This is an almighty long post, because it walks you step-by-step through the setup of Pluggable Database as a Service (PDBaaS) in Enterprise Manager 188.8.131.52 so there are a lot of screenshots. The actual setup doesn’t take long at all, so don’t be put off by the length of the post. 🙂 Just as a bit of enticement, there is also a way this can be done without going through the process I outline below, but you will need to understand this process first. So persevere with this, and I’ll reward you with another separate post of how this can done more simply! 😉
With the introduction of Oracle Database 12c multitenant architecture, the latest consolidation model to look at is PDBaaS. A pluggable database (PDB), which can be described as portable sets of schemas, schema objects, and related structures that appear logically to an application as a separate database, provides enhanced database consolidation. Users can perform day-to-day actions like provisioning, monitoring and backup, all from a single self-service console. This is complemented by metering and showback / chargeback capabilities that provide visibility and transparency into resource consumption by each user.
The steps to set up PDBaaS can be broadly outlined as:
- Enable DBaaS, including setting up the Software Library, privileges and users.
- Set up one or more PaaS Infrastructure Zones.
- Create a database pool for PDBaaS
- Configure request settings.
- Define quotas for each self service user.
- Create a database provisioning profile. This step is optional and is not required if you are creating an empty pluggable database.
- Create a service template, either for an empty pluggable database (i.e. created with an empty schema), or a pluggable database from a profile: (where you can import schemas from a database provisioning profile, including applications with data such as eBusiness applications).
- Configure Chargeback.
- While deploying a database, select the service template that you have created.
Let’s look at the details.
Cloud administrators configure the PDBaaS cloud, define cloud governance with policies and quotas, expose it to certain users, and decide the total amount of resources each user can reserve before the Self Service Portal can be used.
The first step in the process requires the Software Library to be configured. The Software Library is a repository that stores software patches, virtual appliance images, reference gold images, application software, and their associated directive scripts. It allows different versions, maturity levels, and states of entities. The software entities can be automatically mass-deployed to provision software, software updates, and servers using Enterprise Manager in a reliable and repeatable manner. These provisioning operations, which are unattended and can be scheduled, lead to substantial cost savings.
Besides acting as a repository for certified software entities, the Software Library is a logical interface between the deployment models and the automation framework required to perform a large number of patching and provisioning tasks. To configure the storage location for the Software Library, follow the path Setup → Provisioning and Patching → Software Library and set a location for the OMS Shared File System, as shown below:
Defining Roles and Assigning Users
Roles are named groups of related system and object privileges. You can create roles and then assign them to users and to other roles. You can assign any of the existing roles and the associated privileges to a new role.
When creating Database Zones and Service Templates, selective access can only be granted to custom roles. The Self Service Portal is intended for end-users to be able to provision and manage their own cloud services. As such, end-users need only access to the Self Service Portal and the resources they are assigned. Such capabilities are inherent in the pre-defined EM_SSA_USER role. Since pre-defined roles cannot be assigned to Database Zones and Service Templates, you need to create a custom Cloud User role based on the standard EM_SSA_USER role. To do this, follow the path Setup → Security → Roles:
As of the date I am writing this (mid-July 2014), don’t use the “Create Like” button in EM184.108.40.206 to create a role like the EM_SSA_USER role. It maps the wrong role to the role you are creating. I’ve logged a bug on this but don’t have a FixBy date yet. Click the Create button instead to workaround this:
