Administering Oracle Java Cloud Service
Administering Oracle Java Cloud Service
Administering Oracle Java Cloud Service
Release 20.1.3
E52399-78
March 2020
Oracle Cloud Administering Oracle Java Cloud Service, Release 20.1.3
E52399-78
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
any programs embedded, installed or activated on delivered hardware, and modifications of such programs)
and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end
users are "commercial computer software" or “commercial computer software documentation” pursuant to the
applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use,
reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or
adaptation of i) Oracle programs (including any operating system, integrated software, any programs
embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle
computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the
license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud
services are defined by the applicable contract for such services. No other rights are granted to the U.S.
Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,
and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered
trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise
set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be
responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,
products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface
Audience xvi
Documentation Accessibility xvi
Related Resources xvi
Conventions xvii
iii
Access Oracle Java Cloud Service 1-34
Access Oracle Java Cloud Service from the Infrastructure Console 1-34
Access Oracle Java Cloud Service from the Infrastructure Classic Console 1-35
Access Oracle Java Cloud Service from Oracle Cloud at Customer 1-35
Typical Workflow for Using Oracle Java Cloud Service 1-36
About Oracle Java Cloud Service Roles and User Accounts 1-37
Java Administrator 1-38
Related Service Administrators 1-38
Service Instance Users 1-39
Oracle Cloud Infrastructure Policies 1-40
About Java Cloud Service Instances in Oracle Cloud Infrastructure 1-41
Compare Oracle Cloud Services for Deploying Java Applications 1-118
iv
Multi-Tier Java EE App with High Availability 2-22
Highly Available Java EE App with Caching 2-23
Compare QuickStart Templates 2-24
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on
Oracle Cloud Infrastructure 2-25
Start the Create New Instance Wizard 2-25
Specify Basic Service Instance Information 2-26
Specify the Service Instance Details 2-31
Specify WebLogic Configuration 2-31
Configure WebLogic Server Access 2-32
Configure the Coherence Data Tier 2-34
Configure the Databases 2-34
Configure Backup and Recovery 2-38
Configure the Load Balancer 2-39
Confirm Your Oracle Java Cloud Service Instance Creation 2-41
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on
Oracle Cloud Infrastructure 2-42
Create the Required Resources in Oracle Cloud Infrastructure 2-43
Create an Oracle Cloud Infrastructure Database System Attached to a Private
Subnet 2-46
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet 2-47
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud
Infrastructure Classic 2-52
Start the Create New Instance Wizard 2-53
Specify Basic Service Instance Information 2-53
Specify the Service Instance Details 2-59
Specify WebLogic Configuration 2-59
Assign Reserved IP Addresses for a Service Instance in a Region 2-61
Assign Reserved IP Addresses for an Oracle Database Exadata Cloud
Service Database 2-62
Configure WebLogic Server Access 2-62
Configure the Coherence Data Tier 2-64
Configure the Databases 2-64
Configure Backup and Recovery 2-66
Configure the Load Balancer 2-67
Confirm Your Oracle Java Cloud Service Instance Creation 2-69
Create an Oracle Java Cloud Service Instance with Cloud Stack 2-71
Get Started with Cloud Stack 2-71
Template Parameters 2-72
Create a Stack with the CLI 2-72
Customize the Template 2-73
v
About the Sample Application Deployed to an Oracle Java Cloud Service Instance 2-74
vi
Connect to a Private Node with OpenSSH 4-8
Generate a Key Pair with PuTTY 4-9
Convert a Private Key with PuTTY 4-10
Connect to a Node with PuTTY 4-10
Create an SSH Tunnel to a Node with PuTTY 4-11
Connect to a Node with VNC 4-12
Switch Users on a Node 4-14
Add an SSH Public Key 4-15
Add an SSH User 4-15
Use WLST to Administer a Service Instance 4-17
About WLST Online and Offline 4-17
Run WLST Commands on a Node 4-18
Run WLST Commands from a Different Host 4-19
Shut Down and Start Server Processes 4-20
Use the WebLogic Server Administration Console to Shut Down Servers 4-20
Use WLST Commands to Start the Administration Server 4-21
Use the WebLogic Server Administration Console to Start Managed Servers 4-23
About JVM Heap Settings 4-23
Default Heap Sizes 4-24
Custom Heap Sizes 4-24
About Data Sources 4-25
Predefined Data Sources 4-25
Data Source Types 4-25
Custom Data Sources 4-26
Data Source Network Connectivity 4-26
Manage Associations for a Service Instance 4-27
View Association Details 4-27
Associate an Oracle Java Cloud Service Instance with a Different Database 4-28
Change the Database Schema Password for an Oracle Java Cloud Service
Instance 4-29
Change the Schema Password with the Console 4-30
Change the Schema Password Manually 4-31
Connect an Oracle Java Cloud Service Instance to an Application Database 4-35
Connect to an Oracle Autonomous Transaction Processing Database 4-36
Download the Oracle Autonomous Transaction Processing Wallet 4-36
Copy and Unpack the Wallet 4-37
Create a Data Source in the WebLogic Server Console 4-37
Connect to an Oracle Cloud Infrastructure Database 4-40
Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database 4-40
Configure a Vanity Domain Name for a Service Instance 4-44
Register a Custom Domain Name with a Service Provider 4-45
vii
Add a Vanity URL to an Oracle-Managed Load Balancer 4-45
Delete a Vanity URL from an Oracle-Managed Load Balancer 4-46
Update Oracle Traffic Director to Use a Custom Domain Name 4-46
Configure a Custom URL for an Application Deployed to a Service Instance 4-47
Configure a Custom URL for the WebLogic Server Console 4-48
Configure a Custom URL for the Sample Application 4-48
Monitor Applications with Oracle Java Flight Recorder and Oracle Java Mission
Control 4-49
Administration Best Practices 4-50
viii
6 Scale an Oracle Java Cloud Service Instance
About Scaling an Oracle Java Cloud Service Instance 6-1
About Scaling an Oracle Java Cloud Service Cluster 6-2
About Scaling Out a Cluster 6-2
About Scaling In a Cluster 6-3
About Adding a New Cluster 6-3
About Scaling an Oracle Java Cloud Service Node 6-3
About Changing the Compute Shape of a Node 6-4
What Happens When a Node is Being Scaled 6-4
What Happens After a Node is Scaled 6-5
About Adding Block Storage to a Node 6-5
About Automatic Scaling 6-6
How It Works 6-6
Prerequisites 6-6
What Are the Rule Components 6-6
Overview of Scaling Tasks for an Oracle Java Cloud Service Instance 6-7
Scale Out an Oracle Java Cloud Service Cluster 6-8
Scale Out a Cluster 6-8
Add a New Cluster to an Instance 6-8
Scale In a Cluster 6-9
Scale an Oracle Java Cloud Service Node 6-9
Scale a Node 6-9
Add Storage to a Node 6-11
Scale Automatically 6-11
Create a Scaling Rule 6-12
Edit a Scaling Rule 6-13
Delete a Scaling Rule 6-14
View Scaling Requests 6-14
ix
Enable or Disable Backups 7-8
Delete a Backup 7-9
Restore a Backup 7-9
Restore the Database for a Service Instance 7-10
Return an Instance to Service After Restoration from a Backup 7-11
Access the Contents of a Backup 7-12
Explore the Backup Page 7-12
x
10 Upgrade the WebLogic Server Release for an Oracle Java Cloud
Service Instance
About Upgrading the WebLogic Server Release for an Oracle Java Cloud Service
Instance 10-1
Perform Prerequisite Tasks 10-2
Download the Upgrade Software 10-4
Stop All WebLogic Server Processes 10-6
Install the Upgrade Software 10-8
Perform a Readiness Check 10-9
Upgrade the Infrastructure Database Schemas 10-10
Upgrade the WebLogic Server 12c Infrastructure Database Schemas 10-10
Upgrade the WebLogic Server 11g Infrastructure Database Schemas 10-13
Reconfigure the Domain 10-15
Reconfigure the WebLogic Server 12c Domain 10-16
Reconfigure the WebLogic Server 11g Domain 10-17
Upgrade the Domain 10-19
Restart the Administration Server Node 10-20
Update and Restart the Managed Server Nodes 10-21
Perform Post-Upgrade Tasks 10-22
Roll Back an Upgrade 10-23
xi
Enable HTTP Access to a Service Instance 11-15
Enable the HTTP Port on Oracle Traffic Director 11-15
Create an Access Rule for the Oracle Traffic Director HTTP Port 11-16
Enable Communication Between Service Instances 11-17
Enable Communication Between a Compute Instance and a Service Instance 11-19
Configure SSL for a Service Instance 11-20
About SSL in Oracle Java Cloud Service 11-20
Configure SSL for Oracle Traffic Director 11-21
Configure SSL for WebLogic Server 11-25
Configure SSL for Oracle Cloud Infrastructure Load Balancing 11-33
Authenticate Users 11-34
About Users 11-34
Cloud Users and Service Administrators 11-34
WebLogic Server Administrators 11-35
Application Users 11-35
Database Users 11-36
Load Balancer Administrators 11-36
Operating System Users 11-37
About Authentication 11-37
Cloud Authentication 11-37
WebLogic Server Authentication 11-37
Manage Passwords 11-39
Cloud User Password 11-40
WebLogic Server Administrator Password 11-40
WebLogic Node Manager Password 11-41
Database Password 11-41
Oracle Traffic Director Password 11-41
Application User Password 11-42
Relocate Oracle Java Cloud Service to a Different Identity Domain 11-42
xii
13 Administer the Load Balancer for an Oracle Java Cloud Service
Instance
About the Load Balancer in Oracle Java Cloud Service 13-1
Overview of Load Balancer Administration Tasks 13-5
Disable or Enable the Load Balancer for an Oracle Java Cloud Service Instance 13-6
Disable and Enable Oracle Traffic Director 13-6
Disable and Enable an Oracle-Managed Load Balancer 13-7
Add a Load Balancer to a Service Instance 13-8
Add a Second Load Balancer Node to a Service Instance 13-10
Remove a Load Balancer Node from a Service Instance 13-11
Configure a Load Balancer for a Service Instance 13-12
Configure Oracle Traffic Director 13-12
Configure an Oracle Cloud Infrastructure Load Balancing Instance 13-12
Configure an Oracle Cloud Infrastructure Load Balancing Classic Instance 13-13
Set Up an Oracle Cloud Infrastructure Load Balancer 13-13
Prepare to Set Up an Oracle Cloud Infrastructure Load Balancer 13-13
Create and Configure an Instance of Oracle Cloud Infrastructure Load
Balancing 13-14
About the Storage Volumes Attached to the Load Balancer Nodes 13-17
xiii
Problems with Scaling 15-10
Problems with Patching and Rollback 15-10
Problems with Backup and Restoration 15-11
Problems with Performance of Oracle Java Cloud Service—Coherence Service
Instances 15-15
Problems with Restart 15-15
Problems with Connectivity 15-16
My private key is lost or corrupted 15-17
My connection to a VM is refused 15-17
I received a hostname verification error when attempting to connect to Node
Manager 15-17
Problems with Database Connectivity When Upgrading the Infrastructure Schema
Database 15-18
Problems with the Node Manager 15-18
Problems with a Database Deployment 15-20
Problems with Connection validation when provisioning an Oracle Java Cloud
Service-Virtual Image instance with Oracle Database Cloud Service 12.1 VI 15-21
Problems with Transparent Data Encryption Wallet Error when Provisioning an
Oracle Java Cloud Service-Virtual Image Instance with Oracle Database Cloud
Service 11g Virtual Image 15-22
Problems Opening the WebLogic Server Administration Console from Fusion
Middleware Control 15-22
Problems Accessing Applications Via a Custom Web Server 15-23
How can I Fine-Tune Performance? 15-24
xiv
Destination Oracle Java Cloud Service D-5
AppToCloud Considerations and Limitations D-5
Database Services D-6
Multiple Clusters D-6
11g Applications D-7
File System Locations D-7
Server Classpath D-7
Exploded Archive Deployments D-8
Migrate an Oracle Database to Oracle Cloud for Oracle Java Cloud Service D-8
Install the On-Premises AppToCloud Tools D-8
Check the Health on an On-Premises WebLogic Domain D-9
Export an On-Premises WebLogic Domain D-13
Create a Service Instance with AppToCloud D-17
Configure a Foreign JNDI Provider D-30
Configure a Java Mail Session D-31
Configure a Foreign JMS Server D-32
Configure a Remote SAF Context D-34
Configure a JMS Messaging Bridge Destination D-35
Disable a JMS Messaging Bridge D-37
Import Applications into a Service Instance D-37
Recreate On-Premises Domain Resources D-38
AppToCloud Command Reference D-40
Client D-41
Health Check D-41
Export D-42
Wallet Manager D-44
xv
Preface
Preface
Administering Oracle Java Cloud Service explains how to provision Oracle Java Cloud
Service instances, and ensure reliable functioning of provisioned service instances.
This document explains how to perform these tasks by using the Oracle Java Cloud
Service web interface.
Topics:
• Audience
• Related Resources
• Conventions
Audience
Administering Oracle Java Cloud Service is intended for Oracle Cloud account
administrators and service administrators who want to provision Oracle Java Cloud
Service instances, and ensure reliable functioning of provisioned service instances.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.
Related Resources
For more information, see these Oracle resources:
• Oracle Cloud
http://cloud.oracle.com
• Getting Started with Oracle Cloud
• Oracle Java Cloud Service FAQ
• REST API for Oracle Java Cloud Service
xvi
Preface
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
xvii
1
Get Started with Oracle Java Cloud
Service
Service administrators or tenant administrators of Oracle Java Cloud Service , and
Java EE application developers can get familiar with the components, interfaces,
subscriptions, licenses, service roles, user accounts, instances, and infrastructure of
Oracle Java Cloud Service.
Topics:
• About Oracle Java Cloud Service
• About the Components of Oracle Java Cloud Service
• About the Interfaces to Oracle Java Cloud Service
• Before You Begin with Oracle Java Cloud Service
• About Oracle Java Cloud Service Subscriptions and Licenses
• How to Begin with Oracle Java Cloud Service Subscriptions
• Access Oracle Java Cloud Service
• About Oracle Java Cloud Service Roles and User Accounts
• Typical Workflow for Using Oracle Java Cloud Service
• About Java Cloud Service Instances in Oracle Cloud Infrastructure
• Compare Oracle Cloud Services for Deploying Java Applications
See Oracle Cloud Terminology in Getting Started with Oracle Cloud for definitions of
terms found in this and other documents in the Oracle Cloud library.
Topics:
• About Oracle Java Cloud Service Offerings and Oracle WebLogic Server Software
Releases
• About Oracle WebLogic Server Editions Available for Oracle Java Cloud Service
• About Certified Oracle Fusion Middleware Products on Oracle Java Cloud Service
• About the Compute Infrastructure for Oracle Java Cloud Service
• About Application and Network Security in Oracle Java Cloud Service
You use a simple wizard to rapidly create an Oracle Java Cloud Service instance,
which is a complete application environment provisioned on top of infrastructure
1-1
Chapter 1
About Oracle Java Cloud Service
1-2
Chapter 1
About Oracle Java Cloud Service
for an Oracle Java Cloud Service Instance. This service level is supported on
WebLogic Server release 12.2.1.3 only.
Note:
Patching is not supported for service instances where Oracle Java Cloud
Service Fusion Middleware—Oracle WebCenter Portal, Oracle Java
Cloud Service Fusion Middleware—Oracle Data Integrator, or any other
product that modifies the MW_HOME directory are installed. If you attempt
to patch a service instance where any of these products are installed,
patching prechecks issue an error message and patching fails.
Note:
Patching is not supported for service instances where Oracle Java Cloud
Service Fusion Middleware—Oracle WebCenter Portal, Oracle Java
Cloud Service Fusion Middleware—Oracle Data Integrator, or any other
product that modifies the MW_HOME directory are installed. If you attempt
to patch a service instance where any of these products are installed,
patching prechecks issue an error message and patching fails.
1-3
Chapter 1
About Oracle Java Cloud Service
Note:
If you provision the instance with Oracle Weblogic Server 11g (11.1.1.7) then
Oracle Coherence in Oracle Java Cloud Service will be installed, but it won’t
be configured. You have to configure Oracle Coherence after the Oracle
Java Cloud Service instance is provisioned.
1-4
Chapter 1
About Oracle Java Cloud Service
Note:
For Oracle Java Cloud Service— Virtual Image instances based on any
edition, backup and restoration, patching, and scaling are not supported.
You can select one of the following Oracle WebLogic Server editions:
1-5
Chapter 1
About Oracle Java Cloud Service
Note:
You cannot change the Weblogic Server edition after the service instance
has been created.
1-6
Chapter 1
About the Components of Oracle Java Cloud Service
You can manage most of the infrastructure resources from within Oracle Java Cloud
Service. For a few resources, you may need to use other interfaces. At relevant places
in the documentation, references are provided to help you identify and access the
appropriate interfaces.
1-7
Chapter 1
About the Components of Oracle Java Cloud Service
The next figure illustrates a service instance that has been configured to use Oracle
Identity Cloud Service and an Oracle-managed load balancer.
1-8
Chapter 1
About the Components of Oracle Java Cloud Service
The components of Oracle Java Cloud Service and its related Oracle Cloud
components that are part of the infrastructure and platform service offerings are
described in the following sections.
1-9
Chapter 1
About the Components of Oracle Java Cloud Service
Databases
Each Oracle Java Cloud Service instance must be associated with a database to host
the required Oracle Java Cloud Service schema.
The following databases are supported for service instances based on Oracle Cloud
Infrastructure:
• Oracle Autonomous Transaction Processing
• Oracle Database Cloud Service (Classic)
• Oracle Cloud Infrastructure Database (DB System)
See Overview of the Database Service in the Oracle Cloud Infrastructure
documentation.
The following databases are supported for service instances on Oracle Cloud
Infrastructure Classic:
• Oracle Database Cloud Service (Classic)
• Oracle Database Exadata Cloud Service
An Oracle Java Cloud Service instance can optionally be associated with additional
Oracle Database Cloud Service or Oracle Database Exadata Cloud Service databases
for your application schemas. Autonomous Transaction Processing and Oracle Cloud
Infrastructure databases are not supported for application schemas.
See About Oracle Database Cloud Service in Administering Oracle Database Cloud
Service.
Object Storage
You can configure Oracle Java Cloud Service instances to store backups in object
storage. Depending on the region that you select when creating an instance, the
backup location is a container in Oracle Cloud Infrastructure Object Storage Classic or
a bucket in Oracle Cloud Infrastructure Object Storage.
Compute Nodes
Oracle Java Cloud Service instances are hosted on Oracle Linux 7 compute nodes.
Depending on the region that you select when creating an instance, the compute
nodes are in Oracle Cloud Infrastructure Compute Classic or in Oracle Cloud
Infrastructure Compute.
For information about the node deployment topology that is set up and configured for
you when you provision an Oracle Java Cloud Service instance, see Compute
Topology for Oracle Java Cloud Service Instances.
Oracle Coherence
Oracle Coherence is an in-memory data grid and caching solution that enables
organizations to predictably scale applications by providing fast access to frequently
used data. When you enable Oracle Coherence for an Oracle Java Cloud Service
instance, applications running on Oracle WebLogic Server can use the Coherence API
to cache and retrieve data. See About Oracle Coherence in Oracle Java Cloud
Service.
1-10
Chapter 1
About the Components of Oracle Java Cloud Service
Load Balancer
When creating an instance in an Oracle Cloud Infrastructure region, you can provision
an Oracle-managed load balancer, Oracle Traffic Director nodes, or no load balancer.
When creating an instance in an Oracle Cloud Infrastructure Classic region, you can
provision Oracle Traffic Director nodes or no load balancer.
If you enable authentication with Oracle Identity Cloud Service for an instance, then it
must use an Oracle-managed load balancer running in either Oracle Cloud
Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic.
1-11
Chapter 1
About the Interfaces to Oracle Java Cloud Service
Oracle Java Cloud Service comes with a complimentary instance of Oracle Developer
Cloud Service, which is a cloud-based software development and collaboration
platform. It provides source control, issue tracking and continuous integration
capabilities. You can use Oracle Developer Cloud Service to automate the deployment
of applications to Oracle Java Cloud Service.
See Using Oracle Developer Cloud Service.
1-12
Chapter 1
About the Interfaces to Oracle Java Cloud Service
1-13
Chapter 1
About the Interfaces to Oracle Java Cloud Service
1-14
Chapter 1
Before You Begin with Oracle Java Cloud Service
Note:
You provide a user name and password for the WebLogic Administrator
when you create an Oracle Java Cloud Service instance. By default, the
credentials used to access the WebLogic Server Administration Console and
WLST are also used to access the Fusion Middleware Control and the
Oracle Traffic Director console.
Topics
• Prerequisites for Instances in Oracle Cloud Infrastructure
• Create a Database
• Create an SSH Key Pair
• Create an Object Storage Container
• Select an IP Network for a Service Instance with a Managed Load Balancer
1-15
Chapter 1
Before You Begin with Oracle Java Cloud Service
Note:
• A storage container is not required if you are creating Oracle Java Cloud
Service—Virtual Image instances and using the Virtual Image service
level of Oracle Database Cloud Service only.
• Do not use a storage container that you use for backups of Oracle Java
Cloud Service instances for any other purpose. For example, do not use
it to back up Oracle Database Cloud Service database deployments.
Using the container for multiple purposes can result in billing errors.
1-16
Chapter 1
Before You Begin with Oracle Java Cloud Service
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
Create a Database
You must create a database in Oracle Cloud before you provision an Oracle Java
Cloud Service instance.
As part of the Oracle Java Cloud Service instance creation process, Oracle Java
Cloud Service provisions the required infrastructure schemas in the selected
database.
1-17
Chapter 1
Before You Begin with Oracle Java Cloud Service
Note:
To ensure that you can restore the database for an Oracle Java Cloud
Service instance without risking data loss for other service instances, Oracle
recommends that you do not associate the same infrastructure schema
database (or the same pluggable database) with multiple service instances.
Backups of a database that is used with multiple Oracle Java Cloud Service
instances contain data for all the instances. Therefore, if you restore the
database from a backup, data for all the service instances is restored, which
might not be the intended result.
Topics:
• Create an Oracle Autonomous Transaction Processing Database
• Create an Oracle Cloud Infrastructure Database
• Create an Oracle Database Cloud Service Database Deployment
• Use a Database Cloud Service - Virtual Image Database Deployment
• Use an Oracle Cloud Infrastructure Database on a Different Virtual Cloud Network
1-18
Chapter 1
Before You Begin with Oracle Java Cloud Service
• Specify this policy if you created the database in the root compartment:
1-19
Chapter 1
Before You Begin with Oracle Java Cloud Service
Service instance. For a 1-node VM DB system, you cannot use the fast provisioning
option to create the database. Oracle Java Cloud Service does not yet support using
Logical Volume Manager as the storage management software for a 1-node VM DB
system. See Creating a Database in the Oracle Cloud Infrastructure documentation.
You can use the Oracle Java Cloud Service console to create an instance that uses an
Exadata-based or VM-based database. You must use the REST API or CLI to create
an instance that uses a Bare Metal-based database.
The Oracle Cloud Infrastructure Database must be in the same region and virtual
cloud network (VCN) as the Oracle Java Cloud Service instance you are creating. The
instances do not need to be on the same availability domain or subnet. However, you
must create the necessary security rules in the VCN to enable communication
between the subnets. See VCNs and Subnets in the Oracle Cloud Infrastructure
documentation.
You must create a policy in order for your Oracle Cloud Infrastructure Database to be
displayed in the Oracle Java Cloud Service web console.
• Specify this policy if you created the database in a custom compartment:
• Specify this policy if you created the database in the root compartment:
1-20
Chapter 1
Before You Begin with Oracle Java Cloud Service
You can optionally associate an Oracle Java Cloud Service instance with up to four
additional Oracle Database Cloud Service deployments (or pluggable databases) in
order to access your application schemas. This feature is not available for service
instances that use the Oracle Java Cloud Service - Virtual Image (BASIC) service
level.
Note the following limitations to service instances that use Oracle Database Cloud
Service as the infrastructure schema database:
• When creating an Oracle Java Cloud Service instance on a secondary Oracle
Identity Cloud Service instance, you can't use an Oracle Database Cloud Service
deployment for the infrastructure schema. Instead, you must use an Oracle Cloud
Infrastructure Database or Oracle Autonomous Transaction Processing database.
When creating an Oracle Java Cloud Service on the primary Oracle Identity Cloud
Service instance, you can use an Oracle Database Cloud Service deployment for
the infrastructure schema.
• You cannot use an Oracle Database Cloud Service deployment running Oracle
Database 18c.
• You can use an Oracle Database Cloud Service deployment running Oracle
Database 12.2, but only for service instances running Oracle WebLogic Server
12.2.1 or later.
• Create Oracle Database Cloud Service deployments with a backup option other
than NONE. This configuration enables Oracle Java Cloud Service to coordinate
backups across your service instance and the database. Coordinated backups are
not supported for other database services.
• For service instances on Oracle Cloud Infrastructure, the Oracle Database Cloud
Service deployment must be in the same region and virtual cloud network (VCN)
as the Oracle Java Cloud Service instance. The instances do not need to be on
the same availability domain or subnet.
• For service instances on Oracle Cloud Infrastructure Classic, the Oracle Database
Cloud Service deployment must be in the same region as the Oracle Java Cloud
Service instance.
When you provision an Oracle Java Cloud Service instance by using the provisioning
wizard, specify the following information:
• Database Type: Oracle Database Cloud Service (Classic)
• Name of a running database deployment
• Pluggable database name (for Oracle Database 12c only)
• Database administrator user name and password
• Connection string to the database deployment (for Virtual Image service level only)
• Application schemas (Optional)
Similar to Oracle Java Cloud Service, Oracle Database Cloud Service supports a
standard service level and a Virtual Image service level. The following table
summarizes the compatibility between these service levels.
1-21
Chapter 1
Before You Begin with Oracle Java Cloud Service
Topics:
• Before You Begin Creating a Custom PDB
• Create the Custom PDB
• Change the Database Wallet Type
• Configure TDE on the New PDB
1-22
Chapter 1
Before You Begin with Oracle Java Cloud Service
sudo su oracle
3. Connect as root user and get the location of the data files.
$sqlplus / as sysdba
SQL> selectfile_name from dba_data_files where tablespace_name =
'SYSTEM';
FILE_NAME
------------------------------------------------------------------------
--------
/u02/app/oracle/oradata/ORCL/system01.dbf
SQL> exit
mkdir -p /u02/app/oracle/oradata/ORCL/PDB2
$sqlplus / as sysdba
8. From error message in the previous step, get the temp file name and use it in
file_name_convert.
1-23
Chapter 1
Before You Begin with Oracle Java Cloud Service
ENCRYPTION_WALLET_LOCATION = (SOURCE=(METHOD=FILE)
(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ORCL/tde_wallet)))
$ sqlplus / as sysdba
SQL> select* from v$encryption_wallet;
1-24
Chapter 1
Before You Begin with Oracle Java Cloud Service
WRL_TYPE
--------------------
WRL_PARAMETER
---------------------------------------------------------------------------
-----
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
CON_ID
------------------------------ -------------------- --------- ---------
----------
FILE
/u01/app/oracle/admin/ORCL/tde_wallet/
OPEN AUTOLOGIN SINGLE NO 0
1-25
Chapter 1
Before You Begin with Oracle Java Cloud Service
2. Open the keystore in that PDB and generate master encryption key for the PDB.
SQL> exit
1-26
Chapter 1
Before You Begin with Oracle Java Cloud Service
Connecting to(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<host_name>)
(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.2.0 - Production
Start Date 06-NOV-2017 17:56:44
Uptime 1 days 1 hr. 3 min. 55 sec
Trace Level off Security ON: Local OS Authentication
SNMP OFF Listener Parameter File /u01/app/oracle/product/12.1.0/
dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/<user_name>/listener/
alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<host_name>)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<host_name>)(PORT=5500))
(Security=(my_wallet_directory=/u01/app/oracle/admin/ORCL/xdb_wallet))
(Presentation=HTTP)(Session=RAW))
Services Summary... Service "<service_name>" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "<service_name>" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "pdb1.<network_domain>" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "pdb2.<network_domain>" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
The command completed successfully
You can now specify your custom PDB when you use the Oracle Java Cloud Service
console or the REST API to provision an Oracle Java Cloud Service instance.
Note:
This topic is not relevant to Oracle Cloud Infrastructure regions.
1-27
Chapter 1
Before You Begin with Oracle Java Cloud Service
These are the default values for ORACLE-HOME. If you set a different ORACLE_HOME
when you created the database, use that.
Note:
Ensure that you add these entries to the .bashrc file, not the
bash_profile file.
1-28
Chapter 1
Before You Begin with Oracle Java Cloud Service
You must also create these supporting network resources: internet gateways, route
table rules, security lists, and dynamic host configuration protocol (DHCP) resources.
The VCNs and their resources must be in the same compartment.
If instead of public subnets, you want to use private subnets for the service instance
and database, you must create these additional network resources:
• A bastion compute instance on a public subnet so that you can access the private
subnet with a secure shell (SSH)
• A NAT gateway so that you can download and install OS packages on the custom
DNS resolver
• A service gateway so that the Oracle Java Cloud Service instance can access
object storage for backup and restoration (not applicable to the database VCN)
See Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on
Oracle Cloud Infrastructure.
To configure the network topology shown in the illustration:
1. Create two VCNs with non-overlapping Classless Inter-Domain Routing (CIDR) in
the same region.
1-29
Chapter 1
Before You Begin with Oracle Java Cloud Service
See VCNs and Subnets. You will add subnets to these VCNs later.
2. Create or edit the following resources in each VCN.
a. Create a local peering gateway to allow communication between the
resources by using private IP addresses.
See Local VCN Peering (Within Region).
b. Create an internet gateway to enable direct connectivity to the internet.
See Internet Gateway.
c. Edit the default route table and add a route table rule to enable traffic to flow
via the internet gateway. Ensure you select Internet Gateway in the Target
Type and set the destination to 0.0.0.0/0.
See Route Tables.
d. Edit the default security list and create the following ingress and egress rules
to control the traffic for your VCN.
1-30
Chapter 1
Before You Begin with Oracle Java Cloud Service
subnet you created in the Oracle Cloud Infrastructure Database VCN. Select
the latest Oracle Linux 7.6 image and write down the provisioned public and
private IP address of both custom DNS resolvers. For each compute instance,
you must run the following commands.
i. To open an SSH connection, run the following command and replace the
<private_key> and <public_IP_address> placeholders with your own
values.
$ sudo su
iv. To allow DNS traffic, open the UDP port 53 on local firewall by running the
following commands.
$ vi /etc/named.conf
options {
listen-on port 53 { any; };
allow-query { localhost; <db_vcn_cidr>;
<jcs_vcn_cidr>; };
forward only;
forwarders { 169.254.169.254; };
recursion yes;
};
zone "<dbvcn_dns_domain_name>" {
type forward;
forward only;
forwarders { <private_IP_address>; };
};
zone "<jcsvcn_dns_domain_name>" {
type forward;
forward only;
forwarders { 169.254.169.254; };
};
1-31
Chapter 1
About Oracle Java Cloud Service Subscriptions and Licenses
options {
listen-on port 53 { any; };
allow-query { localhost; <db_vcn_cidr>;
<jcs_vcn_cidr; };
forward only;
forwarders { 169.254.169.254; };
recursion yes;
};
zone "<jcsvcn_dns_domain_name>" {
type forward;
forward only;
forwarders { <private_IP_address>; };
};
zone "<dbvcn_dns_domain_name>" {
type forward;
forward only;
forwarders { 169.254.169.254; };
};
1-32
Chapter 1
About Oracle Java Cloud Service Subscriptions and Licenses
Topics
• Subscriptions
• Leveraging On-Premises Licenses
Subscriptions
1-33
Chapter 1
How to Begin with Oracle Java Cloud Service Subscriptions
• You can leverage your on-premises Oracle Fusion Middleware licenses for Oracle
Java Cloud Service. Certified products can be provisioned on your Oracle Java
Cloud Service instance after you create it. See Oracle Applications Certified on
Oracle Java Cloud Service.
Topics
• Access Oracle Java Cloud Service from the Infrastructure Console
• Access Oracle Java Cloud Service from the Infrastructure Classic Console
• Access Oracle Java Cloud Service from Oracle Cloud at Customer
1-34
Chapter 1
Access Oracle Java Cloud Service
If you received a welcome email, use it to identify the URL, your user name, and
your temporary password. After signing in, you will be prompted to change your
password.
2. From the Infrastructure Console, click the navigation menu in the top left
corner, expand Platform Services, and then click Java.
3. When you access the Oracle Java Cloud Service console the first time, you see
the Welcome page. Click Instances or Go to Console.
4. From the Instances page, you can create a new Oracle Java Cloud Service, or you
can click an existing instance to view or manage it.
To view help for the current page, click the help icon at the top of the page.
2. From the Infrastructure Classic Console, click the navigation menu in the top
left corner, and then click Java.
3. When you access the Oracle Java Cloud Service console the first time, you see
the Welcome page. Click Instances or Go to Console.
4. From the Instances page, you can create a new Oracle Java Cloud Service, or you
can click an existing instance to view or manage it.
1-35
Chapter 1
Typical Workflow for Using Oracle Java Cloud Service
2. From the My Services Dashboard, click the navigation menu in the top left
corner, and then click Java.
3. When you access the Oracle Java Cloud Service console the first time, you see
the Welcome page. Click Instances or Go to Console.
4. From the Instances page, you can create a new Oracle Java Cloud Service, or you
can click an existing instance to view or manage it.
1-36
Chapter 1
About Oracle Java Cloud Service Roles and User Accounts
1-37
Chapter 1
About Oracle Java Cloud Service Roles and User Accounts
Topics:
• Java Administrator
• Related Service Administrators
• Service Instance Users
• Oracle Cloud Infrastructure Policies
Java Administrator
The primary role in Oracle Java Cloud Service is Java Administrator.
The following table summarizes the privileges given to the Java Administrator role.
Role Privileges
Compute_Operations Create Oracle Java Cloud Service instances
on Oracle Cloud Infrastructure Classic regions.
DBaaS_Administrator Create and manage Oracle Database Cloud
Service deployments.
A database deployment must exist prior to
creating an Oracle Java Cloud Service
instance, unless you create the service
instance by using a QuickStart template. See
Create an Oracle Java Cloud Service Instance
by Using a QuickStart Template.
1-38
Chapter 1
About Oracle Java Cloud Service Roles and User Accounts
Role Privileges
Storage_ReadWriteGroup Enable backups for an Oracle Java Cloud
Service instance, and store the backups in an
existing Oracle Cloud Infrastructure Object
Storage Classic container.
Storage_Administrator Create Oracle Cloud Infrastructure Object
Storage Classic containers to use as backup
storage locations for Oracle Java Cloud
Service instances.
1-39
Chapter 1
About Oracle Java Cloud Service Roles and User Accounts
See Prerequisites for Oracle Platform Services on Oracle Cloud Infrastructure in the
Oracle Cloud Infrastructure documentation.
1-40
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
Topics:
• Workflow for Creating an Instance in Oracle Cloud Infrastructure
• Differences Between Instances in Oracle Cloud Infrastructure and Oracle Cloud
Infrastructure Classic
• Migrating to Oracle Cloud Infrastructure
1-41
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-42
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-43
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-44
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-45
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-46
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-47
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-48
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-49
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-50
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-51
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
a
t
t
a
c
h
i
n
s
t
a
n
c
e
s
t
o
I
P
1-52
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-53
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-54
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-55
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-56
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-57
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-58
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-59
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-60
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-61
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-62
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-63
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-64
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-65
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-66
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-67
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
w
h
e
n
y
o
u
r
e
s
t
a
r
t
t
1-68
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-69
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-70
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-71
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-72
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-73
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-74
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-75
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-76
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-77
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-78
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-79
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-80
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-81
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-82
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-83
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-84
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-85
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-86
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-87
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-88
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-89
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
i
n
t
e
r
f
a
c
e
s
t
o
c
o
n
f
i
g
u
r
e
a
c
c
e
1-90
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-91
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-92
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-93
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
a
s
t
h
e
i
d
e
n
t
i
t
y
p
r
o
v
i
d
1-94
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-95
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-96
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-97
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-98
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-99
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-100
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-101
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-102
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-103
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-104
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-105
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
t
o
a
d
d
a
n
O
r
a
c
l
e
-
m
a
n
a
g
e
d
l
o
a
1-106
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-107
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-108
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-109
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-110
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-111
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-112
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-113
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-114
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-115
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
d
e
p
l
o
y
m
e
n
t
)
t
h
a
t
t
h
e
i
1-116
Chapter 1
About Java Cloud Service Instances in Oracle Cloud Infrastructure
1-117
Chapter 1
Compare Oracle Cloud Services for Deploying Java Applications
1-118
Chapter 1
Compare Oracle Cloud Services for Deploying Java Applications
• Oracle Java Cloud Service offers tools to automate the migration of existing
Oracle WebLogic Server environments to the cloud.
• With Oracle Application Container Cloud Service, you can quickly integrate your
Java application with other Oracle Cloud resources like databases and message
queues. Oracle Java Cloud Service does not offer a similar data binding feature
for your applications, but does provide out-of-the-box integration with Oracle
Database Cloud Service, Oracle Cloud Infrastructure Database, and Oracle
Autonomous Transaction Processing.
If neither of these services meets your exact requirements, you can create basic
compute instances or containers in Oracle Cloud:
• Oracle Cloud Infrastructure Compute
• Oracle Cloud Infrastructure Compute Classic
• Oracle Cloud Infrastructure Container Service Classic
• Oracle Container Engine for Kubernetes
• Oracle Weblogic Server Kubernetes Operator
These infrastructure cloud solutions give you the most flexibility, but you must install,
configure, and maintain all of the Java software components.
Decision Tree
Answer the following series of questions to help you choose between Oracle Java
Cloud Service and Oracle Application Container Cloud Service.
1-119
Chapter 1
Compare Oracle Cloud Services for Deploying Java Applications
1-120
Chapter 1
Compare Oracle Cloud Services for Deploying Java Applications
1-121
2
Create an Oracle Java Cloud Service
Instance
This section describes how you can create an Oracle Java Cloud Service instance
with methods ranging from push-button automation to fully custom instance creation,
on either the Oracle Cloud Infrastructure Classic or Oracle Cloud Infrastructure
platforms.
Topics:
• About Creating an Oracle Java Cloud Service Instance
• About Life Cycle Management of Oracle Java Cloud Service Instances
• Design Considerations for an Oracle Java Cloud Service Instance
• Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
• Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on
Oracle Cloud Infrastructure
• Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on
Oracle Cloud Infrastructure
• Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud
Infrastructure Classic
• Create an Oracle Java Cloud Service Instance with Cloud Stack
• About the Sample Application Deployed to an Oracle Java Cloud Service Instance
2-1
Chapter 2
About Life Cycle Management of Oracle Java Cloud Service Instances
Resources Description
Administration Server Operates as the central control entity for the configuration of the entire domain.
It maintains the domain's configuration documents and distributes changes in
the configuration documents to Managed Servers.
Each Oracle Java Cloud Service instance has one server instance that hosts
the Administration Server.
2-2
Chapter 2
About Life Cycle Management of Oracle Java Cloud Service Instances
Resources Description
Managed Servers Host business applications, application components, Web services, and their
associated resources.
When creating a service instance, you can configure up to four Managed
Servers, then scale out, as needed.
Each Oracle Java Cloud Service instance has one or more Managed Servers,
each hosted on its own Virtual Machine (node).
By default, the Managed Servers are named as follows:
first8charsOfDomainName_wls_n (where n starts with 1 and is incremented
by 1 for each additional Managed Server to to ensure that the names are
unique).
Cluster Consists of multiple Managed Servers running simultaneously and working
together to provide increased scalability and reliability. In a cluster, most
resources and services are deployed identically to each Managed Server (as
opposed to a single Managed Server), enabling failover and load balancing.
A cluster is configured automatically for a production-level service instance.
By default, the cluster name will be generated from the first eight characters of
the Oracle Java Cloud Service instance name using the following format:
first8charsOfServiceInstanceName_cluster.
Load Balancer Uses Oracle Traffic Director for load balancing to manage routing requests
across all Managed Servers and provide failover and replication.
It is recommended that you enable the load balancer when you configure more
than one Managed Server in your environment. Enabling the load balancer is
optional.
Resources Description
Managed Servers (Coherence Each Oracle Java Cloud Service—Coherence instance has a Coherence data
data tier, storage-enabled) tier cluster, in which one or more Virtual Machines (nodes) can have one or
more Managed Servers each.
