03-Compute Services DeepDive

Oracle Compute Cloud Service
Deep Dive
Oracle PTS Workshop
Oracle PTS Platform Technology Solutions
Copyright 2015 Oracle and/or its affiliates. All rights reserved.

Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracles products remains at the sole discretion of Oracle.
Copyright 2014 Oracle and/or its affiliates. All rights reserved. 2

Managing Instances
Topics
About Oracle Compute Cloud Service Instance
Machine Image and Shapes
Shapes and OCPUs
Available Shapes
Instance Life Cycle
Creating an Instance Using the Web Console
Creating Instances Using Orchestrations
Monitoring, Updating and Deleting Instances
Oracle-Provided Oracle Linux Instance Management

Managing Instances
Copyright 2014 Oracle and/or its affiliates. All rights reserved. | 4

Oracle Compute Cloud Service Instance
Instance is a VM running a OS on CPU and memory resources
Defined by image (VM hard disk with OS) and shape (available CPU and RAM)
Identified by Name and Label
Can have up to 20 TB block storage
Can communicate only with instances of the same security list. Exceptions can
be defined through security rules.

Machine Image and Shapes
Machine Image
Template of a virtual hard disk of a specific size with an installed operating system
Shape
Resource profile that specifies the number of CPUs and the amount of memory to
be allocated to an instance

Shapes and OCPUs
Shapes are defined in terms of number of OCPUs
OCPU is equivalent to one Intel XEON physical core processor capacity
OCPU corresponds to two hardware execution threads, known as vCPU

Available Shapes
Processor
Instance Family Shape Name Cores Threads Memory(GB)
Arch
General Purpose OC3 64 bit 1 2 7.5
General Purpose OC4 64 bit 2 4 15
High Memory OC1M 64 bit 1 2 15
Tip Example: The API for /shape returns that OC3 and OC1M shapes have 2 CPUs.
The UI (and quota) is based on OCPUs. The conversion is 2 CPUs = 1 OCPU

Instance Life Cycle
Preparing
Compute Service allocates resource and prepare to create instance
Initializing
Image is being installed
Running
Instance is started. Connection allows attach/detach storages volumes and security
lists
Error
Instance error, like required resource unavailability

Creating your first Instance
1. Generate SSH key pairs
2. Sign in to Oracle Compute Cloud Service
3. Add the SSH public keys
4. Create an instance using the web console
Than you can do the following:

Create and attach storage volumes
Add your instance to a security list
Access your instance securely by using SSH

Updating an Instance
Operations that you can perform on You must have Compute_Operations

Instance Details page: role granted
Attach a Storage Volume to an Instance Attach Storage requires subsequent

Volume mount. Deatach requires
Detach a Storage Volume from an previous volume unmount.
Instance
When you add an instance to a security

Add an Instance to a Security List list, all the security rules used on that
Remove an Instance from a Security List security list are applicable to the
instance.

Deleting an Instance
To delete instances created using Orchestrations you must stop the corresponding
orchestration.
Instances created by defining a launch plan using the API, can be deleted directly from
the Instances page of the web console or Delete Instance API
Attached Storages will be deatached, but wont be deleted. Before delete, unmount all
attached storage volumes.
Caution: If a non-persistent boot disk is being used, any changes made to the boot disk
after the instance was created are lost
You must have the Compute_Operations role.

Oracle-Provided Oracle Linux Instance Management
SSH connections are allowed if you have associated a public IP address with
your instance;
If you create your instance using Oracle-provided Oracle Linux image, use
opc user. You cant log in as root .
Use sudo /sbin/shutdown -r now to restart Oracle Linux instances. Dont use
the -h option of the shutdown command or halt command.

Managing Orchestrations

Managing Orchestrations
Topics
What is an Orchestration
Orchestration Terminology
Object Types in an Orchestration
Relationships Between Object Plans
Nested Orchestrations Relationships
High-Availability Policies in an Orchestration
Creating Orchestrations Workflow
Orchestration Template
Attributes in Orchestrations
Orchestration Life Cycle
Building your first Orchestration
Orchestrations Management

Creating Instances Using Orchestrations
Orchestration defines the attributes and interdependencies of a collection of
compute, networking, and storage resources.
Composed additionally by storage attachments, security lists, etc;
All instances are started automatically upon Orchestration starting;
Defined offline in a JSON-formatted file.
When HA policy is active, if an instance goes down, the instance is restarted automatically
Automates the provisioning and lifecycle operations of an entire virtual compute topology.

