OCI Fast Forward – Hands On Guide

OCI Fast Forward

Hands On Lab Guide

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

OCI Fast Forward

Hands On Lab Guide

Introduction
In this guide, we’re going to work on developing some advanced concepts on Oracle Coud
Infrastructure, following different processes and good implementation techniques.

Our Goal in this workshop, is to create an environment where resources are more protected,
and hosts can’t be directly accessed from the internet. We’ll also develop the concept of private
and public servers, and create alternative networking routes, where external access can be
achieved with different paths.

Tools used on this Workshop

This lab will require Windows users, to download and install :

• PuTTY e PuTTY KeyGen (for Windows Users)

PuTTY

PuTTY is a telnet and SSH client developed to grant Windows users, access
to Linux/Unix Servers. Putty is a Open Source Software.

PuTTY can be downloaded on https://www.putty.org/.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 1.
TAG and Namespace

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 1. TAG and Namespace

Oracle Cloud Infrastructure Tagging enables you to add metadata to resources. This allows you
to define keys and values and associate them with resources. You can then use the tags to help
you organize and list resources based on your business needs.

The Tagging service provides two ways for you to approach adding tags to resources. Each
approach offers a different type of tag for you to work with:

• Defined tags - tag administrators manage resource metadata.

• Free-form tags - unmanaged metadata applied to resources by users.

One approach involves a tag administrator creating and managing all the tags that users will
apply to resources. You use IAM policy to limit who can create tags to a few select tag
administrators, while granting all others in the tenancy only the ability to apply tags. The
benefit to this approach is that you can create and manage the keys and values used to tag
resources. This avoids typos that weaken automation based on tags and provides better
reporting based on tags.

The other approach is to allow users to add tags to resources. Each tag is edited or applied at
the resource by you or a user creating or modifying a resource.

You can use both types of tags throughout your tenancy. Most of the Tagging features require
defined-tags. "Tag" is used generically to refer to defined tags. To create metadata that you can
trust to manage resources and collect data, use defined tags.

Tagging Concepts
Here's a list of the basic tagging concepts:

Tag Namespace
You can think of a tag namespace as a container for your tag keys. It consists of a
name, and zero or more tag key definitions. Tag namespaces are not case sensitive,
and must be unique across the tenancy. The namespace is also a natural grouping to
which administrators can apply policy. One policy on the tag namespace applies to all
the tag definitions contained in it.
Tag Key
The name you use to refer to the tag. Tag keys are case insensitive (for example,"
mytagkey" duplicates "MyTagKey"). Tag keys for defined tags must be created in a
namespace. A tag key must be unique within a namespace.
Tag Value Type
The tag value type specifies the data type allowed for the value. Currently two data
types are supported: string and a list of strings.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Objectives

Create a Namespace and TAG structure that will allow us to have a better view of the
resource consumption on our tenant. We will create the follow structure:

Lets now follow a usual workflow process of creating a NAMESPACE and it’s TAG Key
definition.

STEP 1 : Create a compartment where you will store your objects. You can use any name
you want.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

STEP 2 : Create the Namespace definition

Fill the Namespace definitions

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Repeat the process above, and create the Namespaces:

• SERVIDORES
• BANCO_DADOS
• STORAGE

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Step 3 : Create the Namespace TAG Keys

In the Namespace’s screen, choose the Namespace you want to update :

Than, choose the “Create Tag Key Definition

Fill the Tag Key details

Obs.: Don’t forget to “check” the “Cost Tracking” option

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Repeat the TAG Key process above, and create the TAG Structure:

LAD Knowledge Team

Cloud Engineer team Brazil

OCI Fast Forward – Hands On Guide

Lab 2.
Networking

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 2. Create connectivity components

Objectives
• Create VCN
• Create Public and Private Subnets
• Create Route Tables
• Create Internet and NAT Gateways

In this section we’re going to create the networking components for our solution. As
discussed previously, our target is to create a more professional approach on OCI Blue Print.

The final Blue Print will

look like something like
this:
Where we’ll have public
and private subnets, each
containing a set of servers,
attending company’s
network requirements

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Virtual Cloud Network and It’s Resources

Objectives
• Create Oracle Cloud Network (VCN)
• Configure Regional Public and Private Subnets
• Provision an Internet Gateway, which will allow your VCN access to public internet
• Configure Route Table

Create Oracle Cloud Network (VCN)

To create a network, remember to choose your compartment, then hit:
Networking>>Virtual Cloud Networks, on main menu.

Entering the Virtual Network Module, you’ll be presented to 2 options for creating an OCI
Network:
• You can individually create the network components
• You can run through a wizard-based creation process, that will assist you on setting
up network components, and basic connectivity setup.

On this example, we will use the wizard-based process, started by choosing the option “Start
VCN Wizard” button below

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Starting the process, you’ll be guided by OCI interface through the process.

