Before You Begin
This 60-minute tutorial shows you how to use Oracle Cloud Infrastructure Marketplace and an Oracle Autonomous Database to provision an Oracle WebLogic Server domain and cluster that includes Java Required Files (JRF) components. The tutorial also shows you how to create a Java Database Connectivity (JDBC) custom data source for the Oracle Autonomous Database.
Background
You can use Oracle WebLogic Server for Oracle Cloud Infrastructure (Oracle WebLogic Server for OCI) applications in the Oracle Cloud Infrastructure Marketplace to provision a cluster of WebLogic Server nodes. The first node hosts the administration server for the domain along with the first managed server. This service can also provision a load balancer to distribute application traffic across the servers in your cluster. Marketplace uses Oracle Resource Manager to provision the network, compute instances, and load balancer as a single unit called a stack.
Oracle Cloud Infrastructure Marketplace offers separate services for:
- Oracle WebLogic Server Standard Edition
- Oracle WebLogic Server Enterprise Edition - includes clustering
- Oracle WebLogic Suite - includes Oracle Coherence for increased performance and scalability, and Active Gridlink for RAC for advanced database connectivity
This tutorial uses Oracle WebLogic Server for OCI to create a virtual cloud network (VCN) and subnets in Oracle Cloud Infrastructure to support WebLogic Server Enterprise Edition or WebLogic Server Suite, and the load balancer and file system. But you can also use an existing VCN and existing subnets if desired. By default, the WebLogic Server subnet is private and not accessible from external clients, but Oracle WebLogic Server for OCI can also provision WebLogic Server in a public subnet.
This tutorial creates a WebLogic Server JRF-enabled domain that includes the Java Required Files components for building applications with Oracle Application Development Framework (ADF). An existing Oracle Cloud Infrastructure DB System or Oracle Autonomous Database is required in order to provision a JRF-enabled domain. This tutorial uses an Oracle Autonomous database.
Provisioning a domain in Oracle WebLogic Server for OCI requires one or more secrets in Oracle Cloud Infrastructure Vault. Secrets store one or more passwords you would require when creating a WebLogic Server cluster. This tutorial uses a standard vault, which is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy. The limit for secrets spans all vaults. See Service Limits and Oracle Cloud Infrastructure Vault FAQ.
You can estimate the cost of the resources and services that you want to use to provision your instance. See Oracle Cloud Cost Estimator.
What Do You Need?
- Your Oracle Cloud Infrastructure user name and password. You
must belong to at least one group.
You must be an Oracle Cloud Infrastructure administrator. If you are not an administrator, you must be able to create dynamic groups and policies, use secrets, and view tenancies in your tenancy.
Controlled access to these tenancy resources are defined in a root-level policy that is typically created by the Oracle Cloud Infrastructure administrator. For a sample root-level policy, download the text file.
- An Oracle Cloud Infrastructure compartment.
This tutorial uses a single compartment, which contains the compute instances, load balancer, and network resources that will be created for the domain.
- A dynamic group that lists the OCID of the compartment in which users who are not administrators can create domains. The Oracle Cloud Infrastructure administrator creates this dynamic group. For a sample dynamic group, download the text file and replace the value with your compartment OCID. For dynamic group policies, see this text file.
- A compartment-level Oracle Cloud Infrastructure policy that
enables you to work with resources and create resources in the
compartment you intend to use.
If you are not an administrator:
- You must be able to access Marketplace applications and Resource Manager to create stacks and jobs, compute instances, networks (optional), and load balancers (optional) in the compartment.
- You must also be able to create vaults, keys, and secrets in the compartment.
- You must be able to list databases in the compartment that contains your database.
See Common Policies. For a sample compartment-level policy, download the text file.
- An SSH public key and corresponding private key.
- A serverless Oracle Autonomous Database instance with a workload type of Transaction Processing. See Creating an Autonomous Database. You can also use the free-tier autonomous database. See Create an Always Free Autonomous Database. Copy the OCID value of the Oracle Autonomous Database after it's created.
- The Oracle Autonomous Database must allow the WebLogic Server compute instances to access the database listen port (1521 by default). Update the access control list (ACL), if necessary. See Security Tools for Serverless Deployments.
- (Optional) A user other than ADMIN in the Oracle Autonomous Database. See Create Users on Autonomous Database.
Create a Vault and a Key
- Sign in to the Oracle Cloud Infrastructure console.
