1. Introduzione
A volte, i carichi di lavoro non possono essere trasferiti da un database Oracle ad AlloyDB per vari motivi. In questi casi, se vogliamo rendere disponibili i dati in AlloyDB per la generazione di report o l'ulteriore elaborazione, possiamo utilizzare Oracle FDW (Foreign Data Wrapper). Oracle FDW consente di eseguire query sui dati di un database Oracle remoto e presenta i dati remoti tramite viste, facendoli apparire come se si trovassero all'interno di AlloyDB.
In questo codelab imparerai a utilizzare Oracle FDW per connettere il tuo database AlloyDB a un database Oracle di cui è stato eseguito il deployment in una rete separata utilizzando il servizio VPN.
Il diagramma precedente mostra il cluster AlloyDB e l'istanza GCE instance-1 a sinistra di cui è stato eseguito il deployment in un VPC con rete default e l'istanza GCE ora-xe-01 di cui è stato eseguito il deployment in un altro VPC con il nome di rete $PROJECT_ID-vpc-02. Il primo e il secondo VPC sono connessi tramite Cloud VPN con route stabiliti che consentono alle istanze Oracle e AlloyDB di comunicare tra loro.
Da AlloyDB a Oracle tramite VPN Da AlloyDB a Oracle tramite VPN
Puoi trovare maggiori informazioni sull'estensione Oracle FDW qui.
Prerequisiti
- Una conoscenza di base di Google Cloud Console
- Competenze di base nell'interfaccia a riga di comando e in Google Shell
- Conoscenza di base dei database PostgreSQL e Oracle
Cosa imparerai a fare
- Come eseguire il deployment del cluster AlloyDB
- Come connettersi ad AlloyDB
- Come configurare ed eseguire il deployment di un database Oracle di esempio
- Come configurare la VPN tra due reti VPC
- Come configurare l'estensione Oracle FDW
Che cosa ti serve
- Un account Google Cloud e un progetto Google Cloud
- Un browser web come Chrome
2. Configurazione e requisiti
Configurazione dell'ambiente autonomo
- Accedi alla console Google Cloud e crea un nuovo progetto o riutilizzane uno esistente. Se non hai ancora un account Gmail o Google Workspace, devi crearne uno.
- Il nome del progetto è il nome visualizzato per i partecipanti a questo progetto. È una stringa di caratteri non utilizzata dalle API di Google. Puoi sempre aggiornarlo.
- L'ID progetto è univoco in tutti i progetti Google Cloud ed è immutabile (non può essere modificato dopo l'impostazione). La console Cloud genera automaticamente una stringa univoca, di solito non ti interessa di cosa si tratta. Nella maggior parte dei codelab, dovrai fare riferimento all'ID progetto (in genere identificato come
PROJECT_ID). Se l'ID generato non ti piace, puoi generarne un altro casuale. In alternativa, puoi provare a crearne uno e vedere se è disponibile. Non può essere modificato dopo questo passaggio e rimane per tutta la durata del progetto. - Per tua informazione, esiste un terzo valore, un numero di progetto, utilizzato da alcune API. Scopri di più su tutti e tre questi valori nella documentazione.
- Successivamente, devi abilitare la fatturazione in Cloud Console per utilizzare le risorse/API Cloud. Completare questo codelab non costa molto, se non nulla. Per arrestare le risorse ed evitare addebiti oltre a quelli previsti in questo tutorial, puoi eliminare le risorse che hai creato o il progetto. I nuovi utenti di Google Cloud possono beneficiare del programma prova senza costi di 300$.
Avvia Cloud Shell
Sebbene Google Cloud possa essere gestito da remoto dal tuo laptop, in questo codelab utilizzerai Google Cloud Shell, un ambiente a riga di comando in esecuzione nel cloud.
Nella console Google Cloud, fai clic sull'icona di Cloud Shell nella barra degli strumenti in alto a destra:
Bastano pochi istanti per eseguire il provisioning e connettersi all'ambiente. Al termine, dovresti vedere un risultato simile a questo:
Questa macchina virtuale è caricata con tutti gli strumenti per sviluppatori di cui avrai bisogno. Offre una home directory permanente da 5 GB e viene eseguita su Google Cloud, migliorando notevolmente le prestazioni e l'autenticazione della rete. Tutto il lavoro in questo codelab può essere svolto all'interno di un browser. Non devi installare nulla.
3. Prima di iniziare
Abilita l'API
Output:
In Cloud Shell, assicurati che l'ID progetto sia configurato:
gcloud config set project [YOUR-PROJECT-ID]
PROJECT_ID=$(gcloud config get-value project)
Attiva tutti i servizi necessari:
gcloud services enable alloydb.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com
Output previsto:
student@cloudshell:~ (gleb-test-short-004)$ gcloud services enable alloydb.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com
Operation "operations/acf.p2-404051529011-664c71ad-cb2b-4ab4-86c1-1f3157d70ba1" finished successfully.
Configura la regione predefinita su us-central1 o su un'altra regione che preferisci. In questo lab utilizzeremo la regione us-central1.
gcloud config set compute/region us-central1
4. Esegui il deployment del cluster AlloyDB
Prima di creare un cluster AlloyDB, dobbiamo allocare un intervallo di IP privati nella nostra VPC da utilizzare per la futura istanza AlloyDB, dopodiché potremo creare il cluster e l'istanza.