Orchestration Best Practice
Note that networking and storage objects neednt be defined in the same
orchestrations that you use to create instances.
You can define the networking and storage objects in separate orchestrations, and then
refer to them in the orchestrations that define the instances.
With this approach, you can remove and re-create instances independent of the
associated resources.
You can also create a launch plan for individual instances and refer to the launch
plans within orchestrations

Orchestration Terminology
Term Description
object plan (oplan) Primary building block of an orchestration
An orchestration can contain up to 10 object plans.

An object plan can include up to 10 objects.
object type (obj_type) Resource created on Oracle Compute Service.
Like storage/volume or launchplan, which is instance.
object (objects) Defines properties or characteristics of an Oracle Compute

Cloud Service resource.
The fields in the objects section vary depending on the

specified obj_type.
E.g. storage/volume object includes size and bootable.

Object Types in an Orchestration
Object Type Description
ip/reservation Reserves an IP address.
launchplan Creates an instance.
orchestration Starts a set of orchestrations. Up to 10 object plans. Up to 3 levels of nested orchestrations.
storage/volume Creates a storage volume . Use relationship to attach a storage to an launchplan object
secapplication Creates a security application.
seciplist Creates a security IP list
seclist Creates a security list .
secrule Creates a security rule. Can be associated with security applications, security lists or security
IP lists through relationships.

Relationships Between Object Plans
Use relationships attribute on orchestrations to specify the sequence in
which the objects must be created.
Specifies two object plan labels and a relationship type, which is depends.
"relationships": [ { "oplan": "boot-from-storagevolume1",
"to_oplan": "storagevolume1",
"type": "depends } ]
Means launch plan boot-from-storagevolume1 depends on storagevolume1, ensuring

volume creation before instatiation.

Multiple Relationships
For more complex scenarios, you can define multiple relationships. Specifies two
object plan labels and a relationship type, which is depends.
"relationships": [ { "oplan": "secrule1",
"to_oplan": "seclist1",
"type": "depends"},
{"oplan": "secrule1",
"to_oplan": "secapplication1",
"type": "depends" } ]
Ensures that both the security application (secapplication1) and the security list
(seclist1) are created before the security rule (secrule1).

Relationships Between Objects within a Launch Plan Object
Relationships can be defined within launchplan objects (that is, instances).
"relationships": [ { "instances": [ "instanceA, "instanceB" ],
"type": "different_node" } ]
Means that both Instances (instanceA, instanceB) will be created on separate nodes.
The Type attribute can assume one of the following values:

same_node: same physical server, ensures low latency across instances
different_node: different physical servers, isolates instances for security or
redundancy

Nested Orchestrations
orchestration can be defined as an object type within an orchestration.
Use such orchestration to start and stop multiple other orchestrations.

{"name": "/Compute-acme/mary/master_orch",
"oplans": [ { "label" : "master-orchestration",
"obj_type" : "orchestration",
"objects": [ {"name": "/Compute-acme/mary/instances_orch" },
{"name": "/Compute-acme/mary/networking_orch" },
{"name": "/Compute-acme/mary/storage_orch" } ] } ]
When you start the master orchestration (master-orchestration), all of the nested
orchestrations (instances_orch, networking_orch, storage_orch) are started.
Cautions: up to 3 nested orchestration levels, nested orchestrations are not added automatically