By default, the storage-enabled Managed Servers are named as follows:
first8charsOfDomainName_server_n_DG (where n is a number that’s
incremented by 1 for each additional Managed Server to guarantee unique
names).
The storage-enabled Managed Servers are responsible for storing and
distributing data (both primary and backup) on the cluster. Coherence artifacts
(such as Coherence configuration files, POF serialization classes, filters, entry
processors, and aggregators) are packaged as a GridARchive (GAR) and
deployed on the Managed Servers.
Note that when you stop or start a service instance, all the nodes for the
Managed Servers on the Coherence data tier will also stop or start. If stopped,
all data in the Coherence cache will be lost.
Managed Servers (Application The storage-disabled Managed Servers (identified by the name format
tier, storage-disabled) first8charsOfDomainName_server_n) in the first WebLogic Server cluster
host Coherence applications (cache clients), and are not responsible for storing
data. Clients in the application tier are deployed as EARs. Coherence artifacts
(such as Coherence configuration files, POF serialization classes, filters, entry
processors, and aggregators) are packaged as a GridARchive (GAR) and
deployed within an EAR.
2-3
Chapter 2
About Life Cycle Management of Oracle Java Cloud Service Instances
Resources Description
Cluster (Coherence data tier) A second WebLogic Server cluster is configured in the domain for storing and
distributing data. The Coherence data tier cluster is associated with the
Coherence cluster DataGridConfig. The cluster members are storage-
enabled by default.
By default, the cluster name will be generated from the first eight characters of
the service instance name using the following format:
first8charsOfServiceInstanceName_DGCluster.
Cluster (Application tier) The first WebLogic Server cluster (identified by the name format
first8charsOfServiceInstanceName_cluster) is referred to as the
application tier cluster. The cluster is also associated with the Coherence
cluster DataGridConfig, and the cluster members are storage-disabled by
default.
Coherence Cluster The system-level resource (CoherenceClusterSystemResource) has the
default name DataGridConfig. Both the application tier WebLogic Server
cluster (storage-disabled) and the data tier WebLogic Server cluster (storage-
enabled) are associated with the Coherence cluster.
2-4
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Note:
If you extend your domain using the administration tools, for example, to add
an additional cluster, you are responsible for maintaining those additional
resources.
The next figure illustrates a service instance that has been configured to use Oracle
Identity Cloud Service and an Oracle-managed load balancer running in Oracle Cloud
Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic.
2-5
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Topics
• Service Level
• Software Release
• Edition
• License
• Region
• Compute Shape
• WebLogic Cluster
• Availability Domain
• Subnet
• IP Network
• Public IP Address
• Reserved IP Address
• Domain Partition
• User Authentication
• Administrator Access
2-6
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
• Client Access
• Coherence Data Tier
• Database
• Load Balancer
• Backup Location
Service Level
You can select one of these service levels.
• Oracle Java Cloud Service
This service level supports Oracle Java Cloud Service instance creation and
monitoring; domain partitions; backup and restoration; patching; cloning; and
scaling.
• Oracle Java Cloud Service Virtual Image (BASIC)
This service level supports Oracle Java Cloud Service instance creation and
monitoring only. It does not support backup and restoration; patching; cloning; or
scaling. You cannot provision a domain partition if you specify this service level.
This service level is:
– Not supported if you have a Universal Credits subscription. This option does
not appear on the console.
– Supported if you have a traditional metered or non-metered subscription
– Not supported for Oracle Cloud Infrastructure regions
Oracle recommends using Oracle Java Cloud Service rather than Oracle Java
Cloud Service Virtual Image for better flexibility, administrative control, and
availability of new features.
• Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter Portal
Leverages your Oracle WebCenter Portal license on Oracle Java Cloud Service.
Choosing this option downloads additional installation tools. You must install the
product yourself after creating this service instance. This service level is supported
on WebLogic Server release 12.2.1.3 only.
• Oracle Java Cloud Service Fusion Middleware — Oracle Data Integrator
Leverages your Oracle Data Integrator license on Oracle Java Cloud Service.
Choosing this option downloads additional installation tools. You must install the
product yourself after creating this service instance. This service level is supported
on WebLogic Server release 12.2.1.3 only.
Patching is not supported for service instances where Oracle Java Cloud Service
Fusion Middleware—Oracle WebCenter Portal, Oracle Java Cloud Service Fusion
Middleware—Oracle Data Integrator, or any other product that modifies the MW_HOME
directory are installed. If you attempt to patch a service instance where any of these
products are installed, patching prechecks issue an error message and patching fails.
Software Release
You can select one of these Oracle WebLogic Server releases.
2-7
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Edition
You can choose one of these Oracle WebLogic Server editions.
• Standard Edition
• Enterprise Edition
• Enterprise Edition with Coherence (Suite)
Certain WebLogic Server capabilities are only supported in specific editions. To learn
about these editions see About Oracle WebLogic Server Editions Available for Oracle
Java Cloud Service.
If you select the Oracle Java Cloud Service for Fusion Middleware service level, you
cannot select Standard Edition.
License
When you create a service instance, you choose a license type based on the Oracle
Java Cloud Service entitlements in your Oracle Cloud account.
2-8
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
The Bring Your Own License (BYOL) option enables you to bring your on-premises
Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances are billed at a
lower rate than other instances. See Frequently Asked Questions: Oracle BYOL to
PaaS.
Before you scale up or scale out a BYOL instance, you must have enough WebLogic
Server licenses for the additional OCPUs that will be allocated to the instance after it is
scaled.
You can also change the license type of an existing instance. (Not available on Oracle
Cloud at Customer)
Region
If your identity domain is enabled for regions, you can select a region in which your
Oracle Java Cloud Service instance will reside.
A region supports either Oracle Cloud Infrastructure or Oracle Cloud Infrastructure
Classic. For a list of available regions, see Data Regions for Platform and
Infrastructure Services.
When you select an Oracle Cloud Infrastructure region for a service instance, you
must also select an Availability Domain. See Regions and Availability Domains in the
Oracle Cloud Infrastructure Services documentation.
When you select an Oracle Cloud Infrastructure Classic region for a service instance,
you can also select an IP Network and assign reserved IP addresses to your nodes. If
you don’t explicitly select a region (No Preference), you cannot select an IP network
or use reserved IPs.
Compute Shape
The available shapes for a service instance depend on the type of region that you
select. The larger the compute shape, the greater the processing power and the more
memory that is available.
Some shapes might not be available in all regions.
If you select an Oracle Cloud Infrastructure region, the VM.Standard and BM.Standard
shapes are supported. The DenseIO and HighIO shapes are unsupported. See
Overview of the Compute Service in the Oracle Cloud Infrastructure Services
documentation.
If you select an Oracle Cloud Infrastructure Classic region, Oracle Java Cloud Service
provides a set of compute shapes that are optimized for different use cases. Choose
from a set of all-purpose and memory-intensive shapes.
All-purpose compute shapes in Oracle Cloud Infrastructure Classic include:
• OC3: 1 OCPU and 7.5 GB memory
• OC4: 2 OCPUs and 15 GB memory
• OC5: 4 OCPUs and 30 GB memory
• OC6: 8 OCPUs and 60 GB memory
• OC7: 16 OCPUs and 120 GB memory
2-9
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
WebLogic Cluster
A WebLogic cluster is defined by a compute shape and server count.
You select an initial cluster size of 1, 2, or 4 Managed Servers. In general, the larger
the cluster the more application requests that can be processed by your service
instance. However, with Oracle Java Cloud Service you can also scale in and out the
cluster after you create the service instance.
Another design consideration when selecting the cluster size is continued availability
during patching. If the cluster has 2 or more nodes, then during patching, at least 1
node continues to serve requests. This won't be possible with a 1-node cluster.
If you create a service instance with an Oracle-managed load balancer (Oracle Cloud
Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic),
you can optionally create up to 8 clusters for the instance. You cannot create multiple
clusters for service instances that include a user-managed load balancer (Oracle
Traffic Director). You configure each cluster with its own compute shape and initial
server count (1, 2, or 4 Managed Servers). You might consider creating multiple
clusters if, for example, multiple applications or different tiers of your application have
different capacity requirements. See Recommended Multi-Tier Architecture in
Administering Clusters for Oracle WebLogic Server.
Optionally, you can specify a path prefix for a cluster, which is used to configure the
load balancer. For example, the load balancer could route traffic from URLs with the
prefix /mystore to the cluster cluster1. If you do not specify a path prefix, then the
path prefix is the cluster name.
For more information about clusters see:
• WebLogic Server Clustering in Understanding Oracle WebLogic Server (12.2.1)
• WebLogic Server Clustering in Understanding Oracle WebLogic Server (12.1.3)
• Understanding WebLogic Server Clustering in Using Clusters for Oracle WebLogic
Server (10.3.6)
2-10
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Availability Domain
This feature is specific to Oracle Cloud Infrastructure regions.
An availability domain consists of a set of data centers within an Oracle Cloud
Infrastructure region.
A region can have multiple isolated availability domains with separate power and
cooling, for example. The availability domains within a region are interconnected via a
low-latency network. See Regions and Availability Domains in the Oracle Cloud
Infrastructure Services documentation.
Subnet
This feature is specific to Oracle Cloud Infrastructure regions.
A subnet is a subdivision of a cloud network. Each subnet exists in a single availability
domain and consists of a contiguous range of IP addresses that do not overlap with
other subnets in the cloud network.
You can create your own subnet before you provision an Oracle Java Cloud Service
instance. See VCNs and Subnets in the Oracle Cloud Infrastructure Services
documentation.
For convenience, if you do not explicitly select a subnet (No Preference), then the
service instance is assigned to a subnet in the predefined Virtual Cloud Network
(VCN) named svc-vcn, which is found in the compartment named
ManagedCompartmentForPaaS. You cannot modify these predefined subnets, such as
assigning a custom security list. If you prefer more control over the network
configuration for your service instance, then create a custom subnet.
You must satisfy certain subnet and policy prerequisites when you create a subnet for
use with Oracle Java Cloud Service instances. See Prerequisites for PaaS Services
on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure Services
documentation.
IP Network
This feature is specific to Oracle Cloud Infrastructure Classic regions.
If you select a specific Oracle Cloud Infrastructure Classic region for your service
instance, then you can also select an IP network in that region. Using an IP network
gives you more control over the configuration of the network in which your service
instance is placed.
By default, if you select an IP network, each underlying node is auto-assigned a public
and private IP address. As a result, the IP address might change each time a service
instance is started. To assign fixed public IP addresses to instances attached to the IP
network, you can create and use IP reservations.
When you select an IP network during provisioning, you must also select a Oracle
Database Cloud Service instance that is on an IP network. If the Oracle Java Cloud
Service and Oracle Database Cloud Service are attached to different IP networks,
then the two IP networks must be connected to the same IP network exchange. The
required access rules for the Oracle Java Cloud Service instance and Oracle
2-11
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Public IP Address
You can choose whether or not to assign public IP addresses to the nodes in your
service instance.
By default, any node that is created during instance provisioning, or is later added as
part of a scaling operation, will have a public IP address assigned to it. You will be
able to directly access the nodes in the service instance, and the Java EE applications
deployed to these nodes, from the public Internet.
If you choose not to assign public IP addresses, you will not be able to directly access
the nodes in the service instance from the public Internet. This option is for use cases
where you only intend to access your Java EE applications from within your private
cloud network or from your on-premises data center over a VPN network.
The procedure for creating a service instance with no public IP addresses varies
depending on the region type:
• Oracle Cloud Infrastructure (Not available on Oracle Cloud at Customer) – Assign
an existing Private Subnet to the instance. You must create the service instance
using the CLI or REST API. See Create an Oracle Java Cloud Service Instance
Attached to a Private Subnet on Oracle Cloud Infrastructure.
• Oracle Cloud Infrastructure Classic – Assign an existing IP Network to the
instance and also explicitly disable public IP addresses on the instance.
When you create a service instance in an Oracle Cloud Infrastructure Classic region,
you can choose to create a public or private Oracle-managed load balancer for your
service instance. A private load balancer in Oracle Cloud Infrastructure Load
Balancing Classic cannot be accessed from the public Internet.
You can further control the nodes and port numbers in your service instance that are
accessible from the Internet or other Oracle Cloud resources:
• Oracle Cloud Infrastructure – See Security Lists.
• Oracle Cloud Infrastructure Classic – See Create an Access Rule.
Reserved IP Address
This feature is specific to Oracle Cloud Infrastructure Classic regions.
2-12
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
If you select a specific region for your service instance, you can also assign reserved
IP addresses to use for the nodes in your service instance.
Reserved IP addresses are specific to a region.
Reserved IP addresses are persistent. If you create a service instance that uses a set
of reserved IP addresses, you can reuse the IP addresses after you delete the
instance.
The number of IP addresses you create must match the number of nodes in your
service instance cluster. You can either select individual IP addresses for every node
or allow Oracle to assign them automatically.
If you have created multiple clusters, the number of IP addresses you create must
match the total number of nodes in all the clusters.
See Reserve IP Addresses.
Domain Partition
A WebLogic Server 12c domain can optionally be organized into multiple partitions.
Each partition is dedicated to running specific applications and related resources, and
is managed independently of other partitions in the same domain. You can define
partitions when you create a service instance, and you can add or remove domain
partitions after you create the service instance by using Fusion Middleware Control.
These domain partitions will be created with a default resource management policy.
Domain partitions also enable you to create different security realms for the overall
WebLogic Server domain and for each partition. Each security realm can have its own
identity store with users, credentials and groups.
See About WebLogic Server MT in Using WebLogic Server Multitenant.
You cannot configure domain partitions if you select:
• The Oracle Java Cloud Service Virtual Image (BASIC) service level
• The Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter Portal
service level
• The Oracle Java Cloud Service Fusion Middleware — Oracle Data Integrator
service level
• The Standard Edition of WebLogic Server
• The 11g release of WebLogic Server
User Authentication
By default, the WebLogic Server domain in a service instance is configured to use the
local WebLogic identity store to maintain administrators, application users, groups and
roles. These security elements are used to authenticate users and to also authorize
access to tools like the WebLogic Server Administration Console.
If your cloud account includes Oracle Identity Cloud Service, an Oracle Java Cloud
Service instance can also use Oracle Identity Cloud Service for authentication. As a
result, users that access your applications or the administration consoles in this
service instance are authenticated against Oracle Identity Cloud Service if they are not
2-13
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
found in the local WebLogic identity store. See Use Oracle Identity Cloud Service with
Oracle Java Cloud Service.
You can also create a service instance within a specific identity domain in Oracle
Identity Cloud Service (Not available on Oracle Cloud at Customer). Each identity
domain has an independent set of users. For example, you might create separate
identity domains for test users and production users. By default, service instances are
created in the primary identity domain in Oracle Identity Cloud Service. See About
Multiple Instances in Administering Oracle Identity Cloud Service.
You cannot configure a service instance to use Oracle Identity Cloud Service if you
select:
• The Oracle Java Cloud Service Virtual Image (BASIC) service level
• The 11g release of WebLogic Server
Administrator Access
This feature is specific to Oracle Cloud Infrastructure Classic regions.
By default, remote access to the Administration Server is disabled in a service
instance for security purposes.
This includes the use of the WebLogic Server Administration Console and Fusion
Middleware Control Console, as well as remote WebLogic Scripting Tool (WLST)
commands. You can enable console access either when you create a service
instance, or later after it has been created.
Client Access
By default, a service instance can be accessed only over secure protocols like HTTPS
and SSH.
If you plan to access an application through the HTTP port, you can enable this port
manually after creating a service instance.
The HTTP port is disabled by default only when creating the service instance by using
the Oracle Java Cloud Service console. The HTTP port is enabled by default if you
create the service instance by using the REST API or CLI.
See About the Default Access Ports.
2-14
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
Oracle Java Cloud Service can only provision a Coherence data tier in your service
instance if you select Enterprise Edition with Coherence (Suite).
Database
Every service instance must be associated with an existing relational database in
Oracle Cloud. Oracle Java Cloud Service provisions the required infrastructure
schema on the selected database.
The supported database services in Oracle Cloud vary by region.
If you specify No Preference for region, or if you have an older Oracle Cloud account
that doesn't include regions, then you can choose from the same database options as
Oracle Cloud Infrastructure Classic.
All databases must be in an active state and not currently in the process of being
provisioned. The WebLogic Server domain in a service instance uses Java Database
Connectivity (JDBC) to access the databases.
When you associate a service instance with an Oracle Database Cloud Service or
Oracle Database Exadata Cloud Service deployment for the infrastructure database
schema, you can also associate the service instance with up to four additional
database deployments in order to access your application schemas. This feature is not
available for service instances that use other database services, but you can also
manually configure JDBC data sources for your application schemas after creating the
service instance. This feature is also not available for service instances that use the
Virtual Image (BASIC) service level.
To ensure that you can restore the database for an Oracle Java Cloud Service
instance without risking data loss for other service instances, Oracle recommends that
you do not associate the same infrastructure schema database (or the same pluggable
database) with multiple service instances. Backups of a database that is used with
multiple Oracle Java Cloud Service instances contain data for all the instances.
Therefore, if you restore the database from a backup, data for all the service instances
is restored, which might not be the intended result.
The following limitations apply only to service instances that use Oracle Database
Cloud Service as the infrastructure schema database.
• When you create an Oracle Java Cloud Service instance on a secondary Oracle
Identity Cloud Service domain, you can't use Oracle Database Cloud Service for
the infrastructure schema. The only option is to use an Oracle Cloud Infrastructure
Database or Autonomous Transaction Processing database. You can use an
Oracle Database Cloud Service deployment for the infrastructure schema for the
default Oracle Identity Cloud Service domain only.
• You cannot use an Oracle Database Cloud Service deployment running Oracle
Database 18c.
2-15
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
• You can use an Oracle Database Cloud Service deployment running Oracle
Database 12.2, but only for service instances running Oracle WebLogic Server
12.2.1 or later.
• Create Oracle Database Cloud Service deployments with a backup option other
than NONE. This configuration enables Oracle Java Cloud Service to coordinate
backups across your service instance and the database. Coordinated backups are
not supported for other database services.
The following limitations apply only to service instances on Oracle Cloud Infrastructure
regions:
• You must create a security policy in Oracle Cloud Infrastructure in order for your
Oracle Autonomous Transaction Processing database or Oracle Cloud
Infrastructure Database to be displayed in the Oracle Java Cloud Service web
console. See Creating the Infrastructure Resources Required for Oracle Platform
Services.
• Database instances in Oracle Database Cloud Service and Oracle Cloud
Infrastructure Database must be in the same region and virtual cloud network
(VCN) as the Oracle Java Cloud Service instance. The database and service
instance do not need to be in the same subnet or availability domain, but it might
be necessary to create and assign security rules to the subnets in order to enable
communication between them. The database and service instance can be on
different VCNs only if you configure VCN peering. See VCNs and Subnets in the
Oracle Cloud Infrastructure Services documentation.
• To use Oracle Cloud Infrastructure Database, you must assign a custom subnet to
your service instance. The default subnet is not supported.
• To use a Bare Metal database in Oracle Cloud Infrastructure Database, you must
create the service instance with the Oracle Java Cloud Service REST API or CLI.
The web console supports only VM and Exadata databases in Oracle Cloud
Infrastructure Database.
• To use an Oracle Cloud Infrastructure Database running Oracle Database 12.2 or
later, the service instance must be running Oracle WebLogic Server 12.2.1 or
later.
• Oracle Java Cloud Service does not yet support using Logical Volume Manager as
the storage management software for a 1-node VM DB system. You cannot use
the fast provisioning option to create the Oracle Cloud Infrastructure Database.
• Oracle Database Cloud Service does not support Real Application Cluster (RAC)
databases containing multiple nodes on Oracle Cloud Infrastructure.
• To use a serverless Oracle Autonomous Transaction Processing database, the
service instance must be running WebLogic Server 12.2.1.3 or later, and the
service instance cannot use the Fusion Middleware — Oracle WebCenter Portal or
Fusion Middleware — Oracle Data Integrator service levels. Note that Oracle Java
Cloud Service does not yet support a dedicated deployment autonomous
database.
• The Oracle Java Cloud Service cloning feature is not supported for service
instances that use databases in Oracle Cloud Infrastructure Database or Oracle
Autonomous Transaction Processing.
The following limitations apply only to service instances on Oracle Cloud Infrastructure
Classic regions:
2-16
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
• The database must be in the same region as the Oracle Java Cloud Service
instance.
• If you specify an IP network for a service instance, the infrastructure schema
database for the Oracle Java Cloud Service instance must also be attached to an
IP network. If the service instance and the database are attached to different IP
Networks, the two IP networks must be connected to the same IP network
exchange. See Creating an IP Network in Using Oracle Cloud Infrastructure
Compute Classic.
• To use the Virtual Image (BASIC) service level of Oracle Database Cloud Service
with the Virtual Image service level of Oracle Java Cloud Service, you must
perform additional tasks before you create the Oracle Java Cloud Service
instance. See Use a Database Cloud Service - Virtual Image Database
Deployment.
For more information about the available database services in Oracle Cloud, see:
• Creating a Database Deployment in Administering Oracle Database Cloud Service
• Managing Bare Metal and Virtual Machine DB Systems in the Oracle Cloud
Infrastructure documentation
• Provisioning Autonomous Transaction Processing in Using Oracle Autonomous
Transaction Processing on Shared Exadata Infrastructure
• Managing Exadata DB Systems in the Oracle Cloud Infrastructure documentation
• Creating a Database Deployment in Administering Oracle Database Exadata
Cloud Service
Load Balancer
A load balancer routes requests it receives from clients to the WebLogic Servers
configured in a service instance.
Using a load balancer within your service instance is recommended if you are
configuring more than one Managed Server or more than one cluster. A load balancer
also gives you the ability to suspend access to a service instance temporarily to
perform routine maintenance.
Oracle Java Cloud Service supports two load balancer options:
• A user-managed load balancer that runs within your service instance. You can
access, patch, and administer this type of load balancer like other nodes in your
service instance.
• An Oracle-managed load balancer that is automatically patched and maintained by
Oracle. This load balancer is provisioned in Oracle Cloud Infrastructure Load
Balancing or Oracle Cloud Infrastructure Load Balancing Classic, depending on
the region where the service instance is created.
The user-managed load balancer in Oracle Java Cloud Service is an instance of
Oracle Traffic Director (OTD) and is administered through the Load Balancer Console.
A service instance can include zero, one or two load balancer nodes running OTD.
Each load balancer node is assigned a separate public IP address.
The Oracle-managed load balancer is automatically deployed on multiple nodes to
provide high availability and is accessed by clients using a single public IP address.
The configuration options vary by region:
2-17
Chapter 2
Design Considerations for an Oracle Java Cloud Service Instance
• On Oracle Cloud Infrastructure regions, you can assign a regional subnet that will
be shared by all the load balancer nodes. A regional subnet is not scoped to any
particular availability domain, so the subnet contains resources in any of a region's
availability domains. Oracle recommends assigning a regional subnet to enable
high availability, with automatic failover from one availability domain to another if
needed.
• On Oracle Cloud Infrastructure regions, Oracle recommends that you assign a
regional subnet, but you can assign a non-regional (availability domain-scoped)
subnet to each load balancer node if needed. For high availability, Oracle
recommends that each subnet be associated with a different availability domain in
the selected region. If the selected region has one availability domain, you can
specify only one subnet, which is assigned to both load balancer nodes.
• On Oracle Cloud Infrastructure regions, if you configure the service instance to
use Oracle Identity Cloud Service for authentication, then you must also provision
an Oracle-managed load balancer. However, you can also create an instance with
an Oracle-managed load balancer that does not use Oracle Identity Cloud Service.
• On Oracle Cloud Infrastructure Classic regions, in order to provision an Oracle-
managed load balancer, you must also configure the service instance to use
Oracle Identity Cloud Service for authentication.
• On Oracle Cloud Infrastructure Classic regions, if you specify an IP Network for
your service instance, you can choose to create a public or private Oracle-
managed load balancer. A private load balancer cannot be accessed from the
public Internet. It is for use cases where you only intend to access your service
instance from within your private cloud network or from your on-premises data
center over a VPN network.
You cannot configure a service instance to use an Oracle-managed load balancer if
you select:
• The Oracle Java Cloud Service Virtual Image (BASIC) service level
• The 11g release of WebLogic Server
See About the Load Balancer in Oracle Java Cloud Service.
Backup Location
When provisioning a service instance, you can choose to enable or disable automated
backups.
If you do not enable backups, you will not be able to initiate on-demand backups as
well. You can also configure backups for a service instance after its creation.
Backups are recorded to a specified object storage location in Oracle Cloud:
• For a service instance in an Oracle Cloud Infrastructure region, you must create
this storage bucket manually.
• For a service instance in an Oracle Cloud Infrastructure Classic region, you can
create this storage container manually, or Oracle Java Cloud Service can create
one automatically while you are provisioning the service instance.
See Create an Object Storage Container.
2-18
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
Note:
QuickStart is not available for Oracle Cloud accounts that include only Oracle
Cloud Infrastructure regions, or include a mix of Oracle Cloud Infrastructure
and Oracle Cloud Infrastructure Classic regions.
Note:
You must have a Universal Credits subscription in order to use QuickStart.
This feature is not available to other subscription types.
Video
Tutorial
Topics
• Create a QuickStart Instance
• Simple Java Web App
• Multi-Tier Java EE App with High Availability
• Highly Available Java EE App with Caching
• Compare QuickStart Templates
2-19
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
Note:
Before you scale up or scale out a BYOL instance, you must have enough
WebLogic Server licenses for the additional OCPUs that will be allocated to
the instance after it is scaled.
Oracle Java Cloud Service generates the user name and password that you will need
to administer the Oracle WebLogic Server and the Load Balancer components in the
selected configuration. This same password is also used to administer the Oracle
Database. Oracle Java Cloud Service generates an archive file for you to download,
which contains:
• A text file with the administrator user name and password for WebLogic Server
and the Load Balancer
• A copy of the Secure Shell (SSH) public key that will be associated with each of
the nodes in this configuration
• The corresponding SSH private key, which will be necessary to access any of the
nodes in this configuration
To create a service instance:
1. Access the Oracle Java Cloud Service console and click the QuickStarts link.
Alternatively, from the Infrastructure Classic Console click Create Instance. Within
the Featured Services tab or All Services tab, click the Create button for the
Java option.
2. On the QuickStarts page, enter an Instance Name, or accept the default name.
This value will also be used as the base name for the Oracle Database Cloud
Service deployment: <instanceName>DBCS.
3. Click the Create button below the template you want to provision:
• Simple Java Web App
• Multi-Tier Java EE App with High Availability
• Highly Available Java EE App with Caching
4. From the confirmation dialog, click the Download link. When prompted by your
web browser, save this archive file to your local machine.
The Create button is now enabled.
5. Click Create.
The Stacks page displays. Your new cloud stack is <instanceName>QS.
6. Click the name of the stack.
7. On the Stack Details page, periodically refresh this page to monitor the progress of
the new Oracle Database Cloud Service instance and Oracle Java Cloud Service
instance.
Click the name of your new Oracle Java Cloud Service instance to view its details or
perform management operations. To return to the Oracle Cloud Stack console at a
later time, click at the top left corner of the page (next to the Oracle logo), and then
choose Cloud Stack.
2-20
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
Next steps:
• By default, access to the WebLogic Server and Load Balancer administration
consoles is disabled. In order to use these tools to modify the default configuration
or to deploy applications, see Enable Console Access for a Service Instance.
• The generated private key file is in OpenSSH format. Before connecting to a node
in this service instance with the PuTTY SSH client, you must first convert the key
to PuTTY’s proprietary format. See Convert a Private Key with PuTTY.
• Service backups are not enabled in QuickStart instances. See Add a Backup
Configuration to an Oracle Java Cloud Service Instance.
• In order to delete this Oracle Java Cloud Service instance , you must use Oracle
Cloud Stack. See Deleting a Cloud Stack in Using Oracle Cloud Stack.
When you execute this template, Oracle Cloud provisions an Oracle Java Cloud
Service instance as well as an Oracle Database Cloud Service deployment. This
simple template implements a typical development or test Java EE environment, or a
production environment for a departmental Java EE application that doesn’t require
high availability 24 hours a day. It requires a total of 2 OPCUs.
This template includes:
• WebLogic Server 12c (12.2) Enterprise Edition installation.
• Oracle Database 12c (12.2) Standard Edition installation.
• Single node running a WebLogic Administration Server and a single WebLogic
Managed Server. Use the Administration Server to perform administration tasks
like configuring Java EE resources and deploying applications. These applications
are hosted on the WebLogic Managed Server, and are accessed by end users and
other external clients.
• Single node running Oracle Database. This database has 25 GB of total space
and is provisioned with the required schemas for running Oracle Java Cloud
Service.
2-21
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
You can scale up your WebLogic Server node at a later time if your applications
require more compute or storage capacity. Similarly, you can add more compute or
storage capacity to the database. You cannot add more nodes to a Standard Edition
instance (scaling out).
You can enable automatic backups on this service instance after creating it.
When you execute this template, Oracle Cloud provisions an Oracle Java Cloud
Service instance as well as an Oracle Database Cloud Service deployment. This
template implements a typical, production-level Java EE environment that requires
high availability of the application tier. A separate load balancer tier transparently
distributes incoming client requests across the application tier. This template requires
a total of 5 OPCUs.
This template includes:
• WebLogic Server 12c (12.2) Enterprise Edition installation.
• Oracle Database 12c (12.2) Enterprise Edition installation.
• One node running a WebLogic Administration Server and a WebLogic Managed
Server. Use the Administration Server to perform administration tasks like
configuring Java EE resources and deploying applications.
• One node running a second WebLogic Managed Server. Both Managed Servers
are part of a single cluster for high availability. Applications are hosted on these
Managed Servers.
2-22
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
When you execute this template, Oracle Cloud provisions an Oracle Java Cloud
Service instance as well as an Oracle Database Cloud Service deployment. This
template implements a high-performance, production-level Java EE environment that
requires high availability of the application tier. A separate load balancer tier
transparently distributes incoming client requests across the application tier. Finally, a
data grid tier enables you to predictably scale applications by providing fast access to
frequently used data. This template requires a total of 6 OPCUs.
This template includes:
2-23
Chapter 2
Create an Oracle Java Cloud Service Instance by Using a QuickStart Template
2-24
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Video
Tutorial
Prerequisites
Before creating a custom Oracle Java Cloud Service instance:
• Review the prerequisites described in Before You Begin with Oracle Java Cloud
Service
• Review the options described in Design Considerations for an Oracle Java Cloud
Service Instance
• Review About Java Cloud Service Instances in Oracle Cloud Infrastructure
Procedure
• Start the Create New Instance Wizard
• Specify Basic Service Instance Information
• Specify WebLogic Configuration
• Configure the Coherence Data Tier
• Configure the Databases
• Configure Backup and Recovery
• Configure the Load Balancer
• Confirm Your Oracle Java Cloud Service Instance Creation
2-25
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
To create a service instance from the web console, you use the Create New Instance
wizard.
To start the Create New Instance wizard:
1. Access your service console.
2. Click Create Instance.
Note:
You cannot change any of the following options after you have created the
service instance.
Field Description
Instance Name Specify a name for the Oracle Java Cloud Service instance.
The service instance name:
• Must contain one or more characters.
• Must not exceed 30 characters.
• Must start with an ASCII letter: a to z , or A to Z.
• Must contain only ASCII letters or numbers.
• Must not contain a hyphen.
• Must not contain any other special characters.
• Must be unique within the identity domain.
Description (Optional) Enter a short description of the Oracle Java Cloud Service instance.
Notification Email (Optional) Specify an email address where you would like to receive a
notification of any events occurring with the service instance, including whether
provisioning has succeeded or failed.
Region (Available only if your account has regions) Select a region if you want to create
the service instance in a specific region.
A region supports either Oracle Cloud Infrastructure or Oracle Cloud
Infrastructure Classic. For a list of available regions, see Data Regions for
Platform and Infrastructure Services.
The database that you intend to associate with your Oracle Java Cloud Service
instance must be in the same region (not applicable to Oracle Autonomous
Transaction Processing).
2-26
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Field Description
Availability Domain Select an availability domain. A region can have multiple isolated availability
domains, each with separate power and cooling. The availability domains within
a region are interconnected using a low-latency network.
Note that the database that you intend to associate with your Oracle Java
Cloud Service instance can be in a different availability domain within the
selected region.
Subnet Select the Oracle Cloud Infrastructure subnet to which the nodes of your
instance must be attached.
This field provides a No Preference option and a list of the available subnets.
Each subnet is shown in the format compartmentName | vcnName |
subnetName. A tooltip lists the compartment name, VCN name, subnet name,
and the OCID of the subnet.
• To have the subnet assigned automatically, select No Preference. The
subnet ManagedCompartmentForPaaS | svc-vcn | svc-subnet-... is
used for your instance.
Note: Don't select No Preference if you plan to associate an Oracle Cloud
Infrastructure Database with your service instance.
If you want to configure security rules for your instance, don’t select No
Preference or ManagedCompartmentForPaaS | svc-vcn | svc-
subnet-.... Select a subnet in a VCN that you created.
• To assign a subnet explicitly, select a suitable subnet from the available
options.
• If none of the available subnets meets your networking requirements, then
cancel the Create Instance wizard. In Oracle Cloud Infrastructure, create
the required VCN and subnets, create policies to allow Oracle Java Cloud
Service to use the VCN, and select the appropriate subnet while creating
your instance. See Prerequisites for PaaS Services on Oracle Cloud
Infrastructure in the Oracle Cloud Infrastructure documentation.
Database instances in Oracle Database Cloud Service and Oracle Cloud
Infrastructure Database must be in the same region and virtual cloud network
(VCN) as the Oracle Java Cloud Service instance. The database and service
instance do not need to be in the same subnet. The database and service
instance can be on different VCNs only if you configure VCN peering.
Tags (Optional) Select existing tags or add tags to associate with the service
instance.
To select existing tags, select one or more check boxes from the list of tags that
are displayed on the pull-down menu.
To create tags, click Click to create a tag to display the Create Tags dialog
box. In the New Tags field, enter one or more comma-separated tags that can
be a key or a key:value pair.
If you do not assign tags during provisioning, you can create and manage tags
after the service instance is created. See Creating, Assigning, and Unassigning
Tags.
Identity Domain (Not available on Oracle Cloud at Customer)
Select the identity domain in Oracle Identity Cloud Service in which to create
this service instance. By default, the instance is created in the primary identity
domain.
2-27
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Field Description
The service security (Not available on Oracle Cloud at Customer)
administrator (Optional) Specify the username for the security administrator for the service
instance in the selected identity domain. This user gets rights to administer
security artifacts (roles, AppId, OAuth IDs, and so on). The username can be
the administrator of the selected identity domain or a user in the selected
identity domain. You can leave this field blank only if you are the administrator
of the selected identity domain or a user in the selected identity domain.
License Type Choose whether you want to leverage the Bring Your Own License (BYOL)
option or use your Oracle Java Cloud Service license.
• The Bring Your Own License (BYOL) option enables you to bring your
on-premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL
instances are billed at a lower rate than other instances. See Frequently
Asked Questions: Oracle BYOL to PaaS.
You must own a Universal Credits subscription or Government subscription
in order to use BYOL.
Note: Before you scale up or scale out a BYOL instance, you must have
enough WebLogic Server licenses for the additional OCPUs that will be
allocated to the instance after it is scaled.
• If you choose to use your Oracle Java Cloud Service license, your account
will be charged for the new service instance according to your Oracle Java
Cloud Service agreement.
If you have both BYOL and Oracle Java Cloud Service entitlements, BYOL is
selected by default, but you can change the license type. If you have BYOL
entitlements only, BYOL is selected and you cannot change the license type. If
you do not have BYOL entitlements, the Oracle Java Cloud Service license
option is selected and you cannot change the license type.
2-28
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Field Description
Service Level Select a service level:
• Oracle Java Cloud Service
Supports Oracle Java Cloud Service instance creation and monitoring;
domain partitions; backup and restoration; patching; and scaling.
• Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter
Portal
(This service level is not supported for service instances that use an Oracle
Autonomous Transaction Processing database)
Leverages your Oracle WebCenter Portal license on Oracle Java Cloud
Service.
Selecting this option downloads additional installation tools to the
location /u01/zips/upperstack on the Administration Server node. You
must install the product yourself after creating this service instance. See
the Provisioning Oracle WebCenter Portal Cloud Service tutorial.
This service level is only supported on WebLogic Server release 12.2.1.3
for service instances in Oracle Cloud Infrastructure and Oracle Cloud
Infrastructure Classic regions. For Oracle Cloud at Customer, only
WebLogic Server release 12.2.1.2 is supported.
You must select Enterprise Edition or High Performance Edition. Standard
Edition is not supported.
Note:
Patching is not supported for service instances where Oracle
Java Cloud Service Fusion Middleware—Oracle WebCenter
Portal, Oracle Java Cloud Service Fusion Middleware—Oracle
Data Integrator, or any other product that modifies the MW_HOME
directory are installed. If you attempt to patch a service instance
where any of these products are installed, patching prechecks
issue an error message and patching fails.
Note:
Patching is not supported for service instances where Oracle
Java Cloud Service Fusion Middleware—Oracle WebCenter
2-29
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Field Description
Portal, Oracle Java Cloud Service Fusion Middleware—Oracle
Data Integrator, or any other product that modifies the MW_HOME
directory are installed. If you attempt to patch a service instance
where any of these products are installed, patching prechecks
issue an error message and patching fails.
2-30
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
Topics
• Specify WebLogic Configuration
• Configure WebLogic Server Access
• Configure the Coherence Data Tier
• Configure the Databases
• Configure Backup and Recovery
• Configure the Load Balancer
Note:
Two tabs, Simple and Advanced, control which fields appear on the page.
Fields that appear when you select the Simple tab also appear when you
select the Advanced tab, but some fields appear only when you select the
Advanced tab.
2-31
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-32
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-33
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-34
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
• Specify this policy if you created the database in the root compartment:
• Specify this policy if you created the database in the root compartment:
2-35
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-36
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-37
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-38
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-39
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-40
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure
2-41
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
After Confirmation
After the Confirmation page closes, the Oracle Java Cloud Service console opens.
Optionally, you can click on the service instance name to view status messages. If
provisioning of your service instance fails but there are no fatal errors, the software
automatically retries provisioning, after a lag time of 60 minutes. Messages about the
auto-retry process and failed compute resources are displayed.
If you provided your email address for the Notification Email option, you will receive
an email notification when the service instance provisioning has succeeded or failed.
Next Steps
• After the service instance has been created, you can view the system messages
logged during the creation process, including error messages. Click Instance
Create and Delete History, then click the service instance name or Details.
• If the provisioning process retried provisioning automatically, some failed
resources might still exist. To clean up these failed resources, click the Complete
Cleanup button. If you click the button once and not all failed resources are
cleaned up, the Complete Cleanup button will remain. If this is the case, click the
button again and wait. Repeat this process until the button is not longer displayed
and all failed resources are cleaned up.
• If you selected the Enable Authentication with Oracle Identity Cloud Service
option, you can use Oracle Identity Cloud Service to create additional WebLogic
Server users. See Use Oracle Identity Cloud Service with Oracle Java Cloud
Service.
• If you selected the Deploy Sample Application option, and want to test the
sample application, see About the Sample Application Deployed to an Oracle Java
Cloud Service Instance.
Note:
For the instructions to create an instance attached to a public subnet, see
Create an Oracle Java Cloud Service Instance Attached to a Public Subnet
on Oracle Cloud Infrastructure.
2-42
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
Task Flow for Creating an Oracle Java Cloud Service Instance Attached to a
Private Subnet
1. Create the Required Resources in Oracle Cloud Infrastructure
2. Create an Oracle Cloud Infrastructure Database System Attached to a Private
Subnet
3. Create an Oracle Java Cloud Service Instance Attached to a Private Subnet
2. Complete the following steps from the tutorial Creating the Infrastructure
Resources Required for Oracle Platform Services:
a. Create a compartment.
If you want to create the Oracle Cloud Infrastructure resources in an existing
compartment, then skip this step.
b. Create a virtual cloud network (VCN) in the compartment you created or
identified.
If you want to use an existing VCN, then skip this step.
c. Create a policy to allow Oracle Cloud platform services to use the networking
resources in the compartment that you created or identified.
If the required policy exists for the compartment that you want to use, then
skip this step.
d. Create a bucket in the Object Storage service to store backups of your Oracle
Java Cloud Service instance.
Note:
The user creating the bucket must be either a local user in Oracle
Cloud Infrastructure Identity and Access Management (IAM), or a
synchronized user created automatically by a federated identity
provider.
If you’d like to use a bucket that was created previously, then skip this step.
Note the name of the bucket. You’ll need it later while creating the service
instances.
e. Generate an authentication token for the user who created the bucket.
