NAT instance is an instance that allows you to access internet over a specific IP address band in the private network instance. This feature is available only in the Pyeongchon region, Korea.
[Note] Difference with NAT gateway
Classification NAT gateway NAT instance Availability Redundancy supported Redundancy not supported Maintenance Maintained by NHN Cloud Directly maintained by users Security group Not settable Settable Network ACL Settable Settable SSH Unavailable Available
For the NAT instance to work normally, the option of checking network source/target must be disabled in the Network Interface settings.
Specifies the NAT instance as a route gateway. The packets delivered to the NAT instance are delivered according to the routing setting of the routing table connected to the subnet of NAT instance.
[Note] Routing setting for NAT instance
- If the subnet of NAT instance is connected to Routing Table 1 and the instances that are going to use the NAT instance as a gateway are connected to Routing Table 2
- In the routing setting of Routing Table 2, the NAT instance can be specified as a gateway for a specific CIDR (e.g. 8.8.8.8/32).
- You should specify the NAT instance as a gateway in the route setting of Routing Table 1 except in the case of the NAT instance connected to a floating IP, in which case IP prefix 0 (/0) can be set for the target CIDR.
- If the NAT instance subnet and the subnet of instances that are going to use the NAT instance as a gateway are both connected to Routing Table 1
- If NAT instance is connected to a floating IP, IP Prefix 0 (/0) can be set for the target CIDR to route.
- Without using the above settings, you should not specify the NAT instance as a gateway in the routing setting of Routing Table 1.
After instance is created, access the instance by using Remote Desktop Protocol (RDP). To that end, an instance must be associated with a floating IP and TCP port 3389 (RDP) must be allowed for security group.
Click + Check Password to check password by using key pair configured along with instance creation. Click Associate and download .rdp file, to access the instance by using the acquired password.
The default certification mode of the server is set with "Windows Certification Mode". To use Microsoft SQL database account, the mode must be changed to SQL Certification Mode.
Execute Microsoft SQL Server Management Studio and associate to an object under the instance name.
※ To apply the changed SQL certification mode, restart Microsoft SQL.
The default port 1433 for Microsoft SQL is widely known and might serve as a security vulnerability. A change is recommended to another port. ※ For Express, no default port is specified.
Execute SQL Server configuration manager as below.
※ To apply the changed service port, restart Microsoft SQL.
To allow external access to Microsoft SQL Database, go to the Security Group tab of Network > VPC and add Microsoft SQL service port for security rules. Also, register Microsoft SQL service port (default port: 1433) to allow access, as well as remote IP.
Microsoft SQL data/log files (MDF/LDF) and backup files are recommended to be applied with separate block storages.
Go to Compute > Instance > Block Storage and create a block storage. Universal SSD is a recommended volume type for improved performance.
After a block storage is created, select the storage and click Association Management and associate it to an instance.
Access instance with RDP and execute Computer Management, and go to Storage>Disk Management.
You can find the associated block storage is detected. To use it, initialize disk first. 1. Right-click the Disk 1 block and click Initialize Disk. 2. Select a partition type and click OK.
After initialization is completed, create disk volume.
Click unassigned disk and right-click it. Select New Simple Volume and proceed with wizard for new simple volume.
In the Database Setting of Server Properties of Microsoft SQL Server Management Studio, change Default Database Location into the directory where the volume has been created.
※ To apply the changed default database location, restart Microsoft SQL.
Change of Microsoft SQL settings sometimes requires a restart of the service. To apply changed settings, restart Microsoft SQL.
From SQL Server Configuration Manager, go to SQL Server Configuration Manager (local) > SQL Server Service > SQL Server (MSSQLSERVER) and right click it. When the menu shows up, click Restart to restart the service.
Check if Microsoft SQL is set for automatic start with OS running.
Go to SQL Server Configuration Manager (local) > SQL Server in the SQL Server Configuration Manager to find Start Mode.
When the service start mode for SQL SERVER (MSSSQLSERVER) and SQL Server Agent (MSSQLSERVER) are not automatic, do the followings:
[Note] For the release status of Microsoft SQL Instance, see Instance Release Note.
#Start mysql Service
shell> service mysqld start
#Stop mysql Service
shell> service mysqld stop
#Restart mysql Service
shell> service mysqld restart
For initial connection, connect to MySQL with default user name.
shell> mysql -uroot
There's no password on root user on initial installation. Therefore, it is required to set password as soon as possible.