Provide a name such as “DBaaS_Cloud_Users” and description and click “Next”:
Select the EM_SSA_USER role, then click the “Move” button to move the role to the list of Selected Roles, and then click “Review” (we don’t need the remaining wizard steps so they can be skipped):
Check all the details are correct and click “Finish” to create the role:
You should then see a confirmation that the role has been created successfully:
It is highly recommended that each end-user should have its own Cloud User credentials, to allow for effective monitoring of services and resource utilization, so the next step is to create an end-user and grant it the DBaaS_Cloud_Users role. To do this, follow the path Setup → Security → Administrators:
You can either select another administrator and click “Create Like” or just click “Create”. I find it easier to do the latter as you don’t need to remove any extraneous privileges that “Create Like” can bring with it:
Provide a username (I used DBAAS in this example) and password, and click “Next”:
Select the “DBAAS_CLOUD_USERS” role you just created, click the “Move” button to add it to the Selected Roles list and click “Review” (again, the remaining wizard steps are not needed):
Review the details to make sure they are correct, then click “Finish” to create the DBAAS administrator:
You should see a confirmation message that the administrator was created successfully:
Creating a PaaS Infrastructure Zone
Before you enable or setup DBaaS or MWaaS, you must create a PaaS Infrastructure Zone that allows you to define the placement policy constraints for a specified set of targets and the users to whom this zone will be available. To create a PaaS Infrastructure Zone, you must login using an account that has been granted the EM_CLOUD_ADMINISTRATOR role. Once you’ve done this, follow the path To do this, follow the path Setup → Cloud → PaaS Infrastructure Zone:
On the PaaS Infrastructure Zone page, click the “Create” button:
Provide a name and optionally a description for the zone, determine placement policy constraints per host (i.e. maximum CPU utilization and maximum memory allocation allowed) and click “Next”:
If you already have a named credential defined for the hosts you are about to add, select it from the “Named Credential” drop-down list or click the “+” sign to create a new named credential:
Enter the username and password for the named credential, optionally provide Run Privilege (such as sudo), give the named credential a meaningful name and click “OK”:
Now add the host(s) you will be putting in this PaaS infrastructure zone by clicking “Add”:
You can either search for the host name(s) or just select them from the list. This is a multi-select screen so you can select multiple rows by holding down the Shift key as you select, then click “Select”:
Now that you’ve added one or more hosts, you can select the named credential you defined earlier and click “Test Credential” to check it works (actually, I think this screen should be redesigned and the Credentials part put AFTER the Targets part, but let’s just work with what we have!):
You should get an informational message that the credential test succeeded (if not, you will need to exit the Create PaaS Infrastructure Zone wizard and follow the path Setup → Security → Named Credentials to fix it, so it’s best to get it right the first time!). Click “OK” to acknowledge the message:
Click “Next” to move to step 3 of the wizard:
The zone can be made available to a restricted set of users by selecting the role(s) that can access it. We need to add the role we created earlier, so click the “Add” button:
Select the DBAAS_CLOUD_USERS role, and then click “Select”:
Click the “Next” button:
Finally, review the details and click “Submit” to create the PaaS infrastructure zone:
You should now see a message that the PaaS Infrastructure Zone was created successfully:
Creating a Database Pool
A database pool is a collection of servers or clusters with pre-installed database software. Each server in a database zone has identical platform and database versions. For servers that support multiple ORACLE_HOME’s with different versions, a separate database zone must be created for each database version.
