Create a single-tenant fully managed service instance that supports the PrivateLink connection feature by using a MySQL software package -

This topic describes how to create a single-tenant fully-managed service instance that supports the PrivateLink connection feature by using a MySQL software package in Compute Nest. In this example, the MySQL software package is used to deploy MySQL on an Elastic Compute Service (ECS) instance and a Server Load Balancer (SLB) instance.

Overview

In this example, a MySQL database is deployed on an ECS instance and an SLB instance and the PrivateLink connection feature is enabled by default. After a customer deploys a service instance, the customer can directly access the MySQL database that is deployed within the account of the service provider over an internal network. The GitHub repository of the sample service is mysql-managed-demo.

In this example, the service is automatically created, which takes about 3 minutes. The service is created after it enters the Pending Submission state. The service is created in the following procedure:

Publish the MySQL software package stored in the GitHub repository as a Compute Nest deployment package of the file type.
Create a service and associate it with the deployment package of the file type.

The following table describes the parameter sets provided by the service.

Parameter set	SLB instance type	ECS instance type	vCPU and memory	System disk	Public bandwidth
Basic Edition	slb.s1.small	ecs.c6.large	c6, compute-optimized instance family: 2 vCPUs and 4 GiB	Performance level 0 (PL0) Enterprise SSD (ESSD): 200 GiB	Fixed bandwidth: 1 Mbit/s
Standard Edition	slb.s1.small	ecs.c6.xlarge	c6, compute-optimized instance family: 4 vCPUs and 8 GiB	PL0 ESSD: 200 GiB	Fixed bandwidth: 1 Mbit/s
Advanced Edition	slb.s3.small	ecs.c6.2xlarge	c6, compute-optimized instance family: 8 vCPUs and 16 GiB	PL0 ESSD: 200 GiB	Fixed bandwidth: 1 Mbit/s

Deployment architecture

An ECS instance and an SLB instance are deployed for a service instance, and the security group to which the ECS instance belongs allows access to port 3306. An endpoint is configured for the service instance.

Billing of creating a service

You are not charged for creating the sample service for testing. For more information about fees of service instances, see the "Billing of service instances" section of this topic.

Policies required for RAM users

The service needs to access resources such as ECS instances and VPCs. Before you create a service instance as a Resource Access Management (RAM) user, you must grant the RAM user the permissions on related resources. For more information about how to grant permissions to a RAM user, see Grant permissions to a RAM user.

The following table describes the policies that are required for RAM users.

Policy	Description
AliyunECSFullAccess	The full permissions on ECS.
AliyunVPCFullAccess	The full permissions on VPC.
AliyunROSFullAccess	The full permissions on Resource Orchestration Service (ROS).
AliyunComputeNestUserFullAccess	The full permissions of a customer on Compute Nest.
AliyunComputeNestSupplierFullAccess	The full permissions of a service provider on Compute Nest.
AliyunPrivateLinkFullAccess	The full permissions on PrivateLink.

Billing of service instances

Billable items:

Selected vCPU and memory specifications
System disk type and capacity
Public bandwidth
PrivateLink connection

Billing methods:

Pay-as-you-go (by hour)
Subscription

The estimated cost of a service instance is displayed in real time when you create the service instance. Fees for PrivateLink connections are charged after service instances are created and PrivateLink connections are established. For more information, see Billing overview.

Deploy a service instance

Deployment parameters

Section	Parameter	Description
Basic Configuration	root and admin Account Password	The password of the root or admin accounts that are used to log on to the database. The password must be 8 to 32 characters in length and can contain letters, digits, and the following special characters: ! @ # $ % ^ & * - + = _
Network Configuration	VSwitch Available Zone	The zone in which resources are created within the account of the service provider.
Network Configuration	VPC ID	The VPC used to establish PrivateLink connections.
Network Configuration	Security Group	The security group used to establish PrivateLink connections.
Network Configurations	vSwitches and Zone	The zone and vSwitch used to establish PrivateLink connections.

Procedure

Click the service instance deployment URL provided by the service provider. On the service instance deployment page, configure the parameters as prompted.
Configure the parameters in the Network Configuration section. When a service instance is created, an endpoint is created in the specified zone.
Click Next: Confirm Order.
Confirm the service instance information and the estimated price, read and agree to the service agreement, and then click Create Now. The service instance starts to be deployed.
Wait until the deployment is complete.
Use the service instance. The service instance supports the PrivateLink connection feature. You can access the service instance by using a PrivateLink connection over an internal network. For more information about PrivateLink, see Best practices. Perform the following steps to access the service instance over an internal network:
1. Go to the details page of the service instance. On the Intranets tab, obtain the custom domain name, IP address, or zone domain name that is used to connect to the MySQL database. The custom domain name is displayed only if you turn on Custom Domain Name on the Create Service Instance page.
2. Create an ECS instance in the corresponding vSwitch. Then, install the MySQL client.
```
yum install mysql
or
apt install mysql-client
```
3. Use the MySQL client on the ECS instance to connect to the MySQL database by using one of the following methods:
  1. Use the custom domain name.
  2. Use the IP address.
  3. Use the zone domain name.