SET PASSWORD [FOR user] = password_option
mysql> set password=password('password');
ALTER USER USER() IDENTIFIED BY 'auth_string';
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'New Password';
Default MySQL validate_password_policy is as below:
The default MySQL port number is 3306. It is recommended to change the port number for security reasons.
shell> vi /etc/my.cnf
# Specify a port to use in the my.cnf file.
port = Port name to use
# Save vi editor Save editor
# Restart mysql service
shell> service mysqld restart
#Connect with the changed port number
shell> mysql -uroot -P[changed port number]
The default path of my.cnf is /etc/my.cnf, and NHN Cloud recommended variables are set as below:
Name | Description |
---|---|
default_storage_engine | Specify a default storage engine: Default is InnoDB with Online-DDL and transactions available. |
expire_logs_days | Set log expiration period for logs provided by binlog settings. Default is three days. |
innodb_log_file_size | Specify the size of log files which save redo logs of transactions. Recommended size is 256MB or higher in actual environment, and it is set as 512MB by default. In order for the changes to take effect, please restart the database. |
innodb_file_per_table | When a table is deleted or truncated, the table space is immediately returned to the OS. |
innodb_log_files_in_group | Set the number of innodb_log_file files and use them in circular fashion: requires at least two. |
log_timestamps | Default log time of MySQL 5.7 is displayed in UTC time format; therefore, change log time to system local time. |
slow_query_log | Enable the slow_query log option. Queries taking more than 10 seconds in accordance with long_query_time will be logged to the slow_query_log. |
sysdate-is-now | For sysdate, SQL with sysdate() used for replication results in discrepant time between Master and Slave, so sysdate() and now() functions will behave the same. |
Directory and file description of MySQL are as below:
Name | Description |
---|---|
my.cnf | /etc/my.cnf |
DATADIR | Path for MySQL Data File - /var/lib/mysql/ |
ERROR_LOG | Path for MySQL error_log File - /var/log/mysqld.log |
SLOW_LOG | Path for MySQL Slow Query File - /var/lib/mysql/*slow.log |
For detailed release status of MySQL Instance, please refer to Instance Release Notes.
#Start postgresql service
shell> sudo systemctl start postgresql-13
#Stop postgresql service
shell> sudo systemctl stop postgresql-13
#Restart postgresql service
shell> sudo systemctl restart postgresql-13
In the beginning after creating an image, log in as shown below.
#Switch account to postgres and log in
shell> sudo su - postgres
shell> psql
The image port provided is 5432, the default PostgreSQL port. Port change is recommended for security purposes.
shell> vi /var/lib/pgsql/13/data/postgresql.conf
#Specify the port to be used in the postgresql.conf file.
port =name of the port to use
#Save vi editor
#Restart postgresql service
shell> sudo systemctl restart postgresql-13
#Log in with the changed port as shown below
shell> psql -p[changed port number]
The default timezone recorded in the server log is set to UTC. It is recommended to change it to match the local time of the SYSTEM.
shell> vi /var/lib/pgsql/13/data/postgresql.conf
#Specify the timezone to be used in the postgresql.conf file.
log_timezone = timezone to use
#Save vi editor
#Restart postgresql service
shell> sudo systemctl restart postgresql-13
#Log in to postgresql
shell> psql
#Check the changed settings
postgres=# SHOW log_timezone;
Since all users are provided with CREATE and USAGE permissions for public schema by default, users who can log in to the DB can create objects in public schema. It is recommended to cancel the permissions so that no users can create objects in public schema.
#Log in to postgresql
shell> psql
#Run permission cancellation command
postgres=# REVOKE CREATE ON SCHEMA public FROM PUBLIC;
To allow logins other than local host, you need to change the listen_addresses variable and client authentication setup file.
shell> vi /var/lib/pgsql/13/data/postgresql.conf
#Specify the address to be used in the postgresql.conf file.