If you have the required token already, then skip this step.
2-43
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
Note the authentication token value. You’ll need it later while creating the
service instances.
3. In the VCN that you created or identified earlier, create the required networking
resources:
a. Create a service gateway.
The service gateway is required for the Oracle Java Cloud Service instance to
access Oracle Cloud Infrastructure Object Storage.
See Setting Up a Service Gateway in the Oracle Cloud Infrastructure
documentation.
b. Create an internet gateway.
The internet gateway enables communication between the public Internet and
the bastion node.
See Working with Internet Gateways in the Oracle Cloud Infrastructure
documentation.
c. (Optional) Create a NAT gateway.
The NAT gateway is required for the nodes of the Oracle Java Cloud Service
instance to access the public Internet. Such access would be useful when (for
example) you want to allow the nodes to access the Oracle Yum server to
download additional packages or OS patches.
See Setting Up a NAT Gateway in the Oracle Cloud Infrastructure
documentation.
d. Create the following route table:
See Working with Route Tables in the Oracle Cloud Infrastructure
documentation.
Route Table route.public for the Public Subnets
2-44
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
2-45
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
1
Assuming the VCN’s CIDR is 10.0.0.0/16
Note:
Make a note of the OCIDs of the subnets. You’ll need them later
while creating the bastion host and the service instances.
4. Create a compute instance and attach it to the public subnet that you created for
the bastion host.
Through this node, administrators can access the administration console of the
Oracle Java Cloud Service instance, and they can connect using ssh to the
compute nodes of the instance.
See Creating an Instance in the Oracle Cloud Infrastructure documentation.
After creating the bastion compute instance, note its public IP address.
You’ve created the required resources in Oracle Cloud Infrastructure. You can now
create the Oracle Cloud Infrastructure Database and Oracle Java Cloud Service
instances.
2-46
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
• 12c (any shape): The PDB name that you entered while creating the DB
system (for example, PDB1).
If you didn't enter a PDB name, then use dbName_PDB1, where dbName is the
database name you specified (for example, dbforjcs_PDB1).
• 11g (VM or bare metal): Database Unique Name displayed in the web
console (for example, dbforjcs_yyz17v).
• 11g (Exadata): The database name you specified (for example, dbforjcs).
The following is an example of a connection string for a 12c VM DB system with
the PDB name, pdb1:
//dbforjcs-scan.privatesubnet.paasvcn.oraclevcn.com:1521/
pdb1.privatesubnet.paasvcn.oraclevcn.com
Note:
This request-body template includes only the minimum set of fields
required to create an instance of Oracle Java Cloud Service running
Oracle WebLogic Server 12.2.1.3 Enterprise Edition. For information
about all the supported fields, see Create a Service Instance in REST
API for Oracle Java Cloud Service.
{
"serviceName" : "name",
"region" : "region",
"availabilityDomain" : "ad",
"subnet" : "privateSubnetOCID",
"vmPublicKeyText" : "publicKey",
"components": {
"WLS": {
"adminUserName" : "user",
"adminPassword" : "password",
"sampleAppDeploymentRequested": "true",
"clusters": [
{
"clusterName" : "name",
"serverCount" : "number",
"shape" : "shape",
"type" : "APPLICATION_CLUSTER"
}
],
"connectString" : "dbConnectString",
2-47
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
"dbaName" : "SYS",
"dbaPassword" : "password"
}
},
"configureLoadBalancer" : true
"loadbalancer": {
"subnets": [
"subnetOCID_primaryLBnode",
"subnetOCID_standbyLBnode"
],
"loadBalancingPolicy" : "policy"
},
"cloudStorageContainer": "https://
swiftobjectstorage.region.oraclecloud.com/v1/namespace/bucket",
"cloudStorageUser" : "OCIuser",
"cloudStoragePassword" : "authToken"
}
• serviceName: A name that starts with a letter, includes only letters and
numbers, and has not more than 30 characters.
• region: The Oracle Cloud Infrastructure region in which you want to create the
Oracle Java Cloud Service instance (for example, us-ashburn-1).
• availabilityDomain: The Oracle Cloud Infrastructure availability domain in
which you want the Oracle Java Cloud Service instance to be created (for
example, QnsC:US-ASHBURN-AD-1).
• subnet: The OCID of the private subnet to which you want to attach the Oracle
Java Cloud Service instance.
• vmPublicKeyText: The SSH public key that you want to use for the nodes of
the instance.
• adminUserName: The user name for the Oracle WebLogic Server administrator.
The name must be between 8 and 128 characters long. It must not contain
any of the following characters: tabs, brackets, parentheses, left angle bracket
(<), right angle bracket (>), ampersand (&), pound sign (#), pipe symbol (|),
and question mark (?).
• adminPassword: The password for the Oracle WebLogic Server administrator.
The password must start with a letter. It can contain from 8 to 30 characters,
and must include at least one number.
• sampleAppDeploymentRequested: true
• clusterName: The name of the Oracle WebLogic Server cluster.
The name must start with a letter and have not more than 50 characters. It can
contain only alphabetical characters, underscores (_), and dashes (-).
• serverCount: 1, 2, 4, or 8
• shape: Any VM.Standard or BM.Standard shape that's available in the
availability domain that you specified. Check the service limits displayed in the
Oracle Cloud Infrastructure web console.
• type: APPLICATION_CLUSTER
2-48
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
Note:
If you need the ability to configure the load balancer (add or modify
listeners, use your own certificates, and so on), then don't include
this field in the request body. Don't include the fields under
loadbalancer either. Create an instance of Oracle Cloud
Infrastructure Load Balancing manually. See Set Up an Oracle Cloud
Infrastructure Load Balancer.
{
"serviceName" : "myJCS",
"region" : "us-ashburn-1",
"availabilityDomain" : "QnsC:US-ASHBURN-AD-1",
"subnet" : "ocid1.subnet.oc1.iad.aaaaaaaamgxfkk5...
(truncated)",
"vmPublicKeyText" : "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA...
(truncated)",
"components": {
"WLS": {
"adminUserName" : "adminuser",
"adminPassword" : "password",
2-49
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
"sampleAppDeploymentRequested": "true",
"clusters": [
{
"clusterName" : "myJCScluster",
"serverCount" : "2",
"shape" : "VM.Standard2.1",
"type" : "APPLICATION_CLUSTER"
}
],
"connectString" : "//dbforjcs-
scan.privatesubnet.paasvcn.oraclevcn.com:1521/
pdb1.privatesubnet.paasvcn.oraclevcn.com",
"dbaName" : "SYS",
"dbaPassword" : "password"
}
},
"configureLoadBalancer" : true
"loadbalancer": {
"subnets": [
"ocid1.subnet.oc1.iad.aaaaaaaa6j5... (truncated)",
"ocid1.subnet.oc1.iad.aaaaaaaaj4t... (truncated)"
],
"loadBalancingPolicy" : "LEAST_CONN"
},
"cloudStorageContainer": "https://swiftobjectstorage.us-
ashburn-1.oraclecloud.com/v1/mynamespace/jcs_bucket",
"cloudStorageUser" : "[email protected]",
"cloudStoragePassword" : "sometoken"
}
2-50
Chapter 2
Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure
-H 'X-ID-TENANT-NAME: idcs-33e8886d2e6666e7777d14ffa9999e83' \
-H 'Content-Type: application/json' \
-d @create-jcs-instance-on-oci.json
A message similar to the following is displayed, indicating that the request was
accepted.
{
"details": {
"message": "Submitted job to create service [myJCS] in domain
[idcs-33e8886d2e6666e7777d14ffa9999e83].",
"jobId": "50572730"
}
}
curl rest_endpoint/paas/api/v1.1/activitylog/identityServiceID/job/ID \
-u user:password \
-H 'X-ID-TENANT-NAME: identityServiceID'
curl https://jaas.oraclecloud.com/paas/api/v1.1/activitylog/
idcs-33e8886d2e6666e7777d14ffa9999e83/job/50572730 \
-u [email protected]:password \
-H 'X-ID-TENANT-NAME: idcs-33e8886d2e6666e7777d14ffa9999e83'
In the output, look for the status field. It shows ready after the instance is created.
2-51
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Note:
The compute nodes of Oracle Java Cloud Service instances that are
attached to private subnets in Oracle Cloud Infrastructure have private IP
addresses. So you can’t ssh to the nodes or access the administration
consoles of such instances from the public Internet.
You can access the administration consoles and connect to the nodes of
such instances through a bastion host attached to a public subnet.
Video
Tutorial
Prerequisites
Before creating a custom Oracle Java Cloud Service instance:
• Review the prerequisites described in Before You Begin with Oracle Java Cloud
Service
• Review the options described in Design Considerations for an Oracle Java Cloud
Service Instance
2-52
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Procedure
• Start the Create New Instance Wizard
• Specify Basic Service Instance Information
• Specify WebLogic Configuration
• Assign Reserved IP Addresses for a Service Instance in a Region
• Assign Reserved IP Addresses for an Oracle Database Exadata Cloud Service
Database
• Configure WebLogic Server Access
• Configure the Coherence Data Tier
• Configure the Databases
• Configure the Load Balancer
• Configure Backup and Recovery
• Confirm Your Oracle Java Cloud Service Instance Creation
Note:
Except for tags, you cannot change any of the following options after you
have created the service instance.
2-53
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
Instance Name Specify a name for the Oracle Java Cloud Service instance.
The service instance name:
• Must contain one or more characters.
• Must not exceed 30 characters.
• Must start with an ASCII letter: a to z , or A to Z.
• Must contain only ASCII letters or numbers.
• Must not contain a hyphen.
• Must not contain any other special characters.
• Must be unique within the identity domain.
Description (Optional) Enter a short description of the Oracle Java Cloud Service instance.
Notification Email (Optional) Specify an email address where you would like to receive a
notification of any events occurring with the service instance, including whether
provisioning has succeeded or failed.
Region (Available only if your account has regions) Select a region if you want to create
the service instance in a specific region, or if you want to use a custom IP
network. You must also select a region if you intend to assign reserved IP
addresses to your service instance nodes.
A region supports either Oracle Cloud Infrastructure or Oracle Cloud
Infrastructure Classic. For a list of available regions, see Data Regions for
Platform and Infrastructure Services.
The database that you intend to associate with your Oracle Java Cloud Service
instance must be in the same region.
If you select No Preference, Oracle Java Cloud Service will select one of the
available Oracle Cloud Infrastructure Classic regions. However, you will not be
able to use an IP network or reserved IP addresses for your service instance.
IP Network (Only if a region is selected) (Not available on Oracle Cloud Infrastructure)
Select an IP network if you want to create the service instance in an IP network
that you’ve defined.
By default, each node in your instance is auto-assigned a public and a private
IP address. The IP addresses might change each time the service instance is
restarted. You can reserve and assign fixed public IP addresses.
In order to select an IP network if you have selected Enable Authentication
Using Identity Cloud Service, which automatically configures a managed load
balancer, you must first attach an internet-facing load balancer to the IP
network.
This field is not relevant to Oracle Cloud Infrastructure.
2-54
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
Assign Public IP (Not available on Oracle Cloud Infrastructure)
Choose whether to assign public IP addresses to the nodes in your service
instance. You must first select an Oracle Cloud Infrastructure Classic region
and specify an IP network.
If you select this check box (default), then any node added during instance
provisioning, or later added as part of a scaling operation, will have a public IP
address assigned to it. You will be able to directly access the nodes from the
public Internet. This selection is for use cases where you intend to deploy Java
EE applications to the Oracle Java Cloud Service instance and access them
from the public Internet.
If you deselect this check box, then any node added during instance
provisioning, or later added as part of a scaling operation, will not have a public
IP address assigned to it. You will not be able to directly access the nodes from
the public Internet. This selection is for use cases where you intend to deploy
Java EE applications to the Oracle Java Cloud Service instance and access
them only within your IP network or from your on-premises data center over a
VPN network.
Tags (Optional) Select existing tags or add tags to associate with the service
instance.
To select existing tags, select one or more check boxes from the list of tags that
are displayed on the pull-down menu.
To create tags, click to display the Create Tags dialog box. In the New
Tags field, enter one or more comma-separated tags that can be a key or a
key:value pair.
If you do not assign tags during provisioning, you can create and manage tags
after the service instance is created.
Identity Domain (Not available on Oracle Cloud at Customer)
Select the identity domain in Oracle Identity Cloud Service in which to create
this service instance. By default, the instance is created in the primary identity
domain.
The service security (Not available on Oracle Cloud at Customer)
administrator (Optional) Specify the username for the security administrator for the service
instance in the selected identity domain. This user gets rights to administer
security artifacts (roles, AppId, OAuth IDs, and so on). The username can be
the administrator of the selected identity domain or a user in the selected
identity domain. You can leave this field blank only if you are the administrator
of the selected identity domain or a user in the selected identity domain.
2-55
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
License Type Choose whether you want to leverage the Bring Your Own License (BYOL)
option or use your Oracle Java Cloud Service license.
• The Bring Your Own License (BYOL) option enables you to bring your
on-premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL
instances are billed at a lower rate than other instances. See Frequently
Asked Questions: Oracle BYOL to PaaS.
You must own a Universal Credits subscription or Government subscription
in order to use BYOL.
Note: Before you scale up or scale out a BYOL instance, you must have
enough WebLogic Server licenses for the additional OCPUs that will be
allocated to the instance after it is scaled.
• If you choose to use your Oracle Java Cloud Service license, your account
will be charged for the new service instance according to your Oracle Java
Cloud Service agreement.
If you have both BYOL and Oracle Java Cloud Service entitlements, BYOL is
selected by default, but you can change the license type. If you have BYOL
entitlements only, BYOL is selected and you cannot change the license type. If
you do not have BYOL entitlements, the Oracle Java Cloud Service license
option is selected and you cannot change the license type.
2-56
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
Service Level Select a service level:
• Oracle Java Cloud Service—Virtual Image
Supports basic Oracle Java Cloud Service instance creation and
monitoring. This service level does not support backup and restoration;
patching; scaling, or domain partitions.
Oracle recommends using Oracle Java Cloud Service rather than Oracle
Java Cloud Service—Virtual Image for better flexibility, control, and rapid
availability of new features.
Support for this service level:
– Not supported if you have a Universal Credits subscription. This option
does not appear on the console.
– Supported for Oracle Cloud at Customer
– Supported if you have a traditional metered subscription
• Oracle Java Cloud Service
Supports Oracle Java Cloud Service instance creation and monitoring;
domain partitions; backup and restoration; patching; and scaling.
• Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter
Portal
Leverages your Oracle WebCenter Portal license on Oracle Java Cloud
Service.
Selecting this option downloads additional installation tools to the
location /u01/zips/upperstack on the Administration Server node. You
must install the product yourself after creating this service instance. See
the Provisioning Oracle WebCenter Portal Cloud Service tutorial.
This service level is only supported on WebLogic Server release 12.2.1.3
for service instances in Oracle Cloud Infrastructure and Oracle Cloud
Infrastructure Classic regions. For Oracle Cloud at Customer, only
WebLogic Server release 12.2.1.2 is supported.
You must select Enterprise Edition or High Performance Edition. Standard
Edition is not supported.
Note:
Patching is not supported for service instances where Oracle
Java Cloud Service Fusion Middleware—Oracle WebCenter
Portal, Oracle Java Cloud Service Fusion Middleware—Oracle
Data Integrator, or any other product that modifies the MW_HOME
directory are installed. If you attempt to patch a service instance
where any of these products are installed, patching prechecks
issue an error message and patching fails.
2-57
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
Infrastructure Classic regions. For Oracle Cloud at Customer, only
WebLogic Server release 12.2.1.2 is supported.
You must select Enterprise Edition or High Performance Edition. Standard
Edition is not supported.
Note:
Patching is not supported for service instances where Oracle
Java Cloud Service Fusion Middleware—Oracle WebCenter
Portal, Oracle Java Cloud Service Fusion Middleware—Oracle
Data Integrator, or any other product that modifies the MW_HOME
directory are installed. If you attempt to patch a service instance
where any of these products are installed, patching prechecks
issue an error message and patching fails.
2-58
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
Field Description
Metering Frequency This option appears only if you have a traditional metered subscription. If you
have a Universal Credits subscription, this field is absent.
Select a metering frequency to determine how you are billed for this service
instance:
• Hourly—Pay only for the number of hours that this service instance was
running during your billing period.
• Monthly—Pay one price for the full month irrespective of the number of
hours that this service instance was running.
For services that are started in the middle of a month, the price will be pro-
rated; you pay only for the partial month from the day the service instance is
created.
Topics
• Specify WebLogic Configuration
• Assign Reserved IP Addresses for a Service Instance in a Region
• Assign Reserved IP Addresses for an Oracle Database Exadata Cloud Service
Database
• Configure WebLogic Server Access
• Configure the Coherence Data Tier
• Configure the Databases
• Configure Backup and Recovery
• Configure the Load Balancer
Note:
Two tabs, Simple and Advanced, control which fields appear on the page.
Fields that appear when you select the Simple tab also appear when you
select the Advanced tab, but some fields appear only when you select the
Advanced tab.
2-59
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-60
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-61
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-62
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-63
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-64
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-65
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-66
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-67
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
On the Service Details page of the Wizard, specify details to configure the load
balancer(s) for the Oracle Java Cloud Service instance.
Complete the following fields:
2-68
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
2-69
Chapter 2
Create a Custom Oracle Java Cloud Service Instance on Oracle Cloud Infrastructure Classic
After Confirmation
After the Confirmation page closes, the Oracle Java Cloud Service console opens.
Optionally, you can click on the service instance name to view status messages. If
provisioning of your service instance fails but there are no fatal errors, the software
automatically retries provisioning, after a lag time of 60 minutes. Messages about the
auto-retry process and failed compute resources are displayed.
If you provided your email address for the Notification Email option, you will receive
an email notification when the service instance provisioning has succeeded or failed.
Next Steps
• After the service instance has been created, you can view the system messages
logged during the creation process, including error messages. Click Instance
Create and Delete History, then click the service instance name or Details.
• If the provisioning process retried provisioning automatically, some failed
resources might still exist. To clean up these failed resources, click the Complete
Cleanup button. If you click the button once and not all failed resources are
cleaned up, the Complete Cleanup button will remain. If this is the case, click the
button again and wait. Repeat this process until the button is not longer displayed
and all failed resources are cleaned up.
• If you did not select the Enable Access to Administration Consoles option, then
in order to use these tools to modify the default configuration or to deploy
applications, see Enable Console Access for a Service Instance.
• If you selected the Enable Authentication with Oracle Identity Cloud Service
option, you can use Oracle Identity Cloud Service to create additional WebLogic
2-70
Chapter 2
Create an Oracle Java Cloud Service Instance with Cloud Stack
Server users. See Use Oracle Identity Cloud Service with Oracle Java Cloud
Service.
• If you selected the Deploy Sample Application option, and want to test the
sample application, see About the Sample Application Deployed to an Oracle Java
Cloud Service Instance.
• If you associated an Oracle Real Application Cluster (RAC) database with your
service instance, Oracle recommends that you optimize communication between
the service instance and the database cluster. See Configure an Oracle Java
Cloud Service Instance for an Oracle RAC Database.
Topics:
• Get Started with Cloud Stack
• Template Parameters
• Create a Stack with the CLI
• Customize the Template
2-71
Chapter 2
Create an Oracle Java Cloud Service Instance with Cloud Stack
Video
Tutorial
Template Parameters
Certain input parameters can be customized for each stack creation.
The Oracle-JCS-DBCS-Template template includes these parameters:
To identify the parameter names to use with the CLI, view or export the template. See
Viewing a Template in Using Oracle Cloud Stack Manager.
2-72
Chapter 2
Create an Oracle Java Cloud Service Instance with Cloud Stack
Tip:
While editing a resource in a stack template, place you mouse over a
parameter name to view its description.
components:
WLS:
...
managedServerCount: 3
2-73
Chapter 2
About the Sample Application Deployed to an Oracle Java Cloud Service Instance
1. Add a second Oracle Database Cloud Service resource to your template named
dbcs2. See Creating Resources in Using Oracle Cloud Stack Manager.
2. For the database deployment’s serviceName parameter, use the Join function to
give the resource a unique name. For example:
'Fn::Join':
- ''
- - 'Fn::GetParam': serviceName
- DBCSAPP
3. Edit the Oracle Java Cloud Service resource, expand components and WLS, and
then set appDBs to the following value:
- dbServiceName:
'Fn::GetAtt':
- dbcs2
- serviceName
dbaName: sys
dbaPassword:
'Fn::GetParam': commonPwd
For example:
https://192.0.2.1:443/sample-app
IP_address is the public IP address though which you access the application:
• If your service instance has a user-managed load balancer, then use the IP
address of the load balancer node.
• If your service instance has an Oracle-managed load balancer, then use the IP
address or domain name of the load balancer that was provisioned for your
service instance.
2-74
Chapter 2
About the Sample Application Deployed to an Oracle Java Cloud Service Instance
• Otherwise, use the IP address of the first node in your service instance.
port is the port number through which you access the application:
• If your service instance has a load balancer or only one Managed Server, use port
443.
• Otherwise, use port 8002.
The default cluster_prefix is "/", unless you specified a custom value like mycluster.
See:
• Access an Application Deployed to an Oracle Java Cloud Service Instance
• About the Default Access Ports
2-75
3
Manage the Life Cycle of Oracle Java
Cloud Service Instances
After you create an Oracle Java Cloud Service instance, you can manage the instance
throughout its the life cycle through operations such as shutdown and restart; activity
monitoring; suspending requests; and health monitoring.
Topics:
• Typical Workflow for Managing the Life Cycle of Oracle Java Cloud Service
Instances
• View All Oracle Java Cloud Service Instances
• Monitor Activity
• Reserve IP Addresses
• View Detailed Information About an Oracle Java Cloud Service Instance
• View the Service Metrics for an Oracle Java Cloud Service Instance
• Suspend an Oracle Java Cloud Service Instance
• Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual
Nodes
• Delete an Oracle Java Cloud Service Instance
• Manage Tags for a Service Instance
• Identify the Cloud Infrastructure Used by a Service Instance
• Explore the Oracle Java Cloud Service Console
• Explore the Oracle Java Cloud Service Welcome Page
• Explore the Oracle Java Cloud Service Instance Overview Page
3-1
Chapter 3
View All Oracle Java Cloud Service Instances
When Oracle Coherence is enabled for a service instance: See also Overview of
Coherence Tasks for Oracle Java Cloud Service.
3-2
Chapter 3
Monitor Activity
Monitor Activity
You can view all of the cloud operations that have been performed on your Oracle
Java Cloud Service instances.
You can restrict the list of activities that are displayed by using search filters. For each
activity, you can view the operation, service name, service type, status, start time and
end time. You can also view the name of the cloud user that initiated the activity.
1. Access your service console.
2. Click the Activity tab.
3. To locate a specific activity, complete these fields in the Search Activity Log
area, and then click Search.
By default, this page displays all Oracle Java Cloud Service activities that occurred
in the previous 24 hours.
4. Optional: Select a value for Results per page to limit the maximum number of
search results.
Reserve IP Addresses
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
You can reserve IP addresses for your service by using the IP Reservations tab on the
Oracle Java Cloud Service Console.
The IP Reservations tab appears in the console if either of these conditions are true:
• Your account already has one or more existing IP reservations.
• You are in the process of creating a new service instance and you have selected a
specific Region to which to deploy the service instance.
To reserve IP addresses:
1. Navigate to the Oracle Java Cloud Service console.
2. If the IP Reservations tab is shown in the console, click this tab and skip to step
7.
3. Click Create Service and select Java Cloud Service.
The Create Service dialog is displayed.
4. Select a specific Region and click OK. You cannot reserve IP addresses if you
select the No Preference option.
The Service page of the instance creation wizard is displayed.
5. Fill out the fields and click Next.
You are going to reserve IPs, so leave the IP Network field at No Preference.
The Details page of the instance creation wizard is displayed.
3-3
Chapter 3
Reserve IP Addresses
If an IP reservation is not in use by a service instance, you can also use the IP
Reservations page to delete the IP reservation. You cannot delete an IP reservation
that is allocated to a service instance.
3-4
Chapter 3
View Detailed Information About an Oracle Java Cloud Service Instance
3-5
Chapter 3
View the Service Metrics for an Oracle Java Cloud Service Instance
6. Roll your mouse over the server icon to display the node status, status
message, and cluster.
Note:
If a load balancer is not configured, you cannot suspend the Oracle Java
Cloud Service instance.
3-6
Chapter 3
Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual Nodes
Topics
• About Stopping, Starting, and Restarting an Oracle Java Cloud Service Instance
and Individual Nodes
• Stop or Start an Instance
• Stop or Start a Node
Note:
The stop and restart procedures affect entire nodes. If you want to shut down
the WebLogic Administration Server or Managed Server processes running
on the nodes, without stopping the nodes, see Shut Down and Start Server
Processes. You might want to do this if you have other processes besides
the servers running on the nodes and you do not want to shut down these
other processes.
3-7
Chapter 3
Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual Nodes
• You can stop the nodes on which the Managed Server or the load balancer are
running to free up resources and stop metering those resources. You might also
want to stop the service instance instead of scaling, keeping the server or load
balancer ready for a later time. If you stop all Managed Servers nodes except for
one, you might want to stop the load balancer node because it is not needed.
• You can start a Managed Server or load balancer node if it is stopped and you
want to use it again. Metering begins again.
Note:
You can restart the Administration Server, and stop, start, and restart
individual Managed Servers and the load balancer only if you specified
Oracle WebLogic Server 12c (12.1.3) or Oracle WebLogic Server 12c
(12.2.1) when you provisioned the service instance. This feature is not
supported if you specified Oracle WebLogic Server 11g.
3-8
Chapter 3
Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual Nodes
The private IP address is released when the instance or node stops. When the
instance or node starts, the same address may or may not be assigned to the
instance or node.
If a different private IP address has been assigned to the instance or node when it
starts, and you have set up access rules on the private IP address, the access
rules no longer apply.
For a service instance that is attached to an IP network, you can set a static
private IP address or remove the static IP configuration when you restart a node or
start a node that was stopped. This feature ensures that a node continues to use
the same private IP address after it's restarted. This feature is supported by the
REST API only. See Stop and Start a Service Instance and Individual VMs in
REST API for Oracle Java Cloud Service.
What Happens to the Coherence Data Grid When a Service Instance is Stopped
or Started
All nodes in a Coherence data grid cluster, including the data grid servers, are stopped
when an Oracle Java Cloud Service is stopped, and started if an Oracle Java Cloud
Service instance is started.
Note:
When the service instance is stopped, all data in the Coherence cache is
lost.
Stopping, starting, and restarting Coherence data grid Managed Server nodes is not
supported. The only way you can stop or start the data tier is to stop or start the Oracle
Java Cloud Service instance.
3-9
Chapter 3
Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual Nodes
3-10
Chapter 3
Delete an Oracle Java Cloud Service Instance
3. Under Resources, beside the node you want to start or stop, click Manage this
node , and then select Stop, Start, or Restart.
4. When prompted for confirmation, click OK.
Note:
If you created a service instance by using a QuickStart template, you cannot
delete the service instance from the Oracle Java Cloud Service console.
Using a QuickStart template creates an entire stack for you , so you must
delete the entire stack from the Stack console.
The service can be running or stopped before you attempt to delete it. If the service
instance is stopped, you must check Force Delete on the Delete Service dialog for
proper schema cleanup.
When you delete an Oracle Java Cloud Service instance:
• Resources such as IP addresses are removed.
• Storage volumes attached to the VMs hosting the Oracle Java Cloud Service
instance are removed.
• The Autonomous Transaction Processing database, Oracle Cloud Infrastructure
database, or Oracle Database Cloud Service (Classic) database deployment is not
deleted when you delete the Oracle Java Cloud Service instance, only the
database repository and schemas are deleted.
If you created your instance with one Oracle Database Cloud Service (Classic)
database for Oracle required schemas and a second for application schemas,
neither database deployment is deleted. Your account continues to be charged for
the database instances. You might want to retain these database deployments for
use with other service instances; otherwise, you must delete the Oracle Database
Cloud Service (Classic) databases manually to avoid being charged for them.
• The object storage container is not deleted when you delete the Oracle Java
Cloud Service instance. However, service backups are deleted from the container
if the Administration Server VM is in a running state when the instance is deleted.
Oracle Database Cloud Service backups are not deleted.
After the service instance is deleted, your account continues to be charged for the
object storage space used. You might want to retain the data in object storage for
use with other service instances; otherwise, you must delete the storage container
manually to avoid being charged for it..
To delete an Oracle Java Cloud Service instance:
3-11
Chapter 3
Delete an Oracle Java Cloud Service Instance
Note:
This option is also available from the menu on the Oracle Java Cloud
Service Instance page.
3-12
Chapter 3
Manage Tags for a Service Instance
Topics:
• Create, Assign, and Unassign Tags
• Find Tags and Instances Using Search Expressions
2. Click Manage this instance in the instance name bar at the top.
3. Select Manage Tags or Add Tags.
If any tags are already assigned, then the menu shows Manage Tags; otherwise,
it shows Add Tags.
4. In the Manage Tags dialog box, create and assign the required tags, or unassign
tags:
• In the Assign section, in the Tags field, select the tags that you want to assign
to the instance.
• If the tags that you want to assign don't exist, then select Create and Assign
in the Tags field, and click just above the field. Enter the required new tags in
the Enter New Tags field.
• To unassign a tag, in the Unassign section, look for the tag that you want to
unassign, and click the X button next to the tag.
Note:
You might see one or more tags with the key starting with ora_.
Such tags are auto-assigned and used internally. You can’t assign or
unassign them.
• To exit without changing any tag assignments for the instance, click Cancel.
5. After assigning and unassigning tags, click OK for the tag assignments to take
effect.
3-13
Chapter 3
Manage Tags for a Service Instance
List Tags
You can get the details of all the tags available in the account as well as the tags
assigned to a service instance by using the REST API.
For each tag, the API request returns the key, the value if it exists, and a list of the
instances that are assigned the tag. See Tags and Assignments in REST API for
Oracle Java Cloud Service.
Similarly, when you use the REST API to find tags or to find instances that are
assigned specific tags, you can filter the results by appending the optional
tagFilter=expression query parameter to the REST endpoint URL.
• To find specific tags: GET paas/api/v1.1/tags/{identity_domain}/tags?
tagFilter={expression}
• To get a list of instances that are assigned specific tags: GET paas/api/v1.1/
instancemgmt/{identity_domain}/instances?tagFilter={expression}
This request returns all the tags that have the key env.
3-14
Chapter 3
Manage Tags for a Service Instance
• Enclose each key and each value in single quotation marks. And use a colon (:) to
indicate a key:value pair.
Examples:
'env'
'env':'dev'
'env':'d Finds the tag with the key env and the The following tag, or the instances
ev' value dev, or the instances that are that are assigned this tag
assigned that tag.
env:dev
• You can build a tag-search expression by using actual keys and key values, or by
using the following wildcard characters.
% (percent sign): Matches any number of characters.
_ (underscore): Matches one character.
• To use a single quotation mark ('), the percent sign (%), or the underscore (_) as a
literal character in a search expression, escape the character by prefixing a
backslash (\).
3-15
Chapter 3
Manage Tags for a Service Instance
• You can use the Boolean operators AND, OR, and NOT in your search
expressions:
'env' AND 'owner' Finds the instances that The instances that are
are assigned the tags assigned all of the
env and owner. following tags:
Note: This expression
won’t return any results env:dev
when used to search for owner:admin
tags, because a tag can
have only one key.
NOT 'env’ Finds the tags that have The following tags, or the
a key other than env, or instances that are
the instances that are assigned any of these
assigned such tags. tags or no tags:
Note: Untagged
instances as well will owner:admin
satisfy this search department
expression.
('env' OR 'owner') AND NOT Finds the tags that have The following tags, or the
'department' the key env or the key instances that are
owner but not the key assigned any of these
department, or the tags:
instances that are
assigned such tags. env:dev
owner:admin
Delete Tags
You can delete tags by using the REST API.
See Tags and Assignments in REST API for Oracle Java Cloud Service.
3-16
Chapter 3
Identify the Cloud Infrastructure Used by a Service Instance
Topics:
• What You Can Do from the Oracle Java Cloud Service Console
• What You See on the Oracle Java Cloud Service Console
What You Can Do from the Oracle Java Cloud Service Console
Use the Oracle Java Cloud Service console to perform the tasks described in the
following topics:
• About Creating an Oracle Java Cloud Service Instance
• View All Oracle Java Cloud Service Instances
• View Detailed Information About an Oracle Java Cloud Service Instance
• View the Service Metrics for an Oracle Java Cloud Service Instance
• Monitor Activity
• Add an SSH Public Key
• Delete an Oracle Java Cloud Service Instance
• Access the Administration Consoles for Oracle Java Cloud Service
• Configure a Load Balancer for a Service Instance
• Stop or Start an Instance
3-17
Chapter 3
Explore the Oracle Java Cloud Service Console
There are additional tabs on the Oracle Java Cloud Service console: Activity and
SSH Access. See:
• Monitor Activity
• Add an SSH Public Key
The following table describes the key information shown on the Oracle Java Cloud
Service console. The information displayed in the Oracle Java Cloud Service console
will vary based on whether or not you have created Oracle Java Cloud Service
instances. When you access the Oracle Java Cloud Service console for your account
for the first time and there are no Oracle Java Cloud Service instances created, any
service instance details will not be displayed. In this case, you can create a service
instance by clicking Create Instance and access information about the prerequisites
and steps for creating an instance.
Element Description
Identity Domain View service instances in the selected identity domain, or choose Multiple
to view service instances in all identity domains.
Click the user menu icon containing the initials of the user in order to access
a menu with the following options:
• Help—Provides links to documentation, videos, tutorials, and
troubleshooting information. You can also choose to download the
PaaS Service Manager (PSM) Command Line Interface (CLI).
• Accessibility—Specify whether you use a screen reader, high
contrast, and/or large fonts.
• About—Provides a description of what you can do with Oracle Java
Cloud Service, and the version of the service and UI you are using.
• Sign Out—Logs you out of the service.
Access help for this page, including documentation, tutorials, videos, and
FAQs.
Click the Contact Use button to:
• Look up Oracle contact phone numbers
• Access My Oracle Support
• Access Oracle Cloud Discussion Forums
• Chat with Oracle Support online
Click and select a choice from the menu to open the service console for one
of the Oracle Cloud Services to which you subscribe.
(In the branding bar)
Instances Click to refresh this page.
Activity Click to view all operations performed on your service instances. See
Monitor Activity.
SSH Access Click to manage SSH keys for your service instances. See Add an SSH
Public Key.
Reserved IPs Click to reserve IP addresses for your service instance. See Reserve IP
Addresses.
Welcome! Click to return to the Welcome page.
Click and select a choice from the drop-down menu to open the service
(Adjacent to the Welcome! link console for one of the Oracle Cloud Platform Services to which you
in the banner) subscribe.
Services (Summary panel) Number of Oracle Java Cloud Service instances in the identity domain.
3-18
Chapter 3
Explore the Oracle Java Cloud Service Console
Element Description
OCPUs (Summary panel) Total number of Oracle Compute Units (OCPUs) allocated across all Oracle
Java Cloud Service instances.
Memory (Summary panel) Total amount of memory in GBs allocated across all Oracle Java Cloud
Service instances.
Storage (Summary panel) Total amount of block storage in GBs allocated across all Oracle Java Cloud
Service instances.
Public IPs (Summary panel) Total number of public IP addresses allocated across all Oracle Java Cloud
Service instances.
Instances (heading) All Oracle Java Cloud Service instances in the identity domain.
Select Instance Name and enter a full or partial service instance name to
filter the list of service instances to include only the instances containing that
Search field string in their name.
Select Tags from the drop-down menu and enter a search expression to
filter service instances tagged with the tags you specify.
See Find Tags and Instances Using Search Expressions.
Click to refresh the page. The date and time the page was last refreshed is
displayed adjacent to this button.
Create Instance Select one of the following options:
• Java—Create a new Oracle Java Cloud Service instance. See About
Creating an Oracle Java Cloud Service Instance.
• Java-AppToCloud—Use the AppToCloud feature to migrate an
application. See Typical Workflow for Migrating Applications to Oracle
Java Cloud Service with AppToCloud.
Oracle Java Cloud Service instance. Click this icon to view more details.
Status icon indicating that the Oracle Java Cloud Service instance is being
created.
Status icon indicating the Oracle Java Cloud Service instance is undergoing
maintenance or terminating.
Status icon indicating that the Oracle Java Cloud Service instance wasn’t
created. This icon can also mean that the service instance has stopped. See
the Activity section of this page.
service-name Name of the Oracle Java Cloud Service instance. Click the name to view
more details.
Status Status of the service instance. Valid values include: In Progress,
Maintenance, Terminating, Stopped, and Failed.
Click the status label to view progress messages.
Note:
Running service instances do not display this
field.
Version Version of Oracle WebLogic Server configured for the Oracle Java Cloud
Service instance.
Edition Software edition. Valid values include: Standard, Enterprise, or Suite.
3-19
Chapter 3
Explore the Oracle Java Cloud Service Console
Element Description
Tags Tags assigned to the service instance. The first tag is displayed. To see all
tags assigned to the service instance, hover over the tag name and click
More.
Nodes Number of nodes allocated for the Oracle Java Cloud Service instance.
If your service instance has multiple clusters, the Nodes value is the sum of
all the nodes in all the clusters.
When Oracle Coherence is enabled for a service instance: This number
includes the application tier nodes (storage-disabled) and Coherence data
tier nodes (storage-enabled).
Coherence Flag indicating that Oracle Coherence is configured for the Oracle Java
Cloud Service instance. If not configured, this field does not appear.
Submitted On When status is In Progress, date and time in UTC that the Oracle Java
Cloud Service instance creation request was submitted.
Created On When provisioning is complete, date and time in UTC that the Oracle Java
Cloud Service instance was created.
OCPUs Number of OCPUs allocated for the Oracle Java Cloud Service instance.
If your service instance has multiple clusters, the OCPUs value is the sum of
all OCPUs used in all the clusters.
Memory Amount of memory in GBs allocated for the Oracle Java Cloud Service
instance.
Storage Amount of storage in GBs allocated for the Oracle Java Cloud Service
instance.
Icon indicating that the service instance is a clone.
3-20
Chapter 3
Explore the Oracle Java Cloud Service Console
Element Description
(adjacent to the service instance Instance menu icon provides the following options:
name) • Open WebLogic Server Console—Open the WebLogic Console to
administer your application environment. See Access the Administration
Consoles for Oracle Java Cloud Service.
• Open Fusion Middleware Control Console—Open Fusion
Middleware Control to administer your application environment. See
Access the Administration Consoles for Oracle Java Cloud Service.
• Open Load Balancer Console—Open the console to administer the
load balancer, if the load balancer has been configured for the service
instance. See Access the Administration Consoles for Oracle Java
Cloud Service and Configure a Load Balancer for a Service Instance.
• Start—Starts the service instance.
• Stop—Stops the service instance.
• View Service Metrics—Displays a graph of heap usage for all servers,
overall Managed Servers, Overall Administration Server, and individual
Managed Servers. If a load balancer is present, you can select to see
response time. See View the Service Metrics for an Oracle Java Cloud
Service Instance.
• Manage Access Rules—Opens the Access Rules page, which
enables you to create and manage access rules for selected sources
and destinations.
See Create an Access Rule.
• Add SSH Access—Add public SSH keys to the VMs that make up this
service instance. See Add an SSH Public Key
• Define Auto Scaling Rules—Opens a page that enables you to create
scaling rules.
• Delete—Deletes the service instance. See Delete an Oracle Java
Cloud Service Instance.
The administration console choices will only appear if you have selected to
enable administration console access when you created the service
instance.
Instance Create and Delete Shows details about created or deleted service instances.
History • Show only failed attempts—Check this box if you want to see failed
attempts only.
• Details—Displays system messages logged during the creation or
deletion process. Messages include information about auto-retry
attempts.
• Complete Cleanup— This button appears only if there are failed
resources created during a successful auto-retry process. If you select
this button, the failed resources are deleted. You might have to press
the button again and wait, repeating this process until the button is no
longer displayed.
• Retry Delete—This button appears only if an attempt to delete a failed
service instances is unsuccessful. The software cleans up failed
resources and tries again to delete the service instance. You might
have to press the button again and wait, repeating this process until the
button is no longer displayed.
3-21
Chapter 3
Explore the Oracle Java Cloud Service Welcome Page
Topics:
• What You Can Do from the Oracle Java Cloud Service Welcome Page
• What You See on the Oracle Java Cloud Service Welcome Page
What You Can Do from the Oracle Java Cloud Service Welcome Page
Use the Oracle Java Cloud Service Welcome page to perform the following tasks:
• Get started by stepping through the Getting Started Using Oracle Java Cloud
Service tutorial.
