Setup an Oracle Cloud Infrastructure (OCI) Cloud Profile

ScaleGrid allows you to deploy your MySQL, PostgreSQL, Redis™ and MongoDB® database clusters onto your existing Oracle Cloud Infrastructure (OCI) account in your subscribed region.

Identity and Access setup

You need to create an OCI user with API key and then add it into a new OCI group. Then create a tag namespace called ScaleGrid in your home region root tenancy. Moreover, you need to create policy rules in your root compartment and compartment(s) which deploy ScaleGrid database server(s). Finally, you must have at least 1 VCN with a public or private subnet which has a route to Internet and a network security group for creating a cloud profile in ScaleGrid.

Step 1: Setup a user, API key & group for ScaleGrid

Create a user

Steps to create a user:

1. Go to Identity & Security > Users page.

2. Click the Create User button to create a new user.

Add user API key

Before adding the API key, you need to generate an API signing key. Please keep your public and private keys in a safe place. We need both keys in later steps.

Steps to add user API key

1. Login to OCI Console.
2. Select your Home Region.

3. Go to Identity & Security > Users page

4. Click the user that you have created in the previous step.
5. Click API Keys under the Resources section on the bottom left of the page.

6. Click the Add API Key button select the PASTE PUBLIC KEYS radio button then paste your public key into the PUBLIC KEY text area.
7. Click the Add button.
8. Please copy the Fingerprint form the API Keys section. We will need this to create the cloud profile in ScaleGrid.

Create a group

Steps to create a group:

1. Login to OCI Console.
2. Select your Home Region

3. Go to Identity & Security > Groups page.

4. Click the Create Group button to create a new group

Add user to group

Steps to add user into the group:

1. Go to Identity & Security > Groups page.
2. Click the group that you have created in the create group step.
3. Click the Add User to Group button.
4. Select the user that you have created in the create user step then click the Add button.

Step 2: Setup ScaleGrid tag namespace and compartment(s)

You need to have a Tag namespace called ScaleGrid in your root tenancy. You can skip this step if you already have the ScaleGrid tag namespace created.

Create tag namespace

Steps to create tag namespace

1. Go to Governance & Administration > Tag Namespaces page.

2. Click the Create Namespace Definition button.
3. Fill in the following information in Create Namespace Definition dialog box:
   --Select your root compartment from CREATE IN COMPARTMENT dropdown.
   --Enter ScaleGrid in NAMESPACE DEFINITION NAME text box.
   --Enter For ScaleGrid in DESCRIPTION text box.

4. Click the Create Namespace Definition button.
5. Go back to the Tag Namespaces page and click the ScaleGrid tag namespace.

6. Click the Create Tag Key Definition button.
7. Fill in the following information in Create Tag Key Definition dialog box:
   --Enter DBProvider in TAG KEY text box.
   --Enter For ScaleGrid in DESCRIPTION text box.
8. Click the Create Tag Key Definition button.

Create a compartment

Steps to create a compartment

1. Go to Identity & Security > Compartments page.
2. Click the Create Compartment button.
3. Fill in both Name and Description then select your root compartment.

4. Click the Create Compartment button.

Step 3: Setup ScaleGrid IAM Policy for Compartment & tag namespace

Create a root tenancy policy

Steps to create a root tenancy policy

1. Login to OCI Console.
2. Select your Home Region.

3. Go to Identity & Security > Policies page.

4. Select root compartment from COMPARTMENT dropdown in List Scope section.

5. Click the Create Policy button.
6. Fill in the following information:
   --Enter ScaleGrid in the NAME text box.
   --Enter For ScaleGrid in the DESCRIPTION text box.
   --Select your root compartment.
   --Click Show manual editor in Policy Builder box.

🚧

Root tenancy policy rules for ScaleGrid

Replace <Group name> with the group name that you have created in the previous step.

Allow group <Group name> to inspect compartments in tenancy
Allow group <Group name> to use tag-namespaces in tenancy

7. Click the Create button.

Create a compartment policy

Steps to create a compartment policy for ScaleGrid

1. Go to Identity & Security > Policies page.

2. Select the compartment for your ScaleGrid cloud profile from COMPARTMENT dropdown in List Scope section.

3. Click the Create Policy button.
4. Fill in the following information:
   --Enter a policy name in the NAME text box.
   --Enter For ScaleGrid in the DESCRIPTION text box.
   --Select your compartment (not root).
   --Click Show manual editor in Policy Builder box

🚧

Compartment policy rules for ScaleGrid

Replace <Group name> with the group name that you have created in the previous step.
Replace <Compartment name> with the compartment of your choice, but not root.

