Tag Archives: OCI

Managing Policies in Oracle Cloud Infrastructure

Leave a reply

The Oracle Cloud Infrastructure policy specifies who has access to which resources in OCI. Policies simply allow a group to manage certain types of resources in a specific compartment in certain ways.

Policy basic Syntax:

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in compartment <compartment_name>

Allow group <group_name> | <group_ocid> to <verb> <resource-type> in tenancy

Verbs:

inspect: Resource listing without access to confidential information or user-specified metadata.
read: It includes inspect as well as the ability to get user-specified metadata as well as the resource itself.
use: Includes reading and working with existing resources. Includes updating the resource, except for resource types where “update” has the same effect as “create”. In general, this verb doesn’t include the ability to create or delete.
manage: Includes all permissions associated with the resource.

Resource types:

all-resources: All Oracle Cloud Infrastructure resource-types
compute-management-family: Compute
database-family: Autonomous Database, Bare Metal and Virtual Machine DB Systems
virtual-network-family: Networking

Here are few Policy examples that I have come across with my projects

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read metrics in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log-groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage log in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read object-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read all-resources in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage virtual-network-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage volume-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT 	

Allow group TEST_GROUP to manage cloud-shell in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to read file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to inspect file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage load-balancers in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage file-systems in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage mount-targets in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage export-sets in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage cloud-shell in tenancy	

Allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in tenancy	

Allow group TEST_GROUP to manage vaults in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage keys in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage alarms in tenancy

Allow group TEST_GROUP to manage metrics in tenancy	
	
Allow group TEST_GROUP to manage bastion-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage tag-namespaces in tenancy	

Allow group TEST_GROUP to read users in tenancy	

Allow group TEST_GROUP to inspect users in tenancy	

Allow group TEST_GROUP to use users in tenancy	

allow group TEST_GROUP to manage dynamic-groups in tenancy

Allow group TEST_GROUP to manage instance-family in compartment TEST_COMPARTMENT where request.resource.shape = 'VM.Standard.E2.1.Micro'

Allow group TEST_GROUP to read instance-family in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to use virtual-network-family in compartment TEST_COMPARTMENT

allow group TEST_GROUP to manage bastions in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage users in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage groups in compartment TEST_COMPARTMENT

Allow group Policy_Testing_group to manage policies in compartment TEST_COMPARTMENT

allow group Policy_Testing_group to manage compartments in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage groups in compartment TEST_COMPARTMENT

Allow group TEST_GROUP to manage policies in compartment TEST_COMPARTMENT

allow group TEST_GROUP to use cloud-shell in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage autonomous-database-family in compartment TEST_COMPARTMENT	

Allow group TEST_GROUP to manage db-systems in compartment TEST_COMPARTMENT

Happy Learning !!

OCI Load Balancer – Create and Configure Load Balancer in Oracle Cloud Infrastructure (OCI)

Leave a reply

The primary function of a load balancer in OCI is to manage incoming traffic to web applications. It acts like a gatekeeper, directing client requests across multiple servers. This setup ensures that no single server bears too much load, which in turn keeps the application running smoothly and reliably.

High Availability and Scalability

High availability is one of the key reasons for using a load balancer. It ensures that even if one server goes down, the application remains accessible by rerouting traffic to other functioning servers. Scalability comes into play when there’s a surge in user traffic. The load balancer efficiently distributes this increased traffic among servers, preventing any single server from becoming a bottleneck.

