oracle cloud workshop: database cloud service
TRANSCRIPT
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
CINTRAThe Cloud Architects
Presenter:Kyle SmithVP, Client Services - TOLACintra
Oracle Cloud Workshop:Database Cloud Service
WELCOME• Please use the following Wifi Credentials:
– Network: clear-guest
• Open Browser once connected to authenticate– User name: guest– Password: Uxh7GtEJ
2
Before we get Started:
1. Download the zipfile: https://github.com/mpaddocktx/Cintra-Cloud-Workshop/archive/master.zip
- Putty- Keys- Cloudberry- Notes
Oracle Cloud – Getting Started @ http://cloud.oracle.com
Oracle Cloud – Getting StartedOption 1: Sign in directly to the Cloud Services Dashboard using Identity Domain
Option 2: Sign in using Oracle Account ID to view Cloud Account Dashboard
Oracle Cloud – Signing Into Cloud Services Dashboard
Enter your IdentityDomain, provided to you by Oracle
Oracle Cloud – Signing Into Cloud Services Dashboard
Sign-in using username and the password provided to you by Oracle
Oracle Cloud – Cloud Services Dashboard
• The Compute Cloud Services Console is where you can view instances and storage used across a single domain
• If account has Raw Compute enabled, users can provision new compute instances and provision storage directly from this page
• The Compute Cloud Services Console is where you can access Network configurations
Oracle Cloud – Compute Cloud Services Detail
• The Java Cloud Services (JCS) Console is where you can provision and administer deployed Weblogic instances, either as stand-alone services or clustered with a load balancer.
• To deploy a JCS instance, you must first meet all of the perquisites, including a provisioned DBaaS instance.
Oracle Cloud – Java Cloud Services Detail
• The Database Cloud Services (DCS) Console is where you can provision and administer deployed database instances
Oracle Cloud – Database Cloud Services Detail
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
DBaaS Provisioning Pre-Requisites• Creating storage containers (optional)• Preparing for network access
1) Go to Dashboard and set replication policy (chicago for mine)
2) Open Terminal and execute curl to get auth tokencurl -v -X GET \
-H "X-Storage-User: Storage-cintraisv:[email protected]" \-H 'X-Storage-Pass: ps226Worm!' \https://cintraisv.storage.oraclecloud.com/auth/v1.0
RESULTS:< X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9< X-Storage-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9< X-Storage-Url: https://storage.us2.oraclecloud.com/v1/Storage-cintraisv
Storage Configuration – Creating a Container using Curl
3) Create first container
curl -v -X PUT \
-H "X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9" \
https://storage.us2.oraclecloud.com/v1/Storage-cintraisv/CW-DEC-18-CONT-01
Storage Configuration – Creating a Container using Curl
4) List containers available
curl -v -X GET \
-H "X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9" \
https://storage.us2.oraclecloud.com/v1/Storage-cintraisv?limit=5
Storage Configuration – Creating a Container using Curl
• Download Cloudberry File Explorer for Openstack: www.cloudberrylab.com/download-thanks.aspx?prod=cbosfree
• If on Mac: use cyberduck
Storage Configuration – Creating a Container in Cloudberry
Storage Configuration – Creating a Container in Cloudberry
Display name = Service Nickname
User name = Storage-<identity-domain>:[email protected]
Password = Cloud Services Password
Storage Configuration – Creating a Container in Cloudberry
• Network Access to compute nodes of the service instance is provided through SSH on port 22
• In order to authenticate to the compute node through SSH, you will need to create a public/private key pair and upload the public key during the creation of the service instance
• Additional access to the compute nodes can either be achieved by opening additional network ports on the node
ORby creating an SSH tunnel to a compute node port
Network Access
Generating an SSH Public/Private Key PairTo generate an SSH key pair on Windows using the PuTTYgenprogram:
1. Run the PuTTYgen program.
2. Set the Type of key to generate option to SSH-2 RSA.
3. In the Number of bits in a generated key box, enter 2048.
4. Click Generate to generate a public/private key pair. (As the key is being generated, move the mouse around the blank area.)
5. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
6. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key)
Generating an SSH Public/Private Key Pair1. Select all of the characters in the Public key for pasting into
OpenSSH authorized_keys file box.
2. Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.
