Create a Basic Domain in a Private Subnet
When you use Oracle WebLogic Server for OCI to create a stack and assign the Oracle WebLogic Server compute instances to a private subnet, the instances are not accessible from the public Internet.
To access the virtual machines (VMs) created in the private subnet, a bastion host is required. You must create a bastion host with a FastConnect or a VPN connection before you create a domain or you must choose to have a bastion host created for you.
To create a domain that uses a database for JRF components, see Create a JRF-Enabled Domain.
- Create a compartment. See Create a Compartment.
- Create an SSH key. See Create an SSH Key.
- Create an encryption key to use for secrets. See Create an Encryption Key.
- Create secrets for the passwords you want to use for the domain. You will need to select the compartment where you have the secret and the secret that contains the password. See Create Secrets for PasswordsSee Create Secrets for Passwords.
- Create a confidential application in Oracle Identity Cloud Service if you want to use Oracle Identity Cloud Service for authentication in the domain. You will need the client ID and client secret for this confidential application. See Create a Confidential Application. You will also need to create a secret for the client secret and copy the OCID. See Create Secrets for Passwords.
- Create a FastConnect or a VPN connection if you want to use your own bastion host to administer your Compute instances. See VPN Connect or FastConnect in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for OCI can create the virtual cloud network (VCN) and subnets for your new domain. If you want to use an existing VCN or existing subnets for the domain, then they must meet certain requirements. See:
- Create a Virtual Cloud Network
- Create a Private Subnet for the Oracle WebLogic Server Nodes
- Create a Subnet for the Bastion Node
- Create a Subnet for the Load Balancer (if you want to create a load balancer)
Topics:
- Launch a Stack
- Specify Stack Information
- Configure WebLogic Instance Parameters
- Configure Advanced Parameters for a Domain
- Configure Network Parameters
- Configure a Bastion
- Configure a Load Balancer
- Configure File Storage
- Create OCI Policies
- Configure WebLogic Authentication
- Configure Database Parameters
- Configure a Data Source for an Application Database
- Set Local VCN Peering for an Application Database
- Configure Observability
- Configure Autoscaling
- Configure Tags
- Create the Domain Stack
- Use Your New Domain
Configure WebLogic Instance Parameters
Specify the parameters needed to configure the WebLogic instance domain.
Configure Advanced Parameters for a Domain
You can optionally specify additional parameters by selecting WLS Instance Advanced Configuration on the Configure Variables page of the Create Stack wizard.
- Cluster-related parameters are not applicable if you selected WebLogic Server Standard Edition.
- The port numbers 9071-9074 are reserved for internal domain communication.
- Optional: Specify the WebLogic Server Startup
Arguments to scale out managed servers. When the servers are
scaled out, any changes to the server startup arguments applies to the added
nodes only. For example,
-Xms1024m -Xmx1024m
.
Configure Network Parameters
Define the Virtual Cloud Network (VCN) and subnet configuration for a private domain.
Configure a Bastion
You can configure a bastion compute instance on a public subnet to provide access to the WebLogic Server compute instances on a private subnet. However, creating the bastion node on public subnet is optional.
Note:
- By default, Provision Bastion Node on Public Subnet is
selected when an existing private subnet is selected. If you do not
select this option, no status is returned for provisioning, then you
must check the status of provisioning by connecting to each compute
instance and confirm that the
/u01/provStartMarker
file exists with details found in the file/u01/logs/provisioning.log
file. - It is recommended to deselect the Provision Bastion Node on Public Subnet option only in network with fast connect setup.
- The Provision Bastion Node on Public Subnet option is not available when you are creating a new subnet for a new VCN or existing VCN.
To configure a bastion:
- If your want to use a bastion compute instance with a reserved public IP, then select Assign Reserved Public IP to Bastion Instance.
- For the bastion host subnet, specify one of the following:
- If you want to use an existing regional subnet, then choose the name of an existing regional subnet from the list of regional and availability domain-specific subnets.
- If you are creating a new regional subnet, specify a CIDR for the new subnet.
- Select a shape for the bastion compute instance.
