1. 簡介
有時候,由於各種原因,系統無法將工作負載從 Oracle 資料庫轉移至 AlloyDB。在這種情況下,如果想在 AlloyDB 中提供資料以供回報或進一步處理,可以使用 Oracle FDW (外國資料包裝函式)。Oracle FDW 可讓您查詢遠端 Oracle 資料庫中的資料,並透過檢視畫面顯示遠端資料,使資料看起來像在 AlloyDB 內一樣。
在本程式碼研究室中,您將瞭解如何使用 Oracle FDW,將 AlloyDB 資料庫連線至透過 VPN 服務部署在獨立網路中的 Oracle 資料庫。
上圖顯示了左側為部署在一個具有 default 網路的 VPC 中的 AlloyDB 叢集和 GCE 執行個體 instance-1,以及網路名稱為 $PROJECT_ID-vpc-02 的 GCE 執行個體 ora-xe-01。第一個和第二個虛擬私有雲使用 Cloud VPN 連線,且已設定路徑,可讓 Oracle 和 AlloyDB 執行個體互相通訊。
透過 VPN 從 AlloyDB 遷移至 Oracle 的 AlloyDB 至 Oracle
如要進一步瞭解 Oracle FDW 擴充功能,請前往這個頁面。
必要條件
- 對 Google Cloud 控制台的基本概念
- 指令列介面和 Google Shell 的基本技能
- PostgreSQL 和 Oracle 資料庫的基本知識
課程內容
- 如何部署 AlloyDB 叢集
- 如何連線至 AlloyDB
- 如何設定及部署 Oracle 範例資料庫
- 如何在兩個虛擬私有雲網路之間設定 VPN
- 如何設定 Oracle FDW 擴充功能
軟硬體需求
- Google Cloud 帳戶和 Google Cloud 專案
- 使用 Chrome 等網路瀏覽器
2. 設定和需求
自修環境設定
- 登入 Google Cloud 控制台,建立新專案或重複使用現有專案。如果您還沒有 Gmail 或 Google Workspace 帳戶,請先建立帳戶。
- 「專案名稱」是這項專案參與者的顯示名稱。這是 Google API 未使用的字元字串。您可以隨時更新付款方式。
- 所有 Google Cloud 專案的專案 ID 均不得重複,而且設定後即無法變更。Cloud 控制台會自動產生一個不重複的字串。但通常是在乎它何在在大部分的程式碼研究室中,您必須參照專案 ID (通常為
PROJECT_ID)。如果您對產生的 ID 不滿意,可以隨機產生一個 ID。或者,您也可以自行嘗試,看看是否支援。在這個步驟後,這個名稱即無法變更,而且在專案期間內仍會保持有效。 - 資訊中的第三個值是專案編號,部分 API 會使用這個編號。如要進一步瞭解這三個值,請參閱說明文件。
- 接下來,您需要在 Cloud 控制台中啟用計費功能,才能使用 Cloud 資源/API。執行本程式碼研究室不會產生任何費用 (如果有的話)。如要關閉資源,以免產生本教學課程結束後產生的費用,您可以刪除自己建立的資源或刪除專案。新使用者符合 $300 美元免費試用計畫的資格。
啟動 Cloud Shell
雖然 Google Cloud 可以從筆記型電腦遠端操作,但在本程式碼研究室中,您將使用 Google Cloud Shell,這是一種在 Cloud 中執行的指令列環境。
在 Google Cloud 控制台,按一下右上方的工具列上的 Cloud Shell 圖示:
佈建並連線至環境的作業只需幾分鐘的時間。完成後,您應該會看到類似下方的內容:
這部虛擬機器都裝載了您需要的所有開發工具。提供永久的 5 GB 主目錄,而且在 Google Cloud 中運作,大幅提高網路效能和驗證能力。本程式碼研究室的所有工作都可以在瀏覽器中完成。不必安裝任何程式。
3. 事前準備
啟用 API
輸出:
在 Cloud Shell 中,請確認您已設定專案 ID:
gcloud config set project [YOUR-PROJECT-ID]
PROJECT_ID=$(gcloud config get-value project)
啟用所有必要服務:
gcloud services enable alloydb.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com
預期的輸出內容:
student@cloudshell:~ (gleb-test-short-004)$ gcloud services enable alloydb.googleapis.com \
compute.googleapis.com \
cloudresourcemanager.googleapis.com \
servicenetworking.googleapis.com \
vpcaccess.googleapis.com
Operation "operations/acf.p2-404051529011-664c71ad-cb2b-4ab4-86c1-1f3157d70ba1" finished successfully.
將預設區域設為 us-central1 或其他您偏好的區域。在這個研究室中,我們會使用 us-central1 區域。
gcloud config set compute/region us-central1
4. 部署 AlloyDB 叢集
建立 AlloyDB 叢集之前,我們需要在虛擬私有雲中分配私人 IP 範圍,供日後的 AlloyDB 執行個體使用,之後就能建立叢集和執行個體。
建立私人 IP 範圍
我們必須在虛擬私有雲中,為 AlloyDB 設定私人服務存取權設定。這裡假設使用的是「default」這個專案會用於所有動作。
建立私人 IP 範圍:
gcloud compute addresses create psa-range \
--global \
--purpose=VPC_PEERING \
--prefix-length=16 \
--description="VPC private service access" \
--network=default
使用分配的 IP 範圍建立私人連線:
gcloud services vpc-peerings connect \
--service=servicenetworking.googleapis.com \
--ranges=psa-range \
--network=default
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud compute addresses create psa-range \
--global \
--purpose=VPC_PEERING \
--prefix-length=16 \
--description="VPC private service access" \
--network=default
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/addresses/psa-range].