Nested Orchestrations Relationships
Relationships between different orchestration object plans ensures
appropriate sequence on objects creation.
{"name": "/Compute-acme/mary/master_orch",
"oplans": [ { "label": "instances-orchestration", "obj_type": "orchestration",
"objects": [ { "name": "/Compute-acme/mary/instances_orch" } ] },
{ "label": "network-orchestration", "obj_type": "orchestration",
"objects": [ { "name": "/Compute-acme/mary/networking_orch" } ] },
{ "label": "storage-orchestration","obj_type": "orchestration",
"objects": [ { "name": "/Compute-acme/mary/storage_orch" } ] } ],
"relationships": [ { "oplan": "instances-orchestration", "to_oplan": "network-orchestration",
"type": "depends" },
{"oplan": "instances-orchestration", "to_oplan": "storage-orchestration",
"type": "depends" } ] }
Network and storage resources are created before the instances orchestration
High-Availability Policies in an Orchestration
ha_policy attribute specifies the behavior when object stops unexpectedly:
active: instance is recreated automatically if stops unexpectedly. If instance is in an

error state, it isnt recreated automatically. Valid only for instances (launchplan);
monitor: no automatic object recreation. If object stops unexpectedly, orchestration
goes to error state. Valid for launchplan, storage/volume, and orchestration.
none: default.

Creating Orchestrations Workflow
To use an orchestration to create and manage compute, networking, or
storage resources:
1.Build orchestration JSON file;
2.Upload the orchestration to Oracle Compute Cloud Service;
3.To create the objects defined in the orchestration, start the orchestration;
4.To delete the objects defined in the orchestration, stop the orchestration.

Orchestration Template
Orchestration structure:
{ "name": "/Compute-identity_domain/user/name", "description": "someDescriptionHere",
"relationships" [ ] (refer Relationships Between Object Plans),
"oplans": [ {"label": "someText", "obj_type": "objectType", (refer Object Types)
"ha_policy" : "policy", (refer High-Availability Policies)
"objects": [ { } ] },
{"label": "someText", "obj_type": "objectType", (refer Object Types)
"objects": [ { attributes (refer Object Type Attributes) } ] },
...
up to 10 oplans
...
]
}

Attributes in Orchestrations
Attributes in orchestrations are specified at several levels:
Top Level attributes

Defines orchestrations characteristics, such name, description and relationships
Object plan attributes

Defines orchestration object characteristics, like object type and HA policy
Specific attributes for each object type

Defines characteristics specific to each object type
Note: Using Oracle Compute Cloud Service Guide, topic Attributes in Orchestrations has detailed list of all
objects and attributes

Orchestration Life Cycle
When an orchestration is started, objects are created and orchestration moves to ready
state. When stopped, objects are deleted and orchestration moves to stopped state

Before You Begin
Sample Orchestration for Creating a Single Instance
Steps for Building Your First Orchestration

Before You Begin
Observe Best Practices (we will see later)
Create the security, storage, and networking resources
Compute_Operations role is required;
Upload SSH key;
Create bootable storage volumes if needed;
Create storage volumes for data and applications. Storage attachments should be
defined later on orchestration;
Create the required IP reservation if fixed IP is needed;
Create the required security lists.

Sample Orchestration for Creating a Single Instance
{"description": "Simple oplan with an ssh key and a security list",
"name": "/Compute-acme/admin/simple_orchestration",
"oplans": [ {"label": "simple_oplan",
"obj_type": "launchplan",
"objects": [ {
"instances": [{
"imagelist": "/oracle/public/ol_6.6_20GB",
"label": "OL_6.6_20GB",
"networking": {"eth0":
{"seclists": [ "/Compute-acme/admin/my_instances" ],
"nat": "ipreservation:/Compute-acme/admin/ip1" } },
"shape": "oc3",
"storage_attachments": [ {"index": 1,
"volume": "/Compute-acme/admin/OL66_boot",
"boot_order": [1] },
{"index": 2,
"volume": "/Compute-acme/admin/data1" } ],
"sshkeys": ["/Compute-acme/admin/ssh-key1" ] } ] } ] } ] }

Steps for Building Your First Orchestration
1.Copy the sample orchestration to a plain text file;
2.Replace the name of the orchestration with an appropriate three-part name;
3.Change the value of the imagelist attribute to any image that you want to use;
4.Under instances, change the value of the label attribute;
5.Replace the seclist /Compute-acme/admin/my_instances with a secure list that you
already have created;
6.Replace the IP reservation /Compute-acme/admin/ip1 with your IP reservation ;
7.Replace the oc3 shape;
8.Replace the storage volume /Compute-acme/admin/OL66_boot with your bootable storage;
9.Replace the storage volume /Compute-acme/admin/data1;
10.Replace the SSH key /Compute-acme/admin/ssh-key1.

