Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
Disclaimer 1
Overview 2
Pre-Requisites 2
ORACLE OCI
Overview
The Oracle Cloud Infrastructure Identity and Access Management (IAM) Service lets you control who
has access to your cloud resources. You control the types of access a group of users has and to which
specific resources.
The purpose of this lab is to give you an overview of the IAM Service components and an example
scenario to help you understand how they work together.
Pre-Requisites
Oracle Cloud Infrastructure account credentials (User, Password, and Tenant)
ORACLE OCI
Practice 2-1: Signing in to the Console
Overview
In this practice, you sign in to the Oracle Cloud Infrastructure console using your credentials.
Assumptions
Note: Some of the UIs might look a little different than the screenshots included in the instructions, but
students can still use the instructions to complete the hands-on labs.
Duration: 5 minutes
Tasks
1. Sign In
a. Open a supported browser and go to the Console URL. For example, https://console.us-
ashburn-1.oraclecloud.com.
b. Enter your tenant name: <Tenant> and click Continue.
ORACLE OCI
c. Oracle Cloud Infrastructure is integrated with Identity Cloud Services, you will see a screen
validating your Identity Provider. You can just click Continue.
ORACLE OCI
d. Enter your user name and password
Username: cloud.admin
Password: <instructor will provide password>
The home page gives you quick links to the documentation and to Oracle Support.
ORACLE OCI
Practice 2-2: Managing Users, Groups and Policies to Control Access
Overview
A user's permissions to access services comes from the groups to which they belong. The permissions
for a group are defined by policies. Policies define what actions members of a group can perform, and
in which compartments. Users can access services and perform operations based on the policies set
for the groups of which they are members.
We'll create users, groups, and policies to understand the concept.
Duration: 20 minutes
Tasks
1. Create a Group in Your Tenancy
a. Sign in to the console, on the Home page click Identity, then select Groups.
b. Click Create Group.
c. In the Create Group dialog box, enter the following:
1) Name: Enter a unique name for your group such as "oci-group” Note that the group name
cannot contain spaces.
2) Description: Enter a description (for example, “New group for oci users”).
3) Click Submit.
ORACLE OCI
2. Create a Compartment in Your Tenancy
a. On the Home page click Identity, then select Compartments.
b. Click Create Compartment.
c. In the Create Compartment dialog box, enter the following:
1) Name: Enter a unique name for your compartment such as "OCI-Demo” Note that the
compartment name cannot contain spaces.
2) Description: Enter a description (for example, “New compartment for oci demo”).
3) Click Create Compartment.
ORACLE OCI
3. Now, let’s create a policy that gives your group permissions in your assigned compartment. For
example, creates a policy that gives permission to compartment OCI-Demo to members or group
oci-group:
a. In the Console, click Identity, and then click Policies.
b. On the left side, select your OCI-Demo compartment.
c. Click Create Policy.
d. Enter a unique Name for your policy (For example, "Policy-for-oci-group") Note that the name
can NOT contain spaces.
e. Enter a Description (for example, "Policy for OCI Group").
f. Enter the following Statement:
Allow group oci-group to manage all-resources in compartment OCI-Demo
g. Click Create.
ORACLE OCI
b. Click Create User.
c. In the New User dialog box, enter the following:
i. Name: Enter a unique name or email address for the new user. For Example:
yourname@oracle.com
This value is the user's login name for the Console and it must be unique across all other
users in your tenancy.
ii. Description: Enter a description. For example, New oci user.
d. Click Create.
5. Set a Temporary Password for the Newly Created User
a. From the list of users, click on the user that you created to display its details.
b. Click Create/Reset Password.
ORACLE OCI
d. The new one-time password is displayed.
e. Click the Copy link and then click Close. Make sure to copy this password to your notepad.
6. Sign out
a. Click Sign Out from the user menu and log out of the cloud.admin user account.
7. Sign in as the new yourname@oracle user using a different web browser window.
a. Go to https://console.us-ashburn-1.oraclecloud.com.
b. Enter the Tenant name, if prompted.
c. Sign in as yourname@oracle.com.
d. Enter the password that you copied in Task 4.
