Oracle by Example brandingCreate a JRF-Enabled Domain Using Oracle WebLogic Server for Oracle Cloud Infrastructure and an Autonomous Database

section 0Before You Begin

This 60-minute tutorial shows you how to use Oracle Cloud Infrastructure Marketplace and an autonomous database to provision an Oracle WebLogic Server domain and cluster that includes Java Required Files (JRF) components. The tutorial also shows you how to create a Java Database Connectivity (JDBC) custom data source for the autonomous database.

Background

You can use Oracle WebLogic Server for Oracle Cloud Infrastructure applications in the Oracle Cloud Infrastructure Marketplace to provision a cluster of WebLogic Server nodes. The first node hosts the administration server for the domain along with the first managed server. This service can also provision a load balancer to distribute application traffic across the servers in your cluster. Marketplace uses Oracle Resource Manager to provision the network, compute instances, and load balancer as a single unit called a stack.

Oracle Cloud Infrastructure Marketplace offers separate services for:

  • Oracle WebLogic Server Standard Edition
  • Oracle WebLogic Server Enterprise Edition - includes clustering
  • Oracle WebLogic Suite - includes Oracle Coherence for increased performance and scalability, and Active Gridlink for RAC for advanced database connectivity

This tutorial uses Oracle WebLogic Server for Oracle Cloud Infrastructure to create a virtual cloud network (VCN) and subnets in Oracle Cloud Infrastructure to support WebLogic Server Enterprise Edition or WebLogic Server Suite, and the load balancer. But you can also use an existing VCN and existing subnets if desired. By default the WebLogic Server subnet is public and accessible from external clients, but Oracle WebLogic Server for Oracle Cloud Infrastructure can also provision WebLogic Server in a private subnet.

This tutorial creates a WebLogic Server JRF-enabled domain that includes the Java Required Files components for building applications with Oracle Application Development Framework (ADF). An existing Oracle Cloud Infrastructure DB System or Oracle Autonomous Transaction Processing (ATP) database is required in order to provision a JRF-enabled domain. This tutorial uses an ATP database.

Oracle WebLogic Server for Oracle Cloud Infrastructure requires Oracle Cloud Infrastructure Key Management in order to encrypt and decrypt passwords. This tutorial uses a standard vault, which is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy. See Service Limits and Oracle Cloud Infrastructure Key Management FAQ.

What Do You Need?

  • Your Oracle Cloud Infrastructure user name and password.
  • An Oracle Cloud Infrastructure compartment. See Managing Compartments.
  • An Oracle Cloud Infrastructure policy that enables you to work with or create these resources in the selected compartment:
    • Marketplace applications
    • Resource Manager stacks and jobs
    • Key Management vaults and keys
    • Compute instances, networks, load balancers, and ATP databases

    See Common Policies. For a sample policy, download the text file.

  • A policy that enables you to use Cloud Shell.

    Alternatively, you can install the Oracle Cloud Infrastructure command line interface (CLI) on a machine of your choice. See CLI Quickstart.

  • Administrators can create dynamic groups and policies. If you're not an administrator, there must also be a policy that allows your user group to create dynamic groups at the tenancy level, and manage policies at the compartment level. For a sample policy, download the text file.
  • An SSH public key and corresponding private key.
  • A serverless autonomous database instance with a workload type of Transaction Processing. See Creating an Autonomous Database. Copy the OCID value of the autonomous database after it's created.
  • The ATP database must allow the WebLogic Server compute instances to access the database listen port (1521 by default). Update the access control list (ACL), if necessary. See Security Tools for Serverless Deployments.
  • (Optional) A user other than ADMIN in the Autonomous Transaction Processing database. See Create Users with Autonomous Transaction Processing.

section 1Create a Dynamic Group

  1. Sign in to the Oracle Cloud Infrastructure console.
  2. Click the navigation menu Menu icon, select Identity, and then click Compartments.
  3. For the compartment that you plan to use, click the truncated value in the OCID column, then click Copy to copy the OCID.
  4. Click Dynamic Groups.
  5. Click Create Dynamic Group.
  6. For Name, enter AllInstances.
  7. For Description, enter this text:

    Required for provisioning WebLogic Server for Oracle Cloud Infrastructure

  8. For Rule 1, enter this text:

    instance.compartment.id = 'Compartment_OCID'

    All compute instances in this compartment are members of this group.

  9. Click Create Dynamic Group.

section 2Create a Policy for the Dynamic Group

During provisioning, the compute instances created by Oracle WebLogic Server for Oracle Cloud Infrastructure require access to the Key Management service as well as the ATP database wallet.

  1. Click Policies.
  2. Select your Compartment, if not already selected.
  3. Click Create Policy.
  4. For Name, enter WebLogicCloudPolicy.
  5. For Description, enter this text:

    Required for provisioning WebLogic Server for Oracle Cloud Infrastructure

  6. For Statement, enter this text:

    Allow dynamic-group AllInstances to use keys in compartment Compartment_Name

  7. Click Add, then enter the following text for the second statement:

    Allow dynamic-group AllInstances to manage autonomous-transaction-processing-family in compartment Compartment_Name

  8. Click Create.

section 3Create a Vault and a Key

  1. Click the navigation menu Menu icon, select Security, and then click Key Management.
  2. Select your Compartment, if not already selected.
  3. Click Create Vault.
  4. For Name, enter WebLogicCloudVault.
  5. Click Create.
  6. Click the new vault.
  7. Copy the Cryptographic Endpoint.
  8. Click Keys, and then click Create Key.
  9. For Name, enter WebLogicCloudKey.
  10. Click Create Key.
  11. Click the new key.
  12. Copy the OCID for the key.

    Note: Oracle WebLogic Server for Oracle Cloud Infrastructure uses the same key to decrypt all passwords for a single domain.


section 4Encrypt Your WebLogic and Database Passwords

  1. From the top of the console, click Cloud Shell Cloud Shell icon.

    Alternatively, access the machine on which you installed the Oracle Cloud Infrastructure CLI.

  2. Convert the WebLogic Server administrator password that you want to use for the domain to a base64 encoding.

    For example, from Cloud Shell or a Linux machine, use this command:

    echo -n 'WebLogic_Password' | base64

  3. Run the encrypt command using the CLI. Provide the following parameters:
    • The key's OCID
    • The vault's cryptographic endpoint
    • The base64-encoded password

    oci kms crypto encrypt --key-id Key_OCID --endpoint Crypto_Endpoint --plaintext Base64_WebLogic_Password

  4. From the output, copy the encrypted password text.

    "ciphertext": "Encrypted_Password"

  5. Repeat step 2 to obtain the base64-encoded password for the password of the ADMIN user to access the ATP database you intend to use.
  6. Then repeat steps 3 and 4 to encrypt and obtain the encrypted password text for the ADMIN user.

section 5Create a Stack that Uses the ATP Database

  1. Return to the Oracle Cloud Infrastructure console.
  2. Click the navigation menu Menu icon, and then click Marketplace.
  3. Click one of the following applications:
    • Oracle WebLogic Server Enterprise Edition BYOL
    • Oracle WebLogic Server Enterprise Edition UCM
    • Oracle WebLogic Suite BYOL
    • Oracle WebLogic Suite UCM

    Note: Do not select Standard Edition because this tutorial uses managed servers in a cluster.

  4. Select a WLS 12c version.

    WLS 11g is not supported with Oracle Autonomous Transaction Processing.

  5. Select the Compartment in which to create the stack.
  6. Select the Terms of Use check box, and then click Launch Stack.

    The Stack Information page displays.

  7. For Name, enter MyJRFWLStack.
  8. Click Next.

    The Configure Variables page displays.

  9. For Resource Name Prefix, enter MyJRFWLS.
  10. For WebLogic Server Shape, select the shape of the compute instances.

    See Compute Shapes.

  11. For SSH Public Key, paste the contents of your SSH public key file.

    After creating the stack, you can connect to the WebLogic Server compute instances by using an SSH client and the corresponding private key.

  12. For WebLogic Server Availability Domain, select the availability domain in which to create the compute instances.
  13. For WebLogic Server Node Count, select 2.
  14. For WebLogic Server Admin User Name, enter the administrator user name for the new WebLogic Server domain.
  15. For WebLogic Server Admin Password, enter the encrypted (not plain text) password.
  16. For Virtual Cloud Network Strategy, select Create New VCN.

    Note: Because you're creating a new network and in the same compartment as the compute instances, you don't need to select a Network Compartment.

  17. For WebLogic Server Network, enter MyJRFWLStackNetwork.
  18. For Subnet Strategy, select Create New Subnet, and select Use Public Subnet and Regional Subnet for the subnet type and span, respectively.
  19. Click Provision Load Balancer.

    For this tutorial, do not select Prepare the Load Balancer for HTTPS.

  20. For Database Strategy, select Autonomous Transaction Processing Database.
  21. Select the Autonomous DB System Compartment that contains your ATP database.
  22. Select the Autonomous Database in which to provision the JRF schemas for the stack.
  23. For Autonomous Database Admin Password, enter the encrypted (not plain text) password for the ADMIN user in the database you selected.
  24. For Key Management Service Key ID, enter the OCID of the key that you used to encrypt the WebLogic Server and database administrator passwords.
  25. For Key Management Service Endpoint, enter the cryptographic endpoint of the vault that contains your key.
  26. Click Next to verify your configuration variables.
  27. Click Create.

    The Job Details page of your stack is displayed in Resource Manager.

    An Apply job is started to provision your stack. To return to this page at a later time, click the navigation menu Menu icon, select Resource Manager, and then click Jobs.

  28. Periodically monitor the progress of the Apply job until it is finished.

    If an email address is associated with your user profile, you will receive an email notification.

  29. If the job is in the Failed state, click the job name to view the logs.

section 6Access the WebLogic and Fusion Middleware Consoles

  1. From the Job Details page, click Associated Resources.
  2. Click MyJRFWLS-wls-0. This is the compute instance of the first node.
  3. Take note of the Public IP Address for this compute instance.
  4. Browse to the following URL:

    http://wls_public_ip:7001/console

    The WebLogic Server Administration Console is displayed.

  5. Enter the administrator credentials for the domain.
  6. In the Domain Structure panel on the left, note the domain name, MyJRFWLS_domain.
  7. Click Deployments, then click Next to browse the table.

    Various libraries, modules, and components are installed for a JRF-enabled domain.

    The application sample-app application is also deployed.

  8. Log out from the WebLogic Console.
  9. Browse to the following URL, then enter the administrator credentials for the domain:

    http://wls_public_ip:7001/em

    The Fusion Middleware Control Console is displayed.

  10. Click Deployments. Verify the sample-app application is deployed to the target MyJRFWLS_cluster.
  11. Log out from the Fusion Middleware Control Console.
  12. Return to the Oracle Cloud Infrastructure console.
  13. Click the navigation menu Menu icon, select Networking, and then click Load Balancers.
  14. Click MyJRFWLS-lb. This is the load balancer instance.
  15. Identify the IP Address for this load balancer.
  16. Browse to the following URL:

    http://lb_public_ip/sample-app

    The sample application is displayed.

  17. Return to the load balancer in the Oracle Cloud Infrastructure console.
  18. Click the Virtual Cloud Network link, MyJRFWLS-MyJRFWLStackNetwork.
  19. Identify the subnets that were created for your stack.

section 7Download the ATP Wallet

Oracle WebLogic Server for Oracle Cloud Infrastructure provides a download utility script in /opt/scripts/utils/ to download an ATP database wallet. You'll need to provide the OCID of the ATP database you used to create the stack.

  1. Return to the Job Details page of your stack, and click Associated Resources.

    There are two compute instance links in the table, MyJRFWLS-wls-0 and MyJRFWLS-wls-1.

  2. Click each instance link to navigate to the Instance Details page and look up the Public IP Address for the node.
  3. Open an SSH connection to the first node as the opc user.

    Tip: You can create an SSH connection from Cloud Shell if you download your private key.

    ssh -i <path_to_private_key> opc@<first_node_public_ip>

  4. Change to the oracle user.

    sudo su oracle

  5. Run the script download_atp_wallet.sh by providing the following parameters:
    • The OCID of your ATP database. For example: ocid1.autonomousdatabase.oc1.iad.abcxyz
    • A password for the ATP wallet. This must be at least 8 characters long, and includes at least 1 letter and either 1 numeric character or 1 special character.
    • The path to save the extracted ATP wallet files. This tutorial uses the existing path /u01/data/domains/<domain_name>/config/atp, which is created for domains that use ATP databases.

    The command is:

    /opt/scripts/utils/download_atp_wallet.sh <atp_database_ocid> <atp_wallet_password> <path_to_extract_wallet_files>

    For example:

    /opt/scripts/utils/download_atp_wallet.sh ocid1.autonomousdatabase.oc1.iad.abcxyz password /u01/data/domains/MyJRFWLS_domain/config/atp

    The download script unpacks and copies the ATP wallet contents to the node in the path you provided. Your script output should look similar to the following:

    <Sep 17, 2019 08:46:13 PM GMT> <INFO> <oci_api_utils> <(host:MyJRFWLS-wls-0.subnet-name.vcn-name.oraclevcn.com) - <WLSC-VM-INFO-001> ATP Wallet downloaded>
    Archive:  /tmp/atp_wallet.zip
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/cwallet.sso
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/tnsnames.ora
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/truststore.jks
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ojdbc.properties
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/sqlnet.ora
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ewallet.p12
      inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/keystore.jks
  6. Repeat steps 3 to 5 on the second node.

    Because the data source will be targeted to the entire cluster, you must run the download script on every node in the cluster.

    For step 5, you must supply the same parameter values as you did for the first node.


section 8Create a JDBC Custom Data Source for the ATP Database

Oracle WebLogic Server for Oracle Cloud Infrastructure provides a create utility script in /opt/scripts/utils/ to configure a JDBC custom data source using the downloaded ATP wallet files and data source properties you provide.

You can supply the properties in a configuration file or you can let the script prompt you for the properties one at a time. This tutorial uses the latter method.

  1. Open an SSH connection to the first or second node as the opc user.

    ssh -i <path_to_private_key> opc@<node_public_ip>

  2. Change to the oracle user.

    sudo su oracle

  3. Run the script create_atp_datasource.sh.

    The command is:

    /opt/scripts/utils/create_atp_datasource.sh

  4. Enter y to confirm you have downloaded the ATP wallet on all the nodes.

    Then at each prompt, enter a value or press Enter to accept the default value that's shown inside the square brackets.

  5. For JDBC datasource name, enter MyATPDS.
  6. Enter the OCID of the ATP database you used.
  7. For ATP database user, enter ADMIN or a user that's already been added to ATP database.
  8. Enter the password for the ATP database user.
  9. For the ATP database wallet password, enter the password you provided when you ran the download script to extract the ATP wallet.
  10. Press Enter to accept the default database level for the data source connection (low).
  11. Enter the WebLogic Server administrator user name.
  12. Enter the WebLogic Server administrator password.
  13. Press Enter to accept the default WebLogic Admin URL (t3://MyJRFWLS-wls-0:7001).
  14. Press Enter to accept the default JDBC driver class (oracle.jdbc.OracleDriver).
  15. Enter Cluster as the data source target type.

    It may take several seconds for the next prompt to display.

  16. Press Enter to accept the default target cluster name (MyJRFWLS_cluster).
  17. When you finish providing inputs to the script, the script output should look similar to the following:
    INFO: Found wallet config file
    INFO: Verifying existing datasources.
    INFO: Verified that no existing data source has the same name.
    
    INFO: Created datasource configuration file /tmp/.ds_config
    INFO: Creating the datasource ==> MyATPDS
    INFO: Connecting to the admin server [t3://MyJRFWLS-wls-0:7001]...
    INFO: Adding properties to datasource
    INFO: Target Type : Cluster
    INFO: Targets : MyJRFWLS_cluster
    INFO: Setting targets [[com.bea:Name=MyJRFWLS_cluster,Type=Cluster]]
    INFO: Successfully create datasource [MYATPDS]
    INFO: Validating the Datasource [MYATPDS]
    INFO: Verify datasource on Server MyJRFWLS_server_2
    -- MyATPDS:  State[Running] Connection Test is OK
    INFO: Verify datasource on Server AdminServer
    -- Datasource MyATPDS not found on server AdminServer.
    INFO: Verify datasource on Server MyJRFWLS_server_1
    -- MyATPDS:    State[Running] Connection Test is OK

section 9Test the JDBC Custom Data Source

  1. Access the WebLogic Console at the following URL:

    http://wls_public_ip:7001/console

    The WebLogic Server Administration Console is displayed.

  2. Enter the administrator credentials for the domain.
  3. In the Domain Structure panel on the left, expand Services and click Data Sources.
  4. In the Summary of JDBC Data Sources, click the name of the data source you created by running the script.
  5. Click Monitoring, then click Testing.
  6. Select MyJRFWLS_server_1, then click Test Data Source.

    The following message displays: Test of data_source_name on server MyJRFWLS_server_1 was successful


more informationWant to Learn More?