For creating Load Balancer, you need VCN and Subnets, please visit this page for the same – OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

Please create Two Private Compute Instances, for Creating Compute Instance, please visit this page OCI – Create OCI Compute Instance

Create 2 webservers in Private Subnet

VCN – 10.0.0.0/16

Public Subnet – 10.0.1.0/24

Private Subnet – 10.0.2.0/24

Web_Server1 – 10.0.2.254

Web_Server2 – 10.0.2.126

Configure Web Servers:

Install Apache HTTP Server in both web servers.

sudo yum install httpd -y  
sudo apachectl start  
sudo apachectl status
sudo systemctl enable httpd  
sudo systemctl status httpd
sudo apachectl configtest  
sudo firewall-cmd --permanent --zone=public --add-service=http  
sudo firewall-cmd --reload

Create an index file in web-server1:

sudo bash -c 'echo This is my Web-Server-1 running on Oracle Cloud Infrastructure >> /var/www/html/index.html'
cat /var/www/html/index.html

Create an index file in web-server2:

sudo bash -c 'echo This is my Web-Server-2 running on Oracle Cloud Infrastructure >> /var/www/html/index.html'
cat /var/www/html/index.html

Create and Test the Load Balancer

Click on Load Balancer – Provide Name, Choose Public LB and Flexible Shapes

Choose VCN and Public Subnet

Choose Round robin Policy and choose backend Servers

Specify health check policy for Backend Servers (HTTP and Port 80) and Provide name for Backend Set

Verify Security rules

Provide Name for Listener

Review and create Load Balancer.

Review Load Balancer Health Check.

Access the Application using LB Public IP – http://129.159.23.125:443

Review Backend sets and Listener Details

Now let us Test and Validate the Application using Load Balancer Public IP – http://129.159.23.125:443

LB is routing the requests to Web-Server 1 and Web-Server 2

Thank you !

Happy Learning !!

OCI – Create OCI Compute Instance

2 Replies

Navigate to the MENU –> Compute –> Instances. Click on Create Instance

Click on -> Create Instance

Provide Instance Name and compartment

Choose Availability Domain

I choose Image – Oracle Linux 8

Free Shape – VM Standard A1.Flex

Select VCN and Subnet

For Creating VCN and Subnet – OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

Click on Generate a Key pair -> Save Private and Public Key for connecting the instance

Click on Create

Connect to the server using Public IP and Private Key.

Thank you !

Happy Learning !!

OCI – Creating Virtual Cloud Network(VCN) with Public and Private Subnets

3 Replies

OCI Console -> MENU Networking -> Virtual Cloud Networks. Click Create Virtual Cloud Network (VCN) .

Provide VCN Name and Compartment

Choose a CIDR block – 10.0.0.0/16

VCN Creation is completed successfully. will work on subnet creation.

Create Public Subnet

TEST_VCN -> Create Subnet

Provide Subnet name and choose compartment

Choose a CIDR block – 10.0.1.0/24

Choose Public Subnet Access and Create Subnet

Private Subnet Creation:

TEST_VCN -> Create Subnet

Provide Subnet name and choose compartment

Choose a CIDR block – 10.0.2.0/24

Choose Private Subnet Access and Create Subnet

Review below VCN and Public and Private Subnet details

Thank you !

Happy Learning !!

Installation of OCI CLI in 10 minutes

Leave a reply

I choose server with Oracle Linux 8 on OCI always free to complete the setup

Update server before installing the CLI.

[root@testserver tmp]# sudo dnf update

Install Oracle Developer Tools

[root@testserver ~]# sudo dnf -y install oraclelinux-developer-release-el8

Install python

[root@testserver ~]# dnf install python36-oci-cli

Check the OCI CLI version

Setup the OCI to work with our Cloud Account

[root@testserver ~]# oci setup config

Provide OCI User Profile OCID – Profile -> User settings -> OCID

Provide OCI Tenancy OCID – Profile -> Tenancy details -> OCID

Provide region –> Number#10 or ap-mumbai-1

Need to upload the API key on OCI user which will be using for authentication

OCI User Profile -> User settings -> API Keys

Add API key -> Paste the public key

This Completes OCI CLI Setup – Lets validate the setup

[root@testserver ~]# oci iam availability-domain list

[root@testserver ~]# oci iam compartment list

Thank you !

Happy Learning !!