Create a Database

You must create a database in Oracle Cloud before you provision an Oracle Java Cloud Service instance.

As part of the Oracle Java Cloud Service instance creation process, Oracle Java Cloud Service provisions the required infrastructure schemas in the selected database.

Note:

To ensure that you can restore the database for an Oracle Java Cloud Service instance without risking data loss for other service instances, Oracle recommends that you do not associate the same infrastructure schema database (or the same pluggable database) with multiple service instances. Backups of a database that is used with multiple Oracle Java Cloud Service instances contain data for all the instances. Therefore, if you restore the database from a backup, data for all the service instances is restored, which might not be the intended result.

The supported database services in Oracle Cloud vary by region.

Region Type Infrastructure Schema Database Options
Oracle Cloud Infrastructure region (Not available on Oracle Cloud at Customer)
  • Oracle Cloud Infrastructure Database
  • Oracle Autonomous Transaction Processing
  • Oracle Database Cloud Service
Oracle Cloud Infrastructure Classic region
  • Oracle Database Cloud Service
  • Oracle Database Exadata Cloud Service

Topics:

Create an Oracle Autonomous Transaction Processing Database

If you want to create an Oracle Java Cloud Service instance on Oracle Cloud Infrastructure, you can create and associate an Oracle Autonomous Transaction Processing database with the service instance.

Oracle Autonomous Transaction Processing is fully-managed, offers high-performance, and is elastic. You have all of the performance of the Oracle Database in an environment that is tuned and optimized for transaction processing workloads.

You must create the Oracle Autonomous Transaction Processing database before you begin provisioning your Oracle Java Cloud Service instance.

You must create a policy in order for your Oracle Autonomous Transaction Processing database to be displayed in the Oracle Java Cloud Service web console.

  • Specify this policy if you created the database in a custom compartment:
    Allow service PSM to inspect autonomous-database in compartment compartment_name
  • Specify this policy if you created the database in the root compartment:
    Allow service PSM to inspect autonomous-database in tenancy

For information on creating policies, see Creating the Infrastructure Resources Required for Oracle Platform Services .

You cannot create an Oracle Java Cloud Service instance on a public subnet with a database that is configured with an access control list (ACL). You must temporarily remove the ACL from the database before creating the service instance. After creating the service instance, you can recreate the ACL, and add the public IP address of the service instance.

To create an Oracle Java Cloud Service instance on a private subnet with a database that is configured with an ACL, you must first do the following:

  • Create a route rule for the private subnet that directs traffic to the database through a service gateway.
  • Add the CIDR 240.0.0.0/4 to the database's ACL.

Oracle WebLogic Server 12c (12.2.1.3) is the only software release that's supported if you associate an Oracle Autonomous Transaction Processing database with your Oracle Java Cloud Service instance.

When you provision an Oracle Java Cloud Service instance by using the provisioning wizard, specify the following information:

  • Database Type: Oracle Autonomous Transaction Processing
  • Compartment where the Oracle Autonomous Transaction Processing database resides
  • PDB you created for the Oracle Autonomous Transaction Processing database
  • Administrator username is set automatically to ADMIN
  • Administrator's password

See the following topics in the Oracle Cloud Infrastructure documentation:

See the tutorial Tutorial iconProvisioning Autonomous Transaction Processing tutorial.

Create an Oracle Cloud Infrastructure Database

If you want to create an Oracle Java Cloud Service instance on Oracle Cloud Infrastructure, you can create and associate an Oracle Cloud Infrastructure Database with the service instance.

You can use the Oracle Cloud Infrastructure console to create an Exadata-based, VM-based, or Bare Metal-based database to associate with your Oracle Java Cloud Service instance. See Creating a Database in the Oracle Cloud Infrastructure documentation.

You can use the Oracle Java Cloud Service console to create an instance that uses an Exadata-based or VM-based database. You must use the REST API or CLI to create an instance that uses a Bare Metal-based database.

The Oracle Cloud Infrastructure Database must be in the same region and virtual cloud network (VCN) as the Oracle Java Cloud Service instance you are creating. The instances do not need to be on the same availability domain or subnet. However, you must create the necessary security rules in the VCN to enable communication between the subnets. See VCNs and Subnets in the Oracle Cloud Infrastructure documentation.

You must create a policy in order for your Oracle Cloud Infrastructure Database to be displayed in the Oracle Java Cloud Service web console.