Crea intervallo IP privato
Dobbiamo configurare l'accesso privato ai servizi nel nostro VPC per AlloyDB. Il presupposto è che nel progetto sia presente la rete VPC "default" e che verrà utilizzata per tutte le azioni.
Crea l'intervallo IP privato:
gcloud compute addresses create psa-range \
--global \
--purpose=VPC_PEERING \
--prefix-length=16 \
--description="VPC private service access" \
--network=default
Crea una connessione privata utilizzando l'intervallo IP allocato:
gcloud services vpc-peerings connect \
--service=servicenetworking.googleapis.com \
--ranges=psa-range \
--network=default
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud compute addresses create psa-range \
--global \
--purpose=VPC_PEERING \
--prefix-length=16 \
--description="VPC private service access" \
--network=default
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/addresses/psa-range].
student@cloudshell:~ (test-project-402417)$ gcloud services vpc-peerings connect \
--service=servicenetworking.googleapis.com \
--ranges=psa-range \
--network=default
Operation "operations/pssn.p24-4470404856-595e209f-19b7-4669-8a71-cbd45de8ba66" finished successfully.
student@cloudshell:~ (test-project-402417)$
Crea cluster AlloyDB
Crea un cluster AlloyDB nella regione predefinita:
export PGPASSWORD=`openssl rand -hex 12`
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
gcloud alloydb clusters create $ADBCLUSTER \
--password=$PGPASSWORD \
--network=default \
--region=$REGION
Output console previsto:
student@cloudshell:~ (test-project-402417)$ export PGPASSWORD=`openssl rand -base64 12`
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
gcloud alloydb clusters create $ADBCLUSTER \
--password=$PGPASSWORD \
--network=default \
--region=$REGION
Operation ID: operation-1697655441138-6080235852277-9e7f04f5-2012fce4
Creating cluster...done.
Prendi nota della password PostgreSQL per un utilizzo futuro:
echo $PGPASSWORD
Output console previsto:
student@cloudshell:~ (test-project-402417)$ echo $PGPASSWORD bbefbfde7601985b0dee5723
Crea l'istanza primaria AlloyDB
Crea un'istanza principale AlloyDB per il nostro cluster:
export REGION=us-central1
gcloud alloydb instances create $ADBCLUSTER-pr \
--instance-type=PRIMARY \
--cpu-count=2 \
--region=$REGION \
--cluster=$ADBCLUSTER
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud alloydb instances create $ADBCLUSTER-pr \
--instance-type=PRIMARY \
--cpu-count=2 \
--region=$REGION \
--availability-type ZONAL \
--cluster=$ADBCLUSTER
Operation ID: operation-1697659203545-6080315c6e8ee-391805db-25852721
Creating instance...done.
5. Connetterti ad AlloyDB
Per lavorare con AlloyDB ed eseguire comandi come create database, enable extension e altri, abbiamo bisogno di un ambiente di sviluppo. Può essere qualsiasi strumento standard che funziona con PostgreSQL. Nel nostro caso, utilizzeremo un client standard per PostgreSQL installato su una macchina Linux.
AlloyDB viene implementato utilizzando una connessione solo privata, quindi abbiamo bisogno di una VM con il client PostgreSQL installato per lavorare con il database.
Esegui il deployment della VM GCE
Crea una VM GCE nella stessa regione e nello stesso VPC del cluster AlloyDB.
In Cloud Shell, esegui:
export ZONE=us-central1-a
gcloud compute instances create instance-1 \
--zone=$ZONE \
--scopes=https://www.googleapis.com/auth/cloud-platform
Output console previsto:
student@cloudshell:~ (test-project-402417)$ export ZONE=us-central1-a
student@cloudshell:~ (test-project-402417)$ gcloud compute instances create instance-1 \
--zone=$ZONE \
--scopes=https://www.googleapis.com/auth/cloud-platform
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/instance-1].
NAME: instance-1
ZONE: us-central1-a
MACHINE_TYPE: n1-standard-1
PREEMPTIBLE:
INTERNAL_IP: 10.128.0.2
EXTERNAL_IP: 34.71.192.233
STATUS: RUNNING
Installa il client Postgres
Installa il software client PostgreSQL sulla VM di cui è stato eseguito il deployment
Connettiti alla VM:
gcloud compute ssh instance-1 --zone=us-central1-a
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud compute ssh instance-1 --zone=us-central1-a Updating project ssh metadata...working..Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417]. Updating project ssh metadata...done. Waiting for SSH key to propagate. Warning: Permanently added 'compute.5110295539541121102' (ECDSA) to the list of known hosts. Linux instance-1 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. student@instance-1:~$
Installa il comando di esecuzione del software all'interno della VM:
sudo apt-get update
sudo apt-get install --yes postgresql-client
Output console previsto:
student@instance-1:~$ sudo apt-get update sudo apt-get install --yes postgresql-client Get:1 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease [5146 B] Get:2 https://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease [6406 B] Hit:3 https://deb.debian.org/debian bullseye InRelease Get:4 https://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB] Get:5 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable/main amd64 Packages [1930 B] Get:6 https://deb.debian.org/debian bullseye-updates InRelease [44.1 kB] Get:7 https://deb.debian.org/debian bullseye-backports InRelease [49.0 kB] ...redacted... update-alternatives: using /usr/share/postgresql/13/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in auto mode Setting up postgresql-client (13+225) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u7) ...