3. Right click somewhere in the selected text and select Copy from the menu.
4. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
5. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Provisioning your first DBaaS Instance
Database Cloud Service – Provisioning an Instance
DCS –Provisioning an Instance
DCS – Provisioning OptionsOracle Database Cloud Service
Oracle Database Cloud Service - Virtual Image
Oracle Database and supporting software on the service instance
Pre-Installed and Configured
Included, but must be installed manually
(DBCA)
Tooling for automated maintenance operations
Pre-Installed and Configured Manual install
Root Access Yes Yes
Oracle DB Admin Privileges Full Full
Cloud Tooling for Database Cloud Service
• Simple Automated Backups: use the bkup_api utility (raccli on service instances that use Oracle Real Application Clusters) to perform on-demand backups and to change how automatic backups are configured.
• Simple Automated Recovery: use the orecsubcommand of the dbaascli utility (raccli on service instances that use Oracle Real Application Clusters) to restore from backups.
• Simple Automated Patching: use the dbpatchm subcommand of the dbaascliutility (raccli on service instances that use Oracle Real Application Clusters) to apply patches.
• New DBaaS Monitor: use the Oracle DBaaSMonitor web application to monitor the Oracle database and the Oracle GlassFishServer domain on the service instance.
Billing Frequency – Cannot be changed after service creation
• Hourly: Pay only for the number of hours used during your billing period.
• Monthly: Pay one price for the full month irrespective of the number of hours used.
DCS –Provisioning an Instance
DCS –Provisioning an Instance
Standard Edition:• Oracle Database Standard Edition includes all the facilities necessary to build business-
critical applications. This edition is only available for Oracle Database 11g Release 2.
Enterprise Edition• Provides the performance, availability, scalability, and security required for mission-
critical applications such as high-volume online transaction processing (OLTP) applications, query-intensive data warehouses, and demanding Internet applications. Enterprise Edition contains all the components of Oracle Database.
Enterprise Edition - High Performance• Provides all the features of Enterprise Edition, plus all the database enterprise
management packs and all the Enterprise Edition options except:• Active Data Guard | In-Memory Database | Oracle RAC One Node | Real Application
Clusters (Oracle RAC)
Enterprise Edition - Extreme Performance• Provides all the features of Enterprise Edition, plus all the database enterprise
management packs and all the Enterprise Edition options except:• Oracle RAC One Node
DCS –Provisioning Options: Software Edition
DCS –Provisioning an Instance
DCS –Provisioning an Instance
DCS –Provisioning an Instance
DCS –Provisioning an Instance
DCS –Provisioning an Instance
DCS –Provisioning an Instance
DCS –Provisioning an Instance
Testing SSH ConnectivityTesting Connectivity with Putty
1. Load Private Key 2. Enter IP & Type in 3. Open Sessionunder “Auth” Session Name to Save
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Further Network Configuration• Enable access to compute port• Creating an SSH Tunnel• Define custom host/ domain name for DBaaS• Network Encryption and Integrity
Network Access via Cloud Security Rules (Default)
Network Access via Security Application
Restricting Port Access to Specific IPs
Configure SSH connectivity:
1. In Host Name (or IP address) box, enter the IP address of the target compute node.
2. Confirm that the Connection type option is set to SSH.
3. In the Category tree, expand Connection if necessary and then click Data.
4. In Auto-login username box, enter oracle.
5. Confirm that the when username is not specified, option is set to Prompt.
6. In the Category tree, expand SSH and then click Auth.
7. Click the Browse button next to the Private key file for authentication box. Then, in the Select private key file window, navigate to and open the private key file that matches the public key used when the service instance was created.
Add a forwarded port:
1. In the Category tree, click Tunnels.
1. In the Source Port box, enter the number of an available port on your system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system.
2. In the Destination box, enter the IP address of the target compute node, a colon, and the port number to which you want to create a tunnel; for example, 192.0.2.100:1521.
3. Confirm that the Local and Auto options are set.
4. Click Add to add the forwarded port.
1. The new forwarded port appears in the Forwarded ports list.
2. In the Category tree, click Session.
3. In the Saved Sessions box, enter a name for this connection configuration. Then, click Save.
4. Click Open to open the connection.
1. The PuTTY Configuration window is closed and the PuTTY window is displayed.
NOTE: If this is the first time you are connecting to the target compute node, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.
*** After the SSH tunnel is created, you can access the port on the target compute node by specifying localhost:local-port on your system, where local-port is the source port you specified
when creating the tunnel. ***
Network Access via SSH Tunnel with Putty
Network Access via SSH Tunnel with Putty
Network Access via SSH Tunnel with LinuxRun the ssh utility:
$ ssh -i private-key-file -L local-port:target-ip-address:target-portlocalhostnamewhere:
private-key-file is the path to the SSH private key file.local-port is the number of an available port on your Linux system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system. As a good practice, and for the sake of simplicity, you should specify the same port number as the one to which you are creating a tunnel.target-ip-address is the IP address of the target compute node in x.x.x.x format.target-port is the port number to which you want to create a tunnel.local-hostname is the host name of your Linux system.