Uploading an Orchestration
Orchestration file must have been created and should be a valid JSON file. Third party
tools like JSONLint can be used;

Starting an Orchestration
Orchestration file must have been uploaded
Objects used by the orchestration must be already created
Orchestration status keeps starting until all objects have been created , when it
changes to ready

Monitoring Orchestrations
The Orchestrations tile shows information about your orchestrations including the
orchestration name, description, and status.
By default this page lists all your orchestrations, regardless of their status;
Show button can be used to filter your orchestrations according to their status, like
Ready for running orchestrations.
You must have the Compute_Monitor or Compute_Operations role.

Stopping an Orchestration
Only the resources created by the orchestration are deleted.
For example, if you use an orchestration to create storage volumes and attach them
to your instances, then such storage volumes are deleted and you lose the data
However, if an orchestration specifies only attachments to storage volumes that are
created outside, the storage volumes arent deleted.

Deleting an Orchestration
Stopping an orchestration doesnt cause the orchestration itself to be deleted, just
the object defined in it;
After stop, the orchestration continues to be listed on the Orchestrations tile, where
its status is shown as Stopped;
When deleted, orchestration is no longer listed on the Orchestrations tile.

Downloading an Orchestration
The downloaded file might not be the same as the uploaded orchestration file
Downloaded file includes the start time and status of the orchestration, the status of
each object defined in the orchestration, and so on.
The sequence of attributes in the downloaded file might also be different.

Updating an Orchestration
There is no update operation available to orchestrations.
To update an orchestration, download the orchestration file, edit it, delete the
former orchestration and upload the modified orchestration file.

Managing Machine Images

Managing Machine Images
Topics
About Machine Images
Oracle Provided Machine Images
Creating Instances using Custom Machine Image
Guidelines for build your Own Machine Images
Adding Machine Images to Oracle Compute Cloud Service
Deleting Machine Images

Machine Images
Machine Image
Template of a virtual hard disk of a specific size with an installed operating system
used to create virtual Compute Cloud machine instances.
You can use either your own machine images or images provided by Oracle

Oracle Provided Machine Images 1/3
Includes essential packages necessary to get started using the instance

Development tools: Expect, Java OpenJDK, GCC suite, GNU utilities, Perl, Ruby,
Python;
Access: Basic X11 desktop , Remote X11 with VNC, Xterm client
Security and auditing: OpenSCAP and AIDE
Integration with name services: OpenLDAP, Kerberos, and NIS
System administration tools
Web Browsers: Firefox and Elinks
Editors: EMACs and vim

User
Seeded opc with sudo privileges and remote access over SSH v2 using RSA keys*
root login is disabled
Remote Access
SSH2 Only
Disk layout
/boot: 500 MB
swap: 4 GB
/ (root): Remainder
* SSH public keys are added to the /home/opc/.ssh/authorized_keys file

Oracle Linux Repositories Enabled for Yum Configuration
public_ol6_latest
public_ol6_UEK_latest
public_ol6_UEKR3_latest
25 Supported Languages
Arabic, Brazilian Portuguese, Chinese - Simplified/Traditional, Czech, Danish, Dutch,
Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean,
Norwegian, Polish, Romanian, Russian, Slovak, Spanish, Swedish, Thai, Turkish

Creating Instances using Custom Machine Image
1. Build your machine image;
2. Upload the tar.gz machine image file to Oracle Storage Cloud Service;
3. Create a correspondent machine image in Oracle Compute Cloud Service;
4. Optionally, create a bootable storage volume using the machine image;
5. Create instances.

Building Your Own Machine Images
Guidelines
Supported operating systems
You can build your own machine images using Oracle Linux. Oracle Linux includes
PVHVM drivers required to work on OCCS
Image disk size
To save time and resources, keep image disk size just as small as is essential
Before uploading machine image files to OCCS, make them sparse files
User Access
Plan ahead and provision any users that you'd like to be available when instances are
created using the image.