• Discover Oracle Java Cloud Service by watching video demonstrations of key
tasks.
• Learn what’s new and noteworthy in the current release of Oracle Java Cloud
Service.
• Learn about Oracle Java Cloud Service by selecting your role, and view
documentation specifically chosen for your role.
• Navigate to the Oracle Java Cloud Service Console.
What You See on the Oracle Java Cloud Service Welcome Page
The following table describes the key information shown on the Oracle Java Cloud
Service Welcome page.
Element Description
Identity Domain View service instances in the selected identity domain, or choose Multiple
to view service instances in all identity domains.
Click the user menu icon containing the initials of the user in order to access
a menu with the following options:
• Help—Provides links to documentation, videos, tutorials, and
troubleshooting information. You can also choose to download the
PaaS Service Manager (PSM) Command Line Interface (CLI).
• Accessibility—Specify whether you use a screen reader, high
contrast, and/or large fonts.
• About—Provides a description of what you can do with Oracle Java
Cloud Service, and the version of the service and UI you are using.
• Sign Out—Logs you out of the service.
Access help for this page, including documentation, tutorials, videos, and
FAQs.
Click the Contact Use button to:
• Look up Oracle contact phone numbers
• Access My Oracle Support
• Access Oracle Cloud Discussion Forums
• Chat with Oracle Support online
3-22
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Instances Click to navigate to the Oracle Java Cloud Service Console. See Explore
the Oracle Java Cloud Service Console.
Activity Click to view all operations performed on your service instances. See
Monitor Activity.
SSH Access Click to manage SSH keys for your service instances. See Add an SSH
Public Key.
IP Reservations Click to manage the IP reservations for your service instances. See Reserve
IP Addresses.
Watch Video Click to see a video about how to get started with Oracle Java Cloud
Service.
Follow Tutorial Click to see a video about how to get started with Oracle Java Cloud
Service.
Go to Console Click to navigate to the Oracle Java Cloud Service Console. See Explore
the Oracle Java Cloud Service Console.
Welcome! Click to refresh this page.
See what’s new and noteworthy in Click to read What’s New in Oracle Java Cloud Service.
this release
Discover Watch videos that demonstrate how to perform key tasks.
Learn Click your role to view documentation specifically chosen for your role.
Topics:
• What You Can Do from the Oracle Java Cloud Service Instance Overview Page
• What You See on the Oracle Java Cloud Service Instance Overview Page
What You Can Do from the Oracle Java Cloud Service Instance Overview Page
Use Oracle Java Cloud Service Instance Overview page to perform the tasks
described in the following topics:
• View Detailed Information About an Oracle Java Cloud Service Instance
• View the Service Metrics for an Oracle Java Cloud Service Instance
Note that you can click on the service instance name on the View Metrics screen
to return to the Oracle Java Cloud Service Instance Overview page.
• Access the Administration Consoles for Oracle Java Cloud Service
• Stop, Start, and Restart an Oracle Java Cloud Service Instance and Individual
Nodes
• Disable or Enable the Load Balancer for an Oracle Java Cloud Service Instance
3-23
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
• Click the Administration tile to backup, restore, and patch an Oracle Java Cloud
Service instance. See:
– Back Up and Restore an Oracle Java Cloud Service Instance
– Patch an Oracle Java Cloud Service Instance
• Scale up/down, out, and automatically. See:
– Scale Out a Cluster
– Scale In a Cluster
– Scale Out a Coherence Data Grid
– Scale In a Coherence Data Grid
– Scale a Node
– Scale Automatically
What You See on the Oracle Java Cloud Service Instance Overview Page
The following table describes the key information shown on the Oracle Java Cloud
Service console.
Element Description
Oracle Java Cloud Service link Click this link to return to the Oracle Java Cloud Service Console.
Identity Domain View service instances in the selected identity domain, or choose Multiple to
view service instances in all identity domains.
Access help for this page, including documentation, tutorials, videos, and FAQs.
Click the Contact Use button to:
• Look up Oracle contact phone numbers
• Access My Oracle Support
• Access Oracle Cloud Discussion Forums
• Chat with Oracle Support online
Click the user menu icon containing the initials of the user in order to access a
menu with the following options:
• Help—Provides links to documentation, videos, tutorials, and
troubleshooting information. You can also choose to download the PaaS
Service Manager (PSM) Command Line Interface (CLI).
• Accessibility—Specify whether you use a screen reader, high contrast,
and/or large fonts.
• About—Provides a description of what you can do with Oracle Java Cloud
Service, and the version of the service and UI you are using.
• Sign Out—Logs you out of the service.
3-24
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Displays information about the service instance:
• Service Level—The service level you selected on the Instance page of the
provisioning wizard.
• Region—Where the service instance is located.
• Created By—User who created the service instance.
• Created On—Date on which the service instance was created.
• License—Cloud License or BYOL.
• Identity Domain—Identity domain in which the instance was created.
• IP Network—The IP network assigned to the service instance.
• Metering Frequency—Hourly or Monthly, depending on what you selected
on the Instance page of the provisioning wizard.
• Subscription Id—The ID for the entitlement that enabled you to create the
service instance.
3-25
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
(in the page header) Menu icon provides the following options:
• Open WebLogic Server Administration Console—Open the WebLogic
Administration Console to administer your application environment.
• Open Fusion Middleware Control Console—Open Fusion Middleware
Control to administer your application environment.
• Open Load Balancer Console—Open the console to administer the load
balancer, if a local load balancer has been configured for the service
instance.
Note that access to the administrative consoles is disabled by default.
When you create a service instance, you can enable consoles by selecting
a check box on the Details page of the instance creation wizard. For an
instance this is already created, you must create an access rule in order to
activate the console choices. See Enabling Console Access in an Oracle
Java Cloud Service.
• Start—Start the nodes for the Administration Server, Managed Servers,
load balancer, and Managed Servers on the Coherence data tier (if
provisioned).
• Stop—Stop the nodes for the Administration Server, Managed Servers,
load balancer, and Managed Servers on the Coherence data tier (if
provisioned).
• Restart—Stop and then immediately restart all the nodes in the service
instance.
• Scale Out—Adds a managed server node.
• Define Auto Scaling Rules—Opens the Add Rule dialog box, which opens
the Rules page where you can configure auto-scaling rules.
• Change License Type—Opens the Change License Type dialog box,
which enables you to choose whether to leverage your existing on-
premises (BYOL) license or use your Oracle Java Cloud Service cloud
license.
• Add Load Balancer—Add a user-managed load balancer to this service
instance.
• Disable/Enable Load Balancer—Depending on the selection, either
blocks access to the service instance or forwards the requests it receives
from clients to the Oracle WebLogic Server Managed Servers.
• Manage Access Rules—Create and manage rules to control access to the
nodes for this service instance.
• Add SSH Access—Add public SSH keys to the nodes that make up this
service instance.
• Manage Tags/Add Tags—Either remove or add tags to a service instance.
Manage Tags appears if a tag already exists for the service instance. Add
Tags appears if no tags exist for the service instance.
• Enable Backups—Enable backups for this service instance.
• View Activity—View all administrative activities that have been performed
on your service instances.
• View Instance Metrics—View performance metrics for this service
instance.
3-26
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Note:
This menu is disabled when the service instance
is stopped.
Note:
This menu is disabled when the service instance
is stopped. When the service instance is stopped,
you cannot stop, start, or restart a Managed
Server VM, or remove or scale a Managed Server
node.
WebLogic Server Version Version of Oracle WebLogic Server configured for the Oracle Java Cloud
Service instance.
Description Description of the Oracle Java Cloud Service instance.
Click to refresh the page. The date and time the page was last refreshed is
displayed adjacent to this button.
3-27
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Click the start/stop/restart/add node/monitor icons:
• Start Service—Starts the nodes for the Administration Server, Managed
Servers, load balancer, and Managed Servers on the Coherence data tier
(if provisioned).
• Stop Service—Stops the nodes for the Administration Server, Managed
Servers, load balancer, and Managed Servers on the Coherence data tier
(if provisioned).
• Restart Service—Restart the nodes for the Administration Server,
Managed Servers, load balancer, and Managed Servers on the Coherence
data tier (if provisioned).
• Add a node to this service—Select from two menu options:
– Add Node
—Adds a managed server node.
– Auto Scaling
—Opens the Rules page, which where you can view and configure
auto-scaling rules.
You cannot scale an Oracle Java Cloud Service—Virtual Image instance.
• Display monitoring information—Displays similar monitor icons beside
each node. Click these individual icons to see:
– Date and time each node was last started.
– For each server, the percent of heap space used as compared to the
total heap space in GBs available. If you click the percentage number,
the heap usage graph is displayed.
Status Status of the service instance. Valid values include: Ready, In Progress,
Maintenance, Terminating, Stopped, and Failed.
Backup Destination Remote, local, or both remote and disk storage.
IDCS Application Link that opens the Oracle Identity Cloud Service console, specifically to the
page pertaining to the Oracle Identity Cloud Service application that’s created
automatically for each Oracle Java Cloud Service instance. This link appears
only if you selected Enable Authentication with Oracle Identity Cloud
Service when you provisioned the Oracle Java Cloud Service instance.
In the Oracle Identity Cloud Service console, you can configure advanced
security settings such as users, roles, and web tier policies for the instance.
Object Storage Container Name of the cloud storage container you specified when you created the
service instance.
License Displays BYOL or Cloud License, depending on which license model you
specified when you created the service instance.
BYOL (Bring Your Own License)—The service instance leverages your on-
premises license.
Cloud License—The service uses your Oracle Java Cloud Service license.
Change opens the Change License Type dialog box, which enables you to
choose whether to leverage your on-premises license or subscribe to Oracle
Java Cloud Service. You can change the license type only if your account has
both BYOL and cloud license entitlements.
(Not available on Oracle Cloud at Customer)
Version Version of Oracle WebLogic Server configured for the Oracle Java Cloud
Service instance. Also displays whether domain partitions are enabled.
JDK Java Development Kit version used by the WebLogic Servers.
3-28
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Open Sample Application Link to the sample application, if you selected to deploy it when you provisioned
the Oracle Java Cloud Service instance. See About the Sample Application
Deployed to an Oracle Java Cloud Service Instance.
Tags Tags assigned to the service instance. The first tag is displayed. To see all tags
assigned to the service instance, hover over the tag name and click More.
Click the Overview tile to access the Oracle Java Cloud Service Instance
Overview page (this page) at anytime. The Overview tile displays the number of
running nodes for the Oracle Java Cloud Service instance.
When Oracle Coherence is enabled for a service instance, the number of nodes
includes the application tier nodes (storage-disabled) and the Coherence data
tier nodes (storage-enabled).
Click the Administration tile to backup and restore, and patch an Oracle Java
Cloud Service instance. You can also create snapshots from a service instance
and clone the snapshots. See:
• Back Up and Restore an Oracle Java Cloud Service Instance
• Patch an Oracle Java Cloud Service Instance
• About Snapshots and Clones
The Administration tile displays the number of patches applied and the date of
last backup.
3-29
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Provides information about the Administration Server or Managed Server.
Administration Server
• Administration Server Domain domainName—Tag that identifies the
Administration or node as the Administration Server and lists the domain name.
Managed Servers
• Public IP—Public IP address of the Administration Server. If you chose not
to assign public IP addresses to the nodes in the service instance, this field
displays the fully-qualified host name of the Administration Server.
• Fault Domain—Fault domain where the service instance is located. Each
fault domain is an isolated grouping of hardware and infrastructure within
an availability domain. (Available only on Oracle Cloud Infrastructure)
• Instance— Names of the servers used by the resource.
• Availability Domain— The availability domain in the region in which the
service instance is located. A region can have multiple isolated availability
domains. (Available only on Oracle Cloud Infrastructure)
• OCPUs—Number of Oracle CPUs allocated to the node.
• Memory—Amount of memory in GBs allocated to the node.
• Storage—Amount of storage in GBs allocated to the node.
Healthcheck Details for Administration Server
Appears after you click the monitoring icon at the top of the screen, and click
the icon next to Instance.
• Admin Server Up Since—Date and time the server started.
• Heap Usage—The percentage heap space used as compared to the total
heap space in GBs available. Appears only after you click the Monitoring
icon.
• Managed Server Up Since—Date and time the server started.
• Heap Usage—The percentage heap space used as compared to the total
heap space in GBs available.
Managed Server:
• Host Name—Host name of the Managed Server.
• Public IP—Public IP address of the Managed Server. If you chose not to
assign public IP addresses to the nodes in the service instance, this field
displays the fully-qualified host name of the Managed Server.
• Instance— Identifies the Managed Server.
• OCPUs—Number of Oracle CPUs allocated to the node.
• Memory—Amount of memory in GBs allocated to the node.
• Storage—Amount of storage in GBs allocated to the node.
Healthcheck Details for Managed Server
Appears after you click the monitoring icon at the top of the screen, and click
the icon next to Instance.
• Managed Server Up Since—Date and time the server started.
• Heap Usage—The percentage heap space used as compared to the total
heap space in GBs available.
(Advanced) If you have created multiple clusters, each server is described
separately. You can mouse-over the server icon to see which cluster the server
belongs to.
3-30
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Click the icon to view details about the data tier.
• Shape—Compute shape for all nodes configured by a capacity unit. For
example: oc5.
• Hosts—Lists the host names for the Managed Servers configured in the
cluster.
(available only when Oracle If you need to identify the IP addresses for the nodes in the data tier cluster,
Coherence is enabled for the access the Oracle Cloud Infrastructure Compute console.
service instance)
Coherence Data Tier Information about the storage-enabled nodes and capacity configured for the
(available only when Oracle Coherence data tier:
Coherence is enabled for the • OCPUs—Number of Oracle CPUs allocated to the Coherence data tier
service instance) nodes.
• Memory—Amount of memory in GBs allocated to the Coherence data tier
nodes.
• Storage—Amount of storage in GBs allocated to the Coherence data tier
nodes.
• Data Grid Cluster—Name of the data grid cluster created if creating a data
grid cluster was specified when the service instance was created.
• Instance— Name of the server used by the data grid.
Note that when you stop or start the Oracle Java Cloud Service instance, all the
virtual machines for the Managed Servers on the Coherence data tier will also
stop or start. You cannot stop or start the data tier virtual machines individually.
If an Oracle Traffic Director load balancer is provisioned, identifies information
about the load balancer on the cluster:
• State—Shows whether the load balancer is enabled or disabled.
Load Balancer • Host Name—Name of the Oracle Traffic Director (OTD).
• Public IP—Public IP address of the load balancer. If you chose not to
assign public IP addresses to the nodes in the service instance, this field
displays the fully-qualified host name of the load balancer.
• Instance—Name of the server used by the load balancer.
• OCPUs—Number of Oracle CPUs allocated to the OTD.
• Memory—Amount of memory in GBs allocated to the OTD.
• Storage—Amount of storage in GBs allocated to the OTD.
3-31
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Load Balancer (Managed) Shows details about the Oracle Cloud Infrastructure Compute Classic managed
load balancer configured for your Oracle Java Cloud Service instance.
• URL— HTTPS URL of the JCS Service instance including the port number
(Default 443). Clients use the base URL to access applications.
• Type—Shows the endpoint classification:
– Public—Internet-facing
– Private—Private endpoint, typically used for internal communication in
a private network
– Management—Private endpoint typically, used for administrative or
service management communication
• Status—Shows whether the load balancer is enabled or disabled. You can
disabled by using the Menu beside the URL. If you disable the load
balancer, you will receive an HTTP error.
• Listener—Name (Read only)
– Path Prefixes—By default a single path prefix will be set for the
default cluster in case of single cluster Oracle Java Cloud Service
instance.
If multiple clusters are provisioned as part of the JCS instance then
each cluster will have seperate LB listener with default path prefix as
the cluster name /.
In case of multiple clusters, you can provide a specific path prefix of
your choice.
– Origin Servers—IP addresses of the origin servers
– You can disable listeners by using the Menu beside the listener.
• Aliases—The URL Aliases resolve to the same front-end URL of the
service
– Shows the friendly URL of the pattern : https://ServiceName-
AccountName.Data Jurisdiction.oraclecloud.com
– Permanent URL of the pattern : https://ServiceGUID.Data
Jurisdiction.oraclecloud.com
The permanent URL does not change during the life of the service.
3-32
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
Associations Information about the Oracle Database Cloud Service database deployments
used by the Oracle Java Cloud Service instance, and, if the service instance is
a clone, about the source service instance.
Note: Oracle Autonomous Transaction Processing and Oracle Cloud
Infrastructure databases are not shown here.
Database Deployments
If the instance is based on multiple database deployments (one for the Oracle
required schema and up to four for the application schemas), information for all
database deployments is displayed.
A database deployment can be a clone.
• Instance Name—Name of the Database Cloud Service database
deployments used by the Oracle Java Cloud Service instance. The names
were specified during the process of creating the Oracle Java Cloud
Service instance.
Click the Database Cloud Service name to display the Instance Overview
page for the database deployment.
• Service Type—Database Cloud Service
• Type—Depends On
The Oracle Java Cloud Service instance requires the specified schema
database deployment.
• Status—Displays the state of the database deployment, for example,
Ready or Maintenance.
• Manage Associations menu —Choose from the following:
– View Details—Displays the Association Name, Status, Description,
Service Name, Type, and Usage Type.
– Reassociate Database—Opens the Reassociate Database dialog
box, which enables you to change the current infrastructure database
to a different one. You cannot reassociate an application database.
See Associate an Oracle Java Cloud Service Instance with a Different
Database.
(Available only on Oracle Cloud Infrastructure Classic)
Source for the Clone
The cloned source snapshot instance is shown here.
This section is displayed only if service instance is a clone.
• Service Name—Name of the source instance for the cloned Oracle Java
Cloud Service instance.
Click the service name to display the Instance Overview page for the
source service instance.
• Service Type—Oracle Java Cloud Service
• Type—Depends on
The cloned instance depends on the Oracle Java Cloud Service instance.
You cannot delete a source service instance if it is cloned.
• Association Status—Displays the state of the cloned instance, for
example, Ready or Maintenance.
3-33
Chapter 3
Explore the Oracle Java Cloud Service Instance Overview Page
Element Description
In-Progress Operation Messages Details about an operation such as scaling, backup, or patching while the
operation is in progress.
• Instance Name—Service on which the operation is running.
• Operation—Identifies the operation in progress, scale-out, for example.
• Operation Status—Reports the status of the current operation, Running,
for example.
• Start Time—Date and time the operation started.
• End Time—Date and time at which the operation completed. If the
operation is in progress, this field is left blank.
As the operation runs, messages are displayed with information about the
operation’s progress.
3-34
4
Administer Oracle Java Cloud Service
Software
From an Oracle Java Cloud Service instance, you can access the administration
consoles and also individual nodes in order to run utilities such as the WebLogic
Scripting Tool (WLST).
Topics:
• Set Up Fast and Secure Connections to Oracle Cloud
• Access the Administration Consoles for Oracle Java Cloud Service
• Access a Node with a Secure Shell (SSH)
• Use WLST to Administer a Service Instance
• Shut Down and Start Server Processes
• About JVM Heap Settings
• About Data Sources
• Manage Associations for a Service Instance
• Connect an Oracle Java Cloud Service Instance to an Application Database
• Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database
• Configure a Vanity Domain Name for a Service Instance
• Configure a Custom URL for an Application Deployed to a Service Instance
• Configure a Custom URL for the WebLogic Server Console
• Configure a Custom URL for the Sample Application
• Monitor Applications with Oracle Java Flight Recorder and Oracle Java Mission
Control
• Administration Best Practices
4-1
Chapter 4
Set Up Fast and Secure Connections to Oracle Cloud
your internet connection and other factors. The security of your connection would
depend on the protocol you use. For example, traffic over SSH and HTTPS
connections is encrypted; HTTP traffic isn’t encrypted. Oracle offers the following
faster and more secure solutions to connect to Oracle Cloud.
Topics
• Oracle Cloud Infrastructure FastConnect
• VPN
VPN
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
With Oracle's VPN solutions, all the data to and from Oracle Cloud is transported in an
encrypted form over IPSec-based tunnels through the internet.
Speed: The speed depends on the bandwidth of your internet connection.
Cloud endpoints: You can connect to the public and private IP addresses of the
compute nodes in Oracle Cloud.
Setup: You must create a VPN gateway in the cloud (one gateway per site or region)
and connect it to an on-premises VPN gateway.
The VPN setup procedure depends on the cloud network type (IP network or shared
network) that your nodes are attached to and your on-premises gateway device type.
4-2
Chapter 4
Access the Administration Consoles for Oracle Java Cloud Service
Topics:
• Access an Administration Console for a Service Instance
• Access the Console of a Related Oracle Cloud Service
4-3
Chapter 4
Access the Administration Consoles for Oracle Java Cloud Service
Note:
By default, if you created your service instance in an Oracle Cloud
Infrastructure Classic region, external access to these administration
consoles is disabled for security purposes. If you did not enable console
access while provisioning your service instance, see Enabling Console
Access in an Oracle Java Cloud Service Instance. If you created your service
instance in an Oracle Cloud Infrastructure region, this procedure is not
necessary. Access to the administration consoles is enabled by default in
these regions.
Note:
If you created your service instance and chose not to assign public IP
addresses, then these administration consoles are not directly accessible
from the Internet. They are accessible only from within your private IP
network, or from your on-premises data center over a VPN network.
Note:
Prior to modifying the default configuration of these software components,
see Administration Best Practices. For example, if you disable a console or
modify the default port number used to access it, the shortcuts described
here may not work.
To access a console:
1. Access the Oracle Java Cloud Service console.
2. Click Manage this instance for the desired service instance, and then open
the console that you want to access:
A new browser opens and you are redirected to the selected console’s login page.
If the server is protected with a self-signed certificate, you will be warned that this
certificate is not trusted.
3. Accept the certificate if prompted. These steps are browser-dependent.
• If you are using Firefox, click Advanced , click Add Exception and then click
Confirm Security Exception.
• If you are using Chrome, click Advanced and then click Proceed.
4-4
Chapter 4
Access a Node with a Secure Shell (SSH)
4. When the console login page appears, enter the Oracle WebLogic Server user
name and password you provided when you created the service instance.
If you created this service instance from a QuickStart template, these credentials
were generated for you and placed in an archive file that you downloaded to your
local machine.
2. Click the menu at the top left of the page, expand Services, and then
choose the service that you want to access.
For example, choose Database Classic to access the Oracle Database Cloud
Service console.
Oracle Cloud uses SSH to access the nodes that comprise your service instances, in
order to perform predefined Platform Service actions like backup and patching.
You initiate these Platform Service actions from the web console, CLI, or REST API. A
separate SSH key pair is used for each service instance to perform this internal
communication. This SSH key is not available for ad hoc usage. You cannot delete
this key from nodes or it will cause these Platform Service actions to fail. The key is
only used under programmatic control and cannot be directly accessed by Oracle
employees. All SSH actions performed by Oracle Cloud on your nodes are logged and
can be audited. Oracle does not have access to any SSH keys residing on your nodes
and has no way to access your nodes, unless you explicitly provide access to the keys
for troubleshooting purposes.
Note:
If you created your service instance in an Oracle Cloud Infrastructure Classic
region and chose not to assign public IP addresses, then the nodes in your
service instance are not directly accessible from the Internet. They are
accessible only from within your private IP network, or from your on-premises
data center over a VPN network.
4-5
Chapter 4
Access a Node with a Secure Shell (SSH)
Note:
Prior to making changes to the operating system or the Oracle software on a
node, see Administration Best Practices.
Topics:
• Generate a Key Pair with OpenSSH
• Connect to a Node with OpenSSH
• Create an SSH Tunnel to a Node with OpenSSH
• Connect to a Private Node with OpenSSH
• Generate a Key Pair with PuTTY
• Convert a Private Key with PuTTY
• Connect to a Node with PuTTY
• Create an SSH Tunnel to a Node with PuTTY
• Connect to a Node with VNC
• Switch Users on a Node
• Add an SSH Public Key
• Add an SSH User
Note:
While a passphrase is not required, Oracle recommends using one as a
security measure to protect the private key from unauthorized use. When
you specify a passphrase, a user must enter the passphrase every time
the private key is used.
4-6
Chapter 4
Access a Node with a Secure Shell (SSH)
4-7
Chapter 4
Access a Node with a Secure Shell (SSH)
• The path to the private key that corresponds to the public key that you
specified when you created this service instance.
• The node’s public IP address.
• The port number on the node to which you want to connect. The SSH tunnel
enables connectivity to this remote port by using the port with same number
on your local computer.
The command format is: ssh -i path_to_private_key -
L port:node_IP_address:port opc@node_IP_address -N
For example: ssh -i /home/myuser/id_rsa -L 9001:203.0.113.13:9001
[email protected] -N
5. If prompted, enter the passphrase for the private key.
Applications that are running on your local computer can now communicate with the
node by using localhost:port, where port is the local port number.
After your work with the SSH tunnel is completed, press Ctrl+C to close the SSH
tunnel.
4-8
Chapter 4
Access a Node with a Secure Shell (SSH)
Note:
While a passphrase is not required, Oracle recommends using one as a
security measure to protect the private key from unauthorized use. When
you specify a passphrase, a user must enter the passphrase every time
the private key is used.
11. Paste the copied text into the editor. Do not insert any line breaks.
12. Save the public key file to the same location as the private key file.
13. Optional: Create a copy of the private key in the OpenSSH format.
a. From the PuTTY Key Generator window, click Conversions, and then select
Export OpenSSH key.
4-9
Chapter 4
Access a Node with a Secure Shell (SSH)
b. Save the converted private key file to the same location as the .ppk file. Use a
different file extension such as .openssh.
Note:
While a passphrase is not required, Oracle recommends using one as a
security measure to protect the private key from unauthorized use. When
you specify a passphrase, a user must enter the passphrase every time
the private key is used.
4-10
Chapter 4
Access a Node with a Secure Shell (SSH)
5. In the Host Name (or IP address) field, enter the public IP address of the node.
6. In the Category navigation tree, expand Connection, and then click Data.
7. In the Auto-login username field, enter opc.
8. In the When username is not specified field, select Prompt.
9. In the Category tree, expand Connection, expand SSH, and then click Auth.
10. Under Private key file for authentication, click Browse.
11. Navigate to the location of your private key file, and select it. Click Open.
This private key corresponds to the public key that you specified when you created
this service instance.
Note:
The .ppk file extension indicates that the private key is in PuTTY's
proprietary format. You must use a key of this format when using PuTTY.
If Oracle Cloud generated this key for your service instance, see the
PuTTY documentation for information about converting the key format.
12. Optional: To save this session configuration, click Session in the Category tree,
and then click Save.
To load a saved configuration, select the configuration name, and then click Load.
13. Click Open.
4-11
Chapter 4
Access a Node with a Secure Shell (SSH)
13. Navigate to the location of your private key file, and select it. Click Open.
This private key corresponds to the public key that you specified when you created
this service instance.
Note:
The .ppk file extension indicates that the private key is in PuTTY's
proprietary format. You must use a key of this format when using PuTTY.
If Oracle Cloud generated this key for your service instance, see the
PuTTY documentation for information about converting the key format.
14. In the Category tree, expand SSH, and then click Tunnels.
where IP is the IP address of the node and port is the port number on the node to
which you want to connect.
16. In the Source Port field, enter the same port number.
18. Optional: To save this session configuration, click Session in the Category tree,
and then click Save.
To load a saved configuration, select the configuration name, and then click Load.
19. Click Open.
20. If prompted, enter the passphrase for the private key.
Applications that are running on your local computer can now communicate with the
node by using localhost:port, where port is the local port number.
After your work with the SSH tunnel is completed, press Ctrl+C to close the SSH
tunnel.
4-12
Chapter 4
Access a Node with a Secure Shell (SSH)
By default, the VNC server on a node in Java Cloud Service uses a port that is not
directly available through the Internet. An SSH tunnel enables access to the node’s
VNC server port on your local computer. An SSH tunnel also ensures that all VNC
communication uses a secure protocol.
1. Access your service console.
2. Click the name of the service instance that contains the node that you want to
access.
3. On the Overview page, identify the Public IP address of the node that you want to
access.
For example, 203.0.113.13.
4. From your computer, run the ssh command to connect to the node as the opc
user.
Provide the path to the private key that corresponds to the public key that you
specified when you created this service instance, and the node’s public IP
address.
The command format is: ssh -i path_to_private_key opc@node_IP_address
For example: ssh -i /home/myuser/id_rsa [email protected]
5. If prompted, enter the passphrase for the private key.
6. Switch to the oracle user.
sudo su - oracle
This Linux property controls whether or not the desktop prompts you for the user’s
password when in screensaver mode.
8. Start the VNC server on the node, and if necessary change the screen resolution
to match the resolution of your local computer. For example, to 1680 x 1050.
By default, the listen port is 5901 for VNC session :1 , port 5902 for VNC
session :2, and so on.
11. Disconnect from the node.
exit
4-13
Chapter 4
Access a Node with a Secure Shell (SSH)
12. Run the following command to open an SSH tunnel to localhost:vnc_port on the
node.
The command format is: ssh -i path_to_private_key -
L vnc_port:localhost:vnc_port opc@node_IP_address -N
For example: ssh -i /home/myuser/id_rsa -L 5901:localhost:5901
[email protected] -N
13. If prompted, enter the passphrase for the private key.
15. When prompted, enter the password that you previously configured for this VNC
session.
After your work with the SSH tunnel is completed, press Ctrl+C on your local computer
to close the SSH tunnel.
To terminate the VNC server on the node, run the command vncserver —
kill :display_num. For example, vncserver —kill :1
Note:
There is no default password for the opc user.
sudo su - oracle
Note:
There is no default password for the oracle user.
4-14
Chapter 4
Access a Node with a Secure Shell (SSH)
sudo -s
Caution:
Avoid using the root user except to perform privileged OS administration
tasks.
4-15
Chapter 4
Access a Node with a Secure Shell (SSH)
Note:
Use caution when making modifications to a node’s OS configuration as the
root user. Certain changes might cause other Java Cloud Service
management operations to fail.
Note:
Alternatively, you can create a new SSH key pair for the new user, and
paste the contents of the public key into the user’s authorized_keys file.
Do not add extra lines or line breaks.
Important:
The AllowUsers parameter must be placed before any Match parameters
in the sshd_config file.
4-16
Chapter 4
Use WLST to Administer a Service Instance
Caution:
Correct any errors described in the output. Otherwise, the SSH service
will not start properly and you will not be able to reconnect to this node.
Note:
Prior to modifying the default WebLogic Server configuration in your service
instance, see Administration Best Practices.
Topics
• About WLST Online and Offline
• Run WLST Commands on a Node
• Run WLST Commands from a Different Host
4-17
Chapter 4
Use WLST to Administer a Service Instance
cd $DOMAIN_HOME/bin
. ./setDomainEnv.sh
You must use the . to ensure that the environment variables are set in the current
shell.
4. Launch WLST:
$COMMON_COMPONENTS_HOME/common/bin/wlst.sh
For example:
connect('weblogic', 'password', 'service-wls-1:7001')
You can now use WLST. Refer to the WLST Command and Variable Reference in one
of the following publications:
• WLST Command Reference for WebLogic Server (12.2.1.4)
• WLST Command Reference for WebLogic Server (12.2.1.3)
• WLST Command Reference for WebLogic Server (12.1.3)
• WebLogic Scripting Tool Command Reference (10.3.6)
4-18
Chapter 4
Use WLST to Administer a Service Instance
export WLST_PROPERTIES="-
Dweblogic.security.SSL.ignoreHostnameVerification=true -
Dweblogic.security.TrustKeyStore=DemoTrust"
4. Navigate to your Oracle WebLogic Server installation and launch WLST using the
wlst.sh script.
/Middleware_Home/oracle_common/common/bin/wlst.sh
5. From the WLST prompt, connect to the Administration Server at port 7002. Specify
the WebLogic Server administrative credentials that you specified when you
created the service instance.
For example:
If you are accessing the Administration Server node via an SSH tunnel, connect to
localhost:9001 instead.
You can now use WLST to execute additional commands. Refer to the WLST
Command and Variable Reference in one of the following publications:
• WLST Command Reference for WebLogic Server (12.2.1.4)
• WLST Command Reference for WebLogic Server (12.2.1.3)
4-19
Chapter 4
Shut Down and Start Server Processes
Topics
• Use the WebLogic Server Administration Console to Shut Down Servers
• Use WLST Commands to Start the Administration Server
• Use the WebLogic Server Administration Console to Start Managed Servers
2. Click Manage this instance for the desired service instance, and then select
Open WebLogic Server Administration Console.
3. Enter the WebLogic Server administrator user name and password you provided
when you created the service instance.
4. From the WebLogic Server Administration Console, under Domain Structure,
expand Environment.
5. Click Servers.
From the Configuration tab of the Summary of Servers page, notice that the state
of the Administration Server and Managed Servers is RUNNING.
6. Click the Control tab.
7. Click the check box to the left of each server.
8. Click Shutdown, and then select Force Shutdown Now or When Work
Completes.
When you shut down the administration server, a message warns you that the
browser session will end.
4-20
Chapter 4
Shut Down and Start Server Processes
sudo su - oracle
You should receive messages showing that the Node Manager is running.
3. Change the directory to the bin folder in DOMAIN_HOME.
cd $DOMAIN_HOME/bin
. ./setDomainEnv.sh
You must use the . to ensure that the environment variables are set in the current
shell.
5. Start WLST:
$COMMON_COMPONENTS_HOME/common/bin/wlst.sh
nmConnect
('username','password','host','nmPort','domainName','domainDir','nmType'
)
4-21
Chapter 4
Shut Down and Start Server Processes
For example:
nmConnect ('weblogic','password','ourserviceinstance-
wls-1','5556','OurServi_domain','/u01/data/domains/
OurServi_domain','SSL')
nmStart (server_name)
For example:
nmStart ('OurServi_adminserver')
8. Exit WLST:
exit()
exit
exit
12. Click Manage this instance for the desired service instance, and then select
Open WebLogic Server Administration Console.
13. When the console login page appears, enter the WebLogic Server administrator
user name and password you provided when you created the service instance.
14. From the WebLogic Server Administration Console, under Domain Structure,
expand Environment.
15. Click Servers.
16. On the Configuration page, check that the Administration Server state is
RUNNING.
4-22
Chapter 4
About JVM Heap Settings
2. Click Manage this instance for the desired service instance, and then select
Open WebLogic Server Administration Console.
3. Enter the WebLogic Server administrator user name and password that you
provided when you created the service instance.
4. Under Domain Structure, expand Environment.
5. Click Servers.
On the Configuration page, notice that the Administration Server state is
RUNNING, and the Managed Server state is SHUTDOWN.
6. Click the Control tab.
7. Click the check box to the left of each Managed Server name.
8. Click Start.
9. When prompted for confirmation, click Yes.
The server state changes to STARTING.
10. Periodically click the Refresh icon until the server state changes to RUNNING.
Topics:
• Default Heap Sizes
• Custom Heap Sizes
4-23
Chapter 4
About JVM Heap Settings
Compute Shape Min Heap Size Max Heap Size Configured Garbage Collector
OC3 256 MB 2 GB default
OC4 256 MB 10 GB Garbage First (-XX:+UseG1GC)
OC5 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC6 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC7 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC1M 256 MB 10 GB Garbage First (-XX:+UseG1GC)
OC2M 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC3M 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC4M 256 MB 24 GB Garbage First (-XX:+UseG1GC)
OC5M 256 MB 24 GB Garbage First (-XX:+UseG1GC)
The heap size is also set when you choose a shape for the load balancer. You cannot
change the heap size for the load balancer.
4-24
Chapter 4
About Data Sources
Topics
• Predefined Data Sources
• Data Source Types
• Custom Data Sources
• Data Source Network Connectivity
4-25
Chapter 4
About Data Sources
The type of data source that Oracle Java Cloud Service creates in your domain
depends on the following:
• The Software Edition of your service instance.
• Whether or not the selected database is RAC-enabled. See Using Oracle Real
Application Clusters (RAC) in Oracle Database Cloud Service.
4-26
Chapter 4
Manage Associations for a Service Instance
• For service instances on Oracle Cloud Infrastructure Classic regions, see Create
an Access Rule.
Topics:
• View Association Details
• Associate an Oracle Java Cloud Service Instance with a Different Database
• Change the Database Schema Password for an Oracle Java Cloud Service
Instance
4. Click Manage Association for an existing association, and then select View
Details.
5. After viewing the association’s details, click OK.
6. Click the Instance Name link for the association to access the service’s Overview
page.
7. To return back to the Overview page for your Oracle Java Cloud Service instance,
click the name of your service instance from the navigation links at the top of the
page.
4-27
Chapter 4
Manage Associations for a Service Instance
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
Update an existing Oracle Java Cloud Service instance and associate it with a
different Oracle Database Cloud Service deployment.
You might associate your service instance with a different database if:
• Your service instance requires a database with a different service level, version,
edition, or capacity.
• The current database has crashed or become corrupted, and can’t be restarted.
Note:
You can only modify the association to the Infrastructure database for a service
instance (the database that hosts the required Oracle WebLogic Server schemas).
You cannot directly modify associations to other Application databases for a service
instance. However, if the service instance’s Infrastructure database and Application
database are associated with the same Oracle Database Cloud Service deployment,
modifying the association for the Infrastructure database also modifies the association
for the Application database.
You must enable backups on the Oracle Java Cloud Service instance prior to
associating it with a different database deployment.
Before associating a service instance with a different infrastructure database, you
must migrate the existing schema and data from the current database to the new
database. Refer to these topics in Administering Oracle Database Cloud Service:
• Creating a Database Deployment Using a Cloud Backup
• Creating a Clone Database Deployment from a Snapshot
• Choosing a Migration Method
4-28
Chapter 4
Manage Associations for a Service Instance
5. Click Manage Association for this association, and then select Reassociate
Database.
This menu option is only available for the Infrastructure database association. It it
not available for Application databases.
6. For Database Instance Name, select the existing Oracle Database Cloud Service
deployment to which you migrated the required Oracle Java Cloud Service
schema and data.
The list only includes a database deployment if it meets the following criteria:
• Is in an active state and not currently in the process of being provisioned
• Is not configured with a Backup Destination set to None
7. For Association Description, describe the relationship between this Oracle Java
Cloud Service instance and the selected database deployment.
8. Enter the Database Administrator Username and Password of the database
administrator that Oracle Java Cloud Service will use to connect to the selected
database deployment.
• If the service instance is running Oracle WebLogic Server 11g (11.1.1.7), you
can specify the user SYS or any user that has been granted the DBA role.
• If the service instance is running Oracle WebLogic Server 12c (any version),
you can specify the user SYS or any user that has been granted the SYSDBA
privilege.
9. Click Reassociate.
A new association is added to the Associations section of the Overview page. You
can monitor the operation’s progress from this page or from the Activity page. After
the operation completes successfully, the former database association is removed.
Prior to performing this operation, Oracle Java Cloud Service takes a backup of your
service instance. If the operation fails, the service instance is automatically restored
from this backup.
4-29
Chapter 4
Manage Associations for a Service Instance
to a perceived security threat. By default, this password is set to expire 180 days after
your service instance was created.
You can only use Oracle Java Cloud Service to change the password for the Oracle
Required Schemas found in the Infrastructure Schema database for a service
instance. To change the password for schemas hosted in an Application database in
your service instance, you must directly modify the configuration of both the database
and your WebLogic Server domain.
Topics
• Change the Schema Password with the Console
• Change the Schema Password Manually
5. Click Manage Association for this association, and then select Update
Database Credentials.
This menu option is only available for the Infrastructure database association. It it
not available for Application databases.
6. Enter the Database Administrator Username and Database Administrator
Password of the system administrator for the selected database deployment.
7. For New Schema Password, enter a new password for the Oracle schemas in
the selected database deployment.
The password must start with a letter, be between 8 and 30 characters long, and
contain at least one number. The password can optionally include the special
characters: $, #, _.
8. Click Update.
4-30
Chapter 4
Manage Associations for a Service Instance
You can monitor the operation’s progress from this page or from the Activity page.
Oracle Java Cloud Service updates the database credentials, the WebLogic Server
domain configuration, and the bootstrap credentials. If your service instance is running
WebLogic Server 11g or 12.1.3, then all server processes are restarted as well.
sudo su oracle
sqlplus / as sysdba
d. If your database version is 12c, set the name of the pluggable database
(PDB).
Use the PDB name that you provided during the creation of your Oracle Java
Cloud Service instance. The default is PDB1.
4-31
Chapter 4
Manage Associations for a Service Instance
For example:
The password must start with a letter, be between 8 and 30 characters long,
and contain at least one number. The password can optionally include the
special characters: $, #, _.