Connettiti all'istanza
Connettiti all'istanza primaria dalla VM utilizzando psql.
Nella stessa scheda Cloud Shell con la sessione SSH aperta alla VM instance-1.
Utilizza il valore della password AlloyDB (PGPASSWORD) annotato e l'ID cluster AlloyDB per connetterti ad AlloyDB dalla VM GCE:
export PGPASSWORD=<Noted password>
ADBCLUSTER=<your AlloyDB cluster name>
REGION=us-central1
INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
export INSTANCE_IP=<AlloyDB Instance IP>
psql "host=$INSTANCE_IP user=postgres sslmode=require"
Output console previsto:
student@instance-1:~$ export PGPASSWORD=CQhOi5OygD4ps6ty
student@instance-1:~$ ADBCLUSTER=alloydb-aip-01
student@instance-1:~$ REGION=us-central1
student@instance-1:~$ INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
gleb@instance-1:~$ psql "host=$INSTANCE_IP user=postgres sslmode=require"
psql (13.13 (Debian 13.13-0+deb11u1), server 14.7)
WARNING: psql major version 13, server major version 14.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
6. Crea un database Oracle di esempio
Il nostro database Oracle di esempio verrà implementato in un VPC separato per riflettere gli scenari in cui viene implementato on-premise o in qualsiasi altro ambiente separato dal VPC del cluster AlloyDB.
Crea un secondo VPC
Utilizzando una scheda aperta di Cloud Shell o un terminale a riga di comando con Google Cloud SDK, esegui:
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
gcloud compute networks create $PROJECT_ID-vpc-02 --project=$PROJECT_ID --description=Custom\ VPC\ for\ $PROJECT_ID\ project --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional
gcloud compute networks subnets create $PROJECT_ID-vpc-02-$REGION --project=$PROJECT_ID --range=10.110.0.0/24 --stack-type=IPV4_ONLY --network=$PROJECT_ID-vpc-02 --region=$REGION
Output console previsto:
student@cloudshell:~ PROJECT_ID=$(gcloud config get-value project) REGION=us-central1 gcloud compute networks create $PROJECT_ID-vpc-02 --project=$PROJECT_ID --description=Custom\ VPC\ for\ $PROJECT_ID\ project --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional gcloud compute networks subnets create $PROJECT_ID-vpc-02-$REGION --project=$PROJECT_ID --range=10.110.0.0/24 --stack-type=IPV4_ONLY --network=$PROJECT_ID-vpc-02 --region=$REGION Your active configuration is: [cloudshell-3726] Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/networks/test-project-402417-vpc-02]. NAME: test-project-402417-vpc-02 SUBNET_MODE: CUSTOM BGP_ROUTING_MODE: REGIONAL IPV4_RANGE: GATEWAY_IPV4: Instances on this network will not be reachable until firewall rules are created. As an example, you can allow all internal traffic between instances as well as SSH, RDP, and ICMP by running: $ gcloud compute firewall-rules create <FIREWALL_NAME> --network test-project-402417-vpc-02 --allow tcp,udp,icmp --source-ranges <IP_RANGE> $ gcloud compute firewall-rules create <FIREWALL_NAME> --network test-project-402417-vpc-02 --allow tcp:22,tcp:3389,icmp Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/subnetworks/test-project-402417-vpc-02-us-central1]. NAME: test-project-402417-vpc-02-us-central1 REGION: us-central1 NETWORK: test-project-402417-vpc-02 RANGE: 10.110.0.0/24 STACK_TYPE: IPV4_ONLY IPV6_ACCESS_TYPE:
Configura le regole firewall minime nel secondo VPC per la diagnostica di base e la connessione SSH.
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-icmp --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-ssh --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22
Output console previsto:
student@cloudshell:~ gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-icmp --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-ssh --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22 Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-icmp]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-icmp NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: icmp DENY: DISABLED: False Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-ssh]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-ssh NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:22 DENY: DISABLED: False
Configura le regole firewall nel VPC predefinito e nel secondo VPC per consentire le connessioni tra le subnet interne alle porte del database.
ALLOYDB_NET_IP_RANGES=$(gcloud compute networks subnets list --network=default --filter="region:us-central1" --format="value(ipCidrRange)"),$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())")
gcloud compute firewall-rules create default-allow-postgres --project=$PROJECT_ID --network=default --description=Allows\ Postgres\ connections\ from\ local\ networks\ to\ postgres\ instance\ on\ the\ network\ using\ port\ 5432. --direction=INGRESS --priority=65534 --source-ranges=10.110.0.0/24 --action=ALLOW --rules=tcp:5432
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-oracle --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ Oracle\ connections\ from\ local\ networks\ to\ Oracle\ instance\ on\ the\ network\ using\ port\ 1521. --direction=INGRESS --priority=65534 --source-ranges=$ALLOYDB_NET_IP_RANGES --action=ALLOW --rules=tcp:1521
Output console previsto:
student@cloudshell:~ ALLOYDB_NET_IP_RANGES=$(gcloud compute networks subnets list --network=default --filter="region:us-central1" --format="value(ipCidrRange)"),$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") gcloud compute firewall-rules create default-allow-postgres --project=$PROJECT_ID --network=default --description=Allows\ Postgres\ connections\ from\ local\ networks\ to\ postgres\ instance\ on\ the\ network\ using\ port\ 5432. --direction=INGRESS --priority=65534 --source-ranges=10.110.0.0/24 --action=ALLOW --rules=tcp:5432 gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-oracle --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ Oracle\ connections\ from\ local\ networks\ to\ Oracle\ instance\ on\ the\ network\ using\ port\ 1521. --direction=INGRESS --priority=65534 --source-ranges=$ALLOYDB_NET_IP_RANGES --action=ALLOW --rules=tcp:1521 Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/default-allow-postgres]. Creating firewall...done. NAME: default-allow-postgres NETWORK: default DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:5432 DENY: DISABLED: False Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-oracle]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-oracle NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:1521 DENY: DISABLED: False
Esegui il deployment della VM GCE nel secondo VPC
Deployment della VM GCE utilizzando la seconda subnet VPC per il nostro ambiente Oracle di esempio. Questa istanza di Compute verrà utilizzata come ambiente di test Oracle. Qui verranno installati i file binari del database Oracle XE e l'istanza verrà utilizzata come server e come client per le attività specifiche di Oracle.