1 – Choose the type of connectivity you want, you can choose a VPN model, or standard
internet access through internet gateway

Please note, the provided blueprint on the right side of the screen, it works as an illustration
of how your connectivity will be set. On our tests, we’ll use a simple internet connectivity
model, which will create the following components:

• VCN
• Regional Public and Private Subnets
• Internet Gateway
• Route Table
• NAT Gateway
• Service Gateway

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

2 – Setup Basic VCN parameters:

Name: VCN-TRIAL
Compartment: Choose your own compartment

Your compartment
compartment name
goes here

Then, input CIDR Block information for VCN and it’s subnets

VCN CIDR Block: 10.0.0.0/16

Public Subnet: 10.0.0.0/24
PrivateSubnet: 10.0.1.0/24

• CIDR Block info provided here are for sample setup only.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

At the end, Hit “Next” button, and you’ll be directed to “review and create page” where the
networking components will be created:

Check the provided information and hit the “Create” blue button at the end of the screen.
Finishing the process, you can follow the all the creation steps executed by the interface:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

The networking creation process is very quick, when finished, will be shown as below:

We can take a look at the “reference blueprint” showed at the start of the VCN creation
process, and review the elements that were automatically created by OCI wizard:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Activate VCN Flow Logs

Service logs are logs that are emitted by Oracle Cloud Infrastructure services, such as Events,
Functions, Load Balancing, Object Storage, and VCN Flow Logs.
Each of these supported services has a Logs resource that allows you to enable or disable
logging for that service.

You will find VCN Flow Functionality on the OCI service menu as below:

To use this resource, you will have to create a Log Group, then the Log Flow streaming,
where the log entries will be stored

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

To create a Log Group, hit the Create Log Group button on the Logging service home screen

Fill required fields, basically, name, compartment, and description of your Log Group:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

In the Log Group home page, hit "Enable Service Log" button

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

After log group and Flow log are created, wait for a few minutes, and check log screen to
analyze VCN traffic

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 3.
Install OCI CLI

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 3. Installing OCI CLI

Objectives
• Install OCLI (Linux operating systems)
• Access OCI tenant with OCLI interface

All the necessary instructions for download and configure OCI CLI are available on OCI
Public Documentation page :
https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliinstall.htm

To ease to installation process, we’re NOT going to install OCI CLI in your notebook operating
system. Our experience shows, that sometimes, when the participant is using a corporate
workstation, the operating system maybe under protection of several directives (antivirus,
customized windows policies, lack of “Administrator” privilege), that may prevent the
installation of the OCI CLI libraries. To avoid fall into some time consuming, challenging,
“troubleshooting” tasks, we’re going to install OCI CLI tool in an OCI Compute Instance, that
we’re going to create right now.

Create an OCI Compute Instane, with the following characteristics

• Image (Operating System): Oracle Linux
• Shape:
o Processor : Intel Skylake
o Shape : VM.Standard2.1

* If you have always free resources available on your tenant, feel free to use-it

Once you have the new VM created, and connectivity established, we can move ahead, and
start OCI CLI installation process.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

For Linux desktop installation, you can

follow the steps bellow
1 – Download and install OCLI: Access OCI Public documentation from your browser, and
just “copy and paste” the link in your current SSH connection:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

During the installation process, you will have to provide some prompt confirmations
regarding the location of some scripts. No information need to be entered, just confirm, and
the process will finish in a few seconds.
After installation finishes, your “OCLI” will be ready to run. You can test OCLI installation
with the command: “oci -h”

2 – Keys Setup: Next step is to setup API Public/Private keys on the config file:

To have the CLI walk you through the first-time setup process, use the command:
oci setup config

The command prompts you for the information required for the config file and the API
public/private keys. The setup dialog generates an API key pair and creates the config file.

When prompted, DO NOT provide a password, and OCI will create it’s own private,
public, and PEM keys for the connection setup

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

IMPORTANT : save this information :

Use the command: cat /root/.oci/oci_api_key_public.pem and SAVE THE CONTENT, we
will use on the step “Upload your public key”

3 – User’s and Tenancy’s OCID: Final step of the setup process, is collect user and tenant
Id’s from OCI interface. For more information about how to find the required information,
see: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#Other

Tenancy's OCID

Get the tenancy OCID from the Oracle Cloud Infrastructure Console on the Tenancy Details
page:

1. Open the navigation menu, under Governance and Administration, go to

Administration and click Tenancy Details.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

2. The tenancy OCID is shown under Tenancy Information. Click Copy to copy it to
your clipboard.

User’s OCID.

Get the user's OCID in the Console on the page showing the user's details. To get to that
page:

1. If you're signed in as the user: Open the Profile menu ( ) and click User
Settings.
2. If you're an administrator doing this for another user: Open the navigation menu.
Under Governance and Administration, go to Identity and click Users. Select
the user from the list.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

3. Upload your Public Key (generated on step 2)

You can upload the PEM public key in the Console, located at https://console.us-ashburn-
1.oraclecloud.com. If you don't have a login and password for the Console, contact an
administrator.