2. If your Administration Server is running, use the Administration Console to update
the data source passwords.
If your Administration Server is not running, skip to step 3.
a. Access the Oracle Java Cloud Service console.
b. Click Manage this instance for your service instance, and then select
Open WebLogic Server Administration Console.
c. Log in to the Administration Console.
d. Click Lock & Edit.
e. From the Domain Structure panel, expand Services, and then click Data
Sources.
f. Click mds-owsm.
g. Click the Connection Pool tab.
h. Update the Password and Confirm Password fields.
i. Click Save.
j. Repeat from step e to update the password for the other data sources below.
4-32
Chapter 4
Manage Associations for a Service Instance
n. Select the check box for every server. Click Shutdown, and then select Force
Shutdown Now.
o. When prompted for confirmation, click Yes.
p. Skip to step 4.
3. If your Administration Server is not running or the Administration Console is not
accessible, update the domain’s configuration files.
a. Connect to the Administration Server node in your service instance using
SSH.
b. Switch to the oracle user.
sudo su oracle
cd /u01/data/domains/domain_name
source bin/setDomainEnv.sh
java weblogic.security.Encrypt
cd config/jdbc
4-33
Chapter 4
Manage Associations for a Service Instance
h. Edit the following files and update the password-encrypted element with the
new encrypted value.
<password-encrypted>encrypted_password</password-encrypted>
4. Use the WebLogic Scripting Tool (WLST) to update the bootstrap credentials for
the OPSS database schema.
a. Connect to the Administration Server node in your service instance using
SSH.
b. Switch to the oracle user.
sudo su oracle
ls /u01/data/domains
/u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
modifyBootStrapCredential(jpsConfigFile='/u01/data/domains/
domain_name/config/fmwconfig/jps-config-
jse.xml',username='schema_prefix_OPSS',password='new_password')
f. Exit WLST.
exit()
hostname
ls /u01/data/domains/domain_name/servers
4-34
Chapter 4
Connect an Oracle Java Cloud Service Instance to an Application Database
/u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
nmConnect('weblogic_username','weblogic_password','hostname','nm_por
t','domain_name','/u01/data/domains/domain_name','ssl')
nmStart('admin_server_name')
g. Exit WLST.
exit()
i. Click Manage this instance for your service instance, and then select
Open WebLogic Server Administration Console.
j. Log in to the Administration Console.
k. From the Domain Structure panel, expand Environment, and then click
Servers.
l. Click the Control tab.
m. Select the check box for every managed server. Click Start.
n. When prompted for confirmation, click Yes.
Topics:
• Connect to an Oracle Autonomous Transaction Processing Database
• Connect to an Oracle Cloud Infrastructure Database
4-35
Chapter 4
Connect an Oracle Java Cloud Service Instance to an Application Database
Topics
• Download the Oracle Autonomous Transaction Processing Wallet
• Copy and Unpack the Wallet
• Create a Data Source in the WebLogic Server Console
4-36
Chapter 4
Connect an Oracle Java Cloud Service Instance to an Application Database
2. Use ssh to access the node where you copied the zip file.
sudo su oracle
5. Create a directory where you can copy the wallet zip file. Oracle recommends
placing the wallet in the domain home directory.
mkdir /u01/data/domains/<service_instance_domain>/config/
<example_directory>
cd /u01/data/domains/<service_instance_domain>/config/
<example_directory>
unzip /tmp/wallet_<ATP_db_name>.zip
4-37
Chapter 4
Connect an Oracle Java Cloud Service Instance to an Application Database
2. From the Instances page, click the Manage this Instance icon next to the
service instance, and then select Open WebLogic Server Administration
Console.
3. Sign in to the WebLogic console as the WebLogic Administrator. Enter the same
WebLogic Administrator credentials that you specified when you created the
service instance.
The Oracle WebLogic Server Console is displayed.
4. In the Change Center box at the top left corner of the page, click Lock & Edit.
5. In the Domain Structure box, expand Services (by clicking the + next to it) and
click Data Sources. The Summary of JDBC Data Sources page is displayed.
6. Click New, and then select Generic Data Source.
7. In the first page of the Create a New JDBC Data Source wizard, enter any values
for Name:
a. In the Name field, enter any name for your data source.
b. In the JNDI Name field, enter any name.
c. In the Database Type drop-down list, accept default type Oracle.
d. Click Next.
8. On the second page, accept all options and click Next.
9. On the third page, do the following:
a. In the Database Name field, enter the name of your Oracle Autonomous
Transaction Processing database.
b. In the Host Name field, enter the host name for the Oracle Autonomous
Transaction Processing database. If you don't know the host name, open the
tsnames.ora wallet file, and locate the host name there.
c. In the Port field, enter 1522.
d. In the Database User Name field, enter ADMIN.
e. Enter a password, and then confirm it.
f. Click Next.
10. On the fourth page, update the URL.
db1_high = (description=
(address=(protocol=tcps)(port=1522)(host=mydb.example.com))
(connect_data=(service_name=abcd1234_db1_high.mydb.example.com))
(security=(ssl_server_cert_dn=
"CN=mydb.example.com,OU=Oracle BMCS US,O=Oracle
Corporation,L=Redwood City,ST=California,C=US")) )
c. Copy the service description, which is all of the text after the equals (=)
character:
(description= <service_description>)
4-38
Chapter 4
Connect an Oracle Java Cloud Service Instance to an Application Database
jdbc:oracle:thin:(description=
(address=(protocol=tcps)(port=1522)(host=mydb.example.com))
(connect_data=(service_name=abcd1234_db1_high.mydb.example.com))
(security=(ssl_server_cert_dn="CN=adwc.uscom-
east-1.oraclecloud.com,OU=Oracle
BMCS US,O=Oracle Corporation,L=Redwood
City,ST=California,C=US")))
Note:
Ensure that all the URL text is all on the same line. The text in the
tnsnames.ora file is not written on the same line, so exercise
caution.
11. On the same page where you updated the URL, update the properties in the
Properties field with the following information and click Next:
user=ADMIN
oracle.net.tns_admin=/u01/data/domains/
<location_of_unpacked_wallet_zip>/config/<example_directory>
oracle.net.ssl_version=1.2
javax.net.ssl.trustStore=/u01/data/domains/
<location_of_unpacked_wallet_zip>/config/<example_directory>/
truststore.jks
oracle.net.ssl_server_dn_match=true
javax.net.ssl.keyStoreType=JKS
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.keyStore=/u01/data/domains/
<location_of_unpacked_wallet_zip>/config/<example_directory>/
keystore.jks
javax.net.ssl.keyStorePassword=<WalletPassword>
javax.net.ssl.trustStorePassword=<WalletPassword>
12. One the fifth page of the wizard, click Test Configuration to verify if a connection
to the database can be established based on the information that you provided.
• If the connection test fails, click Back and review the entries that you made for
the data source and correct any errors. If there are no errors in the entries and
the test still fails, make sure that your database is running.
• If the message Connection test succeeded is displayed, click Next.
13. On the last page of the wizard, select All Servers in the Cluster in the Select
Targets table and click Finish.
14. In the Change Center, click Activate Changes.
4-39
Chapter 4
Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database
Note:
In addition to creating a data source, you must also create a security list with
the stateless ingress rule to allow the incoming traffic from the Oracle Java
Cloud Service instance to the Oracle Cloud Infrastructure database.
Note:
This task is applicable only to service instances that meet all of the following
criteria:
• You created the service instance in an Oracle Cloud Infrastructure
Classic region.
• When you created the service instance, you selected the software
edition Enterprise Edition with Coherence .
• You associated the service instance with an Oracle Database Cloud
Service deployment that is RAC-enabled.
Oracle Java Cloud Service provisions GridLink data sources in your Oracle WebLogic
Server domain to connect to the selected Oracle Database cluster. GridLink provides
dynamic load balancing and failover across the nodes in an Oracle Database cluster,
and also receives notifications from the cluster when nodes are added or removed. To
fully take advantage of these capabilities, Oracle recommends that you make the
following modifications to your database and service instance:
4-40
Chapter 4
Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database
• Create an Oracle Database service that supports Cluster Ready Services (CRS)
and the Oracle Notification Service (ONS). These services monitor the status of
resources in the database cluster and generate notifications when a status
changes.
• Update WebLogic Server to connect to this new database service using the Single
Client Access Name (SCAN) port 1521. The SCAN service provides WebLogic
Server with the specific location of an available database node. WebLogic Server
then connects to a specific database node using port 1522.
• If you did not assign an IP network to the database deployment, the database
service redirects requests to the database nodes’ public IP addresses. You must
create an access rule for the database deployment that permits traffic from the
WebLogic Server nodes to port 1522.
Follow these steps:
1. Create a cluster-enabled service in your existing Oracle Database Cloud Service
deployment.
a. Access the Oracle Java Cloud Service console.
b. Click the name of the service instance that you want to update.
c. At the bottom of the Overview page, expand Associations.
d. Click the name of the Oracle Database Cloud Service deployment that’s
associated with this service instance.
e. Place your cursor over the Connect String field.
The name of the existing database service displays. For example,
SERVICE_NAME=PDB1.123456789.oraclecloud.internal.
f. Copy the name of the database service, and replace the first word with
myservice.
For example, myservice.123456789.oraclecloud.internal.
In subsequent steps, this value will be referred to as NEW_SERVICE_NAME.
g. Identify the Public IP for the first node in this database deployment.
h. Connect to this IP address using a Secure Shell (SSH) client.
i. Switch to the oracle user.
sudo su - oracle
2. Update the boot database URLs in the WebLogic Server domain files.
a. Return to your service instance in the Oracle Java Cloud Service console.
4-41
Chapter 4
Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database
Tip:
From the Oracle Database Cloud Service console, you can use the
navigation links at the top of the page to return to your Oracle Java
Cloud Service instance.
b. Identify the Public IP for the first node in this service instance.
c. Connect to this IP address using an SSH client.
d. Switch to the oracle user.
sudo su - oracle
cd $DOMAIN_HOME/config/fmwconfig
h. Within the JDBC URL, insert the text (LOAD_BALANCE=ON) after the existing text
ADDRESS_LIST=.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=ON)...
jdbc:oracle:thin:...(PORT=1521)...
j. Within the JDBC URL, replace the value of SERVICE_NAME with your new
database service name.
jdbc:oracle:thin:...(SERVICE_NAME=NEW_SERVICE_NAME...
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=ON)
(ADDRESS=(PROTOCOL=TCP)(HOST=MyDB-scan-int)(PORT=1521)))
(CONNECT_DATA=(SERVICE_NAME=myservice.
123456789.oraclecloud.internal)))
n. Replace the value with the updated JDBC URL. Then save your changes.
4-42
Chapter 4
Configure an Oracle Java Cloud Service Instance for an Oracle RAC Database
b. Click Manage this instance , and then select Open WebLogic Server
Administration Console.
c. Log into the console as the WebLogic Server administrator.
d. Click Lock & Edit.
e. From the Domain Structure panel, expand Services, and then click Data
Sources.
f. Click LocalSvcTblDataSource.
g. Click the Connection Pool tab.
h. Replace the value of URL with the updated JDBC URL.
i. Click Save.
j. Click the ONS tab.
k. Verify that these fields are configured correctly:
• Fan Enabled: Yes
• ONS Nodes: INSTANCE_NAME-scan-int:6200
l. Repeat from step e to perform the same modification to all remaining GridLink
data sources in the domain, including:
• mds-owsm
• opss-audit-DBDS
• opss-audit-viewDS
• opss-data-source
m. Click Activate Changes.
4. Create access rules to permit traffic from your service instance to port 1522 on the
database.
Note:
This step is required only if the Oracle Java Cloud Service instance and
the Oracle Database Cloud Service deployment are not assigned to an
IP network.
a. Return to your service instance in the Oracle Java Cloud Service console.
b. Identify the Public IP addresses for all nodes in this service instance that will
access the RAC database.
c. At the bottom of the page, expand Associations.
d. Click the name of the Oracle Database Cloud Service deployment that’s
associated with this service instance.
e. On the Overview page, click Manage this instance , and then select
Access Rules.
4-43
Chapter 4
Configure a Vanity Domain Name for a Service Instance
Note:
You will need to create additional access rules each time you scale
out your service instance. Alternatively, you can specify multiple IP
addresses in CIDR format, such as 203.0.113.1/24.
The steps to configure a vanity URL are different for service instances that use an
Oracle-managed load balancer and for service instances that use a user-managed
load balancer (Oracle Traffic Director).
Topics:
• Register a Custom Domain Name with a Service Provider
• Add a Vanity URL to an Oracle-Managed Load Balancer
• Delete a Vanity URL from an Oracle-Managed Load Balancer
• Update Oracle Traffic Director to Use a Custom Domain Name
4-44
Chapter 4
Configure a Vanity Domain Name for a Service Instance
4-45
Chapter 4
Configure a Vanity Domain Name for a Service Instance
3. Click Delete Vanity URL for the vanity URL you want to delete.
4. When prompted for confirmation, click Delete.
The instance is in maintenance mode until the operation is completed.
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. Navigate to the Virtual Server in this configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click Traffic
Director Configuration and select Administration > Virtual Servers. Click
the name of the virtual server.
• If your service instance is running Oracle Traffic Director 11g, expand Virtual
Servers in the navigation pane and click the name of the virtual server.
4-46
Chapter 4
Configure a Custom URL for an Application Deployed to a Service Instance
6. In the General Settings section edit the Hosts field. Enter the custom domain
name (for example, example.com) that you registered.
If there are multiple entries, separate each by a comma.
7. Activate your changes:
• If your service instance is running Oracle Traffic Director 12c, click Apply.
• If your service instance is running Oracle Traffic Director 11g, click Deploy
Changes.
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. Navigate to the Virtual Server in this configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click Traffic
Director Configuration, select Administration, and then Virtual Servers.
Click the name of the virtual server.
• If your service instance is running Oracle Traffic Director 11g, expand Virtual
Servers in the navigation pane and click the name of the virtual server.
6. Click Routes and then click default-route.
4-47
Chapter 4
Configure a Custom URL for the WebLogic Server Console
This operation is available only from the Oracle Java Cloud Service REST API.
1. Log into the WebLogic Server Administration Console for your service instance.
2. Click Lock & Edit.
3. Click Deployments.
4. Click sample-app.
5. Click the Configuration tab.
6. Update the Context Root.
Format:
/prefix/sample-app
Example:
/mycluster/sample-app
4-48
Chapter 4
Monitor Applications with Oracle Java Flight Recorder and Oracle Java Mission Control
7. Click Save.
8. Click Activate Changes.
9. Use the REST API to update the sample application URL for the Oracle Java
Cloud Service console.
See Update a Service Instance Configuration in REST API for Oracle Java Cloud
Service.
A sample payload is shown below:
{
"SAMPLE_ROOT" : "https://192.0.2.10:443/mycluster/sample-app"
}
Basic Workflow for Profiling Applications with Oracle Java Flight Recorder and
Oracle Java Mission Control
Monitoring applications with Oracle Java Flight Recorder and Oracle Java Mission
Control includes the following steps:
1. Enable Oracle Java Flight Recorder in your WebLogic Server domain.
2. Obtain the flight recording by generating a diagnostic image capture.
3. Analyze the recording with the Oracle Java Flight Recorder user interface.
4-49
Chapter 4
Administration Best Practices
Caution:
Oracle supports customizing the default configuration of the operating
system, WebLogic Server, Coherence, Database, and Traffic Director in an
Oracle Java Cloud Service instance. While most modifications to these
components are acceptable, some changes may cause certain management
features to fail or not operate properly, such as backups, patching, or scaling.
Use caution, especially when performing root-level or system-level changes
on the nodes in your service instance.
4-50
Chapter 4
Administration Best Practices
4-51
Chapter 4
Administration Best Practices
4-52
Chapter 4
Administration Best Practices
4-53
5
Deploy and Undeploy Applications for an
Oracle Java Cloud Service Instance
This section describes deploying and undeploying applications to an Oracle Java
Cloud Service instance by using: Fusion Middleware Control, the WebLogic Server
Administration Console, WLST commands, and an IDE. You cannot deploy and
undeploy applications directly through the Oracle Java Cloud Service console.
Topics:
• Overview of Deploying Applications to Oracle Java Cloud Service Instances
• Use Fusion Middleware Control to Deploy an Application
• Use the WebLogic Server Administration Console to Deploy and Manage
Applications
• Use WLST Commands to Deploy and Undeploy an Application
• Use an IDE to Deploy and Undeploy an Application
• Deploy an Application to an Oracle Java Cloud Service Instance with Multiple
Clusters
• Access an Application Deployed to an Oracle Java Cloud Service Instance
• Enable the JVM Debug Port on an Oracle Java Cloud Service Instance
• Use Third-Party Frameworks with Oracle Java Cloud Service
5-1
Chapter 5
Use Fusion Middleware Control to Deploy and Undeploy an Application
Topics
• Use Fusion Middleware Control to Deploy an Application
• Use Fusion Middleware Control to Undeploy an Application
• Tutorial
• Oracle Fusion Middleware 12.2.1.4
Deploying, Undeploying, and Redeploying Java EE Applications in Administering
Oracle Fusion Middleware
• Oracle Fusion Middleware 12.2.1.3
5-2
Chapter 5
Use Fusion Middleware Control to Deploy and Undeploy an Application
5-3
Chapter 5
Use the WebLogic Server Administration Console to Deploy and Manage Applications
Video
Tutorial
By default, if you created your service instance in an Oracle Cloud Infrastructure
Classic region, remote access to the administration console is disabled for security
purposes. If you did not enable console access while provisioning your service
instance, see Enabling Console Access in an Oracle Java Cloud Service Instance.
Topics
• Use the WebLogic Server Administration Console to Deploy an Application
• Use the WebLogic Server Administration Console to Start an Application
• Use the WebLogic Server Administration Console to Undeploy an Application
5-4
Chapter 5
Use the WebLogic Server Administration Console to Deploy and Manage Applications
10. Under Locate deployment to install and prepare for deployment, select the
application if it is not already selected, and click Next.
11. Under Choose installation type and scope, select whether you want to install
the deployment as an application or as a library, and click Next.
12. Under Select deployment targets, select the servers or clusters to which you
want to deploy the application and click Next.
13. (Optional) Update settings for the deployment and click Next.
Look for the application in the Deployments table. It shows the status distribute
Initializing.
16. In the Change Center, click Activate Changes.
5-5
Chapter 5
Use the WebLogic Server Administration Console to Deploy and Manage Applications
The application is now in the Active state and is ready to accept requests.
11. When the application is in the Stopped state, select the application, and click
Delete.
12. Click Yes to confirm.
5-6
Chapter 5
Use WLST Commands to Deploy and Undeploy an Application
deploy('myapp','/u01/apps/myapp.war',upload='true')
You can use a secure shell (SSH) to connect to the virtual machine (VM) that hosts
the Administration Server and run WLST commands locally. See Run WLST
Commands on a Node. You can use either WLST online or offline commands.
Alternatively, you can connect to the Administration Server using another WLST
installation and run WLST commands remotely, for example, from a command shell in
your local environment. See Running WLST Commands from a Different Host. With
this approach you can use WLST online commands only.
Oracle Fusion Middleware documentation is available to help you learn more about
using WLST commands to deploy an application.
• Oracle Fusion Middleware 12.2.1.4
Using WLST Online to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
Using WLST Offline to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
• Oracle Fusion Middleware 12.2.1.3
Using WLST Online to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
Using WLST Offline to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
• Oracle Fusion Middleware 12.2.1
Using WLST Online to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
Using WLST Offline to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
• Oracle Fusion Middleware 12.1.3
Using WLST Online to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
Using WLST Offline to Deploy Applications in Oracle Fusion Middleware
Understanding the WebLogic Scripting Tool
• Oracle Fusion Middleware 11.1.1.7
Using WLST Online to Deploy Applications in Oracle Fusion Middleware Oracle
WebLogic Scripting Tool
5-7
Chapter 5
Use an IDE to Deploy and Undeploy an Application
Tutorial
• Using JDeveloper
Tutorial
Topics
• Prerequisites for Deploying Using an IDE
• Connect the IDE to a Remote WebLogic Server
• Use an IDE to Deploy an Application to a Cluster
• Use an IDE to Deploy an Application to a Cluster
5-8
Chapter 5
Use an IDE to Deploy and Undeploy an Application
The Servers view panel is displayed in the bottom half of the Workbench.
6. In the Servers view panel, click No servers are available. Click this link to
create a new server...
7. Click Oracle, then select the WebLogic Server version of your Oracle Java Cloud
Service instance, and click Next.
8. In the New Server dialog box, click the browse icon next to WebLogic home, and
select your WebLogic Server home directory.
Note:
Make sure that the local version of WebLogic Server you’re running is
the same version as the instance running on the cloud service. If they
are not the same version, then you can’t make a connection.
9. Click the browse icon next to Java home, and select your Java home directory.
10. Select Remote.
a. Set the Remote Host to the IP address of your Oracle Java Cloud Service
instance.
b. Set Port to 7002. This is the SSL port of your Oracle Java Cloud Service
instance.
c. Make sure that Use SSL port is checked.
d. Set User to the WebLogic Server administrator credentials you specified when
you created the Oracle Java Cloud Service instance.
11. Click Test Connection.
In the Eclipse console, a new connection is added to the Servers view panel. A
Validating server... status message is displayed. After the connection is
established, the status changes to Started.
5-9
Chapter 5
Use an IDE to Deploy and Undeploy an Application
11. Click on the green plus sign to add the cluster as the target.
A new line is added under Targets.
12. Click on Browse.
The names of the administration server and the cluster are listed on the Target
Name dialog.
13. To delete the Administration Server as a target, select the target name and click
on the red cross icon next to the Administration Server name.
14. To add the cluster as a target, click on the green plus sign.
The Administration Server and the cluster are listed in the Target Name dialog.
16. Click on the cluster and click OK.
19. On the Servers tab, right click on the server connection and select Add and
Remove...
The application is then listed in the available applications section of the Add and
Remove dialog.
20. Select the name of the application and click Add.
In the bottom right corner of the Eclipse console, the status of the publish request
is displayed.
22. Click the icon next to the publish request status message to see the details of the
request.
The status of the request will become Active.
23. On the Servers tab, expand the server connection to see that the application is
deployed.
5-10
Chapter 5
Deploy an Application to an Oracle Java Cloud Service Instance with Multiple Clusters
https://myinstance-myaccount.myregion.oraclecloud.com/mycluster/myapp/
index.html
5-11
Chapter 5
Access an Application Deployed to an Oracle Java Cloud Service Instance
5-12
Chapter 5
Enable the JVM Debug Port on an Oracle Java Cloud Service Instance
Note:
Avoid using IP addresses to access applications running in a
production environment. Use a custom domain name, or the default
internal host name if a custom domain name has not been provided.
Note:
You will need direct access to the IP address of the server running your
application.
Topics
• Set Up the Debug Port in WebLogic Server
• Create an Access Rule for the Debug Port
5-13
Chapter 5
Enable the JVM Debug Port on an Oracle Java Cloud Service Instance
Note:
Make sure that you are on the Configuration tab.
6. In the Servers table, click the name of the server running your application.
7. Go to the Server Start tab.
8. Append the following in the Arguments field. Make sure there are no line breaks
when you copy and paste these arguments.
-Xdebug -Xnoagent -
Xrunjdwp:transport=dt_socket,address=8457,server=y,suspend=n
9. Make a note of the debug port address that you specified (8457 in this example).
You’ll need this address in the next task.
10. Click Save.
12. In the Domain Structure pane, expand Environment, and click Servers.
14. In the Servers table, select the check box next to the server running your
application.
15. Click Shutdown, and select Force shutdown now. When prompted for a
confirmation, click Yes.
Wait for the state of the server to change to SHUTDOWN. Refresh the page to
view the current state.
16. Select the check box next to the server, and click Start. When prompted for a
confirmation, click Yes.
5-14
Chapter 5
Use Third-Party Frameworks with Oracle Java Cloud Service
Wait for the state of the server to change to RUNNING. Refresh the page to view
the current state.
2. Click the Menu icon adjacent to the service instance name and select Access
Rules.
The Access Rules page is displayed, showing the list of all access rules.
3. Click Create Rule.
The Create Access Rule dialog is displayed.
4. Specify a unique Rule Name. Optionally specify a rule Description.
The name must begin with a letter, and can contain numbers, hyphens, or
underscores. The length cannot exceed 50 characters. When you create a rule,
you cannot use prefixes ora_ or sys_.
5. Specify PUBLIC-INTERNET for the rule source.
6. Specify WLS_ADMIN_SERVER or WLS_MANAGED_SERVER depending on the
server type where you set up the debug port.
7. The destination port should match the address you set up for the debug port. In
our example this would be 8457.
8. Set the protocol to TCP.
9. Now click Create to create the new rule.
The Access Rules page displays your new rule.
5-15
Chapter 5
Use Third-Party Frameworks with Oracle Java Cloud Service
Topics
• Third-Party Application Development Frameworks Tested with Oracle Java Cloud
Service
• Information for Configuring Apache Axis/Java
• Omit Checks for Updates to Quartz Job Scheduler
5-16
Chapter 5
Use Third-Party Frameworks with Oracle Java Cloud Service
5-17
Chapter 5
Use Third-Party Frameworks with Oracle Java Cloud Service
5-18
6
Scale an Oracle Java Cloud Service
Instance
Scaling lets you add or remove resources for an Oracle Java Cloud Service instance
on demand in response to changes in load on the service instance.
Topics:
• About Scaling an Oracle Java Cloud Service Instance
• Overview of Scaling Tasks for an Oracle Java Cloud Service Instance
• Scale Out an Oracle Java Cloud Service Cluster
• Scale In a Cluster
• Scale an Oracle Java Cloud Service Node
• Scale Automatically
• View Scaling Requests
Note:
If you have a non-metered subscription rate and attempt to use capacity
above this rate (called "bursting"), you will shift to the "Pay as You Go" model
and be charged per hour and billed monthly in arrears for the increased
capacity. Pricing for the increased capacity is based on the current per hour
list price for the service, which you can find on the Pricing tab at http://
cloud.oracle.com/<your-service>. Your total capacity (subscription rate plus
"bursting") will not exceed two times (2x) your subscription rate. For
example, if you purchased a subscription that allows 4 OCPUs per month,
your bursting would be capped at a total of 8 OCPUs for that service.
Topics:
• About Scaling an Oracle Java Cloud Service Cluster
• About Scaling an Oracle Java Cloud Service Node
6-1
Chapter 6
About Scaling an Oracle Java Cloud Service Instance
Topics:
• About Scaling Out a Cluster
• About Scaling In a Cluster
• About Adding a New Cluster
6-2
Chapter 6
About Scaling an Oracle Java Cloud Service Instance
Note:
You can scale a node only if a version of Oracle Java Cloud Service that
supports scaling a node was used to create your service instance. If the
version used to create your Oracle Java Cloud Service instance does not
support scaling a node, you cannot scale a node.
Topics:
• About Changing the Compute Shape of a Node
• What Happens When a Node is Being Scaled
• What Happens After a Node is Scaled
• About Adding Block Storage to a Node
6-3
Chapter 6
About Scaling an Oracle Java Cloud Service Instance
Note:
In general, Oracle recommends that the compute shapes of all nodes in a
cluster are the same in order to optimize performance.
6-4
Chapter 6
About Scaling an Oracle Java Cloud Service Instance
Note:
You cannot remove block storage from a node.
Caution:
Before adding storage, Oracle recommends that you back up the service
instance to avoid the risk of data loss.
The new storage volume created by scaling remains attached and available to the
node even when the service instance is restarted or is stopped and then started. Also,
this storage volume exists until you delete the service instance, at which time the
storage volume is also deleted.
Storage limits are described here:
6-5
Chapter 6
About Scaling an Oracle Java Cloud Service Instance
Topics:
• How It Works
• Prerequisites
• What Are the Rule Components
How It Works
Learn to define a service and the conditions under which it should automatically add or
delete a node.
You can define to a service the conditions under which it should automatically add or
delete a node. These conditions are called rules (or a "policy") and are applicable to all
the clusters in your service. The key component of the rules is the metric threshold
that you set. You can choose for these metrics a percentage of CPU or memory
utilization over a defined interval or the total gigabytes of memory consumed. Once the
metric threshold is crossed, auto-scaling receives an alert and either adds or removes
a single node, depending up the rule.
After that scaling operation succeeds, auto-scaling goes into a user-defined "cool
down" period until the CPU utilization dips below the metric threshold or the cluster
size reaches the user defined maximum/minimum cluster size. After cool down, if the
alarm is still active (that is, if CPU utilization is still over—or below, depending on the
scaling rules—the metric threshold), the service repeats the scaling operation until the
CPU utilization dips below the metric threshold.
Prerequisites
Learn about the prerequisites to automatically scale a cluster in or out by defining an
auto-scaling rule.
Before auto-scaling occurs, the system checks to ensure that the following
prerequisites are met:
• The rule is active.
• The node is configured to handle the conditions of the rule.
• For a scale out, the current cluster size must be smaller than the maximum cluster
size defined in the rule
• For a scale in, the current cluster size must be larger than the minimum cluster
size defined in the rule.
6-6
Chapter 6
Overview of Scaling Tasks for an Oracle Java Cloud Service Instance
In addition to the metric threshold, which consists of either the average, minimum, or
maximum percentage of CPU usage, the auto-scaling rule is composed of:
• The scaling operation and, depending on that operation, maximum or minimum
cluster size.
• The number of consecutive times per a specific period the threshold must be
crossed to trigger an alarm.
• Whether the rule applies to any or all VM instances.
• The duration of the cool-down period.
6-7
Chapter 6
Scale Out an Oracle Java Cloud Service Cluster
Topics:
• Scale Out a Cluster
• Add a New Cluster to an Instance
3. On the Overview page, click Add a node to this instance , and then select
Add Node.
4. From the Scale Out dialog, select the component you want to scale out. If you are
scaling out WebLogic Server (WLS) and your service instance has multiple
clusters, select the cluster to which you want to add the node.
5. Click Scale Out.
6. Click Refresh until the node appears on the Overview page, and the status of
the node indicates that the scaling operation is completed.
You can also monitor the progress of the scaling operation from the Activity page.
6-8
Chapter 6
Scale In a Cluster
Scale In a Cluster
To reduce resource usage in response to smaller workloads, you can scale in an
Oracle Java Cloud Service instance by removing a node.
You can perform a scale-in operation for a service instance that has at least two
nodes. To remove all nodes, you must delete the service instance.
If backups are configured for the service instance, Java Cloud Service attempts to
create a backup before scaling the instance.
Wait for any maintenance operations on this service instance to complete, such as
backup, restoration or patching operations, before you begin.
1. Access your service console.
2. Click the name of the service instance from which you want to remove a node.
3. Under Resources, beside the node that you want to remove, click Manage this
node , and then select Remove Node.
4. Optional: To perform a scale-in operation even if the node is unresponsive, select
Force scale in the VMs.
5. Click Remove Node.
6. Periodically click Refresh until the node no longer appears on the Overview
page.
You can also monitor the progress of the scaling operation from the Activity page.
Topics:
• Scale a Node
• Add Storage to a Node
Scale a Node
To respond to changes in workload requirements in an Oracle Java Cloud Service
instance, you can scale up a node to a larger compute shape with more Oracle
6-9
Chapter 6
Scale an Oracle Java Cloud Service Node
Compute Units (OCPUs) and memory, or scale down a node to a smaller compute
shape.
Note:
The Bring Your Own License (BYOL) option enables you to bring your on-
premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances
are billed at a lower rate than other instances. See Frequently Asked
Questions: Oracle BYOL to PaaS. Before you scale up or scale out a BYOL
instance, you must have enough WebLogic Server licenses for the additional
OCPUs that will be allocated to the instance after it is scaled.
For example:
• Changing the compute shape of a node in Oracle Cloud Infrastructure from VM-
Standard2.2 to VM-Standard2.4 doubles the capacity of the node from two
OCPUs to four OCPUs, and also doubles the amount of RAM allocated to the
node.
• Changing the compute shape of a node in Oracle Cloud Infrastructure Classic
from OC3 to OC4 doubles the capacity of the node from one OCPU to two OCPUs,
and also doubles the amount of RAM allocated to the node.
You must scale each node individually. To optimize performance, Oracle recommends
that you scale all nodes within a cluster to the same specifications.
The applications that are running on the node will be temporarily unavailable while the
scaling operation is in progress.
Wait for any maintenance operations on this service instance to complete, such as
backup, restoration or patching operations, before you begin.
1. Access your service console.
2. Click the name of the service instance that contains the node that you want to
scale.
3. Under Resources, beside the node that you want to scale, click Manage this
node , and then select Scale Up/Down.
4. Select a new Compute Shape.
5. Click Yes, Scale Up/Down VM.
6-10
Chapter 6
Scale Automatically
Note:
Do not use Oracle Cloud Infrastructure Compute to attach custom storage
volumes to a service instance's nodes. Any custom storage volumes that you
attach will be detached if the service instance is restarted.
You must update the storage configuration of each node individually. You cannot
remove unused storage from a node.
You cannot perform any other management operations on the service instance while
the storage operation is in progress. The applications that are running on the node will
be temporarily unavailable.
You cannot add storage to a node while the service instance is under maintenance,
such as during a patching or backup operation.
1. Access your service console.
2. Click the name of the service instance that contains the node to which you want to
add storage.
3. Under Resources, beside the node that you want to update, click Manage this
node , and then select Add Storage.
4. In the Add Storage dialog box, select one of the existing storage volumes. Or, to
add a new storage volume to this node, select the Additional Partition option.
5. Enter the number of Gigabytes (GB) that you want to add to this volume.
For instances in Oracle Cloud Infrastructure, the minimum size of a volume added
by scaling a node is 50 GB. For instances in Oracle Cloud Infrastructure Classic,
the minimum size is 1 GB.
6. Click Yes, Add Storage.
Scale Automatically
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
Automatic scaling (auto-scaling) allows you to configure a set of rules–or “policies”–
that determine when to add or remove nodes from a cluster and the minimum and
maximum number of nodes that can be added to a cluster. You can create rules, edit
them or delete them.
6-11
Chapter 6
Scale Automatically
Note:
The Bring Your Own License (BYOL) option enables you to bring your on-
premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances
are billed at a lower rate than other instances. See Frequently Asked
Questions: Oracle BYOL to PaaS. Before you scale up or scale out a BYOL
instance, you must have enough WebLogic Server licenses for the additional
OCPUs that will be allocated to the instance after it is scaled.
3. At the top of the Overview page, click Manage this instance , and then select
Define Auto Scaling Rules.
If there are no auto-scaling rules defined, the Rules page displays the message
Auto scaling not configured for this service.
4. On the Rules page, click New Rule.
5. In the New Rule dialog box, define the new rule.
6-12
Chapter 6
Scale Automatically
Field Description
Perform [ ] Select the type of scaling operation to perform:
• Scale-in - Remove a node from the cluster.
• Scale-out - Add a node to the cluster.
to Maximum (Minimum) Enter the cluster size limit:
Cluster Size of [ ] • For Scale-in rules, this is the minimum number of nodes
that must be present in the cluster after a scaling
operation.
• For Scale-out rules, this is the maximum number of
nodes that can be present in the cluster after a scaling
operation.
whenever [ ] Select the basis for calculating the rule threshold:
• Average CPU or memory usage
• Maximum CPU or memory usage
• Minimum CPU or memory usage
of [ ] Select the type of metric upon which the scaling operation is
triggered:
• CPU Utilization - The percentage of total CPU in use
• Memory Utilization - The percentage of total memory in
use
• Memory - The amount of memory in use
is >= [ ] % (GB) or is <= Enter the threshold value of the selected metric that, when
[ ] % (GB) met or exceeded, will trigger the scaling operation.
• For CPU Utilization or Memory Utilization, enter a
percentage between 0 and 100.
• For Memory, enter a value in Gigabytes.
for at least [ ] Enter the minimum number of times the threshold condition
must be detected before the scaling operation is triggered.
consecutive period(s) of Enter the number of minutes during which the threshold
[ ] minutes condition must be detected before the scaling operation is
triggered.
on [ ] instances Select one of these options:
• Any - The threshold condition can be detected on any
node in this service instance before the scaling operation
is triggered.
• All - The threshold condition must be detected on all of
the nodes in this service instance before the scaling
operation is triggered.
and wait for [ ] minutes Enter the minimum number of minutes for which Oracle Cloud
of cool down period waits before it reevaluates this scaling rule.
6. Click Create.
7. When prompted for confirmation, click OK.
8. Periodically click Refresh until the rule status indicates that the rule
configuration is completed.
6-13
Chapter 6
View Scaling Requests
You can edit an existing scaling rule for Oracle Java Cloud Service, to modify the
conditions under which it is triggered or the scaling actions that it performs.
3. At the top of the Overview page, click Manage this instance , and then select
Define Auto Scaling Rules.
4. On the Rules page, for the rule you want to edit, click Actions , and then select
Edit.
5. In the Edit Rule dialog box, edit the rule definition as necessary.
6. Click Update.
7. When prompted for confirmation, click OK.
8. Periodically click Refresh until the rule status indicates that the rule
configuration is completed.
3. At the top of the Overview page, click Manage this instance , and then select
Define Auto Scaling Rules.
4. On the Rules page, for the rule you want to delete, click Actions , and then
select Delete.
5. When prompted for confirmation, click Yes, and then click OK.
6. Periodically click Refresh until the rule no longer appears on the Rules page.
Note:
The initial scale-out activity for an Oracle Java Cloud Service—Coherence
instance is the initial request to add Managed Servers for the Coherence
data tier when the service instance was first created.
6-14
Chapter 6
View Scaling Requests
2. Click the service menu ( ) at the top of the page and select View Activity.
The Activity page of the Platform Services Console opens.
3. In the Search Activity Log panel, enter the necessary search criteria:
Option Description
Start Time Range The date and time range within which you want to see
scaling activity.
Operation Status The status of the scaling activity you want to view. This
option will filter out all scaling activity not in this status. To
see all status, select All.
Service Name The name of the service instance for which you want to see
scaling activity.
Service Type This should be Java Cloud Service.
Operation The operation for which you want to see activity. In the case
of scaling, select any or all of these options:
• Scale Application
• Scale In
• Scale Out
• Scale Up/Down
4. Click Search.
All scaling activity that meets the search criteria appears in the results table. The
Operation Status column will indicate whether the scaling operation succeeded or
failed. To see more details about a specific operation, expand the row by clicking
the Expand button in the first column.
6-15
7
Back Up and Restore an Oracle Java
Cloud Service Instance
You can back up and restore your Oracle Java Cloud Service instances to return their
software and data to a particular state.
Topics:
• About Backup and Restoration in Oracle Java Cloud Service
• Typical Workflow for Backing Up and Restoring a Service Instance
• Add a Backup Configuration to an Oracle Java Cloud Service Instance
• Configure Scheduled Backups for an Oracle Java Cloud Service Instance
• Create an On-Demand Backup
• Enable or Disable Backups
• Delete a Backup
• Restore a Backup
• Restore the Database for a Service Instance
• Return an Instance to Service After Restoration from a Backup
• Explore the Backup Page
Topics
• What are the Contents of a Backup?
• When Do Backups Occur?
• Where are Backups Stored?
• How Long are Backups Retained?
• What Happens When a Backup is Restored?
7-1
Chapter 7
About Backup and Restoration in Oracle Java Cloud Service
There are two types of backups. A full backup contains all of the artifacts and
configuration data that are required to restore a service instance. An incremental
backup contains only those changes to the configuration data since the last scheduled
full backup. Each incremental backup is linked to the last scheduled full backup that
was performed before the incremental backup. You cannot delete a full backup that is
linked to incremental backups without also deleting the incremental backups
7-2
Chapter 7
Typical Workflow for Backing Up and Restoring a Service Instance
Note:
Do not attempt to download the backup files generated by Java Cloud
Service. These files are encrypted and not accessible offline. You must
use Java Cloud Service to restore a service instance from a backup.
7-3
Chapter 7
Add a Backup Configuration to an Oracle Java Cloud Service Instance
Some configuration options vary depending on the type of region in which your service
instance was created. See Identify the Cloud Infrastructure Used by a Service
Instance.
1. Access your service console.
7-4
Chapter 7
Add a Backup Configuration to an Oracle Java Cloud Service Instance
2. Click the name of the service instance for which you want to configure automated
backups.
3. On the Overview page, click Manage this instance beside the instance name,
and then select Enable Backups.
4. For Backup Destination, select the location(s) to which backups will be stored.
5. For Cloud Storage Container, enter the object storage location where backups of
the service instance will be stored.