  • Specify this policy if you created the database in a custom compartment:
    Allow service PSM to inspect database-family in compartment compartment_name
  • Specify this policy if you created the database in the root compartment:
    Allow service PSM to inspect database-family in tenancy

For information on creating policies, see Creating the Infrastructure Resources Required for Oracle Platform Services.

You can use an Oracle Cloud Infrastructure Database running Oracle Database12.2, but only for service instances running Oracle WebLogic Server 12.2.1 or later.

When you provision an Oracle Java Cloud Service instance by using the provisioning wizard, specify the following information:

  • Database Type: Oracle Cloud Infrastructure Database
  • Compartment where the Oracle Cloud Infrastructure Database resides
  • Database instance name
  • Pluggable database the service instance will connect to
  • Adminstrator user name is set automatically to SYS
  • Administrator's password

Create an Oracle Database Cloud Service Database Deployment

Prior to creating a custom Oracle Java Cloud Service instance, use your Oracle Database Cloud Service subscription to create a database deployment.

It is not necessary to create a database deployment prior to creating an Oracle Java Cloud Service instance from a QuickStart template. See Create an Oracle Java Cloud Service Instance by Using a QuickStart Template.

For information about subscribing to Oracle Database Cloud Service, provisioning database deployments, and using Oracle RAC database deployments, see Getting Started with Database Cloud Service in Administering Oracle Database Cloud Service.

You can optionally associate an Oracle Java Cloud Service instance with up to four additional Oracle Database Cloud Service deployments (or pluggable databases) in order to access your application schemas. This feature is not available for service instances that use the Oracle Java Cloud Service - Virtual Image (BASIC) service level.

Note the following limitations to service instances that use Oracle Database Cloud Service as the infrastructure schema database:

  • When creating an Oracle Java Cloud Service instance on a secondary Oracle Identity Cloud Service instance, you can't use an Oracle Database Cloud Service deployment for the infrastructure schema. Instead, you must use an Oracle Cloud Infrastructure Database or Oracle Autonomous Transaction Processing database. When creating an Oracle Java Cloud Service on the primary Oracle Identity Cloud Service instance, you can use an Oracle Database Cloud Service deployment for the infrastructure schema.

  • You cannot use an Oracle Database Cloud Service deployment running Oracle Database 18c.
  • You can use an Oracle Database Cloud Service deployment running Oracle Database 12.2, but only for service instances running Oracle WebLogic Server 12.2.1 or later.
  • Create Oracle Database Cloud Service deployments with a backup option other than NONE. This configuration enables Oracle Java Cloud Service to coordinate backups across your service instance and the database. Coordinated backups are not supported for other database services.
  • For service instances on Oracle Cloud Infrastructure, the Oracle Database Cloud Service deployment must be in the same region and virtual cloud network (VCN) as the Oracle Java Cloud Service instance. The instances do not need to be on the same availability domain or subnet.
  • For service instances on Oracle Cloud Infrastructure Classic, the Oracle Database Cloud Service deployment must be in the same region as the Oracle Java Cloud Service instance.

When you provision an Oracle Java Cloud Service instance by using the provisioning wizard, specify the following information:

  • Database Type: Oracle Database Cloud Service (Classic)
  • Name of a running database deployment

  • Pluggable database name (for Oracle Database 12c only)

  • Database administrator user name and password

  • Connection string to the database deployment (for Virtual Image service level only)

  • Application schemas (Optional)

Similar to Oracle Java Cloud Service, Oracle Database Cloud Service supports a standard service level and a Virtual Image service level. The following table summarizes the compatibility between these service levels.

Service Level Database Cloud Service Database Cloud Service—Virtual Image

Oracle Java Cloud Service

Supported

  • This service level must be used if you intend to use an Oracle Real Application Clusters (RAC) database. When creating the database deployment, make sure you select the database edition called Enterprise Edition - Extreme Performance.

  • When creating the database deployment, make sure you do not set the Backup Destination to None; instead you should select one of the other available backup options.

Not supported

Oracle Java Cloud Service—Virtual Image

Supported

Supported

After creating the database deployment, perform the tasks described in Use a Database Cloud Service - Virtual Image Database Deployment

Create a Custom Pluggable Database (PDB)

After you create an Oracle Database Cloud Service deployment, you can manually create a custom pluggable database (PDB) for that database deployment. You can then create an Oracle Java Cloud Service instance based on the custom PDB that you created, rather than on the default PDB.

Before You Begin Creating a Custom PDB

To create a custom PDB, you must first create an Oracle Database Cloud Service deployment.

