Enabling Access to a Compute Node Port

This topic does not apply to Oracle Cloud Infrastructure.

MySQL Cloud Service relies on Oracle Compute Cloud Service to provide secure network access to database deployments. You can use the MySQL Cloud Service console to perform network access operations such as enabling access to a port on a compute node, or creating new access rules.

When a database deployment is created, the following access rules are created:

• ora_p2admin_ssh, which controls public-internet access to port 22, the port used by SSH. Enabled by default.

• ora_p2admin_mysql, which controls public-internet access to port 3306, the port used by MySQL. Disabled by default.

• ora_trusted_hosts_mysql, which defines a range of IP addresses with access to port 3306, the port used by MySQL. Enabled by default.

• ora_p2admin_em, which controls access to the default port for MySQL Enterprise Monitor. Disabled by default. To access MySQL Enterprise Monitor, this must be enabled.

Note:

These access rules are system rules. As such, they can be enabled or disabled, but cannot be edited or deleted.

To enable access to a compute node port, you enable the appropriate security rule. When you enable one of the predefined security rules, the given port on the compute node is opened to the public internet. To enable access to a different port, or restrict access to a port, you must create a security rule. For general information about security rules, see Using Oracle Compute Cloud Service.

Enabling Port Access by Enabling an Automatically Created Access Rule

You can use the MySQL Cloud Service console to enable one of the automatically created access rules:

1. Open the MySQL Cloud Service console.

   For detailed instructions, see Accessing MySQL Cloud Service Console.

2. From the menu for the database deployment, select Access Rules.

   The Access Rules page is displayed.

3. Locate the rule you want to enable.

4. From the menu for the located rule, select Enable.

   The Enable Access Rule window is displayed.

5. Select Enable.

   The Enable Access Rule window closes and the rule is displayed as enabled in the list of rules. The given port on the compute node is opened to the public internet.

Enabling or Restricting Port Access by Creating an Access Rule

You can create an access rule to enable ports not associated with a predefined rule, or to restrict access to ports to only permit connections from specific IP addresses:

1. Open the MySQL Cloud Service console.

   For detailed instructions, see Accessing MySQL Cloud Service Console.

2. From the menu for the database deployment, select Access Rules.

   The Access Rules page is displayed. For information about the details provided on this page, see MySQL Cloud Service Access Rules Page.

3. Click Create Rule. In the Create Access Rule dialog, enter the following information.

   • Rule Name: Any name to identify this rule. Must start with a letter, followed by letters, numbers, hyphens, or underscores. Cannot start with ora_ or sys_.

   • Description: Any description of your choice (optional).

   • Source: The hosts from which traffic should be allowed. Choices are:

     • PUBLIC-INTERNET: The public-internet IP List.

     • custom: A custom list of addresses from which traffic should be allowed. In the field that displays below when you select this option, enter a comma-separated list of the subnets (in CIDR format) or IPv4 addresses for which you want to permit access.

   • Destination: The security list to which traffic should be allowed. The only option is mysql_MASTER.

   • Destination Port(s): The port or range of ports you want to open. Specify a single port, such as 5001, or a range of ports separated by a hyphen, such as 5001-5010.

4. Click Create.

   The Create Access Rule dialog closes and the rule is displayed in the list of rules. New rules are enabled by default.

   Tip:

   If necessary, adjust the number of results displayed on the Access Rules page so you can see the newly created rule.