Category Archives: Oracle CLOUD

Managing Policies in Oracle Cloud Infrastructure

Leave a reply

The Oracle Cloud Infrastructure policy specifies who has access to which resources in OCI. Policies simply allow a group to manage certain types of resources in a specific compartment in certain ways.

Policy basic Syntax:

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in compartment <compartment_name>

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in tenancy

Verbs:

inspect: Resource listing without access to confidential information or user-specified metadata.
read: It includes inspect as well as the ability to get user-specified metadata as well as the resource itself.
use: Includes reading and working with existing resources. Includes updating the resource, except for resource types where “update” has the same effect as “create”. In general, this verb doesn’t include the ability to create or delete.
manage: Includes all permissions associated with the resource.

Resource types:

all-resources: All Oracle Cloud Infrastructure resource-types
compute-management-family: Compute
database-family: Autonomous Database, Bare Metal and Virtual Machine DB Systems
virtual-network-family: Networking

Here are few Policy examples that I have come across with my projects

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read metrics in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log-groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read all-resources in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT 	

Allow group TEST_GROUP to manage cloud-shell in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to inspect file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage load-balancers in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage export-sets in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage cloud-shell in tenancy	

Allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in tenancy	

Allow group TEST_GROUP to manage vaults in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage keys in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage alarms in tenancy

Allow group TEST_GROUP to manage metrics in tenancy	
	
Allow group TEST_GROUP to manage bastion-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage tag-namespaces in tenancy	

Allow group TEST_GROUP to read users in tenancy	

Allow group TEST_GROUP to inspect users in tenancy	

Allow group TEST_GROUP to use users in tenancy	

allow group TEST_GROUP to manage dynamic-groups in tenancy

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT where request.resource.shape = 'VM.Standard.E2.1.Micro'

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage users in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage groups in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage policies in compartment TEST_COMPARTMENT

allow group Policy_Testing_group to manage compartments in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage policies in compartment TEST_COMPARTMENT

allow group TEST_GROUP to use cloud-shell in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage autonomous-database-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage db-systems in compartment TEST_COMPARTMENT

Happy Learning !!

Oracle Cloud Infrastructure – File System storage service FSS

Leave a reply

Let us see how to create the file storage service in the Oracle Cloud (OCI) and mount it via NFS to the Linux VM.

We can create a shareable file system using FSS to make it highly available.

File System Storage Service

Oracle Cloud Infrastructure File Storage Service provides a durable, scalable, distributed, enterprise-grade network file system. You can connect to a File Storage Service file system from any bare metal, virtual machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual private network (VPN).

Create the file system service in the Oracle Cloud. Navigate to: Storage -> File Systems. Click “Create…”

Provide File System Name

Create New Mount Target and provide Mount Target Name

Now File System is created. Go to Export Path

As per the Mount commands in Export Path, update the subnet security list ingress and egress rules

Install nfs utils and mount the file system

The file system has been mounted via NFS protocol and can now be used.

Happy Learning !!

OCI Remote Peering Connection – VCN Remote Peering across Regions in Oracle Cloud Infrastructure

Leave a reply

VCN Peering we need to have different CIDR Blocks without overlap, so I choose 10.254.0.0/16 and 172.16.0.0/16 from two different regions Hyd and Mumbai.

VCN -1VCN – 2
REGIONHYDERABADMUMBAI
VCN NAMEHYD_REGION_VCNMUMBAI_REGION_VCN
VCN CIDR10.254.0.0/16172.16.0.0/16
DRGHYD_DRGMUMBAI_DRG
RPCHYD_RPCMUM_RPC

Create Two VCNs in Hyderabad and Mumbai Regions with CIDR 10.254.0.0/16 and 172.16.0.0/16

Create Two DRGs in Hyderabad and Mumbai Regions

Create VCN Attachment in both DRGs, pointing to respective VCN.

In HYD DRG

In MUM DRG

Create Remote Peering Connection in both DRG regions.

In HYD DRG, create RPC

In MUM DRG, create RPC

Peering status is in NEW state both the sides

Now establish the peering between two VCNs

Go to any one of the RPC -> Click on Establish connection, provide Mumbai region and OCID of other RPC (Mumbai)

Check the Peering status from both the sides

Update the Route Table and Security Rules and Verify the connectivity between VCNs

Established the communication from the CIDR 10.254.0.0/16 to 172.16.0.0/16

Happy Learning !!

OCI Load Balancer – Create and Configure Load Balancer in Oracle Cloud Infrastructure (OCI)

Leave a reply

The primary function of a load balancer in OCI is to manage incoming traffic to web applications. It acts like a gatekeeper, directing client requests across multiple servers. This setup ensures that no single server bears too much load, which in turn keeps the application running smoothly and reliably.

High Availability and Scalability

High availability is one of the key reasons for using a load balancer. It ensures that even if one server goes down, the application remains accessible by rerouting traffic to other functioning servers. Scalability comes into play when there’s a surge in user traffic. The load balancer efficiently distributes this increased traffic among servers, preventing any single server from becoming a bottleneck.