#To allow all IPv4 addresses, 0.0.0.0
#To allow all IPv6 addresses, ::
#To allow all addresses, *
listen_addresses = address to allow
#Save vi editor
shell> vi /var/lib/pgsql/13/data/pg_hba.conf
#Client authentication control per IP address format
#Since old client library is not supported by scram-sha-256, it needs to be changed to md5
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
host allowed DB allowed user allowed address scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
host allowed DB allowed user allowed address scram-sha-256
#Restart postgresql service
shell> sudo systemctl restart postgresql-13
PostgreSQL directory and file description is as follows:
Name | Description |
---|---|
postgresql.cnf | /var/lib/pgsql/{version}/data/postgresql.cnf |
initdb.log | PostgreSQL database cluster creation log - /var/lib/pgsql/{version}/initdb.log |
DATADIR | PostgreSQL data file path - /var/lib/pgsql/{version}/data/ |
LOG | PostgreSQL log file path - /var/lib/pgsql/{version}/data/log/*.log |
You can start or stop the CUBRID service as follows by logging in with the “cubrid” Linux account.
# Start the CUBRID service/server
shell> sudo su - cubrid
shell> cubrid service start
shell> cubrid server start demodb
# Stop the CUBRID service/server
shell> sudo su - cubrid
shell> cubrid server stop demodb
shell> cubrid service stop
# Restart the CUBRID service/server
shell> sudo su - cubrid
shell> cubrid server restart demodb
shell> cubrid service restart
# Start/stop/restart the CUBRID broker
shell> sudo su - cubrid
shell> cubrid broker start
shell> cubrid broker stop
shell> cubrid broker restart
After creating an instance, initially connect as follows.
shell> sudo su - cubrid
shell> csql -u dba demodb@localhost
After initial installation, the CUBRID dba account password is not set. Therefore, you must set a password after installation.
shell> csql -u dba -c "ALTER USER dba PASSWORD 'new_password'" demodb@localhost
The broker port for query_editor defaults to 30000, and the broker port for broker1 defaults to 33000. For security reasons, it is recommended to change the port.
Open the following file and enter the port address to change as shown below.
shell> vi /opt/cubrid/conf/cubrid_broker.conf
[%query_editor]
BROKER_PORT =[port address to change]
[%BROKER1]
BROKER_PORT =[port address to change]
Restart the broker for the port change to take effect.
shell> cubrid broker restart
The manager server port defaults to 8001. For security reasons, it is recommended to change the port.
Open the following file and enter the port address to change as shown below.
shell> vi /opt/cubrid/conf/cm.conf
cm_port =[port address to change]
Restart the manager for the port change to take effect.
shell> cubrid manager stop
shell> cubrid manager start
The CUBRID directory and file descriptions are as follows.
Name | Description |
---|---|
database.txt | CUBRID database location information file path - /opt/cubrid/databases |
CONF PATH | CUBRID server, broker, manager environment variable file path - /opt/cubrid/conf |
LOG PATH | CUBRID process log file path - /opt/cubrid/log |
SQL_LOG | CUBRID SQL Query file path /opt/cubrid/log/broker/sql_log |
ERROR_LOG | CUBRID ERROR SQL Query file path - /opt/cubrid/log/broker/error_log |
SLOW_LOG | CUBRID Slow Query file path - /opt/cubrid/log/broker/sql_log |
A server configuration file that allows you to configure the memory of the database you want to operate, the number of threads according to the number of concurrent users, and the communication port between the broker and the server.
Name | Description |
---|---|
service | A parameter to register processes that start automatically when the CUBRID service starts. By default, server, broker, and manager processes are registered. |
cubrid_port_id | The port used by the master process. |
max_clients | The maximum number of concurrently connected clients per database server process. |
data_buffer_size | A parameter to set the size of the data buffer that the database server caches in memory. It is recommended to set the required memory size to a value within 2/3 of the system memory. |
A broker configuration file that allows you to set the port used by the broker you want to operate, the number of application servers (CAS), SQL LOG, etc.
Name | Description |
---|---|
BROKER_PORT | The port used by the broker. The port seen by the actual driver such as JDBC is the port of the broker. |
MAX_NUM_APPL_SERVER | A parameter to set the maximum number of CASs that can be connected to the broker at the same time. |
MIN_NUM_APPL_SERVER | A parameter to set the minimum number of CAS processes waiting by default even if there is no connection request to the broker. |
LOG_DIR | A parameter that specifies the directory where SQL logs are stored. |
ERROR_LOG_DIR | A parameter that specifies the directory where error logs for the broker are stored. |
A CUBRID manager configuration file that allows you to set the port used by the manager server process you want to operate, the monitoring collection cycle, etc.
