Clone a DB System

This article explains how to clone a DB system.

Cloning creates a copy of a source DB system as it exists at the time of the cloning operation, including the storage configuration software and database volumes. When creating a clone, you can specify a new SSH key and admin password.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.

For administrators: The policy in Let database admins manage Oracle Cloud database systems lets the specified group do everything with databases and related Database resources.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for databases, see Details for the Database Service.

General Information

  • To clone a DB system that has a Data Guard association, initiate the operation from the primary DB system. The clone operation does not clone Data Guard associations themselves, or Data Guard connections.
  • When cloning a DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database. For information on using customer-managed keys, see Manage Encryption Keys.

Limitations

  • When cloning a DB system that uses Real Application Clusters (RAC), a new Oracle Grid Infrastructure (GI) configuration is created. The new GI is required to avoid conflicts with the source DB system. Therefore, the clone DB system does not include the following from the source system:
    • manually added clusterware resources,
    • database application services,
    • customized settings from the source database such as environment variables,
    • manually-added application IP addresses (application virtual IPs),
    • additional listener ports (such as those configured for Transport Layer Security or other purposes),
    • or any other resource or customization that is not present after the creation of a new DB system
  • Cloning a RAC DB system takes longer than cloning a single-node DB system due to the time needed to create a new GI stack. Expect a RAC DB system cloning operation to take at least an hour.
  • For DB systems using Oracle Automatic Storage Management (ASM), the GI software must be 19.9 or later.
  • Cloning is not currently supported for DB systems using Oracle Database 21c with Oracle Automatic Storage Management.
  • You can't clone a DB system in a security zone to create a DB system that isn't in a security zone. See the security zone policies topic for a full list of policies that affect Database service resources.

For more information, see Oracle Automatic Storage Management and Security Zone Policies.

Procedure

Perform the following steps to clone a DB system.

  1. Open the navigation menu. Select Oracle Database, then select Oracle Base Database Service.
  2. Select your Compartment. A list of DB systems is displayed.
  3. In the list of DB systems, find the DB system you want to clone and click its highlighted name.
  4. On the DB System Details page of your source DB system, click Clone.
  5. Select a compartment: Select a compartment for your new DB system. By default, the DB system is created in your current compartment and you can use the network resources in that compartment.
  6. Display name:A non-unique, display name for the DB system. An Oracle Cloud Identifier (OCID) uniquely identifies the DB system. Avoid entering confidential information.
  7. Add SSH key: Add the public key portion of each key pair you want to use for SSH access. Select on of the following options:
    • Generate SSH key pair: Use this option to create a new SSH key pair. Click both Save private key and Save public key when using this option. The private key is downloaded to your local system, and must be stored in a safe location. You cannot download another copy of the private key generated during this operation after completing the operation.
    • Upload SSH key files: Select this option to browse or drag and drop your existing public key (.pub) files.
    • Paste SSH keys: Select this option to paste in individual public keys. To paste multiple keys, click + Another SSH key, and supply a single key for each entry.
  8. The clone uses the SSH keys specified during the cloning operation. The source DB system continues to use the SSH keys that were in place before the cloning operation.
  9. Choose a license type: The type of license you want to use for the DB system. Your choice affects metering for billing.
    • License included means the cost of this Oracle Cloud Infrastructure Database service resource will include both the Oracle Database software licenses and the service.
    • Bring Your Own License (BYOL) means you will use your organization's Oracle Database software licenses for this Oracle Cloud Infrastructure Database service resource. For more information, see Bring Your Own License.
  10. This license selection only applies to the clone, and does not affect the source DB system.
  11. Provide the following details in the Configure networking section.
  12. Virtual cloud network: The VCN in which to create the DB system. Click Change compartment to select a VCN in a different compartment.
  13. The clone can use a different VCN and subnet from the source DB system.
  14. Client subnet The subnet to which the DB system attaches. For both single-node and multi-node RAC DB systems, do not use a subnet that overlaps with 192.168.16.16/28, which is used by the Oracle Clusterware private interconnect on the database instance. Specifying an overlapping subnet causes the private interconnect to malfunction.

    Click Change compartment to select a subnet in a different compartment.

  15. Network security groups: Optionally, you can specify one or more network security groups (NSGs) for your DB system. NSGs function as virtual firewalls, enabling you to apply a set of ingress and egress security rules to your DB system. A maximum of five NSGs can be specified.

