Before You Begin
This 45-minute tutorial shows you how to create a non-Java Required Files (JRF) instance for Oracle WebLogic Server using the Marketplace in the Oracle Cloud Infrastructure.
Background
Oracle WebLogic Server for Oracle Cloud Infrastructure (Oracle WebLogic Server for OCI) can create a domain without JRF components. Oracle WebLogic Server for OCI is accessed as a collection of applications in the Oracle Cloud Infrastructure Marketplace.
Oracle Cloud Infrastructure Marketplace is an online store that's available in the Oracle Cloud Infrastructure Console. When you launch an Oracle WebLogic Server for OCI application from Marketplace, it prompts you for some basic information, and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server domain and supporting cloud resources.
Oracle Cloud Infrastructure Vault (formerly known as Key Management) enables you to manage sensitive information using vaults, keys, and secrets when creating an Oracle WebLogic Server domain. A vault is a container for encryption keys and secrets. A standard vault is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes.
A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Secrets store credentials such as required passwords for a new domain. You use an encryption key in a vault to encrypt and import secret contents to the vault. Secret contents are based64-encoded. Oracle WebLogic Server for OCI uses the same key to retrieve and decrypt secrets when creating the domain.
This tutorial uses the Oracle WebLogic Suite BYOL application
along with an existing VCN and an existing subnet (private
subnet), and an existing load balancer to provision a non-JRF
domain in WLSDRCompartment
. By default, the
WebLogic Server subnet is private and not accessible from
external clients, but Oracle WebLogic Server for OCI can also
provision WebLogic Server in a public subnet.
This tutorial also uses Oracle WebLogic Server for OCI to
create a file system and mount target. The compute instances,
networks, and the other resources that are provisioned by Oracle
WebLogic Server for OCI for your Oracle WebLogic Server domain
are created in the WLSDRCompartment
.
This tutorial creates a compartment-level Oracle Cloud
Infrastructure policy that enables you to work with resources
and create resources in WLSDRcompartment
.
What Do You Need?
- An Oracle Cloud Infrastructure cloud tenant.
- An Oracle Cloud Infrastructure user name and password. You
must belong to at least one group.
You must be an Oracle Cloud Infrastructure administrator. If you are not an administrator, you must be able to create dynamic groups and policies, use secrets, and view tenancies in your tenancy.
- A dynamic group that lists the OCID of the compartment in
which users who are not administrators can create domains. The
Oracle Cloud Infrastructure administrator creates this dynamic
group.
See Create Root Policies and Create Dynamic Groups and Policies.
Create a Compartment
- Sign in to the Oracle Cloud Infrastructure Console.
- At the top of the Console, to switch the region, select a different region from the Region menu. The instance is created in the selected region.
- Click the navigation menu , select Identity & Security. Under Identity, click Compartments.
- On the Compartments page, click Create Compartment.
- For Name, enter
WLSDRCompartment
. - Enter the Description for the compartment.
- Select a compartment from the Parent Compartment
drop-down list.
You may also select the default root compartment of the tenancy as the Parent Compartment.
- Click Create Compartment.
Create an Oracle Cloud Infrastructure Policy
If you do not have Administrator privileges, do the following
to create an Oracle Cloud Infrastructure policy that enables you
to work with or create resources in the WLSDRCompartment
compartment:
- Sign in to the Oracle Cloud Infrastructure Console.
- Click the navigation menu , select Identity & Security.
Under Identity, click Policies.
Note: Ensure that you create the policy within WLSDRCompartment
compartment that you have created earlier for the non-JRF instance. - Click Create Policy.
- Enter the policy Name and Description.
- From Policy Options, select the Policy Use Cases
and Common Policy Templates.
The policy builder displays the policy statements for the selected use case and policy template.
- Select the Groups and Location.
Now, the policy statement is displayed for the selected groups and location. For example, if the groups is Adminstrators and the location is
WLSDRCompartment
, the policy statement is Allow Administrators to manage users in WLSDRCompartment.You can modify the policy statements using the Customize (Advanced) option. For a sample compartment policy, download the text file.
- Click Create.
Create an SSH Key Pair
On a UNIX or UNIX-like platform, do the following:
- Run the following
ssh-keygen
command:ssh-keygen -b 2048 -t rsa
- In the prompt, enter the path to the file in which you want to save the key. If you wish to accept the default path and file name, press Enter.
- In the prompt, enter a passphrase.
The passphrase is not mandatory. However, it is recommended that you specify a passphrase to protect your private key against unauthorized use.
- When prompted, enter the passphrase again to confirm
it.
The command generates an SSH key pair consisting of a public key and a private key. When you create a domain using Oracle WebLogic Server for OCI, you specify the public key. You then access the compute instances from an SSH client using the private key.
On a Windows platform, you can use the PuTTY Key Generator utility. See Creating a Key Pair in the Oracle Cloud Infrastructure documentation.
Create a Vault and Key
- Sign in to the Oracle Cloud Infrastructure Console.
- Click the navigation menu . select Identity & Security, and then click Vault.
- Click Create Vault.
Note: Ensure that you create the vault in the
WLSDRCompartment
compartment. - For Name, enter
WebLogicOCIVault
. - Select the Make it a virtual private vault check box if you want to create the vault as a dedicated partition on the HSM, sets pricing based on the maximum usage against key limits, and accommodates greater performance needs.
- Click Create Vault.
Wait for the vault to be created.
- Click the new vault.
- Click Master Encryption Keys, and then click Create Key.
- For Name, enter
WebLogicOCIKey
. - Click Create Key.
Wait for the key to be created and enabled before you create a secret.
Create a Secret for Your WebLogic Password
- In the vault, click Secrets, and then click Create Secret.
- For Name, enter
WebLogicAdminSecret
. - Select the key
WebLogicOCIKey
that you created. - For Secret Contents, enter the password
you want to use for the WebLogic Server administrator.
The password must start with a letter, is between 8 and 30 characters long, contain at least one number, and, optionally, any number of the special characters ($ # _).
- Click Create Secret.
Wait for the secret to be created.
- Click the secret name.
- Copy the OCID for the secret.
Validate the Existing Network Setup
- In Cloud Shell, create a validation script named
network_validation.sh
. See Validate Existing Network Setup. - Set execute permission to the
network_validation.sh
file.chmod +x network_validation.sh
- Run the following command:
./network_validation.sh -w <WLS Subnet OCID>
As you are configuring an existing
load balancer, run the following command for the load balancer
subnet to access port 443 and load balancer CIDR in WebLogic
Server subnet to access port 7003.
./network_validation.sh -w <WLS_Subnet_OCID> -u
<Load_Balancer_Subnet_OCID> -l
<external_WLS_LB_Port>
As you are configuring file system
storage, run the following command for the file system storage
subnet to access the ports 111 (both TCP and UDP), 2048-2050
(TCP), and 2048 (UDP).
./network_validation.sh -w <WLS_Subnet_OCID> -f
<File_System_Storage_Subnet_OCID>
An example message if the existing network setup does not comply with the requirements should look similar to:
ERROR: Port 22 is not open for access by WLS Subnet CIDR [10.0.0.0/24] in WLS Subnet [<WLS Subnet OCID>]
ERROR: Port 9071 is not open for access by WLS Subnet CIDR [10.0.0.0/24] in WLS Subnet [<WLS Subnet OCID>]
Launch a Stack
- Sign in to the Oracle Cloud Infrastructure Console.
- Click the navigation menu , select Marketplace, and then select All Applications.
- Locate and select the Oracle WebLogic Suite BYOL
application.
The following details of Oracle WebLogic Suite BYOL are displayed:
- Application Type -
Stack
. - The latest 12c version of the application.
- The type of billing it uses -
BYOL
(Bring Your Own License). - Select the
WLSDRCompartment
compartment. - Select the Oracle Standard Terms and Restrictions
check box, and then click Launch Stack.
The Create Stack page opens.
Create the Stack
- On the Stack Information page of the Create Stack wizard, the name of the stack is displayed (application name appended with the time stamp).
- Enter a description for the stack. However, this information
is optional.
The following additional details are also displayed:
- Create in Compartment - The name of the
(WLSDRCompartment)
compartment you selected earlier, upon launching the stack. - Terraform Version - 1.1.x
- Create in Compartment - The name of the
- Click Next.
The Configure Variables page opens.
- For Resource Name Prefix, type
MyWLS
.You can use a maximum of 16 characters to define the prefix. This prefix will be used by all the resources that are created when you create the stack.
- For SSH Public Key, upload the SSH public key file or paste the contents of the file. After creating the stack, you can connect to the WebLogic Server compute instances by using an SSH client and the corresponding private key.
- Keep the default selection for the OCI Policies, Provision Bastion Instance, and Provision Load Balancer check boxes.
- Select the Add File System check box.
- For Network Compartment, select
WLSDRCompartment
.All the network resources and the domain compute instances will be created in this stack compartment.
- For Existing Network, select the name of an existing VCN.
- For Subnet Compartment, select the compartment to use for this existing subnet.
- For Subnet Type and Subnet Span, keep the default selection.
- For WebLogic Server Admin User Name,
weblogic
is the default name.Use the default name.
- For WebLogic Server Admin Secret Compartment, select the compartment where you have the WebLogic Server administration secret, and then for Validated Secret for WebLogic Server Admin Password, select the secret that contains the administration password.
- For Compute Shape, select
VM.Standard2.1
. This shape will be used by all compute instances. - For Node Count, select
2
.This value indicates the number of Managed servers you want to create.
- For Existing Subnet for WebLogic Server, select the name of an existing regional subnet from the list of regional and availability domain-specific subnets. See Create a Virtual Cloud Network.
- For the Existing Subnet for Bastion Host, select the name of an existing regional subnet from the list of regional and availability domain-specific subnets.
- For Bastion Host Shape, select
VM.Standard2.1
. - For Create or Use Existing Load Balancer, select Use Existing Load Balancer to distribute application traffic to the WebLogic Managed servers.
- For Existing Load Balancer ID, enter the
OCID for the existing load balancer.
- For Existing Load Balancer Backend Set Name,
enter the name of the backend set for the existing load
balancer that has a routing policy associated with the backend
set.
The backend set should not have any have any backends. See Configure a Load Balancer.
- For File System Availability Domain, select the availability domain in which you want to create the file system and mount target.
- For Existing Subnet for Mount Target,
select the existing subnet to use for mount target.
Note: This subnet must be available in the selected VCN.
- Click Next to verify the details you've entered.
- On the Review page of the wizard, review the information
you've provided, and then click Create.
The Job Details page of the stack in Resource Manager opens. The job name has the
ormjobyyyymmddnnnnnn
format. - Monitor the progress of the job periodically until it is
finished.
If you encounter any errors, see the Troubleshoot topic.
You can now access and manage your new domain.
Test Weblogic Server
- From the Job Details page, click Application Information.
- For Bastion Instance, copy the Public IP Address for the compute instance, MyWLS-bastion-instance.
- From your computer, open an SSH tunnel to use dynamic port
forwarding to an unused port on the bastion compute instance.
Connect as the opc user and provide the path to the private
key that corresponds to the public key that you specified when
you created the stack.
The SSH command format is:
ssh -C -D port_for_socks_proxy -i path_to_private_key opc@bastion_public_ip
The following example uses port 1088 for SOCKS proxy:
ssh -C -D 1088 -i ~/.ssh/mykey.openssh opc@198.51.100.1
- In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
- Under Application Information, click the Web
Logic Server Administration Console URL.
https://wls_private_ip:7002/console
The WebLogic Server Administration Console is displayed.
- Enter the administrator credentials for the domain.
- From the Domain Structure panel on the left, click Deployments.
- Locate the
sample-app
application. - Return to the Oracle Cloud Infrastructure Console.
- Click the navigation menu , select Networking, and then click Load Balancers.
- Click MyWLS-lb.
- Identify the IP Address for this load balancer.
- Browse to the following URL:
https://lb_public_ip/sample-app
The sample application is displayed.
- Return to the load balancer in the Oracle Cloud Infrastructure Console.
- Click the Virtual Cloud Network link, MyWLS-MyWLStackNetwork.
- Identify the subnets that were created for your stack.