- Click the navigation menu , select Identity & Security, and then click Vault.
- Select your Compartment, if not already selected.
- Click Create Vault.
- For Name, enter
WebLogicOCIVault
. - Click Create.
- Click the new vault.
- Click Master Encryption Keys, and then click Create Key.
- For Name, enter
WebLogicOCIKey
. - Click Create Key.
Wait for the key to be created and enabled.
Create Secrets for Your WebLogic and Database Passwords
- In the vault, click Secrets, and then click Create Secret.
- For Name, enter
WebLogicAdminSecret
. - Select the key
WebLogicOCIKey
that you created. - For Secret Contents, enter the password you want to use for the WebLogic Server administrator.
- Click Create Secret.
Wait for the secret to be created.
- Click the secret name.
- Copy the OCID for the WebLogic administrator secret.
- Repeat steps 1 through 7 to create a secret for the password of the ADMIN user to access the Oracle Autonomous Database you intend to use.
Create a Stack that Uses the Oracle Autonomous Database
- Click the navigation menu , select Marketplace, and then click All Applications.
- Click one of the following Oracle WebLogic applications:
- Oracle WebLogic Server Enterprise Edition BYOL
- Oracle WebLogic Server Enterprise Edition UCM
- Oracle WebLogic Suite BYOL
- Oracle WebLogic Suite UCM
Note: Do not select Standard Edition because this tutorial uses managed servers in a cluster.
- Select a WLS 12c version.
- Select the Compartment in which to create the stack.
- Select the Oracle Standards Terms and Restrictions
check box, and then click Launch Stack.
The Create Stack page displays.
- For Name, enter
MyJRFWLStack
. - Click Next.
The Configure Variables page displays.
- For Resource Name Prefix, enter
MyJRFWLS
. - For SSH Public Key, upload the SSH public key file or paste the contents of your SSH public key file. After creating the stack, you can connect to the WebLogic Server compute instances by using an SSH client and the corresponding private key.
- Select
the Create
a Virtual Network
and the Add File System check
boxes.
Keep the default selection for the OCI Policies and Provision Load Balancer check boxes.
Note: The Provision Bastion Instance check box is not available when you create a new VCN.
- For Virtual Cloud Network Name, enter
MyWLStackNetwork
.This tutorial uses the same compartment for Network Compartment.
- For WebLogic Server Admin User Name, enter the administrator user name for the new WebLogic Server domain.
- For WebLogic Server Admin Secret Compartment, select the compartment where you have the WebLogic Server administration secret and then for Validated Secret for WebLogic Server Admin Password, select the secret that contains the administration password.
- Select the Provision with JRF check box. Then for Database Strategy, select Autonomous Transaction Processing Database.
- Select the Autonomous Database Compartment that contains your Oracle Autonomous Database.
- Select the Autonomous Database in which to provision the JRF schemas for the stack.
- For Autonomous Database Secret Compartment, select the compartment where you have the database administration secret.
- For Validated Secret for Autonomous Database Admin Password, enter the OCID of the secret you created to contain the password for the ADMIN user in the database you selected.
- For Compute Shape, select the shape of the
compute instances.
See Compute Shapes.
If you select a flexible shape, for OCPU Count, select the OCPU count for the compute instances. - For Node Count, select 2.
- For WebLogic Server Subnet CIDR, enter a CIDR for the new subnet.
- For Bastion Host Subnet CIDR, enter a CIDR for the new subnet.
- For Bastion
Host Shape, select
VM.Standard2.1
. - For Create or Use Existing Load Balancer, select Create New Load Balancer.
- For Load Balancer Subnet CIDR, enter a CIDR for the new load balancer subnet.
- For Minimum Bandwidth for Flexible Load Balancer
and for Maximum Bandwidth for Flexible Load Balancer,
retain the default values.
This creates a flexible load balancer with the specified minimum and maximum bandwidth.
- For File System Availability Domain, select the availability domain in which you want to create the file system and mount target and for Mount Target Subnet CIDR, retain the default value.
- Click Next to verify your configuration variables.
- Click Create.
The Job Details page of your stack is displayed in Resource Manager.
An Apply job is started to provision your stack.
To return to this page at a later time, click the navigation menu , select Developer Services. Under the Resource Manager group, click Jobs. - Periodically monitor the progress of the Apply job until it
is finished.