Name | Description |
---|---|
cm_port | The port used by the manager server process. |
cm_process_monitor_interval | A cycle for monitoring information collection. |
support_mon_statistic | A parameter to set whether to use cumulative monitoring. |
server_long_query_time | A parameter that specifies the threshold (in seconds) for a late query when the slow_query item among the server's diagnostic items is set. |
# Start the MariaDB service
shell> sudo systemctl start mariadb.service
# Stop the MariaDB service
shell> sudo systemctl stop mariadb.service
# Restart the MariaDB service
shell> sudo systemctl restart mariadb.service
After creating an instance, initially connect to MariaDB as follows.
shell> mysql -u root
After changing the password, connect to MySQL as follows.
shell> mysql -u root -p
Enter password:
After initial installation, the MariaDB root account password is not set. Therefore, you must set a password after installation.
SET PASSWORD [FOR user] = password_option
MariaDB> SET PASSWORD = PASSWORD('password');
After initial installation, the port is 3306, which is MariaDB's default port. For security reasons, it is recommended to change the port.
/etc/my.cnf.d/server.cnf
fileOpen the /etc/my.cnf.d/server.cnf
file and enter the port address to change under [mariadb] as follows.
shell> sudo vi /etc/my.cnf.d/server.cnf
[mariadb]
port=[port address to change]
Restart the instance for the port change to take effect.
sudo systemctl restart mariadb.service
Create an additional volume in addition to the root volume. Tibero Machine Image (TMI) requires an additional volume of 150GB, so an additional block storage of 150G or more must be set.
After the instance creation is complete, use SSH to access the instance. The instance must have a floating IP associated and TCP port 22 (SSH) must be allowed in the security group. Connect to the instance using an SSH client and the set key pair. For a detailed guide on SSH connection, refer to SSH Connection Guide.
Run the dbca command in the /root path with the root account.
$ ./dbca OS_ACCOUNT DB_NAME DB_CHARACTERSET DB_PORT
[centos@tiberoinstance ~]$ sudo su root
[root@tiberoinstance centos]# cd
[root@tiberoinstance ~]# pwd
/root
[root@tiberoinstance ~]# ./dbca nhncloud tiberotestdb utf8 8639
No | Item | Argument value |
---|---|---|
1 | OS_ACCOUNT | OS account under which Tibero runs |
2 | DB_NAME | DB_NAME used in Tibero (SID) |
3 | DB_CHARACTERSET | DB character set used by Tibero |
4 | DB_PORT | Service IP port used by Tibero |
When the dbca command is run, the progress is output and the database is created in the nomount mode. It takes less than 10 minutes. When finished, the output is as below.
SQL>
System altered.
SQL>
System altered.
SQL> Disconnected.
[root@tiberoinstance ~]#
Check if Tibero is running.
[root@tiberoinstance ~]# ps -ef | grep tbsvr
nhncloud 13933 1 0 09:10 ? 00:00:04 tbsvr -t NORMAL -SVR_SID tiberotestdb
nhncloud 13944 13933 0 09:10 ? 00:00:00 tbsvr_FGWP006 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13945 13933 0 09:10 ? 00:00:00 tbsvr_FGWP007 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13946 13933 0 09:10 ? 00:00:00 tbsvr_FGWP008 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13947 13933 0 09:10 ? 00:00:08 tbsvr_FGWP009 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13948 13933 0 09:10 ? 00:00:00 tbsvr_PEWP000 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13949 13933 0 09:10 ? 00:00:00 tbsvr_PEWP001 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13950 13933 0 09:10 ? 00:00:00 tbsvr_PEWP002 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13951 13933 0 09:10 ? 00:00:00 tbsvr_PEWP003 -t NORMAL -SVR_SID tiberotestdb
nhncloud 13952 13933 0 09:10 ? 00:00:09 tbsvr_AGNT -t NORMAL -SVR_SID tiberotestdb
nhncloud 13953 13933 0 09:10 ? 00:00:07 tbsvr_DBWR -t NORMAL -SVR_SID tiberotestdb
nhncloud 13954 13933 0 09:10 ? 00:00:00 tbsvr_RCWP -t NORMAL -SVR_SID tiberotestdb
root 21066 12596 0 11:06 pts/0 00:00:00 grep --color=auto tbsvr
[root@tiberoinstance ~]#
The installation log can be found in /root/.dbset.log.
[root@tiberoinstance ~]# ls -al
합계 36
dr-xr-x---. 4 root root 154 1월 13 09:12 .
dr-xr-xr-x. 23 root root 4096 1월 13 09:05 ..