• If your service instance is running in an Oracle Cloud Infrastructure region,
then enter the URL of an existing bucket in Oracle Cloud Infrastructure Object
Storage. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure
in the Oracle Cloud Infrastructure documentation.
Format: https://swiftobjectstorage.region.oraclecloud.com/v1/
namespace/bucket
To find out your namespace, sign in to the Oracle Cloud Infrastructure web
console, click the tenancy name, and look for the Object Storage
Namespace field.
Example: https://swiftobjectstorage.us-
phoenix-1.oraclecloud.com/v1/myCompany/myBucket
• If your service instance is running in an Oracle Cloud Infrastructure Classic
region, then enter the URL of a container in Oracle Cloud Infrastructure Object
Storage Classic.
Format: rest_endpoint_url/containerName
You can find the REST endpoint URL of the Oracle Cloud Infrastructure Object
Storage Classic service instance in the Infrastructure Classic Console. See
Finding the REST Endpoint URL for Your Cloud Account in Using Oracle
Cloud Infrastructure Object Storage Classic.
Example: https://acme.storage.oraclecloud.com/v1/MyService-acme/
MyContainer
6. For Username and Password, enter the credentials of a cloud user who has
access to the specified object storage location.
• If your service instance is running in an Oracle Cloud Infrastructure region,
then enter the generated Auth Token for the user that you specified. See
Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle
Cloud Infrastructure documentation.
• If your service instance is running in an Oracle Cloud Infrastructure Classic
region, then these fields are not displayed if this account includes Oracle
Identity Cloud Service, and the current cloud user is entitled to use Oracle
Cloud Infrastructure Object Storage Classic.
7. If the Oracle Cloud Infrastructure Object Storage Classic container that you
specified doesn’t exist, or if you aren’t sure whether it exists, then select Create
Cloud Storage Container. If the container doesn’t exist, it will be created
automatically.
This option is not relevant to Oracle Cloud Infrastructure regions. The specified
Oracle Cloud Infrastructure Object Storage bucket must be created prior to adding
a backup configuration.
8. Click Enable Backups.
7-5
Chapter 7
Configure Scheduled Backups for an Oracle Java Cloud Service Instance
5. Click Manage backups for this instance , and then select Configure
Backups.
6. For Full Backup, select the day of the week and the time of day UTC when you
want full backups to occur.
Note:
All times must be for the Coordinated Universal Time (UTC) time zone,
not your local time zone.
7. For Incremental Backup, select the time of day UTC when you want incremental
backups to occur each day.
8. Clear the Coordinated Backups check box if you do not want to take backups of
the database.
By default, if your service instance is associated with an Oracle Database Cloud
Service deployment, the database deployment is automatically backed up as well.
Coordinated backups are not available for service instances that are associated
with other database services.
9. For Storage Container, enter the object storage location where backups of the
service instance will be stored.
7-6
Chapter 7
Create an On-Demand Backup
Any existing backups in the previous storage location will remain there and be
available for service restoration, until the retention period has elapsed.
• If your service instance is running in an Oracle Cloud Infrastructure region,
then enter the URL of an existing bucket in Oracle Cloud Infrastructure Object
Storage. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure
in the Oracle Cloud Infrastructure documentation.
Format: https://swiftobjectstorage.region.oraclecloud.com/v1/
namespace/bucket
To find out your namespace, sign in to the Oracle Cloud Infrastructure web
console, click the tenancy name, and look for the Object Storage
Namespace field.
Example: https://swiftobjectstorage.us-
phoenix-1.oraclecloud.com/v1/myCompany/myBucket
• If your service instance is running in an Oracle Cloud Infrastructure Classic
region, then enter the URL of a container in Oracle Cloud Infrastructure Object
Storage Classic.
Format: rest_endpoint_url/containerName
You can find the REST endpoint URL of the Oracle Cloud Infrastructure Object
Storage Classic service instance in the Infrastructure Classic Console. See
Finding the REST Endpoint URL for Your Cloud Account in Using Oracle
Cloud Infrastructure Object Storage Classic.
Example: https://acme.storage.oraclecloud.com/v1/MyService-acme/
MyContainer
10. For User Name and Password, enter the credentials of a cloud user who has
access to the specified object storage location.
• If your service instance is running in an Oracle Cloud Infrastructure region,
then enter the generated Auth Token for the user that you specified. See
Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle
Cloud Infrastructure documentation.
• If your service instance is running in an Oracle Cloud Infrastructure Classic
region, then these fields are not displayed if this account includes Oracle
Identity Cloud Service, and the current cloud user is entitled to use Oracle
Cloud Infrastructure Object Storage Classic.
11. In the Set new retention period to field, enter the number of days that you want
new backups to be retained.
If you decrease the retention period, any existing backups that are older than this
period are automatically deleted during the next scheduled backup.
12. Click Save.
After updating the backup configuration, Oracle recommends that you create an on-
demand backup to verify your configuration.
7-7
Chapter 7
Enable or Disable Backups
You must enable backups on the service instance, if you did not enable backups when
you originally created the service instance.
Wait for any maintenance operations on this service instance to complete, such as
patching or scaling operations, before you begin.
1. Access your service console.
2. Click the name of the service instance for which you want to create a backup.
3. On the Overview page, click the Administration tile.
4. Click the Backup tab.
5. Click Manage backups for this instance , and then select Backup Now.
6. Select Include Database if you want to also back up the database that’s
associated with this service instance.
This option is available only if your service instance is associated with an Oracle
Database Cloud Service deployment. Coordinated backups are not available for
service instances that are associated with other database services.
7. If you select Keep Forever, then this backup can only be deleted manually. If not
selected, this backup will be deleted at the end of the current backup retention
period for this service instance.
If you select the Include Database option and if the Oracle Real Application
Clusters (RAC) option is enabled on your database, then this option does not
apply to the database backup. The database instance’s retention policy
determines how long the database backup is kept.
8. For Notes, enter up to 255 characters of text to provide additional information
about the backup (for example, when to restore from this backup, why the backup
was created, or the state of the service instance at the time of the backup).
9. Click Back Up.
10. To check the status of the backup operation, periodically click Refresh .
7-8
Chapter 7
Delete a Backup
Java Cloud Service automatically disables backups after consecutive failures occur
with scheduled backups. When you enable backups, also update the backup
configuration and correct the cause of the failures, such as an incorrect password.
1. Access your service console.
2. Click the name of the service instance for which you want to control backups.
3. On the Overview page, click the Administration tile.
4. Click the Backup tab.
If Java Cloud Service automatically disabled backups after consecutive failures,
you can identify the cause of the failures from this page.
5. Click Manage backups for this instance , and then select Enable Backups or
Disable Backups.
6. When prompted, confirm that you want to enable or disable backups.
Delete a Backup
You can delete an existing backup of an Oracle Java Cloud Service instance.
You might want to delete a backup for the following reasons:
• The backup is no longer needed.
• To prevent users from restoring the service instance from this backup
• To free up storage space
1. Access your service console.
2. Click the name of the service instance for which you want to manage backups.
3. On the Overview page, click the Administration tile.
4. Click the Backup tab.
5. Under Available Backups, beside the backup that you want to delete, click Menu
, and then select Delete.
6. If you selected a full backup that is linked to one or more incremental backups,
select the check box to confirm that both the full and incremental backups will be
deleted.
7. Click Delete.
Restore a Backup
You can restore an Oracle Java Cloud Service instance to a previous state.
Java Cloud Service restores your instance’s configuration from a selected backup.
You can also choose whether to restore the Oracle software (binary files) to its current
official patch level, or to leave the software unchanged. If you choose to restore the
software, it is restored from an image maintained internally to Oracle Cloud. The
software is not restored to the point in time at which the backup was created.
If you performed a scaling operation after the backup was created, the topology of the
service instance and the topology of the backup might not be the same. The restore
operation can automatically remove nodes that you added to the service instance after
7-9
Chapter 7
Restore the Database for a Service Instance
the backup was created. However, the restore operation cannot add missing nodes to
the service instance that were removed after the backup was created.
Java Cloud Service does not restore the database associated with your service
instance. Prior to restoring a backup, you must restore from the corresponding
database backup as identified by its RMAN tag or timestamp.
Wait for any maintenance operations on this service instance to complete, such as
patching or scaling operations, before you begin.
1. Access your service console.
2. Click the name of the service instance that you want to restore.
3. On the Overview page, click the Administration tile.
4. Click the Backup tab.
5. Under Available Backups, beside the backup that you want to restore, click
Menu , and then select Restore.
6. If you changed the password of the infrastructure database schema after creating
the selected backup, enter the current Schema Password.
7. If the backup contains fewer nodes than the current number of nodes in the
service instance, then the Force scale in check box is selected for you
automatically.
Oracle Java Cloud Service removes these nodes from the service instance prior to
performing the restore operation. Alternatively, you can remove the nodes in your
service instance that are not found in the backup, and then return to this dialog.
8. If you want to also restore the Oracle software in this service instance to the
current official patch level, select Restore binary files.
9. For Notes, enter any free-form text to provide additional information about the
restoration. For example, describe why you are restoring the service instance.
10. Click Restore.
11. When prompted for confirmation, perform one of the following steps:
• If the selected backup has an associated database backup, select the check
box to confirm that you have already restored the database, and then click
Continue with Restore.
• Click Yes, Restore Service.
12. To check the status of the restore operation, periodically click Refresh .
7-10
Chapter 7
Return an Instance to Service After Restoration from a Backup
7-11
Chapter 7
Access the Contents of a Backup
Refer to the relevant documentation for the release of Oracle WebLogic Server
that your service instance is running:
• How to Remove Transaction Records in Developing JTA Applications for
Oracle WebLogic Server 12c (12.2.1.3)
• How to Remove Transaction Records in Developing JTA Applications for
Oracle WebLogic Server 12c (12.1.3)
• How to Remove Transaction Records in Developing JTA Applications for
Oracle WebLogic Server 11g (11.1.1.7)
{
"backupId": "086b01a7-9e80-4292-a2d5-1aa78e7265d7"
"unpackAndDecryptOnly": "true"
}
Locate the required files on the Administration Server node under /u01/data/backup/
work, and move them to a different location. Subsequent backup and restore
operations will remove any existing files under /u01/data/backup/work.
If you select an incremental backup, it contains only the files that have been modified
since the most recent full backup operation. In order to find a specific file or to obtain
the complete contents of a specific directory, you might need to extract the full backup
as well.
7-12
Chapter 7
Explore the Backup Page
• Delete a Backup
• Restore a Backup
Element Description
Oracle Java Cloud Click this link to return to the Oracle Java Cloud Service Console.
Service link
7-13
Chapter 7
Explore the Backup Page
Element Description
(in the page header) Menu icon provides the following options:
• Open WebLogic Server Administration Console—Open
the WebLogic Administration Console to administer your
application environment.
• Open Fusion Middleware Control Console—Open Fusion
Middleware Control to administer your application
environment.
• Open Load Balancer Console—Open the console to
administer the load balancer, if a local load balancer has
been configured for the service instance.
Note that access to the administrative consoles is disabled by
default. When you create a service instance, you can enable
consoles by selecting a check box on the Details page of the
instance creation wizard. For an instance this is already
created, you must create an access rule in order to activate
the console choices. See Enabling Console Access in an
Oracle Java Cloud Service.
• Start—Start the nodes for the Administration Server,
Managed Servers, load balancer, and Managed Servers on
the Coherence data tier (if provisioned).
• Stop—Stop the nodes for the Administration Server,
Managed Servers, load balancer, and Managed Servers on
the Coherence data tier (if provisioned).
• Restart—Stop and then immediately restart all the nodes in
the service instance.
• Scale Out—Adds a managed server node.
• Define Auto Scaling Rules—Opens the Add Rule dialog
box, which opens the Rules page where you can configure
auto-scaling rules.
• Change License Type—Opens the Change License Type
dialog box, which enables you to choose whether to leverage
your existing on-premises (BYOL) license or use your Oracle
Java Cloud Service cloud license.
• Add Load Balancer—Add a user-managed load balancer to
this service instance.
• Disable/Enable Load Balancer—Depending on the
selection, either blocks access to the service instance or
forwards the requests it receives from clients to the Oracle
WebLogic Server Managed Servers.
• Manage Access Rules—Create and manage rules to control
access to the nodes for this service instance.
• Add SSH Access—Add public SSH keys to the nodes that
make up this service instance.
• Manage Tags/Add Tags—Either remove or add tags to a
service instance. Manage Tags appears if a tag already
exists for the service instance. Add Tags appears if no tags
exist for the service instance.
• Enable Backups—Enable backups for this service instance.
• View Activity—View all administrative activities that have
been performed on your service instances.
• View Instance Metrics—View performance metrics for this
service instance.
7-14
Chapter 7
Explore the Backup Page
Element Description
Backups on Cloud Storage The total amount of space, in megabytes or gigabytes, that
backups are occupying in the Oracle Cloud Infrastructure Object
Storage Classic container for storing backups. This amount
includes space that is occupied by backups that have been
manually uploaded to the container, if any, in addition to the
space occupied by backups that Oracle Java Cloud Service has
moved there.
Backup Volume Used The total amount of space, in megabytes or gigabytes, that local
copies of backups are occupying in the backup volume on the
block storage of the virtual machine where the Administration
Server is running.
Backup Volume Used (%) The percentage of the available space that backups are
occupying in the backup volume on the block storage of the virtual
machine where the Administration Server is running.
Incremental Backups Indicates the schedule for running incremental backups. For
information about configuring the incremental backup schedule,
see Configure Scheduled Backups for an Oracle Java Cloud
Service Instance.
Full Backups Indicates the schedule for running full backups. For information
about configuring the full backup schedule, see Configure
Scheduled Backups for an Oracle Java Cloud Service Instance.
Most Recent Backup Indicates that the most recent backup failed and the time of its
failure. Click the icon for information about why the backup
attempt was unsuccessful.
Oracle Java Cloud Service automatically disables backups after
consecutive failures occur with scheduled backups.
Last Successful Backup Indicates the time of the last successful backup.
Click to refresh the page. The date and time the page was last
refreshed is displayed adjacent to this button.
Available Backups List of available backups. By default, only backups for the last
seven days are listed. Use the search field to specify a range of
dates for which you want backups returned.
Manage backups for this Select from the following options:
instance • Backup Now — Create an on-demand backup of the service
instance.
• Configure Backups — Update the backup schedule and
where backups are stored.
• Disable Backups — Disable automated and on-demand
backups.
• Enable Backups — Enable automated and on-demand
backups.
Enter the start date of the period for which you want to filter the
list of available backups or the restoration history. By default, the
start date is set to seven days before the current date.
Enter the date in the format mm/dd/yyyy.
• mm is a one-digit or two-digit month number, for example, 2
for February or 10 for October.
• dd is a number in the range 1–31 for the day of the month.
• yyyy is a four-digit year number, for example, 2104.
Alternatively, click the calendar icon to select the date from a
calendar.
7-15
Chapter 7
Explore the Backup Page
Element Description
Enter the end date of the period for which you want to filter the list
of available backups or the restoration history. Enter the date in
the format mm/dd/yyyy.
• mm is a one-digit or two-digit month number, for example, 2
for February or 10 for October.
• dd is a number in the range 1–31 for the day of the month.
• yyyy is a four-digit year number, for example, 2104.
Alternatively, click the calendar icon to select the date from a
calendar.
Note:
The end date must not be earlier
than the start date.
7-16
Chapter 7
Explore the Backup Page
Element Description
Completed backup with a warning message. Oracle Java Cloud
Service tried but failed to move or delete one or more older
backups. For information about when and why Oracle Java Cloud
Service moves or deletes older backups, see About Backup and
Restoration in Oracle Java Cloud Service. The backup is still
available for use in restoring the service instance.
To find out why Oracle Java Cloud Service could not move or
remove the older backup, place the cursor over the icon.
The presence of the older backup may cause future backups to
fail because of insufficient space. For information about how to
prevent future backups from failing in this way see One of my
backups is showing a warning icon.
The backup is identified by the date and time when the backup
was created, which is displayed adjacent to icon that represents
the backup.
Click the icon to see additional information about the backup.
The backup is in the process of being deleted.
Click the icon to see additional information about the backup.
7-17
Chapter 7
Explore the Backup Page
Element Description
Restore History (Last 7 Click the triangle adjacent to this label to display a list of all the
Days) restoration operations on this service instance. By default, only
restoration operations for the last seven days are listed. Use the
search field to specify a range of dates for which you want
restoration operations returned.
Click Select to include unsuccessful restore attempts to
include the unsuccessful restoration operations in the list.
Completed restoration operation for theOracle Java Cloud Service
instance.
The restoration operation is identified by the date and time when it
was started, which is displayed adjacent to icon that represents
the restoration operation.
Click the icon to see additional information about the restoration
operation.
In-progress restoration operation for the Oracle Java Cloud
Service instance.
The restoration operation is identified by the date and time when it
was started, which is displayed adjacent to icon that represents
the restoration operation.
Click the icon to see additional information about the restoration
operation.
Unsuccessful restoration attempt for the Oracle Java Cloud
Service instance.
The restoration attempt is identified by the date and time when it
was started, which is displayed adjacent to icon that represents
the restoration attempt.
Click the icon to see additional information about the restoration
attempt.
From Backup The date and time when the backup from which the service
instance was restored was created.
Status The status of the restoration operation:
• Completed
• In-Progress
• Failed
Click the text to see detailed status messages for the operation.
Contains A row of up to two icons that indicates the items that were
restored:
•
—Indicates that binary files were restored.
•
—Indicates that configuration files were restored.
7-18
8
Manage Snapshots and Clones in Oracle
Java Cloud Service
A snapshot is a point-in-time image of a service instance. You can use snapshots to
quickly create multiple clones of an instance.
Topics:
• About Snapshots and Clones
• Create a Snapshot
• Delete a Snapshot
• Clone an Instance Using a Snapshot
• View Details of Snapshots and Clones
Note:
Cloning is not supported for instances associated with Oracle Cloud
Infrastructure Database or Oracle Autonomous Transaction Processing.
Also, you cannot create a clone of a service instance if authentication for the
service instance is enabled with Oracle Identity Cloud Service.
Topics
• What Does a Snapshot Contain?
• What Can I Use Clones For?
• What Happens When I Create a Snapshot?
• How Does Cloning Work?
8-1
Chapter 8
About Snapshots and Clones
Note:
The snapshot does not include the database associated with the instance.
You must take a snapshot of the database separately. The source and the
cloned instance can't use the same infrastructure database.
8-2
Chapter 8
Create a Snapshot
In the web console, cloned instances are indicated visually by the icon.
Internally, a snapshot in Oracle Cloud Infrastructure Classic is linked to the parent
instance and to the clones created from the snapshot. But snapshots in Oracle Cloud
Infrastructure are detached, meaning that they exist independently, with no linkage to
the parent instance or the clones.
The service level, software edition, cluster size, and domain partitions of the cloned
instance are the same as that of the original instance. They can't be changed. If the
original instance has a load balancer, the clone will have a load balancer as well. If
Oracle Identity Cloud Service is enabled for the original instance, then the clone will
have Oracle Identity Cloud Service enabled as well.
You can change the shape of the compute nodes of the cloned instance. You must
specify the instance name, the SSH public key for the compute nodes, the
administrator credentials for Oracle WebLogic Server, and the database to be
associated with the cloned instance.
At any time, you can view the snapshot from which a given clone was created. You
can also view details of the clones created from a given snapshot.
Create a Snapshot
You can use snapshots to quickly create clones of an Oracle Java Cloud Service
instance.
Note that snapshots don’t include the database deployment that’s associated with your
instance.
8-3
Chapter 8
Delete a Snapshot
Note:
The instance continues to be available while the snapshot is created. But the
instance is in maintenance mode, which means that you can't perform
administration operations, such as patching and backup. While the snapshot
is being created, the applications can continue to access the storage
volumes.
Delete a Snapshot
When you no longer need a snapshot of an Oracle Java Cloud Service instance, you
can delete it.
Note:
For instances in Oracle Cloud Infrastructure Classic, to delete a snapshot
that has clones, you must first delete the clones.
8-4
Chapter 8
Clone an Instance Using a Snapshot
Note:
Cloning is not supported currently for the following:
• Instances associated with Oracle Cloud Infrastructure Database or
Oracle Autonomous Transaction Processing.
• Instances where authenication with Oracle Identity Cloud Service is
enabled.
• Instances on Oracle Cloud at Customer created before release 17.4.1.
To find out whether an instance was created before 17.4.1:
1. Do one of the following:
– Send a GET REST API request to the instance. See View a
Service Instance in REST API for Oracle Java Cloud Service.
– Run the CLI command psm jaas service -s
serviceInstanceName -of json. See psm jaas service in PaaS
Service Manager Command Line Interface Reference.
2. In the data that the API request or the CLI command returns, search
for the line "provisionEngine":"Metadata_x_y" (for example,
"provisionEngine":"Metadata_1_0").
– If the provisionEngine line does not exist, then the instance
was created before the 17.4.1 release.
– If the line exists, then the instance was created after 17.4.1.
Field Description
Instance Name Specify a name for the Oracle Java Cloud Service
instance.
8-5
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Description (Optional) Enter a short description of the Oracle Java
Cloud Service instance.
Notification Email (Optional) Specify an email address where you would like
to receive a notification of any events occurring with the
service instance, including whether provisioning has
succeeded or failed.
Region Selected automatically; same as the original instance.
IP Network (Only if a region is selected) (Not available on Oracle
Cloud Infrastructure) Select an IP network if you want to
create the service instance in an IP network that you’ve
defined.
By default, each node in your instance is auto-assigned a
public and a private IP address. The IP addresses might
change each time the service instance is restarted. You
can reserve and assign fixed public IP addresses.
In order to select an IP network if you have selected
Enable Authentication Using Identity Cloud Service,
which automatically configures a managed load balancer,
you must first attach an internet-facing load balancer to
the IP network.
This field is not relevant to Oracle Cloud Infrastructure.
Assign Public IP (Not available on Oracle Cloud Infrastructure)
Choose whether to assign public IP addresses to the
nodes in your service instance. You must first select an
Oracle Cloud Infrastructure Classic region and specify an
IP network.
If you select this check box (default), then any node added
during instance provisioning, or later added as part of a
scaling operation, will have a public IP address assigned
to it. You will be able to directly access the nodes from the
public Internet. This selection is for use cases where you
intend to deploy Java EE applications to the Oracle Java
Cloud Service instance and access them from the public
Internet.
If you deselect this check box, then any node added
during instance provisioning, or later added as part of a
scaling operation, will not have a public IP address
assigned to it. You will not be able to directly access the
nodes from the public Internet. This selection is for use
cases where you intend to deploy Java EE applications to
the Oracle Java Cloud Service instance and access them
only within your IP network or from your on-premises data
center over a VPN network.
Availability Domain (Available only on Oracle Cloud Infrastructure)
Select an availability domain. A region can have multiple
isolated availability domains, each with separate power
and cooling. The availability domains within a region are
interconnected using a low-latency network.
Note that the database that you intend to associate with
your Oracle Java Cloud Service instance can be in a
different availability domain within the selected region.
8-6
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Subnet Select the Oracle Cloud Infrastructure subnet to which the
nodes of your instance must be attached.
This field provides a No Preference option and a list of
the available subnets. Each subnet is shown in the format
compartmentName | vcnName | subnetName. A tooltip
lists the compartment name, VCN name, subnet name,
and the OCID of the subnet.
• To have the subnet assigned automatically, select No
Preference. The subnet
ManagedCompartmentForPaaS | svc-vcn | svc-
subnet-... is used for your instance.
Note: Don't select No Preference if you plan to
associate an Oracle Cloud Infrastructure Database
with your service instance.
If you want to configure security rules for your
instance, don’t select No Preference or
ManagedCompartmentForPaaS | svc-vcn | svc-
subnet-.... Select a subnet in a VCN that you
created.
• To assign a subnet explicitly, select a suitable subnet
from the available options.
• If none of the available subnets meets your
networking requirements, then cancel the Create
Instance wizard. In Oracle Cloud Infrastructure,
create the required VCN and subnets, create policies
to allow Oracle Java Cloud Service to use the VCN,
and select the appropriate subnet while creating your
instance. See Prerequisites for PaaS Services on
Oracle Cloud Infrastructure in the Oracle Cloud
Infrastructure documentation.
Database instances in Oracle Database Cloud Service
and Oracle Cloud Infrastructure Database must be in the
same region and virtual cloud network (VCN) as the
Oracle Java Cloud Service instance. The database and
service instance do not need to be in the same subnet.
The database and service instance can be on different
VCNs only if you configure VCN peering.
Tags (Optional) Select existing tags or add tags to associate
with the service instance.
To select existing tags, select one or more check boxes
from the list of tags that are displayed on the pull-down
menu.
To create tags, click to display the Create Tags dialog
box. In the New Tags field, enter one or more comma-
separated tags that can be a key or a key:value pair.
If you do not assign tags during provisioning, you can
create and manage tags after the service instance is
created.
8-7
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Bring Your Own License The Bring Your Own License (BYOL) option enables
you to bring your on-premises Oracle WebLogic Server
licenses to Oracle Cloud. BYOL instances are billed at a
lower rate than other instances. See Frequently Asked
Questions: Oracle BYOL to PaaS.
You must own a Universal Credits or Government
subscription in order to use BYOL.
BYOL is enabled by default. If you deselect this option,
your account will be charged for the new service instance
according to your Oracle Java Cloud Service agreement.
Note: Before you scale up or scale out a BYOL instance,
you must have enough WebLogic Server licenses for the
additional OCPUs that will be allocated to the instance
after it is scaled.
Service Level Selected automatically; same as the original instance.
Software Release Selected automatically; same as the original instance.
Software Edition Selected automatically; same as the original instance.
8. Click Next.
9. On the Details page, select the Advanced tab, and specify the following attributes:
Field Description
WebLogic Clusters Configured automatically; same as the original
instance.
Compute Shape Select the compute shape to use for all Administration
Server and Managed Server nodes. The compute
shape is the number of Oracle Compute Units
(OCPUs) and amount of memory (RAM) that you want
to allocate to these nodes. The selected shape is not
used for Coherence or Load Balancer nodes.
The list of available shapes varies depending on
whether you selected an Oracle Cloud Infrastructure
Classic or Oracle Cloud Infrastructure region.
(Advanced option) When you create multiple WebLogic
clusters, you can assign a different compute shape for
different clusters. This field displays the compute
shape of the selected cluster.
If you purchased a Universal Credits subscription for
Oracle Java Cloud Service, you will pay at the Pay-As-
You-Go rate when you exceed your monthly or annual
maximum credit.
Server Count Selected automatically; same as the original instance.
8-8
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Reserved IPs (Not available on Oracle Cloud Infrastructure)
Select reserved IP addresses for the nodes in your
cluster, or leave the default value as Assign
Automatically if you want Oracle to automatically
assign IP addresses to these nodes. The number of IP
addresses that you select must equal the number of
nodes in the cluster.
This option is displayed only if you selected a specific
Region for this service instance.
You create IP reservations by using the Reserved IPs
tab in the Oracle Java Cloud Service Console. If you
do not see this tab on the console, click the gear icon
next to this field and follow the instructions to create
your first IP reservation. After creating IP reservations,
you need to restart the instance creation wizard.
Domain Partitions Selected automatically; same as the original instance.
Enable Access to (Advanced option) Select this check box if you want to
Administration Consoles enable access to the WebLogic Service Administration
Console, Fusion Middleware Control, and Load
Balancer Console for the service instance. If you do
not select this option, these consoles will not be
externally accessible, and also will not appear as
choices in the service instance’s menu .
Alternatively, you can enable access to the
administration consoles after creating the service
instance.
If you are creating this service instance in Oracle Cloud
Infrastructure, access to the administration consoles is
enabled by default; selecting or deselecting this check
box has no effect.
Deploy Sample Application Selected or deselected automatically to match the
original instance.
Enable Authentication Using Selected automatically; same as the original instance.
Identity Cloud Service
SSH Public Key Specify the public key that will be used for
authentication when connecting to a node in your
instance by using a Secure Shell (SSH) client.
Click Edit to display the SSH Public Key for VM
Access dialog, and then specify the public key using
one of the following methods:
• Select Key file name and use your web browser
to select a file on your machine that contains the
public key.
• Select Key value and paste the value of the public
key into the text area. Be sure the value does not
contain line breaks or end with a line break.
• Select Create a New Key if you want Oracle to
generate a public/private key pair for you. You will
be prompted to download these generated keys.
If you choose to create a new key, the generated
private key file is in OpenSSH format. Before
connecting to a node in this service instance with the
PuTTY SSH client, you must first convert the key to
PuTTY’s proprietary format.
8-9
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Local Administrative User Enter your choice of user name for the WebLogic
Name Server administrator. The default is weblogic. This
name is used to access the WebLogic Server
Administration Console, Fusion Middleware Control,
and Load Balancer Console for the service instance.
Password Specify a password for the WebLogic Server
administrator and confirm the password.
Provision Local Load Balancer Selected automatically; same as the original instance.
Load Balancer This option is displayed only if you selected an Oracle
Cloud Infrastructure region.
Selected automatically; same as the original instance.
Compute Shape Select the compute shape to use for all the load
balancer nodes in the service instance. The compute
shape is the number of Oracle Compute Units
(OCPUs) and amount of memory (RAM) that you want
to allocate to these nodes.
The list of available shapes varies depending on
whether you selected an Oracle Cloud Infrastructure
Classic or Oracle Cloud Infrastructure region.
You are billed for Oracle Traffic Director nodes at the
same price that you are billed for Oracle WebLogic
Server nodes in your Oracle Java Cloud Service
subscription.
Add Another Active OTD Node This option is displayed only if Provision Local Load
Balancer is set to Yes.
Select this check box to provision a second load
balancer node running Oracle Traffic Director (OTD) in
this service instance. Both load balancer nodes route
traffic to the cluster of WebLogic Managed Servers.
You can also add a second load balancer node to a
service instance after creating the service instance.
Reserved IPs Select reserved IP addresses for the load balancer
nodes in your cluster, or leave the default value as
Assign Automatically if you want Oracle to
automatically assign IP addresses to these nodes. The
number of IP addresses that you select must equal the
number of load balancer nodes in the service instance.
This option is displayed only if these conditions are
true:
• You selected a specific Oracle Cloud
Infrastructure Classic Region for this service
instance.
• Provision Local Load Balancer is set to Yes
You create IP reservations by using the Reserved IPs
tab in the Oracle Java Cloud Service Console. If you
do not see this tab on the console, click the gear icon
next to this field and follow the instructions to create
your first IP reservation. After creating IP reservations,
you need to restart the instance creation wizard.
8-10
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Load Balancing Policy If you selected Provision Local Load Balancer,
choose one of the following policies:
• Least Connection Count (default)—Passes each
new request to the Managed Server with the least
number of connections. This policy is useful for
smoothing distribution when a Managed Server
receives more requests than it can handle
efficiently.
• Least Response Time—Passes each new
request to the Managed Server with the fastest
response time.
• Round Robin—Evenly distributes requests across
all Managed Servers, regardless of the number of
connections or response times.
8-11
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Database Instance Name Note: Cloning is not supported currently for Oracle
Java Cloud Service instances associated with Oracle
Cloud Infrastructure Database or Autonomous
Transaction Processing.
The source and the cloned instance can't use the
same infrastructure database.
Select an existing Oracle Database Cloud Service
(Classic) deployment or Oracle Database Exadata
Cloud Service deployment to connect to this service
instance.
Oracle Java Cloud Service provisions the selected
database with the required schemas for running a
service instance.
The list only includes a database deployment if it
meets the following criteria:
• Is in an active state and not currently in the
process of being provisioned
• Is not configured with a Backup Destination set
to None (not applicable to Oracle Database Cloud
Service — Virtual Image deployments).
Note the following additional constraints and
limitations:
• To ensure that you can restore the database for
an Oracle Java Cloud Service instance without
risking data loss for other service instances,
Oracle recommends that you do not associate the
same infrastructure schema database (or the
same pluggable database) with multiple service
instances. Backups of a database that is used with
multiple Oracle Java Cloud Service instances
contain data for all the instances. Therefore, if you
restore the database from a backup, data for all
the service instances is restored, which might not
be the intended result.
• Oracle Java Cloud Service does not support
Oracle Database 18c.
• If you selected an IP Network for this service
instance, you must also select an Oracle
Database Cloud Service (Classic) database
deployment that is attached to an IP network. If
the service instance and database deployment are
attached to different IP networks, the two IP
networks must be connected to the same IP
network exchange.
• If you selected the Oracle Java Cloud Service—
Virtual Image service level, you can select an
Oracle Database Cloud Service — Virtual Image
database deployment. However, you must
configure the Oracle Database Cloud Service —
Virtual Image environment before you create this
service instance.
8-12
Chapter 8
Clone an Instance Using a Snapshot
Field Description
PDB Name Specify the pluggable database the service instance
will connect to.
If you don't specify a PDB name, Oracle Java Cloud
Service uses the default Oracle Database 12c PDB
name that was provided when the Oracle Database
Cloud Service (Classic) database deployment was
originally created.
The PDB value doesn't apply to databases running
Oracle Database 11g.
Administrator User Name Enter the name of the database administrator that
Oracle Java Cloud Service will use to connect to the
selected database deployment and to provision the
required schemas for this service instance.
• If you selected the software release Oracle
WebLogic Server 11g (11.1.1.7), you can specify
the default user SYS or any user that has been
granted the DBA role.
• If you selected the software release Oracle
WebLogic Server 12c (any version), you can
specify the user SYS or any user that has been
granted the SYSDBA privilege.
Password Enter the password for the database administrator.
Add Application DB (Advanced option) Add a up to four database
deployments for your application schema.
Click Add if you want to specify a separate Oracle
Database Cloud Service database deployment or
Oracle Database Exadata Cloud Service database
dedicated for your application schema. When you add
an application database, the Oracle Java Cloud
Service creates an additional data source in your
Oracle WebLogic Server domain to connect to this
database.
Use the Add Database Configuration dialog to select
the name of an existing Oracle Database Cloud
Service database deployment or Oracle Database
Exadata Cloud Service database, and to provide a
user name and password for this database.
Click Add and repeat this process for up to three more
database deployments.
Backup Destination (Advanced option) Select Both Remote and Disk
Storage if you want to enable automated and on-
demand backups for this service instance. Backups will
be saved to object storage and to block storage
volumes that are attached to the nodes of the instance.
The default value is None, meaning that you cannot
use Oracle Java Cloud Service to take backups of this
service instance. You can configure backups on a
service instance after creating it.
This field is not relevant if you selected Oracle Java
Cloud Service—Virtual Image.
8-13
Chapter 8
Clone an Instance Using a Snapshot
Field Description
Object Storage Container This field is displayed only if Backup Destination is
set to Both Remote and Disk Storage.
Enter the object storage location where backups of the
service instance must be stored.
The object storage container field in the instance
creation wizard is auto-populated with a default
container URL in the format restEndpointUrl/JaaS,
where restEndpointUrl is the REST endpoint URL
of the Oracle Cloud Infrastructure Object Storage
Classic service in the account, and JaaS is the default
container name. You can change the container name.
Note that if the account doesn’t include an Object
Storage service entitlement or if the region selected is
an Oracle Cloud Infrastructure region, then the
container field is not autopopulated.
• Oracle Cloud Infrastructure Classic: Enter the
URL of a container in Oracle Cloud Infrastructure
Object Storage Classic.
Format: rest_endpoint_url/containerName
You can find the REST endpoint URL of the
Oracle Cloud Infrastructure Object Storage Classic
service instance in the Infrastructure Classic
Console.
Example: https://
acme.storage.oraclecloud.com/v1/
MyService-acme/MyContainer
Note: You can select the Create Object Storage
Container check box to have a new container
created automatically.
• Oracle Cloud Infrastructure: Enter the URL of a
bucket in Oracle Cloud Infrastructure Object
Storage. See Prerequisites for PaaS Services on
Oracle Cloud Infrastructure in the Oracle Cloud
Infrastructure documentation.
Format: https://
swiftobjectstorage.region.oraclecloud.c
om/v1/namespace/bucket
To find out your namespace, sign in to the Oracle
Cloud Infrastructure web console, click the
tenancy name, and look for the Object Storage
Namespace field.
Example: https://swiftobjectstorage.us-
phoenix-1.oraclecloud.com/v1/myCompany/
myBucket
8-14
Chapter 8
Clone an Instance Using a Snapshot
Field Description
User Name This field is displayed only if Backup Destination is
set to Both Remote and Disk Storage.
In Oracle Cloud Infrastructure Classic regions only, this
field is not displayed if you selected Enable
Authentication Using Identity Cloud Service.
• Oracle Cloud Infrastructure Classic: Enter the
user name of the Oracle Cloud Infrastructure
Object Storage Classic service user who created
the container you specified earlier. If the container
doesn’t exist, then enter the user name of a
service administrator.
• Oracle Cloud Infrastructure: Enter the user
name of the Oracle Cloud Infrastructure Object
Storage user who created the bucket you
specified earlier.
Password This field is displayed only if Backup Destination is
set to Both Remote and Disk Storage.
In Oracle Cloud Infrastructure Classic regions only, this
field is not displayed if you selected Enable
Authentication Using Identity Cloud Service.
• Oracle Cloud Infrastructure Classic: Enter the
password of the user you specified.
• Oracle Cloud Infrastructure: Enter the Auth
Token generated in Oracle Cloud Infrastructure for
the user you specified. See Prerequisites for PaaS
Services on Oracle Cloud Infrastructure in the
Oracle Cloud Infrastructure documentation.
Create Object Storage This option is displayed only if Backup Destination is
Container set to Both Remote and Disk Storage.
If the Oracle Cloud Infrastructure Object Storage
Classic container that you specified doesn’t exist, or if
you aren’t sure whether it exists, then select this check
box. If the container doesn’t exist, it will be created
automatically.
This option is not relevant to Oracle Cloud
Infrastructure. The specified Oracle Cloud
Infrastructure Object Storage bucket must exist prior to
creating a service instance.
Provision Data Grid Cluster Selected automatically; same as the original instance.
Compute Shape Selected automatically; same as the original instance.
Cluster Size Selected automatically; same as the original instance.
Managed Servers Per Node Selected automatically; same as the original instance.
8-15
Chapter 8
View Details of Snapshots and Clones
On the Instances page of the web console, cloned instances are indicated by the
icon.
Note:
In Oracle Cloud Infrastructure Classic and Oracle Cloud at Customer, if you
8-16
9
Patch an Oracle Java Cloud Service
Instance
This section describes how to apply a patch to an Oracle Java Cloud Service instance,
and roll back the patch as necessary.
Note:
This section does not apply to Oracle Java Cloud Service—Virtual Image
instances. Patching within Oracle Java Cloud Service is not supported by
Oracle Java Cloud Service—Virtual Image instances.
Topics:
• About Patching and Rollback
• Typical Workflow for Patching an Oracle Java Cloud Service Instance
• View Patch Details
• Perform Patch Prechecks and Address Patching Issues
• Apply a Patch
• Roll Back a Patch
• Explore the Patching Page
9-1
Chapter 9
About Patching and Rollback
You can obtain Oracle Linux OS patches from the Oracle’s Unbreakable Linux
Network if you have an Oracle Linux support subscription. You can also obtain Linux
OS patches from Oracle Linux Public Yum server: http://public-yum.oracle.com.
Java Cloud Service nodes are preconfigured to enable you to install and update
packages from the repositories on the Oracle public Yum server. The repository
configuration file is in the /etc/yum.repos.d directory on the nodes. You can install,
update, and remove packages by using the yum utility.
Note:
You are responsible to applying the required security updates published
through the Oracle public Yum server.
Do not install OS patches for other Linux distributions. Also, if you plan to use your
service instance for production applications, Oracle recommends that you avoid
installing any test, development, or preview OS packages that might be available in
the repository.
Note:
Apply patches only when they become available on the Patching page for
your service instance. Applying patches manually between PSUs causes
precheck failure. If you have applied patches manually, remove them before
patching.
9-2
Chapter 9
About Patching and Rollback
Note:
Patching is not supported for service instances where Oracle Java Cloud
Service Fusion Middleware—Oracle WebCenter Portal, Oracle Java Cloud
Service Fusion Middleware—Oracle Data Integrator, or any other product
that modifies the MW_HOME directory are installed. If you attempt to patch a
service instance where any of these products are installed, patching
prechecks issue an error message and patching does not start.
If the prechecks fail, the patching operation will fail and leave the Java Cloud Service
instance untouched.
Next, the target Oracle software components are restarted to ensure that they can be
restarted again after the patching operation performs a binary swap.
The prechecks do not check whether another administration task (backup, restoration,
or scaling) is in progress, which would prevent patching.
You can also perform prechecks without attempting to patch, and first remedy any
problems found.
