intro to oracle cloud infrastructure - doug@cruepprich ruepprich.com terminology • subnet:...

@CRuepprich ruepprich.com

Intro To Oracle Cloud Infrastructure

Christoph Rüpprich

http://ruepprich.com


0

50

100

150

200

250

300

2017 2018 2019 2020 2021

Cloud Service Revenue Forecast (Billions of US Dollars)

https://www.gartner.com/en/newsroom/press-releases/2018-09-12-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2019

$ 278



What is The Cloud?

Someone else’s computer.



What is The Cloud?

Cloud computing metaphor: the group of networked elements providing services need not be individually addressed or managed by users…

…shared pools of configurable computer system resources and higher-level services that can be rapidly provisioned with minimal management effort…

… relies on sharing of resources to achieve coherence and economies of scale, similar to a public utility.

https://en.wikipedia.org/wiki/Cloud_computing



OCI vs OC Classic

• Announced in 2014

• VMs Only

• Many Regions

• Many services

OCI Classic (formerly OPC) OCI

• Announced in 2017

• VM,Bare Metal,Exadata

• US, Canada & Europe (currently)

• Autoscaling



Cloud Infrastructure

• Highly available hosted environment

• High performance compute capabilities (incl. physical hardware instances)

• Virtual networking

What?

• Exadata / RAC




• Low maintenance

• Quick provisioning, deployment, teardown(esp. with IaC - Infrastructure as Code)

• High performance

• High availability

Why?

https://cloud.oracle.com/en_US/cloud-infrastructure




https://cloud.oracle.com/en_US/cloud-infrastructure



Cloud Terminology

• SaaS - Software as a Service -> think Gmail

• PaaS - Platform as a Service -> think database

• IaaS - Infrastructure as a Service -> think blank server



Source: BMC - http://bit.ly/2JuddwH


http://bit.ly/2JuddwH


Terminology

• Tenancy: Cloud account of your organization

• Region: Geographic location

• Availability Domain: Datacenter within a regionIsolated, Fault Tolerant, No shared resources (power,cooling, etc)ADs connected by low latency, high bandwidth networks

• Compartment: Logical workspace



OCI Regions



Region

AvailabilityDomain 1



•High Availability •Disaster Recovery

•Fault Tolerant •Low Latency •High Bandwidth



Availability DomainAvailability Domain 1

Instances Networks

Databases

Datacenter



Fault DomainsAvailability Domain 1

Datacenter

Fault Domain 1

Fault Domain 2

Fault Domain 3



OCI Services

• Identity Management

• Network

• Load Balancing

• Compute

• Database

• File Storage

• Object Storage

• Container Engine (Kubernetes)

• Developer Tools (CLI,SDKs,APIs)

• …and more…



Resources



Users, Groups Policies

• User: Any individual

• Group: Set of users

• Policy: Actions group members can perform in which compartments.

Defined at Tenancy Level



PoliciesPolicies consist of one or more policy statements

Allow group <group_name> to <verb> <resource-type> in compartment <compartment_name>

Allow group HelpDesk to manage users in tenancy

Allow group A-Admins to manage all-resources in compartment Project-A

https://blogs.oracle.com/developers/automated-generation-for-oci-iam-policies



Policies

Allow group A-Admins to manage instance-family in compartment Project-A

Allow group A-Admins to manage volume-family in compartment Project-A

Allow group A-Admins to use virtual-network-family in compartment Networks

Manage compute instances and block storage in compartment Project-A, and use network in compartment

Network.


Networking

Instance

VCNCIDR Block 10.0.0.0/16

Internet GatewayRoute Table

Security List(Ports)

SubnetCIDR Block 10.0.1.0/24


CIDR BlocksClassless Inter-Domain Rounting

192.168.100.0/24 Leading bits24

Octets: 8 bits each

8 16 24 32

192.168.100.0/24

0 - 255 =256 IP Addresses

11111111 11111111 11111111 11111111

http://cidr.xyz


http://cidr.xyz


CIDR BlocksClassles Inter-Domain Rounting

Leading bits

8 16 24 32

192.168.100.0/16

0 - 255

11111111 11111111 11111111 11111111

0 - 255

65,536 IP Addresses



Terminology• Subnet: Partition of VCN within a single Availability Domain. Contiguous

IP range. No overlaps with other subnets in the same VCN

• Route Table: Route traffic from subnet to destinations outside VCN

• Security List: Virtual firewall controlling ports and protocols

• Internet Gateway: Router connecting the edge of the cloud to the internet

• Local & Remote Peering Gateways: Virtual router allows to peer VCNs in the same region (local) or another region (remote).



OCI - Networks



OCI - Subnets



Security List



Route Table



Internet Gateway



Wizards



Create VCN



Create Internet GatewayAccess to Internet



Create Route



Security ListVirtual Firewall



Security ListVirtual Firewall

Oracle Linux 7 and Windows instances also have firewall rules! On Linux, use firewalld to manage access.