1. Open the Console, and sign in.

2. View the details for the user who will be calling the API with the key pair:

o If you're signed in as this user, click your username in the top-right corner of
the Console, and then click User Settings.

o If you're an administrator doing this for another user, instead click Identity,
click Users, and then select the user from the list.

3. Click Add Public Key.

4. Paste the contents of the PEM public key in the dialog box and click Add.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

OCI Public Key

(oci_api_key_public.pem ) content.
Created on STEP 2

5. Final configuration steps : To finish OCLI setup, we just need to provide User abnd
Tenancy OCID for the recently installed OCI binary.
To finish setup, just execute : “oci setup config”, and follow the steps :

Do not overwrite
previous keys

To test configuration, try the following command:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Some commands that you can use to easily extract tenant information
using OCI CLI:

Available Regions oci iam region list --output table

Available AD’s oci iam availability-domain list -c $TENANT --output table -
-query 'data[*]."name"'
Object Storage Namespace oci os ns get
Created Block Volumes oci bv volume list --compartment-id=$COMPART --output
table
Available Compute oci compute image list -c $TENANT --output table --query
Images 'data[*].{"Image Name":"display-name","Operating
System":"operating-system","Oper. System
Version":"operating-system-version"}'
Capture VCN OCID oci network vcn list -c $COMPART --output table --query
'data[*].{"OCID":"id"}'
Capture Subnets OCID oci network subnet list -c $COMP_NET --output table --
query 'data[*].{"Display Name":"display-
name","OCID":"id"}'

Obs.: Pay close attention to variables $TENANT and $COMPART, before using
those commands, make sure to set them with respectives OCID’s.

For more details with OCI CLI syntax, please refer to :

https://docs.cloud.oracle.com/iaas/Content/GSG/Tasks/gettingstartedwiththeCLI.htm

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 4.
Compute Cloud Services

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 4. Compute Cloud Services

Objectives
• Create 2 compute instances (1 Public and 1 Private)
• Test internet access from the Compute Instance that has only a private IP address
• Connect to Public Instance, and Establish a console connection with the Compute
Instance that has Private IP, and follow-up the boot process
• Install Apache application server o both servers (Public and Private)
• For Cost Tracking, don’t forget to insert Tag’s for each compute Instance. The Tags
will be used with the previously created structure.

We're going start to putting things together ...we'll start to combine web interface and CLI
command line

1 . Create Compute Instances

On this exercise, we start by creating 2 Oracle Linux Compute instances, one on the Public
Subnet (using web interface), and the other o the Private Subnet (using CLI command line).
At this point, we already have all the network resources already created, so we can start
creating the virtual machines.

Create First Virtual Machine

To do so, we start from the Action menu => Compute => Compute Instances

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

You will than, be redirected to the Compute Instances Interfaces, where you can just hit
“Create Instance” button:

Next, you’ll just need to fill the required information with the following information:

Instance Name : vm-lnx02

Image Source : Oracle Linux
Availability Domain : AD-1
Instance Type : Virtual Machine
Instance Shape: VM.Standard2.1
Virtual Cloud Network : Choose your VCN
Subnet: Choose the Public Subnet
Public Key: Provide the file with the Public Key
Hit the “Create” Button, and wait for the Compute Instance to be provisioned
Namespace : SERVIDORES
TAG Key : Linux
Value: SRV01

Hit the “Create” Button, and wait for the Compute Instance to be provisioned

When creating the compute instances, don’t forget to add the respective Namespace and TAG
Keys for each Host.

In the compute creation screen, the Namespace and Tag options can be found in the
“Advanced Options” Link, in the bottom of the Compute Creation Screen:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Create Second Virtual Machine with OCI CLI

The second Virtual Machine, will have the configuration bellow:

Instance Name : vm-lnx03

Image Source : Oracle Linux
Availability Domain : AD-1
Instance Type : Virtual Machine
Instance Shape: VM.Standard2.1
Virtual Cloud Network : Choose your VCN
Subnet: Choose the Private Subnet
Public Key: Provide the file with the Public Key
Hit the “Create” Button, and wait for the Compute Instance to be provisioned
Namespace : SERVIDORES
TAG Key : Linux
Value: SRV01
LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

To use OCI CLI commands on your prompt, we need to setup some variables first.

COMP Variable: Compartment OCID

Access your compartment's property page:

Copy it's OCID, and create an operating system variable with name COMP, with the "export"
command as follows:

PRIV_SUBN Variable: Private Subnet's OCID

To collect Private's Subnet OCID, you can use the following command :

oci network subnet list -c $COMP --output table --query 'data[*].{"Display

Name":"display-name","OCID":"id"}'

the output will look like toe follwing:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Now, copy the "Private Subnet's" OCID, and create the PRIV_SUBN variable:

TENANT Variable: Tenant's OCID

To reach your tenant's details page:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

"copy" the Tenant's OCID

Having the tenant's OCID, create the TENANT operating system variable:

IMG_ID Variable: OCI's Image OCID

Final variable to start using CLI commands .... get OCI Image OCID from the operating
system that will be used.