student@cloudshell:~ (test-project-402417)$ gcloud services vpc-peerings connect \
--service=servicenetworking.googleapis.com \
--ranges=psa-range \
--network=default
Operation "operations/pssn.p24-4470404856-595e209f-19b7-4669-8a71-cbd45de8ba66" finished successfully.
student@cloudshell:~ (test-project-402417)$
建立 AlloyDB 叢集
在預設區域建立 AlloyDB 叢集:
export PGPASSWORD=`openssl rand -hex 12`
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
gcloud alloydb clusters create $ADBCLUSTER \
--password=$PGPASSWORD \
--network=default \
--region=$REGION
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ export PGPASSWORD=`openssl rand -base64 12`
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
gcloud alloydb clusters create $ADBCLUSTER \
--password=$PGPASSWORD \
--network=default \
--region=$REGION
Operation ID: operation-1697655441138-6080235852277-9e7f04f5-2012fce4
Creating cluster...done.
請注意 PostgreSQL 密碼,供日後使用:
echo $PGPASSWORD
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ echo $PGPASSWORD bbefbfde7601985b0dee5723
建立 AlloyDB 主要執行個體
為叢集建立 AlloyDB 主要執行個體:
export REGION=us-central1
gcloud alloydb instances create $ADBCLUSTER-pr \
--instance-type=PRIMARY \
--cpu-count=2 \
--region=$REGION \
--cluster=$ADBCLUSTER
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud alloydb instances create $ADBCLUSTER-pr \
--instance-type=PRIMARY \
--cpu-count=2 \
--region=$REGION \
--availability-type ZONAL \
--cluster=$ADBCLUSTER
Operation ID: operation-1697659203545-6080315c6e8ee-391805db-25852721
Creating instance...done.
5. 連線至 AlloyDB
如要使用 AlloyDB 和執行指令 (例如建立資料庫)、啟用擴充功能等,我們需要開發環境。可以是與 PostgreSQL 搭配使用的標準工具。在這個例子中,我們要使用安裝在 Linux 盒上的 PostgreSQL 標準用戶端。
AlloyDB 是透過僅限私人連線部署,因此必須安裝 PostgreSQL 用戶端的 VM,才能與資料庫搭配運作。
部署 GCE VM
在 AlloyDB 叢集所在的區域和虛擬私有雲中建立 GCE VM。
請在 Cloud Shell 中執行下列指令:
export ZONE=us-central1-a
gcloud compute instances create instance-1 \
--zone=$ZONE \
--scopes=https://www.googleapis.com/auth/cloud-platform
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ export ZONE=us-central1-a
student@cloudshell:~ (test-project-402417)$ gcloud compute instances create instance-1 \
--zone=$ZONE \
--scopes=https://www.googleapis.com/auth/cloud-platform
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/instance-1].
NAME: instance-1
ZONE: us-central1-a
MACHINE_TYPE: n1-standard-1
PREEMPTIBLE:
INTERNAL_IP: 10.128.0.2
EXTERNAL_IP: 34.71.192.233
STATUS: RUNNING
安裝 Postgres 用戶端
在已部署的 VM 上安裝 PostgreSQL 用戶端軟體
連線至 VM:
gcloud compute ssh instance-1 --zone=us-central1-a
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud compute ssh instance-1 --zone=us-central1-a Updating project ssh metadata...working..Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417]. Updating project ssh metadata...done. Waiting for SSH key to propagate. Warning: Permanently added 'compute.5110295539541121102' (ECDSA) to the list of known hosts. Linux instance-1 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. student@instance-1:~$
在 VM 中安裝執行指令的軟體:
sudo apt-get update
sudo apt-get install --yes postgresql-client
預期的主控台輸出內容:
student@instance-1:~$ sudo apt-get update sudo apt-get install --yes postgresql-client Get:1 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease [5146 B] Get:2 https://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease [6406 B] Hit:3 https://deb.debian.org/debian bullseye InRelease Get:4 https://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB] Get:5 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable/main amd64 Packages [1930 B] Get:6 https://deb.debian.org/debian bullseye-updates InRelease [44.1 kB] Get:7 https://deb.debian.org/debian bullseye-backports InRelease [49.0 kB] ...redacted... update-alternatives: using /usr/share/postgresql/13/man/man1/psql.1.gz to provide /usr/share/man/man1/psql.1.gz (psql.1.gz) in auto mode Setting up postgresql-client (13+225) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u7) ...