Service details

The installation package of MySQL Community Edition is stored in the GitHub repository. During service creation, the installation package is published as a Compute Nest deployment package, and the installation command is written to a ROS template. The MySQL database is automatically installed when the ROS template is executed. Compute Nest replaces the {{ computenest::file::MySQL }} placeholder with the HTTP URL of the deployment package of the file type.

wget '{{ computenest::file::MySQL }}' -O mysql-community-release-el6-5.noarch.rpm
rpm -ivh mysql-community-release-el6-5.noarch.rpm
yum repolist all | grep mysql
yum install mysql-community-server -y

Files

File	Description
config.yaml	The configuration file for service creation. The computenest-cli creates the service based on this configuration file.
parameters.yaml	The file that specifies the network parameters to be configured by the service provider, such as VpcId and VSwitchId. In this example, the file specifies the parameters required to deploy a single-tenant fully managed service.
artifact/mysql-community-release-el6-5.noarch.rpm	The installation package of MySQL Community Edition. During service creation, the installation package is published as a Compute Nest deployment package.
icons/service_logo.jpg	The default logo of the service.
templates/parameters.yaml	The file that defines the parameters to be configured by customers.The file that specifies the parameters to be configured by a customer. A customer needs to configure only a few parameters for a single-tenant fully managed service.
templates/template.yaml	The ROS template file. ROS automatically creates all resources based on the template.

The templates/template.yaml file contains the following three sections:

Parameters: defines the parameters that a customer needs to configure, including the billing method, instance type, instance password, and zone.

ZoneId:
 Type: String
 AssociationProperty: ALIYUN::ECS::Instance:ZoneId
 Label:
   en: VSwitch Available Zone
   zh-cn: 可用区
# The password of the root account that is used to log on to the database.
Password:
 # Only asterisks (*) are returned if you query this parameter.
 NoEcho: true
 Type: String
 Description:
   en: 'Database root account passwor, 8-32 characters, including uppercase and lowercase letters, numbers and special symbols (including: !@#$%^&*-+=_).'
   zh-cn: 数据库root账户密码，长度8-32个字符，可包含大小字母、数字及特殊符号（包含：!@#$%^&*-+=_）。 
 Label:
   en: Root Account Password
   zh-cn: 数据库root账户密码
 ConstraintDescription:
   en: '8-32 characters, including uppercase and lowercase letters, numbers and special symbols (including: !@#$%^&*-+=_).'
   zh-cn: 8-32个字符，可包含大小字母、数字及特殊符号（包含：!@#$%^&*-+=_）。 
 MinLength: '8'
 MaxLength: '32'
 AssociationProperty: ALIYUN::ECS::Instance::Password
# The VPC ID.
VpcId:
 AssociationProperty: ALIYUN::ECS::VPC::VPCId
 Type: String
 Label:
   en: VPC ID
   zh-cn: 专有网络VPC实例ID
# The vSwitch ID.
VSwitchId:
 AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
 AssociationPropertyMetadata:
   VpcId: ${VpcId}
   ZoneId: ${ZoneId}
 Type: String
 Label:
   en: VSwitch ID
   zh-cn: 交换机实例ID
# The ECS instance type.
EcsInstanceType:
 Type: String
 Label:
   en: Instance Type
   zh-cn: Ecs实例类型
 AssociationProperty: ALIYUN::ECS::Instance::InstanceType
 AllowedValues:
   - ecs.c6.large
   - ecs.c6.xlarge
   - ecs.c6.2xlarge
   - ecs.c6.4xlarge
SlbInstanceType:
 Type: String
 Label:
   en: Instance Type
   zh-cn: Slb实例类型
 AssociationProperty: ALIYUN::Slb::LoadBalance::LoadBalancerSpec
 AllowedValues:
   - slb.s1.small
   - slb.s3.small

Resources: defines the resources to be created, including VPC, vSwitch, ECS instance, SLB instance, and PrivateLink connections.