With the following command, you will get a list of the available images on your OCI tenant:

oci compute image list -c $TENANT --output table --query 'data[*].{"ID":"id","Image

Name":"display-name"}'

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

you will then get a pretty big output:

Take a closer look at the output list, and locate the image: Oracle-Linux-8.2-2020.09.23-0,
and get it's ID:

Final step, create the operating system variable IMG_ID:

AD Variable: Get your Availability domain, name

To get the availability domain of your region, use:

oci iam availability-domain list -c $TENANT --output table --query 'data[*]."name"'

Now, set the environment variable AD, with the name of second Availabilty Domain :
LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

export AD= AkfI:US-ASHBURN-AD-2

Check now that you have all the variables set:

Having all the variables configured, it's time to create the second VM. you can use the
command:

oci compute instance launch --availability-domain $AD --compartment-id $COMP --shape

VM.Standard.E2.1.Micro --subnet-id $PRIV_SUBN --assign-public-ip false --display-
name vm-lnx-03 --image-id $IMG_ID --ssh-authorized-keys-file <<Your Public Key
Path>>

You probably noticed, that the used compute shape was "VM.Standard.E2.1.Micro", you can
check other shape syntaxes in this location :
https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

If everything is fine, you will get an output like this one:

(Note the "Provisioning" state)

You can also check the Web Interface, for the new Compute Instance

2 . Test Compute Instance Access

Now, with network, and compute instances provisioned, we can test if the setup is correct.
We’ll start by trying to access the Public Instance through SSH from our workstation:

Using everything is OK, we will easily reach the compute instance from it’s pubic IP.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

You probably noticed that this operation can’t be done for the instance created on the Private
Subnet, because as you can observe on the web interface, this VM does not have a Public IP
address.

The only way to access the private instance, is connecting first from the VM that has Public IP
(using it as a “bastion host”). In order to connect the Private VM through SSH, you will also
need to copy the private key from your local computer to the Public VM. For this task, use
your preferred SFTP tool (winscp, Cyberduck, Filezilla, etc).

With the private key file in place, you can now try again SSH from the public VM to privvate
VM.

Before moving to the next step, we need to test if the Private Instance can access the internet
(since it can’t be accessed directly from the internet). Such configuration was provided by the
NAT Gateway Configuration. NAT Gateway creation and configuration was executed by the
VCN Wizard creation assistant, no other setup must be done at this point. To test compute
access, we just need to access any web address:

If this test fails, please check your VCN configuration

3 . Compute Instance Setup

Now, that you have both instances created, before me move forward, it's time do some basic
operating system setup on the VM's. This will install a set of tools we'll use during our next
LAB's.
The described scripts below, will help you on this task. Just copy and paste those commands,
and execute it on the VM OS SSH connection.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Task Command
1 Operating sudo yum update -y
sudo systemctl stop firewalld
System setup sudo systemctl disable firewalld
sudo systemctl mask firewalld
sudo yum install git -y
cd /home/opc
git clone https://github.com/valdecircarvalho/oci-fastforward
cd oci-fastforward
sudo chmod +x *.sh
sudo sed -i -e 's/\r$//' /home/opc/oci-fastforward/*.sh
2 Apache Install cd oci-fastforward/
Process ./deployapache.sh

After the setup process is finished, you can test if the Apache is working correctly

Please remember that, if you can’t access Apache’s main screen from the Public IP’s on your
browser, or if the CURL request does not work, check your network configuration.

On Private Secutiry List:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

4 . Configure access rules (Network Security Groups)

To grant external access to apache application on the public Compute Instance, we need to
configure Security Rules on the Public Subnet. As we already know, an Ingress Rule created
on a public subnet will be applied to all instances on this subnet.

But we want to be more restrictive, what if we want to grant external access to only one
Compute Instance on the Public Subnet ? What if we want to allow traffic on port 80 to only
one server? To achieve this configuration, we’ll use an OCI resource called “Network Security
Group”.

Network Security Groups

The Networking service offers two virtual firewall features to control traffic at the packet level:

• Network security groups: Covered in this topic. Network security groups are supported only
for specific services.

• Security lists: The original type of virtual firewall offered by the Networking service.
See Security Lists.

Highlights
• Network security groups (NSGs) act as a virtual firewall for your Compute instances and other
kinds of resources. An NSG consists of a set of ingress and egress security rules that apply only
to a set of VNICs of your choice in a single VCN (for example: all the Compute instances that
act as web servers in the web tier of a multi-tier application in your VCN).

• Compared to security lists, NSGs let you separate your VCN's subnet architecture from your
application security requirements. See Comparison of Security Lists and Network Security
Groups.

• At this time, you can use NSGs with Compute instances, load balancers, and DB systems. For
more information, see Support for Network Security Groups.

