Deploy Java applications on Ampere A1 on Oracle Cloud Infrastructure

Learn how to build and deploy Java applications as containers on the Ampere A1 compute platform in Oracle Cloud Infrastructure(OCI). You will deploy a Todo application with a database, as containers running on the Ampere A1 compute platform. Additionally, you will use the new set of container tools such as Podman that are available in Oracle Linux 8.0.



In this tutorial, you will:


  1. An Oracle Free Tier (Trial), Paid or LiveLabs Cloud Account.
  2. Familiarity with OCI console
  3. Overview of Networking
  4. Familiarity with Compartments
  5. Basic conceptual knowledge of containers and Podman
  6. Keep SSH keys handy. If you don’t have keys, generate SSH keys.

Set up your Environment

You will begin by initiating the Oracle cloud environment that will be used to create and deploy your Java EE application. This environment will be contained within a cloud Compartment, and communication within the Compartment will be via a Virtual Cloud Network (VCN). The Compartment and VCN will isolate and secure the overall environment. You will deploy an Ampere A1 compute instance to host a Java EE application using the Tomcat 9.0 and MySQL server containers.

Basic Infrastructure Setup

  1. Open the navigation menu. Under Governance and Administration, go to Identity and click Compartments. From this screen, you will see a list of compartments, click Create Compartment.

  2. Enter the following:

    • Name: Enter “AppDev”.
    • Description: Enter a description (required), for example: “AppDev compartment for the getting started tutorial”. Avoid entering confidential information.
    • Parent Compartment: Select the compartment you want this compartment to reside in. Defaults to the root compartment (or tenancy).
    • Click Create Compartment.
    • Your compartment is displayed in the list.

Create Ampere A1 Compute Instance

  1. To create an Ampere A1 compute instance, use navigation menu in the top-left corner of the Console and go to Compute > Instances.

  2. Open the instance creation flow.

    1. Verify you are in the AppDev Compartment.
    2. Click Create Instance.
  3. In the create instance page you will create the new instance along with the new network resources such as Virtual Cloud Network (VCN), Internet Gateway (IG)and more.

    1. Name the instance JavaApp
    2. Update the Image selection to use Oracle Linux 8 or newer
    3. Click the Change Shape button to see the available compute shapes.

     Create Instance Description of illustration Create Instance

  4. Configure the image for your instance.

    1. Click the Change Image button to see available OS images.
    2. Choose Oracle Linux 8 or newer.

    Choose Oracle Linux 8 Description of illustration Choose Oracle Linux 8

  5. Configure the resources for your instance.

    1. Choose the Ampere Arm based processor in the choice for shape series.
    2. Choose the VM.Standard.A1.Flex shape from the list of shapes with Ampere Arm based processors. Ampere A1 shapes are flexible and you can modify the number of cores and the amount of memory. Choose 1 core and 6 GB of memory for the VM.

     Choose Shape Description of illustration Choose Shape

  6. Select your networking options. Create a new VCN and subnet for your next cloud deployment. Make sure that you select to assign a public IP address for your instance.

  7. Generate and download the SSH keypair. This step is optional, but highly recommended for later maintenance and upgrades. You can also bring your public key if you already have a keypair that you would like to use. If you want to know how to generate SSH keys, then follow instructions in the Generate SSH Keys tutorial.

    Network options Description of illustration Network options

  8. Click Create to create the networking resources and launch the compute instance. launch instance Description of illustration launch instance

Expose Application Ports to Users

For applications to be accessible from the internet, you need to open the ports that our application will use. In this section, you will configure security lists on your cloud network and firewall rules on your compute instance to enable your applications to send and receive traffic.

Configure your Virtual Cloud Network (VCN)

A security list acts as a virtual firewall for an instance, with ingress and egress rules that specify the types of traffic allowed in and out. Security lists as configured at the subnet level, which applies the security rules to all network elements in that subnet. Your network comes with a default security list, which has an initial set of rules. The default security list enables you to connect to your instance using SSH and for your instance to make outbound network calls to any destination.

  1. Navigate the the instance details page for the instance that you have created. Compute > Instances > Click on the instance you have created

  2. Navigate to the subnet your instance is attached to, by clicking on the subnet select subnet Description of illustration select subnet

  3. On the subnet page, click on the default security list to view details and configure it.

  4. Click on “Add Ingress Rule” to add a new rule to allow incoming traffic that match the rules.

  5. Add an ingress rule to allow incoming traffic on port 8080

    1. Set the Source CIDR to This allows incoming traffic from all sources.
    2. Set the Destination Port Range to 8080. This sets the destination to only port 8080. The rule now allows traffic from all sources to use port 8080. This is what we need, so that our application can be reached from anywhere.
    3. Provide a description.

    setup ingress rules Description of illustration setup ingress rules

Configure the Firewall on the Instance

Firewall rules control packet-level traffic in/out of an instance. You configure firewall rules directly on the instance itself, and provide an additional level of security.

  1. Navigate to the instance details page for the instance that you have created. Compute > Instances > Click on the instance you have created.
  2. Copy the public IP address of your instance.
  3. Login to the instance using SSH. Use the key either generated by you or provided during the instance creation step. The default username for instances using the Oracle Linux operating system is opc.
  4. Execute the firewall configuration commands. This modifies the firewall in the instance itself to expose port 8080 and accept incoming traffic.

    sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
    sudo firewall-cmd --reload

Run Java EE applications on Ampere A1 Compute Platform

To run this application, first prepare an Ampere A1 compute instance with a few required packages, such as container tools and git. Then, clone the repository and build the application by using the included Maven pom.xml. Lastly, start the MySQL and Tomcat docker containers by using the container tools.

Install the Container Tools

Oracle Linux 8 uses Podman to run and manage containers. Podman is a daemonless container engine for developing, managing, and running Open Container Initiative containers and container images on your Linux system. Podman provides a Docker-compatible command line application that can be used as a replacement for docker. Installing the podman-docker package provides the docker command that transparently invokes podman.

  1. Login to the instance using SSH. Use the key either generated by you or provided during the instance creation step. The default username for instances using the Oracle Linux operating system is opc.

  2. Install the container-tools module that pulls in all the tools required to work with containers.

    sudo dnf module install container-tools:ol8
    sudo dnf install podman-docker git

Clone the Source Code

To get started, use SSH to log in to the compute instance and clone the repository.

git clone
cd oci-arch-tomcat-mds/java

Build the Web Application

Java web applications are packaged as web application archives, or WAR files. WAR files are zip files with metadata that describes the application to a servlet container like Tomcat. This example uses Apache Maven to build the WAR file for the application. To build the application, run the following command. Be sure to run the command from the location where the source files were cloned to.

podman run -it --rm --name todo-build \
    -v "$(pwd)":/usr/src:z \
    -w /usr/src \
    maven:3 mvn clean install

This command creates a target directory and the WAR file inside it. Note that we aren’t installing Maven, but instead running the build tooling inside the container.

Run the Application on the Ampere A1 Compute Platform

The application uses the Tomcat servlet container and the MySQL database. Both Tomcat and the MySQL database support the ARM64v8 architecture that the Ampere A1 compute platform uses.

  1. Create a pod using Podman.

    podman pod create --name todo-app -p 8080:8080 --infra-image
  2. Start the database container in the pod.

    podman run --pod todo-app -d \
    -e MYSQL_DATABASE=demo \
    -e MYSQL_USER=todo-user \
    -e MYSQL_PASSWORD=todo-pass \
    --name todo-mysql \
    -v "${PWD}"/src/main/sql:/docker-entrypoint-initdb.d:z \

    For the MySQL database, the database initialization scripts are provided to the container, which creates the required database users and tables at startup. This is done by mounting the /src/main/sql directory from the host as /docker-entrypoint-initdb.d inside the container. The official MySQL image you are using here is configured to execute .sql files in this directory at startup. For more options, including how to export and back up data, see the documentation.

  3. Deploy the application that you built as a WAR file with a Tomcat server.

    podman run --pod todo-app -d\
    --name todo-tomcat \
    -v "${PWD}"/target/todo.war:/usr/local/tomcat/webapps/todo.war:z \
    podman logs -f todo-tomcat

    The database connection information and the application are provided to the Apache Tomcat container though the src/main/resources/ The JDBC URL uses localhost as the MySQL server host. This is because containers within the same pod can communicate with each other using localhost. The application WAR file is provided as a mount to the container.

    Tomcat deploys the application on startup, and the port mapping to the host makes the application available over the public IP address for the compute instance.

  4. Enter the public IP address of the compute instance in a browser with port 8080. You should be able to see the application. http://<ip_address>:8080/todo/


Podman containers can be inspected just like Docker containers (you can even alias podman as docker). Here are some common commands for inspecting the containers:

Ampere A1 compute platform


More Learning Resources

Explore other labs on or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.