
DNS database. Stores zone state information, names of protected RRs, and zone configuration data for the DNS server. |
cdns |
local |
CNRDB |
Caching DNS database. Stores the initial DNSSEC root trust anchor and root hints. |
dhcp |
local |
CNRDB |
DHCP database. Stores lease state data for the DHCP server. |
dhcpeventstore |
local |
|
Queue that Cisco Prime IP Express maintains to interact with external servers, such as for LDAP and DHCPv4 DNS Update interactions. Recovery is not necessary. |
replica |
regional |
CNRDB |
Stores replica data for the local clusters. |
lease6hist |
regional |
CNRDB |
DHCPv6 lease history database. |
leasehist |
regional |
CNRDB |
DHCPv4 lease history database. |
The general approach to recovering a Cisco Prime IP Express installation is:
After you are certain that you executed a successful database recovery, always manually execute the cnr_shadow_backup utility to make a backup of the current configuration and state.
If there are any indications, such as server log messages or missing data, that database recovery was unsuccessful, you may need to base a recovery attempt on the current shadow backup (in the Cisco Prime IP Express installation tree). To do this:
Step 1 | Stop the Cisco PrimeIP Express server agent. | ||
Step 2 | Move the operational database files to a separate temporary location. | ||
Step 3 | Copy each
.../data/name .bak
directory to .../data/name ; for example, copy .../data/ccm.bak to .../data/ccm.
| ||
Step 4 | Rename the
files.
The CNRDB database maintains centrally managed configuration data that is synchronized with the server configuration databases. | ||
Step 5 | Create a new
data directory and then untar or recover the backed up directory.
We recommend that you run the DB directory and recovery tools to ensure that the databases are good.
| ||
Step 6 | Restart the
server agent.
After a successful database recovery, initiate an immediate backup and archive the files using the cnr_shadow_backup utility (see Performing Manual Backups). |
This section describes the procedure for recovering all Cisco Prime IP Express databases using tar or similar tools.
Step 1 | Shut down Cisco PrimeIP Express. | ||
Step 2 | Rename the
active data directory (such as mv data old-data).
| ||
Step 3 | Create a new
data directory and then untar or recover the backed up directory.
We recommend that you run the CNRDB directory and recovery tools to ensure that the databases are good. | ||
Step 4 | Start Cisco
PrimeIP Express.
|
This section describes the procedure for recovering single database using tar or similar tools.
Step 1 | Shut down Cisco PrimeIP Express. | ||
Step 2 | Rename the
active data directory (such as mv data old-data).
| ||
Step 3 | Create a new
data directory and then untar or recover only the files in that directory (and
its subdirectories) from the backup.
We recommend that you run the CNRDB integrity and recovery tools to ensure that the CNRDB are good. | ||
Step 4 | Repeat Step 2 to Step 3 for other DBs that have to be recovered. | ||
Step 5 | Start Cisco PrimeIP Express. |
If you have virus scanning enabled on your system, it is best to configure it to exclude certain Cisco Prime IP Express directories from being scanned. Including these directories might impede Cisco Prime IP Express operation. The ones you can exclude are the .../data, .../logs, and .../temp directories and their subdirectories.
The following sections describe troubleshooting the Cisco Prime IP Express databases.
Using the cnr_exim Data Import and Export Tool
Using the cnrdb_recover Utility
Using the cnrdb_verify Utility
The cnr_exim data import and export tool now supports the following for a user :
The cnr_exim tool also serves to export unprotected resource record information. However, cnr_exim simply overwrites existing data and does not try to resolve conflicts.
Note | You cannot use cnr_exim tool for import or export of data from one version of Cisco Prime IP Express to another. It can be used only for import or export of data from or to the same versions of Cisco Prime IP Express. |
Before using the cnr_exim tool, exit from the CLI, then find the tool on:
You must reload the server for the imported data to become active.
Note that text exports are for reading purposes only. You cannot reimport them.