Defining a Custom Host Name or Domain Name for Database as a ServiceYou can associate a custom host name or domain name to the public IP address of a compute node associated with an Oracle Database Cloud - Database as a Service instance. To associate a custom host name to the public IP address of a compute node, contact the administrator of your DNS (Domain Name Service) and request a custom DNS record for the compute node’s public IP address.
For example, if your domain is example.com and you wanted to use clouddb1 as the custom host name for a compute node, you would request a DNS record that associates clouddb1.example.com to your compute node's public IP address. To associate a custom domainname to the public IP address of a compute node:
1. Register your domain name through a third-party domain registration vendor, such as Register.com, Namecheap, and so on. For example, example.com.
2. Resolve your domain name to the IP address of the Database as a Service compute node, using the third-party domain registration vendor console. For more information, refer to the third-party domain registration documentation.
Verifying use of Native Encryption & IntegrityYou can verify the use of native Oracle Net encryption and integrity by connecting to your Oracle database and examining the network service banner entries associated with each connection. This information is contained in the NETWORK_SERVICE_BANNER column of the V$SESSION_CONNECT_INFO view. The following example shows the SQL command used to display the network service banner entries associated with current connection:
SQL> select network_service_banner from v$session_connect_infowhere sid in (select distinct sid from v$mystat);
NOTE:
The following example output shows banner information for the available encryption service and the crypto-checksumming (integrity) service, including the algorithms in use:
NETWORK_SERVICE_BANNER ------------------------------------------------------------------------------------TCP/IP NT Protocol Adapter for Linux: Version 12.1.0.2.0 -Production Encryption service for Linux: Version 12.1.0.2.0 - Production AES256 Encryption service adapter for Linux: Version 12.1.0.2.0 - Production Crypto-checksumming service for Linux: Version 12.1.0.2.0 - Production SHA1 Crypto-checksumming service adapter for Linux: Version 12.1.0.2.0 -Production
Checking your Oracle Net Client ConfigurationThe following procedure outlines the basic steps required to confirm that native encryption and integrity are enabled in your Oracle Net client configuration.
1. In a command shell, connect to the Oracle Net client.
2. Change directories to the location of the Oracle Net configuration files tnsnames.ora and sqlnet.ora, for example:
$ cd $ORACLE_HOME/network/admin $ ls *.ora sqlnet.ora tnsnames.ora
3. View the sqlnet.ora file and confirm that it does not contain the following parameter settings:
SQLNET.ENCRYPTION_CLIENT = rejected SQLNET.CRYPTO_CHECKSUM_CLIENT = rejected
The rejected setting explicitly disables the encryption or integrity service, even if the server requires it. When a client with an encryption or integrity service setting of rejected connects to a server with the required setting, the connection fails with the following error: ORA-12660: Encryption or crypto-checksumming parameters incompatible. Because native Oracle Net encryption and integrity are enabled in your Database as a Service environment by default, any parameter setting other than rejected, or no setting at all, would result in the use of native encryption and integrity.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
DBaaS Lifecycle ManagementDBaaS Instance StatesScaling DBaaS InstanceAttaching “Temporary” StorageCreating an On-Demand BackupMaintaining Manageability of your DBaaS InstanceDeleting DBaaS InstancesTracking Database InstancesDatabase Migration Scenario Overview
DBaaS Instance States
Instance Scaling: Compute
Instance Scaling: Storage
Attaching Temporary Storage
Creating an On-Demand BackupTo create an on-demand backup:• Connect to the compute node as the opc user.• Start a root-user command shell:
$ sudo -s
You can choose to have the backup follow the current retention policy, or you can choose to create a long-term backup that persists until you delete it:
– To create a backup that follows the current retention policy, enter the following bkup_api command:
# /var/opt/oracle/bkup_api/bkup_api bkup_start
– To create a long-term backup, enter the following bkup_api command:
# /var/opt/oracle/bkup_api/bkup_api bkup_start –keep
• Exit the root-user command shell:# exit
By default, the backup is given a timestamp-based tag. – To specify a custom backup tag, add the --tag option to the bkup_api command; for example, to create a long-term backup with the tag "monthly", enter the following
command:
# /var/opt/oracle/bkup_api/bkup_api bkup_start --keep --tag=monthly
After you enter a bkup_api bkup_start command, the bkup_api utility starts the backup process, which runs in the background.