連線至執行個體
使用 psql 從 VM 連線至主要執行個體。
同一個 Cloud Shell 分頁設有開啟給 instance-1 VM 的 SSH 工作階段。
使用註明的 AlloyDB 密碼 (PGPASSWORD) 值和 AlloyDB 叢集 ID,從 GCE VM 連線至 AlloyDB:
export PGPASSWORD=<Noted password>
ADBCLUSTER=<your AlloyDB cluster name>
REGION=us-central1
INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
export INSTANCE_IP=<AlloyDB Instance IP>
psql "host=$INSTANCE_IP user=postgres sslmode=require"
預期的主控台輸出內容:
student@instance-1:~$ export PGPASSWORD=CQhOi5OygD4ps6ty
student@instance-1:~$ ADBCLUSTER=alloydb-aip-01
student@instance-1:~$ REGION=us-central1
student@instance-1:~$ INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
gleb@instance-1:~$ psql "host=$INSTANCE_IP user=postgres sslmode=require"
psql (13.13 (Debian 13.13-0+deb11u1), server 14.7)
WARNING: psql major version 13, server major version 14.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
postgres=>
6. 建立 Oracle 範例資料庫
我們的 Oracle 範例資料庫會部署在不同的虛擬私有雲中,以反映部署於地端部署環境,或是與 AlloyDB 叢集虛擬私有雲之外的任何其他環境中部署的情境。
建立第二個虛擬私有雲
透過 Google Cloud SDK 開啟 Cloud Shell 的分頁或指令列終端機時,系統會執行以下動作:
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
gcloud compute networks create $PROJECT_ID-vpc-02 --project=$PROJECT_ID --description=Custom\ VPC\ for\ $PROJECT_ID\ project --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional
gcloud compute networks subnets create $PROJECT_ID-vpc-02-$REGION --project=$PROJECT_ID --range=10.110.0.0/24 --stack-type=IPV4_ONLY --network=$PROJECT_ID-vpc-02 --region=$REGION
預期的主控台輸出內容:
student@cloudshell:~ PROJECT_ID=$(gcloud config get-value project) REGION=us-central1 gcloud compute networks create $PROJECT_ID-vpc-02 --project=$PROJECT_ID --description=Custom\ VPC\ for\ $PROJECT_ID\ project --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional gcloud compute networks subnets create $PROJECT_ID-vpc-02-$REGION --project=$PROJECT_ID --range=10.110.0.0/24 --stack-type=IPV4_ONLY --network=$PROJECT_ID-vpc-02 --region=$REGION Your active configuration is: [cloudshell-3726] Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/networks/test-project-402417-vpc-02]. NAME: test-project-402417-vpc-02 SUBNET_MODE: CUSTOM BGP_ROUTING_MODE: REGIONAL IPV4_RANGE: GATEWAY_IPV4: Instances on this network will not be reachable until firewall rules are created. As an example, you can allow all internal traffic between instances as well as SSH, RDP, and ICMP by running: $ gcloud compute firewall-rules create <FIREWALL_NAME> --network test-project-402417-vpc-02 --allow tcp,udp,icmp --source-ranges <IP_RANGE> $ gcloud compute firewall-rules create <FIREWALL_NAME> --network test-project-402417-vpc-02 --allow tcp:22,tcp:3389,icmp Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/subnetworks/test-project-402417-vpc-02-us-central1]. NAME: test-project-402417-vpc-02-us-central1 REGION: us-central1 NETWORK: test-project-402417-vpc-02 RANGE: 10.110.0.0/24 STACK_TYPE: IPV4_ONLY IPV6_ACCESS_TYPE:
在第二個虛擬私有雲中設定最低的防火牆規則,以便使用基本診斷和 SSH 連線。
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-icmp --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-ssh --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22
預期的主控台輸出內容:
student@cloudshell:~ gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-icmp --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-ssh --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22 Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-icmp]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-icmp NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: icmp DENY: DISABLED: False Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-ssh]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-ssh NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:22 DENY: DISABLED: False
請在預設和第二個虛擬私有雲中設定防火牆規則,允許內部子網路與資料庫通訊埠連線。
ALLOYDB_NET_IP_RANGES=$(gcloud compute networks subnets list --network=default --filter="region:us-central1" --format="value(ipCidrRange)"),$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())")
gcloud compute firewall-rules create default-allow-postgres --project=$PROJECT_ID --network=default --description=Allows\ Postgres\ connections\ from\ local\ networks\ to\ postgres\ instance\ on\ the\ network\ using\ port\ 5432. --direction=INGRESS --priority=65534 --source-ranges=10.110.0.0/24 --action=ALLOW --rules=tcp:5432
gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-oracle --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ Oracle\ connections\ from\ local\ networks\ to\ Oracle\ instance\ on\ the\ network\ using\ port\ 1521. --direction=INGRESS --priority=65534 --source-ranges=$ALLOYDB_NET_IP_RANGES --action=ALLOW --rules=tcp:1521
預期的主控台輸出內容:
student@cloudshell:~ ALLOYDB_NET_IP_RANGES=$(gcloud compute networks subnets list --network=default --filter="region:us-central1" --format="value(ipCidrRange)"),$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") gcloud compute firewall-rules create default-allow-postgres --project=$PROJECT_ID --network=default --description=Allows\ Postgres\ connections\ from\ local\ networks\ to\ postgres\ instance\ on\ the\ network\ using\ port\ 5432. --direction=INGRESS --priority=65534 --source-ranges=10.110.0.0/24 --action=ALLOW --rules=tcp:5432 gcloud compute firewall-rules create $PROJECT_ID-vpc-02-allow-oracle --project=$PROJECT_ID --network=$PROJECT_ID-vpc-02 --description=Allows\ Oracle\ connections\ from\ local\ networks\ to\ Oracle\ instance\ on\ the\ network\ using\ port\ 1521. --direction=INGRESS --priority=65534 --source-ranges=$ALLOYDB_NET_IP_RANGES --action=ALLOW --rules=tcp:1521 Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/default-allow-postgres]. Creating firewall...done. NAME: default-allow-postgres NETWORK: default DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:5432 DENY: DISABLED: False Creating firewall...working..Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-oracle]. Creating firewall...done. NAME: test-project-402417-vpc-02-allow-oracle NETWORK: test-project-402417-vpc-02 DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:1521 DENY: DISABLED: False
在第二個虛擬私有雲中部署 GCE VM
使用第二個虛擬私有雲子網路,為範例 Oracle 環境部署 GCE VM。這個運算執行個體會用來做為測試 Oracle 環境。系統會在這裡安裝 Oracle XE 資料庫二進位檔,執行個體會做為伺服器和 Oracle 特定工作的用戶端。
使用相同的 Cloud Shell 或終端機執行下列指令來建立 VM:
SERVER_NAME=ora-xe-01
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
ZONE=us-central1-a
MACHINE_TYPE=e2-standard-2
SUBNET=$PROJECT_ID-vpc-02-$REGION
DISK_SIZE=50
gcloud compute instances create $SERVER_NAME --project=$PROJECT_ID --zone=$ZONE --machine-type=$MACHINE_TYPE --network-interface=subnet=$SUBNET --create-disk=auto-delete=yes,boot=yes,size=$DISK_SIZE,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-11 AND family!=debian-11-arm64" \
--format="value(name)"),type=pd-ssd
預期的主控台輸出內容:
student@cloudshell:~ SERVER_NAME=ora-xe-01
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
ZONE=us-central1-a
MACHINE_TYPE=e2-standard-2
SUBNET=$PROJECT_ID-vpc-02-$REGION
DISK_SIZE=50
gcloud compute instances create $SERVER_NAME --project=$PROJECT_ID --zone=$ZONE --machine-type=$MACHINE_TYPE --network-interface=subnet=$SUBNET --create-disk=auto-delete=yes,boot=yes,size=$DISK_SIZE,image=projects/debian-cloud/global/images/$(gcloud compute images list --filter="family=debian-11 AND family!=debian-11-arm64" \
--format="value(name)"),type=pd-ssd
Your active configuration is: [cloudshell-3726]
Created [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/ora-xe-01].
