Getting Started with Oracle Linux

Oracle Cloud Infrastructure has a set of Oracle Linux platform images that you can select when creating an instance.

Key features for Oracle Linux on Oracle Cloud Infrastructure

Oracle Linux platform images available on Oracle Cloud Infrastructure include:

The advantages of Oracle Cloud Infrastructure Oracle Linux platform images over traditional Oracle Linux deployments are:

  • Instances automatically have access to the Unbreakable Linux Network (ULN).

    • If the instance is connected to a service gateway, ULN access is automatic through the regional yum servers. These yum servers differ from the publicly available Oracle Linux yum server in that they also mirror content available on restricted ULN channels. You can access content on ULN without registering or using alternate tools to manage channel access, which simplifies software management on the instance.

  • All images since August 25, 2017 have Oracle Ksplice installed by default.

    • You can run Ksplice to install patches manually or enable automatic updates to get the latest security patches without any need to reboot.

  • The default kernel is the latest available Unbreakable Enterprise Kernel (UEK) version available for the image.

    • Setting the default kernel to UEK ensures the broadest functionality support immediately after deploying an instance.

  • Instances can use the OCI Utilities.

    • The OCI Utilities are a set of custom tools that allow the instance to access information about infrastructure resources. These tools can help automatically discover or provision resources as you need them.

Creating an Instance

You can create a Linux instance using the Embedded Marketplace, Oracle Images tab, or Oracle Cloud Marketplace.

Using the Embedded Marketplace
  1. Log in to the Oracle Cloud Infrastructure Console.

  2. Open the navigation menu and click Marketplace, then, under Marketplace, click All Applications.

  3. In the search box, type the name of the image. Options include:

  4. Press Enter and then select the image.

  5. Launch the instance:

    1. Select the Version of the image and the Compartment.

    2. Review and then accept the Oracle standard Terms and Restrictions.

    3. Click Launch Instance.

  6. Enter the Name, select the Compartment, and select the Availability Domain.

    You can add or change the name later. The name does not need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance.

  7. Change the instance type or the instance shape:

    1. Click Change Shape.

    2. Choose an Instance type of Virtual Machine or Bare Metal Machine.

    3. Select a compute Shape Series on which to deploy the image.

    4. Click Select Shape.

  8. Under Networking, make any necessary changes to the default settings.

  9. Under Add SSH keys, either generate a key pair or upload your own public key.

    If you provide an existing public key, then when you connect to the instance, you are prompted to also provide the associated private key. For more information about SSH keys, see Managing Key Pairs on Linux Instances.

  10. Under Boot volume, change the default boot volume size or encrypt the volume.

  11. Click Create to deploy your instance.

Using the Oracle Images Tab
  1. Log in to the Oracle Cloud Infrastructure Console.

  2. Open the navigation menu and click Compute, then, under Compute, click Instances.

  3. Click Create Instance.
  4. Enter the Name, select the Compartment, and select the Availability Domain.

    You can add or change the name later. The name does not need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance.

  5. Within the Image and Shape section, click Change Image.

  6. From the Browse All Images panel, under Image Source, select Oracle Images, and then choose name of the image. Options include:

  7. Review and then accept the Oracle standard Terms and Restrictions.

  8. Click Select Image.

  9. Change the instance type or the instance shape:

    1. Click Change Shape.

    2. Choose an Instance type of Virtual Machine or Bare Metal Machine.

    3. Select a compute Shape Series on which to deploy the image.

    4. Click Select Shape.

  10. Under Networking, make any necessary changes to the default settings.

  11. Under Add SSH keys, either generate a key pair or upload your own public key.

    If you provide an existing public key, then when you connect to the instance, you are prompted to also provide the associated private key. For more information about SSH keys, see Managing Key Pairs on Linux Instances.

  12. Under Boot volume, change the default boot volume size or encrypt the volume.

  13. Click Create to deploy your instance.

Using the Oracle Cloud Marketplace

The Oracle Cloud Marketplace is outside of Oracle Cloud Infrastructure. For more information, see Overview of Marketplace.

  1. Go to the Oracle Cloud Marketplace.

  2. In the search box, type the name of the image. Options include:

  3. Select the image version. Click Get App.

  4. Log into your Oracle Cloud Infrastructure Account.
  5. Launch the instance:

    1. Select the Version of the image and the Compartment.

    2. Review and then accept the Oracle standard Terms and Restrictions.

    3. Click Launch Instance.

  6. Enter the Name, select the Compartment, and select the Availability Domain.

    You can add or change the name later. The name does not need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance.

