In Oracle Cloud, going down the rabbit hole – Part 1 of this series we created our cloud account, in this second part we will create our DBaaS guest.
But before we can actually create our guest, we first need to do some ground work.
When you create your DBaaS guest, you can choose to have your backups on the guest itself, in the cloud, both local and in the cloud or to have no backups at all.
For the backups in the cloud, a storage container is created which will be made available to your guest via the rman storage management layer (sbt_tape).
But before you can create a storage container, you must choose a storage replication policy for your cloud account.
It is this policy that will determine the location of your storage container and if, and to which, location it is replicated.
This policy cannot be changed afterwards, although you can set a deviating policy on a container via the rest api, so choose wisely.
Note: Even before I had the chance to publish this post, Oracle has changed how the replication policy works.
Accounts created after March 2018 will have a replication setting of “any”, which allows the replication to be directly set at storage container level.
The list of replication policies can be found here.
For this setup, I’m using the eucom-north-1 policy, which places the storage container in the Amsterdam data center and which will not replicate the data to another location.
Login to your cloud account and click on the hamburger menu in the top left (next to Oracle), to open the navigation menu.
Expand the “services” part and click on “Storage Classic”.
This will automatically open a dialog window in which you have to specify the georeplication policy before you can continue.
Select the policy on which you have decided and click on “Set Policy”.
At this moment, we will not create a container. This will be done during the DBaaS guest creation.
I want the backups to use a separate dedicated account to access the storage container.
For this, I need to create a new user.
On the dashboard, click on “Users” in the navigation menu.
This will take you to the “user management” screen, which for some reason did not show a “add user option”.
(this seems to be a glitch in the dashboard, sometimes an “add” button is shown next to the tile / list options)
But you can click on “identity console” in the top right of the screen.
On which you do have an “add” option.
Fill in the details for the backup user. I opted to have the username to be different from the email address at this allows me to use the same email address as my own username.
Click on “Finish” to create the user.
The “interesting” thing here is that you can’t assign roles to this user from this screen and the “users” and dashboard option in the menu will take you to different screens than the users / dashboard links we used before.
You need to first click on the “My Services” option in the “Navigation Drawer”.
Which will take you to the “Dashboard” that we know.
From here click on users (either in the navigation menu or in the top^menu bar.
Click on the “backup usr” tile and select the “Roles” tab on the next page.
In the search field, enter “Storage Classic”.
Add “Storage_Administrator” and “Storage_ReadWriteGroup” in the roles box beneath “Storage Classic”.
In the mean time, you should have received an email to activate our backup user.
Click on the url in the mail to do so and set a password.
This finishes the creation of our backup user.
As I want to be able to communicate between IaaS and DBaaS guests, I’m going to setup a private subnet.
I just need a very small number of guests, so I’m going to use a /29 network.
To create this private subnet, we need to go to “Compute Classic”.
Normally this should be an option under “Services” in the “Navigation Menu”. But I noticed that it was often not shown there (Note that “Compute” is not the same as “Compute Classic”).
To work around this, you need to customize the dashboard and set the option for “Compute Classic” to “Show” instead of “Automatic”.
This will show a tile for “Compute Classic” in the dashboard and, as it seems, also the option in the navigation menu.
In the newly added tile, click on the hamburger menu and choose “Open Service Console”.
Go to the “Network” tab and select “IP Networks” in the left menu.
Click on the “Create IP Network” button.
Enter the details for our private subnet.
An ip exchange can be used to let multiple ip networks (different subnets) to communicate with each other.
We don’t need this for our setup, so just leave it blank.
In this chapter, we configured the storage georeplication policy, created a new dedicated user for the database backups and created a private subnet.
In Part 3 we will create the DBaaS guest and configure the network access to it.