OCI Database Management 설정 방법

Junchol Park
Principal Technology Cloud Architect
Oracle Digital Prime Tech SE Team
2021.11
Database Management 설정 방법

Database Management Overview
• Basic Management : 무료
• Basic 모니터링 메트릭
• CDB Performance Hub의 ASH 분석과 SQL Monitoring
• Full Management : 유료
• + Basic Management
• Advanced Performance Hub(ADDM, Blocking Sessions)
• SQL Job
• Tablespace monitoring
• (Plan) PDB 모니터링

Database Management Overview
• Basic Management : 무료
• 14 basic monitoring metrics such as CpuUtilization, StorageAllocated, and UserCalls.
These metrics are displayed in the Oracle Cloud Infrastructure Monitoring service and on the Database Details
page of the database after Database Management is enabled.
• ASH Analytics and SQL Monitoring features in Performance Hub for CDBs.
Note that these features are currently not available for PDBs.
• Full Management : $0.04 OCPU Per Hour (월 환산시 1 OCPU당 $29.76)
• Features available as part of Basic Management.
• Monitoring and management capabilities for your fleet of databases.
Note that these capabilities are currently not available for PDBs.
• SKU features, which include advanced Performance Hub features such as Automatic Database Diagnostic
Monitor (ADDM) and Blocking Sessions and other features such as SQL Jobs and Tablespace monitoring.
• For the Oracle Database Standard Edition, it does not include Performance Hub features.
• Manamgent Agent : External Database 경우 설치 필요하고 DBCS는 필요치 않음

설정 방법
Confidential – © 2019 Oracle Internal/Restricted/Highly Restricted
4

단계 1) DBCS에 모니터링 계정 활성화
• DBCS CDB로 접속하여 ‘dbsnmp’ 계정 활성화
SQL > alter user dbsnmp account unlock;
# 패스워드는 FIPS 정책에 따라 14자리 이상, 대/소문자/숫자/특수문자 혼용
SQL > alter user dbsnmp identified by <password>;
# Performance Hub와 AWR Explorer 를 위해 권한 부여
SQL > GRANT CREATE PROCEDURE to dbsnmp;
SQL > GRANT SELECT ANY DICTIONARY, SELECT_CATALOG_ROLE to dbsnmp;
SQL > GRANT ALTER SYSTEM to dbsnmp;
SQL > GRANT ADVISOR to dbsnmp;
SQL > GRANT EXECUTE ON DBMS_WORKLOAD_REPOSITORY to dbsnmp;

단계 2) DB패스워드에 대해 Vault Secret 생성
* DB User 패스워드 보안을 위해 Secret Key를 이용

단계 3) Private Endpoint 생성
• Database Tools의 Private Endpoint와는 별개임
• Public Subnet으로 선택하여도 Public IP를 받지 못 하므로, DB와 동일한 Subnet으로 생성하는 것을 권장
• https://docs.oracle.com/en-us/iaas/database-management/doc/perform-database-management-prerequisite-tasks.html

단계 3) Private Endpoint 생성
• RAC DB 경우는 RAC 옵션을 체크해야 함
• 촤측은 DB와 동일한 Subnet을 설정한 사례임
• Private Endpoint에 Private IP가 할당됨

단계 4) 방화벽 오픈
• Private Endpoint → DB 로 접근이 가능하도록 방화벽 오픈

단계 5) DB Management를 위한 Policy 등록
# DB Mng가 Vault Secret를 읽기 위한 권한
Allow service dpd to read secret-family
in compartment <Vault Location>
where target.vault.id = ‘<Vault OCID>’

단계 6) DB Managment 활성화

모니터링 화면(Basic)
12

DBCS에서 Metric 조회 가능(Basic / Full 모두 동일)

Monitoring에서 Metric 조회 가능(Basic / Full 모두 동일)

무료인 Basic 옵션 경우, Fleet Summary 보여지지 않음

무료인 Basic 옵션 경우, 추가적인 상세 모니터링 불가능

모니터링 화면(Full)
17

Full 옵션 경우, Fleet Summary 보여짐. 단 현재는 CDB 관련 사항만 보여짐

Full 옵션 경우, 추가적인 상세 모니터링이 가능

JOB 실행(Full 옵션만 가능)
31

Policy 등록
# DB내 Agent의 Dynamic Group 생성
ALL {resource.type=‘managementagent’, resource.compartment.id=‘{DBCS Compartment OCID}’}
# Bucket 읽기 권한
Allow dynamic-group Management-Agents-Group to read buckets in compartment ABC
where request.principal.type = 'managementagent'
# Object 생성 및 확인 권한
Allow dynamic-group Management-Agents-Group to manage objects in compartment ABC
where all {request.principal.type = 'managementagent',
any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT'}}
# DB Managment의 scheduled job의 결과를 Object Storage에 저장하기 위한 권한
Allow service dpd to manage objects in compartment ABC
https://docs.oracle.com/en-us/iaas/database-management/doc/permissions-required-database-management.html
* scheduled job의 결과를 Object Storage에 저장하기 위해 필요한 권한

OCI Database Management 설정 방법

OCI Database Management 설정 방법

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to OCI Database Management 설정 방법

Similar to OCI Database Management 설정 방법 (20)

OCI Database Management 설정 방법