Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet:...
Transcript of Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet:...
![Page 1: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/1.jpg)
@CRuepprich ruepprich.com
Intro To Oracle Cloud Infrastructure
Christoph Rüpprich
![Page 2: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/2.jpg)
@CRuepprich ruepprich.com
0
50
100
150
200
250
300
2017 2018 2019 2020 2021
Cloud Service Revenue Forecast (Billions of US Dollars)
https://www.gartner.com/en/newsroom/press-releases/2018-09-12-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2019
$ 278
![Page 4: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/4.jpg)
@CRuepprich ruepprich.com
What is The Cloud?
Cloud computing metaphor: the group of networked elements providing services need not be individually addressed or managed by users…
…shared pools of configurable computer system resources and higher-level services that can be rapidly provisioned with minimal management effort…
… relies on sharing of resources to achieve coherence and economies of scale, similar to a public utility.
https://en.wikipedia.org/wiki/Cloud_computing
![Page 5: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/5.jpg)
@CRuepprich ruepprich.com
OCI vs OC Classic
• Announced in 2014
• VMs Only
• Many Regions
• Many services
OCI Classic (formerly OPC) OCI
• Announced in 2017
• VM,Bare Metal,Exadata
• US, Canada & Europe (currently)
• Autoscaling
![Page 6: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/6.jpg)
@CRuepprich ruepprich.com
Cloud Infrastructure
• Highly available hosted environment
• High performance compute capabilities (incl. physical hardware instances)
• Virtual networking
What?
• Exadata / RAC
![Page 7: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/7.jpg)
@CRuepprich ruepprich.com
Cloud Infrastructure
• Low maintenance
• Quick provisioning, deployment, teardown(esp. with IaC - Infrastructure as Code)
• High performance
• High availability
Why?
https://cloud.oracle.com/en_US/cloud-infrastructure
![Page 8: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/8.jpg)
@CRuepprich ruepprich.com
Cloud Infrastructure
https://cloud.oracle.com/en_US/cloud-infrastructure
![Page 9: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/9.jpg)
@CRuepprich ruepprich.com
Cloud Terminology
• SaaS - Software as a Service -> think Gmail
• PaaS - Platform as a Service -> think database
• IaaS - Infrastructure as a Service -> think blank server
![Page 10: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/10.jpg)
@CRuepprich ruepprich.com
Source: BMC - http://bit.ly/2JuddwH
![Page 11: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/11.jpg)
@CRuepprich ruepprich.com
Terminology
• Tenancy: Cloud account of your organization
• Region: Geographic location
• Availability Domain: Datacenter within a regionIsolated, Fault Tolerant, No shared resources (power,cooling, etc)ADs connected by low latency, high bandwidth networks
• Compartment: Logical workspace
![Page 13: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/13.jpg)
@CRuepprich ruepprich.com
Region
AvailabilityDomain 1
AvailabilityDomain 2
AvailabilityDomain 3
•High Availability •Disaster Recovery
•Fault Tolerant •Low Latency •High Bandwidth
![Page 14: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/14.jpg)
@CRuepprich ruepprich.com
Availability DomainAvailability Domain 1
Instances Networks
Databases
Datacenter
![Page 15: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/15.jpg)
@CRuepprich ruepprich.com
Fault DomainsAvailability Domain 1
Datacenter
Fault Domain 1
Fault Domain 2
Fault Domain 3
![Page 16: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/16.jpg)
@CRuepprich ruepprich.com
OCI Services
• Identity Management
• Network
• Load Balancing
• Compute
• Database
• File Storage
• Object Storage
• Container Engine (Kubernetes)
• Developer Tools (CLI,SDKs,APIs)
• …and more…
![Page 18: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/18.jpg)
@CRuepprich ruepprich.com
Users, Groups Policies
• User: Any individual
• Group: Set of users
• Policy: Actions group members can perform in which compartments.
Defined at Tenancy Level
![Page 19: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/19.jpg)
@CRuepprich ruepprich.com
PoliciesPolicies consist of one or more policy statements
Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>
Allow group HelpDesk to manage users in tenancy
Allow group A-Admins to manage all-resources in compartment Project-A
https://blogs.oracle.com/developers/automated-generation-for-oci-iam-policies
![Page 20: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/20.jpg)
@CRuepprich ruepprich.com
Policies
Allow group A-Admins to manage instance-family in compartment Project-A
Allow group A-Admins to manage volume-family in compartment Project-A
Allow group A-Admins to use virtual-network-family in compartment Networks
Manage compute instances and block storage in compartment Project-A, and use network in compartment
Network.