• NSG security rules function the same as security list rules. However, for an NSG security rule's
source (for ingress rules) or destination (for egress rules), you can specify an NSG instead of a
CIDR. This means you can easily write security rules to control traffic between two NSGs in
the same VCN, or traffic within a single NSG. See Parts of a Security Rule.

• Unlike with security lists, the VCN does not have a default NSG. Also, each NSG you create
is initially empty. It has no default security rules.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

6 . Create Network Security Groups

Network Security Groups can be found under the VCN menu, on the left link menu (bottom
of the screen).

To create a Network security Group, just select the item on the bottom right of the screen,
and you will be redirected to NSG interface.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Now the NSG and it’s security Rules are created, all you need to do, is redirect traffic on the
Compute Instance VNIC to this network rule.

On the Compute instance menu, you just need to follow the steps below:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Now, putting things together, we can start playing around with Compute Instances and CLI
command:

Operation Command
List Compute Instance oci compute instance list --display-name <Your VM Name Goes
details, based on VM Here> -c $COMP
display name
Initiate Compute oci compute instance action --action START --instance-id
Insance $INST_ID
Extract created oci compute instance list -c $COMP --output table --query
Compute Instance 'data[*].{"Image Name":"display-name"}'
names

More info on CLI syntaxes can be found on this link:

https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/2.12.13/oci_cli_docs/cmdref/compute.html

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 5.
Storage Cloud Services

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 5. Storage Cloud Services

Objectives
• Create an iSCSI Block Storage Volume with 50 GB , and attach to compute instance
• Configure the volume backup policy
• Execute a FULL Backup
• Restore the Block Volume Backup, and mount it in a Compute Instance.
• Resize to block volume from 50G to 80G, and reflect this change in the operating
system.

Creating Block Storage Volumes

Our first task here, it to create a 50 GB Block Volume. We're going to use OCI CLI
command line command for that. the block Volume will attend those characteristics:

Compartment_id : Choose your own created compartment

Name : Name for this disk volume
Availability Domain : Choose the AD to store this disk volume (remember, same as the
compute instance)
Size : 50 GB
Backup Policy : From none (No backup Policy) to Silver, Bronze and Gold (More on backup
later)
Volume Performance : Keep it “Low Cost”, we don’t need performance for what we’ll do.

To create the Block Volume, use the command:

oci bv volume create --availability-domain $AD -c $COMP --display-name dsk50g --size-in-

gbs 50 --vpus-per-gb 0

Remember, variables AD, and COMP were set on the previous LAB (Cmpute Instances)

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

After setup and provisioning, OCI Block Volume will be ready for use. Provision time will
depend on the volume size, on our example (50 GB), it will take no more than 30 seconds.
you can check disk properties on OCI Web interface.

Or through this OCI CLI command:

oci bv volume list --compartment-id $COMP --display-name dsk50g --output table --query
'data[*].{"Nome":"display-name","VPU":"vpus-per-gb","Size":"size-in-gbs"}'

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Connecting Block Volumes to Compute Instance

To connect Block Volumes to compute instance, you need to access “Compute Instance”
home screen, and from VM’s detail page, hit “Attach Block Volume”.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

ISCSI : disk must be detected

manually
PARAVIRTUALIZED : disk is
detected automatically.
But in both cases, disk must
mounted manually

Once disk is properly attached, we can mount it on Compute Instance.

Usually, users tend to create logical partitions on top of physical disks (using FDISK and
MKFS). It’s important to say, that this approach is not wrong, but if we need to be more
flexible in the near future, It’s important to consider other options.

In this workshop, we’re going to use Extended File System (XFS) partitions. As experienced
users, our goal, is to have a more flexible disk structure.

To create our new filesystem, follow the steps below:

Step 1: Detect the new disk

Remember, in the “Disk Attach” operation, we choose the “iSCSI” type of attach, to ease this
process, Oracle Cloud Infrastructure provides the necessary commands to detect the new disk
on the VM. On the right side of the disk information screen, you’ll find a three dot’s menu.

If you choose the “iSCSI Commands & Information”, you’ll get the necessary commands to
detect the disk:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

All you need to do, is copy the commands in the “ATTACH COMMANDS” box, and
execute it on the Linux server. After disk detection, you need to format and mount the new
disk.

Step 2: Check new disk

After detecting the new disk, check on the operating system, It it’s already visible :

You can do that as ROOT user, with the command : “lsblk”

1 – sudo su –

2 - lsblk

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

The new disk, will show as above

Step 3: Create XFS partition

With the new disk visible, we can create new partition, and filesystem

New Partition can be created with FDISK command. Please note, to use a partition of type
“85” (Linux Extended):

As root user, execute the FDISK command to manipulate disks partition information:

1- sudo su –
2- fdisk /dev/sdb
3- user command “p” to print disk partition information
LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Before exiting, make sure to WRITE the new partition on disk.To write partition information
to disk, use the "w" command on FDISK

After creating the partition, check the disk layout again with the disk utility:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Step 4: Create XFS Filesystem

With the partition set, we can now create the Extended Filesystem.

