Clone a DB System

This article provides the details and procedure to clone a DB system.

Cloning creates a copy of a source DB system as it exists at the time of the cloning operation, including the storage configuration software and database volumes. When creating a clone, you can specify a new SSH key and admin password.

General Information

  • To clone a DB system that has a Data Guard association, initiate the operation from the primary DB system. The clone operation does not clone Data Guard associations themselves, or Data Guard connections.
  • When cloning a DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database. For information on using customer-managed keys, see Manage Encryption Keys.
  • The SSH keys selection only applies to this clone and does not affect the source DB system.
  • The license type selection only applies to this clone and does not affect the source DB system.
  • The clone can use a different VCN and subnet from the source DB system.
  • If the clone is created in a different subnet from the source, the same host name can be used for both the clone and the source DB system.
  • The TDE wallet password is inherited from the source DB system for databases using Oracle-managed encryption keys. When cloning a DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database.

Limitations

  • When cloning a DB system that uses Real Application Clusters (RAC), a new Oracle Grid Infrastructure (GI) configuration is created. The new GI is required to avoid conflicts with the source DB system. Therefore, the clone DB system does not include the following from the source system:
    • manually added clusterware resources,
    • database application services,
    • customized settings from the source database, such as environment variables,
    • manually added application IP addresses (application virtual IPs),
    • additional listener ports (such as those configured for Transport Layer Security or other purposes),
    • or any other resource or customization that is not present after the creation of a new DB system
  • Cloning a RAC DB system takes longer than cloning a single-node DB system due to the time needed to create a new GI stack. Expect a RAC DB system cloning operation to take at least an hour.
  • For DB systems using Oracle Automatic Storage Management (ASM), the GI software must be 19.9 or later.
  • Cloning is not currently supported for DB systems using Oracle Database 21c with Oracle Automatic Storage Management.
  • You can't clone a DB system in a security zone to create a DB system that isn't in a security zone. See the security zone policies topic for a full list of policies that affect Database service resources.

For more information, see Oracle Automatic Storage Management and Security Zone Policies.

Procedure

Perform the following steps to clone a DB system using the OCI Console:

  • On the DB Systems list page, select the DB system that you want to work with. If you need help finding the list page or the DB system, see List the DB Systems.
  • On the DB system details page, from the Actions menu, select Clone.

Basic details

  • DB system name: Enter a name for the DB system. Avoid entering confidential information. OCI assigns an unique Oracle Cloud Identifier (OCID) to the DB system, so the name you enter can be nonunique.
  • Compartment: Select a compartment for your new DB system from the list. By default, the current compartment is selected.
  • SSH keys: Add the public key portion of each key pair you want to use for SSH access. Select one of the following options:
    • Generate SSH key pair: Use this option to create a new SSH key pair. Select both Save private key and Save public key when using this option. The private key is downloaded to your local system and must be stored in a safe location. You cannot download another copy of the private key generated during this operation after completing the operation.
    • Upload SSH key files: Select this option to browse or drag and drop your existing public key (.pub) files.
    • Paste SSH keys: Select this option to paste in individual public keys. To paste multiple keys, select + Another SSH key and supply a single key for each entry.
  • License type: The type of license you want to use for the DB system. Your choice affects metering for billing.
    • License included means the cost of this OCI Database service resource will include both the Oracle Database software licenses and the service.
    • Bring Your Own License (BYOL) means you will use your organization's Oracle Database software licenses for this OCI Database service resource. For more information, see Bring Your Own License.

Network information

  • Select Compartment to select a VCN in a different compartment.
  • Virtual cloud network: From the list, select a VCN in which to create the DB system. Select Change compartment to select a VCN in a different compartment.
  • Select Compartment to select a subnet in a different compartment.
  • Client subnet: The subnet to which the DB system attaches. For both single-node and multi-node RAC DB systems, do not use a subnet that overlaps with 192.168.16.16/28, which is used by the Oracle Clusterware private interconnect on the database instance. Specifying an overlapping subnet causes the private interconnect to malfunction.

    Choose a dual stack subnet if you want to configure the DB system with both IPv4 and IPv6 addresses.

  • Network security groups: Optionally, you can specify one or more network security groups (NSGs) for your DB system. NSGs function as virtual firewalls, enabling you to apply a set of ingress and egress security rules to your DB system. A maximum of five NSGs can be specified.

    For more information, see Access and Security and Security Rules for the DB System.

    Note:

    If you select a subnet with a security list, the security rules for the DB system will be a union of the rules in the security list and the NSGs.
    To use network security groups:
    • Switch on the Use network security groups to control traffic toggle. Note that you must have a virtual cloud network selected to be able to assign NSGs to your DB system.
    • Specify the NSG to use with the DB system. You may need to use more than one NSG. If you're not sure, contact your network administrator.
    • To use additional NSGs, select + Another network security group.
  • Hostname prefix: Enter a hostname prefix for the DB system. The host name must begin with an alphabetic character and can contain only alphanumeric characters and hyphens (-). The maximum number of characters allowed is 16.

