Before You Begin

This 15-minute tutorial shows you how to configure a web proxy for access to external web sites.

Background

Oracle recommends that both Cloud Manager and the managed instances be created in private subnets for better security. Instances that are created in private subnets do not have public IP addresses, and cannot make direct outbound connections to the Internet. However, Cloud Manager must be able to connect to sites on the Internet.

Some of the target destinations for which a Cloud Manager instance requires Internet access include Oracle Cloud Infrastructure API access, the Terraform plugin site, My Oracle Support download site, Python modules download site, and Oracle YUM repositories.

For connection to the Internet, you can set up a NAT Gateway. After setting up the NAT gateway, you can use various methods for setting up inbound connections, such as VPN or bastion. If you don’t want to use a NAT gateway for any reason, you can also enable access to the Internet by configuring a web proxy, as outlined in this tutorial. This is an optional setup.

This is the fifteenth tutorial in the Install PeopleSoft Cloud Manager series. Read the tutorials in the order listed. The optional tutorials offer alternate methods for setup.

• Prepare to Install PeopleSoft Cloud Manager
• Verify Oracle Cloud Account Information for PeopleSoft Cloud Manager
• Plan the Virtual Cloud Network for PeopleSoft Cloud Manager (Optional)
• Create a Virtual Cloud Network for PeopleSoft Cloud Manager in the Oracle Cloud Infrastructure Console (Optional)
• Use Custom or Private Network Resources with PeopleSoft Cloud Manager (Optional)
• Create a Custom Linux Image for PeopleSoft Cloud Manager (Optional)
• Create a Custom Windows Image for PeopleSoft Cloud Manager in Oracle Cloud Infrastructure (Optional)
• Create Vault Resources for Password Management for PeopleSoft Cloud Manager
• Generate API Signing Keys for PeopleSoft Cloud Manager
• Install the PeopleSoft Cloud Manager Stack with Resource Manager
• Log in to the Cloud Manager Instance
• Specify Cloud Manager Settings
• Use File Storage Service for PeopleSoft Cloud Manager Repository
• Manage Cloud Manager Users, Roles, and Permission Lists
• Configure a Web Proxy for PeopleSoft Cloud Manager (Optional)
• Create a Load Balancer in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager Environments (Optional)
• Create Defined Tags in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager (Optional)
• Create Data Science Resources for Auto Scaling in PeopleSoft Cloud Manager (Optional)

What Do You Need?

• See the prerequisites in the tutorial Prepare to Install PeopleSoft Cloud Manager.
• Ensure that the security lists for the subnets allow the Cloud Manager instance VM to connect to the proxy port of the Web proxy.

Step 1: Enter the Web Proxy Details for the Cloud Manager Stack

1. Install and configure a Web proxy, and have the Web proxy host IP address or fully-qualified domain name (FQDN), and port number available.
2. Follow the steps in the tutorial Install the PeopleSoft Cloud Manager Stack in Resource Manager.

   On the Create Stack page, in the Networking section, add the Web proxy details. For example, for proxy host webproxy.example.com and proxy port 80, enter:

   webproxy.example.com:80

3. Complete the Cloud Manager installation.

Step 2: Obtain the Web Proxy Configuration Information

The Cloud Manager image includes a script that outputs the environment variables needed to configure connection to a web proxy.

1. Access the Cloud Manager instance VM with SSH, as described in the tutorial Log in to the Cloud Manager Instance.
2. Change to the directory /home/opc/bootstrap.

   $ cd /home/opc/bootstrap

3. Run proxy_vars.sh, and specify the Web proxy host name or IP address, and port.

   $ bash proxy_vars.sh <proxy host> <proxy port>

   For example, using proxy host webproxy.example.com and proxy port 80:

   $ bash proxy_vars.sh "webproxy.example.com" 80

4. The script outputs several variables that you must set, along with instructions on which files you must modify.
   

   Locate the section beginning with ~/.bashrc. Here is sample output for that section:

   ############## ~/.bashrc #################################################
   # Overwrite the value of variable _JAVA_OPTIONS
   # in the file  ~/.bashrc of psadm2 user after bootstrapping Cloud Manager
   # using the new value shown below. After saving the file, source it with . .bashrc
   # and then restart app server domain and process scheduler domain
   ###########################################################################
   
   export _JAVA_OPTIONS='-Djava.security.egd=file:/dev/./urandom -Dhttps.proxyHost=webproxy.example.com -Dhttps.proxyPort=80 -Dhttp.nonProxyHosts="127.0.0.1|localhost|10.0.2.3|cm-instance-infodev|cm-instance-infodev.subnet2.psftvcninfodev.oraclevcn.com|xxx.xxx.xxx.xxx"'
   

5. Make the changes suggested by the script, as outlined in the next section, for the file ~/.bashrc. The other changes in the script are not necessary.