Note:



Create Subnet

Instances are connected to Subnets!Note:



OCI - Compute



Shapes and Images

• Shape: Physical aspects of VM: Nbr. CPUs, Memory, IOPS

• Image: Operating system



OS Images



Shapes

VM.Standard1.2 => 2 OCPUs, 14GB RAM VM.Standard1.4 => 4 OCPUs, 28GB RAM VM.Standard1.8 => 8 OCPUs, 56GB RAM VM.Standard1.16 => 16 OCPUs, 112GB RAM VM.DenseIO1.4 => 4 OCPUs, 60GB RAM VM.DenseIO1.8 => 8 OCPUs, 120GB RAM VM.DenseIO1.16 => 16 OCPUs, 240GB RAM



Provision Compute



Firewall

•Check if ports are open# iptables-save | grep 443

•Add port# firewall-cmd --permanent --zone=public --add-service=https

•Reload firewall# systemctl stop firewalld; systemctl start firewalld

• Check port:# iptables-save | grep 443 -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT



OS Users

• Compute instance default user: opc

• Has sudo privileges



Metrics



Metrics: Alarms



Live Demo



APEX


ProvisioningAvailability Domain 1

Network, Sec List, Routes

Web Server

Database

Database As A ServiceDBaaS

Provision Database

Terminology

Shape: Resources allocated to a system CPUs, Memory, Storage

Shapes

https://docs.cloud.oracle.com/iaas/Content/Database/References/launchoptions.htm

OCI - Provision DB

OCI - Provision DB

Database versions 11 - 18Note:

Install Apex

• Connect to DBaaS instance as opc user

• Download APEX from OTNbit.ly/cmr-wget

• Install APEX as per documentation

• Make note of DBaaS private IP address for later ORDS configuration

Security

• Iptables already allow 1521

• Make sure security allows 1521

Check Service Name

$ lsnrctl services…Service "pdb1.jcatpublic.jcatvcn.oraclevcn.com" has 1 instance(s). Instance "jcat", status READY, has 2 handler(s) for this service... Handler(s): "DEDICATED" established:46 refused:0 state:ready LOCAL SERVER "DEDICATED" established:37 refused:0 state:ready LOCAL SERVER

jdbc connection

sqlcl usr/pwd@<pup/pvt ip>:1521/pdb1.jcatpublic.jcatvcn.oraclevcn.com

Database On IaaS


Database on IaaS

• Provision Compute

• Install & Configure Oracle

• Bring Your Own License

• Manage Oracle Yourself


OCI - Compute

Configuration Steps - Web Server• Provision Resources

• Install ORDS

• Install Tomcat

• Install Apache

• Configure SSL

• Proxy to Tomcat

• Open Firewall Ports

Provision Compute

OS Images

Provision Compute

Firewall

•Check if ports are open# iptables-save | grep 443

•Add port# firewall-cmd --permanent --zone=public --add-service=https

•Reload firewall# systemctl restart firewalld

• Check port:# iptables-save | grep 443 -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT

OS Users

• Compute instance default user: opc

• Has sudo privileges

DeploymentThe process of installing & configuring software

Apache

Apache• Install Apache

• Install mod_ssl

• Configure ssl certificates (self signed for demo)

• Configure ssl virtual host for https access

• Configure proxy to Tomcat

• Configure APEX images directory

Overview

ApacheOverview

ajpHttpsTomcat

ORDS

Apache

• As root• # yum update

• # yum install httpd

• # yum install mod_ssl

• # yum install java-1.8.0-openjdk

SSL Certificate (self-signed)• As root

• Generate key:# openssl genrsa -des3 -out server.key 1024

• Generate Certificate Signing Request:# openssl req -new -key server.key -out server.csr

• Remove passphrase:# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key

• Generate certificate# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

• Copy certificate and key to Apache directory# cp server.crt /etc/httpd/ssl/ # cp server.key /etc/httpd/ssl/

SSL Certificate (free)

• See https://letsencrypt.org/

https://letsencrypt.org/

Apache SSL

• ssl.conf

Listen 443<VirtualHost _default_:443> DocumentRoot /var/www/html ServerName cmr-apache SSLEngine on SSLCertificateFile /etc/httpd/ssl/server.crt SSLCertificateKeyFile /etc/httpd/ssl/server.key

ProxyRequests Off ProxyPreserveHost On

<Proxy *> Order deny,allow Allow from all </Proxy>

ProxyPass /ords ajp://localhost:8009/ords ProxyPassReverse /ords ajp://localhost:8009/ords

Alias "/i" "/var/www/apex/images"</VirtualHost>

Apache SSL

<VirtualHost *:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]</VirtualHost>

Redirect HTTP (80) traffic to HTTPS (443)apex.conf

Apache - SSL

• Edit httpd.conf # Load config files in the "/etc/httpd/conf.d" IncludeOptional conf.d/*.conf

Apache

• Control Apache # apachectl stop | start | status | restart

Tomcat

Install Tomcat

• $ wget http://mirror.reverse.net/pub/apache/tomcat/tomcat-8/v8.5.31/bin/apache-tomcat-8.5.31.tar.gz

Add to .bash_profile:export CATALINA_BASE=$HOME/apache-tomcat-8.5.31export CATALINA_HOME=$CATALINA_BASEexport WEBAPPS=$CATALINA_HOME/webapps

Manual Installation

http://mirror.reverse.net/pub/apache/tomcat/tomcat-8/v8.5.31/bin/apache-tomcat-8.5.31.tar.gz



Configure Tomcat

• Runs on port 8080 by default

• ajp on port 8009 by default

• Copy apex images to webapps

# cp -R /u01/dl/apex/images /usr/share/tomcat/webapps/i

Control Tomcat

# bash $CATALINA_HOME/bin/catalina.sh start | stop

Download ORDS

• http://www.oracle.com/technetwork/developer-tools/rest-data-services/downloads/index.html

• bit.ly/cmr-wget

Configure ORDS

$ cd /u01/ords$ java -jar ords.war Follow command prompts to configure ORDS For database IP address refer to DBAAS instance.

Accessing APEX

https://<compute_pubilic_ip_address>/ords

Summary

• Created DBaaS Oracle Database & Installed APEX

• Created compute instance & installed Apache, Tomcat, ORDS

• Configured Apache with SSL & ajp proxy to Tomcat

• Configured ORDS to access DBaaS database

intro to oracle cloud infrastructure - doug@cruepprich ruepprich.com terminology • subnet:...

Documents