See Create an Oracle Database Cloud Service Database Deployment.

Create the Custom PDB

After you create an Oracle Database Cloud Service deployment, create a custom PDB.

To create a custom PDB:

  1. SSH to the database's VM.
    ssh-i <private_key> opc@<database_VM_IP>
  2. Become oracle user.
    sudo su oracle
  3. Connect as root user and get the location of the data files.
    $sqlplus / as sysdba  
    SQL> selectfile_name from dba_data_files where tablespace_name = 'SYSTEM';
    FILE_NAME
    --------------------------------------------------------------------------------
    /u02/app/oracle/oradata/ORCL/system01.dbf
    
    SQL> exit
  4. Make a directory for the new PDB data files in /u02/app/oracle/oradata/ORCL.
    mkdir -p /u02/app/oracle/oradata/ORCL/PDB2
  5. Connect as root user again.
    $sqlplus / as sysdba
  6. Disable restricted session.
    SQL> alter system disable restricted session;
  7. Create PDB2 as clone of PDBSEED.
    SQL> create pluggable database pdb2 admin user pdb2admin identified by Welcome_1  roles = (DBA)
    >FILE_NAME_CONVERT=('/u02/app/oracle/oradata/ORCL/pdbseed/', '/u02/app/oracle/oradata/ORCL/PDB2/');
    create pluggable database pdb2 admin user pdb2admin identified by Welcome_1 roles = (DBA)FILE_NAME_CONVERT=('/u02/app/oracle/oradata/ORCL/pdbseed/', '/u02/app/oracle/oradata/ORCL/PDB2/')
    *
    ERROR at line1:ORA-65005:
    missing or invalid filename pattern for file-
    /u04/app/oracle/oradata/temp/pdbseed_temp012017-04-25_03-33-20-PM.dbf
  8. From error message in the previous step, get the temp file name and use it in file_name_convert.
    SQL> create pluggable database pdb2 admin user pdb2admin identified by Welcome_1  roles = (DBA)
    > FILE_NAME_CONVERT=('/u02/app/oracle/oradata/ORCL/pdbseed/', '/u02/app/oracle/oradata/ORCL/PDB2/',
    > '/u04/app/oracle/oradata/temp/pdbseed_temp012017-04-25_03-33-20-PM.dbf', '/u04/app/oracle/oradata/temp/pdb2_temp.dbf');  
    
    Pluggable database created.  
    SQL> show pdbs;
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ------------------------------ ---------- ----------         
            2  PDB$SEED                       READ ONLY  NO
            3  PDB1                           READ ONLY  NO 
            4  PDB2                           MOUNTED
  9. Open the new PDB in READ WRITE mode.
    SQL> alter pluggable database pdb2 open;
    Pluggable database altered.
    SQL> show pdbs;
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ------------------------------ ---------- ----------
             2 PDB$SEED                       READ ONLY  NO
             3 PDB1                           READ ONLY  NO
             4 PDB2                           READ WRITE NO
  10. Test the connection with new PDB2.
    SQL> connect sys/Welcome_1@localhost:1521/pdb2.opcwlaasqa.oraclecloud.internal as sysdba
    Connected.
    SQL> show pdbs
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ------------------------------ ---------- ----------
             4 PDB2                           READ WRITE NO

Change the Database Wallet Type

Change the container database wallet type from AUTO_LOGIN to PASSWORD.

The encryption wallet keystore is of type AUTO_LOGIN instead of PASSWORD in the CDB. This is the default state after Oracle Database Cloud Service deployment provisioning. In order to be able to open the keystore in the new PDB and generate the master encryption key for that PDB, you must change the wallet type to PASSWORD in the container.

Note that the encryption wallet is located at: /u01/app/oracle/admin/ORCL/tde_wallet. Check the sqlnet.ora file located in the $ORACLE_HOME/network/admin path.

From sqlnet.ora:

ENCRYPTION_WALLET_LOCATION = (SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ORCL/tde_wallet)))

Use the following script to change the database wallet type.