ORACLE OCI
Note: Since this is the first-time sign-in, the user will be prompted to change the temporary
password, as shown in the screen capture.
e. Set the new password to Welc0me2*bmcs. Click Save New Password.
ORACLE OCI
c. The message “You don’t have access to this compartment” appears.
ORACLE OCI
Oracle Cloud Infrastructure
Practice: Apache Webserver on Compute
Instance (HOL)
V1.2
ORACLE LAB BOOK | MARCH 2018
Disclaimer
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Table of Contents
Disclaimer 1
Overview 2
Pre-Requisites 2
Practice 4-5: Expand the Compute Instance Storage using Block Volume 18
Summary 22
ORACLE OCI
Overview
Oracle has built Oracle Cloud Infrastructure(OCI) platform that can run both Oracle workloads and cloud
native applications. In this hands on lab, we will walk through getting an apache webserver running on
a compute instance on OCI. The purpose of this lab is to get familiar with Oracle Cloud Infrastructures
primitives. At the end of this lab, you will be familiar with creating a network, launching an instance, and
accessing the instance.
Pre-Requisites
Oracle Cloud Infrastructure account credentials (User, Password, and Tenant)
ORACLE OCI
Practice 4-1: Generate SSH Keys
1. Generate SSH keys to be used later while launching an instance.
MAC/LINUX
a. Generate ssh-keys for your machine if you don’t have one. As long as an id_rsa and id_rsa.pub
keypair is present they can be reused. By default these are stored in ~/.ssh/
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:tAn6nKkcZDTXl/vXRAD/pfLzdmF5rQ2948MQgz5CWe8
The key's randomart image is:
+---[RSA 2048]----+
| ... |
| . o..|
| o o o = o . o|
| . + o * o + +.|
| + S o o +.=|
| o o o . + E.*+|
| . = . o B+=|
| .o ..B+|
| o .o=|
+----[SHA256]-----+
b. Make sure permissions are restricted, sometimes ssh will fail if private keys have permissive
permissions.
FOR WINDOWS:
b. Open Git-bash:
ORACLE OCI
c. Generate ssh-keys by running this command in Git Bash
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/username/.ssh/id_rsa):
Created directory '/c/Users/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/username/.ssh/id_rsa.
Your public key has been saved in /c/Users/username/.ssh/id_rsa.pub.
ORACLE OCI
Practice 4-2: Signing in OCI Console and Setting up the Network
1. Sign In
a. Open a supported browser and go to the Console URL. For example, https://console.us-
ashburn-1.oraclecloud.com.
b. Enter your tenant name: <Tenant> and click Continue.
c. Oracle Cloud Infrastructure is integrated with Identity Cloud Services, you will see a screen
validating your Identity Provider. You can just click Continue.
ORACLE OCI
Username: cloud.admin
Password: <instructor will provide password>
The home page gives you quick links to the documentation and to Oracle Support.
ORACLE OCI
Practice 4-3: Create a Virtual Cloud Network
Overview
A Virtual Cloud Network (VCN) is a virtual version of a traditional network—including subnets, route
tables, and gateways—on which your compute instances run. Customers can bring their network
topology to the cloud with VCN. Creating a VCN involves a few key aspects such as:
Allocate a private IP block for the cloud (CIDR range for the VCN). Customers can bring their
own RFC1918 IP addresses.
Create Subnets by partitioning the CIDR range into smaller networks (sub networks for front
end, back end, database)
Create an optional Internet Gateway to connect VCN subnet with Internet. Instances created in
this subnet will have a public IP address.
Create Route table with route rules for Internet access
Create Security List to allow relevant ports for ingress and egress access
Note: You can launch one or more compute instances in a subnet. Each instance gets both a
public and private IP address. The launch instance dialog now has a check box for choosing
whether the instance has a public IP address.
You can communicate with the instances over the Internet via the public IP address from your
on-premises network.
2. Open the Console, click Networking.
3. Select a compartment on the left that you have permission to work in.
ORACLE OCI
Create in Compartment: This field defaults to the currently selected compartment. Select
the compartment you want to create the VCN in, if not already selected.
Name: Enter a name for your cloud network (for example, VCN-DEMO).