  7. Change the instance type or the instance shape:

    1. Click Change Shape.

    2. Choose an Instance type of Virtual Machine or Bare Metal Machine.

    3. Select a compute Shape Series on which to deploy the image.

    4. Click Select Shape.

  8. Under Networking, make any necessary changes to the default settings.

  9. Under Add SSH keys, either generate a key pair or upload your own public key.

    If you provide an existing public key, then when you connect to the instance, you are prompted to also provide the associated private key. For more information about SSH keys, see Managing Key Pairs on Linux Instances.

  10. Under Boot volume, change the default boot volume size or encrypt the volume.

  11. Click Create to deploy your instance.

For more information, see Creating a Compute Instance.

Accessing an Instance

Connect to your Oracle Cloud Infrastructure instance using SSH.

Note

For Oracle Linux Storage Appliance instances, connecting directly with SSH is not supported. Instead, access the instance through the web interface. See Accessing the Web Interface.
Prerequisites

Before connecting, obtain the following:

  • SSH client
  • Public IP address of the instance
  • Path to the SSH-2 RSA private key file
Connecting Using SSH
  1. Complete the Prerequisites.
  2. From an SSH client, use the default opc user to connect to the instance.

    For example:

    ssh -i PRIVATE_KEY_PATH opc@PUBLIC_IP_ADDRESS
  3. After you’re logged in as opc, you can use the sudo command to run administrative tasks.

    For example, run the following command to show details for all storage devices attached to your instance:

    sudo oci-iscsi-config --show

For more information, see:

Configuring an Instance

Configure the Oracle Linux instances by installing software, configuring updates, and managing users.

Installing Software on Oracle Linux Instances

Compute instances access the regional yum servers through the service gateway. Regional yum servers on Oracle Cloud Infrastructure differ from the Oracle Linux yum server in that they also mirror content available on restricted ULN channels.

Define the yum Repository Baseurl Variable

Yum repository configuration typically uses a yum variable in the baseurl for managing appropriate yum server access. By using variables, configuration can remain relatively standard across Oracle Linux deployments but provide access to the additional resources available to Oracle Cloud Infrastructure customers.

For example, the baseurl to the _latest repository for Oracle Linux 8 is:

baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL8/baseos/latest/$basearch/
  • Set the $ociregion variable by populating content in /etc/yum/vars/ociregion.

    If the ociregion file does not exist or is empty, the baseurl points to the publicly accessible Oracle Linux yum server. Typically, when you create the instance the $ociregion variable is set to point to the closest regional yum server on the Oracle Cloud Infrastructure service network. For example, if $ociregion is set to -phx, the baseurl expands to point to the regional yum server in Phoenix.

  • Set the $ocidomain variable by populating content in /etc/yum/vars/ocidomain.

Enable Restricted Content

To enable access to restricted content on the regional yum servers, ensure that you have installed the appropriate release-elx packages and enabled the repositories that you require access to. For example, on Oracle Linux 8, you can run the following commands to access the ol8_oci_included repository, where tools like Oracle InstantClient, the Oracle Java Development Kit and Oracle Java Runtime Environment are located:

sudo dnf install oci-included-release-el8
sudo dnf config-manager --enable ol8_oci_included

Other ULN channels are also available directly through the Oracle Cloud Infrastructure regional yum servers. For example, to access the Ksplice channels on an Oracle Linux 7 compute instance, you can do:

sudo yum install ksplice-release-el7
sudo yum-config-manager --enablerepo ol7_ksplice ol7_x86_64_userspace_ksplice

Most of these channels are installed and available by default in the latest platform images.

More Information

For Oracle Linux 7 instances, see Oracle Linux 7: Managing Software for more information.

For Oracle Linux 8 instances, see Oracle Linux 8: Managing Software on Oracle Linux for more information.

Configuring Oracle Linux System Updates

Regularly update the operating system and user space packages to obtain the latest bug fixes and security patches.

Although Oracle Ksplice can help keep a system patched without requiring a reboot, these updates only occur in-memory. You must also update packages on-disk to their latest versions, so that when the system reboots, it starts from the most current release.

Oracle recommends that you:

  1. Subscribe the instance to the _latest yum repository for your Oracle Linux release.

  2. Ensure you update any software that was installed outside of the Oracle Linux yum package manager.

    For example, tools such as flatpak and snap, for installing desktop applications; and pip, gem and npm, for installing Python, Ruby and Node libraries and modules, all have their own software update mechanisms.

  3. Always update instances to the most recent release of the operating system.

    Oracle Linux uses a rolling update level approach for keeping software up to date. For example, Oracle Linux 8.4 or Oracle Linux 8 Update 4, are rolling snapshots of the latest supported packages for the Oracle Linux release and are not considered independent versions of Oracle Linux.