If backups are configured and enabled on your service instance, an automatic backup
is created only after patching prechecks succeed. If you need to restore the state of
the service instance, use the backup and run patching again.
Note:
If automatic backup fails, then the patching operation fails and does not
apply the patch.
9-3
Chapter 9
Typical Workflow for Patching an Oracle Java Cloud Service Instance
before the patching operation started. If patching fails and the operation fails to revert
the service back to the previous state, you can use the backup created at the
beginning of the patching operation to restore the service manually.
Note:
If you had applied patches from a source other than your service to your
service instance, these patches will not be restored if you restore the service
manually.
9-4
Chapter 9
View Patch Details
Topics
• Perform a Patch Precheck
9-5
Chapter 9
Perform Patch Prechecks and Address Patching Issues
5. Beside the patch that you want to precheck, click PSU , and then select
Precheck.
6. When prompted for confirmation, click Yes.
9-6
Chapter 9
Perform Patch Prechecks and Address Patching Issues
Note:
The values provided in the following messages are examples. Your values
and host names will differ.
Topics:
• Failure Due to Manual Patching
• Disk Space Shortage
• Missing Database Connectivity
• Node Manager Is Not Running
• Connectivity Issues between Managed Servers and the Administration Server
• Servers Not Running
• Storage Access Failure
2019-07-23T11:52:26.145+00:00[SEVERE]:PATCHING-59996-[JaaS]-[1]-[FAILURE]:
[PSM-PATCH-60000: The patches applied on the service are not matching the
expected
patches. The expected patches are
["19795066","19154304","18905788","19632480",
"19030178","22754279","19002423","21663638"] and the actual patches
are
["19632480","26910516","19002423","19154304","19030178","18905788","1979506
6",
"22754279","18459080","21663638"]. When the patch is applied, the patch
operation
will move the service to patch level [12.2.1.2.190617]]
Remove the patches you applied manually, and then rerun patching prechecks or
apply a patch from within the Patching page of the Oracle Java Cloud Service
Console. To avoid this error in the future, apply approved patches only when they
become available from the Patching page.
If there is not enough space, try freeing up disk space by deleting unwanted backups,
for example.
9-7
Chapter 9
Perform Patch Prechecks and Address Patching Issues
Ensure that your database exists and is healthy. Open your Oracle Database Cloud
Service Console and check the status of your database deployment.
9-8
Chapter 9
Apply a Patch
Although you have a storage container, run a check that tells you whether you have a
storage container.
The result can indicate that the container is down.
Apply a Patch
Routinely check for and apply approved Oracle patches for an Oracle Java Cloud
Service instance. Oracle recommends that you apply the most recent patches
promptly. Delaying the application of patches could cause your service to become
unsupported.
You must apply only the patches that are displayed on the Patching page for your
service instance.
Note:
Applying patches manually rather than from the Patching page causes
patching to fail. Remove these patches before applying patches from the
Patching page.
Patches are applied in a rolling fashion to each node in your service instance, in order
to minimize the impact on your service.
Java Cloud Service does not provide cloud tooling to patch the operating systems for
the nodes in your service instance. You are responsible for installing any OS patches
and security updates.
Before you apply a patch to a service instance:
• Wait for any maintenance operations on this service instance to complete, such as
backup, restoration or scaling operations.
• Enable backups on your service instance if you previously disabled backups.
1. Access your service console.
2. Click the name of the service instance to which you want to apply a patch.
3. Click the Administration tile.
4. Click the Patching tab.
5. Click PSU beside the patch that you want to apply, and then select Patch.
6. Optional: In the Notes field, enter a description for this patching operation.
7. If Oracle Coherence is enabled, choose one of these patching options:
• Do not select the Confirm check box. If an Oracle Coherence server never
reaches the NODE-SAFE state, then the patching operation fails.
• Select the Confirm check box. Oracle Cloud does not wait for an Oracle
Coherence server to reach the NODE-SAFE state before stopping the server to
apply the patch. This action can result in data loss in the Oracle Coherence
data tier.
9-9
Chapter 9
Roll Back a Patch
When there’s only one server in the Oracle Coherence data tier, the check box is
automatically selected and disabled.
8. Click Patch.
The patching operation begins. The Administration tile displays a message about
the version of patch being applied, and the time of the backup that occurred before
the patching operation started.
When the patching operation is completed, information about the patch appears in the
Patch History section of the Patching page.
Topics:
• What You Can Do from the Patching Page
• What You See on the Patching Page
9-10
Chapter 9
Explore the Patching Page
Element Description
Oracle Java Cloud Service link Click this link to return to the Oracle Java Cloud Service Console.
(in the page header) Menu icon provides the following options:
• Open WebLogic Server Administration Console—Open the
WebLogic Administration Console to administer your application
environment.
• Open Fusion Middleware Control Console—Open Fusion
Middleware Control to administer your application environment.
• Open Load Balancer Console—Open the console to administer the
load balancer, if a local load balancer has been configured for the
service instance.
Note that access to the administrative consoles is disabled by default.
When you create a service instance, you can enable consoles by
selecting a check box on the Details page of the instance creation
wizard. For an instance this is already created, you must create an
access rule in order to activate the console choices. See Enabling
Console Access in an Oracle Java Cloud Service.
• Start—Start the nodes for the Administration Server, Managed
Servers, load balancer, and Managed Servers on the Coherence
data tier (if provisioned).
• Stop—Stop the nodes for the Administration Server, Managed
Servers, load balancer, and Managed Servers on the Coherence
data tier (if provisioned).
• Restart—Stop and then immediately restart all the nodes in the
service instance.
• Scale Out—Adds a managed server node.
• Define Auto Scaling Rules—Opens the Add Rule dialog box, which
opens the Rules page where you can configure auto-scaling rules.
• Change License Type—Opens the Change License Type dialog
box, which enables you to choose whether to leverage your existing
on-premises (BYOL) license or use your Oracle Java Cloud Service
cloud license.
• Add Load Balancer—Add a user-managed load balancer to this
service instance.
• Disable/Enable Load Balancer—Depending on the selection, either
blocks access to the service instance or forwards the requests it
receives from clients to the Oracle WebLogic Server Managed
Servers.
• Manage Access Rules—Create and manage rules to control access
to the nodes for this service instance.
• Add SSH Access—Add public SSH keys to the nodes that make up
this service instance.
• Manage Tags/Add Tags—Either remove or add tags to a service
instance. Manage Tags appears if a tag already exists for the service
instance. Add Tags appears if no tags exist for the service instance.
• Enable Backups—Enable backups for this service instance.
• View Activity—View all administrative activities that have been
performed on your service instances.
• View Instance Metrics—View performance metrics for this service
instance.
Click to refresh the page. The date and time the page was last refreshed
is displayed adjacent to this button.
9-11
Chapter 9
Explore the Patching Page
Element Description
Available Patches Displays patches that are available. The patch number is displayed, as
well as whether the patches are optional or mandatory. The release date
and affected components are displayed. Information about whether a
restart is required is displayed.
Represents an available patch.
Patch History Displays the history of patches that have been applied to the service
instance.
Indicates a successful patching operation. Appears in the Patch History
section. Click this icon to obtain more information about the patching
operation.
Displayed on a tools patch, indicates that the patch version for your
existing service instance is older than the current version. You will also
see a warning stating that the service is on a deprecated tools version. To
address this issue, apply the latest tools patch to your service instance.
Initiates an operation to roll back the service to its patch level prior to
applying the patch.
9-12
10
Upgrade the WebLogic Server Release for
an Oracle Java Cloud Service Instance
For an existing Oracle Java Cloud Service instance, you can upgrade the WebLogic
Server release from 12.1.3, 12.2.1.0, or 12.2.1.2 to either WebLogic Server release
12.2.1.4 or 12.2.1.3.
The manual upgrade process leverages the basic procedures for the on-premises
upgrade, with some additional procedures.
Topics:
• About Upgrading the WebLogic Server Release for an Oracle Java Cloud Service
Instance
• Perform Prerequisite Tasks
• Download the Upgrade Software
• Stop All WebLogic Server Processes
• Install the Upgrade Software
• Perform a Readiness Check
• Upgrade the Infrastructure Database Schemas
• Reconfigure the Domain
• Upgrade the Domain
• Restart the Administration Server Node
• Update and Restart the Managed Server Nodes
• Perform Post-Upgrade Tasks
• Roll Back an Upgrade
10-1
Chapter 10
Perform Prerequisite Tasks
10-2
Chapter 10
Perform Prerequisite Tasks
2. Back up the infrastructure database associated with your service instance. You will
need the backup in the unlikely case that the upgrade doesn't succeed and you
must roll back the service instance to its original state.
• For an Oracle Database Cloud Service deployment, see Creating an On-
Demand Backup in Administering Oracle Database Cloud Service.
• For an Oracle Cloud Infrastructure database, see Create an on-demand full
backup of a database in Backing Up to Oracle Cloud Infrastructure Object
Storage in the Oracle Cloud Infrastructure documentation.
Note:
Restoring the database that is used with multiple Java Cloud Service
instances may risk data loss for other service instances. Oracle
recommends that during the upgrade process you bring down all
instances that share the database.
Note:
Certain customizations to the environment will be lost during the
upgrade. For example, the upgrade process might overwrite your
changes to setDomainEnv.sh.
For example:
5. If your service instance is based on WebLogic Server 12.1.3 or 11g, and you have
configured Oracle Traffic Director (OTD) for the service instance, use the REST
API to remove the OTD node.
10-3
Chapter 10
Download the Upgrade Software
<rest_server_url>:/paas/api/v1.1/instancemgmt/<identity-domain>/
services/jaas/instances/<servicename>/servicecomponent
Note:
In a multi-cluster service instance you have performed a scale-out
operation and added a new cluster, the OTD routing information for the
scaled-out server in a new cluster will be lost when you remove the OTD
node. After upgrade, you must manually add the routing information back
to OTD.
6. Open a VNC session on the WebLogic Administration Server node so that you can
run the Reconfiguration Wizard and the Upgrade Assistant. See Connect to a
Node with VNC.
To use the Reconfiguration Wizard and Upgrade Assistant (Fusion Middleware
tools) during the upgrade process, you need a graphical user interface (GUI)
environment. X11 forwarding may be used to forward the GUI to your local
desktop. If you set up VNC, then X11 forwarding is not needed.
If your service instance is based on WebLogic Server 12.2.1.3, 12.2.1.2, or
12.2.1.0, and you have configured Oracle Traffic Director (OTD) for the service
instance, also set up VNC or X11 forwarding on the OTD VM.
See Running Graphical Applications Securely on Oracle Cloud Infrastructure.
For example:
10-4
Chapter 10
Download the Upgrade Software
Example output:
[{
"availablePatchGuiMetadata":{
"supportsPreCheck":true
},
"patchId":"wls_upg_12.2.1.3.190115_for_12cRelease212",
"patchCategory":"MajorPatch",
"patchSeverity":"Normal",
"includesConfigUpgrade":false,
"patchDescription":"WebLogic Server 12.2.1.3.0 with PSU Update
12.2.1.3.190115",
"patchReleaseUrl":"https://support.oracle.com/epmos/faces/
PatchDetail?patchID\u003d28710939",
"serviceType":"JaaS",
"serviceVersion":"12cRelease212",
"releaseDate":"2019-01-14T17:40:00.000+0000",
"entryDate":"2019-02-05T12:04:51.975+0000",
"entryUserId":"smctl",
"componentPatches":{
},
"patchType":"PSU",
"requiresRestart":false,
"isDeleted":false,
"displayName":"12.2.1.3.190115",
"releaseVersion":"12.2.1.3.190115",
"patchCustomActions":[
],
"restartStrategy":"RESTART_AFTER_PATCH",
"isUpgrade":true,
"extensionId":0
}]
In the response, look for the patch that has "patchCategory":"MajorPatch" and
copy the patchId value. In the example, the upgrade patch ID is
wls_upg_12.2.1.3.190115_for_12cRelease212.
2. Use the REST API to apply the upgrade patch to the service instance. No
parameters are needed in the request payload.
For example:
10-5
Chapter 10
Stop All WebLogic Server Processes
Example output:
{
"status":"Completed",
"details":{
"message":"Patching service with patch
[wls_upg_12.2.1.3.190115_for_12cRelease212] is submitted as an
asynchronous job.",
"jobId":"107376"
}
}
Note:
If your service instance is based on WebLogic Server 12.2.1.3, 12.2.1.2,
or 12.2.1.0 and Oracle Traffic Director (OTD) is configured, this step
needs to be run only once on the service instance. The REST API
operation downloads both the WebLogic Server and OTD upgrade
binaries and places them on the respective virtual machines.
3. This process may take some time. Wait several minutes, and then check the job
status:
https://<rest_server_url>/paas/api/v1.1/activitylog/
<identity_domain>/job/{jobId}
The upgrade patch downloads the WebLogic Server 12.2.1.4 or 12.2.1.3 binaries to
each virtual machine on the specified Oracle Java Cloud Service instance, then
updates Oracle Java Cloud Service to indicate that the specified upgrade patch has
been applied to the service instance.
Note:
Applying the upgrade patch does not perform the actual process of
upgrading the WebLogic Server software to the 12.2.1.4 or 12.2.1.3 version.
This is done later by manually installing the binaries and using the WebLogic
Upgrade Assistant.
2. Click Manage this instance for the service instance, and then select Open
WebLogic Server Administration Console.
3. Enter the WebLogic Server administrator user name and password.
10-6
Chapter 10
Stop All WebLogic Server Processes
/u01/data/domains/<domain>/bin/stopNodeManager.sh
11. If you're upgrading from WebLogic Server 11g (11.1.1.7), use the following
procedure to stop the Node Manager:
a. Start WLST.
/u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
For example:
stopNodeManager()
d. Quit WLST.
exit()
jps -l
13. Repeat Steps 10 through 12 on the Managed Server nodes in this service
instance.
14. If your service instance is based on WebLogic Server 12.2.1.3, 12.2.1.2, or
12.2.1.0 and Oracle Traffic Director (OTD) is configured:
10-7
Chapter 10
Install the Upgrade Software
/u01/data/otd-instance/otd_domain/config/fmwconfig/components/OTD/
instances/<lb-instance-name>/bin/stopserv
/u01/data/otd-instance/otd_domain/bin/stopNodeManager.sh
/u01/data/otd-instance/otd_domain/bin/stopWebLogic.sh
/u01/app/oracle/middleware/jcs/FMW/12.2.1.3.190115/190115/
fmiddleware.zip
3. Identify the location of the new JDK binaries under the directory /u01/jdk/jcs/
JDK.
Example:
/u01/jdk/jcs/JDK/8.0.201/190115/jdk.zip
4. Move the new Oracle Fusion Middleware and JDK binaries to a temporary
location.
Example:
mkdir /tmp/fmiddleware.zip
mkdir /tmp/jdk.zip
mv /u01/app/oracle/middleware/jcs/FMW/12.2.1.3.190115/190115/
fmiddleware.zip/* /tmp/fmiddleware.zip
mv /u01/jdk/jcs/JDK/8.0.201/190115/jdk.zip/* /tmp/jdk.zip
rm -rf /u01/app/oracle/middleware/*
rm -rf /u01/jdk/*
10-8
Chapter 10
Perform a Readiness Check
6. Move the new Oracle Fusion Middleware and JDK binaries from the temporary
location to MIDDLEWARE_HOME and JAVA_HOME.
mv /tmp/fmiddleware.zip/* /u01/app/oracle/middleware
mv /tmp/jdk.zip/* /u01/jdk
cat /u01/app/oracle/middleware/oraInst.loc
#Oracle Installer Location File Location
#Mon Jan 14 12:43:52 PST 2019
inst_group=dba
inventory_loc=/u01/app/oracle/middleware/inventory
mkdir -p /tmp/wls_otd.zip
mkdir -p /tmp/jdk.zip
mv /u01/app/oracle/middleware/jcs/lb/12.2.1.4.190910/190910/
wls_otd.zip/* /tmp/wls_otd.zip/
mv /u01/jdk/jcs/JDK/8.0.241/200107/jdk.zip/* /tmp/jdk.zip/
rm -rf /u01/app/oracle/middleware/*
rm -rf /u01/jdk/*
mv /tmp/wls_otd.zip/* /u01/app/oracle/middleware
mv /tmp/jdk.zip/* /u01/jdk/
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua -readiness
Setting USER_MEM_ARGS to use the /dev/urandom device reduces the time it takes
to run the Oracle Fusion Middleware upgrade tools.
10-9
Chapter 10
Upgrade the Infrastructure Database Schemas
Note:
Use this procedure when upgrading from WebLogic Server release 12.1.3,
12.2.1.0, 12.2.1.2, or 12.2.1.3.
10-10
Chapter 10
Upgrade the Infrastructure Database Schemas
The Upgrade Assistant creates missing or required schemas by using the default
schema settings.
Ensure that you have backed up the database. See Perform Prerequisite Tasks.
1. Start the Upgrade Assistant if you have not already done so. For example:
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/./urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua
/u01/app/oracle/middleware/oracle_common/upgrade/logs
7. If you are upgrading the schemas for an instance based on WebLogic Server
release 12.1.3, run the Upgrade Assistant a second time to manually upgrade the
<schema_prefix>_WLS schema.
This step is necessary because the Upgrade Assistant only upgrades schemas
used by the domain. In the WebLogic 12.1.3 release, the domain does not use the
<schema_prefix>_WLS schema by default, so the schema is not upgraded by the
Upgrade Assistant.
a. Start the Upgrade Assistant. For example:
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/./urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua
10-11
Chapter 10
Upgrade the Infrastructure Database Schemas
c. In the Database Connect String field, enter the same connect string as the
one used by the other schemas.
d. In the Schema User Name field, enter the user name with the same schema
prefix used by the other schema.
e. Enter the schema password.
If you do not know the schema password, change the password by using the
procedure in Change the Schema Password Manually. You will need the
schema prefix you noted in Step 4.
f. Repeat Steps 5 and 6, and then resume at the next step.
8. Remedy the database connection failure if one occurs. See Problems with
Database Connectivity When Upgrading the Infrastructure Schema Database.
9. Verify the schema upgrade was successful by checking that the schemas in
schema_version_registry have been properly updated. See Verifying the
Schema Upgrade (upgrade to 12.2.1.4) or Verifying the Schema Upgrade
(upgrade to 12.2.1.3) in Upgrading to the Oracle Fusion Middleware Infrastructure.
One way to verify the schema upgrade is to use SQL*Plus commands to obtain
data from the SCHEMA_VERSION_REGISTRY.
a. Find the Oracle Java Cloud Service instance's schema prefix in the Upgrade
Assistant log file at /u01/app/oracle/middleware/oracle_common/upgrade/
logs.
b. Connect to the database as a user having Oracle DBA privileges and run the
following commands from SQL*Plus to get the current version numbers.
sqlplus / as sysdba
SQL> connect <user_name>/<password>@<host_name>:<port>/
<service_name> as sysdba
SQL> SELECT MRC_NAME,COMP_ID,OWNER,VERSION,STATUS,UPGRADED FROM
SCHEMA_VERSION_REGISTRY WHERE MRC_NAME like 'SP1556690734';
10-12
Chapter 10
Upgrade the Infrastructure Database Schemas
Note:
Use this procedure when upgrading from WebLogic Server release 11g
(11.1.1.7).
The Upgrade Assistant creates required WebLogic Server 12c schemas by using the
default schema settings.
One of the missing schemas is the Service Table schema (<prefix>_STB), which is
new in WebLogic Server 12c and is required for domain-based upgrades. The Service
Table schema stores basic schema configuration information (for example, schema
prefixes and passwords) that can be accessed and used by other Oracle Fusion
Middleware components when creating the domain. The WebLogic Services schema
(<schema_prefix>_WLS) is also new in WebLogic Server 12c and is required for
domain-based upgrades.
Before upgrading the infrastructure database schemas, ensure that you have backed
up the database. See Perform Prerequisite Tasks.
1. Start the Upgrade Assistant if you have not already done so. For example:
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/./urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua
10-13
Chapter 10
Upgrade the Infrastructure Database Schemas
b. Enter and confirm the password for the Common Infrastructure Services
(STB schema) and the Oracle WebLogic Services (WLS) components. Use the
password you specified when you created the Oracle Java Cloud Service
instance.
• For a service instance on Oracle Cloud Infrastructure Classic, use the
WebLogic administrator password.
• For a service instance on Oracle Cloud Infrastructure, the schema
password is encrypted, so you must first change this password. Use the
procedure in Change the Schema Password Manually.
c. Locate the <schema_prefix>_IAU schema and note the generated schema
prefix. You will need this value if you need to change the password for the
schema later.
5. On the Upgrade Progress screen in the Upgrade Assistant, monitor the schema
upgrade progress.
6. Finish the schema upgrade process.
• If the schema upgrade succeeds, click Close to complete the upgrade and
close the wizard.
• If the upgrade fails, click View Log to view and troubleshoot the errors. The
logs are available in the following directory:
/u01/app/oracle/middleware/oracle_common/upgrade/logs
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/./urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua
10-14
Chapter 10
Reconfigure the Domain
sqlplus / as sysdba
SQL> connect <user_name>/<password>@<host_name>:<port>/
<service_name> as sysdba
SQL> SELECT MRC_NAME,COMP_ID,OWNER,VERSION,STATUS,UPGRADED FROM
SCHEMA_VERSION_REGISTRY WHERE MRC_NAME like 'SP1556656982';
10-15
Chapter 10
Reconfigure the Domain
/u01/app/oracle/middleware/oracle_common/common/bin/reconfig.sh -
log_priority=all -log="/u01/reconfig0212.log"
10-16
Chapter 10
Reconfigure the Domain
g. Click Next.
4. On the Advanced Configuration screen of the Reconfiguration Wizard, select
Deployment and Services.
5. Target the wsm-pm app to the Administration Server.
6. Click Reconfig.
7. Check the End of Configuration screen to learn whether the reconfiguration
process completed successfully or failed.
• If the reconfiguration is successful, Oracle WebLogic Server
Reconfiguration Succeeded is displayed. The location of the domain that
was reconfigured as well as the Administration Server URL (including the
listen port) are displayed as well.
• If the reconfiguration process did not complete successfully, an error message
is displayed which indicates the reason. Take appropriate action to resolve the
error.
Note:
Use this procedure if you are upgrading from WebLogic Server 11g
(11.1.1.7).
Before you begin, ensure you have backed up the domain on all nodes. See Perform
Prerequisite Tasks.
1. Start the Reconfiguration Wizard as the oracle user. Specify the following logging
options, including the absolute path of the log file you'd like to create for the
domain reconfiguration session.
For example:
/u01/app/oracle/middleware/oracle_common/common/bin/reconfig.sh -
log_priority=all -log="/u01/reconfig0212.log"
You can use this log file to troubleshoot any reconfiguration problems.
2. Perform the reconfiguration tasks shown in Upgrading to the Oracle Fusion
Middleware Infrastructure.
• Upgrade to 12.2.1.4 - Reconfiguring the Domain with the Reconfiguration
Wizard
• Upgrade to 12.2.1.3 - Reconfiguring the Domain with the Reconfiguration
Wizard
Follow the special instructions below for the following screens: Database
Configuration Type, Component Datasources, Node Manager, and Advanced
Configuration.
3. On the Database Configuration Type screen, enter the RCU data.
10-17
Chapter 10
Reconfigure the Domain
The Service Table schema (<prefix>_STB) is new in WebLogic Server 12c, so it's
not present in WebLogic Server 11g. As a result, you must enter the RCU data
manually.
a. Select RCU Data to connect to the Server Table (_STB) schema. The
Reconfiguration Wizard uses this connection to automatically configure the
data sources required for components in your domain.
b. Enter the database connection details using the RCU service table (_STB)
schema credentials. Note that if your service instance is on Oracle Cloud
Infrastructure, you changed this password when you upgraded the
infrastructure database schema. See Upgrade the WebLogic Server 11g
Infrastructure Database Schemas.
c. Click Get RCU Configuration.
d. Click Next.
4. If your database has _OPSS or _IAU WebLogic Server 11g database schemas,
enter the database connection details on the Component Datasources screen, and
then click Next.
• The _IAU or _OPSS schema displayed on the Component Datasources screen
has no connection data, so the default connection data is used.
• For each schema (<schema_prefix>_IAU, <schema_prefix>_IAU_APPEND,
<schema_prefix>_IAU_VIEWER, and schema_prefix_OPSS) enter data in the
Host Name, DBMS Service, Port, Schema Owner, and Schema Password
fields for each of the IAU schemas. The Host Name, DBMS Service, Port,
and Schema Password are the same as those used for the other schema.
5. Migrate the per-host Node Manager configuration to a per-domain configuration for
the reconfigured domain.
The Node Manager screen is only displayed if the domain you are reconfiguring is
currently using a per-host Node Manager. Because you are upgrading your
service instance from WebLogic Server 11g, the Node Manager screen appears,
and you must migrate the existing per-host Node Manager configuration.
a. On the Node Manager screen, select Per Domain Default Location for the
Node Manager Type.
In this configuration, the Node Manager home is redefined to $domain_name/
nodemanager.
b. Select Migrate Existing Configuration for Node Manager Configuration,
browse and select your Node Manager Home, and then select Apply Oracle
Recommended Defaults.
The existing per-host Node Manager configuration will be migrated to a per-
domain configuration for the reconfigured domain.
c. For Node Manager Credentials, specify the username and password that you
want to use to start Node Manager in the reconfigured domain.
d. Click Next.
6. On the Advanced Configuration screen of the Reconfiguration Wizard, select
Deployment and Services.
7. Target the wsm-pm app to the Administration Server.
8. Click Reconfig.
10-18
Chapter 10
Upgrade the Domain
export USER_MEM_ARGS=-Djava.security.egd=file:/dev/./urandom
/u01/app/oracle/middleware/oracle_common/upgrade/bin/ua
10-19
Chapter 10
Restart the Administration Server Node
• If the upgrade fails, the Upgrade Failure screen is displayed. Click View Log
to view and troubleshoot the errors. The logs are available at
ORACLE_HOME/oracle_common/upgrade/logs
7. If you are upgrading the WebLogic Server release from 11g, connect to the
Administration Server and set the CrashRecoveryEnabled property to true in the
<domain_home>/nodemanager/nodemanager.properties file.
CrashRecoveryEnabled=true
$MIDDLEWARE_HOME/oracle_common/common/bin/wlst.sh
nmConnect(username="<nm_user>", password="<nm_password>",
domainName="<domain>", domainDir="/u01/data/domains/<domain>",
nmType="ssl", host="<hostname>", port="5556", verbose="false")
Example:
nmConnect(username="weblogic", password="<nm_password>",
domainName="MyInstan_domain", domainDir="/u01/data/domains/
MyInstan_domain", nmType="ssl", host="myinstance-wls-1", port="5556",
verbose="false")
By default, the Node Manager credentials are the same as the WebLogic Server
credentials that you specified when you created the instance.
5. Start the Administration Server and the first Managed Server.
nmStart('<server>')
nmServerStatus('<server>')
10-20
Chapter 10
Update and Restart the Managed Server Nodes
Example:
nmStart('MyInstan_adminserver')
nmServerStatus('MyInstan_adminserver')
nmStart('MyInstan_server_1')
nmServerStatus('MyInstan_server_1')
6. Exit WLST.
exit()
chmod -R +x /u01/data/otd-instance/
/u01/data/otd-instance/otd_domain/config/fmwconfig/components/OTD/
instances/<lb-instance-name>/bin/startserv
/u01/app/oracle/middleware/oracle_common/common/bin/pack.sh -
domain=/u01/data/domains/<domain> -template_name=managedServerTemplate -
template=/tmp/managed_server_template.jar -managed=true -log=/tmp/
pack.log
10-21
Chapter 10
Perform Post-Upgrade Tasks
4. Upload the template file from the Administration Server node to a Managed Server
node in this service instance.
Example:
ssh myinstance-wls-2
6. Use the unpack command to apply the Managed Server template to the domain
directory on this node.
/u01/app/oracle/middleware/oracle_common/common/bin/unpack.sh -
domain=/u01/data/domains/<domain> -template=/tmp/
managed_server_template.jar -overwrite_domain=true -log=/tmp/unpack.log
14. Click the check box to the left of each server that is not running.
10-22
Chapter 10
Roll Back an Upgrade
For example, see the topics Using the Upgrade Validation Checklist, Verifying the
Domain-Specific-Component Configurations Upgrade, and Reapplying Custom
Configuration Settings to setDomainEnv.
For example:
[
{
"backupStatus": "Available",
"rollbackStatus":"Available",
"additionalNote": "This note is the default note: Applying patch
[wls_upg_12.2.1.3.190115_for_12cRelease212].",
"appliedBy": "weblogic",
"appliedDate":"2019-03-07T19:07:37.246+0000",
"totalTime": "2 min, 11 sec",
"patchId":"wls_upg_12.2.1.3.190115_for_12cRelease212",
"patchDescription": "WebLogic Server 12.2.1.3.0 with PSU Update
12.2.1.3.190115",
"patchReleaseUrl":"https://support.oracle.com/epmos/faces/PatchDetail?
patchId=28710939",
"releaseDate": "2019-01-14T17:40:00.000+0000",
"lastStatus": "COMPLETED",
"lastStatusMessage": "No errors",
"componentPatches": {},
"patchType": "PSU",
"patchCategory": "MajorPatch",
"patchSeverity": "Normal",
"jobId":"108717",
"displayName": "12.2.1.3.190115",
10-23
Chapter 10
Roll Back an Upgrade
"inProgress": false,
"operationType":"None",
"id": 16,
"patchingResult": {
"patchingId": 16,
"versionBeforeThisPatch": "OTD 12.2.1.2.190115,WLS
12.2.1.2.190128,SERVICEVERSION 12cRelease212",
"strategy": "Rolling",
"releaseVersionBeforeThisPatch":
"12.2.1.2.190128",
"customRollbackId": "108717_1551985657246",
"startDate":
"2019-03-07T19:07:37.246+0000",
"endDate": "2019-03-07T19:09:48.411+0000",
"patchingStatus": "COMPLETED","resultMessage":"No errors",
"additionalNote": "This note is the default note:Applying
patch [wls_upg_12.2.1.3.190115_for_12cRelease212].",
"appliedBy":"weblogic",
"jobId": "108717",
"completeLog": "",
"progressMessages": [
"7:07:37.153 PM Phase initialize
started",
"7:07:37.445 PM Phase initialize completed",
"7:07:37.718 PM patching.action.tools.phase_started",
"7:07:37.861 PM
patching.action.tools.phase_completed",
"7:07:38.067 PM Phase backup
started",
"7:07:38.214 PM Phase backup
completed",
"7:07:38.529 PM patching.action.patch-pre-
action.phase_started",
"7:07:38.683 PM patching.action.patch-pre-
action.phase_completed",
"7:07:38.949 PM Phase patch started",
"7:07:31.043 PM PSM-PATCH-60099: Removing any retained old
artifacts",
"7:07:36.767 PM
patching.progress.remove.left.over.binary.completed$jcs/FMW/
12.2.1.3.190115/190115/fmiddleware.zip$pltinstance-wls-1",
"7:07:36.767 PM Retrieving pre-patched binary artifact
[jcs/FMW/12.2.1.3.190115/190115/fmiddleware.zip] on vm [pltinstance-
wls-1]",
"7:07:49.404 PM Retrieved pre-patched binary artifact
[jcs/FMW/12.2.1.3.190115/190115/fmiddleware.zip] on vm [pltinstance-
wls-1]",
"7:07:49.404 PM Unpacking binary [jcs/FMW/
12.2.1.3.190115/190115/fmiddleware.zip] on vm [pltinstance-wls-1]",
"7:08:35.616 PM Unpacked binary [jcs/FMW/
12.2.1.3.190115/190115/fmiddleware.zip] on vm [pltinstance-wls-1]",
"7:08:35.616 PM PSM-PATCH-60099: Removing any retained old
artifacts",
"7:08:36.283 PM
patching.progress.remove.left.over.binary.completed$jcs/JDK/
10-24
Chapter 10
Roll Back an Upgrade
8.0.201/190115/jdk.zip$pltinstance-wls-1",
"7:08:36.283 PM Retrieving pre-patched binary artifact
[jcs/JDK/8.0.201/190115/jdk.zip] on vm [pltinstance-wls-1]",
"7:08:38.250 PM Retrieved pre-patched binary artifact
[jcs/JDK/8.0.201/190115/jdk.zip] on vm [pltinstance-wls-1]",
"7:08:38.250 PM Unpacking binary [jcs/JDK/8.0.201/190115/
jdk.zip] on vm [pltinstance-wls-1]",
"7:08:44.180 PM Unpacked binary [jcs/JDK/8.0.201/190115/
jdk.zip] on vm [pltinstance-wls-1]",
"7:08:44.180 PM Retrieving pre-patched binary artifact
[jcs/lb/12.2.1.2.0/161019/wls_otd.zip] on vm [pltinstance-
wls-1]",
"7:08:44.181 PM Retrieved pre-patched binary artifact
[jcs/lb/12.2.1.2.0/161019/wls_otd.zip] on vm [pltinstance-
wls-1]",
"7:08:44.181 PM Retrieving pre-patched binary artifact
[jcs/JDK/8.0.201/190115/jdk.zip] on vm [pltinstance-wls-1]",
"7:09:46.509 PM Phase patch completed",
"7:09:46.771 PM patching.action.patch-post-
action.phase_started",
"7:09:46.937 PM patching.action.patch-post-
action.phase_completed",
"7:09:48.227 PM Phase finalize started",
"7:09:48.352 PM Completed"
]
},
"rollbackId":"16",
"rollbackVersion":"12.2.1.2.190128",
"currentPatchLevel":"12.2.1.3.190115",
"isUpgrade": true,
"appliedPatchGuiMetadata": {
"supportsPreRollbackCheck": false
}
}
]
3. From the response, find the previously applied upgrade patch, patchId, and then
find the value of rollbackId. In this example, the rollbackId is 16.
4. Use the REST API to roll back the patch.
For example:
10-25
Chapter 10
Roll Back an Upgrade
Example output:
{
"status":"Completed",
"details":{
"message":"PSM-PATCH-50038: Rollback of service from patch
[wls_upg_12.2.1.3.190115_for_12cRelease212] is submitted as an
asynchronous job.",
"jobId":"206236"
}
}
10-26
11
Secure an Oracle Java Cloud Service
Instance
Security in Oracle Java Cloud Service spans many topics, including authentication,
authorization, password management and network security.
Topics
• About Security in Oracle Java Cloud Service
• Use Oracle Identity Cloud Service with Oracle Java Cloud Service
• Configure Network Security
• Authenticate Users
11-1
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
• About Authentication
• About the Default Access Ports
• Create an Access Rule
To learn more about the Java EE and WebLogic Server security architecture see:
• Understanding Security for Oracle WebLogic Server (12.2.1.3)
• Understanding Security for Oracle WebLogic Server (12.2.1.2)
• Understanding Security for Oracle WebLogic Server (12.1.3)
• Understanding Security for Oracle WebLogic Server (11.1.1.7)
To learn more about the security capabilities of an Oracle Coherence data grid see
these topics in Securing Oracle Coherence:
• Securing Oracle Coherence in Oracle WebLogic Server (12.2.1.3)
• Securing Oracle Coherence in Oracle WebLogic Server (12.2.1.2)
• Securing Oracle Coherence in Oracle WebLogic Server (12.1.3)
A series of Tutorials is also available on using Oracle Java Cloud Service with
Oracle Identity Cloud Service.
This figure illustrates a service instance that has been configured to use Oracle
Identity Cloud Service and an Oracle-managed load balancer.
11-2
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
Topics
• About Oracle Identity Cloud Service
• Manage Service Administrators
• Create a Service Instance with Oracle Identity Cloud Service
• Manage WebLogic Server Administrators
• Configure Protected Application Contexts for a New Service Instance
• Update Protected Application Contexts on an Existing Service Instance
• Secure an Application Using Deployment Descriptors
11-3
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
In Oracle Cloud Infrastructure Classic regions, you can also assign users and groups
to these related roles:
• Compute_Operations — Create Oracle Java Cloud Service instances on Oracle
Cloud Infrastructure Classic regions.
• DBaaS_Administrator (optional) — Create and manage Oracle Database Cloud
Service deployments.
• Storage_ReadWriteGroup (optional) — Enable backups for an Oracle Java Cloud
Service instance, and store the backups in an existing Oracle Cloud Infrastructure
Object Storage Classic container.
• Storage_Administrator (optional) — Create Oracle Cloud Infrastructure Object
Storage Classic containers to use as backup storage locations for Oracle Java
Cloud Service instances.
See these topics in Administering Oracle Identity Cloud Service:
• Creating User Accounts
• Creating Groups
• Assigning Users to Oracle Applications
• Assigning Groups to Oracle Applications
To create and manage resources in Oracle Cloud Infrastructure regions like databases
and storage, administrators define policies that grant privileges to users and groups.
See Securing IAM in the Oracle Cloud Infrastructure documentation.
11-4
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
application for a service instance is created in the primary identity domain in Oracle
Identity Cloud Service.
One way to create an Oracle Java Cloud Service instance is to clone an existing
service instance. However, you cannot clone a service instance if authentication with
Oracle Identity Cloud Service is enabled for the service instance.
Oracle Java Cloud Service automatically provisions an Oracle-managed load balancer
for service instances that use Oracle Identity Cloud Service. For instances created in
Oracle Cloud Infrastructure regions, you cannot modify the default load balancer
configuration.
11-5
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
When you create a service instance by using the REST API or CLI, you can specify
additional URL patterns that require authentication. See Create a Service Instance in
REST API for Oracle Java Cloud Service. In the request body, use
protectedRootContexts to specify one or more URL patterns. Begin each pattern with
the / character, use the * character as a wildcard, and separate multiple patterns with
a comma.
For example, suppose your existing Java applications are configured to use the
context roots store and marketplace. To protect all resources in the marketplace
application, and also those resources in /store/cart, use the following URI patterns
when creating your service instance:
...
"useIdentityService": "true",
"protectedRootContexts": "/store/cart/*,/marketplace/*"
If you create an Oracle Java Cloud Service instance with multiple WebLogic Server
clusters, each cluster is assigned a path prefix. Java applications are deployed to a
specific cluster, and clients must access the applications by using the cluster’s path
prefix:
https://lb_host/cluster_path_prefix/path
By default, the path prefix for a cluster is the cluster’s name. One cluster in your
service instance can be assigned the path prefix /.
When you create a service instance with multiple clusters, be sure to include the path
prefix in the URI patterns for protectedRootContexts. For example:
"protectedRootContexts": "/cluster1/store/cart/*,/cluster2/marketplace/*"
11-6
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
For example, to protect all resources in the marketplace application, and also those
resources in /store/cart, use the following regular expressions in the REST API
request body:
...
"resourceFilters":[
{
"type":"regex",
"filter":"/marketplace/.*",
"method":"oauth"
},
{
"type":"regex",
"filter":"/store/cart/.*",
"method":"oauth"
},
...
11-7
Chapter 11
Use Oracle Identity Cloud Service with Oracle Java Cloud Service
<context-root>/__protected/store</context-root>
If you created a service instance with multiple WebLogic Server clusters, you must
specify the path prefix of the cluster to which the application is targeted. For
example:
<context-root>/cluster1/__protected/store</context-root>
<security-role>
<role-name>HRAdmin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>HRAdmin</role-name>
</auth-constraint>
</security-constraint>
<security-role-assigment>
<role-name>HRAdmin</role-name>
<principal-name>HRManagersGroup</principal-name>
</security-role-assigment>
5. Redeploy your application for these changes to take effect. For example, use the
WebLogic Server Administration Console.
For more information on configuring web application security, see these topics in
Developing Applications with the WebLogic Security Service:
• Securing Web Applications (12.2.1.3)
11-8
Chapter 11
Configure Network Security
Topics
• About the Default Access Ports
• Create an Access Rule
• Enable or Disable an Access Rule
• Delete an Access Rule
• Enable Console Access for a Service Instance
• Enable HTTP Access to a Service Instance
• Enable Communication Between Service Instances
• Enable Communication Between a Compute Instance and a Service Instance
• Configure SSL for a Service Instance
Topics
• Ports Open to Traffic from Outside the Oracle Cloud Network
• Ports Open to Traffic from Within the Oracle Cloud Network
• Administration Server Deployment Port
11-9
Chapter 11
Configure Network Security
If they are not assigned public IP addresses, then these ports are accessible only from
within your private IP network, or from your on-premises data center over a VPN
network.
11-10
Chapter 11
Configure Network Security
– If a load balancer is not present and the service instance contains more than
one Managed Server, the default ports are 8001 for HTTP and 8002 for
HTTPS.
– If a load balancer is not present and the service instance contains only one
Managed Server, the default ports are 80 for HTTP and 443 for HTTPS.
