Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
E88957-06
December 2018
Oracle Cloud Administering Oracle Blockchain Cloud Service,
E88957-06
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are
"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the
programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron,
the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise
set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be
responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,
products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface
Audience v
Documentation Accessibility v
Related Documents v
Conventions vi
iii
Delete an OBCS Instance 3-8
iv
Preface
Administering Oracle Blockchain Cloud Service explains how to provision and maintain
Oracle Blockchain Cloud Service (OBCS) instances.
Topics:
• Audience
• Documentation Accessibility
• Related Documents
• Conventions
Audience
This guide is intended for service administrators responsible for provisioning and
maintaining Oracle Blockchain Cloud Service .
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.
Related Documents
For more information, see these Oracle resources:
• Oracle Cloud:
http://cloud.oracle.com
• Getting Started with Oracle Cloud
• Managing and Monitoring Oracle Cloud
• Using Oracle Blockchain Cloud Service
v
Preface
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
vi
1
Get Started with Oracle Blockchain Cloud
Service
This section describes how to get started with Oracle Blockchain Cloud Service
(OBCS) for Oracle Cloud account and service administrators.
Topics:
• About Oracle Blockchain Cloud Service
• Before You Begin with Oracle Blockchain Cloud Service
• Workflow for Administering OBCS
• How to Begin with OBCS
1-1
Chapter 1
Before You Begin with Oracle Blockchain Cloud Service
1-2
Chapter 1
How to Begin with OBCS
After you’ve created your instance and any required users, you can begin to use
OBCS as described in Using Oracle Blockchain Cloud Service
1-3
Chapter 1
How to Begin with OBCS
navigation menu in the top corner of the My Services dashboard and then click
Blockchain.
1-4
2
Create an OBCS Instance
As Cloud Account Administrator, you can create and set up an Oracle Blockchain
Cloud Service (OBCS) instance for your organization.
Topics
• Typical Workflow for Creating an OBCS Instance
• Before you Create an OBCS Instance
• Create a QuickStart Instance with a Single Click
• Create an OBCS Instance
• Create an Instance Using the PaaS Service Manager
• After You Create an OBCS Instance
2-1
Chapter 2
Create a QuickStart Instance with a Single Click
2-2
Chapter 2
Create an Oracle Blockchain Cloud Service Instance
Field Description
Instance Name Enter a name for your OBCS instance.
The service instance name:
• Must contain one or more characters.
• Must not exceed 15 characters.
• Must start with an ASCII letter: a to z.
• Must contain only ASCII lower-case letters or numbers.
• Must not contain a hyphen.
• Must not contain any other special characters.
• Must be unique within the identity domain.
Description (Optional) Enter a short description of the OBCS instance.
Notification Email Specify an email address where you would like to receive a notification when
the service instance provisioning has succeeded or failed.
Region Select the region where you want to host your service instance.
Tags (Optional) Select existing tags or add tags to associate with the service
instance.
To select existing tags, select one or more check boxes from the list of tags that
are displayed on the pull-down menu.
To create tags, click Click to create a tag to display the Create Tags dialog
box. In the New Tags field, enter one or more comma-separated tags that can
be a key or a key:value pair.
If you do not assign tags during provisioning, you can create and manage tags
after the service instance is created. See Creating, Assigning, and Unassigning
Tags.
Create a New Network Selecting this creates a complete blockchain environment. This instance
becomes the founder organization and you can onboard new participants in the
network later.
If this option is not selected, the instance will be created as a participant
organization and must join an existing blockchain network created elsewhere
before this instance can be used.
Configuration Select a provisioning shape which meets the needs of your deployment:
• Developer: A 1 Kafka orderer and 3 OCPU total in 1 VM; 1 unit minimum
charge (500 transactions/hr)
• Enterprise X1: A 3 node Kafka cluster and 3 x Standard 2.1 VM shapes; 2
unit minimum charge (1000 transactions/hr)
• Enterprise X4: A 3 node Kafka cluster and 3 x Standard 2.4 VM shapes; 8
unit minimum charge (4000 transactions/hr)
Note that the minimums are charged every hour even if no transactions are
used.
Peers Specify the number of peer nodes that will be initially created in this service
instance. You can create between 1 and 14 peer nodes for an Enterprise
configuration, and between 1 and 7 nodes for a Developer configuration.
Additional peer nodes can be added in the OBCS console at a later time.
4. Click Next.
5. Verify that the details are correct, and click Confirm.
It takes about 15 minutes to create the service instance. Oracle sends an email to the
designated email address when your service is ready. Display the Oracle Cloud
Activity tab to check the current status. Once the instance has been created it is
started, and can’t be stopped until it is deleted.