Note: Enter a friendly name for the cloud network. It doesn't have to be unique, and it
cannot be changed later in the Console (but you can change it with the API).
c. Select Create Virtual Cloud Network plus related resources. The dialog box expands to list
the items that will be created with your cloud network.
Note: This option is the quickest way to get a working cloud network in the fewest steps.
ORACLE OCI
d. Scroll to the bottom of the dialog box and click Create Virtual Cloud Network.
e. A confirmation page displays the details of the cloud network that you just created.
ORACLE OCI
For example, the cloud network above has the following resources and characteristics:
CIDR block range of 10.0.0.0/16
An Internet Gateway
A route table with a default route rule to enable traffic between VCN and the Internet
Gateway
A default security list that allows specific ingress traffic to and all egress traffic from
the instance
A public subnet in each Availability Domain
The VCN will automatically use the Internet and VCN Resolver for DNS
ORACLE OCI
Practice 4-4: Creating a Webserver on a Compute Instance
1. Navigate to the Compute tab and click Launch Instance. We will launch a VM instance for this lab.
2. In order to launch the instance, choose an image (Oracle Linux 7 – Latest version), choose a shape
of the instance (VM.Standard 1.1), Availability Domain to launch the instance (AD1, AD2 or AD3), the
VCN network created above, subnet (in the appropriate Availability Domain) and the public SSH keys
to access the instance. In this lab, we will focus on launching only a single instance VM in one
Availability Domain.
ORACLE OCI
ORACLE OCI
Launching an instance is simple and intuitive with few options to select. Provisioning of the compute
instance will complete in less than a minute and the instance state will change from provisioning to
running.
ORACLE OCI
3. Once the instance state changes to Running, you can SSH to the Public IP address of the instance.
4. To connect to the instance, you can use ‘Terminal’ if you are using MAC or Gitbash if you are using
Windows.
You can use the following command to SSH into the OCI VM on UNIX-style system (including Linux,
Solaris, BSD, and OS X).
For windows, use a tool like GitBash to login into the Linux instance.
ORACLE OCI
5. For this lab, we are going to install an Apache HTTP Webserver and try to connect to it over the public
internet.
Apache HTTP Server is an open-source web server developed by the Apache Software Foundation.
The Apache server hosts web content, and responds to requests for this content from web browsers
such as Chrome or Firefox.
Start the apache server and configure it to start after system reboots
$ sudo apachectl start
$ sudo systemctl enable httpd
Create firewall rules to allow access to the ports on which the HTTP server listens.
$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --reload
NOTE: It doesn’t return anything because the Virtual Cloud Network needs to open port 80 for the
traffic to the reach the Linux VM.
6. Click on Virtual Cloud Network and then the VCN you created above (Training VCN). Click on
Security Lists on the left navigation bar for the VCN. Then click on the Default Security List. Here
you need to open port 80. Click on Edit all rules.
ORACLE OCI
a. Click on +Add Rule and add the following values as shown below under the Allow Rules for
Ingress.
Source CIDR: 0.0.0.0/0
Protocol: TCP
Source Port Range: All
Destination Port Range: 80
ORACLE OCI
7. Navigate to <http://<publicIPAddress:80> (the IP address of the Linux VM) in your browser. Now you
should see the index page of the webserver we created above.
Troubleshooting:
If you are unable to see the webserver on your browser, possible scenarios include
VCN Security Lists is blocking traffic, Check VCN Security List for ingress rule for port 80
Firewall on the linux instance is blocking traffic
o $sudo firewall-cmd --zone=public --list-services (this should show http service as part of
the public zone)
o $sudo netstat -tulnp | grep httpd (an httpd service should be listening on the port 80, if it’s
a different port, open up that port on your VCN SL)
Your company VPN is blocking traffic
ORACLE OCI
Practice 4-5: Expand the Compute Instance Storage using Block Volume
Overview
A common usage of Block Volume is adding storage capacity to an Oracle Cloud Infrastructure instance.
Once you have launched an instance and set up your cloud network, you can create a block storage
volume through the Console or API. Once created, you attach the volume to an instance using a volume
attachment. Once attached, you connect to the volume from your instance's guest OS using iSCSI or.
The volume can then be mounted and used by your instance.