    For more information, see Access and Security and Security Rules for the DB System.

    Note

    If you select a subnet with a security list, the security rules for the DB system will be a union of the rules in the security list and the NSGs.
    To use network security groups:
    1. Check the Use network security groups to control traffic check box. Note that you must have a virtual cloud network selected to be able to assign NSGs to your DB system.
    2. Specify the NSG to use with the DB system. You may need to use more than one NSG. If you're not sure, contact your network administrator.
    3. To use additional NSGs, click + Another network security group.
  16. Host name prefix: Your choice of host name prefix for the DB system. The host name must begin with an alphabetic character, and can contain only alphanumeric characters and hyphens (-). The maximum number of characters allowed is 16.
    Note

    The host name must be unique within the subnet. If it is not unique, the DB system will fail to provision.
  17. If the clone is created in a different subnet from the source, the same host name can be used for both the clone and the source DB system.
  18. Host domain name: The domain name for the DB system. If the selected subnet uses the Oracle-provided Internet and VCN Resolver for DNS name resolution, then this field displays the domain name for the subnet and it can't be changed. Otherwise, you can provide your choice of a domain name. Hyphens (-) are not permitted.
  19. Host and domain URL: Combines the host and domain names to display the fully qualified domain name (FQDN) for the database. The maximum length is 64 characters.
  20. Private IP address: Optionally, for non-RAC DB systems, you can define the IP address of the new DB system. This is useful in development contexts where you create and delete a DB system over and over, and you need each new iteration of the DB system to use the same IP address. If you specify an IP address that is currently in use within the subnet, the provisioning operation will fail with an error message regarding the invalid IP address.
  21. Fault domain: The fault domain(s) in which the DB system resides. You can select which fault domain to use for your DB system. For multi-node RAC DB systems, you can specify which two fault domains to use. Oracle recommends that you place each node of a multi-node RAC DB system in a different fault domain. For more information about fault domains, see About Regions and Availability Domains.
  22. Diagnostic collection: The diagnostics collection and notifications feature enables Oracle Cloud Operations and you to identify, investigate, track, and resolve guest VM issues quickly and effectively. Subscribe to events to get notified about resource state changes. You can enable or disable this feature at anytime.

    By default the options are selected for enabling. However, you can select to uncheck the diagnostic collection check boxes if you do not require the diagnostic feature.
    • Enable diagnostic events: Enables and allows Oracle to collect and send fault notifications about critical, warning, and information events for you.
    • Enable incident logs and trace collection: Enables and allows Oracle to receive event notifications and collect incident logs and traces for fault diagnosis and issue resolution.
    Note

    • The Enable health monitoring diagnostics collection for Oracle Cloud operations viewing is not available for the Base Database Service.
    • You are opting-in with the understanding that the list of events and log files can change in the future. You can opt-out of this feature at any time.
  23. Provide the following details in the Configure database section.
  24. Database name: The name for the database, also known as the DB_NAME. The database name must begin with an alphabetic character and can contain a maximum of eight alphanumeric characters. Special characters are not permitted.
  25. Database unique name suffix: Optional. The second portion of the database unique name. The complete database unique name is created by appending the database unique name suffix to the database name you specify.
  26. Database unique name: This read-only field displays the complete database unique name (DB_UNIQUE_NAME). The database unique name is a globally unique name for the database. Primary and standby databases in a Data Guard association can share the same database name, but must have different database unique names.
  27. Username: sys (This is a read-only field).
  28. Password: Supply the password for this user. The password must meet the following criteria:
    • A strong password for SYS, SYSTEM, TDE wallet, and PDB administrator.
    • The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters.
    • The special characters must be _, #, or -.
    • The password must not contain the user name (SYS, SYSTEM, and so on) or the word "oracle" either in forward or reversed order and regardless of casing.
  29. The TDE wallet password is inherited from the source DB system for databases using Oracle-managed encryption keys. When cloning a DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database. For more information, see Manage Encryption Keys.
  30. Confirm password: Reenter the SYS password you specified.
  31. Click Show advanced options to specify advanced options for the database.
  32. In the Tags tab, you can add free-form tags or defined tags to this resource. You must have permissions to use the tag namespace for defined tags. For information about using tags to manage your OCI resources, see Resource Tags.
  33. Click Clone DB system.