2-3
Chapter 2
Create an Instance Using the PaaS Service Manager
curl -X POST \
-u <username>:<password> \
https://<PSM_endpoint>/paas/api/v1.1/instancemgmt/<IdentityDomain>/
services/OABCSINST/instances
-H "Content-Type: application/vnd.com.oracle.oracloud.provisioning.Service
+json" \
-H "X-ID-TENANT-NAME: <IdentifyDomain>" \
-d "@service_payload.json" \
{
"serviceName": "your_service_name",
"appSize":"Enterprise-X1",
"serviceLevel": "PAAS",
"region":"your_region"
"organizationType": "true",
"numberOfPeersDev": "8",
"managedSystemType": "oracle",
"enableNotification":"true",
"notificationEmail":"your_email"
}
• serviceName
– Must contain one or more characters.
– Must not exceed 15 characters.
– Must start with an ASCII letter: a to z.
– Must contain only ASCII lower-case letters or numbers.
– Must not contain a hyphen.
– Must not contain any other special characters.
– Must be unique within the identity domain.
• appSize
– Developer: A 1 Kafka orderer and 3 OCPU total in 1 VM; 1 unit minimum
charge (500 transactions/hr)
– Enterprise-X1: A 3 node Kafka cluster and 3 X Standard 2.1 VM shapes; 2
unit minimum charge (1000 transactions/hr)
– Enterprise-X4: A 3 node Kafka cluster and 3 X Standard 2.4 VM shapes; 8
unit minimum charge (4000 transactions/hr)
2-4
Chapter 2
After You Create a Service Instance
• serviceLevel
– Must be set to PAAS
• region
– Optional. Select the region where you want to host your service instance.
• organizationType
– Must be set to true
• numberOfPeersDev
– Specify the number of peer nodes that will be initially created in this service
instance.
– 1 to 14 peer nodes for an Enterprise configuration.
– 1 to 7 nodes for a Developer configuration
• managedSystemType
– Must be set to oracle
• enableNotification
– Must be set to true
• notificationEmail
– Enter the email where all notifications will be sent.
If you are using the instance creation wizard in Oracle My Services, once you have
entered your desired configuration information, on the information confirmation page
you can download a service_payload.json file with your selections by clicking the
download icon.
2-5
Chapter 2
After You Create a Service Instance
2-6
3
Manage the Lifecycle of an Instance
You can use the Instances page of the My Services Console to perform routine
maintenance or troubleshooting for your Oracle Blockchain Cloud Service instance.
You can also monitor these lifecycle operations and other management activities for all
OBCS instances.
Topics:
• Exploring the OBCS Console
• Monitoring Activity
• Tracking the Number of OBCS Instances in an Account
• Managing Tags
• Deleting an Instance
Element Description
identity domain Click to change the resource identity domain.
3-1
Chapter 3
Explore the OBCS Console
Element Description
Click the user menu icon containing the initials of the user in order to access
a menu with the following options:
• Help: Provides links to documentation, videos, tutorials, and
troubleshooting information. You can also choose to download the
PaaS Service Manager (PSM) Command Line Interface (CLI) or
AppToCloud feature.
• Accessibility: Specify whether you use a screen reader, high contrast,
and/or large fonts.
• About: Provides a description of what you can do with OBCS, and the
version of the service and UI you are using.
• Sign Out: Logs you out of the service.
Access help for this page, including documentation, tutorials, videos, and
FAQs.
Click the Contact Use button to:
• Look up Oracle contact phone numbers
• Access My Oracle Support
• Access Oracle Cloud Discussion Forums
• Chat with Oracle Support online
Click and select a choice from the menu to open the service console for one
of the Oracle Cloud Services to which you subscribe.
(In the branding bar)
Instances Click to refresh this page.
Activity Click to view all operations performed on your service instances. See
Monitor Activity.
Welcome! Click to return to the Welcome page.
Click and select a choice from the drop-down menu to open the service
(Adjacent to the Welcome! link console for one of the Oracle Cloud Platform Services to which you
in the banner) subscribe.
Instances (Summary panel) Number of OBCS instances in the identity domain.
OCPUs (Summary panel) Total number of Oracle Compute Units (OCPUs) allocated across all OBCS
instances.
Memory (Summary panel) Total amount of memory in GBs allocated across all OBCS instances.
Storage (Summary panel) Total amount of block storage in GBs allocated across all OBCS instances.