1. Navigate to the Storage tab on top right corner of the console and click on Block Volume.
2. In Bock Volume service, Click on Create Block Volume and provide the following details.
Quick recap on the block volume backup policies: There are three predefined backup policies,
Bronze, Silver, and Gold Each backup policy has a set backup frequency and retention period.
Bronze Policy: The bronze policy includes monthly incremental backups, run on the first day of the
month. These backups are retained for twelve months. This policy also includes a full backup, run
yearly on January 1st. Full backups are retained for five years.
ORACLE OCI
Silver Policy: The silver policy includes weekly incremental backups that run on Sunday. These
backups are retained for four weeks. This policy also includes monthly incremental backups, run on
the first day of the month and are retained for twelve months. Also includes a full backup, run yearly
on January 1st. Full backups are retained for five years.
Gold Policy: The gold policy includes daily incremental backups. These backups are retained for
seven days. This policy also includes weekly incremental backups that run on Sunday and are
retained for four weeks. Also includes monthly incremental backups, run on the first day of the month,
retained for twelve months, and a full backup, run yearly on January 1st. Full backups are retained
for five years.
ORACLE OCI
The volume will be ready to attach once its icon no longer lists it as PROVISIONING in the volume list.
3. Once the Block Volume is created, you can attach it to the VM instance you just launched. Go to the
Compute instance tab, and navigate to the VM instance and click on the Attach Block Volume
button.
4. Select the volume created from the drop down menu and click Attach. Once it gets attached after
provisioning, the console shows the disk is attached.
5. Once the block volume is attached, you can navigate to view the iSCSI details for the volume in order
to connect to the volume. It takes a minute for the volume to complete attaching.
Click on the ellipsis and then click iSCSI Command and Information link. Connect to the instance
through SSH and run the iSCSI ATTACH COMMANDS as provided (shown below).
ORACLE OCI
Click on COPY to copy all commands and ssh into the compute instance and run all these commands by
pasting it in the terminal.
6. Once the disk is attached, you can run the following commands to format the disk and mount it.
$ ssh –i </path/privateKey> opc@<PublicIP_Address>
$ sudo lsblk
ORACLE OCI
When mounting a storage volume for the first time, you can format the storage volume and create a
single, primary partition that occupies the entire volume by using fdisk command (Caution: Using fdisk to
format the disk deletes any data on the disk).
Use mkfs to create a file system on the storage volume. Once filesystem is created, create a new mount
point and mount the new disk.
Summary
In this lab, you were able to quickly create a Virtual Cloud Network in the cloud, launch an instance, install
an apache webserver and successfully access the server by allowing TCP traffic on port 80 in the Security
Lists of the Virtual Cloud Network.
ORACLE OCI
Oracle Cloud Infrastructure
Practice: File Storage Service
V1.2
ORACLE LAB BOOK | MARCH 2018
Disclaimer
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Table of Contents
Disclaimer 1
ORACLE OCI
Practice 5a-1: Signing in to the Console
Overview
In this practice, you sign in to the Oracle Cloud Infrastructure console using your credentials.
Assumptions
Note: Some of the UIs might look a little different than the screenshots included in the instructions, but
students can still use the instructions to complete the hands-on labs.
Duration: 5 minutes
Tasks
1. Sign In
a. Open a supported browser and go to the Console URL. For example, https://console.us-
ashburn-1.oraclecloud.com.
b. Enter your tenant name: <Tenant> and click Continue.
ORACLE OCI
c. Oracle Cloud Infrastructure is integrated with Identity Cloud Services, you will see a screen
validating your Identity Provider. You can just click Continue.
ORACLE OCI
d. Enter your user name and password
Username: cloud.admin
Password: <instructor will provide password>
The home page gives you quick links to documentation and to Oracle Support.
ORACLE OCI
Practice 5a-2: Creating Security Lists to support FSS
Overview
Oracle Cloud Infrastructure File Storage Service provides a durable, scalable, distributed, enterprise-
grade network file system. You can connect to a File Storage Service file system from any bare metal,
virtual machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file
system from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol
security (IPSec) virtual private network (VPN).
Assumptions
Get familiar with the Key Concepts and Terminology of Oracle Cloud Infrastructure. You have been
provisioned a tenancy in Oracle Cloud Infrastructure. Make sure you have an Oracle Linux instance
running.