  4. Manually update packages or install and configure the appropriate tool for automatic updates.

OS Management Updates

When managing multiple Oracle Linux instances, you can use OS Management to manage and monitor updates and patches for the operating system environments. OS Management also provides options for discovering and monitoring resources on your instances. See Linux Package Management using OS Management for more information.

Oracle Autonomous Linux Updates

Oracle Autonomous Linux can automatically handle system package updates on a regular schedule. Autonomous Linux provides automatic daily updates in addition to the zero-downtime Ksplice updates for kernel, OpenSSL, and glibc libraries. These updates are referred to as autonomous updates. When you create an Autonomous Linux instance, the service automatically creates a controlled scheduled job for autonomous updates. You can update the start time for the daily autonomous updates using the Console, CLI, or API.

Working with Users on Oracle Linux

Each Oracle Linux instance has a default opc user which you can use to perform base administrative tasks on a newly created instance.

The opc account has:

  • Full sudo privileges
  • No password configured (instead you access the account over SSH with a key pair configured when you create the instance)

Oracle recommends that you create and configure users and groups according to your access requirements. Access the instance as the opc user as described in Accessing an Instance, and then use the following steps.

Add a User

To add a user named alice to the system:

sudo useradd alice

To set a password for the user:

sudo passwd alice

Add a Group

To add a group called staff to the system:

sudo groupadd staff

Add a User to a Group

To add the user alice to the group staff:

sudo usermod -G staff alice

Manage Users and Groups

You can also manage the users in a group using the groupmems command. For example, to remove alice from the group staff:

sudo groupmems -d alice -g staff

Configure Permissions

You can define permissions by configuring users and groups within /etc/sudoers. By default, members of the wheel group can use sudo to obtain all root privileges. You can add entries for users or groups by adding files to /etc/sudoers.d. For example, the privileges assigned to the opc user are defined in /etc/sudoers.d/90-cloud-init-users.

More Information

See Create users and groups on Oracle Linux for a general introduction to working with users and groups.

Using Oracle Ksplice to Update Without Rebooting

Oracle Ksplice updates the Oracle Linux installation with all critical security patches without requiring a reboot.

Oracle Linux instances created after August 25, 2017 on Oracle Cloud Infrastructure have Oracle Ksplice already installed.

Important

A Ksplice update takes effect immediately upon application, which is different than on-disk changes that require a subsequent reboot to take effect. However, even when using Ksplice, you must also update packages on-disk to their latest versions, so that when the system reboots, it starts from the most current release. See Configuring Oracle Linux System Updates for more information.

Note

Some information sources refer to Ksplice Uptrack clients and the uptrack command. You can use the ksplice command in place of the uptrack command to manage these clients’ updates and patches.

For complete Oracle Ksplice documentation, see Oracle Linux: Ksplice User's Guide. You can also find more information at https://www.ksplice.com/.

Installing Ksplice on instances launched before August 25, 2017
Enabling Automatic Oracle Ksplice Updates

Oracle recommends configuring automatic Ksplice updates whenever possible.

For Oracle Autonomous Linux Instance

No additional configuration is required. Oracle Ksplice is already installed and configured by default to run automatic updates.

For Other Oracle Linux Instances

Set the value of autoinstall to yes in /etc/uptrack/uptrack.conf.

Getting Help with Ksplice

For a comprehensive source of information about Ksplice, refer to the manual page by typing:

man ksplice

For a more summarized form of help information, you can also type:

ksplice --help

See Using Oracle Ksplice in Oracle Linux for a hands-on tutorial on using Oracle Ksplice.

Viewing Current Patch Information

The following command displays the updates and patches that have been applied to the system:

sudo ksplice all show

The output includes the effective kernel version. If no patches had been applied, then the kernel version would match the output of the uname -r command.

You can limit the output to display only the updates to specific subsystems, as shown in the following examples:

  • To display the effective kernel version, type:

    sudo ksplice kernel show
Installing Ksplice Updates

To install available updates, use the ksplice upgrade command with the -y option. Installing patches or upgrades requires user confirmation before the action is run. For example:

sudo ksplice -y all upgrade

If you have enabled automatic Ksplice updates, you don't need to run the upgrade command as this action is performed regularly and automatically for you. See Enabling Automatic Oracle Ksplice Updates for more information.

More Learning Resources

Use these resources to learn more about Oracle Linux.

General Oracle Linux Documentation
The following links provide access to general documentation about Oracle Linux releases and related information. This material is not specific to Oracle Cloud Infrastructure but you can apply most of this content to instances running on Oracle Cloud Infrastructure:
Training Materials

The following links provide access to training material specific to Oracle Linux on Oracle Cloud Infrastructure and can help you to get started.

Blogs and Community Forums
The following content can help you to track features that Oracle is highlighting for Oracle Linux, or to reach other community users for more help or information.