![Page 21: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/21.jpg)
Networking
Instance
VCNCIDR Block 10.0.0.0/16
Internet GatewayRoute Table
Security List(Ports)
SubnetCIDR Block 10.0.1.0/24
![Page 22: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/22.jpg)
@CRuepprich ruepprich.com
CIDR BlocksClassless Inter-Domain Rounting
192.168.100.0/24 Leading bits24
Octets: 8 bits each
8 16 24 32
192.168.100.0/24
0 - 255 =256 IP Addresses
11111111 11111111 11111111 11111111
http://cidr.xyz
![Page 23: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/23.jpg)
@CRuepprich ruepprich.com
CIDR BlocksClassles Inter-Domain Rounting
Leading bits
8 16 24 32
192.168.100.0/16
0 - 255
11111111 11111111 11111111 11111111
0 - 255
65,536 IP Addresses
![Page 24: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/24.jpg)
@CRuepprich ruepprich.com
Terminology• Subnet: Partition of VCN within a single Availability Domain. Contiguous
IP range. No overlaps with other subnets in the same VCN
• Route Table: Route traffic from subnet to destinations outside VCN
• Security List: Virtual firewall controlling ports and protocols
• Internet Gateway: Router connecting the edge of the cloud to the internet
• Local & Remote Peering Gateways: Virtual router allows to peer VCNs in the same region (local) or another region (remote).
![Page 37: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/37.jpg)
@CRuepprich ruepprich.com
Security ListVirtual Firewall
Oracle Linux 7 and Windows instances also have firewall rules! On Linux, use firewalld to manage access.
Note:
![Page 38: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/38.jpg)
@CRuepprich ruepprich.com
Create Subnet
Instances are connected to Subnets!Note:
![Page 40: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/40.jpg)
@CRuepprich ruepprich.com
Shapes and Images
• Shape: Physical aspects of VM: Nbr. CPUs, Memory, IOPS
• Image: Operating system
![Page 42: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/42.jpg)
@CRuepprich ruepprich.com
Shapes
VM.Standard1.2 => 2 OCPUs, 14GB RAM VM.Standard1.4 => 4 OCPUs, 28GB RAM VM.Standard1.8 => 8 OCPUs, 56GB RAM VM.Standard1.16 => 16 OCPUs, 112GB RAM VM.DenseIO1.4 => 4 OCPUs, 60GB RAM VM.DenseIO1.8 => 8 OCPUs, 120GB RAM VM.DenseIO1.16 => 16 OCPUs, 240GB RAM
![Page 47: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/47.jpg)
@CRuepprich ruepprich.com
Firewall
•Check if ports are open# iptables-save | grep 443
•Add port# firewall-cmd --permanent --zone=public --add-service=https
•Reload firewall# systemctl stop firewalld; systemctl start firewalld
• Check port:# iptables-save | grep 443 -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
![Page 48: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/48.jpg)
@CRuepprich ruepprich.com
OS Users
• Compute instance default user: opc
• Has sudo privileges
![Page 54: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/54.jpg)
ProvisioningAvailability Domain 1
Network, Sec List, Routes
Web Server
Database
![Page 55: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/55.jpg)
Database As A ServiceDBaaS
![Page 56: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/56.jpg)
Provision Database
![Page 57: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/57.jpg)
Terminology
Shape: Resources allocated to a system CPUs, Memory, Storage
![Page 58: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/58.jpg)
Shapes
https://docs.cloud.oracle.com/iaas/Content/Database/References/launchoptions.htm
![Page 59: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/59.jpg)
OCI - Provision DB
![Page 60: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/60.jpg)
OCI - Provision DB
Database versions 11 - 18Note:
![Page 61: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/61.jpg)
Install Apex
• Connect to DBaaS instance as opc user
• Download APEX from OTNbit.ly/cmr-wget
• Install APEX as per documentation
• Make note of DBaaS private IP address for later ORDS configuration
![Page 62: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/62.jpg)
Security
• Iptables already allow 1521
• Make sure security allows 1521
![Page 63: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/63.jpg)
Check Service Name
$ lsnrctl services…Service "pdb1.jcatpublic.jcatvcn.oraclevcn.com" has 1 instance(s). Instance "jcat", status READY, has 2 handler(s) for this service... Handler(s): "DEDICATED" established:46 refused:0 state:ready LOCAL SERVER "DEDICATED" established:37 refused:0 state:ready LOCAL SERVER
![Page 64: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/64.jpg)
jdbc connection
sqlcl usr/pwd@<pup/pvt ip>:1521/pdb1.jcatpublic.jcatvcn.oraclevcn.com
![Page 65: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/65.jpg)
Database On IaaS
![Page 66: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/66.jpg)
@CRuepprich ruepprich.com
Database on IaaS
• Provision Compute
• Install & Configure Oracle
• Bring Your Own License
• Manage Oracle Yourself
![Page 67: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/67.jpg)
OCI - Compute
![Page 68: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/68.jpg)
Configuration Steps - Web Server• Provision Resources
• Install ORDS
• Install Tomcat