The text export prompts for the username and password (the cluster defaults to the local cluster). The syntax is:
> cnr_exim –e exportfile [–N username –P password –C cluster]
To export (importable) raw data, use the –x option:
> cnr_exim –e exportfile –x
To export DNS server and zone components as binary data in raw format, use the –x and –c options:
> cnr_exim –e exportfile –x –c "dnsserver,zone"
The data import syntax is (the import file must be in raw format):
> cnr_exim –i importfile [–N username –P password –C cluster]
You can also overwrite existing data with the –o option:
> cnr_exim –i importfile –o
The following table describes all the qualifying options for the cnr_exim tool.
Option |
Description |
||
---|---|---|---|
–a value |
Allows exporting and importing of protected or unprotected RRs. Valid values are: protectedRR unprotectedRR On export or import, all RRs are exported by default, so you must use a value to export or import just the protected or unprotected RRs. |
||
–c "components" |
Imports or exports Cisco Prime IP Express components, as a quoted, comma-delimited string. Use –c help to view the supported components. User are not exported by default; you must explicitly export them using this option, and they are always grouped with their defined groups and roles. Secrets are never exported.
|
||
–C cluster |
Imports from or exports to the specified cluster. Preset to localhost. |
||
–e exportfile |
Exports the configuration to the specified file. |
||
–h |
Displays help text for the supported options. |
||
–i importfile |
Imports the configuration to the specified file. The import file must be in raw format. |
||
–N username |
Imports or exports using the specified username. |
||
–o |
When used with the –i (import) option, overwrites existing data. |
||
–p port |
Port used to connect to the SCP server. |
||
–P password |
Imports or exports using the specified password. |
||
–t exportfile |
Specifies a file name to export to, exports data in s-expression format. |
||
–v |
Displays version information |
||
–x |
When used with the –e (export) option, exports binary data in (importable) raw format. |
||
-d |
Specifies the directory path of cnr_exim log file. |
||
-b |
Specifies that the core (base) objects are to be included in the import/export. |
||
-w |
Specifies the view tag to export. This option allows the user to export zone and RRs data which has the same view tag as mentioned in “w” option. All other objects will not take this option into consideration and will be exported as earlier if it is used. |
The cnrdb_recover utility is useful in restoring the Cisco Prime IP Express databases to a consistent state after a system failure. You would typically use the –c and –v options with this command (The following table describes all of the qualifying options). The utility is located in the installation bin directory.
Option |
Description |
---|---|
–c |
Performs a catastrophic recovery instead of a normal recovery. It not only examines all the log files present, but also recreates the .ndb (or .db) file in the current or specified directory if the file is missing, or updates it if is present. |
–e |
Retains the environment after running recovery, rarely used unless there is a DB_CONFIG file in the home directory. |
–h dir |
Specifies a home directory for the database environment. By default, the current working directory is used. |
–t |
Recovers to the time specified rather than to the most current possible date. The time format is [[CC]YY]MMDDhhmm[.ss] (the brackets indicating optional entries, with the omitted year defaulting to the current year). |
–v |
Runs in verbose mode. |
–V |
Writes the library version number to the standard output, and exits. |
In the case of a catastrophic failure, restore a snapshot of all database files, along with all log files written since the snapshot. If not catastrophic, all you need are the system files at the time of failure. If any log files are missing, cnrdb_recover –c identifies the missing ones and fails, in which case you need to restore them and perform the recovery again.