If an email address is associated with your user profile, you will receive an email notification.
- If the job is in the Failed state, click the job name to view the logs.
Access the WebLogic and Fusion Middleware Consoles
- From the Job Details page, click Application Information.
- For Bastion Instance, click Show, and note the Public IP Address for the compute instance, MyJRFWLS-bastion-instance.
- From your computer, open an SSH tunnel to use dynamic port
forwarding to an unused port on the bastion compute instance.
Connect as the opc user and provide the path to the private
key that corresponds to the public key that you specified when
you created the stack.
The SSH command format is:
ssh -C -D port_for_socks_proxy -i path_to_private_key opc@bastion_public_ip
The following example uses port 1088 for SOCKS proxy:
ssh -C -D 1088 -i ~/.ssh/mykey.openssh opc@198.51.100.1
- In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
- Under Application Information, click the Web
Logic Server Administration Console URL.
https://wls_private_ip:7002/console
The WebLogic Server Administration Console is displayed.
- Enter the administrator credentials for the domain.
- In the Domain Structure panel on the left, note the domain name, MyJRFWLS_domain.
- Click Deployments, then click Next
to browse the table.
Various libraries, modules, and components are installed for a JRF-enabled domain.
The application
sample-app
application is also deployed. - Log out from the WebLogic Console.
- Browse to the following URL, then enter the administrator
credentials for the domain:
https://wls_private_ip:7002/em
The Fusion Middleware Control Console is displayed.
- Click Deployments. Verify the
sample-app
application is deployed to the targetMyJRFWLS_cluster
. - Log out from the Fusion Middleware Control Console.
- Return to the Oracle Cloud Infrastructure console.
- Click the navigation menu , select Networking, and then click Load Balancers.
- Click MyJRFWLS-lb. This is the load balancer instance.
- Identify the IP Address for this load balancer.
- Browse to the following URL:
https://lb_public_ip/sample-app
The sample application is displayed.
- Return to the load balancer in the Oracle Cloud Infrastructure console.
- Click the Virtual Cloud Network link, MyJRFWLS-MyJRFWLStackNetwork.
- Identify the subnets that were created for your stack.
Download the Oracle Autonomous Database Wallet
Oracle WebLogic Server for OCI provides a download utility
script in /opt/scripts/utils/
to download an
Oracle Autonomous Database wallet. You'll need to provide the
OCID of the Oracle Autonomous Database you used to create the
stack.
- Return to the Job Details page of your stack, and click Associated
Resources.
There are two compute instance links in the table, MyJRFWLS-wls-0 and MyJRFWLS-wls-1.
- Click each instance link to navigate to the Instance Details page and look up the Public IP Address for the node.
- Open an SSH connection to the first node as the
opc
user.Tip: You can create an SSH connection from Cloud Shell if you download your private key.
ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p -i <path_to_private_key> opc@<bastion_public_ip>" opc@<first_node_private_ip>
- Change to the
oracle
user.sudo su oracle
- Run the script
download_atp_wallet.sh
by providing the following parameters:- The OCID of your Oracle Autonomous Database. For
example:
ocid1.autonomousdatabase.oc1.iad.abcxyz
- A password for the Oracle Autonomous Database wallet. This must be at least 8 characters long, and includes at least 1 letter and either 1 numeric character or 1 special character.
- The path to save the extracted Oracle Autonomous
Database wallet files. This tutorial uses the existing
path
/u01/data/domains/<domain_name>/config/atp
, which is created for domains that use Oracle Autonomous Databases.
The command is:
/opt/scripts/utils/download_atp_wallet.sh <atp_database_ocid> <atp_wallet_password> <path_to_extract_wallet_files>
For example:
/opt/scripts/utils/download_atp_wallet.sh ocid1.autonomousdatabase.oc1.iad.abcxyz password /u01/data/domains/MyJRFWLS_domain/config/atp
The download script unpacks and copies the Oracle Autonomous Database wallet contents to the node in the path you provided. Your script output should look similar to the following:
<Sep 17, 2019 08:46:13 PM GMT> <INFO> <oci_api_utils> <(host:MyJRFWLS-wls-0.subnet-name.vcn-name.oraclevcn.com) - <WLSC-VM-INFO-001> ATP Wallet downloaded> Archive: /tmp/atp_wallet.zip inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/cwallet.sso inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/tnsnames.ora inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/truststore.jks inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ojdbc.properties inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/sqlnet.ora inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/ewallet.p12 inflating: /u01/data/domains/MyJRFWLS_domain/config/atp/ocid1.autonomousdatabase.oc1.iad.abcxyz/keystore.jks
- The OCID of your Oracle Autonomous Database. For
example:
- Repeat steps 3 to 5 on the second node.
Because the data source will be targeted to the entire cluster, you must run the download script on every node in the cluster.
For step 5, you must supply the same parameter values as you did for the first node.
Create a JDBC Custom Data Source for the Oracle Autonomous Database
Oracle WebLogic Server for OCI provides a create utility script
in /opt/scripts/utils/
to configure a JDBC custom
data source using the downloaded Oracle Autonomous Database
wallet files and data source properties you provide.
You can supply the properties in a configuration file or you can let the script prompt you for the properties one at a time. This tutorial uses the latter method.
- Open an SSH connection to the first or second node as the
opc
user.ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p -i <path_to_private_key> opc@<bastion_public_ip>" opc@<first_node_private_ip
>
- Change to the
oracle
user.sudo su oracle
- Run the script
create_atp_datasource.sh
.The command is:
/opt/scripts/utils/create_atp_datasource.sh
- Enter
y
to confirm you have downloaded the Oracle Autonomous Database wallet on all the nodes.Then at each prompt, enter a value or press Enter to accept the default value that's shown inside the square brackets.
- For JDBC datasource name, enter
MyATPDS
. - Enter the OCID of the Oracle Autonomous Database you used.
- For the Oracle Autonomous Database user, enter
ADMIN
or a user that's already been added to the Oracle Autonomous Database. - Enter the password for the Oracle Autonomous Database user.
- For the Oracle Autonomous Database wallet password, enter the password you provided when you ran the download script to extract the Oracle Autonomous Database wallet.
- Press Enter to accept the default database level for the
data source connection (
low
). - Enter the WebLogic Server administrator user name.
- Enter the WebLogic Server administrator password.
- Press Enter to accept the default WebLogic Admin URL (
t3://MyJRFWLS-wls-0:9071
). - Press Enter to accept the default JDBC driver class (
oracle.jdbc.OracleDriver
). - Enter
Cluster
as the data source target type.It may take several seconds for the next prompt to display.
- Press Enter to accept the default target cluster name (
MyJRFWLS_cluster
). - When you finish providing inputs to the script, the script
output should look similar to the following:
INFO: Found wallet config file INFO: Verifying existing datasources. INFO: Verified that no existing data source has the same name. INFO: Created datasource configuration file /tmp/.ds_config INFO: Creating the datasource ==> MyATPDS INFO: Connecting to the admin server [t3://MyJRFWLS-wls-0:9071]... INFO: Adding properties to datasource INFO: Target Type : Cluster INFO: Targets : MyJRFWLS_cluster INFO: Setting targets [[com.bea:Name=MyJRFWLS_cluster,Type=Cluster]] INFO: Successfully create datasource [MYATPDS] INFO: Validating the Datasource [MYATPDS] INFO: Verify datasource on Server MyJRFWLS_server_2 -- MyATPDS: State[Running] Connection Test is OK INFO: Verify datasource on Server AdminServer -- Datasource MyATPDS not found on server AdminServer. INFO: Verify datasource on Server MyJRFWLS_server_1 -- MyATPDS: State[Running] Connection Test is OK
Test the JDBC Custom Data Source
- Access the WebLogic Console at the following URL:
https://wls_private_ip:7002/console
The WebLogic Server Administration Console is displayed.
- Enter the administrator credentials for the domain.
- In the Domain Structure panel on the left, expand Services and click Data Sources.
- In the Summary of JDBC Data Sources, click the name of the data source you created by running the script.
- Click Monitoring, then click Testing.
- Select MyJRFWLS_server_1, then click Test
Data Source.
The following message displays:
Test of data_source_name on server MyJRFWLS_server_1 was successful
Want to Learn More?
- Oracle WebLogic Server for Oracle Cloud Infrastructure Help Center
- Understanding Oracle WebLogic Server
- Oracle WebLogic Server Enterprise Edition
- Oracle WebLogic Suite
- Overview of Resource Manager
- Overview of the Compute Service
- Overview of Autonomous Database
- Overview of Load Balancing
- Overview of Vault
- VCNs and Subnets