# Remove the auto-open wallet cwallet.sso physically:
$ cd/u01/app/oracle/admin/ORCL/tde_wallet
$ mv cwallet.sso cwallet.sso.bkp
  
$ sqlplus / as sysdba
SQL> select* from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS                         WALLET_TYPE          WALLET_OR FULLY_BAC CON_ID
------------------------------ -------------------- --------- --------- ----------
FILE
/u01/app/oracle/admin/ORCL/tde_wallet/
OPEN                            AUTOLOGIN            SINGLE    NO        0
 
 
SQL> alter system set wallet close;
# If the preceeding command does not work, 
# try closing wallet by specifying sys user password 
# with the following command:
SQL> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "MyPassword_1";
  
# This will close the removed auto-open wallet in the database, 
# then open the password based wallet and retry the original Set Key statement:
SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE FROM V$ENCRYPTION_WALLET;
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS                         WALLET_TYPE
------------------------------ --------------------
/u01/app/oracle/admin/ORCL/tde_wallet/
CLOSED                         UNKNOWN

SQL> administer key management set keystore openidentified by "Welcome_1";
keystore altered.
SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE FROM V$ENCRYPTION_WALLET;
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS                         WALLET_TYPE
------------------------------ --------------------
/u01/app/oracle/admin/ORCL/tde_wallet/
OPEN                           PASSWORD

Configure TDE on the New PDB

After you have changed the database wallet type, you can configure Oracle Transparent Data Encryption (TDE) on the new PDB.

To configure TDE on the new PDB:
  1. Connect to PDB2.
    SQL> alter session set container=PDB2; 
    Pluggable database altered.
  2. Open the keystore in that PDB and generate master encryption key for the PDB.
    SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE FROM V$ENCRYPTION_WALLET; 
    WRL_PARAMETER
    -------------------------------------------------------------------------------- 
    STATUS WALLET_TYPE  
    ------ -----------
    /u01/app/oracle/admin/ORCL/tde_wallet/ 
    CLOSED UNKNOWN
    
    SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "Welcome_1";
    keystore altered. 
    SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "Welcome_1" with backup; 
    keystore altered. 
    SQL> SELECT WRL_PARAMETER, STATUS, WALLET_TYPE FROM V$ENCRYPTION_WALLET; 
    WRL_PARAMETER
    -------------------------------------------------------------------------------- 
    STATUS WALLET_TYPE 
    ------ -----------
    /u01/app/oracle/admin/ORCL/tde_wallet/ 
    OPEN   PASSWORD
  3. Create encrypted tablespace.
    SQL> create tablespace enc128_ts 
    datafile '/u02/app/oracle/oradata/ORCL/PDB2/Test_encrption.dbf' 
    size 1M autoextend on next 1M
    encryption using 'AES128' 
    default storage (encrypt);
  4. Verify the new tablespace is encrypted.
    SQL> select tablespace_name , encrypted from dba_tablespaces;
    TABLESPACE_NAME ENC 
    ------------------------------ — 
    SYSTEM NO 
    SYSAUX NO 
    TEMP NO 
    ENC128_TS YES
    
    SQL> exit
  5. Verify that the new pdb2.<network_domain> service is up.
    [oracle@<user_name> opc]$ lsnrctl status
    LSNRCTL for Linux: Version 12.1.0.2.0 - Production on 07-NOV-2017 19:00:39 
    Copyright (c)1991, 2017, Oracle. All rights reserved. 
    Connecting to(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<host_name>)(PORT=1521)))
    STATUS of the LISTENER 
    ------------------------ 
    Alias LISTENER 
    Version TNSLSNR for Linux: Version 12.1.0.2.0 - Production 
    Start Date 06-NOV-2017 17:56:44 
    Uptime 1 days 1 hr. 3 min. 55 sec 
    Trace Level off Security ON: Local OS Authentication
    SNMP OFF Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora 
    Listener Log File /u01/app/oracle/diag/tnslsnr/<user_name>/listener/alert/log.xml 
    Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<host_name>)(PORT=1521)))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<host_name>)(PORT=5500))(Security=(my_wallet_directory=/u01/app/oracle/admin/ORCL/xdb_wallet))(Presentation=HTTP)(Session=RAW))
    Services Summary... Service "<service_name>" has 1 instance(s).  
    Instance "ORCL", status READY, has 1 handler(s) for this service...
    Service "<service_name>" has 1 instance(s).  
    Instance "ORCL", status READY, has 1 handler(s) for this service... 
    Service "pdb1.<network_domain>" has 1 instance(s).  
    Instance "ORCL", status READY, has 1 handler(s) for this service... 
    Service "pdb2.<network_domain>" has 1 instance(s).  
    Instance "ORCL", status READY, has 1 handler(s) for this service... 
    The command completed successfully
You can now specify your custom PDB when you use the Oracle Java Cloud Service console or the REST API to provision an Oracle Java Cloud Service instance.