Use of the catastrophic recovery option is highly recommended. In this way, the recovery utility plays back all the available database log files in sequential order. If, for some reason, there are missing log files, the recovery utility will report errors. For example, the following gap in the log files listed:
log.0000000001 log.0000000053
results in the following error that might require you to open a TAC case:
db_recover: Finding last valid log LSN:file:1 offset 2411756 db_recover: log_get: log.0000000002: No such file or directory db_recover: DBENV->open: No such for or directory
The cnrdb_verify utility is useful for verifying the structure of the Cisco Prime IP Express databases. The command requires a file parameter. Use this utility only if you are certain that there are no programs running that are modifying the file. The following table describes all its qualifying options. The utility is located in the installation bin directory. The syntax is described in the usage information when you run the command:
C:\Program Files\Cisco Prime IP Express\Local\bin>cnrdb_verify usage: db_verify [-NoqV] [-h dir] [-P password] file
Option |
Description |
---|---|
–h dir |
Specifies a home directory for the database environment. By default, the current working directory is used. |
–N |
Prevents acquiring shared region locks while running, intended for debugging errors only, and should not be used under any other circumstances. |
–o |
Ignores database sort or hash ordering and allows cnrdb_verify to be used on nondefault comparison or hashing configurations. |
–P password |
User password, if the file is protected. |
–q |
Suppresses printing any error descriptions other than exit success or failure. |
–V |
Writes the library version number to the standard output, and exits. |
The cnrdb_checkpoint utility is useful in setting a checkpoint for the database files so as to keep them current. The utility is located in the installation bin directory. The syntax is described in the usage information when you run the command:
C:\Program Files\Cisco Prime IP Express\Local\bin>cnrdb_checkpoint ?usage: db_checkpoint [-1Vv] [-h home] [-k kbytes] [-L file] [-P password][-p min
The cnrdb_util utility is useful for dumping and loading CNRDB databases. In addition, you can use this utility to shadow backup and recover the CNRDB database, as well as to clear the log files.
The utility is located on the following directory:
Window — (installation directory)\bin\cnrdb_util.bat
Linux — (installation directory)/userbin/cnrdb_util
The cnrdb_util utility runs in two modes.
The syntax is described in the usage information when you run the command:
nrcmd> cnrdb_util –h
The following tables describe all of the qualifying operations and options.
Operation |
Description |
---|---|
-d |
Dumps one or all CNRDB databases. |
-l |
Loads one or all CNRDB databases. |
-b |
Creates shadow backup of all CNRDB databases. |
-r |
Recovers one or all CNRDB databases from shadow backup. |
-c |
Cleans-up sleepycat log files in one or all CNRDB databases. |
-h |
Displays help text for the supported options. |
Option |
Description |
---|---|
-m { local | regional } |
Specifies the CNRDB installation mode. If not specified, this utility gets this information from cnr.conf file. If this file is not found, local mode is used by default. |
-prog path |
Specifies the path to dump, load, or shadow backup executable. If not specified, this utility derives the path based on CNRDB installation path. This option is not applicable for '-r' operation. |
-db db-path |
Specifies the path to databases to dump, load, or recover (includes subdirectories). If not specified, this utility derives the path based on CNRDB installation path. For backup operation, CNRDB installation path is used. This option is not applicable for '-b' operation. |
-n { ccm | dhcp | dns | mcd | leasehist | replica | subnetutil | all } |
Specifies the name of the database to dump, load, or recover. If not specified, specific operation is performed on all databases present in the database path. Backup operation must not be performed on specific database, hence this option is not applicable for '-b' operation. |
-s |
Specifies that this utility needs to stop CNRDB Server Agent, if it is running, before performing any operations. |
-out
path |
Specifies the destination path for output database files. If not specified, this utility stores the output database files at the original database location. This option is not applicable for '-b' and '-c' operations. |
The dump operation ensures the following:
You can restore DHCP data from a failover server that is more current than the result of a shadow backup. Be sure that the failover partner configurations are synchronized, then, on the failover partner:
SET PATH=%PATH%;.;C:\PROGRA~1\NETWOR~1\LOCAL\BIN
net stop "IPExpress Local Server Agent"
del C:\IPExpress\Local\data\dhcpeventstore\*.* del C:\IPExpress\Local\data\dhcp\ndb\dhcp.ndb del C:\IPExpress\Local\data\dhcp\ndb\logs\*.*
net start "IPExpress Local Server Agent"