About the Resources in a Stack
Learn about the compute, network, and other resources created by a stack in Oracle Cloud Infrastructure for a domain in Oracle WebLogic Server for Oracle Cloud Infrastructure.
To obtain a list of all resources created for a specific domain, see View the Cloud Resources for a Domain.
Compute Instances
Depending on the number of nodes you specify for your Oracle WebLogic Server for Oracle Cloud Infrastructure stack configuration, one or more compute instances are created for your domain.
Each WebLogic Server compute instance name has the following format:
servicename-wls-n
Where:
servicename
is the resource name prefix you provided during stack creationn
is0
,1
,2
, and so on
For example, a domain with two nodes would have the following compute instances if the resource prefix is thestack
:
thestack-wls-0
thestack-wls-1
The first compute instance (with the suffix -wls-0
) runs the WebLogic Administration server thestack_adminserver
and the first Managed Server thestack_server_1
. The second compute instance (with the suffix -wls-1
) runs the second Managed Server thestack_server_2
, and so on.
If you specified a private subnet for your domain, a bastion instance is created, which is identified by:
servicename-bastion-instance
If you created a JRF-enabled domain, and WebLogic Server and the database are on different VCNs, then Domain Name Service (DNS) compute instances are created:
servicename-wlsdns-0
- DNS Forwarder in the WebLogic Server VCNservicename-dbsystem-dns
- DNS Forwarder in the database VCN
Network Resources
Several network resources for route tables, security lists, and gateways are created for your Oracle WebLogic Server for Oracle Cloud Infrastructure domain.
Additional network resources are created if you specify a new virtual cloud network (VCN) or new subnets for an existing VCN during domain stack creation.
Your domain configuration determines the type and number of network resources created. The names of all network resources begin with the resource name prefix you provided during stack creation. The following table provides a summary of the resources that can be created.
Resource Name | Type |
---|---|
servicename-vcnname |
WebLogic VCN |
servicename-wls-subnet |
WebLogic regional subnet |
servicename-wls-subnet-adname |
WebLogic availability domain-specific subnet |
servicename-bastion-subnet |
public subnet for the bastion compute instance |
servicename-lb-subnet-1 |
load balancer regional subnet |
servicename-lb-subnet-1-adname1 |
availability domain-specific subnet 1 for load balancer node 1 |
servicename-lb-subnet-1-adname2 |
availability domain-specific subnet 2 for load balancer node 2 |
servicename-wls-dns-subnet-adname |
public subnet for the DNS Forwarder in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-subnet-adname |
public subnet for the DNS Forwarder in the database VCN, for local VCN peering |
Default route table for servicename-vcnname |
default route table for the WebLogic VCN |
servicename-public-routetable |
route table for a subnet |
servicename-dbsystem-routetable |
database route table, for local VCN peering |
servicename-internet-gateway |
internet gateway for the WebLogic VCN |
servicename-service-gateway |
service gateway for the WebLogic VCN |
servicename-wls-lpg |
local peering gateway in the WebLogic VCN |
servicename-dbsystem-lpg |
local peering gateway in the database VCN |
Default security list for servicename-vcnname |
default security list for the VCN |
servicename-internal-security-list |
security list for the WebLogic subnet |
servicename-bastion-security-list |
security list for the bastion subnet |
servicename-wls-bastion-security-list |
security list for the bastion and WebLogic subnets |
servicename-wls-ms-security-list |
security list for the WebLogic Managed Servers |
servicename-lb-security-list |
security list for the load balancer regional subnet |
servicename-wls-lb-security-list-1 |
security list for the load balancer node 1 and WebLogic subnets |
servicename-wls-lb-security-list-2 |
security list for the load balancer node 2 and WebLogic subnets |
servicename-wls_dns_security_list |
security list for the DNS subnet in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-security-list |
security list for the DNS subnet in the database VCN, for local VCN peering |
Default DHCP Options for servicename-vcnname |
default set of Dynamic Host Configuration Protocol (DHCP) options for a new VCN |
servicename-dhcpOptions |
copy of the default DHCP options in the WebLogic VCN |
servicename-wls-dns-dhcp-option |
custom DNS routing in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-dhcp-option |
custom DNS routing in the database VCN, for local VCN peering |
Load Balancer
If you chose to create a load balancer for your domain, it is accessible from a single IP address and it distributes traffic across the managed servers in the domain.
The name of the load balancer resource has the following format:
servicename-lb
Where servicename
is the resource name prefix you provided during stack creation.
The backend resource (which configures the load balancing policy) is identified by the name:
servicename-lb-backendset
The default listener is named https
and it handles traffic on port 443. Attached to the listener are the following:
-
The rule set created with the name
SSLHeaders
. The rule set has the header rulesWL-Proxy-SSL
(value istrue
) andis_ssl
(value isssl
). -
The certificate
demo_cert
.Oracle recommends you add your own SSL certificate.
See Managing SSL Certificates in the Oracle Cloud Infrastructure documentation and Add a Certificate to the Load Balancer.
Identity Resources for Dynamic Group and Root Policies
Oracle WebLogic Server for Oracle Cloud Infrastructure creates a dynamic group and one or more policies for your domain if the OCI Policies check box remains selected during stack creation.
The dynamic group and root-level (tenancy) policies allow compute instances in the domain to access:
- Launch compute instances and manage block storage volumes.
- Keys and secrets in Oracle Cloud Infrastructure Vault
- Load balancer resources
- The database wallet if you're using an Oracle Autonomous Transaction Processing (ATP) database to contain the required infrastructure schemas for a JRF-enabled domain
- The database if you're using Oracle Cloud Infrastructure Database (DB System) to contain the required infrastructure schemas for a JRF-enabled domain
The names of the dynamic group and root-level policies are:
servicename-wlsc-principal-group
(dynamic group)servicename-secrets-policy
servicename-lb-policy
servicename-atp-policy
servicename-db-network-policy
Where servicename
is the resource name prefix you provided during stack creation.
For a single compartment, the matching rule created in the dynamic group is:
instance.compartment.id='ocid1.compartment.oc1..alongstring'
The rule states that all instances created in the compartment (identified by the compartment OCID) are members of the dynamic group.
secrets
policy has the following statements:
Allow dynamic-group servicename-wlsc-principal-group to use secret-family in tenancy
Allow dynamic-group servicename-wlsc-principal-group to use keys in tenancy
Allow service VaultSecret to use keys in tenancy
service
policy has the following statements:
Allow dynamic-group servicename-wlsc-instance-principal-group to manage volume-family in tenancy
Allow dynamic-group servicename-wlsc-instance-principal-group to manage instance-family in tenancy
The lb
policy has the following statement:
Allow dynamic-group servicename-wlsc-principal-group to manage virtual-network-family in tenancy
The atp
policy has this statement:
Allow dynamic-group servicename-wlsc-principal-group to manage autonomous-transaction-processing-family in tenancy
The db-network
policy has this statement:
Allow dynamic-group servicename-wlsc-principal-group to manage virtual-network-family in compartment id ocid1.compartment.oc1..alongstring
Identity Resources for Oracle Identity Cloud Service
If you configure your domain to use Oracle Identity Cloud Service for authentication, Oracle WebLogic Server for Oracle Cloud Infrastructure provisions additional resources in Oracle Identity Cloud Service to support the domain.
These resources are not components of the stack, and so they are not visible in Resource Manager. In addition, they are not deleted automatically when you destroy the stack.
The names of the Oracle Identity Cloud Service resources have the following formats:
servicename_confidential_idcs_app_timestamp
- Confidential Applicationservicename_enterprise_idcs_app_timestamp
- Enterprise Applicationservicename_app_gateway_timestamp
- App Gateway
Where:
servicename
is the resource name prefix you provided during stack creation.timestamp
is the date and time on which the stack was created. For example,2019-09-24T21:46:21.288662