Use a Database Cloud Service - Virtual Image Database Deployment

In order to use a Oracle Database Cloud Service - Virtual Image database deployment when creating an Oracle Java Cloud Service - Virtual Image instance, you must set up the Oracle Database Cloud Service environment appropriately. Otherwise, Oracle Java Cloud Service instance provisioning fails.

Note:

This topic is not relevant to Oracle Cloud Infrastructure regions.

This task requires the use of a Secure Shell (SSH).

Before attempting the following procedure, you must first create a Oracle Database Cloud Service—Virtual Image database deployment.
To set up the database environment:
  1. Use a secure shell (SSH) tool to access a compute node associated with your Oracle Database Cloud Service - Virtual Image database deployment. Log in as the user oracle.
  2. Edit the .bashrc file and add the following entries:

    For 12.2 databases:

    export ORACLE_HOME="/u01/app/oracle/product/12.2.0/dbhome_1"
    export PATH="$ORACLE_HOME/bin:$PATH"

    For 12.1 databases:

    export ORACLE_HOME="/u01/app/oracle/product/12.1.0/dbhome_1"
    export PATH="$ORACLE_HOME/bin:$PATH"

    For 11.2 databases:

    export ORACLE_HOME="/u01/app/oracle/product/11.2.0/dbhome_1"
    export PATH="$ORACLE_HOME/bin:$PATH"
    These are the default values for ORACLE-HOME. If you set a different ORACLE_HOME when you created the database, use that.

    Note:

    Ensure that you add these entries to the .bashrc file, not the bash_profile file.
  3. Ensure that your user has SYSDBA administrator privileges.
  4. Do not set the $ORACLE_SID=ORCL variable in the .bashrc file.

    If ORACLE_SID is set, unset it:

    $ unset ORACLE_SID
  5. Exit your SSH session, then start a new SSH session as user oracle.
  6. Enter the following sqlplus command:
    sqlplus sys/SYS_Password@"DB_Host_Name:port/pdb1" as sysdba

    Where:

    SYS_Password—Password for the SYS administrator

    DB_Host_Name—Name of your Oracle Database Cloud Service - Virtual Image database deployment

    port—Use port 1521

  7. Configure tablespace encryption:
    1. If using an Oracle 12c database, switch to the container database (CDB):
      SQL> ALTER SESSION SET CONTAINER = CDB$ROOT;
    2. Change the tablespace encryption system parameter:
      SQL> ALTER SYSTEM SET ENCRYPT_NEW_TABLESPACES=DDL SCOPE=BOTH;
  8. Exit your SQL*Plus session:
    SQL> EXIT
  9. Exit your SSH session.

You can now successfully create an Oracle Java Cloud Service - Virtual Image instance using the Oracle Database Cloud Service - Virtual Image database deployment.

Use an Oracle Cloud Infrastructure Database on a Different Virtual Cloud Network

If you want to connect an Oracle Java Cloud Service instance to an Oracle Cloud Infrastructure Database in the same region but in a different Virtual Cloud Network (VCN), then you must configure VCN peering in Oracle Cloud Infrastructure.

As shown in the following illustration, the networking configuration consists of:

  • A VCN with a public subnet for the Oracle Java Cloud Service instance and a custom DNS resolver
  • A VCN with two public subnets, one for the Oracle Cloud Infrastructure Database instance and the other for a custom DNS resolver
  • Two local peering gateways (LPGs)
Description of jcs_oci_database_configuration.png follows
Description of the illustration jcs_oci_database_configuration.png

You must also create these supporting network resources: internet gateways, route table rules, security lists, and dynamic host configuration protocol (DHCP) resources. The VCNs and their resources must be in the same compartment.

If instead of public subnets, you want to use private subnets for the service instance and database, you must create these additional network resources:

  • A bastion compute instance on a public subnet so that you can access the private subnet with a secure shell (SSH)
  • A NAT gateway so that you can download and install OS packages on the custom DNS resolver
  • A service gateway so that the Oracle Java Cloud Service instance can access object storage for backup and restoration (not applicable to the database VCN)

See Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure.

To configure the network topology shown in the illustration:

  1. Create two VCNs with non-overlapping Classless Inter-Domain Routing (CIDR) in the same region.

    See VCNs and Subnets. You will add subnets to these VCNs later.