Tasks
2. Create a Security List
Note: To use Oracle Cloud Infrastructure, you must be given the required type of access in
a policy written by an administrator in the compartment you are going to work in. Before you create
a file system, you need at least one Virtual Cloud Network (VCN) in the compartment. You must
configure security list rules for the VCN subnet in which you are planning to create the file system
mount target. Security list rules specify what type of traffic can enter and exit a mount target. You
configure security lists at the subnet level, but rules are enforced at the instance level. File systems
require you to configure bi-directional rules for each port range they use. Therefore, you must set up
two stateful rules for each port range, one where the port is the source, and one where the port is
the destination.
a. Sign in to the Console, click Network, and then click Virtual Cloud Networks.
b. Select your VCN Create Block Volume.
c. On the details page for the cloud network, click Security Lists, and then find the security list
used by the subnet to be associated with your file system.
d. On the details page of the security list, click Edit All Rules
e. Add the following ingress rule for access of NFS and NLM traffic:
1) Source CIDR: 10.0.0.0/16
2) IP Protocol: TCP
3) Source Port Range: All
4) Destination Port Range: 2048-2050
ORACLE OCI
f. Click + Add Rule to add more rules.
g. Create a second ingress rule for NFS and NLM traffic with a Source Port Range of 2048-
2050.
1) Source CIDR: 10.0.0.0/16
2) IP Protocol: TCP
3) Source Port Range: 2048-2050
4) Destination Port Range: All
ORACLE OCI
ORACLE OCI
Practice 5a-3: Creating a File System
Note: File systems are encrypted by default. You cannot turn off encryption. The mount target must be
in the same availability domain as the file system. You cannot change the availability domain.
Tasks
3. Open the Console, click Storage, and then click File Systems.
4. Click Create File System.
5. In the Create File System dialog, under File System Information, enter the following:
a) Name: FSS-Storage
b) Availability Domain: AD-1
ORACLE OCI
Practice 5a-4: Mounting a File System
Overview
Users of Ubuntu and Linux operating systems can use the command line to connect to a file system and
write files. Mount targets serve as file system network access points. After your mount target is assigned
an IP address, you can use it to mount the file system. On the instance from which you want to mount
the file system, you need to install an NFS client and create a mount point. When you mount the file
system, the mount point effectively represents the root directory of the File Storage file system, allowing
you to write files to the file system from the instance.
Tasks
8. Connect to the instance, you can use ‘Terminal’ if you are using MAC or Gitbash if you are using
Windows.You can use the following command to SSH into the OCI VM on UNIX-style system
(including Linux, Solaris, BSD, and OS X).
9. Then, get the NFS client and install it as root by typing the following:
11. Mount the file system by typing the following. Replace 10.x.x.x: with the local subnet IP address
assigned to your mount target. The export path is the path to the file system (relative to the mount
target’s IP address or hostname). If you did not specify a path when you created the mount target,
then 10.x.x.x:/ represents the full extent of the mount target.
Note: You can mount FSS in multiples nodes at the same time.
ORACLE OCI
Oracle Cloud Infrastructure
Practice: Load Balancer Service
V1.2
ORACLE LAB BOOK | MARCH 2018
Disclaimer
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Table of Contents
Disclaimer 1
Overview 2
Pre-Requisites 2
ORACLE OCI
Overview
The Load Balancing Service provides automated traffic distribution from one entry point to multiple
servers within your Virtual Cloud Network (VCN). The service offers a Public load balancer with a public
IP address, provisioned bandwidth, and high availability. The Load Balancing Service provisions the
public IP address across two subnets within a VCN to ensure accessibility even during an Availability
Domain outage.
In this practice, you create a simple public load balancer and verify it with a basic web server application.
Pre-Requisites
Oracle Cloud Infrastructure account credentials (User, Password, and Tenant)
ORACLE OCI
Practice 6-1: Signing in to the Console
Overview
In this practice, you sign in to the Oracle Cloud Infrastructure console using your credentials.
Assumptions
Note: Some of the UIs might look a little different than the screenshots included in the instructions, but
students can still use the instructions to complete the hands-on labs.