Public IPs (Summary panel) Total number of public IP addresses allocated across all OBCS instances.
Instances (heading) All OBCS instances in the identity domain.
Enter a full or partial service instance name to filter the list of service
Search instances to include only the instances that contain the string in their name.
field
Click to refresh the page. The date and time the page was last refreshed is
displayed adjacent to this button.
Create Instance Create a new OBCS instance. See Creating an OBCS Instance.
OBCS instance. Click this icon to view more details.
3-2
Chapter 3
Explore the OBCS Console
Element Description
Status icon indicating that the OBCS instance wasn’t created. This icon can
also mean that the service instance has stopped. See the Activity section of
this page.
service-name Name of the OBCS instance. Click the name to view more details.
Status Status of the service instance. Valid values include: In Progress,
Maintenance, Terminating, Stopped, and Failed.
Click the status label to view progress messages.
Note:
Running service instances do not display this
field.
(adjacent to the service instance Instance menu icon provides the following options:
name) • Blockchain Console
: launches the OBCS console
• Delete: Deletes the service instance.
Instance Create and Delete History Shows details about created or deleted service instances.
• Show only failed attempts—Check this box if you want to see failed
attempts only.
• Details—Displays system messages logged during the creation or
deletion process. Messages include information about auto-retry
attempts.
• Complete Cleanup— This button appears only if there are failed
resources created during a successful auto-retry process. If you select
this button, the failed resources are deleted. You might have to press
the button again and wait, repeating this process until the button is no
longer displayed.
• Retry Delete—This button appears only if an attempt to delete a failed
service instances is unsuccessful. The software cleans up failed
resources and tries again to delete the service instance. You might
have to press the button again and wait, repeating this process until the
button is no longer displayed.
3-3
Chapter 3
Monitor Activity
Monitor Activity
You can view all of the cloud operations that have been performed on your Oracle
Blockchain Cloud Service instances.
You can restrict the list of activities that are displayed by using search filters. For each
activity, you can view the operation, service name, service type, status, start time and
end time. You can also view the name of the cloud user that initiated the activity.
1. Access your service console.
2. Click the Activity tab.
3. To locate a specific activity, complete these fields in the Search Activity Log
area, and then click Search.
By default, this page displays all Oracle Blockchain Cloud Service activities that
occurred in the previous 24 hours.
4. Optional: Select a value for Results per page to limit the maximum number of
search results.
2. On the Dashboard, select Open Service Console from the menu on the
Blockchain tile.
The tile displays the number of OBCS instances in the identity domain.
Manage Tags
A tag is an arbitrary key or a key-value pair that you can create and assign to your
Oracle Blockchain Cloud Service instances. You can use tags to organize and
categorize your instances, and to search for them.
Topics:
• Creating, Assigning, and Unassigning Tags
• Finding Tags and Instances Using Search Expressions
3-4
Chapter 3
Manage Tags
1. Navigate to the Overview page for the instance for which you want to assign or
unassign tags.
2. This step depends on whether any tags are already assigned to the instance:
If at least one tag is assigned to the instance, the Overview page shows a Tags
field.
a. Hover over any of the tags in the Tags field, until a More link is displayed.
b. Click the More link.
If you don’t see the Tags field, then no tags are currently assigned to the instance.
a. Click Manage this service in the instance name bar at the top.
b. Select Add Tags.
3. In the Manage Tags dialog box, assign or unassign tags, as required:
• In the Assign section, from the Tags field, select the tags that you want to
assign to the instance.
• If the tags that you want to assign don't exist, select Create and Assign in the
Tags field, and then enter the required tags in the Enter New Tags field.
• To unassign a tag, in the Unassign section, look for the tag that you want to
unassign, and click the X button next to the tag.
Note:
You might see one or more tags with the key starting with ora_.
Such tags are auto-assigned and used internally. You can’t assign or
unassign them.
• To exit without changing any tag assignments for the instance, click Cancel.
4. After assigning and unassigning tags, click OK for the tag assignments to take
effect.
3-5
Chapter 3
Manage Tags
Similarly, when you use the REST API to find tags or to find instances that are
assigned specific tags, you can filter the results by appending the optional
tagFilter=expression query parameter to the REST endpoint URL.
• To find specific tags: GET paas/api/v1.1/tags/{identity_domain}/tags?
tagFilter={expression}
• To get a list of instances that are assigned specific tags: GET paas/api/v1.1/
instancemgmt/{identity_domain}/instances?tagFilter={expression}
This request returns all the tags that have the key env.