• To check the progress of the backup process, enter the following bkup_api command:
# /var/opt/oracle/bkup_api/bkup_api bkup_status
Maintaining the Manageability of Your DBaaS InstanceThe following best practices will ensure that your Oracle Database Cloud - Database as a Service instances stay manageable.
– Do not disable or close access to the SSH port (port 22).You can open other ports and protocols.
– Do not detach, change file access permissions for, or change the mount point of any storage volume attached to a compute nodeduring the creation of your Database as a Service instance. In particular, do not unmount or change the file access permissions of /u01 through /u05.
– Do not change compute node OS users and SSH key settings that were configured during the creation of your Database as a Service instance.
– Apply only patches that are available through the Database as a Service.Do not apply patches from any other source unless directed to by Oracle Support.
– Apply the quarterly Patch Set Updates (PSUs) regularly, every quarter if possible.
– Do not change the ports for the Oracle Cloud DBaaS Monitor, Oracle Application Express, Oracle GlassFish Server Administration Console, Oracle Net Listener, Enterprise Manager Database Express 12c, or Enterprise Manager 11g Database Control.
• Migration Scenarios– From 11g to 11g DBaaS Instance– From 11g to 12c DBaaS Instance– From 12c CDB to 12c DBaaS Instance– From 12c non-CDB to 12c DBaaS
Instance
• Approved Methods– Data Pump – Export Import– Data Pump – Full Transportable– Data Pump – Transportable Tablespaces– Remote Cloning– Remote Cloning (Non-CDB)– RMAN Cross-Platform Transportable PDB– RMAN Cross-Platform Transportable
Tablespace Backup– RMAN Cross-Platform Transportable
Tablespace with Data Pump– RMAN Convert Transportable Tablespace with
Data Pump– SQL Developer
• INSERT Statements for Selected Object Migration• SQL*Loader to Migrate Selected Objects
Database Migration Options
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Migrating a Pluggable Database
Pluggable Database Migration1. SSH to database server and download the PDB datafiles while on the server command line.
wget https://www.dropbox.com/s/12jd18cpnpxoos8/pdb1.zip?dl=0
2. Unzip the datafiles into an empty directory –e.g. : /u02/app/oracle/oradata/ORCL/TEST/datafile
3. Move the orcl.xml file into the $ORACLE_HOME/dbs
Pluggable Database Migration4. Check compatibility in the source database:
SET SERVEROUTPUT ONDECLAREcompatible CONSTANT VARCHAR2(3) :=CASE DBMS_PDB.CHECK_PLUG_COMPATIBILITY(
pdb_descr_file => '/u01/app/oracle/product/12.1.0/dbhome_1/dbs/orcl.xml',
pdb_name => ‘pdb1')WHEN TRUE THEN 'YES'ELSE 'NO'
END;BEGINDBMS_OUTPUT.PUT_LINE(compatible);
END;/
Pluggable Database Migration
5. Plug the database in:
CREATE PLUGGABLE DATABASE orcl USING '/u01/app/oracle/product/12.1.0/dbhome_1/dbs/orcl.xml'create_file_dest='/u02/app/oracle/oradata/ORCL/TEST'source_file_name_convert=('/u02/app/oracle/oradata/ORCL/34A31D2002E41E89E053DE4EC40A8291','/u02/app/oracle/oradata/ORCL/TEST')NOCOPYTEMPFILE REUSE;
6. Open the pluggable database:alter pluggable database test open;
Pluggable Database Migration
7. Change the wallet from auto-login to password type.a. Find the SSO file location using:
select * from v$encryption_wallet;b. Remove the file cwallet.sso from the location above.c. Close the wallet using:
administer key management set keystore close;d. Re-open the wallet using:
administer key management set keystore open identified by "Welcome1#";e. Verify that the wallet type is now "PASSWORD" using:
select * from v$encryption_wallet;
Pluggable Database Migration
8. Import the included encryption key into the PDB:ALTER SESSION SET CONTAINER=TEST;ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "Welcome1#"; ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "Welcome1#" FROM '/u01/app/oracle/admin/ORCL/tde_wallet/pdb1.exp' IDENTIFIED BY "Welcome1#" WITH BACKUP;
9. Check the status of the PDBselect pdb_name, status from CDB_PDBS; select name, open_mode from V$PDBS;
Pluggable Database Inclusion
After logging in, select the CDB hyperlink on the far right side of the main page.
You will see the PDB listed in the Containers section of this page.