Duration: 5 minutes
Tasks
1. Sign In
a. Open a supported browser and go to the Console URL. For example, https://console.us-
ashburn-1.oraclecloud.com.
b. Enter your tenant name: <Tenant> and click Continue.
ORACLE OCI
c. Oracle Cloud Infrastructure is integrated with Identity Cloud Services, you will see a screen
validating your Identity Provider. You can just click Continue.
ORACLE OCI
d. Enter your user name and password
Username: cloud.admin
Password: <instructor will provide password>
The home page gives you quick links to the documentation and to Oracle Support.
ORACLE OCI
Practice 6-2: Create Virtual Cloud Network (VCN)
Overview
When you work with Oracle Cloud Infrastructure, one of the first steps is to set up a Virtual Cloud
Network (VCN) for your cloud resources. This practice gives you an overview of Network
Service components and a typical scenario for using a VCN.
For an instance in a given subnet to have direct access to the Internet, it must have the following
networking components:
The VCN must have an Internet Gateway that is enabled
The subnet must have a route rule that directs traffic to the gateway and must be a Public
Subnet
The subnet must have security list rules that allow the traffic (and each instance's firewall must
allow the traffic)
Each instance must have a public IP address
Duration: 10 minutes
Tasks
2. Create a Cloud Network - Public Subnets
Create a VCN for Load Balancer with the following components:
One public subnet per Availability Domain
The default security list
The default set of DHCP options
Note: You can launch one or more compute instances in a subnet. Each instance gets both a
public and private IP address. The launch instance dialog now has a check box for choosing
whether the instance has a public IP address.
You can communicate with the instances over the Internet via the public IP address from your
on-premises network.
a. Open the Console, click Networking.
b. Select a compartment on the left that you have permission to work in.
ORACLE OCI
c. Click Create Virtual Cloud Network.
d. Enter the following details:
1) Create in Compartment: This field defaults to the currently selected compartment. Select
the compartment you want to create the VCN in, if not already selected.
2) Name: Enter a name for your cloud network (for example, LB-DEMO).
Note: Enter a friendly name for the cloud network. It doesn't have to be unique, and it cannot
be changed later in the Console (but you can change it with the API).
e. Select Create Virtual Cloud Network plus related resources. The dialog box expands to list
the items that will be created with your cloud network.
Note: This option is the quickest way to get a working cloud network in the fewest steps.
ORACLE OCI
ORACLE OCI
f. Scroll to the bottom of the dialog box and click Create Virtual Cloud Network.
g. A confirmation page displays the details of the cloud network that you just created.
ORACLE OCI
For example, the cloud network above has the following resources and characteristics:
CIDR block range of 10.0.0.0/16
An Internet Gateway
A route table with a default route rule to enable traffic between VCN and the Internet
Gateway
A default security list that allows specific ingress traffic to and all egress traffic from
the instance
A public subnet in each Availability Domain
The VCN will automatically use the Internet and VCN Resolver for DNS
ORACLE OCI
Practice 6-3: Creating Two Web Servers
Overview
You will create two web servers that will work as backend servers for your Public Load Balancer.
Duration: 10 minutes
Tasks
1. Launch Two Instances
This example uses a VM.Standard2.1 shape.
a. In the Console, click Compute.
b. Click Launch Instance.
c. In the Launch Instance dialog box, enter the following:
1) Name: Enter a name (for example: Webserver1).
2) Availability Domain: Select the first Availability Domain in the list, AD-1.
3) Image: Select the Oracle-Linux-7.x image. (The image name has the latest patch date
appended to it.)
4) Shape: Select VM Standard2.1.
5) Virtual Cloud Network: Select the cloud network that you created (LB_Network).
6) Subnet: Select the public subnet LB Subnet 1 in Availability Domain 1.
7) DNS name: Leave blank.
8) SSH Keys: Use the pub key generated to create this instance. NOTE: Make sure to use
the keys that you have access too as you will use this key to ssh into the instances in next
steps.
d. Click Launch Instance.
e. Repeat the previous steps, but this time enter the name Webserver2, select Availability
Domain AD-2, LB_Network for the VCN, and LB Subnet 2 for the subnet.
ORACLE OCI
2. Start a Web Application on Each Instance. Use ssh to access the instances and start the web
server by executing the following commands on each instance:
Note: You can use two separate ssh sessions to execute these commands on both instances in
parallel to save time.