EcsSecurityGroup:
 Type: 'ALIYUN::ECS::SecurityGroup'
 Properties:
   VpcId:
     Ref: VpcId
   SecurityGroupIngress:
     - Priority: 1
       PortRange: 3306/3306
       NicType: internet
       SourceCidrIp: 0.0.0.0/0
       IpProtocol: tcp
# The ECS instances.
EcsInstanceGroup:
 Type: ALIYUN::ECS::InstanceGroup
 Properties:
   # The I/O optimized instance.
   IoOptimized: optimized
   ZoneId:
     Ref: ZoneId
   DiskMappings:
     - Category: cloud_essd
       Device: /dev/xvdb
       Size: 200
   SystemDiskSize: 40
   # The commands to be executed by cloud-init.
   # You can view the execution log in the following file: /var/log/cloud-init.log /var/log/cloud-init-output.log.
   # The script is /var/lib/cloud/instance/scripts/part-001. You can run the sh command for troubleshooting.
   UserData:
     Fn::Sub:
       - |
         #!/bin/sh

         # Sleep for a while to ensure that the network is ready.
         sleep 10

         # Other commands are omitted. For more information, see templates/template.yaml.
   # The pay-as-you-go billing method is used.
   InstanceChargeType: PostPaid
   MaxAmount: 1
   # The ESSD is used as the system disk.
   SystemDiskCategory: cloud_essd
   # The name of the instance.
   InstanceName:
     Ref: ALIYUN::StackName
   VpcId:
     Ref: VpcId
   SecurityGroupId:
     Ref: EcsSecurityGroup
   VSwitchId:
     Ref: VSwitchId
   # The CentOS 7.9 image is used. If you want to use another image, make sure that the script in the UserData section is accordingly modified.
   ImageId: "centos_7_9_x64_20G_alibase_20220727.vhd"
   InstanceType:
     Ref: EcsInstanceType
   # The hostname.
   HostName:
     Ref: ALIYUN::StackName
   # The password that is used to log on to the ECS instance.
   Password:
     Ref: Password
   # Specifies whether to assign a public IP address to the instance.
   AllocatePublicIP: true
   InternetMaxBandwidthOut: 1
Slb:
 Type: ALIYUN::SLB::LoadBalancer
 Properties:
   LoadBalancerName:
     Fn::Join:
       - '-'
       - - mysql
         - Ref: ALIYUN::StackName
   VpcId:
     Ref: VpcId
   VSwitchId:
     Ref: VSwitchId
   PayType: PayOnDemand
   AddressType: intranet
   LoadBalancerSpec:
     Ref: SlbInstanceType
   SupportPrivateLink: true
SlbBackendServerAttachment:
 DependsOn:
   - EcsInstanceGroup
 Type: ALIYUN::SLB::BackendServerAttachment
 Properties:
   BackendServerList:
     Fn::GetAtt:
       - EcsInstanceGroup
       - InstanceIds
   LoadBalancerId:
     Ref: Slb
   BackendServerWeightList:
     - 100
     - 0
SlbListener:
 DependsOn: Slb
 Type: ALIYUN::SLB::Listener
 Properties:
   Persistence:
     CookieTimeout: 60
     StickySession: 'on'
     PersistenceTimeout: 180
     XForwardedFor: 'off'
     StickySessionType: insert
   ListenerPort: 3306
   Bandwidth: -1
   HealthCheck:
     HttpCode: http_2xx,http_3xx,http_4xx,http_5xx
     HealthCheckType: tcp
     UnhealthyThreshold: 3
     Timeout: 5
     HealthyThreshold: 3
     Port: 3306
     URI: /
     Interval: 2
   LoadBalancerId:
     Ref: Slb
   BackendServerPort: 3306
   Protocol: tcp
VpcEndpointService:
 DependsOn: Slb
 Type: ALIYUN::PrivateLink::VpcEndpointService
 Properties:
   ServiceDescription: isv service
   Resource:
     - ZoneId:
         Ref: ZoneId
       ResourceId:
         Ref: Slb
       ResourceType: slb
   AutoAcceptEnabled: true

Outputs: defines the information displayed on the Overview tab of the service instance details page in the Compute Nest console.

Outputs:
  EndpointServiceId:
    Description:
      en: EndpointService Id
      zh-cn: 终端节点服务Id
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceId
  Endpoint:
    Value:
      Fn::Join:
        - ''
        - - Ref: ALIYUN::StackName
          - .mysql.com
  MysqlUserName:
    Description:
      en: MySQL User Name
      zh-cn: MySQL登录用户名
    Value: admin

References

Service configurations

Create a hosted O&M service

Change the configurations of a service instance

Service upgrade configuration

Service delivery

Configure a service architecture