Utilizzando la stessa shell o lo stesso terminale, esegui il comando per creare la VM:
SERVER_NAME=ora-xe-01
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
ZONE=us-central1-a
MACHINE_TYPE=e2-standard-2
SUBNET=$PROJECT_ID-vpc-02-$REGION
DISK_SIZE=50
gcloud compute instances create $SERVER_NAME --project=$PROJECT_ID --zone=$ZONE --machine-type=$MACHINE_TYPE --network-interface=subnet=$SUBNET --create-disk=auto-delete=yes,boot=yes,size=$DISK_SIZE,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-11 AND family!=debian-11-arm64" \
--format="value(name)"),type=pd-ssd
Output console previsto:
student@cloudshell:~ SERVER_NAME=ora-xe-01
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
ZONE=us-central1-a
MACHINE_TYPE=e2-standard-2
SUBNET=$PROJECT_ID-vpc-02-$REGION
DISK_SIZE=50
gcloud compute instances create $SERVER_NAME --project=$PROJECT_ID --zone=$ZONE --machine-type=$MACHINE_TYPE --network-interface=subnet=$SUBNET --create-disk=auto-delete=yes,boot=yes,size=$DISK_SIZE,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-11 AND family!=debian-11-arm64" \
--format="value(name)"),type=pd-ssd
Your active configuration is: [cloudshell-3726]
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/ora-xe-01].
WARNING: Some requests generated warnings:
- Disk size: '50 GB' is larger than image size: '10 GB'. You might need to resize the root repartition manually if the operating system does not support automatic resizing. See https://cloud.google.com/compute/docs/disks/add-persistent-disk#resize_pd for details.
NAME: ora-xe-01
ZONE: us-central1-a
MACHINE_TYPE: e2-standard-2
PREEMPTIBLE:
INTERNAL_IP: 10.110.0.2
EXTERNAL_IP: 34.121.117.216
STATUS: RUNNING
Crea Oracle XE
Per i test verrà utilizzata Oracle Express Edition (XE). Tieni presente che l'utilizzo del container Oracle XE è soggetto ai termini della licenza Oracle Free Use Terms and Conditions.
Connettiti alla VM creata utilizzando SSH:
gcloud compute ssh $SERVER_NAME --zone=$ZONE
Nella sessione SSH, esegui il deployment dei pacchetti richiesti per il tipo di deployment Docker di Oracle XE. Puoi leggere informazioni su altre opzioni di deployment nella documentazione di Oracle.
sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg lsb-release
sudo mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -aG docker $USER
Output della console previsto (modificato):
student@ora-xe-01:~$ sudo apt-get update sudo apt-get -y install ca-certificates curl gnupg lsb-release sudo mkdir -m 0755 -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin sudo usermod -aG docker $USER Get:1 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease [5146 B] Get:2 https://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease [6406 B] ... Setting up git (1:2.30.2-1+deb11u2) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u7) ... student@ora-xe-01:~$
Riconnettiti alla VM uscendo e accedendo di nuovo.
exit
gcloud compute ssh $SERVER_NAME --zone=$ZONE
Output console previsto:
student@ora-xe-01:~$ exit logout Connection to 34.132.87.73 closed. student@cloudshell:~ (test-project-002-410214)$ gcloud compute ssh $SERVER_NAME --zone=$ZONE Linux ora-xe-01 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Jan 4 14:51:25 2024 from 34.73.112.191 student@ora-xe-01:~$
Nella nuova sessione SSH di ora-xe-01 esegui:
ORACLE_PWD=`openssl rand -hex 12`
echo $ORACLE_PWD
docker run -d --name oracle-xe -p 1521:1521 -e ORACLE_PWD=$ORACLE_PWD container-registry.oracle.com/database/express:21.3.0-xe
Output console previsto:
student@ora-xe-01:~$ ORACLE_PWD=`openssl rand -hex 12` echo $ORACLE_PWD docker run -d --name oracle-xe -p 1521:1521 -e ORACLE_PWD=$ORACLE_PWD container-registry.oracle.com/database/express:21.3.0-xe e36e191b6c298ce6e02a614c Unable to find image 'container-registry.oracle.com/database/express:21.3.0-xe' locally 21.3.0-xe: Pulling from database/express 2318ff572021: Pull complete c6250726c822: Pull complete 33ac5ea7f7dd: Pull complete 753e0fae7e64: Pull complete Digest: sha256:dcf137aab02d5644aaf9299aae736e4429f9bfdf860676ff398a1458ab8d23f2 Status: Downloaded newer image for container-registry.oracle.com/database/express:21.3.0-xe 9f74e2d37bf49b01785338495e02d79c55c92e4ddd409eddcf45e754fd9044d9
Registra il valore di ORACLE_PWD da utilizzare in un secondo momento per la connessione al database come utente di sistema e sys.