• Install Apache
• Configure SSL
• Proxy to Tomcat
• Open Firewall Ports
![Page 69: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/69.jpg)
Provision Compute
![Page 70: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/70.jpg)
OS Images
![Page 71: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/71.jpg)
Provision Compute
![Page 72: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/72.jpg)
Provision Compute
![Page 73: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/73.jpg)
Firewall
•Check if ports are open# iptables-save | grep 443
•Add port# firewall-cmd --permanent --zone=public --add-service=https
•Reload firewall# systemctl restart firewalld
• Check port:# iptables-save | grep 443 -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
![Page 74: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/74.jpg)
OS Users
• Compute instance default user: opc
• Has sudo privileges
![Page 75: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/75.jpg)
DeploymentThe process of installing & configuring software
![Page 76: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/76.jpg)
Apache
![Page 77: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/77.jpg)
Apache• Install Apache
• Install mod_ssl
• Configure ssl certificates (self signed for demo)
• Configure ssl virtual host for https access
• Configure proxy to Tomcat
• Configure APEX images directory
Overview
![Page 78: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/78.jpg)
ApacheOverview
ajpHttpsTomcat
ORDS
![Page 79: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/79.jpg)
Apache
• As root• # yum update
• # yum install httpd
• # yum install mod_ssl
• # yum install java-1.8.0-openjdk
![Page 80: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/80.jpg)
SSL Certificate (self-signed)• As root
• Generate key:# openssl genrsa -des3 -out server.key 1024
• Generate Certificate Signing Request:# openssl req -new -key server.key -out server.csr
• Remove passphrase:# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key
• Generate certificate# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
• Copy certificate and key to Apache directory# cp server.crt /etc/httpd/ssl/ # cp server.key /etc/httpd/ssl/
![Page 82: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/82.jpg)
Apache SSL
• ssl.conf
Listen 443<VirtualHost _default_:443> DocumentRoot /var/www/html ServerName cmr-apache SSLEngine on SSLCertificateFile /etc/httpd/ssl/server.crt SSLCertificateKeyFile /etc/httpd/ssl/server.key
ProxyRequests Off ProxyPreserveHost On
<Proxy *> Order deny,allow Allow from all </Proxy>
ProxyPass /ords ajp://localhost:8009/ords ProxyPassReverse /ords ajp://localhost:8009/ords
Alias "/i" "/var/www/apex/images"</VirtualHost>
![Page 83: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/83.jpg)
Apache SSL
<VirtualHost *:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]</VirtualHost>
Redirect HTTP (80) traffic to HTTPS (443)apex.conf
![Page 84: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/84.jpg)
Apache - SSL
• Edit httpd.conf # Load config files in the "/etc/httpd/conf.d" IncludeOptional conf.d/*.conf
![Page 85: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/85.jpg)
Apache
• Control Apache # apachectl stop | start | status | restart
![Page 86: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/86.jpg)
Tomcat
![Page 87: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/87.jpg)
Install Tomcat
• $ wget http://mirror.reverse.net/pub/apache/tomcat/tomcat-8/v8.5.31/bin/apache-tomcat-8.5.31.tar.gz
Add to .bash_profile:export CATALINA_BASE=$HOME/apache-tomcat-8.5.31export CATALINA_HOME=$CATALINA_BASEexport WEBAPPS=$CATALINA_HOME/webapps
Manual Installation
![Page 88: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/88.jpg)
Configure Tomcat
• Runs on port 8080 by default
• ajp on port 8009 by default
• Copy apex images to webapps
# cp -R /u01/dl/apex/images /usr/share/tomcat/webapps/i
![Page 89: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/89.jpg)
Control Tomcat
# bash $CATALINA_HOME/bin/catalina.sh start | stop
![Page 90: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/90.jpg)
ORDS
![Page 91: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/91.jpg)
Download ORDS
• http://www.oracle.com/technetwork/developer-tools/rest-data-services/downloads/index.html
• bit.ly/cmr-wget
![Page 92: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/92.jpg)
Configure ORDS
$ cd /u01/ords$ java -jar ords.war Follow command prompts to configure ORDS For database IP address refer to DBAAS instance.
![Page 93: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/93.jpg)
Accessing APEX
https://<compute_pubilic_ip_address>/ords
![Page 94: Intro To Oracle Cloud Infrastructure - DOUG@CRuepprich ruepprich.com Terminology • Subnet: Partition of VCN within a single Availability Domain.Contiguous IP range. No overlaps with](https://reader033.fdocuments.us/reader033/viewer/2022060400/5f0deb187e708231d43cb974/html5/thumbnails/94.jpg)
Summary
• Created DBaaS Oracle Database & Installed APEX
• Created compute instance & installed Apache, Tomcat, ORDS
• Configured Apache with SSL & ajp proxy to Tomcat
• Configured ORDS to access DBaaS database