ORACLE OCI
Practice 6-4: Creating and Testing Load Balancer
Note: Your load balancer should always reside in different subnets than your application instances.
This allows you to keep your application instances secured in private subnets, while allowing public
Internet traffic to the load balancer in the public subnets.
1) In the Console, click Networking, and then click Virtual Cloud Networks. This
displays the list of VCNs in the current compartment.
2) Click the name of the VCN that includes your Web Instances.
c) Delete the entry for the ingress rule and the entry for the egress rule by
clicking on the red X icon.
Note: The security list should have no rules. The correct rules are automatically added during the load
balancer workflow.
ORACLE OCI
a) Create in Compartment: This field defaults to your current compartment.
Select the compartment you want to create the route table in, if not already selected.
ORACLE OCI
Availability Domain: Choose the first Availability Domain (AD-1).
d. Click Create.
ORACLE OCI
3. Create the second subnet.
Create a second load balancer subnet in a different Availability Domain from the subnet you previously
created.
ORACLE OCI
d) Route Table: Select the LB Route Table you created.
h) Click Create.
When you create a load balancer, you choose its shape (size) and you specify two subnets from
different Availability Domains. This ensures that the load balancer is highly available and is only
active in one subnet at a time.
a. In the Console, click Networking, and then click Load Balancers. Ensure that the
compartment designated for you is selected on the left.
2) Shape: Select 100Mbps. This specifies the bandwidth of the load balancer. For this
tutorial, use the smallest shape. Note that the shape cannot be changed later.
3) Virtual Cloud Network: Select the Virtual Cloud Network for your load balancer.
5) Subnet (2 of 2): Select LB Subnet 2. Note that the second subnet must reside in a
different Availability Domain from the first.
d. Click Create.
ORACLE OCI
When a load balancer is created, you're assigned a public IP address to which you route all incoming
traffic. The IP address is highly available, meaning it is available from both subnets that you specified.
Note that it is only active in one subnet at a time.
ORACLE OCI
5. Create a Backend Set with Health Check
A backend set is a collection of backend servers to which your load balancer directs traffic. Define the
backend set policy and health check.
1) Name: Give your load balancer backend set a name. The name cannot contain
spaces.
2) Port: Enter 80
3) URL Path (URI): Enter "/"
The rest of the fields are optional and can be left blank for
this practice.
ORACLE OCI
e. Click Create.
When the Backend Set is created, the Work Request status changes to Succeeded. Close the
Work Request dialog box.
a. On the details page of your load balancer, click Backend Sets. The backend set you created is
displayed.
a) Updates to the security list for your load balancer subnets are as follows:
(i) Allow egress traffic to the backend server 1 subnet (for example, Public-Subnet-AD1)
(ii) Allow egress traffic to the backend server 2 subnet (for example, Public-Subnet-AD2)
b) Updates to the security list for your backend server subnets are as follows:
ORACLE OCI
(i) Allow ingress traffic from load balancer subnet 1
This opens a new browser tab that displays the instances in the current compartment.
b) If your instances are not in the current compartment, select the compartment to which the
instance belongs (select from the list on the left side of the page). A shortened version of the
instance's OCID is displayed next to each instance.
c) Click Copy to copy the OCID. You can then paste it into the Instance ID field.
ORACLE OCI
5) Repeat Steps 2 through 4, pasting in the OCID for the second instance (Webserver2).
6) Click Submit.
ORACLE OCI
5. Create a Listener
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress
client traffic using the port you specify within the listener and the load balancer's public IP. In this
practice, you define a listener that accepts HTTP requests on port 80.
ORACLE OCI
d. Click Create.
ORACLE OCI
1. Update the Load Balancer Subnet Security List to Allow Internet Traffic to the Listener. To
enable the traffic to get to the listener, update the load balancer subnet's security list.
b. Click Security Lists. A list of the security lists in the cloud network is displayed.
c. Click the LB Security List. This displays the details of the LB Security List.
ORACLE OCI
g. Click Save Security List Rules.
Test the functionality of the load balancer by navigating to its public IP address on a web browser.
ORACLE OCI
ORACLE OCI