Installa schema di esempio
Crea un set di dati di esempio nel database installato utilizzando lo schema di esempio HR standard.
Nella stessa sessione SSH:
git clone https://github.com/oracle-samples/db-sample-schemas.git
curl -O https://download.oracle.com/otn_software/java/sqldeveloper/sqlcl-latest.zip
sudo apt-get install -y unzip openjdk-17-jdk
unzip sqlcl-latest.zip
echo 'export PATH=$HOME/sqlcl/bin:$PATH' >>.bashrc
exec $SHELL
Output console previsto:
student@ora-xe-01:~$ git clone https://github.com/oracle-samples/db-sample-schemas.git curl -O https://download.oracle.com/otn_software/java/sqldeveloper/sqlcl-latest.zip sudo apt-get install -y unzip openjdk-17-jdk unzip sqlcl-latest.zip echo 'export PATH=$HOME/sqlcl/bin:$PATH' >>.bashrc exec $SHELL Cloning into 'db-sample-schemas'... remote: Enumerating objects: 624, done. remote: Counting objects: 100% (104/104), done. ... inflating: sqlcl/lib/sshd-contrib.jar inflating: sqlcl/lib/sshd-putty.jar inflating: sqlcl/lib/dbtools-sqlcl-distribution.jar student@ora-xe-01:~$
Nella stessa sessione SSH:
ORACLE_PWD=<your noted password from the previous step>
cd db-sample-schemas/human_resources/
sql system/$ORACLE_PWD@localhost/XEPDB1 @hr_install.sql
Inserisci una password per lo schema HR (è sufficiente una password efficace) e accetta i tablespace predefiniti suggeriti nei prompt.
Output console previsto:
student@ora-xe-01:~$ ORACLE_PWD=e36e191b6c298ce6e02a614c
student@ora-xe-01:~$ cd db-sample-schemas/human_resources/
sql system/$ORACLE_PWD@localhost/XEPDB1 @hr_install.sql
SQLcl: Release 23.3 Production on Wed Jan 03 14:38:14 2024
Copyright (c) 1982, 2024, Oracle. All rights reserved.
Last Successful login time: Wed Jan 03 2024 14:38:17 +00:00
Connected to:
Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
Thank you for installing the Oracle Human Resources Sample Schema.
This installation script will automatically exit your database session
at the end of the installation or if any error is encountered.
The entire installation will be logged into the 'hr_install.log' log file.
Enter a password for the user HR: ************************
Enter a tablespace for HR [USERS]:
Do you want to overwrite the schema, if it already exists? [YES|no]:
****** Creating REGIONS table ....
Table REGIONS created.
...
Table provided actual
______________ ___________ _________
regions 5 5
countries 25 25
departments 27 27
locations 23 23
employees 107 107
jobs 19 19
job_history 10 10
Thank you!
___________________________________________________________
The installation of the sample schema is now finished.
Please check the installation verification output above.
You will now be disconnected from the database.
Thank you for using Oracle Database!
Disconnected from Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
Crea utente per Oracle FDW
Per semplicità, creeremo un utente POSTGRES, lo stesso dell'utente PostgreSQL predefinito.
Connettiti al database Oracle come utente SYS:
sql sys/$ORACLE_PWD@localhost/XEPDB1 as sysdba
Nella sessione SQL come utente SYS esegui (sostituisci POSTGRES_ORA_PWD con la password dell'utente):
create user postgres identified by POSTGRES_ORA_PWD;
e concedi i privilegi necessari all'utente:
grant connect, select any table to postgres;
grant select on v_$SQL_PLAN to postgres;
grant select on v_$SQL to postgres;
Output console previsto:
student@ora-xe-01:~/db-sample-schemas/human_resources$ sql sys/$ORACLE_PWD@localhost/XEPDB1 as sysdba SQLcl: Release 23.3 Production on Wed Jan 03 14:42:37 2024 Copyright (c) 1982, 2024, Oracle. All rights reserved. Connected to: Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production Version 21.3.0.0.0 SQL> create user postgres identified by VeryStrongPassword0011##; User POSTGRES created. SQL> grant connect, select any table to postgres; Grant succeeded. SQL> grant select on v_$SQL_PLAN to postgres; Grant succeeded. SQL> grant select on v_$SQL to postgres; Grant succeeded. SQL>
7. Crea una VPN tra VPC
Le risorse di cui è stato eseguito il deployment in ogni VPC possono visualizzare solo gli indirizzi IP interni per quella particolare rete e non possono connettersi a risorse interne in un altro VPC. Google Cloud VPN crea un bridge tra due VPC e consente alla nostra VM con database Oracle di connettersi e di essere connessa dall'istanza AlloyDB. La connessione VPN include diversi componenti, come router Cloud, gateway, tunnel VPN e sessioni BGP. Qui esaminiamo la creazione e la configurazione di tutti i componenti necessari per una VPN ad alta disponibilità tra due VPC. Puoi scoprire di più su Google Cloud VPN nella documentazione.