As root, execute the command : mkfs.xfs -f /dev/sdb, and you’ll get the following output :

Step 5: Final step, just create the mount point, and mount the filesystem

1 – mkdir /data_disk

2 - mount /dev/sdb /data_disk -o nouuid

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Setting Backup Policies for Block Storage

On Oracle Cloud Infrastructure, Block Volume (including boot volumes), and compute nodes
backups are independent. Backup policies can be set on the Block Storage home page (Main
Menu > Block Storage > Block Volumes):

Backup options can be easily accessed from the “fast menu” (Three dots on the right), option
“Assign Backup Policy”

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Where you can choose the most appropriate backup policy for your data.

To execute a backup manually, all you need to do, is request to “Create a Block volume
Backup from the Block Volume Interface

Restore a Block Volume Backup

You probably already noticed, that we don’t have the word “restore” anywhere in OCI
interface. In Oracle Cloud World, when we want to restore a Block Volume backup, we
request to “Create a new Block Volume” from an existing backup:

This way, you can mount this backup, as an ordinary volume on any other compute instance
(or in the same), and manipulate data as you want.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

You can even define the new

block volume size, giving more
flexibility for this operation

Now that the new volume is properly attached, repeat the process to mount the new
filesystem.

Resize Block Volume

The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block
volumes and boot volumes. You can only increase the size of the volume, you cannot decrease
the size. You can attach a volume and start using it as soon as it's resized and becomes available.

Our objective now, is to change the Block Volume that is mounted on filesystem /data_disk
from 50G to 80G.

You have three options to increase block volume size:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

The resize process is divided into 2 steps:

Step 1: Change Block Volume Size using the OCI Web Interface

Step 2: Adjust filesystem size on operating system.

Step 1: Change Block Volume size.

Please note, the resize process can be done completely ONLINE, this means that you don't
need to dismount your filesystem, and “detach” the volume from the host.

Once in the Block volume interface, you just need use the "edit" button

This screen will pop up from the right side of your browser. Here you can change
performance characteristics and volume size.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

The disk will begin the provisioning state for a few seconds, when finished, the “BV” logo,
will became green again

Step 2: Adjust filesystem size on operating system.

With the Block Volume size adjusted, we can now start Operating System adjustments.

1 – After changing the disk size on Block Volume interface, we need to issue a "rescan" on
operating system side. OCI interface will give you the necessary commands you need to use
on OS side.

Copy the command on the web interface , and execute it as root on operating system. After
that, use the command “lsblk” to make sure that the volume is visible from the Operating
System side.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Note that the disk is already visible with the new size (80G)

Step 2: Adust partition and filesystem size.

We begin by checking if the physical partition already detected the volume size change

With the command “parted”, we can check the new partition state, the screen above, shows
that nothing need to be done on the physical partition.

3 – Now, let’s adjust the filesystem.

This part is very important, our goal, is to modify the filesystem size, and preserve it’s data.

Fist mount the original XFS filesystem:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Note that the filesystem /data_disk still have the original 50G size.

With the command “xfs_growfs”, we will adjust the filesystem size

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

We now have the filesystem adjusted with the new size.

It’s very important to remember that without the use of a “flexible” logial partition, we could
not do operations like this in a safe way. Sometimes, when we create the filesystem right on
top of the physical disk, the only way to resize the disk, is to remove the filesystem (drop),
and create it again. Despite the hard work, we put our data at risk.

Keep in mind, that we need to keep our structures as flexible as possible, minimizing
downtime situations.

LAD Knowledge Team

Cloud Engineer team Brazil

OCI Fast Forward – Hands On Guide

Lab 6.
Autoscaling

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 6. Autoscaling
Objectives
• Demonstrate the usage of Instance Pools
• Demonstrate the usage of Instance Configurations
• Create Autoscaling Policies, and demonstrate it’s behavior on Public Instances, and
Configuration Pools

Autoscaling
Autoscaling enables you to automatically adjust the number of Compute instances in an
instance pool based on performance metrics such as CPU utilization. This helps you provide
consistent performance for your end users during periods of high demand, and helps you reduce
your costs during periods of low demand.

You select a performance metric to monitor, and set thresholds that the performance metric
must reach to trigger an autoscaling event. When system usage meets a threshold, autoscaling
dynamically allocates resources in near-real time. As load increases, instances are
automatically provisioned: the instance pool scales out. As load decreases, instances are
automatically removed: the instance pool scales in.

Autoscaling relies on performance metrics that are collected by the Monitoring service. These
performance metrics are aggregated into one-minute time periods and then averaged across the
instance pool. When three consecutive values (that is, the average metrics for three consecutive
minutes) meet the threshold, an autoscaling event is triggered.

A cooldown period between autoscaling events lets the system stabilize at the updated level.
The cooldown period starts when the instance pool reaches a steady state. Autoscaling
continues to evaluate performance metrics during the cooldown period. When the cooldown
period ends, autoscaling adjusts the instance pool's size again if needed.