Pluggable Database Inclusion
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
DBaaS Tooling
• EM DB Express = ip:5500/em– username:SYS
• DBaaS Monitory = ip/dbaas_monitor– username: dbaas_mointor
• Glassfish = ip:4848– username:admin
• APEX = ip/ords/PDBNAME – workspace = internal – username = admin
• PDB Self-Service = ip/ords/f?p=600– username:admin
DBaaS Tooling Reference
***All use common instance password***
DBaaS MonitorOracle DBaaS Monitor provides monitoring and management of the Oracle Database RDBMS and listener on an Oracle Database Cloud -Database as a Service instance. DBaaS Monitor provides quick and easy access to a variety of information about the database instance running on a service instance:
• Overall, how much storage is allocated to tablespaces, and how much of that storage is used• For each tablespace: how much storage is allocated and how much of that storage is used, with additional drill-down capabilities to view
segments• A real-time graph showing wait events across several selectable categories• The alert log, with log searching capabilities• A list of open user sessions, with drill-down capabilities to view session details such as the last SQL statement, explain plan, waits,
contention, etc• A list of initialization parameters, with the ability to change parameter values, both in memory and in the SPFILE.• Indication of whether certain database options are enabled• Monitoring of current and past SQL Developer PDB uploads You can use DBaaS Monitor to view information about the service instance
virtual machine:• CPU utilization information in an interactive table format, with automatic refresh intervals• OS process information, with filtering and automatic refresh capabilities DBaaS Monitor also provides the following management
capabilities:• Start up and shut down the database instance• Start and stop the listener• Access the GlassFish Administration Console
Pluggable Database Self-Service Provisioning Application• The Oracle Pluggable Database Self-Service Provisioning application provides an interface to Oracle Database 12c
Multitenant option and allows for the provisioning of Pluggable Databases (PDBs). You can perform PDB operations including create, clone, open/close, plug/unplug, and drop. Additionally, you can grant others access to the application, giving them rights to create and manage their own PDBs within the quota limits you set.
*** Important Step for using Application: Set Email
1. Log into the Pluggable Database Self-Service Provisioning application. For instructions, see Accessing the Pluggable Database Self-Service Provisioning Application.
2. Click the Administration link. The Self-Service Administration page displays.
3. Locate and click the Self-Service System Configuration item. The Self-Service System Configuration page displays.
4. Locate the row labeled Emails From and click the edit icon in the row. The Update Self-Service System Setting page displays, providing a box where you can enter a value for the Emails From setting.
5. In the box, enter the local email address of the oracle user:
where instance is the name of the service instance and domain is the name of the service domain.
6. Click Save Changes. Your change is saved and the Self-Service System Configuration page displays, showing the changed value.
And That’s All Folks!
Cloud Service Pillars Cloud
Advisory Services
Cloud Design Services
Cloud Provisioning and Migration
Cloud Integration and Security
Cloud Enterprise Services
Cloud Managed Services
Cloud Solutions Cloud
Development Operations(DevOps)
Hybrid Cloud Data Management
Digital TransformationIoT - Big Data
IT as a Service Modernization
Cloud Applications SaaS Enablement
Cloud Managed Services
Oracle Partner Profile
Credentials
Global Platinum Partner
Managed Strategic Partner
12 Specializations
History
Established Since 1996
Oracle Partner in US since 1996
Oracle partner in UK since 2005
Awards
Global Database Partner of Year
Titan Award Winner for Clustering
Specialized Partner of the Year
Services
Architecture Services
Install and Upgrade Services
Migration Services
Managed Services
Skills
Database Data Integration
Engineered Systems
EBS Applications Services
USP
Architecture Solutions
Blueprinted Services
Proactive Support
73
Cintra’s cloud services & key offerings:
• Cintra Cloud Provisioning, Build, and Migration Services • Cloud provisioning & configuration • Migration for Oracle Apps to IaaS• Zero Down-Time Migrations to Cloud for Oracle Database• Migration to PaaS• VM to Cloud Lift and Shift• Dev/Test in the Cloud
• Cintra Cloud Design Services • Platform Architecture Design• Migration Design for Oracle Applications on PaaS• Service Catalog Design• DevOps Design• Operations Management Design
• Cintra Cloud Advisory Services • Cloud Strategy for Oracle Deployments• Application Readiness Assessments for Cloud• Cloud Architecture Health Check• Cloud Security Health Check• Cloud ROI Architecture Scorecard
74
How to get in contact with us to engage further:
Will Dexter | UK Sales DirectorMobile: +44 (0) 7825236598Email: [email protected]