Create the Required Resources in Oracle Cloud Infrastructure

Before creating an Oracle SOA Cloud Service instance attached to a private subnet, you must fulfill certain prerequisites, including creating the required identity, networking, and storage resources in Oracle Cloud Infrastructure.

  1. Generate an SSH key pair.

    See Generating a Secure Shell (SSH) Public/Private Key Pair.

    Note the path and name of the files that contain the private and public keys. You’ll need the keys later.

  2. Complete the following steps from the tutorial Tutorial icon Creating the Infrastructure Resources Required for Oracle Platform Services:
    1. Create a compartment.
      If you want to create the Oracle Cloud Infrastructure resources in an existing compartment, then skip this step.
    2. Create a virtual cloud network (VCN) in the compartment you created or identified.
      If you want to use an existing VCN, then skip this step.
    3. Create a policy to allow Oracle Cloud platform services to use the networking resources in the compartment that you created or identified.
      If the required policy exists for the compartment that you want to use, then skip this step.
    4. Create a bucket in the Object Storage service to store backup of your Oracle SOA Cloud Service instance.

      Note:

      The user creating the bucket must be a user in Oracle Cloud Infrastructure Identity and Access Management (IAM), not a federated user.

      If you’d like to use a bucket that were created previously, then skip this step.

      Note the name of the bucket. You’ll need them later while creating the service instance.

    5. Generate authentication tokens for the users who created the bucket.

      If you have the required token already, then skip this step.

      Note the authentication token value. You’ll need it later while creating the service instance.

  3. In the VCN that you created or identified earlier, create the required networking resources:
    1. Create a service gateway.

      The service gateway is required for the Oracle SOA Cloud Service instance to access the Object Storage service.

      See Setting Up a Service Gateway in the Oracle Cloud Infrastructure documentation.

    2. Create an internet gateway.

      The internet gateway enables communication between the public Internet and the bastion node.

      See Working with Internet Gateways in the Oracle Cloud Infrastructure documentation.

    3. (Optional) Create a NAT gateway.

      The NAT gateway is required for the node of the Oracle SOA Cloud Service instance to access the public Internet. Such access would be useful when (for example) you want to allow the nodes to access the Oracle Yum server to download additional packages or OS patches.

      See Setting Up a NAT Gateway in the Oracle Cloud Infrastructure documentation.

    4. Create the following route table:

      See Working with Route Tables in the Oracle Cloud Infrastructure documentation.

      Route Table route.public for the Public Subnets
      Route Rule Destination Target
      To route traffic bound for the public Internet through the internet gateway CIDR: 0.0.0.0/0 Internet gateway
      Route Table route.private for the Private Subnet
      Route Rule Destination Target
      To route traffic bound for the Object Storage service through the service gateway Service: OCI region Object Storage Service gateway
      (Optional) To route traffic bound for the public Internet through the NAT gateway CIDR: 0.0.0.0/0 NAT gateway
    5. Create the following security lists:

      See Working with Security Lists in the Oracle Cloud Infrastructure documentation.

      Security List seclist.bastion for the Bastion Subnet
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow SSH connections to the bastion node Source CIDR: 0.0.0.0/0 SSH / 22
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports
      Security List seclist.lb for the Load Balancer Subnets
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All protocols / ports
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports
      Security List seclist.private for the Private Subnet
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All Protocols
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All Protocols
    6. Create the following subnets:

      See Working with VCNs and Subnets in the Oracle Cloud Infrastructure documentation.

      Subnet Purpose (Suggested Name) Availability Domain Attributes
      For the bastion host (subnet.bastion) AD1 Example CIDRFoot 1: 10.0.1.0/24

      Route table: route.public

      Subnet access: Public

      Security list: seclist.bastion

      For the service instances (subnet.private) AD1 Example CIDR: 10.0.4.0/24

      Route table: route.private

      Subnet access: Private

      Security list: seclist.private

      Footnote 1 Assuming the VCN’s CIDR is 10.0.0.0/16

      Note:

      Make a note of the OCIDs of the subnets. You’ll need them later while creating the bastion host and the service instance.
  4. Create a compute instance and attach it to the public subnet that you created for the bastion host.

    Through this node, administrators can access the administration console of the Oracle SOA Cloud Service instance, and they connect using ssh to the compute nodes of the service instance.

    See Creating an Instance in the Oracle Cloud Infrastructure documentation.

    After creating the bastion compute instance, note its public IP address.

You’ve created the required resources in Oracle Cloud Infrastructure. You can now create the Oracle SOA Cloud Service instance.