Building Your Own Machine Images
Guidelines
Format
Machine image must be a full disk image, including a partition table and boot loader
Disk image must be converted to raw format, packaged in tar archive, compressed
uing gzip.
Name the resultant tar.gz file using OS name, OS version and disk size. For
example, a root-disabled Oracle Linux 6.6 image with 20-GB disk can be named as
OL66_20GB_RD.tar.gz.

Building Your Own Machine Image
Oracle Linux
Refer Building a Custom Oracle Linux Machine Image with the LAMP Stack
tutorial on Oracle Learning Library to learn how to:
Install Oracle Linux on Oracle VM VirtualBox
Customize the operating system for enabling key-based SSH access
Change the default kernel
Install Apache HTTP Server, MySQL, and PHP
Create raw image

Adding Machine Images to Oracle Compute Cloud Service
Uploading Machine Image Files 1/2
To be used by instances, machine image files need to be uploaded and registered.
The machine image file .tar.gz will be uploaded to the compute_images container in Oracle Cloud
Storage Service.
Time taken to upload the file depends on the size of the machine image file. Do not close this
browser window during the upload.
Register the uploaded machine image file to Oracle Compute Cloud Service
For the first machine being uploaded, Compute_Operations role is needed. Next machines can be
uploaded by any user with Storage_ReadWriteGroup role.
Planned: CLI tool can also be used to upload one or multiple files on a single command.

Listing Machine Images
When create instance through web console, Image field shows all available
machines images. Oracle-provided machines start with /oracle/public
Manage Images screen shows all private (non Oracle-provided) machine images.
Compute_Monitor or Compute_Operations role is required

Deleting a Machine Image
When a machine image is deleted, the image file stored in Oracle Storage Cloud
Service is not removed, so it can be used to register the machine image again.
Machine Images can be deleted through the Manage Images screen.

Managing Storages Volumes

Managing Storage Volumes
Topics
About Storage Volumes
Creating and Attaching a Storage Volume
Mounting/Unmounting a Storage Volume on an Oracle Linux Instance
Detaching a Storage Volume from an Instance
Deleting a Storage Volume

Storage Volumes
Virtual disk that provides persistent block storage space to store data and applications
for instances in Oracle Compute Cloud Service.
Can be associated with a machine image

Can be a persistent boot disk for instances
Between 1 GB to 2 TB capacity , with 1 GB increments
Up to 10 storage volumes can be attached to a instance
Can be attached to only one instance at a time
Can be attached while creating an instance or later
Cant be deatached when associated during instance creation
Data isnt lost when storage volume is deatached or instance deleted

Creating and Attaching a Storage Volume
Create Storage Volume wizard key fields and hints
Storage name - use key characteristics to easier identification, for example boot-
OL66-20G for a bootable storage volume with Oracle Linux 6.6 machine image on 20-
GB disk.
Size - in GB. From 1 GB to 2 TB. Consider applications needed capacity, leaving space
to attach storages in the future. If used as boot disk size should be 5% higher than
the boot disk for the instance;
Boot Image - Select a machine image to make this storage volume a boot disk;
Storage property - Chose /oracle/public/storage/latency for databases for low
latency and high IOPS and /oracle/public/storage/default. Do not use others;
Attach to Instance optionally, select the instance to attach the storage. Attach as
disk # is defaulted to the next disk available index. Disks will be named /dev/xvdb,
/dev/xvdc, /dev/xvdd respectivily for disks at indexes, 1, 2, 3 and so on. Hint: for
bootable storage volume, do not specify this field.

Mounting a Storage Volume on an Oracle Linux Instance 1/2
To access a storage volume, you must attach it to your instance and mount it as follows:
1. Identify the disk number of the storage volume to mount;
2.Log in to the instance using SSH;
3.List the devices available on your instance: ls /dev/xvd*
4.Identify the device name corresponding to the disk number. Ex: 3 for /dev/xvdd
5.Use a tool such as mkfs to create a file system on the storage volume. E.g., to create an ext3
file system on /dev/xvdd, run the following command:
sudo mkfs -t ext3 /dev/xvdd

Mounting a Storage Volume on an Oracle Linux Instance 2/2
6. Create a mount point on your instance. For example, to create the mount point
/mnt/store, run the following command: sudo mkdir /mnt/store
7. Mount the storage volume on the mount point that you created on your instance.
For example, to mount the device /dev/xvdd at the /mnt/store directory, run the
following command: sudo mount /dev/xvdd /mnt/store
Note: Device UIID, obtained through blkid command, can be used instead of device name
8. To make the mount persistent across instance restarts, edit the /etc/fstab file and
add the mount as an entry in that file.