WARNING: Some requests generated warnings:
- Disk size: '50 GB' is larger than image size: '10 GB'. You might need to resize the root repartition manually if the operating system does not support automatic resizing. See https://cloud.google.com/compute/docs/disks/add-persistent-disk#resize_pd for details.
NAME: ora-xe-01
ZONE: us-central1-a
MACHINE_TYPE: e2-standard-2
PREEMPTIBLE:
INTERNAL_IP: 10.110.0.2
EXTERNAL_IP: 34.121.117.216
STATUS: RUNNING
建立 Oracle XE
Oracle Express Edition (XE) 將用於測試。請注意,使用 Oracle XE 容器時,必須遵守 Oracle 免費試用條款及細則授權的條款。
使用 SSH 連線至已建立的 VM:
gcloud compute ssh $SERVER_NAME --zone=$ZONE
在 SSH 工作階段中,為 Oracle XE 的 Docker 類型部署必要套件。如要瞭解其他部署選項,請參閱 Oracle 說明文件。
sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg lsb-release
sudo mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -aG docker $USER
預期的控制台輸出內容 (已遮蓋):
student@ora-xe-01:~$ sudo apt-get update sudo apt-get -y install ca-certificates curl gnupg lsb-release sudo mkdir -m 0755 -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin sudo usermod -aG docker $USER Get:1 https://packages.cloud.google.com/apt google-compute-engine-bullseye-stable InRelease [5146 B] Get:2 https://packages.cloud.google.com/apt cloud-sdk-bullseye InRelease [6406 B] ... Setting up git (1:2.30.2-1+deb11u2) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.31-13+deb11u7) ... student@ora-xe-01:~$
登出並重新連線,以重新連線至 VM。
exit
gcloud compute ssh $SERVER_NAME --zone=$ZONE
預期的主控台輸出內容:
student@ora-xe-01:~$ exit logout Connection to 34.132.87.73 closed. student@cloudshell:~ (test-project-002-410214)$ gcloud compute ssh $SERVER_NAME --zone=$ZONE Linux ora-xe-01 5.10.0-26-cloud-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Jan 4 14:51:25 2024 from 34.73.112.191 student@ora-xe-01:~$
在新的 ora-xe-01 工作階段中,執行以下動作:
ORACLE_PWD=`openssl rand -hex 12`
echo $ORACLE_PWD
docker run -d --name oracle-xe -p 1521:1521 -e ORACLE_PWD=$ORACLE_PWD container-registry.oracle.com/database/express:21.3.0-xe
預期的主控台輸出內容:
student@ora-xe-01:~$ ORACLE_PWD=`openssl rand -hex 12` echo $ORACLE_PWD docker run -d --name oracle-xe -p 1521:1521 -e ORACLE_PWD=$ORACLE_PWD container-registry.oracle.com/database/express:21.3.0-xe e36e191b6c298ce6e02a614c Unable to find image 'container-registry.oracle.com/database/express:21.3.0-xe' locally 21.3.0-xe: Pulling from database/express 2318ff572021: Pull complete c6250726c822: Pull complete 33ac5ea7f7dd: Pull complete 753e0fae7e64: Pull complete Digest: sha256:dcf137aab02d5644aaf9299aae736e4429f9bfdf860676ff398a1458ab8d23f2 Status: Downloaded newer image for container-registry.oracle.com/database/express:21.3.0-xe 9f74e2d37bf49b01785338495e02d79c55c92e4ddd409eddcf45e754fd9044d9
請記下 ORACLE_PWD 值,之後用來以使用者系統和 sys 的形式連線至資料庫。
安裝範例結構定義
使用標準人資範例結構定義,在已安裝的資料庫中建立範例資料集。
在同一 SSH 工作階段中:
git clone https://github.com/oracle-samples/db-sample-schemas.git
curl -O https://download.oracle.com/otn_software/java/sqldeveloper/sqlcl-latest.zip
sudo apt-get install -y unzip openjdk-17-jdk
unzip sqlcl-latest.zip
echo 'export PATH=$HOME/sqlcl/bin:$PATH' >>.bashrc
exec $SHELL
預期的主控台輸出內容:
student@ora-xe-01:~$ git clone https://github.com/oracle-samples/db-sample-schemas.git curl -O https://download.oracle.com/otn_software/java/sqldeveloper/sqlcl-latest.zip sudo apt-get install -y unzip openjdk-17-jdk unzip sqlcl-latest.zip echo 'export PATH=$HOME/sqlcl/bin:$PATH' >>.bashrc exec $SHELL Cloning into 'db-sample-schemas'... remote: Enumerating objects: 624, done. remote: Counting objects: 100% (104/104), done. ... inflating: sqlcl/lib/sshd-contrib.jar inflating: sqlcl/lib/sshd-putty.jar inflating: sqlcl/lib/dbtools-sqlcl-distribution.jar student@ora-xe-01:~$
在同一 SSH 工作階段中:
ORACLE_PWD=<your noted password from the previous step>
cd db-sample-schemas/human_resources/
sql system/$ORACLE_PWD@localhost/XEPDB1 @hr_install.sql
輸入 HR 結構定義的密碼 (任何高強度密碼即可),並接受提示中建議的預設資料表空間。
預期的主控台輸出內容:
student@ora-xe-01:~$ ORACLE_PWD=e36e191b6c298ce6e02a614c
student@ora-xe-01:~$ cd db-sample-schemas/human_resources/
sql system/$ORACLE_PWD@localhost/XEPDB1 @hr_install.sql
SQLcl: Release 23.3 Production on Wed Jan 03 14:38:14 2024
Copyright (c) 1982, 2024, Oracle. All rights reserved.