Allow group <Group name> to inspect vcns in compartment <Compartment name>
Allow group <Group name> to inspect route-tables in compartment <Compartment name>
Allow group <Group name> to read instance-images in compartment <Compartment name>
Allow group <Group name> to read app-catalog-listing in compartment <Compartment name>
Allow group <Group name> to use vnics in compartment <Compartment name>
Allow group <Group name> to use vnic-attachments in compartment <Compartment name>
Allow group <Group name> to use subnets in compartment <Compartment name>
Allow group <Group name> to manage volume-attachments in compartment <Compartment name>
Allow group <Group name> to use volumes in compartment <Compartment name> where target.resource.tag.ScaleGrid.DBProvider = 'ScaleGrid'
Allow group <Group name> to inspect volumes in compartment <Compartment name>
Allow group <Group name> to manage volumes in compartment <Compartment name> where request.operation = 'CreateVolume'
Allow group <Group name> to manage volumes in compartment <Compartment name> where  target.resource.tag.ScaleGrid.DBProvider = 'ScaleGrid'
Allow group <Group name> to manage volume-backups in compartment <Compartment name> where request.operation = 'CreateVolumeBackup'
Allow group <Group name> to manage volume-backups in compartment <Compartment name> where target.resource.tag.ScaleGrid.DBProvider = 'ScaleGrid'
Allow group <Group name> to read volume-backups in compartment <Compartment name>
Allow group <Group name> to manage instances in compartment <Compartment name> where ANY { request.operation = 'LaunchInstance', request.permission = 'INSTANCE_UPDATE', target.resource.tag.ScaleGrid.DBProvider = 'ScaleGrid'}
Allow group <Group name> to inspect instances in compartment <Compartment name>
Allow group <Group name> to use network-security-groups in compartment <Compartment name>
Allow group <Group name> to manage network-security-groups in compartment <Compartment name> where request.operation = 'AddNetworkSecurityGroupSecurityRules'

5. Click the Create button.

Step 4: Setup VCN, Subnet(s), NSG & Gateway(s)

You need to have 1 VCN with a public or private subnet which has a route to Internet and a network security group for creating a cloud profile in ScaleGrid.

Create VCN, Subnet and Route using VCN Wizard

The easiest way to create a virtual cloud network (VCN), public & private subnets, and default route is to use OCI console Start VCN Wizard.

Steps to create VCN, Subnet and Route

1. Login to OCI console.
2. Select your region.

3. Go to Networking > Virtual Cloud Networks page.

4. Select your compartment under the List Scope section from the left bottom page.

5. Click the Start VCN Wizard button.

6. Select VCN with Internet Connectivity radio button then click the Start VCN Wizard button.

7. Fill in the VCN name and select your compartment created in the previous step.

8. Click the Next button.
9. Click the Create button.

Subnet Route to Internet

All database clusters’ nodes (VMs) by ScaleGrid must have internet access.
For public subnet, it must have a route rule to the Internet Gateway.
For private subnet, it must have a NAT Gateway.

Steps to check public subnet has route to Internet

1. Go to Networking > Virtual Cloud Networks page.
2. Select your compartment under the List Scope section from the left bottom page.

3. Click your VCN.
4. Click Subnets under the Resources section from the left.

5. Click your public subnet.
6. Click the Route Table link.

You should expect to see an Internet Gateway route rule.

If you don’t have the above route rule then please create an internet gateway and add the route rule to your subnet route table. You can find more details from here.

Steps to check private subnet has route to Internet

1. Go to Networking > Virtual Cloud Networks page.
2. Select your compartment under the List Scope section from the left bottom page.

3. Click your VCN.
4. Click Subnets under the Resources section from the left.

5. Click your private subnet.
6. Click the Route Table link.

You should expect to see a NAT Gateway route rule.

If you don’t have the above route rule then please create a NAT gateway and add the route rule to your subnet route table. You can find more details from here.

Create Network Security Group

Steps to create network security group

1. Go to Networking > Virtual Cloud Networks page.
2. Select your compartment under the List Scope section from the left bottom page.

3. Click your VCN.
4. Click Network Security Groups under the Resources section from the left.

5. Click the Create Network Security Group button and follow the instructions.

Required OCI information for creating ScaleGrid Cloud Profile

You need to provide the following information to create a ScaleGrid Cloud Profile.

1. Region - A subscribed region in OCI where you wanted to deploy your database cluster.
2. Tenancy OCID - Tenancy Oracle Cloud Identifier (OCID) is an Oracle-assigned unique ID of your tenancy.
3. User OCID - User OCID is a unique ID of the user that you have created in the previous step.
4. User API Fingerprint - See Add user API key section for more information.
5. Compartment OCID - The compartment where your database cluster will be hosted. The compartment OCID can be found in Identity > Compartments > Compartment Details page.
6. User API Private Key - The private key that you have created in the Add user API key section.
7. VCN, Subnet and Network Security Group - You should have created at least one VCN with a Subnet and Network Security Group in your compartment for database clusters.