Note:
You must provision a bastion to use VCN peering, as there are SSH requirements which require a bastion.Configure a Load Balancer
You have the option to create a load balancer to distribute application traffic to the WebLogic Managed Servers. You can also use an existing load balancer for an existing VCN and an existing subnet, to distribute application traffic to the WebLogic Managed Servers.
Note:
If you enable autoscaling for WebLogic instances, you must configure a load balancer in Oracle Cloud Infrastructure when you create a stack, else the stack provisioning fails with a validation error.To create a load balancer:
Configure File Storage
When you create an Oracle WebLogic Server for OCI domain, you can add a file storage.
If you are not an administrator, the necessary groups and policies must be in place before you can create a domain.
To create a file storage:
Create OCI Policies
When you create a basic domain in a private subnet, by default the OCI Policies check box is selected and Oracle WebLogic Server for OCI creates a dynamic group and relevant root-level (tenancy) policies for you.
If you are not an administrator, the necessary groups and policies must be in place before you can create a domain.
Before you deselect the check box, ask your administrator to create the required dynamic group and relevant policies, as described in Create a Dynamic Group and Create Policies for the Dynamic Group.
Configure WebLogic Authentication
You have the option to use Oracle Identity Cloud Service to authenticate application users for your domain.
This configuration is only available if the domain meets these requirements:
- Running WebLogic Server 12c
- Includes a load balancer
To use Oracle Identity Cloud Service for authentication:
Configure Database Parameters
A basic WebLogic Server 12c domain does not require a database.
A database is required only if you want to create a domain that includes the Java Required Files (JRF) components. Do not select the Provision with JRF checkbox if you're not creating a JRF-enabled domain.
To create a domain that uses a database for JRF components, see Create a JRF-Enabled Domain.
Configure a Data Source for an Application Database
When you create an Oracle WebLogic Server for OCI domain, you can configure the application database to create a data source configuration that enables you to connect to Oracle Autonomous Database or Oracle Cloud Infrastructure Database (DB System).
The database that you connect to is used to contain the schemas for the application database.
You can configure the application database only for Oracle WebLogic Server Enterprise Edition and Oracle WebLogic Suite.
Note:
You cannot configure the data source for an application database using database connect string.Note:
This is not applicable if you use an existing VCN and existing subnet, as the WebLogic server and database must be in the same VCN.- If using Oracle Autonomous Database,
select or enter the following:
- The compartment in which you've created the application database.
- The autonomous database where you want to create the schemas for the application database.
- The name of an autonomous database user to configure the application database.
- Select the compartment where you have the application autonomous database secret and then select the secret that contains the application autonomous database user password in the autonomous database. To create secrets, see Create Secrets for Passwords.
- The service level that the domain should use to connect to the application database for the selected autonomous database.
- If using Database System, select or enter the
following:
- The compartment in which you've created the application database.
- The DB system to use for this application database.
- The compartment in which the application database's VCN is found.
- The VCN on which you've created the application database.
If this VCN is different than the WebLogic Server VCN, they cannot have
overlapping CIDRs. For example, you cannot create a domain on VCN
10.0.0.0/16
that uses a database on VCN10.0.0.1/24
. - The database home within the selected application database system.
- The version of the selected database home.
- The database within the selected DB system where you want to create the schemas for the application database.
- The Pluggable database (PDB) name, only if the selected application database is running Oracle Database 12c or later.
- The name of a database user to configure the application database.
- Select the compartment where you have the database secret and then select the secret that contains the application database user password. To create secrets, see Create Secrets for Passwords.
- The application database listen port (1521 by default)
- If using Database System, then Oracle WebLogic Server for OCI creates a security list in the VCN on which you've created the application database. This security list allows the WebLogic Server subnet to access the application database port. If this step isn't required or you don't have the correct permissions to modify the database network, clear the Create Application Database Security List check box.
Set Local VCN Peering for an Application Database
If you selected the option to create a new VCN or selected the option to use an existing VCN with a new subnet for the WebLogic Server compute instances and the Oracle Cloud Infrastructure Application Database, you can either disable the local VCN peering or configure the local VCN peering for the Application Database.
Ensure that the VCNs for WebLogic Server compute instances and the Oracle Cloud Infrastructure Application Database are peered before creating the stack for the Oracle WebLogic Server for OCI domain. See Local VCN Peering to peer the VCNs manually. In this case, the stack is provisioned based on the database private IP address.
Note:
This is not applicable if you use an existing VCN and existing subnet, as the WebLogic server and database must be in the same VCN.If you choose to create a virtual cloud network for an Oracle WebLogic Server domain, use Oracle WebLogic Server for OCI to create a Local Peering Gateway, else create a network with VCN peering and then use this existing network to provision the domain.
Note:
You must provision a bastion to use VCN peering, as there are SSH requirements which require a bastion.If the VCNs for WebLogic Server compute instances and the Oracle Cloud Infrastructure Application Database system have not been peered, you can use Oracle WebLogic Server for OCI to update the two VCNs so that they can communicate.
Oracle WebLogic Server for OCI creates a public subnet in each VCN, and then creates a compute instance in each subnet. These compute instances run software to forward DNS requests across the VCNs.
You cannot use existing subnets for the DNS Forwarder compute instances.
- Specify a CIDR for the new subnet in the WebLogic Server VCN.
- Specify a CIDR for the new subnet in the application database VCN.
- Select a shape for the new DNS Forwarder compute instance in each VCN.
Configure Observability
Oracle WebLogic Server for OCI can optionally export logs to OCI Logging Service, and provide visibility into the performance of applications using the Oracle Cloud Infrastructure Application Performance Monitoring (APM) service.
Select Configure Observability to enable logging and monitoring service integration for your WebLogic instances.
- Select Enable exporting logs to OCI Logging Service to enable logging for the WebLogic instances.
- Select Enable Application Performance
Monitoring to export WebLogic metrics using Application Performance Monitoring (APM) Java Agent and create
dashboards with WebLogic specific metrics. This is required for metric-based
autoscaling of instances.
Specify the OCID of the Application Performance Monitoring domain and the private data key for your existing Application Performance Monitoring domain.
When you enable Application Performance Monitoring, you can use autoscaling to scale out or scale in instances. See Configure Autoscaling.
Note:
If you enable autoscaling, you cannot use the always free Application Performance Monitoring domain.Configure Autoscaling
When you create an Oracle WebLogic Server for OCI domain, you can enable autoscaling for WebLogic instances.
Note:
You cannot enable autoscaling after you have created the Oracle WebLogic Server for OCI domain.For autoscaling, ensure that you configure either public load balancer, private load balancer, or load balancer with reserved IP.
To enable autoscaling:
Configure Tags
Oracle WebLogic Server for OCI can optionally assign tags to the resources (compute, network, and so on) that it creates for your domain.
Tagging allows you to define keys and values and associate them with resources. You can then use the tags to help you organize and find resources based on your business needs. There are separate fields to tag the stack and to tag the resources created within the stack.
Create the Domain Stack
After you have specified the WebLogic instance variables, finish creating the domain stack.
On the Review page of the Create Stack wizard, review the information you have provided, and then click Create.
ormjobyyyymmddnnnnnn
.
(for example, ormjob20190919165004
). Periodically monitor the progress
of the job until it is finished. If an email address is associated with your user
profile, you will receive an email notification. In the Application
Information tab, you can directly access the OCI resources using the
WebLogic instance IP and the bastion instance IP.
Note:
If there is an error during the creation of the stack, the compute, network, and other resources in the stack are not automatically deleted. If you want to delete the failed stack, see Delete a Stack.Use Your New Domain
Access and manage your new domain after creating a stack with Oracle WebLogic Server for OCI.
- View and manage the cloud resources that were created to support your domain. See View the Cloud Resources for a Stack.
- Use the WebLogic Server administration console to configure your domain. Create data sources, JMS modules, Coherence clusters, and so on, or deploy applications. See Access the WebLogic Console in a Private Subnet.
- Access the sample application that's deployed to your domain. See Access the Sample Application in a Private Subnet.
- Secure access to your applications using Oracle Identity Cloud Service. See Secure a Domain Using Identity Cloud Service.
- Add your own SSL certificate to the load balancer. See Add a Certificate to the Load Balancer.
- Troubleshoot a problem with your new stack. See Stack Creation Failed.
- If you already have an existing bastion to provide public access to the domain, or if you already have a VPN connection to your on-premise network, then you can delete the new bastion compute instance that was created for your domain.