Unmounting a Storage Volume from an Oracle Linux
Instance
To detach a storage volume or to delete an instance that a storage volume is
attached to, first unmount the storage volume as follows:
1. Identify the disk number of the storage volume to mount;
2.Log in to the instance using SSH;
3.To list available instance devices and their mount points: sudo df hT
4.Identify the device name corresponding to disk number to unmount

5.Run the umount command. Example: sudo umount /dev/xvdd
6.If mount point was defined in /etc/fstab (for persistent mount) remove the
mount.
Note: If no longer needed, unmounted volume can be deatached and deleted.

Detaching a Storage Volume from an Instance
To detach a storage volume, first unmount the storage volume
After storage volume detach from an instance, read and write are no longer allowed
If storage volume is no longer required, backup the data elsewhere and delete
storage volume
Select Detach Instance from storage volume menu on Oracle Cloud Service console

Deleting a Storage Volume
All data and applications on that storage volume are lost.
Delete a storage volume only when sure that its data is no longer needed.
Select Delete Instance from storage volume menu on Oracle Cloud Service console

Configuring Network Settings

When you create an instance, by default, it doesnt allow access from any
other instance or external host. Network Settings can enable
communication among some of your instances, for example, to enable all
the instances hosting your development environment to communicate with
each other.
Topics
Overview
Security Rules
Security Applications
Security Lists
IP Reservations

Overview
Access from Dashboard -> Network
User must have Compute_Operations role
By default, no access from any other instance or external host
Fine-grained control over network access
Features
Security Rules
Security Lists
Security IP Lists
IP Reservations

Security Rules
Security Rules are Firewall rules
Control network access to OCCS
instances over a security application
Security Application +
Source + Destination
Source: Security List or Security IP list
Destination: Security List

Security Rules

Protocol-port mapping
You can create your own
Use a predefined security
application
Using orchestrations
Name + Protocol + Port

Security Lists
Group of OCCS instances
Source/Destination in Security
Rules
Up to 10 security rules
Instances in the same security list
can communicate fully, on all ports
By default, instances cannot
communicate with instances in
other security lists
Inbound and Outbound policies

Security IP Lists
List of IP subnets or IP addresses
(external to instances in OCCS)
Source in Security Rules to control
access from external hosts
You can create your own or use
predefined

IP Reservations
Public IP Address attached to the
OCCS intance
Reserved from a pool of IP Address
Temporary or Permanent

Compute Snapshots

Oracle Compute Instance Snapshots
Point in time image of a Virtual Machine
Easy way to create customized machine

images using an existing instance as a
template
Create multiple instances with identical

configurations using customized machine
images

Storage Volumes Snapshot
Point-in-time copy of a storage
volume
Multiple snapshots of a storage

volume, each snapshot captures all
the data stored on the storage
volume

Colocated Storage Volumes Snapshot
Snapshots stored in the same
physical location as the original
storage volume
Each snapshot uses the same
amount of storage as the original
volume.
If you create a storage volume from
a colocated snapshot, then you
cant restore or clone this new
storage volume using a colocated
snapshot

Virtual Machine Instance Resizing

Virtual Machine Instance Resizing
Change the shape of a Virtual
Machine Instance after the instance
has been created
Only for VM instances created
using Orchestrations
Stop Instance orchestration before
resize

VM Instance Boot Logs

Virtual Machine Boot Logs
UI access to an instance console to
diagnose boot problems, kernel
issues
API access of boot logs also
available
Boot logs enabled by default in
Oracle Provided Oracle Linux OS
images