For creating Load Balancer, you need VCN and Subnets, please visit this page for the same – OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

Please create Two Private Compute Instances, for Creating Compute Instance, please visit this page OCI – Create OCI Compute Instance

Create 2 webservers in Private Subnet

VCN – 10.0.0.0/16

Public Subnet – 10.0.1.0/24

Private Subnet – 10.0.2.0/24

Web_Server1 – 10.0.2.254

Web_Server2 – 10.0.2.126

Configure Web Servers:

Install Apache HTTP Server in both web servers.

sudo yum install httpd -y  
sudo apachectl start  
sudo apachectl status
sudo systemctl enable httpd  
sudo systemctl status httpd
sudo apachectl configtest  
sudo firewall-cmd --permanent --zone=public --add-service=http  
sudo firewall-cmd --reload

Create an index file in web-server1:

sudo bash -c 'echo This is my Web-Server-1 running on Oracle Cloud Infrastructure >> /var/www/html/index.html'
cat /var/www/html/index.html

Create an index file in web-server2:

sudo bash -c 'echo This is my Web-Server-2 running on Oracle Cloud Infrastructure >> /var/www/html/index.html'
cat /var/www/html/index.html

Create and Test the Load Balancer

Click on Load Balancer – Provide Name, Choose Public LB and Flexible Shapes

Choose VCN and Public Subnet

Choose Round robin Policy and choose backend Servers

Specify health check policy for Backend Servers (HTTP and Port 80) and Provide name for Backend Set

Verify Security rules

Provide Name for Listener

Review and create Load Balancer.

Review Load Balancer Health Check.

Access the Application using LB Public IP – http://129.159.23.125:443

Review Backend sets and Listener Details

Now let us Test and Validate the Application using Load Balancer Public IP – http://129.159.23.125:443

LB is routing the requests to Web-Server 1 and Web-Server 2

Thank you !

Happy Learning !!

OCI – Create OCI Compute Instance

2 Replies

Navigate to the MENU –> Compute –> Instances. Click on Create Instance

Click on -> Create Instance

Provide Instance Name and compartment

Choose Availability Domain

I choose Image – Oracle Linux 8

Free Shape – VM Standard A1.Flex

Select VCN and Subnet

For Creating VCN and Subnet – OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

Click on Generate a Key pair -> Save Private and Public Key for connecting the instance

Click on Create

Connect to the server using Public IP and Private Key.

Thank you !

Happy Learning !!

OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

3 Replies

OCI Console -> MENU Networking -> Virtual Cloud Networks. Click Create Virtual Cloud Network (VCN) .

Provide VCN Name and Compartment

Choose a CIDR block – 10.0.0.0/16

VCN Creation is completed successfully. will work on subnet creation.

Create Public Subnet

TEST_VCN -> Create Subnet

Provide Subnet name and choose compartment

Choose a CIDR block – 10.0.1.0/24

Choose Public Subnet Access and Create Subnet

Private Subnet Creation:

TEST_VCN -> Create Subnet

Provide Subnet name and choose compartment

Choose a CIDR block – 10.0.2.0/24

Choose Private Subnet Access and Create Subnet

Review below VCN and Public and Private Subnet details

Thank you !

Happy Learning !!

Installation of OCI CLI in 10 minutes

Leave a reply

I choose server with Oracle Linux 8 on OCI always free to complete the setup

Update server before installing the CLI.

[root@testserver tmp]# sudo dnf update

Install Oracle Developer Tools

[root@testserver ~]# sudo dnf -y install oraclelinux-developer-release-el8

Install python

[root@testserver ~]# dnf install python36-oci-cli

Check the OCI CLI version

Setup the OCI to work with our Cloud Account

[root@testserver ~]# oci setup config

Provide OCI User Profile OCID – Profile -> User settings -> OCID

Provide OCI Tenancy OCID – Profile -> Tenancy details -> OCID

Provide region –> Number#10 or ap-mumbai-1

Need to upload the API key on OCI user which will be using for authentication

OCI User Profile -> User settings -> API Keys

Add API key -> Paste the public key

This Completes OCI CLI Setup – Lets validate the setup

[root@testserver ~]# oci iam availability-domain list

[root@testserver ~]# oci iam compartment list

Thank you !

Happy Learning !!

Creating Single Instance Database in Oracle Cloud

Leave a reply

 

Login to Oracle cloud (https://cloud.oracle.com/home) by providing Identity Domain, you will see following Dashboard console:

Cloud creat1

Click on create Instance and database:

Cloud create2

Click on Custom:

Cloud create3

Provide instance name, DB Software version and other details…

Cloud create4

Provide DB Name and other details as below, Most important upload ssh public key which can be generated using puttygen Generate Public and Private Keys using PuTTYgen, save respective private key which can be used to connect server once after the configuration.

Please provide username and password when you are planning to use cloud storage container for backups.

Cloud create5

Double check the provided configuration before click on create database

Cloud create6

Database creation and configuration takes a while to complete the process and there you go..

Cloud create7

Thank you !!