-rw------- 1 root root 264 1월 12 19:08 .bash_history
-rw-r--r--. 1 root root 18 12월 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 12월 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 12월 29 2013 .bashrc
-rw-r--r--. 1 root root 100 12월 29 2013 .cshrc
-rw-r--r-- 1 root root 7732 1월 13 09:12 .dbset.log
drwxr----- 3 root root 19 1월 13 09:04 .pki
drwx------ 2 root root 29 1월 4 16:58 .ssh
-rw-r--r--. 1 root root 129 12월 29 2013 .tcshrc
Log in with the OS_ACCOUNT created with the dbca command.
[root@tiberoinstance ~]# su - nhncloud
마지막 로그인: 목 1월 13 11:34:43 KST 2022 일시 pts/0
##### ### ###### ### ####### ### ###### ####### ###### ####### ####### ####### ##### ####### ###### ######
# # # # # ### # # # # # # # # # # # # # # # # # #
# # # # ### # # # # # # # # # # # # # # # # #
##### # # # # # ###### ##### ###### # # # ##### ##### # # # ######
# # # # ### # # # # # # # # # # # # # # # # #
# # # # # ### # # # # # # # # # # # # # # # # # #
##### ### ###### ### # ### ###### ####### # # ####### # ####### ##### # ###### ######
[nhncloud@tiberoinstance ~]$
[nhncloud@tiberoinstance ~]$ tbsql sys/tibero
tbSQL 6
TmaxData Corporation Copyright (c) 2008-. All rights reserved.
Connected to Tibero.
SQL> select * from v$instance;
INSTANCE_NUMBER INSTANCE_NAME
--------------- ----------------------------------------
DB_NAME
----------------------------------------
HOST_NAME PARALLEL
--------------------------------------------------------------- --------
THREAD# VERSION
---------- --------
STARTUP_TIME
----------------------------------------------------------------
STATUS SHUTDOWN_PENDING
---------------- ----------------
TIP_FILE
--------------------------------------------------------------------------------
0 tiberotestdb
tiberotestdb
tiberoinstance.novalocal NO
0 6
2022/01/13
NORMAL NO
/db/tibero6/config/tiberotestdb.tip
1 row selected.
SQL>
The default accounts provided by Tibero are as follows.
Schema | Password | Description |
---|---|---|
sys | tibero | SYSTEM schema |
syscat | syscat | SYSTEM schema |
sysgis | sysgis | SYSTEM schema |
outln | outln | SYSTEM schema |
tibero | tmax | SAMPLE schema with the DBA privilege |
tibero1 | tmax | SAMPLE schema with the DBA privilege |
The images provided by default include CentOS 7.8 with JEUS8Fix1 (Domain Administrator Server 2022.03.22) and CentOS 7.8 with JEUS8Fix1 (Managed Server 2022.03.22). To install Domain Administrator Server, use CentOS 7.8 with JEUS8Fix1 (Domain Administrator Server 2022.03.22) image. To install Managed Server, use the CentOS 7.8 with JEUS8Fix1 (Managed Server 2022.03.22) image.
JEUS is installed in ~/apps/jeus8
.
The following properties are set during installation.
Property | Default value |
---|---|
Domain name | jeus_domain |
WebAdmin port | 9736 |
Admin server name | adminServer |
Admin user ID | administrator |
Admin user password | jeusadmin |
Node manager | java |
To configure or control JEUS, you must start the node manager and then control it through WebAdmin or jeusadmin.
After the instance creation is complete, use SSH to access the instance. The instance must have a floating IP associated and TCP port 22 (SSH) must be allowed in the security group.
Connect to the shell and run the node manager with the startNodeManager command. Since the node managers need to communicate with each other, add an allow rule for the default port 7730 to the security group.
To run Domain Administrator Server, use the startDomainAdminServer command.
startDomainAdminServer -uadministrator -pjeusadmin
Run WebAdmin as follows:
The image provided by default is CentOS 7.8 with WebtoB5Fix4 (2022.03.22).
WebtoB is installed in ~/apps/webtob
.
After the instance creation is complete, use SSH to access the instance. The instance must have a floating IP associated and TCP port 22 (SSH) must be allowed in the security group.
Compile the configuration file using the wscfl command.
wscfl -i http.m
Start WebtoB using wsboot.
wsboot
You can use wsadmin to view or control the status.