Last Successful login time: Wed Jan 03 2024 14:38:17 +00:00
Connected to:
Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
Thank you for installing the Oracle Human Resources Sample Schema.
This installation script will automatically exit your database session
at the end of the installation or if any error is encountered.
The entire installation will be logged into the 'hr_install.log' log file.
Enter a password for the user HR: ************************
Enter a tablespace for HR [USERS]:
Do you want to overwrite the schema, if it already exists? [YES|no]:
****** Creating REGIONS table ....
Table REGIONS created.
...
Table provided actual
______________ ___________ _________
regions 5 5
countries 25 25
departments 27 27
locations 23 23
employees 107 107
jobs 19 19
job_history 10 10
Thank you!
___________________________________________________________
The installation of the sample schema is now finished.
Please check the installation verification output above.
You will now be disconnected from the database.
Thank you for using Oracle Database!
Disconnected from Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
建立 Oracle FDW 的使用者
為求簡單起見,我們會建立使用者 POSTGRES,與預設的 PostgreSQL 使用者相同。
以使用者 SYS 的身分連線至 Oracle 資料庫:
sql sys/$ORACLE_PWD@localhost/XEPDB1 as sysdba
執行使用者 SYS 時,在 SQL 工作階段中執行 (將 POSTGRES_ORA_PWD 替換成使用者的密碼):
create user postgres identified by POSTGRES_ORA_PWD;
並授予使用者必要權限:
grant connect, select any table to postgres;
grant select on v_$SQL_PLAN to postgres;
grant select on v_$SQL to postgres;
預期的主控台輸出內容:
student@ora-xe-01:~/db-sample-schemas/human_resources$ sql sys/$ORACLE_PWD@localhost/XEPDB1 as sysdba SQLcl: Release 23.3 Production on Wed Jan 03 14:42:37 2024 Copyright (c) 1982, 2024, Oracle. All rights reserved. Connected to: Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production Version 21.3.0.0.0 SQL> create user postgres identified by VeryStrongPassword0011##; User POSTGRES created. SQL> grant connect, select any table to postgres; Grant succeeded. SQL> grant select on v_$SQL_PLAN to postgres; Grant succeeded. SQL> grant select on v_$SQL to postgres; Grant succeeded. SQL>
7. 在虛擬私有雲之間建立 VPN
每個虛擬私有雲中部署的資源只能看到特定網路的內部 IP 位址,且無法連線至其他虛擬私有雲中的任何內部資源。Google Cloud VPN 會在兩個虛擬私有雲之間建立橋接器,讓採用 Oracle 資料庫的 VM 可以從 AlloyDB 執行個體進行連線和連線。VPN 連線包含數個元件,例如 Cloud Router、閘道、VPN 通道和 BGP 工作階段。以下會說明在兩個虛擬私有雲之間,建立高可用 VPN 所需的所有元件。如要進一步瞭解 Google Cloud VPN,請參閱說明文件。
建立路由器和閘道
在兩個虛擬私有雲中建立 Cloud Router 和 VPN 閘道。
在 Cloud Shell 或 Cloud SDK 的終端機中,執行下列指令:
PROJECT_ID=$(gcloud config get-value project)
REGION=us-central1
gcloud compute routers create $PROJECT_ID-vpc-01-router --project=$PROJECT_ID --region=$REGION --network=default --asn=64520 --advertisement-mode=custom --set-advertisement-groups=all_subnets
gcloud compute routers create $PROJECT_ID-vpc-02-router --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 --asn=64521 --advertisement-mode=custom --set-advertisement-groups=all_subnets
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ PROJECT_ID=$(gcloud config get-value project) REGION=us-central1 gcloud compute routers create $PROJECT_ID-vpc-01-router --project=$PROJECT_ID --region=$REGION --network=default --asn=64520 --advertisement-mode=custom --set-advertisement-groups=all_subnets gcloud compute routers create $PROJECT_ID-vpc-02-router --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 --asn=64521 --advertisement-mode=custom --set-advertisement-groups=all_subnets Your active configuration is: [cloudshell-18870] Creating router [test-project-402417-vpc-01-router]...done. NAME: test-project-402417-vpc-01-router REGION: us-central1 NETWORK: default Creating router [test-project-402417-vpc-02-router]...done. NAME: test-project-402417-vpc-02-router REGION: us-central1 NETWORK: test-project-402417-vpc-02
在兩個虛擬私有雲中建立 VPN 閘道:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute vpn-gateways create $PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=default
gcloud compute vpn-gateways create $PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud compute vpn-gateways create $PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=default gcloud compute vpn-gateways create $PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --network=$PROJECT_ID-vpc-02 Creating VPN Gateway...done. NAME: test-project-402417-vpc-01-vpn-gtw INTERFACE0: 35.242.106.28 INTERFACE1: 35.220.86.122 INTERFACE0_IPV6: INTERFACE1_IPV6: NETWORK: default REGION: us-central1 Creating VPN Gateway...done. NAME: test-project-402417-vpc-02-vpn-gtw INTERFACE0: 35.242.116.197 INTERFACE1: 35.220.68.53 INTERFACE0_IPV6: INTERFACE1_IPV6: NETWORK: test-project-402417-vpc-02 REGION: us-central1 student@cloudshell:~ (test-project-402417)$
建立 VPN 通道
我們會為每個虛擬私有雲建立含有一對 VPN 通道的高可用性設定。
在 Cloud Shell 或含有 SDK 的終端機中,執行下列指令:
PROJECT_ID=$(gcloud config get-value project)
SHARED_SECRET=`openssl rand -base64 24`
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0
gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ SHARED_SECRET=`openssl rand -base64 24` gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-01-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-02-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-01-router --vpn-gateway=$PROJECT_ID-vpc-01-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-01 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=0 gcloud compute vpn-tunnels create $PROJECT_ID-vpc-02-vpn-tunnel-02 --shared-secret=$SHARED_SECRET --peer-gcp-gateway=$PROJECT_ID-vpc-01-vpn-gtw --ike-version=2 --router=$PROJECT_ID-vpc-02-router --vpn-gateway=$PROJECT_ID-vpc-02-vpn-gtw --project=$PROJECT_ID --region=$REGION --interface=1 Creating VPN tunnel...done. NAME: test-project-402417-vpc-01-vpn-tunnel-01 REGION: us-central1 GATEWAY: test-project-402417-vpc-01-vpn-gtw VPN_INTERFACE: 0 PEER_ADDRESS: 35.242.116.197 Creating VPN tunnel...done. NAME: test-project-402417-vpc-01-vpn-tunnel-02 REGION: us-central1 GATEWAY: test-project-402417-vpc-01-vpn-gtw VPN_INTERFACE: 1 PEER_ADDRESS: 35.220.68.53 Creating VPN tunnel...done. NAME: test-project-402417-vpc-02-vpn-tunnel-01 REGION: us-central1 GATEWAY: test-project-402417-vpc-02-vpn-gtw VPN_INTERFACE: 0 PEER_ADDRESS: 35.242.106.28 Creating VPN tunnel...done. NAME: test-project-402417-vpc-02-vpn-tunnel-02 REGION: us-central1 GATEWAY: test-project-402417-vpc-02-vpn-gtw VPN_INTERFACE: 1 PEER_ADDRESS: 35.220.86.122
建立 BGP 工作階段
邊界閘道通訊協定 (BGP) 工作階段會藉由交換虛擬私有雲之間可用路徑的資訊,允許動態轉送。
在第一個 (預設) 網路上建立第一組 BGP 對等點。對等點的 IP 位址會用於第二個虛擬私有雲中建立的 BGP。
在 Cloud Shell 或含有 SDK 的終端機中,執行下列指令:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-asn=64521 --region=$REGION
gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-asn=64521 --region=$REGION
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-asn=64521 --region=$REGION gcloud compute routers add-interface $PROJECT_ID-vpc-01-router --interface-name=$PROJECT_ID-vpc-01-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-01-router --peer-name=$PROJECT_ID-vpc-01-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-asn=64521 --region=$REGION Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Creating peer [test-project-402417-vpc-01-vpn-tunnel-01-bgp] in router [test-project-402417-vpc-01-router]...done. Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Creating peer [test-project-402417-vpc-01-vpn-tunnel-02-bgp] in router [test-project-402417-vpc-01-router]...done. student@cloudshell:~ (test-project-402417)$
在第二個虛擬私有雲中新增 BGP:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-01 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION
gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-02 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION
gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ REGION=us-central1 PROJECT_ID=$(gcloud config get-value project) gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-0 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-01 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-01-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-0 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[0].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION gcloud compute routers add-interface $PROJECT_ID-vpc-02-router --interface-name=$PROJECT_ID-vpc-02-router-bgp-if-1 --vpn-tunnel=$PROJECT_ID-vpc-02-vpn-tunnel-02 --ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].peerIpAddress)" --region=$REGION) --mask-length=30 --region=$REGION gcloud compute routers add-bgp-peer $PROJECT_ID-vpc-02-router --peer-name=$PROJECT_ID-vpc-02-vpn-tunnel-02-bgp --interface=$PROJECT_ID-vpc-01-router-bgp-if-1 --peer-ip-address=$(gcloud compute routers describe $PROJECT_ID-vpc-01-router --format="value(bgpPeers[1].ipAddress)" --region=$REGION) --peer-asn=64520 --region=$REGION Your active configuration is: [cloudshell-18870] Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Creating peer [test-project-402417-vpc-02-vpn-tunnel-01-bgp] in router [test-project-402417-vpc-02-router]...done. Updated [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Creating peer [test-project-402417-vpc-02-vpn-tunnel-02-bgp] in router [test-project-402417-vpc-02-router]...done.
將自訂路徑新增至 BGP
現在,我們必須將服務私人 IP 範圍通告至 BGP
在 Cloud Shell 中執行下列指令:
PROJECT_ID=$(gcloud config get-value project)
gcloud compute routers update $PROJECT_ID-vpc-01-router --add-advertisement-ranges=$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") --region=$REGION
gcloud compute networks peerings update servicenetworking-googleapis-com --network=default --import-custom-routes --export-custom-routes
預期的控制台輸出內容 (已遮蓋):
PROJECT_ID=$(gcloud config get-value project) gcloud compute routers update $PROJECT_ID-vpc-01-router --add-advertisement-ranges=$(gcloud compute addresses list --filter="name:psa-range AND network:default" --format="value(address_range())") --region=$REGION gcloud compute networks peerings update servicenetworking-googleapis-com --network=default --import-custom-routes --export-custom-routes ...