    Caution:

    The host name must be unique within the subnet. If it is not unique, the DB system will fail to provision.
  • Host domain name: The domain name for the DB system. If the selected subnet uses the Oracle-provided Internet and VCN Resolver for DNS name resolution, then this field displays the domain name for the subnet, and it can't be changed. Otherwise, you can provide your choice of a domain name. Hyphens (-) are not permitted.
  • Host and domain URL: Combines the host and domain names to display the fully qualified domain name (FQDN) for the database. The maximum length is 64 characters.
  • Private IP type: Optionally, for non-RAC DB systems, you can define the IP address of the new DB system. This is useful in development contexts where you create and delete a DB system over and over, and you need each new iteration of the DB system to use the same IP address. If you specify an IP address that is currently in use within the subnet, the provisioning operation will fail with an error message regarding the invalid IP address.

    If a dual stack subnet is selected, then both IPv4 and IPv6 address options are displayed.

    • IPv4 address: You can either automatically assign an IPv4 address or enter it manually.
      • Select the Automatically assign IPv4 addresses from subnet option to assign an address automatically.
      • Select the Manually assign IPv4 addresses option to manually enter a private IP address. The IP address should be within the subnet CIDR range.
    • IPv6 address: You can either automatically assign an IPv6 address or enter it manually.
      • Select the Automatically assign IPv6 addresses from subnet option to assign an address automatically.
      • Select the Manually assign IPv6 addresses option to manually enter an IP address. The IP address should be within the subnet CIDR range.

Diagnostics collection

The diagnostics collection and notifications feature enables Oracle Cloud Operations and you to identify, investigate, track, and resolve guest VM issues quickly and effectively. Subscribe to events to get notified about resource state changes. You can enable or disable this feature at anytime.

By default the options are selected for enabling. However, you can select to uncheck the diagnostic collection check boxes if you do not require the diagnostic feature.

  • Enable diagnostic events: Enables and allows Oracle to collect and send fault notifications about critical, warning, and information events for you.
  • Enable health monitoring: This diagnostics collection for Oracle Cloud operations viewing is not available for the Base Database Service.
  • Enable incident logs and trace collection: Enables and allows Oracle to receive event notifications and collect incident logs and traces for fault diagnosis and issue resolution.

Note:

You are opting in with the understanding that the list of events and log files can change in the future. You can opt out of this feature at any time.

Advanced options

Expand Advanced options to provide the advanced options for this resource.

Management

Expand Management to provide the following details:

  • Fault domain: The fault domain(s) in which the DB system resides. You can select which fault domain to use for your DB system. For multi-node RAC DB systems, you can specify which two fault domains to use. Oracle recommends that you place each node of a multi-node RAC DB system in a different fault domain. For more information about fault domains, see About Regions and Availability Domains.

Security

Expand Security to provide security details. Optionally, you can specify one or more security attributes to configure Zero Trust Packet Routing (ZPR) for the DB system.

  • Select the Namespace in which the required security attribute is available.
  • Select the Key and Value of the required security attribute.
  • Select Add security attribute.

Note:

  • Administrators must set up security attribute namespaces and security attributes in a tenancy before users can apply security attributes to the DB systems.
  • A security attribute is effective only with appropriate policies. If a security attribute without any policies is added, all access will be denied by default, even if allowed in the Security List or NSGs.
  • If you use the security attribute, the security rules for the DB system will be a union of the rules in the security attributes along with any rules in the security list and the NSGs.
  • You may need to use more than one security attribute. If you're not sure, contact your network administrator.
  • A maximum of 3 security attributes can be specified for a DB system.

For more information about:

Tags

Expand Tags to provide tag details for this resource.

You can add free-form tags or defined tags to this resource. You must have permission to use the tag namespace for defined tags. For information about using tags to manage your OCI resources, see Resource Tags.

Tip:

Tags can be applied later or at any time to a resource.

Database basic details

  • Database name: Enter a name for the database. It is also known as the DB_NAME. The database name must begin with an alphabetic character and can contain a maximum of eight alphanumeric characters. Special characters are not permitted.
  • Database unique name suffix: Optional. The second portion of the database's unique name. The complete database unique name is created by appending the database unique name suffix to the database name you specify.
  • Database unique name: Read-only. Displays the complete database unique name (DB_UNIQUE_NAME). The database unique name is a globally unique name for the database. Primary and standby databases in a Data Guard association can share the same database name but must have different database unique names.

Administrator credentials

  • Username: sys (This is a read-only field). A database administrator named sys will be created with the password you supply.
  • Password: Enter a password for the administrator. The password must meet the following criteria:
    • A strong password for SYS, SYSTEM, TDE wallet, and PDB administrator.
    • The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters.
    • The special characters must be _, #, or -.
    • The password must not contain the user name (SYS, SYSTEM, and so on) or the word "oracle" either in forward or reversed order and regardless of casing.
  • Confirm password: Reenter the password you specified.

Advanced options

Expand Advanced options to provide the advanced options for this resource.

Tags

Expand Tags to provide tag details for this resource.

You can add free-form tags or defined tags to this resource. You must have permission to use the tag namespace for defined tags. For information about using tags to manage your OCI resources, see Resource Tags.

Tip:

Tags can be applied later or at any time to a resource.

Clone

  • Select Clone.