Oracle Cloud Command Line Reference for Oracle Compute Cloud Service

Oracle Compute CLI
Comprehensive set of oracle-
compute cli
Manage Instances , storage and

networking
Supported Platform : Oracle Linux

6.7

Oracle Compute CLI
CLI installation bundle is available at
http://www.oracle.com/technetwork/topics/cloud/downloads/index.html#
opccli
Complete Oracle Compute CLI Documentation

http://docs.oracle.com/cloud/latest/stcomputecs/STCLR/toc.htm

Accessing an Instance using SSH

Accessing an Instance using SSH
Topics
Accessing an Instance as the opc User
Adding Users on an Oracle Linux Instance

Accessing an Instance as the opc User
Instances created using Oracle-provided Oracle Linux images can be accessed using SSH
and opc user
opc comes with sudo privileges, is the default user for Oracle-provided Oracle Linux
images
Pre-reqs
Corresponding private key on the SSH client;
Instance has a public IP address;
Instance has SSH enabled
Use this command to login as opc using ssh: ssh opc@ip_address i private_key
As opc, use the sudo command to perform administrative tasks

Adding Users on an Oracle Linux Instance 1/2
Instances created using Oracle-provided Oracle Linux images can be accessed using SSH
and opc user to add users as follows:
1. Generate an SSH key pair for the new user
2. Copy the public key value to a text file
3. Log in to your instance as opc
4. Become the root user: sudo su
5. Create the new user: useradd new_user
6. Create .ssh directory in the new users home directory: mkdir /home/new_user/.ssh
7. Copy the SSH public key that you noted earlier to the authorized_keys file:
echo public_key" > /home/new_user/.ssh/authorized_keys

Adding Users on an Oracle Linux Instance 2/2
8. Add new user to /etc/ssh/sshd_config file: AllowUsers opc username
9. Change owner and group for /home/username/.ssh directory:

chown -R new_user:new_user /home/new_user/.ssh
10. Restart the SSH daemon on your instance: /sbin/service sshd restart
11. Enable sudo privileges for new user, running visudo for /etc/sudoers file:
Add %new_user ALL=(ALL) NOPASSWD: ALL after %opc ALL=(ALL) NOPASSWD: ALL
You can now log in as the new user: ssh new_user@ip_address -i private_key

Best Practices for using Oracle Compute Cloud Service

Best Practices for Using Oracle Compute Cloud Service
Guidelines and recommendations to get the best out of the service in terms of
cost, manageability, and performance.
Topics
Managing Users and Roles
Building Machine Images
Naming Objects
Selecting Shapes
Using Orchestrations to Automate Resource Provisioning
Managing Block Storage
Ensuring Secure Access to Instances

Managing Users and Roles
Only users with Compute_Operations role can perform write operations , that is,
create, update, and delete resources
Assign Compute_Operations role only to users who'll be responsible for creating,
updating, and deleting instances and the associated storage and networking resources
For business continuity, create at least two users with the Compute_Operations role.
These users must be IT system administrators in your organization.

Customers are responsible for software licenses purchase
Keep in mind the workload that you want to deploy when planning image packages
Provision all needed users before create the final image file
Image disk size should be just as small as is essential
On Linux, convert image file to sparse format : cp --sparse=always original_file
sparse_file. When creating tar archive use S option.
Use key characteristics of the machine image to name tar.gz. E.g. OL66_20GB_RD.tar.gz*
* Root-disabled Oracle Linux 6.6, 20GB-Disk

Customers are responsible for software licenses purchase
Keep in mind the workload that you want to deploy when planning image packages
Provision all needed users before create the final image file
Image disk size should be just as small as is essential
On Linux, convert image file to sparse format : cp --sparse=always original_file
sparse_file. When creating tar archive use S option.
Use key characteristics of the machine image to name tar.gz. E.g. OL66_20GB_RD.tar.gz*
* Root-disabled Oracle Linux 6.6, 20GB-Disk

Naming Object and Selecting Shapes
Naming Objects
Use names that identify key reource characteristics . E.g. Consider operating system,
image disk size in the name of a storage volume
Selecting Shapes
Consider deployed applications, number of users, load spikes and future load scale
Also factor in CPU and memory for the operating system
When in doubt , start small, experiment a representative workload, settle on a shape.
For an optimal resource allocation.

