Add a Cloud Service Database
With a private endpoint defined, you are ready to add a database that uses that endpoint. You can add databases from the Private Endpoint Details page or from the Database Fleet Administration page.
Before adding a database make sure you run the best practice script steps for Ops Insights databases outlined in OCI : Best Practices / Troubleshooting Guide For Monitoring Databases In Ops Insights (Doc ID 2942938.1). It is strongly recommended the script be run every 6 months or if any databases are missing the storage or tablespace data.
If you are onboarding an Exadata Cloud Service database, see Add an Exadata Database Service on Dedicated Infrastructure.
If you are onboarding an Exadata Database Service on Cloud@Customer System, see Add an Exadata Database Service on Cloud@Customer Service System.
- From the Ops Insights main menu, click Administration and then Database Fleet. Alternatively, navigate to a Private Endpoint Details page.
- Click Add Databases. The Add Databases to Ops Insights dialog displays.Note
When deprecated policies are detected, Policy Advisor will display a banner requiring a policy update to the new CRISP format, to update click on Update prerequisites polices button. For more information on deprecated policies see: Service Principal Policy Removal. - For Telemetry select Cloud Infrastructure.
- Under Choose a cloud database type, select Bare metal, VM and Exadata. The Select Database region displays.
- Enter the required database selection information:
- Database Type: Choose either Bare Metal, Virtual Machine or ExaDB-D. For each database type, there are different resources that can be specified:
- For Bare metal, VM you can only add database systems
- For ExaDB-D, you can only add VM Clusters
- Database system: Select a database system (Bare Metal, VM Clusters for ExaDB-D) from the current compartment. If needed, you can change compartments by clicking on (Change compartment).
- Database Home: Select a database home (system or cluster). All database homes in the database system are available in the drop-down selector.
- Database: Select a database from the database home. Databases are identified as either container or non-container. If you select a container database, you’ll be provided with the option of selecting all PDBs in the container or a single PDB.
Note
When PDBs are added or removed from the DB System or VM Cluster, they will automatically be enabled or disabled:- When performing disable, you should simply select the CDB and disable that target alone. That will disable all the PDBs as well.
- When performing a delete, you should simply select the CDB and disable that target alone. That will disable all the PDBs as well.
- If you previously disabled the CDB (and thus all the PDBs) and you want to re-enable Ops Insights, you should do so just on the CDB resource.
- Pluggable Database (optional): When a container database is selected, you can select all PDBs or a single PDB.
- Service Name: If no pluggable database was specified above, enter the service name corresponding to the container database (CDB). If one was specified, enter the service name corresponding to the specified pluggable database.
- Protocol:Select either TCP (default) or TCPS, depending on your configuration.
Note
If Oracle Data Guard is enabled on a Bare Metal or Virtual Machine DB system after Database Management was enabled for it using the TCPS protocol, then TCPS will have to be reconfigured. Enabling Oracle Data Guard is causing TCPS configuration to be overwritten, and it's recommended that TCPS is configured on a Bare Metal or Virtual Machine DB system after enabling Oracle Data Guard. - Port: Enter the port number, the default Oracle recommended TCP port is 1521.
- Database Wallet Secret (only for TCPS): When using a TCPS connection protocol a database wallet secret is required. Select the corresponding secret from the drop down list or click Create new wallet secret to create a new secret, the Create database wallet secret window appears.
In the Create database wallet secret enter the following information:
- Name: Wallet secret name.
- Description (optional): Description for the wallet.
- Create in compartment: Database compartment where the wallet will be used.
- Vault: Vault within the compartment where the wallet will be stored.
- Encryption key: Encryption key to be used, select from drop down menu.
- Wallet format:
- For Java key store (JKS files) wallets the following is additionally required:
- Key store password: Enter the key store password for the Java key store wallet..
- Key store content: Drag the JKS file into the Ops Insights UI from a local machine.
- Trust store password: Enter the Trust store password required for the Java key store wallet.
- Trust store content: Drag the Trust score JKS file into the Ops Insights UI from a local machine.
- For PKCS#12 (P12 files) wallets the following is additionally required:
- Wallet password: Enter the required PKCD#12 wallet password.
- PKCS#12 wallet content: Drag the P12 file into the Ops Insights UI from a local machine.
- For Java key store (JKS files) wallets the following is additionally required:
- Certificate DN: Enter the certificate chain to be used.
- Database Type: Choose either Bare Metal, Virtual Machine or ExaDB-D. For each database type, there are different resources that can be specified:
- Specify credentials for the connection: Choose the credentials to be used for the connection, you use IAM or local database credentials. If no pluggable database (PDB) was specified above, enter the common user name for the CDB and all the PDBs and choose the secret corresponding to the password for the container database (CDB) user. If an individual PDB was specified, enter the user name and choose the corresponding secret for the specified pluggable database.
NoteTo create a new secret, click Create New Secret.
For Government realms, the password for the database user monitoring the Oracle Cloud Database must meet the following Federal Information Processing Standards (FIPS) requirements:- Password length must be between 14 to 127 characters.
- Password must have at least two lowercase, two uppercase, two digits, and two special characters.
NoteFor more information, see Overview of Vault .
In order to create a secret within OCI Vault, the encryption key being used must be set as follows: Click on Key Shape: Algorithm, and select:AES. Advanced Encryption Standard (AES) keys are symmetric keys that you can use to encrypt data at rest.Key types, like RSA and ECDSA will not work for encrypting data at rest and are not recommended for Ops Insights operations. For more information see: Creating a Master Encryption Key.
To change the monitoring user or secret reference, you need to disable the database and then re-enable it (upon re-enable a pop-up displays to allow you to make changes).
- Private endpoint informationSelect a Private endpoint that has network access to this database via a VCN.
To create a new private endpoint, click Create New Endpoint to access the Private Endpoint Administration page. For more information about creating private endpoints, see Create a Private Endpoint.
- Click Add Databases. The newly added database will appear in the Database Fleet Administration page as well as the Private Endpoint Details page.
Change a TCPS Cloud Service Database to TCP
You can change a TCPS monitored cloud database to a default TCP connection, first disable the database by clicking the three dot action menu for the database you want to edit. Once disabled click on Edit Connection Details, select TCP as the protocol and update the port number. Once complete re-enable the database.
You can also change a TCP monitored database to a TCPS connection by clicking the three dot action menu for the database you with to edit, disabling the database, click on Edit Connection Details, select TCPS as the protocol and update the port number. Once complete re-enable the database.