Crea router e gateway
Crea router Cloud e gateway VPN in entrambi i VPC.
In Cloud Shell o in un terminale con Cloud SDK, esegui:
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
gcloud compute routers create $PROJECT_ID-vpc-01-router --project=$PROJECT_ID --region=$REGION --network=default --asn=64520 --advertisement-mode=custom --set-advertisement-groups=all_subnets
gcloud compute routers create $PROJECT_ID-vpc-02-router --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 --asn=64521 --advertisement-mode=custom --set-advertisement-groups=all_subnets
Output console previsto:
student@cloudshell:~ (test-project-402417)$ PROJECT_ID=$(gcloud config get-value project) REGION=us-central1 gcloud compute routers create $PROJECT_ID-vpc-01-router --project=$PROJECT_ID --region=$REGION --network=default --asn=64520 --advertisement-mode=custom --set-advertisement-groups=all_subnets gcloud compute routers create $PROJECT_ID-vpc-02-router --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 --asn=64521 --advertisement-mode=custom --set-advertisement-groups=all_subnets Your active configuration is: [cloudshell-18870] Creating router [test-project-402417-vpc-01-router]...done. NAME: test-project-402417-vpc-01-router REGION: us-central1 NETWORK: default Creating router [test-project-402417-vpc-02-router]...done. NAME: test-project-402417-vpc-02-router REGION: us-central1 NETWORK: test-project-402417-vpc-02
Crea gateway VPN in entrambi i VPC:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute vpn-gateways create $PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=default
gcloud compute vpn-gateways create $PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud compute vpn-gateways create $PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=default gcloud compute vpn-gateways create $PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 Creating VPN Gateway...done. NAME: test-project-402417-vpc-01-vpn-gtw INTERFACE0: 35.242.106.28 INTERFACE1: 35.220.86.122 INTERFACE0_IPV6: INTERFACE1_IPV6: NETWORK: default REGION: us-central1 Creating VPN Gateway...done. NAME: test-project-402417-vpc-02-vpn-gtw INTERFACE0: 35.242.116.197 INTERFACE1: 35.220.68.53 INTERFACE0_IPV6: INTERFACE1_IPV6: NETWORK: test-project-402417-vpc-02 REGION: us-central1 student@cloudshell:~ (test-project-402417)$
Crea tunnel VPN
Creeremo una configurazione ad alta disponibilità con una coppia di tunnel VPN per ogni VPC.
In Cloud Shell o in un terminale con SDK, esegui:
PROJECT_ID=$(gcloud config get-value project)
SHARED_SECRET=`openssl rand -base64 24`
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1
Output console previsto:
student@cloudshell:~ (test-project-402417)$ SHARED_SECRET=`openssl rand -base64 24` gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1 Creating VPN tunnel...done. NAME: test-project-402417-vpc-01-vpn-tunnel-01 REGION: us-central1 GATEWAY: test-project-402417-vpc-01-vpn-gtw VPN_INTERFACE: 0 PEER_ADDRESS: 35.242.116.197 Creating VPN tunnel...done. NAME: test-project-402417-vpc-01-vpn-tunnel-02 REGION: us-central1 GATEWAY: test-project-402417-vpc-01-vpn-gtw VPN_INTERFACE: 1 PEER_ADDRESS: 35.220.68.53 Creating VPN tunnel...done. NAME: test-project-402417-vpc-02-vpn-tunnel-01 REGION: us-central1 GATEWAY: test-project-402417-vpc-02-vpn-gtw VPN_INTERFACE: 0 PEER_ADDRESS: 35.242.106.28 Creating VPN tunnel...done. NAME: test-project-402417-vpc-02-vpn-tunnel-02 REGION: us-central1 GATEWAY: test-project-402417-vpc-02-vpn-gtw VPN_INTERFACE: 1 PEER_ADDRESS: 35.220.86.122
Crea sessioni BGP
Le sessioni BGP (Border Gateway Protocol) consentono il routing dinamico scambiando informazioni sulle route disponibili tra i VPC.
Crea la prima coppia di peer BGP nella prima rete (predefinita). Gli indirizzi IP dei peer verranno utilizzati per BGP creato nel secondo VPC.
In Cloud Shell o in un terminale con SDK, esegui:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-asn=64521 --region=$REGION
gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-asn=64521 --region=$REGION
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-asn=64521 --region=$REGION gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-asn=64521 --region=$REGION Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Creating peer [test-project-402417-vpc-01-vpn-tunnel-01-bgp] in router [test-project-402417-vpc-01-router]...done. Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Creating peer [test-project-402417-vpc-01-vpn-tunnel-02-bgp] in router [test-project-402417-vpc-01-router]...done. student@cloudshell:~ (test-project-402417)$
Aggiungi BGP nel secondo VPC:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-01 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION
gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-02 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION
Output console previsto:
student@cloudshell:~ (test-project-402417)$ REGION=us-central1 PROJECT_ID=$(gcloud config get-value project) gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-01 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-02 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION Your active configuration is: [cloudshell-18870] Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Creating peer [test-project-402417-vpc-02-vpn-tunnel-01-bgp] in router [test-project-402417-vpc-02-router]...done. Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Creating peer [test-project-402417-vpc-02-vpn-tunnel-02-bgp] in router [test-project-402417-vpc-02-router]...done.