In order to use Autoscaling feature, you must follow some Steps:

1. Create a customized image from the instance that will be replicated on the auto
scaling policy
2. Create a new instance based on this image (This step is very important)
3. Then create an Instance Configuration, and finally
4. Create an Autoscaling policy

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

1 . Create Instances Custom Image

The process of creating instances with customized instances is very similar with the
conventional process. The only difference, is when choosing the image source, the first step,
is to create an image from an already running Compute Instance:

While creating the image, the source Compute Instance will remain in “creating image”
stage.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

2. Create new instance based on the “Custom Image”

After creating the custom image, you can start creating the new compute instance, remember
to use the new image:

After choosing the correct image, you may follow the standard creation process of compute
instances.

3 . Create Instance Configuration

Instance configurations allow you to define the settings to use when creating Compute
instances.

You use an instance configuration when you want to create one or more instances in an
instance pool. For background information about instance pools, see Managing Compute
Instances.

You can also use an instance configuration to launch individual instances that are not part of
a pool. To do this, use the SDKs, command line interface (CLI), or API.

In the Console, you create an instance configuration using an existing Compute instance as a
template. If you want to create an instance configuration by specifying a list of configuration
settings, use the SDKs, CLI, or API.

To create an Instance Configuration, you can follow the steps below:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

First name the Instance Pool:

After creating the Instance Pool metadata, you will be redirected to the Instance Pool creation
screen:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

The instance pool will create the compute instances that will be used to receive the load of
the application.

Number of Instances
on the Pool

Hit the Next button, and input AD/FD/Network information for the pool:

Finishing the wizard, your pool will be provisioned. Please note, that the number of instances
in the pool will determine the time taken for creation.

After provisioning, the Pool will look like the following screen:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

4 . Create Autoscaling Policy

From the Instance Pool screen, you can create the Autoscaling Policy.

Provide the policy name, the Instance pool that will be used

Time in seconds to grow

or shrink the pool

In this new relase, OCI provides both :

• Metric Based, and
• Schedule-based Autoscaling

for this exercise, we're going to use the "Metric Based" auto scale.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Metric:
CPU or Memory

In the second part of the screen, you can specify the policy thresholds for poll actions (grow
and shrink)

The last screen of the

wizard will provide you
a small resume of the
policy configuration.

If the parameters are

correct, just press the
"Create" blue button on
the bottom of the
screen.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Now that we have the entire scaling components configured, we can start to “stress” the pool
of resources, and test scaling policy. To do that, we will use the “stress” tool, installed on the
server in LAB5 (Compute Instances).

It’s important to note, that CPU overhead must be created in the Instance Pool VM, not
the original APP server.

To monitor CPU usage on the pool, you can use “Metrics Explorer” main screen.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Stabilish an SSH connection to Public IP instance, and start the command:

• sudo su –
• nohup stress --cpu 20 --timeout 12000 &

After 5 min in CPU stress, Instance pool deployed a new VM in the pool, as you can see, the
Pool has 2 instances:
LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

As the CPU continues in stress, another compute instance is provisioned:

5 minutes after the CPU stress finished, the Instance Pool returned to it’s original
configuration:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

You can track all the activities on the Pool through the “Work Request” link, on the left side
of the screen:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 7.
Cloud Native Services

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Lab 7. Cloud Native Services

Objectives
• Demonstrate the usage of Streams and Notifications cloud services, along to it's
integration with other OCI services like Object Storage, where the user can be
notified when someone uploads or remove files from a Bucket.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Streaming Service Overview

The Oracle Cloud Infrastructure Streaming service provides a fully managed, scalable, and
durable storage solution for ingesting continuous, high-volume streams of data that you can
consume and process in real time. Streaming can be used for messaging, ingesting high-volume
data such as application logs, operational telemetry, web click-stream data, or other use cases
in which data is produced and processed continually and sequentially in a publish-subscribe
messaging model

Streaming Usage Scenarios

Here are some of the many possible uses for Streaming:

• Metric and log ingestion: Use the Streaming service as an alternative for traditional file-
scraping approaches to help make critical operational data more quickly available for indexing,
analysis, and visualization.

• Messaging: Use Streaming to decouple components of large systems. Streaming provides a

pull/buffer-based communication model with sufficient capacity to flatten load spikes and the
ability to feed multiple consumers with the same data independently. Key-scoped ordering and
guaranteed durability provide reliable primitives to implement various messaging patterns,
while high throughput potential allows for such a system to scale well.

• Web/Mobile activity data ingestion: Use Streaming for capturing activity from websites or
mobile apps (such as page views, searches, or other actions users may take). This information
can be used for real-time monitoring and analytics, as well as in data warehousing systems for
offline processing and reporting.

• Infrastructure and apps event processing: Use Streaming as a unified entry point for cloud
components to report their life cycle events for audit, accounting, and related activities.