Using Orchestrations to Automate Resource Provisioning
Set the high-availability policy to active, to ensure minimal disruption to your
operations.
To be able to stop and start instances individually, define them in separate
orchestrations.
Define storage volumes outside the instance orchestration and define the storage
attachments within the instance orchestration.
Consider your requirements for application isolation and affinity placing instances on
the same or on different physical nodes using instance placement feature.

Managing Block Storage 1/2
Consider the limits: min 1 GB, max 2 TB, 1 GB increments, and 10 volumes per instance.
Attach many small storage volumes can make hard to scale up to the full limit of 20 TB.
Attach many large volumes limits chances to spread and isolate storage and may result in lower
overall utilization of block storage space.
Leave some room for attaching more storage volumes in the future helps use the available block
storage capacity efficiently in the long run.
Separate storage volumes for your applications, data, and the operating system. Use
Chef or Puppet for managing the configuration of operating system and applications.

Managing Block Storage 2/2
To ensure that storage volumes remain attached and mounted after instances are
stopped and re-created, do both of the following:
Define the storage attachments within the orchestration that you use to create instances.
Set up the instance to boot from a bootable storage volume.
If you are sure that storage volume is no longer required, back up the data elsewhere
and delete the storage volume.

If fixed public IP address reservation was used, but no longer needed, delete the IP
reservation
An instance can be attached up to five security lists, and a security list can be used in up
to 10 security rules. Plan security lists and security rules keeping these overall limits in
mind.
Note: If an instance is added to multiple security lists that have different policies, then the most restrictive policy is
applicable to the instance.

Ensuring Secure Access to Instances 1/2
Add instances to the appropriate security lists ensuring isolation.
To allow incoming traffic to all the instances in a security list , set up a security rule with
the security list as the destination and with the required source and protocol settings.
Use security rules carefully and open only a minimal and essential set of ports.
Keep in mind your business needs and the IT security policies of your organization.
Note: Instances within a security list can inter-communicate freely over any protocol.

Ensuring Secure Access to Instances 2/2
Determine how many users to access an instance and plan for a separate SSH key pair
for each user.
Keep SSH keys secure
Lay down policies to keep SSH keys secure when employees leave the organization or
move to other departments
For business continuity, ensure that at least two IT system administrators have SSH
keys installed on the instances.

Q&A

03-Compute Services DeepDive

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

03-Compute Services DeepDive

Hochgeladen von

Copyright:

Verfügbare Formate

Oracle Compute Cloud Service

Oracle PTS Platform Technology Solutions

Copyright 2015 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved. 2

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved. | 4

Identified by Name and Label

Can have up to 20 TB block storage

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Than you can do the following:

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Operations that you can perform on You must have Compute_Operations

Attach a Storage Volume to an Instance Attach Storage requires subsequent

When you add an instance to a security

Copyright 2014 Oracle and/or its affiliates. All rights reserved. 11

You must have the Compute_Operations role.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved. | 14

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Defined offline in a JSON-formatted file.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

object plan (oplan) Primary building block of an orchestration

An orchestration can contain up to 10 object plans.

object type (obj_type) Resource created on Oracle Compute Service.

Like storage/volume or launchplan, which is instance.

object (objects) Defines properties or characteristics of an Oracle Compute

The fields in the objects section vary depending on the

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

launchplan Creates an instance.

orchestration Starts a set of orchestrations. Up to 10 object plans. Up to 3 levels of nested orchestrations.

secapplication Creates a security application.

seciplist Creates a security IP list

seclist Creates a security list .

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Means launch plan boot-from-storagevolume1 depends on storagevolume1, ensuring

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

The Type attribute can assume one of the following values:

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Use such orchestration to start and stop multiple other orchestrations.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

active: instance is recreated automatically if stops unexpectedly. If instance is in an

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Top Level attributes

Object plan attributes

Specific attributes for each object type

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

You must have the Compute_Operations role.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

You must have the Compute_Operations role.

Copyright 2014 Oracle and/or its affiliates. All rights reserved.