Aggiungi le route personalizzate a BGP
Ora dobbiamo annunciare il nostro intervallo IP privato del servizio a BGP
In Cloud Shell, esegui:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers update $PROJECT_ID-vpc-01-router --add-advertisement-ranges=$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") --region=$REGION
gcloud compute networks peerings update servicenetworking-googleapis-com --network=default --import-custom-routes --export-custom-routes
Output della console previsto (modificato):
PROJECT_ID=$(gcloud config get-value project) gcloud compute routers update $PROJECT_ID-vpc-01-router --add-advertisement-ranges=$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") --region=$REGION gcloud compute networks peerings update servicenetworking-googleapis-com --network=default --import-custom-routes --export-custom-routes ...
8. Configura Oracle FDW in AlloyDB
Ora possiamo creare un database di test e configurare l'estensione Oracle FDW. Utilizzeremo la VM instance-1 creata nel secondo passaggio e la password annotata per il cluster AlloyDB.
Crea database
Connettiti alla VM GCE instance-1:
ZONE=us-central1-a
gcloud compute ssh instance-1 --zone=$ZONE
Nella sessione SSH esegui:
export PGPASSWORD=<Noted password>
REGION=us-central1
ADBCLUSTER=alloydb-aip-01
INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE quickstart_db"
Output console previsto:
student@instance-1:~$ export PGPASSWORD=6dd7fKHnMId8RM97 student@instance-1:~$ REGION=us-central1 ADBCLUSTER=alloydb-aip-01 INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)") psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE quickstart_db" CREATE DATABASE student@instance-1:~$
Configurare l'estensione FDW di Oracle
Abilita l'estensione Oracle FDW nel nuovo database creato.
Nella stessa sessione SSH, esegui:
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create extension if not exists oracle_fdw cascade"
Output console previsto:
student@instance-1:~$ psql "host=$INSTANCE_IP user=postgres dbname=quickstart_db" -c "create extension if not exists oracle_fdw cascade" CREATE EXTENSION student@instance-1:~$
Configurare Oracle FDW
Continuiamo a lavorare nella stessa sessione SSH configurando Oracle FDW per funzionare con lo schema di esempio HR nel database Oracle.
Crea la configurazione del server FDW utilizzando l'indirizzo IP interno per la nostra VM Oracle XE nel secondo VPC.
Nella stessa sessione SSH per instance-1, esegui:
ORACLE_SERVER_IP=$(gcloud compute instances list --filter="name=(ora-xe-01)" --format="value(networkInterfaces[0].networkIP)")
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create server ora_xe foreign data wrapper oracle_fdw options (dbserver '$ORACLE_SERVER_IP:1521/xepdb1')"
Output console previsto:
student@instance-1:~$ ORACLE_SERVER_IP=$(gcloud compute instances list --filter="name=(ora-xe-01)" --format="value(networkInterfaces[0].networkIP)") psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create server ora_xe foreign data wrapper oracle_fdw options (dbserver '$ORACLE_SERVER_IP:1521/xepdb1')" CREATE SERVER
Concedi l'utilizzo del server creato all'utente postgres.
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "grant usage on foreign server ora_xe to postgres"
Output console previsto:
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "grant usage on foreign server ora_xe to postgres" GRANT
Crea una mappatura tra l'utente in PostgreSQL e l'utente del database Oracle utilizzando la password che abbiamo configurato per l'utente nel database Oracle. Utilizza la password annotata per l'utente Oracle POSTGRES che abbiamo creato in precedenza (POSTGRES_ORA_PWD).
POSTGRES_ORA_PWD=<your password for the oracle user postgres>
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "CREATE USER MAPPING FOR postgres SERVER ora_xe OPTIONS ( USER 'postgres', PASSWORD '$POSTGRES_ORA_PWD')"
Output console previsto:
student@instance-1:~$ POSTGRES_ORA_PWD=VeryStrongPassword0011## student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "CREATE USER MAPPING FOR postgres SERVER ora_xe OPTIONS ( USER 'postgres', PASSWORD '$POSTGRES_ORA_PWD')" CREATE USER MAPPING
9. Utilizzare Oracle FDW con lo schema HR
Ora possiamo utilizzare il nostro FDW Oracle con i dati nel database Oracle.
Importa definizioni dello schema HR di Oracle
Continuiamo a lavorare sulla nostra VM client Postgres utilizzando psql per lavorare con AlloyDB.
Nella sessione SSH della VM esegui:
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create schema ora_exe_hr";
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "import foreign schema \"HR\" from server ora_xe into ora_exe_hr";
Output previsto (modificato):
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create schema ora_exe_hr"; psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "import foreign schema \"HR\" from server ora_xe into ora_exe_hr"; CREATE SCHEMA IMPORT FOREIGN SCHEMA student@instance-1:~$
Testare FDW Oracle
Eseguiamo un'istruzione SQL di esempio.
Connettiti al database. Nella sessione SSH della VM esegui:
psql -h $INSTANCE_IP -U postgres -d quickstart_db
Nella sessione PSQL, esegui un'istruzione SELECT.
select * from ora_exe_hr.countries limit 5;
Output previsto:
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db
psql (13.13 (Debian 13.13-0+deb11u1), server 14.7)
WARNING: psql major version 13, server major version 14.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
quickstart_db=> select * from ora_exe_hr.countries limit 5;
country_id | country_name | region_id
------------+--------------+-----------
AR | Argentina | 20
AU | Australia | 40
BE | Belgium | 10
BR | Brazil | 20
CA | Canada | 20
(5 rows)
quickstart_db=>
Restituisce i risultati e significa che la nostra configurazione funziona correttamente.