Notifications Overview
The Oracle Cloud Infrastructure Notifications service broadcasts messages to distributed
components through a publish-subscribe pattern, delivering secure, highly reliable, low latency
and durable messages for applications hosted on Oracle Cloud Infrastructure and externally.
Use Notifications to get notified when event rules are triggered or alarms are breached, or to
directly publish a message.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Notifications Concepts
The following concepts are essential to working with Notifications.

MESSAGE
The content that is published to a topic. Each message is delivered at least once
per subscription. Every message sent out as email contains a link to unsubscribe from
the related topic.
SUBSCRIPTION
An endpoint for a topic. Published messages are sent to each subscription for a topic.
For supported subscription protocols, see To create a subscription.
TOPIC
A communication channel for sending messages to the subscriptions in the topic. Each
topic name is unique across the tenancy.

Test 1: Object Storage, Events, and Streams Integration

Step 1: Create Streams Queue to store messages from other services

The streams creation process is very straightforward, our starting point, as usual, will be
the top left action menu:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Hit the "Create Stream" button to start service creation:

Enter the number of hours (from

24 to 168) to retain messages

Enter the number of parttions for

the stream.

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

After creation, you will have the following setup:

Step 2: Setup an "Events" service to deploy Streams messages

Our target here is to use the "Events" service ingest data to the previously created stream
flow.

As usual, we start from the "Action"(Hamburger) menu on the top left.

o create the Event setup, follow the next steps below

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

First step, is to create an Event notification, where every action on Object Storage Bucket,
will be registered in a streams queue:

On the bottom part of the screen, you can choose the message delivery destination:

Our next step, is to add (upload) some files to the Object Storage Bucket. You just need to
create a new standard bucket on Object Storage.

Important : Make sure that your bucket was configured to "emit events".

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Step 3: Check Streams queue, and verify the results

Just to make sure, check the bucket content:

and our final step: check streams queue content (Action Menu => Analytics => Streaming)

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

you will see one entry for every

Object Storage operation you
executed. The "Value" column on
the stream message, contains the
JSON file of the operation, where
you'll find all the details of the
registered operation.

{"eventType":"com.oraclecloud.objectstorage.createobject","cloudEventsVersion":"0.1","e
ventTypeVersion":"2.0","source":"ObjectStorage","eventTime":"2020-07-
24T14:17:11Z","contentType":"application/json","data":{"compartmentId":"ocid1.compart
ment.oc1..aaaaaaaabtvhozkrro5sdxpzje5zz5tctcbzcbddpxbdg7n3xnya5criqmcq","compart
mentName":"CAMPELO","resourceName":"7 Complementary Content - 2018-Enterprise-
Bacula-Apresentação-Publica-2.pdf","resourceId":"/n/axvbliouxpis/b/Backup/o/7
Complementary Content - 2018-Enterprise-Bacula-Apresentação-Publica-
2.pdf","availabilityDomain":"PHX-AD-
2","additionalDetails":{"bucketName":"Backup","versionId":"0b4d5bb4-4583-4b05-aa90-
435bb4290df5","archivalState":"Available","namespace":"axvbliouxpis","bucketId":"ocid
1.bucket.oc1.phx.aaaaaaaaxclbkpbbc7wsbf6k2vc5g7sdhrewuf4n3yrrmjyvmfi3pmnpou7q",
"eTag":"cd4d854c-acc9-4e5a-af5b-03d1c63c0d24"}},"eventID":"d5f1346b-29c7-c21e-
7f31-
4154d273e297","extensions":{"compartmentId":"ocid1.compartment.oc1..aaaaaaaabtvhoz
krro5sdxpzje5zz5tctcbzcbddpxbdg7n3xnya5criqmcq"}}

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Test 2: Object Storage, Events, and Notifications

Integration

What if you want to monitor your object Storage movements, but instead of messages on the
queue, you want receive direct email messages ? That's where the "Notifications" services
get's into the play. In this test, we'll configure OCI to send an email to your account, with an
alert of the bucket operation.

Step 1: Configure Notification Services

From the Top Left (Action Menu), choose:

Then, Hit, the "Create Topic" Button :

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Then, just identify the service:

Hit "Create Subscription":

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Identify your account:

Next request will remain in "Pending" state, waiting for your confirmation. Remember, it's an
email service ... wait for a few seconds, and check you inbox for an email notification from
OCI.

You will receive an email from: [email protected]

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

click on the "Confirm Subscription" link, and verify if your OCI service status changed (it
may take a few seconds):

Step 2: Create an Event service to a new delivery channel

The event creation, we follow the exact same process we executed on the first test, the only
difference, is the executed action, where we choose the EmailAlert service created on Step 1
of this test:

LAD Knowledge Team

Cloud Engineer team Brazil

 OCI Fast Forward – Hands On Guide

Step 3: Upload some data to Object Storage Bucket, and check your email
Wait for a few seconds, and check your inbox:

Please note, you will receive 1 email for each operation on the bucket.

LAD Knowledge Team

Cloud Engineer team Brazil

OCI Fast Forward – Hands On Guide

LAD Knowledge Team

Cloud Engineer team Brazil