8. 在 AlloyDB 中設定 Oracle FDW
我們現在可以建立測試資料庫,並設定 Oracle FDW 擴充功能。我們將使用在第二個步驟中建立的 instance-1 VM,以及 AlloyDB 叢集記下的密碼。
建立資料庫
連線至 instance-1 GCE VM:
ZONE=us-central1-a
gcloud compute ssh instance-1 --zone=$ZONE
在 SSH 工作階段中,執行下列指令:
export PGPASSWORD=<Noted password>
REGION=us-central1
ADBCLUSTER=alloydb-aip-01
INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)")
psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE quickstart_db"
預期的主控台輸出內容:
student@instance-1:~$ export PGPASSWORD=6dd7fKHnMId8RM97 student@instance-1:~$ REGION=us-central1 ADBCLUSTER=alloydb-aip-01 INSTANCE_IP=$(gcloud alloydb instances describe $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --format="value(ipAddress)") psql "host=$INSTANCE_IP user=postgres" -c "CREATE DATABASE quickstart_db" CREATE DATABASE student@instance-1:~$
設定 Oracle FDW 擴充功能
在新建的資料庫中啟用 Oracle FDW 擴充功能。
在同一 SSH 工作階段中執行:
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create extension if not exists oracle_fdw cascade"
預期的主控台輸出內容:
student@instance-1:~$ psql "host=$INSTANCE_IP user=postgres dbname=quickstart_db" -c "create extension if not exists oracle_fdw cascade" CREATE EXTENSION student@instance-1:~$
設定 Oracle FDW
我們持續在相同的 SSH 工作階段中設定 Oracle FDW,以便與 Oracle 資料庫中的 HR 範例結構定義搭配使用。
使用第二個虛擬私有雲中的 Oracle XE VM 內部 IP 位址,建立 FDW 伺服器設定。
在同一個對 instance-1 的 SSH 工作階段中,執行以下動作:
ORACLE_SERVER_IP=$(gcloud compute instances list --filter="name=(ora-xe-01)" --format="value(networkInterfaces[0].networkIP)")
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create server ora_xe foreign data wrapper oracle_fdw options (dbserver '$ORACLE_SERVER_IP:1521/xepdb1')"
預期的主控台輸出內容:
student@instance-1:~$ ORACLE_SERVER_IP=$(gcloud compute instances list --filter="name=(ora-xe-01)" --format="value(networkInterfaces[0].networkIP)") psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create server ora_xe foreign data wrapper oracle_fdw options (dbserver '$ORACLE_SERVER_IP:1521/xepdb1')" CREATE SERVER
將已建立伺服器的使用情況授予 postgres 使用者。
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "grant usage on foreign server ora_xe to postgres"
預期的主控台輸出內容:
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "grant usage on foreign server ora_xe to postgres" GRANT
使用我們為 Oracle 資料庫中使用者設定的密碼,建立 PostgreSQL 使用者與 Oracle 資料庫使用者之間的對應關係。請使用先前建立的 Oracle 使用者 POSTGRES (POSTGRES_ORA_PWD) 密碼。
POSTGRES_ORA_PWD=<your password for the oracle user postgres>
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "CREATE USER MAPPING FOR postgres SERVER ora_xe OPTIONS ( USER 'postgres', PASSWORD '$POSTGRES_ORA_PWD')"
預期的主控台輸出內容:
student@instance-1:~$ POSTGRES_ORA_PWD=VeryStrongPassword0011## student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "CREATE USER MAPPING FOR postgres SERVER ora_xe OPTIONS ( USER 'postgres', PASSWORD '$POSTGRES_ORA_PWD')" CREATE USER MAPPING
9. 搭配使用 Oracle FDW 和心率結構定義
現在,我們可以將 Oracle FDW 與 Oracle 資料庫中的資料搭配使用。
匯入 Oracle HR 結構定義定義
我們會繼續透過 psql 處理 Postgres 用戶端 VM,以便與 AlloyDB 搭配使用。
在 VM SSH 工作階段中,執行下列指令:
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create schema ora_exe_hr";
psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "import foreign schema \"HR\" from server ora_xe into ora_exe_hr";
預期的輸出內容 (已遮蓋):
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "create schema ora_exe_hr"; psql -h $INSTANCE_IP -U postgres -d quickstart_db -c "import foreign schema \"HR\" from server ora_xe into ora_exe_hr"; CREATE SCHEMA IMPORT FOREIGN SCHEMA student@instance-1:~$
測試 Oracle FDW
讓我們執行範例 SQL 陳述式。
連線至資料庫。在 VM SSH 工作階段中,執行下列指令:
psql -h $INSTANCE_IP -U postgres -d quickstart_db
在 PSQL 工作階段中,執行 select 陳述式。
select * from ora_exe_hr.countries limit 5;
預期輸出內容:
student@instance-1:~$ psql -h $INSTANCE_IP -U postgres -d quickstart_db
psql (13.13 (Debian 13.13-0+deb11u1), server 14.7)
WARNING: psql major version 13, server major version 14.
Some psql features might not work.