Puoi sperimentare con le altre tabelle.
10. Pulizia dell'ambiente
Ora che tutte le attività sono completate, possiamo pulire l'ambiente eliminando i componenti per evitare fatturazioni non necessarie.
Elimina le istanze e il cluster AlloyDB al termine del lab
Elimina il cluster AlloyDB e tutte le istanze
Il cluster viene eliminato con l'opzione force, che elimina anche tutte le istanze appartenenti al cluster.
In Cloud Shell definisci le variabili di progetto e di ambiente se la connessione è stata interrotta e tutte le impostazioni precedenti sono andate perse:
gcloud config set project <your project id>
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
export PROJECT_ID=$(gcloud config get-value project)
Elimina il cluster:
gcloud alloydb clusters delete $ADBCLUSTER --region=$REGION --force
Output console previsto:
student@cloudshell:~ (test-project-001-402417)$ gcloud alloydb clusters delete $ADBCLUSTER --region=$REGION --force All of the cluster data will be lost when the cluster is deleted. Do you want to continue (Y/n)? Y Operation ID: operation-1697820178429-6082890a0b570-4a72f7e4-4c5df36f Deleting cluster...done.
Elimina i backup di AlloyDB
Elimina tutti i backup AlloyDB per il cluster:
for i in $(gcloud alloydb backups list --filter="CLUSTER_NAME: projects/$PROJECT_ID/locations/$REGION/clusters/$ADBCLUSTER" --format="value(name)" --sort-by=~createTime) ; do gcloud alloydb backups delete $(basename $i) --region $REGION --quiet; done
Output console previsto:
student@cloudshell:~ (test-project-001-402417)$ for i in $(gcloud alloydb backups list --filter="CLUSTER_NAME: projects/$PROJECT_ID/locations/$REGION/clusters/$ADBCLUSTER" --format="value(name)" --sort-by=~createTime) ; do gcloud alloydb backups delete $(basename $i) --region $REGION --quiet; done Operation ID: operation-1697826266108-60829fb7b5258-7f99dc0b-99f3c35f Deleting backup...done.
Ora possiamo eliminare la nostra VM
Elimina VM GCE
In Cloud Shell, esegui:
export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
Output console previsto:
student@cloudshell:~ (test-project-001-402417)$ export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
Deleted
Elimina la VM con Oracle XE
In Cloud Shell, esegui:
SERVER_NAME=ora-xe-01
ZONE=us-central1-a
gcloud compute instances delete $SERVER_NAME \
--zone=$ZONE \
--quiet
Output console previsto:
student@cloudshell:~ (test-project-402417)$ SERVER_NAME=ora-xe-01
ZONE=us-central1-a
gcloud compute instances delete $SERVER_NAME \
--zone=$ZONE \
--quiet
Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/ora-xe-01].
student@cloudshell:~ (test-project-402417)$
Elimina VPN
In Cloud Shell, esegui:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-01 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-02 --region=$REGION --quiet
gcloud compute routers delete $PROJECT_ID-vpc-02-router --region=$REGION --quiet
gcloud compute routers delete $PROJECT_ID-vpc-01-router --region=$REGION --quiet
gcloud compute vpn-gateways delete $PROJECT_ID-vpc-01-vpn-gtw --region=$REGION --quiet
gcloud compute vpn-gateways delete $PROJECT_ID-vpc-02-vpn-gtw --region=$REGION --quiet
Output console previsto:
student@cloudshell:~ (test-project-402417)$ REGION=us-central1 PROJECT_ID=$(gcloud config get-value project) gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-01 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-02 --region=$REGION --quiet gcloud compute routers delete $PROJECT_ID-vpc-02-router --region=$REGION --quiet gcloud compute routers delete $PROJECT_ID-vpc-01-router --region=$REGION --quiet gcloud compute vpn-gateways delete $PROJECT_ID-vpc-01-vpn-gtw --region=$REGION --quiet gcloud compute vpn-gateways delete $PROJECT_ID-vpc-02-vpn-gtw --region=$REGION --quiet Your active configuration is: [cloudshell-18870] Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Deleting VPN Gateway...done. Deleting VPN Gateway...done. student@cloudshell:~ (test-project-402417)$
Elimina il secondo VPC
In Cloud Shell, esegui:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-icmp --quiet
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-ssh --quiet
gcloud compute firewall-rules delete default-allow-postgres --quiet
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-oracle --quiet
gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet
gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet
Output console previsto:
student@cloudshell:~ (test-project-402417)$ gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-icmp --quiet gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-ssh --quiet gcloud compute firewall-rules delete default-allow-postgres --quiet gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-oracle --quiet gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-icmp]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-ssh]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/default-allow-postgres]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-oracle]. gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet
11. Complimenti
Congratulazioni per aver completato il codelab.
Argomenti trattati
- Come eseguire il deployment del cluster AlloyDB
- Come connettersi ad AlloyDB
- Come configurare ed eseguire il deployment di un database Oracle di esempio
- Come configurare la VPN tra due reti VPC
- Come configurare l'estensione Oracle FDW
12. Sondaggio
Output: