Before You Begin

This 60-minute tutorial shows you how to use Oracle Cloud Infrastructure Marketplace and an Oracle Autonomous Database to provision an Oracle WebLogic Server domain and cluster that includes Java Required Files (JRF) components. The tutorial also shows you how to create a Java Database Connectivity (JDBC) custom data source for the Oracle Autonomous Database.

Background

You can use Oracle WebLogic Server for Oracle Cloud Infrastructure (Oracle WebLogic Server for OCI) applications in the Oracle Cloud Infrastructure Marketplace to provision a cluster of WebLogic Server nodes. The first node hosts the administration server for the domain along with the first managed server. This service can also provision a load balancer to distribute application traffic across the servers in your cluster. Marketplace uses Oracle Resource Manager to provision the network, compute instances, and load balancer as a single unit called a stack.

Oracle Cloud Infrastructure Marketplace offers separate services for:

• Oracle WebLogic Server Standard Edition
• Oracle WebLogic Server Enterprise Edition - includes clustering
• Oracle WebLogic Suite - includes Oracle Coherence for increased performance and scalability, and Active Gridlink for RAC for advanced database connectivity

This tutorial uses Oracle WebLogic Server for OCI to create a virtual cloud network (VCN) and subnets in Oracle Cloud Infrastructure to support WebLogic Server Enterprise Edition or WebLogic Server Suite, and the load balancer and file system. But you can also use an existing VCN and existing subnets if desired. By default, the WebLogic Server subnet is private and not accessible from external clients, but Oracle WebLogic Server for OCI can also provision WebLogic Server in a public subnet.

This tutorial creates a WebLogic Server JRF-enabled domain that includes the Java Required Files components for building applications with Oracle Application Development Framework (ADF). An existing Oracle Cloud Infrastructure DB System or Oracle Autonomous Database is required in order to provision a JRF-enabled domain. This tutorial uses an Oracle Autonomous database.

Provisioning a domain in Oracle WebLogic Server for OCI requires one or more secrets in Oracle Cloud Infrastructure Vault. Secrets store one or more passwords you would require when creating a WebLogic Server cluster. This tutorial uses a standard vault, which is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy. The limit for secrets spans all vaults. See Service Limits and Oracle Cloud Infrastructure Vault FAQ.

You can estimate the cost of the resources and services that you want to use to provision your instance. See Oracle Cloud Cost Estimator.

What Do You Need?

• Your Oracle Cloud Infrastructure user name and password. You must belong to at least one group.

  You must be an Oracle Cloud Infrastructure administrator. If you are not an administrator, you must be able to create dynamic groups and policies, use secrets, and view tenancies in your tenancy.

  Controlled access to these tenancy resources are defined in a root-level policy that is typically created by the Oracle Cloud Infrastructure administrator. For a sample root-level policy, download the text file.

• An Oracle Cloud Infrastructure compartment.

  This tutorial uses a single compartment, which contains the compute instances, load balancer, and network resources that will be created for the domain.

  See Managing Compartments.

• A dynamic group that lists the OCID of the compartment in which users who are not administrators can create domains. The Oracle Cloud Infrastructure administrator creates this dynamic group. For a sample dynamic group, download the text file and replace the value with your compartment OCID. For dynamic group policies, see this text file.

  See Managing Dynamic Groups.

• A compartment-level Oracle Cloud Infrastructure policy that enables you to work with resources and create resources in the compartment you intend to use.
  

  If you are not an administrator:

  • You must be able to access Marketplace applications and Resource Manager to create stacks and jobs, compute instances, networks (optional), and load balancers (optional) in the compartment.
  • You must also be able to create vaults, keys, and secrets in the compartment.
  • You must be able to list databases in the compartment that contains your database.

  See Common Policies. For a sample compartment-level policy, download the text file.

• An SSH public key and corresponding private key.
• A serverless Oracle Autonomous Database instance with a workload type of Transaction Processing. See Creating an Autonomous Database. You can also use the free-tier autonomous database. See Create an Always Free Autonomous Database. Copy the OCID value of the Oracle Autonomous Database after it's created.
• The Oracle Autonomous Database must allow the WebLogic Server compute instances to access the database listen port (1521 by default). Update the access control list (ACL), if necessary. See Security Tools for Serverless Deployments.
• (Optional) A user other than ADMIN in the Oracle Autonomous Database. See Create Users on Autonomous Database.

Create a Vault and a Key

1. Sign in to the Oracle Cloud Infrastructure console.
2. Click the navigation menu , select Identity & Security, and then click Vault.
3. Select your Compartment, if not already selected.
4. Click Create Vault.
5. For Name, enter WebLogicOCIVault.
6. Click Create.
7. Click the new vault.
8. Click Master Encryption Keys, and then click Create Key.
9. For Name, enter WebLogicOCIKey.
10. Click Create Key.

    Wait for the key to be created and enabled.

Create Secrets for Your WebLogic and Database Passwords

1. In the vault, click Secrets, and then click Create Secret.
2. For Name, enter WebLogicAdminSecret.
3. Select the key WebLogicOCIKey that you created.
4. For Secret Contents, enter the password you want to use for the WebLogic Server administrator.
5. Click Create Secret.

   Wait for the secret to be created.

6. Click the secret name.
7. Copy the OCID for the WebLogic administrator secret.
8. Repeat steps 1 through 7 to create a secret for the password of the ADMIN user to access the Oracle Autonomous Database you intend to use.

Create a Stack that Uses the Oracle Autonomous Database

1. Click the navigation menu , select Marketplace, and then click All Applications.
2. Click one of the following Oracle WebLogic applications:
   • Oracle WebLogic Server Enterprise Edition BYOL
   • Oracle WebLogic Server Enterprise Edition UCM
   • Oracle WebLogic Suite BYOL
   • Oracle WebLogic Suite UCM

   Note: Do not select Standard Edition because this tutorial uses managed servers in a cluster.

3. Select a WLS 12c version.
4. Select the Compartment in which to create the stack.
5. Select the Oracle Standards Terms and Restrictions check box, and then click Launch Stack.

   The Create Stack page displays.

6. For Name, enter MyJRFWLStack.
7. Click Next.

   The Configure Variables page displays.

8. For Resource Name Prefix, enter MyJRFWLS.
9. For SSH Public Key, upload the SSH public key file or paste the contents of your SSH public key file. After creating the stack, you can connect to the WebLogic Server compute instances by using an SSH client and the corresponding private key.
10. Select the Create a Virtual Network and the Add File System check boxes.

    Keep the default selection for the OCI Policies and Provision Load Balancer check boxes.

    Note: The Provision Bastion Instance check box is not available when you create a new VCN.

11. For Virtual Cloud Network Name, enter MyWLStackNetwork.

    This tutorial uses the same compartment for Network Compartment.

12. For WebLogic Server Admin User Name, enter the administrator user name for the new WebLogic Server domain.
13. For WebLogic Server Admin Secret Compartment, select the compartment where you have the WebLogic Server administration secret and then for Validated Secret for WebLogic Server Admin Password, select the secret that contains the administration password.
14. Select the Provision with JRF check box. Then for Database Strategy, select Autonomous Transaction Processing Database.
15. Select the Autonomous Database Compartment that contains your Oracle Autonomous Database.
16. Select the Autonomous Database in which to provision the JRF schemas for the stack.
17. For Autonomous Database Secret Compartment, select the compartment where you have the database administration secret.
18. For Validated Secret for Autonomous Database Admin Password, enter the OCID of the secret you created to contain the password for the ADMIN user in the database you selected.
19. For Compute Shape, select the shape of the compute instances.

    See Compute Shapes.

    If you select a flexible shape, for OCPU Count, select the OCPU count for the compute instances.
20. For Node Count, select 2.
21. For WebLogic Server Subnet CIDR, enter a CIDR for the new subnet.
22. For Bastion Host Subnet CIDR, enter a CIDR for the new subnet.
23. For Bastion Host Shape, select VM.Standard2.1.
24. For Create or Use Existing Load Balancer, select Create New Load Balancer.
25. For Load Balancer Subnet CIDR, enter a CIDR for the new load balancer subnet.
26. For Minimum Bandwidth for Flexible Load Balancer and for Maximum Bandwidth for Flexible Load Balancer, retain the default values.

    This creates a flexible load balancer with the specified minimum and maximum bandwidth.

27. For File System Availability Domain, select the availability domain in which you want to create the file system and mount target and for Mount Target Subnet CIDR, retain the default value.
28. Click Next to verify your configuration variables.
29. Click Create.

    The Job Details page of your stack is displayed in Resource Manager.

    An Apply job is started to provision your stack.
    To return to this page at a later time, click the navigation menu , select Developer Services. Under the Resource Manager group, click Jobs.

30. Periodically monitor the progress of the Apply job until it is finished.

    If an email address is associated with your user profile, you will receive an email notification.

31. If the job is in the Failed state, click the job name to view the logs.

Access the WebLogic and Fusion Middleware Consoles

1. From the Job Details page, click Application Information.
2. For Bastion Instance, click Show, and note the Public IP Address for the compute instance, MyJRFWLS-bastion-instance.
3. From your computer, open an SSH tunnel to use dynamic port forwarding to an unused port on the bastion compute instance. Connect as the opc user and provide the path to the private key that corresponds to the public key that you specified when you created the stack.

   The SSH command format is:

   ssh -C -D port_for_socks_proxy -i path_to_private_key opc@bastion_public_ip

   The following example uses port 1088 for SOCKS proxy:

   ssh -C -D 1088 -i ~/.ssh/mykey.openssh opc@198.51.100.1

4. In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
5. Under Application Information, click the Web Logic Server Administration Console URL.
   

   https://wls_private_ip:7002/console

   The WebLogic Server Administration Console is displayed.

6. Enter the administrator credentials for the domain.
7. In the Domain Structure panel on the left, note the domain name, MyJRFWLS_domain.
8. Click Deployments, then click Next to browse the table.

   Various libraries, modules, and components are installed for a JRF-enabled domain.

   The application sample-app application is also deployed.

9. Log out from the WebLogic Console.
10. Browse to the following URL, then enter the administrator credentials for the domain:

    https://wls_private_ip:7002/em

    The Fusion Middleware Control Console is displayed.

11. Click Deployments. Verify the sample-app application is deployed to the target MyJRFWLS_cluster.
12. Log out from the Fusion Middleware Control Console.
13. Return to the Oracle Cloud Infrastructure console.
14. Click the navigation menu , select Networking, and then click Load Balancers.
15. Click MyJRFWLS-lb. This is the load balancer instance.
16. Identify the IP Address for this load balancer.
17. Browse to the following URL:

    https://lb_public_ip/sample-app

    The sample application is displayed.

18. Return to the load balancer in the Oracle Cloud Infrastructure console.
19. Click the Virtual Cloud Network link, MyJRFWLS-MyJRFWLStackNetwork.
20. Identify the subnets that were created for your stack.

Download the Oracle Autonomous Database Wallet

Oracle WebLogic Server for OCI provides a download utility script in /opt/scripts/utils/ to download an Oracle Autonomous Database wallet. You'll need to provide the OCID of the Oracle Autonomous Database you used to create the stack.

1. Return to the Job Details page of your stack, and click Associated Resources.

   There are two compute instance links in the table, MyJRFWLS-wls-0 and MyJRFWLS-wls-1.

2. Click each instance link to navigate to the Instance Details page and look up the Public IP Address for the node.
3. Open an SSH connection to the first node as the opc user.

   Tip: You can create an SSH connection from Cloud Shell if you download your private key.

   ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p -i <path_to_private_key> opc@<bastion_public_ip>" opc@<first_node_private_ip>

4. Change to the oracle user.

   sudo su oracle

5. Run the script download_atp_wallet.sh by providing the following parameters:
   • The OCID of your Oracle Autonomous Database. For example: ocid1.autonomousdatabase.oc1.iad.abcxyz
   • A password for the Oracle Autonomous Database wallet. This must be at least 8 characters long, and includes at least 1 letter and either 1 numeric character or 1 special character.
   • The path to save the extracted Oracle Autonomous Database wallet files. This tutorial uses the existing path /u01/data/domains/<domain_name>/config/atp, which is created for domains that use Oracle Autonomous Databases.

   The command is:

   /opt/scripts/utils/download_atp_wallet.sh <atp_database_ocid> <atp_wallet_password> <path_to_extract_wallet_files>

   For example:

   /opt/scripts/utils/download_atp_wallet.sh ocid1.autonomousdatabase.oc1.iad.abcxyz password /u01/data/domains/MyJRFWLS_domain/config/atp

   The download script unpacks and copies the Oracle Autonomous Database wallet contents to the node in the path you provided. Your script output should look similar to the following:

   <Sep 17, 2019 08:46:13 PM GMT> <INFO> <oci_api_utils> <(host:MyJRFWLS-wls-0.subnet-name.vcn-name.oraclevcn.com) - <WLSC-VM-INFO-001> ATP Wallet downloaded>
   Archive:  /tmp/atp_wallet.zip
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/cwallet.sso
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/tnsnames.ora
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/truststore.jks
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ojdbc.properties
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/sqlnet.ora
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ewallet.p12
     inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/keystore.jks

6. Repeat steps 3 to 5 on the second node.

   Because the data source will be targeted to the entire cluster, you must run the download script on every node in the cluster.

   For step 5, you must supply the same parameter values as you did for the first node.

Create a JDBC Custom Data Source for the Oracle Autonomous Database

Oracle WebLogic Server for OCI provides a create utility script in /opt/scripts/utils/ to configure a JDBC custom data source using the downloaded Oracle Autonomous Database wallet files and data source properties you provide.

You can supply the properties in a configuration file or you can let the script prompt you for the properties one at a time. This tutorial uses the latter method.

1. Open an SSH connection to the first or second node as the opc user.

   ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p -i <path_to_private_key> opc@<bastion_public_ip>" opc@<first_node_private_ip>

2. Change to the oracle user.

   sudo su oracle

3. Run the script create_atp_datasource.sh.

   The command is:

   /opt/scripts/utils/create_atp_datasource.sh

4. Enter y to confirm you have downloaded the Oracle Autonomous Database wallet on all the nodes.

   Then at each prompt, enter a value or press Enter to accept the default value that's shown inside the square brackets.

5. For JDBC datasource name, enter MyATPDS.
6. Enter the OCID of the Oracle Autonomous Database you used.
7. For the Oracle Autonomous Database user, enter ADMIN or a user that's already been added to the Oracle Autonomous Database.
8. Enter the password for the Oracle Autonomous Database user.
9. For the Oracle Autonomous Database wallet password, enter the password you provided when you ran the download script to extract the Oracle Autonomous Database wallet.
10. Press Enter to accept the default database level for the data source connection (low).
11. Enter the WebLogic Server administrator user name.
12. Enter the WebLogic Server administrator password.
13. Press Enter to accept the default WebLogic Admin URL (t3://MyJRFWLS-wls-0:9071).
14. Press Enter to accept the default JDBC driver class (oracle.jdbc.OracleDriver).
15. Enter Cluster as the data source target type.

    It may take several seconds for the next prompt to display.

16. Press Enter to accept the default target cluster name (MyJRFWLS_cluster).
17. When you finish providing inputs to the script, the script output should look similar to the following:

    INFO: Found wallet config file
    INFO: Verifying existing datasources.
    INFO: Verified that no existing data source has the same name.
    
    INFO: Created datasource configuration file /tmp/.ds_config
    INFO: Creating the datasource ==> MyATPDS
    INFO: Connecting to the admin server [t3://MyJRFWLS-wls-0:9071]...
    INFO: Adding properties to datasource
    INFO: Target Type : Cluster
    INFO: Targets : MyJRFWLS_cluster
    INFO: Setting targets [[com.bea:Name=MyJRFWLS_cluster,Type=Cluster]]
    INFO: Successfully create datasource [MYATPDS]
    INFO: Validating the Datasource [MYATPDS]
    INFO: Verify datasource on Server MyJRFWLS_server_2
    -- MyATPDS:  State[Running] Connection Test is OK
    INFO: Verify datasource on Server AdminServer
    -- Datasource MyATPDS not found on server AdminServer.
    INFO: Verify datasource on Server MyJRFWLS_server_1
    -- MyATPDS:    State[Running] Connection Test is OK

Test the JDBC Custom Data Source

1. Access the WebLogic Console at the following URL:

   https://wls_private_ip:7002/console

   The WebLogic Server Administration Console is displayed.

2. Enter the administrator credentials for the domain.
3. In the Domain Structure panel on the left, expand Services and click Data Sources.
4. In the Summary of JDBC Data Sources, click the name of the data source you created by running the script.
5. Click Monitoring, then click Testing.
6. Select MyJRFWLS_server_1, then click Test Data Source.

   The following message displays: Test of data_source_name on server MyJRFWLS_server_1 was successful

Want to Learn More?

• Oracle WebLogic Server for Oracle Cloud Infrastructure Help Center
• Understanding Oracle WebLogic Server
• Oracle WebLogic Server Enterprise Edition
• Oracle WebLogic Suite
• Overview of Resource Manager
• Overview of the Compute Service
• Overview of Autonomous Database
• Overview of Load Balancing
• Overview of Vault
• VCNs and Subnets