  2. Create or edit the following resources in each VCN.
    1. Create a local peering gateway to allow communication between the resources by using private IP addresses.
    2. Create an internet gateway to enable direct connectivity to the internet.
    3. Edit the default route table and add a route table rule to enable traffic to flow via the internet gateway. Ensure you select Internet Gateway in the Target Type and set the destination to 0.0.0.0/0.
    4. Edit the default security list and create the following ingress and egress rules to control the traffic for your VCN.

      Table 1-1 Security list rules

      Rule Type Source Type Source CIDR IP Protocol Source Port Range Destination Port Type and Code
      Ingress CIDR <JCS_VCN_CIDR> UDP All 53 (DNS port) -
      Ingress CIDR <Database_VCN_CIDR> UDP All 53 (DNS port) -
      Ingress CIDR 0.0.0.0/0 TCP All 22 (SSH port) -
      Ingress CIDR 0.0.0.0/0 ICMP - - 3
      Egress CIDR 0.0.0.0/0 TCP All All -

      See Security Lists.

  3. Go to the Oracle Java Cloud Service LPG, click Establish Connection and select the Oracle Cloud Infrastructure Database VCN.
  4. To enable traffic to flow between the LPGs, create and configure the following resources in each VCN.
    1. Route Rules: In the default route table, create a route table rule. Select the Local Peering Gateway target type, set the destination to the CIDR of the VCN you peered, and select the LPG you created earlier.
    2. Subnets: Create a public subnet for your VCN using the security list you created earlier. Ensure that the VCN is assigned to a DHCP option whose DNS Type is INTERNET AND VCN RESOLVER.
    3. Compute: Create two compute instances, one using the public subnet you created in the Oracle Java Cloud Service VCN, and the other using the public subnet you created in the Oracle Cloud Infrastructure Database VCN. Select the latest Oracle Linux 7.6 image and write down the provisioned public and private IP address of both custom DNS resolvers. For each compute instance, you must run the following commands.
      1. To open an SSH connection, run the following command and replace the <private_key> and <public_IP_address> placeholders with your own values.
        $ ssh -i <private_key> opc@<public_IP_address>
      2. Switch to the root user.
        $ sudo su
      3. Install the BIND tool.
        $ yum install bind
      4. To allow DNS traffic, open the UDP port 53 on local firewall by running the following commands.
        $ firewall-cmd --permanent --add-port=53/udp
        $ firewall-cmd --permanent --add-port=53/tcp
        $ /bin/systemctl restart firewalld  
      5. Edit the /etc/named.conf file.
        $ vi /etc/named.conf
      6. Replace the <db_vcn_cidr>, <jcs_vcn_cidr>, <dbvcn_dns_domain_name>, <private_IP_address>, and <jcsvcn_dns_domain_name> placeholders with your own values.

        Example of the /etc/named.conf file in the Oracle Java Cloud Service DNS.

        options {
                listen-on port 53 { any; };
                allow-query    { localhost; <db_vcn_cidr>; <jcs_vcn_cidr>; };
                forward        only;
                forwarders     { 169.254.169.254; };
                recursion yes;
        };
        zone "<dbvcn_dns_domain_name>" {
                type       forward;
                forward    only;
                forwarders { <private_IP_address>; };
        };
        zone "<jcsvcn_dns_domain_name>" {
                type       forward;
                forward    only;
                forwarders { 169.254.169.254; };
        };

        Example of the /etc/named.conf file in the Oracle Cloud Infrastructure Database DNS.

        options {
                listen-on port 53 { any; };
                allow-query    { localhost; <db_vcn_cidr>; <jcs_vcn_cidr; };
                forward        only;
                forwarders     { 169.254.169.254; };
                recursion yes;
        };
        zone "<jcsvcn_dns_domain_name>" {
                type       forward;
                forward    only;
                forwarders { <private_IP_address>; };
        };
        zone "<dbvcn_dns_domain_name>" {
                type       forward;
                forward    only;
                forwarders { 169.254.169.254; };
        };
      7. Restart the service.
        $ service named restart
    4. DHCP Options: Create a DHCP option whose DNS Type is CUSTOM RESOLVER. Specify the private IP address of the DNS on the compute instance in your VCN and 169.254.169.254 as DNS Servers.
    5. Associate the public subnet with the DHCP option you created.
  5. Create a public subnet in the Oracle Cloud Infrastructure Database VCN. Ensure that your Oracle Cloud Infrastructure Database public subnet is associated with a DHCP option whose DNS Type is INTERNET AND VCN RESOLVER.
After you create, configure, and peer your VCNs: