About the Resources in a Stack
Learn about the compute, network, and other resources created by a stack in Oracle Cloud Infrastructure for a domain in Oracle WebLogic Server for OCI.
To obtain a list of all resources created for a specific domain, see View the Cloud Resources for a Stack.
Compute Instances
Depending on the number of nodes you specify for your Oracle WebLogic Server for OCI stack configuration, one or more compute instances are created for your domain.
Each WebLogic Server compute instance name has the following format:
servicename-wls-n
Where:
servicename
is the resource name prefix you provided during stack creationn
is0
,1
,2
, and so on
For example, a domain with two nodes would have the following compute instances if the resource prefix is thestack
:
thestack-wls-0
thestack-wls-1
The first compute instance (with the suffix -wls-0
) runs the WebLogic Administration server thestack_adminserver
and the first Managed Server thestack_server_1
. The second compute instance (with the suffix -wls-1
) runs the second Managed Server thestack_server_2
, and so on.
If you specified a private subnet for your domain, a bastion instance is created, which is identified by:
servicename-bastion-instance
If you created a JRF-enabled domain, and WebLogic Server and the database are on different VCNs, then Domain Name Service (DNS) compute instances are created:
servicename-wlsdns-0
- DNS Forwarder in the WebLogic Server VCNservicename-dbsystem-dns
- DNS Forwarder in the database VCN
Network Resources
Several network resources for route tables, security lists, and gateways are created for your Oracle WebLogic Server for OCI domain.
Additional network resources are created if you specify a new virtual cloud network (VCN) or new subnets for an existing VCN during domain stack creation.
Your domain configuration determines the type and number of network resources created. The names of all network resources begin with the resource name prefix you provided during stack creation. The following table provides a summary of the resources that can be created.
Resource Name | Type |
---|---|
servicename-vcnname |
WebLogic VCN |
servicename-wls-subnet |
WebLogic regional subnet |
servicename-wls-subnet-adname |
WebLogic availability domain-specific subnet |
servicename-bastion-subnet |
public subnet for the bastion compute instance |
servicename-lb-subnet-1 |
load balancer regional subnet |
servicename-lb-subnet-1-adname1 |
availability domain-specific subnet 1 for load balancer node 1 |
servicename-lb-subnet-1-adname2 |
availability domain-specific subnet 2 for load balancer node 2 |
servicename-wls-dns-subnet-adname |
public subnet for the DNS Forwarder in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-subnet-adname |
public subnet for the DNS Forwarder in the database VCN, for local VCN peering |
Default route table for servicename-vcnname |
default route table for the WebLogic VCN |
servicename-public-routetable |
route table for a subnet |
servicename-dbsystem-routetable |
database route table, for local VCN peering |
servicename-internet-gateway |
internet gateway for the WebLogic VCN |
servicename-service-gateway |
service gateway for the WebLogic VCN |
servicename-wls-lpg |
local peering gateway in the WebLogic VCN |
servicename-dbsystem-lpg |
local peering gateway in the database VCN |
Default security list for servicename-vcnname |
default security list for the VCN |
servicename-internal-security-list |
security list for the WebLogic subnet |
servicename-bastion-security-list |
security list for the bastion subnet |
servicename-wls-bastion-security-list |
security list for the bastion and WebLogic subnets |
servicename-wls-ms-security-list |
security list for the WebLogic Managed Servers |
servicename-lb-security-list |
security list for the load balancer regional subnet |
servicename-wls-lb-security-list-1 |
security list for the load balancer node 1 and WebLogic subnets |
servicename-wls-lb-security-list-2 |
security list for the load balancer node 2 and WebLogic subnets |
servicename-wls_dns_security_list |
security list for the DNS subnet in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-security-list |
security list for the DNS subnet in the database VCN, for local VCN peering |
Default DHCP Options for servicename-vcnname |
default set of Dynamic Host Configuration Protocol (DHCP) options for a new VCN |
servicename-dhcpOptions |
copy of the default DHCP options in the WebLogic VCN |
servicename-wls-dns-dhcp-option |
custom DNS routing in the WebLogic VCN, for local VCN peering |
servicename-dbsystem-dns-dhcp-option |
custom DNS routing in the database VCN, for local VCN peering |
Load Balancer
If you chose to create a load balancer for your domain, it is accessible from a single IP address and it distributes traffic across the managed servers in the domain.
The name of the load balancer resource has the following format:
servicename-lb
Where servicename
is the resource name prefix you provided during stack creation.
The backend resource (which configures the load balancing policy) is identified by the name:
servicename-lb-backendset
The default listener is named https
and it handles traffic on port 443. Attached to the listener are the following:
-
The rule set created with the name
SSLHeaders
. The rule set has the header rulesWL-Proxy-SSL
(value istrue
) andis_ssl
(value isssl
). -
The certificate
demo_cert
.Oracle recommends you add your own SSL certificate.
See Managing SSL Certificates in the Oracle Cloud Infrastructure documentation and Add a Certificate to the Load Balancer.
Identity Resources for Dynamic Group and Root Policy
Oracle WebLogic Server for OCI creates a dynamic group and a single policy for your domain if the OCI Policies check box remains selected during stack creation.
The dynamic group and root-level (tenancy) policy allow compute instances in the domain to access:
- Launch compute instances and manage block storage volumes.
- Keys and secrets in Oracle Cloud Infrastructure Vault
- Load balancer resources
- The database wallet if you're using an Oracle Autonomous Database to contain the required infrastructure schemas for a JRF-enabled domain
- The database if you're using Oracle Cloud Infrastructure Database (DB System) to contain the required infrastructure schemas for a JRF-enabled domain
The name of the dynamic group and the root-level policy is:
servicename-wlsc-principal-group
(dynamic group)servicename-oci-policy
Where servicename
is the resource name prefix you
provided during stack creation.
For a single compartment, the matching rule created in the dynamic group is:
instance.compartment.id='ocid1.compartment.oc1..alongstring'
The rule states that all instances created in the compartment (identified by the compartment OCID) are members of the dynamic group.
service
policy has the following statements:
-
Allow dynamic-group servicename-wlsc-principal-group to read secret-bundles in tenancy
wheretarget.secret.id=<OCID of the secret>
.The OCID of the secret can be the Administrator password, the Database password, Autonomous Database (ATP) password, the Application Database password, and the IDCS client secret password.
-
Allow dynamic-group servicename-wlsc-instance-principal-group to manage virtual-network-family in compartment
wheretarget.vcn.id=<OCID of the existing_VCN_ID>
.The following policies grants the OS Management service:
-
Allow dynamic-group servicename-wlsc-instance-principal-group to read instance-family in tenancy
-
Allow dynamic-group servicename-wlsc-instance-principal-group to use osms-managed-instances in compartment
The following policy is created if you provision a load balancer:
-
Allow dynamic-group servicename-wlsc-instance-principal-group to use load balancers in compartment
The following policy is created if you provision a JRF stack using an autonomous database:
-
Allow dynamic-group servicename-wlsc-principal-group to use autonomous-transaction-processing-family in tenancy
Identity Resources for Oracle Identity Cloud Service
If you configure your domain to use Oracle Identity Cloud Service for authentication, Oracle WebLogic Server for OCI provisions additional resources in Oracle Identity Cloud Service to support the domain.
These resources are not components of the stack, and so they are not visible in Resource Manager. In addition, they are not deleted automatically when you destroy the stack.
The names of the Oracle Identity Cloud Service resources have the following formats:
servicename_confidential_idcs_app_timestamp
- Confidential Applicationservicename_enterprise_idcs_app_timestamp
- Enterprise Applicationservicename_app_gateway_timestamp
- App Gateway
Where:
servicename
is the resource name prefix you provided during stack creation.timestamp
is the date and time on which the stack was created. For example,2019-09-24T21:46:21.288662