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
quickstart_db=> select * from ora_exe_hr.countries limit 5;
country_id | country_name | region_id
------------+--------------+-----------
AR | Argentina | 20
AU | Australia | 40
BE | Belgium | 10
BR | Brazil | 20
CA | Canada | 20
(5 rows)
quickstart_db=>
系統會傳回結果,表示設定可正常運作。
您可以對資料表的其他部分進行實驗。
10. 清除環境資源
現在,完成所有工作後,就可以清除環境來清除元件,避免產生不必要的費用。
完成研究室後,請刪除 AlloyDB 執行個體和叢集
刪除 AlloyDB 叢集和所有執行個體
系統會透過選項強制刪除叢集,這也會刪除屬於叢集的所有執行個體。
如果連線中斷,之前的所有設定都會遺失,請在 Cloud Shell 中定義專案和環境變數:
gcloud config set project <your project id>
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
export PROJECT_ID=$(gcloud config get-value project)
刪除叢集:
gcloud alloydb clusters delete $ADBCLUSTER --region=$REGION --force
預期的主控台輸出內容:
student@cloudshell:~ (test-project-001-402417)$ gcloud alloydb clusters delete $ADBCLUSTER --region=$REGION --force All of the cluster data will be lost when the cluster is deleted. Do you want to continue (Y/n)? Y Operation ID: operation-1697820178429-6082890a0b570-4a72f7e4-4c5df36f Deleting cluster...done.
刪除 AlloyDB 備份
刪除叢集的所有 AlloyDB 備份:
for i in $(gcloud alloydb backups list --filter="CLUSTER_NAME: projects/$PROJECT_ID/locations/$REGION/clusters/$ADBCLUSTER" --format="value(name)" --sort-by=~createTime) ; do gcloud alloydb backups delete $(basename $i) --region $REGION --quiet; done
預期的主控台輸出內容:
student@cloudshell:~ (test-project-001-402417)$ for i in $(gcloud alloydb backups list --filter="CLUSTER_NAME: projects/$PROJECT_ID/locations/$REGION/clusters/$ADBCLUSTER" --format="value(name)" --sort-by=~createTime) ; do gcloud alloydb backups delete $(basename $i) --region $REGION --quiet; done Operation ID: operation-1697826266108-60829fb7b5258-7f99dc0b-99f3c35f Deleting backup...done.
現在可以刪除 VM
刪除 GCE VM
請在 Cloud Shell 中執行下列指令:
export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
預期的主控台輸出內容:
student@cloudshell:~ (test-project-001-402417)$ export GCEVM=instance-1
export ZONE=us-central1-a
gcloud compute instances delete $GCEVM \
--zone=$ZONE \
--quiet
Deleted
使用 Oracle XE 刪除 VM
請在 Cloud Shell 中執行下列指令:
SERVER_NAME=ora-xe-01
ZONE=us-central1-a
gcloud compute instances delete $SERVER_NAME \
--zone=$ZONE \
--quiet
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ SERVER_NAME=ora-xe-01
ZONE=us-central1-a
gcloud compute instances delete $SERVER_NAME \
--zone=$ZONE \
--quiet
Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/zones/us-central1-a/instances/ora-xe-01].
student@cloudshell:~ (test-project-402417)$
刪除 VPN 網路
請在 Cloud Shell 中執行下列指令:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-01 --region=$REGION --quiet
gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-02 --region=$REGION --quiet
gcloud compute routers delete $PROJECT_ID-vpc-02-router --region=$REGION --quiet
gcloud compute routers delete $PROJECT_ID-vpc-01-router --region=$REGION --quiet
gcloud compute vpn-gateways delete $PROJECT_ID-vpc-01-vpn-gtw --region=$REGION --quiet
gcloud compute vpn-gateways delete $PROJECT_ID-vpc-02-vpn-gtw --region=$REGION --quiet
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ REGION=us-central1 PROJECT_ID=$(gcloud config get-value project) gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-01 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-01-vpn-tunnel-02 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-01 --region=$REGION --quiet gcloud compute vpn-tunnels delete $PROJECT_ID-vpc-02-vpn-tunnel-02 --region=$REGION --quiet gcloud compute routers delete $PROJECT_ID-vpc-02-router --region=$REGION --quiet gcloud compute routers delete $PROJECT_ID-vpc-01-router --region=$REGION --quiet gcloud compute vpn-gateways delete $PROJECT_ID-vpc-01-vpn-gtw --region=$REGION --quiet gcloud compute vpn-gateways delete $PROJECT_ID-vpc-02-vpn-gtw --region=$REGION --quiet Your active configuration is: [cloudshell-18870] Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleting VPN tunnel...done. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-02-router]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/regions/us-central1/routers/test-project-402417-vpc-01-router]. Deleting VPN Gateway...done. Deleting VPN Gateway...done. student@cloudshell:~ (test-project-402417)$
刪除第二個虛擬私有雲
請在 Cloud Shell 中執行下列指令:
REGION=us-central1
PROJECT_ID=$(gcloud config get-value project)
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-icmp --quiet
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-ssh --quiet
gcloud compute firewall-rules delete default-allow-postgres --quiet
gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-oracle --quiet
gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet
gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet
預期的主控台輸出內容:
student@cloudshell:~ (test-project-402417)$ gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-icmp --quiet gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-ssh --quiet gcloud compute firewall-rules delete default-allow-postgres --quiet gcloud compute firewall-rules delete $PROJECT_ID-vpc-02-allow-oracle --quiet gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-icmp]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-ssh]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/default-allow-postgres]. Deleted [https://www.googleapis.com/compute/v1/projects/test-project-402417/global/firewalls/test-project-402417-vpc-02-allow-oracle]. gcloud compute networks subnets delete $PROJECT_ID-vpc-02-$REGION --region=$REGION --quiet gcloud compute networks delete $PROJECT_ID-vpc-02 --quiet
11. 恭喜
恭喜您完成本程式碼研究室。
涵蓋內容
- 如何部署 AlloyDB 叢集
- 如何連線至 AlloyDB
- 如何設定及部署 Oracle 範例資料庫
- 如何在兩個虛擬私有雲網路之間設定 VPN
- 如何設定 Oracle FDW 擴充功能
12. 問卷調查
輸出: