- Administering Oracle SOA Cloud Service in a Customer-Managed Environment
- Create an Oracle SOA Cloud Service Instance
- Provision Oracle SOA Cloud Service Instances in Oracle Cloud Infrastructure
- Create an Oracle SOA Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
- Create the Required Resources in Oracle Cloud Infrastructure
Create the Required Resources in Oracle Cloud Infrastructure
Before creating an Oracle SOA Cloud Service instance attached to a private subnet, you must fulfill certain prerequisites, including creating the required identity, networking, and storage resources in Oracle Cloud Infrastructure.
- Generate an SSH key pair.
See Generating a Secure Shell (SSH) Public/Private Key Pair.
Note the path and name of the files that contain the private and public keys. You’ll need the keys later.
- Complete the following steps from the tutorial
Creating the Infrastructure Resources Required for Oracle Platform Services:
- Create a compartment.If you want to create the Oracle Cloud Infrastructure resources in an existing compartment, then skip this step.
- Create a virtual cloud network (VCN) in the compartment you created or identified. If you want to use an existing VCN, then skip this step.
- Create a policy to allow Oracle Cloud platform services to use the networking resources in the compartment that you created or identified. If the required policy exists for the compartment that you want to use, then skip this step.
- Create a bucket in the Object Storage service to store backup of your Oracle SOA Cloud
Service instance.
Note:
The user creating the bucket must be a user in Oracle Cloud Infrastructure Identity and Access Management (IAM), not a federated user.If you’d like to use a bucket that were created previously, then skip this step.
Note the name of the bucket. You’ll need them later while creating the service instance.
- Generate authentication tokens for the users who created the bucket.
If you have the required token already, then skip this step.
Note the authentication token value. You’ll need it later while creating the service instance.
- Create a compartment.
- In the VCN that you created or identified earlier, create the required networking resources:
- Create a service gateway.
The service gateway is required for the Oracle SOA Cloud Service instance to access the Object Storage service.
See Setting Up a Service Gateway in the Oracle Cloud Infrastructure documentation.
- Create an internet gateway.
The internet gateway enables communication between the public Internet and the bastion node.
See Working with Internet Gateways in the Oracle Cloud Infrastructure documentation.
- (Optional) Create a NAT gateway.
The NAT gateway is required for the node of the Oracle SOA Cloud Service instance to access the public Internet. Such access would be useful when (for example) you want to allow the nodes to access the Oracle Yum server to download additional packages or OS patches.
See Setting Up a NAT Gateway in the Oracle Cloud Infrastructure documentation.
- Create the following route table:
See Working with Route Tables in the Oracle Cloud Infrastructure documentation.
Route Tableroute.public
for the Public SubnetsRoute Rule Destination Target To route traffic bound for the public Internet through the internet gateway CIDR: 0.0.0.0/0 Internet gateway Route Tableroute.private
for the Private SubnetRoute Rule Destination Target To route traffic bound for the Object Storage service through the service gateway Service: OCI region Object Storage Service gateway (Optional) To route traffic bound for the public Internet through the NAT gateway CIDR: 0.0.0.0/0 NAT gateway - Create the following security lists:
See Working with Security Lists in the Oracle Cloud Infrastructure documentation.
Security Listseclist.bastion
for the Bastion SubnetSecurity Rule Source / Destination IP Protocol / Port (Ingress) To allow SSH connections to the bastion node Source CIDR: 0.0.0.0/0 SSH / 22 (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports Security Listseclist.lb
for the Load Balancer SubnetsSecurity Rule Source / Destination IP Protocol / Port (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All protocols / ports (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports Security Listseclist.private
for the Private SubnetSecurity Rule Source / Destination IP Protocol / Port (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All Protocols (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All Protocols - Create the following subnets:
See Working with VCNs and Subnets in the Oracle Cloud Infrastructure documentation.
Subnet Purpose ( Suggested Name
)Availability Domain Attributes For the bastion host ( subnet.bastion
)AD1 Example CIDRFoot 1: 10.0.1.0/24 Route table:
route.public
Subnet access: Public
Security list:
seclist.bastion
For the service instances ( subnet.private
)AD1 Example CIDR: 10.0.4.0/24 Route table:
route.private
Subnet access: Private
Security list:
seclist.private
Footnote 1 Assuming the VCN’s CIDR is 10.0.0.0/16
Note:
Make a note of the OCIDs of the subnets. You’ll need them later while creating the bastion host and the service instance.
- Create a service gateway.
- Create a compute instance and attach it to the public subnet that you created for the bastion host.
Through this node, administrators can access the administration console of the Oracle SOA Cloud Service instance, and they connect using
ssh
to the compute nodes of the service instance.See Creating an Instance in the Oracle Cloud Infrastructure documentation.
After creating the bastion compute instance, note its public IP address.