To create a database pool, follow the path Setup → Cloud → Database to go to the Database Cloud Self Service Portal Setup page:
From here, select “For Pluggable Database” from the “Create…” dropdown:
Provide a name and optionally a description for the new pool. If you already have named credentials defined for this environment, you can simply select them from the dropdown lists to the right, but if not, click the “+” sign to create a named credential for the host:
Enter a username and password for the credential, optionally provide the run privilege (e.g. sudo), give the credential a meaningful name and click “OK”:
Likewise you can provide a named credential for the Grid Infrastructure (if you are going to use it) and for the database. You can also specify a container database wallet password if you want to support encryption for the pluggable database that will be created (I normally provide this regardless because it saves coming back to redo this later if you change your mind). Next, we need to add one or more container databases to the pool from a single PaaS Infrastructure Zone. The filters we select here cannot be changed once the pool is created, so select these carefully. I’ve chosen the East Coast Zone we just created, a target type of database instance (the other choice is a RAC environment but this example is being built in non-clustered configurations), and set the platform and database version correctly. Then click “Add”:
The “Select and Add Targets” pop-up provides a list of already existing databases, so I simply select the cdb1 container database and click “Select”:
Click the “Next” button:
If you want to set maximum ceilings for resource utilization, you can do it on this screen. I’m just going to leave it at the defaults in this example and select “Submit”:
You should see a message saying the pool has been created successfully. Next I want to add some settings to restrict the scope for database requests, so I click “Request Settings”:
In this case I want to change the request purging duration (the period of time after which completed creation requests will be purged from the repository) to 3 days, so I change that and click “Apply”:
Again, you should see a confirmation message. Next, I want to add quota – the aggregate amount of resources that can be granted to each self service user belonging to a certain role. This quota only applies to databases provisioned through the Self Service Portal. To do this, click “Quotas”:
Click on the “Create…” button to create a new quota (or use an already existing one):
Provide a role name and quota for the amount of memory and storage, as well as the number of database requests, schema service requests and pluggable database service requests, then click “OK”:
Next we want to configure profile and service template definitions that can be used by self service users to provision databases in selected zones. Click “Profiles and Service Templates”:
A database provisioning profile is not needed when creating an empty pluggable database, but I’ll walk you quickly through the steps anyway. Click the “Create…” button to create a database provisioning profile:
Click the magnifying glass to search for a reference target:
Select the cdb1 container database and click “Select”:
Provide the relevant named credentials and click “Next”:
Since we are creating a profile with structure only, step 2 of the wizard is skipped. On step 3, you can change the profile name, path and the scheduling, but for now I’m just going to click “Next”:
Review the information and click “Submit” to create the profile:
You can change the page to refresh every 30 seconds on the right, and you should fairly quickly see that the profile has been created successfully:
Now we need to create a service template so follow the path Setup → Cloud → Database to go to the Database Cloud Self Service Portal Setup page again, then click “Profiles and Service Templates” and then click “For Pluggable Database” from the “Create…” dropdown:
We’re going to create a new service temple to provision an empty pluggable database, so provide a name and optionally a description, select “Create Empty Pluggable Database” if not already selected then click “Add”:
In this case I want to use the East Coast PaaS Infrastructure Zone I created earlier so select that row then click “Select”:
Now that the zone is added I also want to assign a pool to the template by clicking “Assign Pool”:
Select the “DB12c Pool” created earlier, then click “Select”:
Now I want to add a prefix to the pluggable database name, so I choose something deeply meaningful like “ORCL” 😉 and click “Next”:
On the “Configurations” page, you can set up the following parameters for the PDB service template:
- Workload – Here you can setup different workload sizes (e.g. small, medium and large) based on the CPU, memory, number of sessions and storage requirements of a particular PDB service. These workload sizes can be chosen by the Self Service user at request time
- Role – This is the database role that will be associated with the PDB for the service that will give it control over the service
- Storage – A number of tablespaces can be created for each PDB. This is where you set up the storage requirements for those tablespaces such as initial size
Firstly let’s create a workload. Click “Create”:
In this case, I’m creating a small workload, so name the workload appropriately, optionally add a description, set values for the number of CPU cores, amount of memory, number of sessions and amount of storage allowed for the workload and click “Create”:
Back on the “Configurations” page, provide a more meaningful name for the role that will be created, leave the other values at their default and click “Next”:
On the next screen, I can set specific initialization parameters for databases created using this template. For now, I’ll leave that alone and click “Next”:
On the next page, I can specify custom scripts that will be executed either before and after creating the PDB, or before and after deleting the PDB. Again, I’ll leave that at the defaults and click “Next”:
On the “Roles” step, click the “Add” button:
Select the “DBAAS_CLOUD_USERS” role, then click “Select”:
Review the template details, and click “Create”:
You should get a message confirming the template was create successfully:
We’ll leave chargeback for another time.
So there you have it. I warned you it would be a long post! Now we have PDBaaS set up. In another post, I’ll take you through using all of this in the Self Service Portal.