• Enclose each key and each value in single quotation marks. And use a colon (:) to
indicate a key:value pair.
Examples:
'env'
'env':'dev'
'env':'d Finds the tag with the key env and the The following tag, or the instances
ev' value dev, or the instances that are that are assigned this tag
assigned that tag.
env:dev
• You can build a tag-search expression by using actual keys and key values, or by
using the following wildcard characters.
% (percent sign): Matches any number of characters.
_ (underscore): Matches one character.
3-6
Chapter 3
Manage Tags
• To use a single quotation mark ('), the percent sign (%), or the underscore (_) as a
literal character in a search expression, escape the character by prefixing a
backslash (\).
• You can use the Boolean operators AND, OR, and NOT in your search
expressions:
'env' AND 'owner' Finds the instances that The instances that are
are assigned the tags assigned all of the
env and owner. following tags:
Note: This expression
won’t return any results env:dev
when used to search for owner:admin
tags, because a tag can
have only one key.
3-7
Chapter 3
Delete an OBCS Instance
('env' OR 'owner') AND NOT Finds the tags that have The following tags, or the
'department' the key env or the key instances that are
owner but not the key assigned any of these
department, or the tags:
instances that are
assigned such tags. env:dev
owner:admin
3-8
Chapter 3
Delete an OBCS Instance
2. Select the service instance. The status of the service instance will be Deletion
Failed.
3. Click Retry Delete to initiate cleanup again.
3-9
4
Set Up Users and Access Roles
One of the first jobs you do after setting up a service with OBCS is to add user
accounts in Oracle Identity Cloud Service for everyone you expect to use the service
and assign them suitable permissions in the service.
Oracle Identity Cloud Service is available with your OBCS account. Use Oracle
Identity Cloud Service to add users and groups.
Topics:
• Use Oracle Identity Cloud Service for Authentication
• Connect to Oracle Identity Cloud Service from the Service Console
• Add Oracle Identity Cloud Service Users
• Assigning Roles in Oracle Identity Cloud Service
4-1
Chapter 4
Use Oracle Identity Cloud Service for Authentication
application from the OBCS instance page in My Services so it's easy for you to add
users and grant roles for your instance.
1. Open the Cloud My Services console.
2. Click the name of the OBCS instance.
The Service Overview page displays showing the Web Tier Security Service and
the Blockchain Service Manager.
3. Click the manager for your instance.
An overview page with OBCS instance details is displayed.
4. Click the link next to IDCS Application and log in with your Oracle Identity Cloud
Service credentials if prompted.
An instance of Oracle Identity Cloud Service opens on the Details tab. Details
about the application associated with your OBCS instance is displayed in Oracle
Identity Cloud Service. From here, you can add users and groups, and assign
them various permissions (application roles) in the OBCS instance.
The IDCS console has the following tabs used by the OBCS instance:
• Details - Displays information about the OBCS instance, including the application
ID, name, display name, and description.
• Application Roles - Displays roles. Use this tab to assign users to roles in OBCS.
• Groups - Displays user groups. You use this tab to create groups and then add
one or more users or applications to the group.
• Users - Displays users. You use this tab to add users and assign them to one or
more groups or applications.
4-2
Chapter 4
Use Oracle Identity Cloud Service for Authentication
4-3
Chapter 4
Use Oracle Identity Cloud Service for Authentication
For detailed information on user roles in OBCS, see Assigning Roles in Oracle Identity
Cloud Service.
4-4
Chapter 4
Use Oracle Identity Cloud Service for Authentication
"refresh_token"],
"allowedScopes": [{
"idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5",
"fqs": "https://URL.com:443/external"
}, {
"idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5",
"fqs": "https://URL.com:443/internal"
}, {
"idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5",
"fqs": "https://URL.com:443/restproxy"
}],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:App"
],
"isUnmanagedApp": true,
"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App":
{
"realmName": "'${appDisplay}'realmName",
"masterKey": "hello_world",
"defaultEncryptionSaltType": "defaultSalt",
"supportedEncryptionSaltTypes": [
"supportedTypes"
],
"ticketFlags": 1,
"maxTicketLife": 100,
"maxRenewableAge": 100
}
}'
4. Sign on to Oracle Identity Cloud Service using the user ID from the third-party
identity provider. You should now see the OBCS application as well as the
4-5
Chapter 4
Use Oracle Identity Cloud Service for Authentication
4-6
Chapter 4
Use Oracle Identity Cloud Service for Authentication
4-7
5
Top FAQs for Administration and
Configuration
The top FAQs for OBCS administration and configuration are identified in this topic.
5-1