Step 3: Complete the Web Proxy Configuration in the Cloud Manager Instance

1. Log in to the Cloud Manager instance VM with SSH, and change to the psadm2 user.

   sudo su - psadm2

2. Make a backup copy of /home/psadm2/.bashrc.
3. Open the /home/psadm2/.bashrc file for editing, for example using vi.
4. Comment out or delete the line beginning export _JAVA_OPTIONS and replace it with the value from the proxy_vars.sh output.
5. Save the file.
6. Source the file with this command (enter dot, space, and the file name .bashrc).
   

   $ . .bashrc

7. Exit the psadm2 session, and exit the SSH session for Cloud Manager.
8. Log on to a new SSH session, and change to the psadm2 user.
9. Restart the application server and Process Scheduler domains using the PeopleSoft PSADMIN utility.
   

   $ psadmin
   
   PSADMIN -- PeopleTools Release: 8.60.03
   Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
   
   --------------------------------
   PeopleSoft Server Administration
   --------------------------------
   
     PS_CFG_HOME            /opt/oracle/psft/home/psadm2/psft/pt/8.60
     PS_HOME                /opt/oracle/psft/pt/ps_home8.60.03
     PS_APP_HOME            /opt/oracle/psft/pt/ps_app_home
   
   
     1) Application Server
     2) Process Scheduler
     3) Web (PIA) Server
     4) Switch Config Home
     5) Replicate Config Home
     6) Refresh Config Home
     q) Quit
   
   
   Command to execute (1-6, q): q
   

   See PeopleTools: System and Server Administration, "Using the Application Server Administration Menu" and "Using the Process Scheduler Menu." See PeopleSoft PeopleTools on the Oracle Help Center, Online Help and PeopleBooks.

Step 4: Enable Internet Access to Oracle Cloud Infrastructure Services

The VM in which Cloud Manager is installed must have access to several Oracle Cloud Infrastructure services. Configure your web proxy to ensure access to the REST API endpoints listed in this section. All other sites will be blocked by default.

Some of these are based on the region of deployment, while others are independent of the region. The Oracle Cloud Infrastructure documentation lists the REST API endpoints for services by service name and region.

See API Reference and Endpoints in the Oracle Cloud Infrastructure documentation.

As an example, here are the REST API endpoints for the Ashburn region for services you need for Cloud Manager.

Oracle Cloud Infrastructure Service	REST API Endpoints for Ashburn Region
Core Services API (Networking, Compute, and Block Volume)	https://iaas.us-ashburn-1.oraclecloud.com
Database Service API	https://database.us-ashburn-1.oraclecloud.com
File Storage Service API (file systems and mount targets)	https://filestorage.us-ashburn-1.oraclecloud.com
Identity and Access Management Service API (users, groups, compartments and policies) *	https://identity.us-ashburn-1.oraclecloud.com
Object Storage Service API	https://objectstorage.us-ashburn-1.oraclecloud.com
Vault Secret Retrieval API	https://secrets.vaults.us-ashburn-1.oci.oraclecloud.com
Vault Secret Management API	https://vaults.us-ashburn-1.oci.oraclecloud.com
Vault Key Management API	https://kms.us-ashburn-1.oraclecloud.com

* If you are deploying in a region other than your home region, you also need the Identity and Access Management Service REST API endpoint for the home region.

You should also configure your web proxy to allow access to services that are deployed in Oracle Cloud Infrastructure. For one method, see IP Address Ranges in the Oracle Cloud Infrastructure documentation.

Step 5: Enable Internet Access to Yum Sites

Configure your web proxy to ensure access to the yum server for Linux updates. 

https://yum.oracle.com

For faster access, use one of the region-specific yum URLs; for example:

• US East (Ashburn) region — https://yum-ash.oracle.com
• US West (Phoenix) region — https://yum-phx.oracle.com
• Germany Central (Frankfurt) region — https://yum-fra.oracle.com
• United Kingdom (London) region — https://yum-lhr.oracle.com

For information about connecting to the appropriate yum server, see Getting Started, Connecting to Yum Mirrors in Oracle Cloud Infrastructure.

See Managing Software in Oracle Linux, Configuring a System to Use Oracle Linux Yum Server.

Step 6: Enable Internet Access to Other URLs

This section includes URLs for external sites. Configure your web proxy to ensure access to the URLs listed in this section.

• My Oracle Support — https://updates.oracle.com
• Terraform plugins — https://releases.hashicorp.com
• Terraform Registry — https://registry.terraform.io
• Python Packages — https://files.pythonhosted.org
• OCI Command Line Interface (CLI) — https://pypi.org/simple/oci/
• OAuth 2.0 authorization for My Oracle Support downloads — https://oauth-e.oracle.com

Next Steps

Create a Load Balancer in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager Environments (Optional)

Learn More

• PeopleSoft Cloud Manager Home Page, My Oracle Support, Doc ID 2231255.2
• Cumulative Feature Overview Tool (Click Generate a CFO report and select PeopleSoft Cloud Manager at the top.)
• Oracle Cloud Documentation in Oracle Help Center

---

Title and Copyright Information

Configure a Web Proxy for PeopleSoft Cloud Manager

F26262-10

January 2024

Copyright © 2024, Oracle and/or its affiliates. 

Use this optional procedure to configure a web proxy for access to external web sites.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.