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
To control network access to the nodes in your Oracle Java Cloud Service instance,
you can define access rules.
If you provisioned this service instance in an Oracle Cloud Infrastructure region,
instead you must use the Oracle Cloud Infrastructure Console to create security lists
instead of access rules. See Security Lists in the Oracle Cloud Infrastructure Services
documentation.
For example, you can create rules that:
• Enable an Oracle Database node to access a specific port on your WebLogic
Server nodes
• Enable public internet access to a specific port on the WebLogic Administration
Server node
11-11
Chapter 11
Configure Network Security
Oracle Java Cloud Service creates several default rules on a new service instance,
such as public access to the WebLogic Administration Server node on port 22 for
Secure Shell (SSH). Some of these are system rules, which cannot be disabled.
Access to the WebLogic Administration Console, Fusion Middleware Control Console,
and Load Balancer Console is disabled by default on a new service instance. To use
these consoles, you must enable the corresponding access rules.
Caution:
Make sure you consider the possible security implications before you open
ports to external access.
Prior to creating an access rule, ensure that the destination node is configured to listen
on the chosen ports. For example, on nodes running Oracle WebLogic Server you can
configure network channels to control the listen ports for your Administration Server
and Managed Servers. Refer to these topics in Administering Server Environments for
Oracle WebLogic Server:
• Configuring Network Resources (12.2.1.3)
• Configuring Network Resources (12.1.3)
• Configuring Network Resources (11.1.1.7)
To create an access rule for a service instance:
1. Access your service console.
2. Beside the service that you want to modify, click Manage this instance , and
then select Manage Access Rules.
3. On the Access Rules page, click Create Rule.
4. In the Rule Name field, enter a name for the access rule.
5. Optional: In the Description field, enter a description for the access rule.
6. In the Source field, select a source for the rule. The available source options
depend on the topology of your service instance, and may include:
• PUBLIC-INTERNET: Any host on the internet
• WLS_ADMIN: The WebLogic Administration Server node
• WLS_ADMIN_HOST: The WebLogic Administration Server node
• WLS_MS: All WebLogic Managed Server nodes
• OTD_ADMIN_HOST: The Oracle Traffic Director (OTD) Administration Server
node
• OTD_OTD_SERVER: All Oracle Traffic Director (OTD) Managed Server
nodes
• DBaaS:Name:DB: The database service named Name
• <custom> : A custom list of addresses from which traffic should be allowed. In
the field that appears below this one, enter a comma-separated list of the
subnets (in CIDR format, such as 192.0.2.11/24) or IPv4 addresses for which
you want to permit access.
11-12
Chapter 11
Configure Network Security
Note:
The first node in your service instance runs an Administration Server and
a Managed Server.
7. In the Destination field, select the destination node within this service instance.
The available source options depend on the topology of your service instance, and
may include:
• WLS_ADMIN: The WebLogic Administration Server node
• WLS_ADMIN_HOST: The WebLogic Administration Server node
• WLS_MS: All WebLogic Server nodes
• OTD_ADMIN_HOST: The Oracle Traffic Director (OTD) Administration Server
node
• OTD_OTD_SERVER: All Oracle Traffic Director (OTD) Managed Server
nodes
8. In the Destination Port(s) field, enter the port or range of ports through which the
source will be granted access to the destination.
9. In the Protocol field, select the TCP or UDP transport for this rule.
10. Click Create.
To return to either the Instances page or the Overview page for the selected service
instance, click the locator links at the top of the page.
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
You can dynamically enable or disable existing access rules for an Oracle Java Cloud
Service instance.
Access rules control the network access to the nodes in your service instance, and to
external access from the internet. When a service instance is provisioned, Java Cloud
Service defines several default access rules. You can enable or disable these rules to
control access to specific port numbers on specific nodes. Make sure you consider the
possible security implications before you open ports to external access.
1. Access your service console.
2. Beside the service that you want to modify, click Manage this instance , and
then select Manage Access Rules.
3. On the Access Rules page, beside the rule, click Actions , and then select
Enable or Disable.
You can enable or disable USER and DEFAULT type rules. You cannot disable
SYSTEM type rules.
4. When prompted for confirmation, click Enable or Disable.
11-13
Chapter 11
Configure Network Security
To return to either the Instances page or the Overview page for the selected service
instance, click the locator links at the top of the page.
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
You can delete an access rule for an Oracle Java Cloud Service instance.
Access rules control the network access to the nodes in your service instance, and to
external access from the internet. Deleting a rule disables access to specific port
numbers on specific nodes.
You can delete only user-created access rules. You cannot delete system-generated
access rules.
You cannot modify the configuration of an existing access rule. You must delete the
rule and recreate it.
1. Access your service console.
2. Beside the service that you want to modify, click Manage this instance , and
then select Manage Access Rules.
3. On the Access Rules page, beside the rule, click Actions , and then select
Delete.
You can delete USER type rules. You cannot delete SYSTEM or DEFAULT type rules.
4. When prompted for confirmation, click Delete.
To return to either the Instances page or the Overview page for the selected service
instance, click the locator links at the top of the page.
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
You can access a Oracle Java Cloud Service instance through the Weblogic Server
Administration Console, the Load Balancer Console or Fusion Middleware Control. By
default, access to the administration consoles is disabled for security purposes.
If you provisioned this service instance in an Oracle Cloud Infrastructure region, this
procedure is not necessary. Access to the administration consoles is enabled by
default in these regions.
1. Access the Oracle Java Cloud Service console.
2. Beside the service that you want to modify, click Manage this instance , and
then select Access Rules.
11-14
Chapter 11
Configure Network Security
Note:
This procedure applies only to service instances that include a user-
managed load balancer (Oracle Traffic Director). It does not apply to service
instances that have an Oracle-managed load balancer (Oracle Cloud
Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing
Classic).
If there is no load balancer in your service instance, you must instead create
an HTTP network channel on all Managed Servers in your Oracle WebLogic
Server domain. Refer to these topics in Administering Server Environments
for Oracle WebLogic Server:
• Configuring Network Resources (12.2.1.3)
• Configuring Network Resources (12.1.3)
• Configuring Network Resources (11.1.1.7)
By default the load balancer in your service instance listens for HTTP traffic on port
8080. However, the load balancer node automatically redirects incoming traffic on port
80 to port 8080.
Tasks:
• Enable the HTTP Port on Oracle Traffic Director
• Create an Access Rule for the Oracle Traffic Director HTTP Port
11-15
Chapter 11
Configure Network Security
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. Navigate to the Listeners in this configuration:
• If your service instance is running Oracle Traffic Director 12c, click Traffic
Director Configuration and select Administration > Listeners.
• If your service instance is running Oracle Traffic Director 11g, click Listeners
in the navigation pane.
6. Click http-listener-1.
7. Select the Enabled checkbox.
8. Activate your changes:
• If your service instance is running Oracle Traffic Director 12c, click Apply.
• If your service instance is running Oracle Traffic Director 11g, click Deploy
Changes.
Create an Access Rule for the Oracle Traffic Director HTTP Port
You must create an access rule to allow public access to the load balancer (Oracle
Traffic Director) through the HTTP port.
If you provisioned this service instance in an Oracle Cloud Infrastructure region, you
must create security lists instead of access rules. See Security Lists in the Oracle
Cloud Infrastructure documentation.
1. Access the Oracle Java Cloud Service console.
2. Click the Menu icon adjacent to the service instance name and select Access
Rules.
The Access Rules page is displayed, showing the list of all access rules.
3. Click Create Rule.
The Create Access Rule dialog is displayed.
4. Specify a unique name for the access rule.
11-16
Chapter 11
Configure Network Security
The name must begin with a letter, and can contain numbers, hyphens, or
underscores. The length cannot exceed 50 characters. You cannot use prefixes
ora_ or sys_.
5. Enter Permit public http to OTD server for the description.
6. Select PUBLIC-INTERNET for the source.
7. Select OTD for the destination.
8. Enter 80 as the port and accept the default protocol (TCP).
9. Click Create.
10. Refresh the page periodically. The access rule will appear on the Access Rules
table after it is created.
You can now access your application by using the default HTTP port:
http://<IP_of_load_balancer>/<context_root>
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
The default access rules in an Oracle Java Cloud Service instance only permit
communication between Managed Server nodes and the database, and between
Managed Server nodes and the load balancer (if enabled). Use custom access rules to
enable communication between the Managed Servers of different service instances.
If you provisioned this service instance in an Oracle Cloud Infrastructure region,
instead you must use the Oracle Cloud Infrastructure Console to create security lists
instead of access rules. See Security Lists in the Oracle Cloud Infrastructure Services
documentation.
The architecture of a business application may span multiple tiers, where each
application tier is a separate Oracle Java Cloud Service instance. Similarly, certain
integration features of Oracle WebLogic Server enable applications to easily
communicate across multiple domains, such as Foreign JNDI Providers and Foreign
JMS Servers. In these scenarios, you must use access rules to explicitly permit
network communication between service instances.
You must identify the host names of the nodes in your first service instance. The host
names typically use the format domainName-wls-number.
For example, if your domain name is myjcs1 and this domain consists of 3 nodes, the
host names would typically be:
• myjcs1–wls-1
• myjcs1–wls-2
• myjcs1–wls-3
You can also identify these host names using the Instance Overview page in the
Oracle Java Cloud Service Console. Locate the Host Name property of each node.
Before you begin, use a secure shell (SSH) client to connect to the Administration
Server node of the first service instance.
11-17
Chapter 11
Configure Network Security
1. From your SSH session on the Administration Server node, use the nslookup
command to identify the corresponding private IP address of each host name.
For example:
nslookup myjcs1-wls-2
Name: myjcs1-wls-2.compute-myaccount.oraclecloud.internal
Address: 203.0.113.13
3. Beside your second service instance, click Manage this instance , and then
select Access Rules.
4. On the Access Rules page, click Create Rule.
5. Enter a Rule Name, such as myjcs1–to-myjcs2.
6. For Source, select <custom>. Enter the private IP addresses for the first service
instance as a comma-separated list.
For example: 203.0.113.13,203.0.113.14,203.0.113.15
You can also specify multiple IP addresses in CIDR format, such as
203.0.113.1/24.
7. For Destination, select WLS_MS
8. For Destination Port(s), enter 8001.
Note:
If you configured your Managed Servers to listen on additional ports, you
can specify them as a comma-separated list such as 8001,9001.
To return to either the Instances page or the Overview page for the selected service
instance, click the locator links at the top of the page.
If you restart a node in the first service instance, the private IP address of the node
might change. In order to keep communication open between the restarted node and
the second service instance, take one of the following actions:
• (Not available on Oracle Cloud at Customer) If your service instance is attached to
an IP network, use the REST API to restart the node and assign the same private
IP address. See Stop and Start a Service Instance and Individual VMs in REST
API for Oracle Java Cloud Service.
• Create a new access rule with the latest private IP address.
11-18
Chapter 11
Configure Network Security
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
The default access rules in an Oracle Java Cloud Service instance only permit
communication between Managed Server nodes and the database, and between
Managed Server nodes and the load balancer (if enabled). Use custom access rules to
enable communication between an Oracle Cloud Infrastructure Compute Classic
instance and your Managed Servers.
If you provisioned the service instance in an Oracle Cloud Infrastructure region,
instead you must use the Oracle Cloud Infrastructure Console to create security lists
instead of access rules. See Security Lists in the Oracle Cloud Infrastructure Services
documentation.
If the compute instance is not on the shared network, and the compute instance and
the Oracle Java Cloud Service instance were created on different IP networks, then
you must also connect the two IP networks to the same IP network exchange.
1. Access the Oracle Cloud Infrastructure Compute Classic console.
2. From the Instances page, identify the IP address of the compute instance that will
communicate with your Oracle Java Cloud Service instance.
• If your Oracle Java Cloud Service instance was created with public IP
addresses, then use the public IP address of the compute instance.
• If your Oracle Java Cloud Service instance was created without public IP
addresses, then use the private IP address of the compute instance.
• If your compute instance and Oracle Java Cloud Service instance are using
custom IP networks, then be sure to use the IP address for the appropriate
network.
3. Access the Oracle Java Cloud Service Console.
4. Beside your service instance, click Manage this instance , and then select
Access Rules.
5. On the Access Rules page, click Create Rule.
6. Enter a Rule Name, such as compute1–to-myjcs1.
7. For Source, select <custom>. Enter the IP address of the compute instance.
Note:
You can specify the IP addresses of multiple compute instances as a
comma-separated list (203.0.113.13,203.0.113.14,203.0.113.15), or
using CIDR format (203.0.113.1/24).
11-19
Chapter 11
Configure Network Security
Note:
If you configured your Managed Servers to listen on additional ports, you
can specify them as a comma-separated list such as 8001,9001.
To return to either the Instances page or the Overview page for the selected service
instance, click the locator links at the top of the page.
Topics:
• About SSL in Oracle Java Cloud Service
• Configure SSL for Oracle Traffic Director
• Configure SSL for WebLogic Server
• Configure SSL for Oracle Cloud Infrastructure Load Balancing
11-20
Chapter 11
Configure Network Security
This information is found in a Certificate Signing Request (CSR) file. Your CA vendor
uses the CSR to validate the domain and then provides you with a valid SSL
certificate, typically via email. For more information about submitting the CSR, refer to
your CA vendor documentation.
Tasks:
• Create a Self-Signed SSL Certificate in Oracle Traffic Director
• Import a CA-Issued SSL Certificate to Oracle Traffic Director
• Associate the SSL Certificate with Oracle Traffic Director
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. If your service instance is running Oracle Traffic Director 12c, perform these steps
to create a self-signed certificate:
a. Click Traffic Director Configuration and select Security > Manage
Certificates.
11-21
Chapter 11
Configure Network Security
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. If your service instance is running Oracle Traffic Director 12c, perform these steps
to generate a CSR:
a. Click Traffic Director Configuration and select Security > Manage
Certificates.
b. Click Generate Keypair.
c. Enter an Alias for the new certificate.
d. Set the Common Name to your custom domain name. For example,
example.com.
11-22
Chapter 11
Configure Network Security
11-23
Chapter 11
Configure Network Security
2. Click for the desired service instance and select Open Load Balancer
Console.
3. Log in to console using the credentials defined when provisioning your service
instance.
If you created your service instance using the Oracle Java Cloud Service console,
the user name and password default to the Oracle WebLogic Server
Administration Console user name and password.
4. Access the load balancer configuration (for example, opc-config):
• If your service instance is running Oracle Traffic Director 12c, click the
Target Navigation icon. Expand the Traffic Director folder and click the name
of the Traffic Director configuration.
• If your service instance is running Oracle Traffic Director 11g, click
Configurations and then click the name of the Traffic Director configuration.
5. Navigate to the Listeners in this configuration:
• If your service instance is running Oracle Traffic Director 12c, click Traffic
Director Configuration and select Administration > Listeners.
• If your service instance is running Oracle Traffic Director 11g, click Listeners
in the navigation pane.
6. Click https-listener-1.
7. In the SSL/TLS Settings section select your new certificate in the RSA
Certificate field.
8. Activate your changes:
• If your service instance is running Oracle Traffic Director 12c, click OK.
• If your service instance is running Oracle Traffic Director 11g, click Deploy
Changes.
9. Repeat from step 3 to update the certificate of any additional HTTPS listeners in
this configuration.
Alternatively, you can configure SSL/TLS Settings for an entire Virtual Server in
the load balancer configuration.
10. Restart the load balancer node(s) in your service instance for the change to take
effect.
a. Return to the Oracle Java Cloud Service console.
11-24
Chapter 11
Configure Network Security
b. Beside the load balancer node, click Manage this node , and then select
Restart.
c. When prompted for confirmation, click OK.
For more information about the SSL settings of the load balancer, see:
• Configuring SSL/TLS Between Oracle Traffic Director and Clients in Administering
Oracle Traffic Director (12.2.1)
• Configuring SSL/TLS Between Oracle Traffic Director and Clients in Oracle Traffic
Director Administrator's Guide (11.1.1.7)
Note:
Oracle recommends that you back up your service instance prior to updating
the SSL configuration. If the SSL configuration fails, you will be able to
restore the service instance to a known working state.
Tasks:
• Create Keystores and Certificates for WebLogic Server
• Add the Oracle Identity Cloud Service Certificate to the Trust Keystore
• Associate Keystores and SSL Certificate with WebLogic Server
• Configure Node Manager to Use the SSL Certificate
• Configure SSL for New Servers After Scaling Out
11-25
Chapter 11
Configure Network Security
1. Connect to the Administration Server node in your service instance with a secure
shell (SSH) client, and then switch to the oracle user.
sudo su - oracle
cd /u01/data
mkdir keystores
cd keystores
Caution:
Do not place your keystore and certificate files in the Middleware Home
(MIDDLEWARE_HOME) or Java Home (JAVA_HOME) directories. Any
modifications you make to these locations might be lost when you apply
a patch.
Caution:
Do not place your keystore and certificate files in the Domain Home
(DOMAIN_HOME) or /u01/data/domains directories because they are
included in backups. A restore operation might include an expired
certificate and result in errors during a server restart.
3. Use the keytool command to create a new identity keystore file, and to add a self-
signed certificate to the keystore named server_cert.
For example:
Note that The X.500 Distinguished Name, which consists of the WebLogic Server
host and DNS domain name, is example.com.
4. When prompted, enter a password for the keystore.
5. When prompted, enter a password for the private key, server_cert, or press
Enter to use the same password as the keystore.
6. If you are using a self-signed certificate to configure SSL, then create a custom
trust keystore file.
11-26
Chapter 11
Configure Network Security
For example:
For example:
b. When prompted, enter the password for the keystore and the private key.
c. Submit the CSR to a Certificate Authority of your choice in order to obtain a
trusted certificate.
d. Import the CA-issued certificate into the identity keystore.
8. Copy the keystore files to all the other nodes in your service instance.
For example:
ssh myinstance-wls-2
mkdir /u01/data/keystores
scp myinstance-wls-1:/u01/data/keystores/identity.jks /u01/data/
keystores
scp myinstance-wls-1:/u01/data/keystores/trust.jks /u01/data/keystores
11-27
Chapter 11
Configure Network Security
Add the Oracle Identity Cloud Service Certificate to the Trust Keystore
If your Oracle Java Cloud Service instance is configured to use Oracle Identity Cloud
Service for authentication, you must add the Oracle Identity Cloud Service certificate
to your custom trust keystore.
1. Access the Oracle Java Cloud Service console.
2. Click Manage this service for your service instance, and then select Open
Fusion Middleware Control Console.
3. Click WebLogic Domain, select Security, and then select Keystore.
4. Expand the system folder.
5. Click trust, and then click Manage.
6. Click idcs_root_ca, and then click Export.
7. Click Export Certificate, and then click Close.
8. SSH to the Administration Server node and switch to the oracle user.
sudo su - oracle
For example:
14. Copy the updated trust keystore file to all the other nodes in your service instance.
For example:
ssh myinstance-wls-2
scp myinstance-wls-1:/u01/data/keystores/trust.jks /u01/data/keystores
11-28
Chapter 11
Configure Network Security
11-29
Chapter 11
Configure Network Security
c. Click Save.
11. Under Change Center, click Activate Changes.
14. Repeat from step 6 to update each server in your domain for which you want to
configure SSL.
For more information, refer to Overview of Configuring SSL in one of the following
publications:
• Administering Security for Oracle WebLogic Server (12.2.1)
• Administering Security for Oracle WebLogic Server (12.1.3)
sudo su - oracle
2. Edit the nodemanager.properties file located under your Domain Home directory.
vi $DOMAIN_HOME/nodemanager/nodemanager.properties
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=path_to_identity_keystore
CustomIdentityKeyStorePassPhrase=keystore_password
CustomIdentityPrivateKeyPassPhrase=server_cert_password
CustomIdentityAlias=server_cert
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=path_to_trust_keystore
CustomTrustKeyStorePassPhrase=keystore_password
For example:
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/u01/data/keystores/identity.jks
CustomIdentityKeyStorePassPhrase=keystore_password
CustomIdentityPrivateKeyPassPhrase=server_cert_password
CustomIdentityAlias=server_cert
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/u01/data/keystores/trust.jks
CustomTrustKeyStorePassPhrase=keystore_password
11-30
Chapter 11
Configure Network Security
$MIDDLEWARE_HOME/oracle_common/common/bin/wlst.sh
connect('admin_user','password','t3://admin_server_host:9071')
For example:
connect('weblogic','password','t3://myinstance-wls-1:9071')
nmGenBootStartupProps('server_name')
Both the Administration Server and the first Managed Server run on the first
node in your service instance. For example:
nmGenBootStartupProps('myinstance_adminserver')
nmGenBootStartupProps('myinstance_server_1')
d. Exit WLST.
exit()
5. Edit the setDomainEnv.sh file located under your Domain Home directory.
vi $DOMAIN_HOME/bin/setDomainEnv.sh
export WLST_PROPERTIES="${WLST_PROPERTIES} -
Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -
Dweblogic.security.SSL.ignoreHostnameVerification=true -
Dweblogic.security.TrustKeyStore=CustomTrust -
Dweblogic.security.CustomTrustKeyStoreFileName=path_to_trust_keystore -
Dweblogic.security.CustomTrustKeyStoreType=JKS"
For example:
export WLST_PROPERTIES="${WLST_PROPERTIES} -
Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -
Dweblogic.security.SSL.ignoreHostnameVerification=true -
Dweblogic.security.TrustKeyStore=CustomTrust -
Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/keystores/
trust.jks -Dweblogic.security.CustomTrustKeyStoreType=JKS"
11-31
Chapter 11
Configure Network Security
9. If your service instance is running WebLogic Server 12c, then run the following
commands to restart the Node Manager.
./stopNodeManager.sh
./startNodeManager.sh &
10. If your service instance is running WebLogic Server 11g, then perform the
following steps to restart the Node Manager.
a. Identity the process ID for the Node Manager.
kill -9 process_id
export JAVA_OPTIONS="${JAVA_OPTIONS} -
Dweblogic.ssl.JSSEEnabled=true -
Dweblogic.security.SSL.enableJSSE=true"
$MIDDLEWARE_HOME/wlserver_10.3/server/bin/startNodeManager.sh &
$MIDDLEWARE_HOME/oracle_common/common/bin/wlst.sh
nmConnect(username="weblogic", password="password",
domainName="domain_name", domainDir="/u01/data/domains/
domain_name", nmType="ssl", host="host_name", port="5556",
verbose="false")
For example:
nmConnect(username="weblogic", password="password",
domainName="myinstance_domain", domainDir="/u01/data/domains/
myinstance_domain", nmType="ssl", host="myinstance-wls-1",
port="5556", verbose="false")
nmKill('server_name')
nmStart('server_name')
nmServerStatus('server_name')
11-32
Chapter 11
Configure Network Security
Both the Administration Server and the first Managed Server run on the first
node in your service instance. For example:
nmKill('myinstance_server_1')
nmKill('myinstance_adminserver')
nmStart('myinstance_adminserver')
nmServerStatus('myinstance_adminserver')
nmStart('myinstance_server_1')
nmServerStatus('myinstance_server_1')
d. Exit WLST.
exit()
12. Repeat from step 1 for any other nodes in your service instance for which you
want to configure SSL.
11-33
Chapter 11
Authenticate Users
Authenticate Users
Oracle Java Cloud Service is comprised of multiple components, each with its own
identity stores, authentication options and administrative tools.
Topics
• About Users
• About Authentication
• Manage Passwords
• Relocate Oracle Java Cloud Service to a Different Identity Domain
About Users
There are multiple types of users associated with Oracle Java Cloud Service. Each
has its own purpose and is found in a specific identity store.
Topics
• Cloud Users and Service Administrators
• WebLogic Server Administrators
• Application Users
• Database Users
• Load Balancer Administrators
• Operating System Users
Only Oracle Cloud users with this role can create and manage Oracle Java Cloud
Service instances with either the console, CLI or REST API. Users in your account
who have the Identity Domain Administrator role can create additional cloud users
and grant them the Java Administrator role. Similar roles exist for the other services
available in Oracle Cloud. See Add Users, Assign Policies and Roles in Getting
Started with Oracle Cloud.
Oracle Identity Cloud Service provides a secure, centralized cloud service to manage
the relationships that your users have with your applications, including with other
Oracle Cloud services like Oracle Java Cloud Service. With Oracle Identity Cloud
Service you can create custom password policies and email notifications, onboard new
users, assign users and groups to applications, and run security reports. See Use
Oracle Identity Cloud Service with Oracle Java Cloud Service.
Oracle Java Cloud Service can optionally store backups of service instances in cloud
storage (either Oracle Cloud Infrastructure Object Storage or Oracle Cloud
Infrastructure Object Storage Classic). Configuring a service instance for backups
includes specifying the credentials for an Oracle Cloud user who has read/write
11-34
Chapter 11
Authenticate Users
access to cloud storage. See About Backup and Restoration in Oracle Java Cloud
Service.
Application Users
Java applications deployed to the WebLogic Server domain in your Oracle Java Cloud
Service instance can have security policies that protect the applications against
unauthorized access.
WebLogic Server supports various security providers that assign an identity to the
requesting user or software entity. For example, WebLogic Server can determine the
identity of an application user by validating a user name and password. By default, the
domain in an Oracle Java Cloud Service instance is configured to use the embedded
LDAP identity store for both WebLogic administrators and application users. You can
use standard WebLogic tools like the WebLogic Server Administration Console to
manage users, groups, roles and policies in the embedded LDAP.
If your cloud account includes Oracle Identity Cloud Service, Oracle Java Cloud
Service can provision your service instance so that WebLogic Server uses Oracle
11-35
Chapter 11
Authenticate Users
Identity Cloud Service for authentication in addition to the default embedded LDAP. As
a result, users that access your Java applications are authenticated against the users,
groups, roles and policies defined in Oracle Identity Cloud Service. See Use Oracle
Identity Cloud Service with Oracle Java Cloud Service.
If this security configuration does not meet your requirements, you can modify the
default security realm or create a new one with any combination of WebLogic and
custom security providers. For large production applications, Oracle recommends that
you use a proper identity management system such as Oracle Identity Cloud Service
instead of the embedded LDAP.
Database Users
An Oracle Java Cloud Service instance requires access to at least one Oracle
Database.
Oracle Java Cloud Service provisions your chosen database with the Oracle Fusion
Middleware (FMW) schema and also connects the WebLogic Server domain in your
service instance to this database. When you create a service instance you provide
appropriate credentials to access and update this FMW database.
You can also connect your service instance to additional relational databases by using
standard WebLogic tools like the WebLogic Server Administration Console. Just as
with the FMW database, you must provide the necessary credentials to connect to
these application databases.
If your database is running Oracle Database 12c, users can be scoped to the
container database (CDB) or a pluggable database (PDB). To connect to a specific
PDB from WebLogic Server, be sure to specify user credentials in the target PDB and
not the CDB.
To learn more about database connectivity in WebLogic Server see:
• Administering JDBC Data Sources for Oracle WebLogic Server (12.2.1.3)
• Administering JDBC Data Sources for Oracle WebLogic Server (12.1.3)
• Configuring and Managing JDBC Data Sources for Oracle WebLogic Server
(11.1.1.7)
A component of your WebLogic Server domain is Oracle Platform Security Services
(OPSS), which requires a connection to your service instance’s FMW database. The
credentials for this database connection are stored in a separate file named jps-
config.xml.
11-36
Chapter 11
Authenticate Users
About Authentication
Get an overview of the different ways in which you can determine the identity of a user
or system that is accessing an application running in Oracle Java Cloud Service.
Clients can authenticate against an external LDAP or database, or their identities can
be validated with different token technologies like SAML.
By default, cloud users and application users are managed by different security
frameworks and are located in different identity stores. Consequently, these users
support different authentication options.
Single Sign-On (SSO) is the ability for a user to authenticate once and then gain
access to many different application components, even though these components may
have their own authentication schemes. SSO enables users to login securely to all
their applications, web sites and mainframe sessions with just one identity.
Topics
• Cloud Authentication
• WebLogic Server Authentication
Cloud Authentication
In order to create and manage cloud services such as Oracle Java Cloud Service
instances, service administrators in Oracle Cloud are authenticated against a specific
identity domain and with a username and password.
If your Oracle Cloud account includes Oracle Identity Cloud Service, then service
administrators are authenticated against its identity store. See Add Users, Assign
Policies and Roles in Getting Started with Oracle Cloud.
11-37
Chapter 11
Authenticate Users
Authentication Description
Option
Embedded LDAP Each user’s credentials and group memberships are maintained in a
(default) Lightweight Directory Access Protocol (LDAP) server that is hosted in
the domain’s Administration Server and replicated to all Managed
Servers in the domain. Oracle does not recommend using the
embedded LDAP for large production applications.
See:
• Managing the Embedded LDAP Server in Administering Security
for Oracle WebLogic Server (12.2.1.3)
• Managing the Embedded LDAP Server in Administering Security
for Oracle WebLogic Server (12.1.3)
• Managing the Embedded LDAP Server in Securing Oracle
WebLogic Server (11.1.1.7)
Oracle Identity Cloud If your cloud account includes Oracle Identity Cloud Service, Oracle
Service Java Cloud Service can provision your service instance so that
WebLogic Server is configured to use Oracle Identity Cloud Service for
authentication. As a result, when users access your Java applications
or tools like the Administration Console they are authenticated against
the users, groups, roles and policies defined in Oracle Identity Cloud
Service. See Use Oracle Identity Cloud Service with Oracle Java
Cloud Service.
External LDAP WebLogic Server includes authentication providers that are compatible
with Oracle Internet Directory, Microsoft Active Directory, iPlanet,
Open LDAP or any other LDAP-compliant server. These providers
differ primarily in how they are configured by default to match typical
directory schemas for their corresponding LDAP server.
If this LDAP server is hosted outside of the nodes in your Oracle Java
Cloud Service instance, you may need to enable network
communication between your nodes and the LDAP server. See Create
an Access Rule.
See:
• Configuring LDAP Authentication Providers in Administering
Security for Oracle WebLogic Server (12.2.1.3)
• Configuring LDAP Authentication Providers in Administering
Security for Oracle WebLogic Server (12.1.3)
• Configuring LDAP Authentication Providers in Securing Oracle
WebLogic Server (11.1.1.7)
11-38
Chapter 11
Authenticate Users
Authentication Description
Option
Relational Database WebLogic Server includes authentication providers that use a
relational database as a data store for users, passwords and groups.
These providers are configured by default with a typical SQL database
schema to support these entities, but you can also customize this
default configuration to match your database's existing schema.
In order to use the database authentication providers you must create
a data source in the domain to establish connectivity to the database.
If you selected this database when you created your Oracle Java
Cloud Service instance, a data source already exists. If this database
is hosted outside of the nodes in your Oracle Java Cloud Service
instance, you may need to enable network communication between
your nodes and the database. See Create an Access Rule.
See:
• Configuring RDBMS Authentication Providers in Administering
Security for Oracle WebLogic Server (12.2.1.3)
• Configuring RDBMS Authentication Providers in Administering
Security for Oracle WebLogic Server (12.1.3)
• Configuring RDBMS Authentication Providers in Securing Oracle
WebLogic Server (11.1.1.7)
Tutorial
SAML In perimeter authentication, a system outside of WebLogic Server
establishes trust through tokens. WebLogic Server can generate and
consume Security Assertion Markup Language (SAML) tokens
(assertions), and supports both SAML 1.1 and SAML 2.0.
See:
• Configuring Identity Assertion Providers and Configuring Single
Sign-On with Web Browsers and HTTP Clients Using SAML in
Administering Security for Oracle WebLogic Server (12.2.1.3)
• Configuring Identity Assertion Providers and Configuring Single
Sign-On with Web Browsers and HTTP Clients Using SAML in
Administering Security for Oracle WebLogic Server (12.1.3)
• Configuring Identity Assertion Providers and Configuring Single
Sign-On with Web Browsers and HTTP Clients Using SAML in
Securing Oracle WebLogic Server (11.1.1.7)
Manage Passwords
You may need to update the various credentials used to run an Oracle Java Cloud
Service instance in order to meet Oracle security policies, corporate security policies
or government regulations, or in response to a perceived security threat.
The specific tools and procedures you use to modify passwords depends on the type
of user and where it is stored in the environment. In addition, there are consequences
to changing certain system users because other resources in the environment use
these credentials as well.
For general information about users in Oracle Java Cloud Service, see About Users.
Topics
• Cloud User Password
• WebLogic Server Administrator Password
11-39
Chapter 11
Authenticate Users
11-40
Chapter 11
Authenticate Users
• Managing Server Startup and Shutdown for Oracle WebLogic Server (11.1.1.7)
For information on using SSH to access Oracle Java Cloud Service nodes, see
Access a Node with a Secure Shell (SSH).
Database Password
The Oracle WebLogic Server domain in an Oracle Java Cloud Service instance is
automatically configured with several JDBC data sources. Each data source connects
to a database in Oracle Cloud. You specify the database name and credentials for
these data sources when you create the service instance.
The Infrastructure Schema Database in a service instance is provisioned with the
required Oracle Fusion Middleware schema. To change the password for this
database schema and also update the WebLogic domain configuration, see Change
the Database Schema Password for an Oracle Java Cloud Service Instance.
When you create a service instance, you can also associate it with one or more
Application Schema Databases. If you change the password for one of these
databases, the corresponding data source in the WebLogic domain will fail to connect
to the database. Use one of the standard WebLogic administrative interfaces to modify
the connection properties of the existing data source. See Configuring JDBC Data
Sources in one of the following publications:
• Administering JDBC Data Sources for Oracle WebLogic Server (12.2.1.3)
• Administering JDBC Data Sources for Oracle WebLogic Server (12.1.3)
• Configuring and Managing JDBC Data Sources for Oracle WebLogic Server
(10.3.6)
For more information about data sources in Oracle Java Cloud Service, see About
Data Sources.
11-41
Chapter 11
Authenticate Users
• For service instances running Oracle Traffic Director 12c, see Configure WebLogic
Server Users in Administering Oracle WebLogic Server with Fusion Middleware
Control. Be sure to access the console for the load balancer, and not for the
WebLogic Server domain.
• For service instances running Oracle Traffic Director 11g, see Securing Access to
the Administration Server in Oracle Traffic Director Administrator’s Guide.
11-42
12
Use Oracle Coherence in Oracle Java
Cloud Service
Enable Oracle Coherence in Oracle Java Cloud Service to provision an in-memory
data grid and caching infrastructure for your Java Enterprise Edition applications.
Topics:
• Overview of Coherence Tasks for Oracle Java Cloud Service
• About Oracle Coherence in Oracle Java Cloud Service
• About Cache Capacity for a Service Instance
• Add a Coherence Data Grid
• Scale Out a Coherence Data Grid
• Scale In a Coherence Data Grid
• Delete a Coherence Data Grid
Note:
An Oracle Java Cloud Service instance that has been provisioned with
Oracle Coherence is also referred to as an Oracle Java Cloud Service—
Coherence instance.
12-1
Chapter 12
About Oracle Coherence in Oracle Java Cloud Service
Note:
An Oracle Java Cloud Service instance that has been provisioned with
Oracle Coherence is also referred to as an Oracle Java Cloud Service—
Coherence instance.
12-2
Chapter 12
About Oracle Coherence in Oracle Java Cloud Service
• Both the storage-enabled Coherence data tier cluster and the storage-disabled
application tier cluster are associated with the Coherence Cluster. These two
clusters are scaled independently of one another.
The following illustration shows a typical deployment topology for an Oracle Java
Cloud Service—Coherence instance. The example uses a cluster of two Managed
Servers for the application tier (storage-disabled), and a cluster of three Managed
Servers for the Coherence data tier (storage-enabled):
12-3
Chapter 12
About Cache Capacity for a Service Instance
For example, if you set Cluster Size to 4 and Managed Servers Per Node to 2,
Oracle Java Cloud Service will create 2 nodes, each running 2 servers. If the quotient
is not a whole number, then it is rounded up to the nearest whole number. For
example, if Cluster Size is 4 and Managed Servers Per Node is 3, your data grid
cluster will consist of 2 nodes, each running 3 servers (a total of 6 servers).
Running multiple Coherence servers on each node can improve concurrency and
memory management, but it generally also requires more processors and memory
(larger shapes).
Note:
You cannot change these data tier configuration parameters (cluster size,
compute shape, managed servers per node) after creating a service
instance.
If you require maximum availability for the data in the data grid cluster, it
must contain at least three nodes.
As your application workload increases and your Coherence data tier requires more
capacity, you can use Oracle Java Cloud Service to scale out the data grid cluster.
Each time you perform a scale-out operation, Oracle Java Cloud Service adds a single
12-4
Chapter 12
About Cache Capacity for a Service Instance
node to the data grid cluster. This node runs the same number of servers as the other
existing nodes in the cluster. Similarly, a scale-in operation removes a single node
from the data grid cluster. The application tier cluster and the data grid cluster in your
service instance can be scaled independently of one another.
Consider the previous example in which a service instance’s Coherence data tier is
configured with a Cluster Size of 4 and Managed Servers Per Node is set to 2.
Scaling out a data grid with this configuration adds one node with 2 servers, as
illustrated in this figure:
Each server on a Coherence node is a JVM process that is configured with a default
heap size. The memory available for all Coherence servers on a node is 75% of the
remaining memory after reserving 1.5 GB for the operating system. The available
memory is then divided evenly amongst the servers on the node.
For example, consider a data tier whose compute shape has 7.5 GB of memory per
node. The memory available for server heap is: 0.75 x (7 – 1.5) = 4.5 GB. If the
data tier is configured for two servers per node, the heap size for each server is: 4.5 /
2 = 2.25 GB.
As a general rule for most Coherence applications, approximately one third (1/3) of a
server’s heap is used for primary cache storage. The other two thirds of the heap is
used for backup storage and scratch space. Therefore, if the total heap across all
nodes in your data grid is 100 GB, the total cache size for your applications is
approximately 33 GB. An exception to this rule is a data grid that’s comprised of a
single node with a single server. In this scenario there is no high availability, and
therefore backup storage does not consume any of the available heap.
12-5
Chapter 12
Add a Coherence Data Grid
Tutorial
As your application workload increases and your Coherence data tier requires more
capacity, you can use Oracle Java Cloud Service to scale out the data grid cluster.
Each time you perform a scale-out operation, Oracle Java Cloud Service adds a single
node to the data grid cluster. This node runs the same number of Managed Servers as
the other existing nodes in the data grid cluster.
For example, if you created a service instance and set its Coherence Cluster Size to 4
and Managed Servers Per Node to 2, the initial data grid cluster in this service
instance contains 2 nodes, each running 2 servers. Scaling out a data grid cluster with
this configuration adds one node with 2 servers, for a total of 3 nodes and 6 servers.
The Coherence data tier cluster within a service instance is scaled independently of its
application tier cluster.
You cannot scale a service instance if it is under maintenance, such as during a
patching or backup operation.
If backups are configured for the service instance, Oracle Java Cloud Service will
attempt to create a backup before scaling the instance.
1. Access the Oracle Java Cloud Service console.
2. Click the name of the service instance to which you want to add a Coherence
node.
The Overview page is displayed.
3. Click the Menu for the Data Grid Cluster, and then select Scale Out.
4. When prompted for confirmation, click Scale Out.
12-6
Chapter 12
Scale In a Coherence Data Grid
5. Click Refresh until a new node is added to the Data Grid Cluster section of
the Overview page.
The status of the cluster indicates that the scaling operation is in progress.
Tutorial
Each scale-in operation removes a single node from the data grid cluster in the service
instance. If you remove the last node in the data grid cluster, your applications will lose
all cached data. Alternatively, you can delete the entire data grid cluster.
The Coherence data tier cluster within a service instance is scaled independently of its
application tier cluster.
You cannot scale a service instance if it is under maintenance, such as during a
patching or backup operation.
If backups are configured for the service instance, Oracle Java Cloud Service will
attempt to create a backup before scaling the instance.
1. Access the Oracle Java Cloud Service console.
2. Click the name of the service instance from which you want to remove a
Coherence node.
The Overview page is displayed.
3. Click the Menu for the Data Grid Cluster, and then select Remove Node.
4. When prompted for confirmation, click Remove Node.
5. Click Refresh until the node is removed from the Data Grid Cluster section of
the Overview page.
You cannot perform any other management operations on the service instance
while the scaling operation is in progress.
You can also monitor the progress of the scaling operation from the Activity page.
12-7
Chapter 12
Delete a Coherence Data Grid
available in the Oracle Java Cloud Service console. See Scale In a Service Instance in
REST API for Oracle Java Cloud Service.
12-8
13
Administer the Load Balancer for an Oracle
Java Cloud Service Instance
Configure, manage, and monitor the load balancer for an Oracle Java Cloud Service
instance.
Topics:
• About the Load Balancer in Oracle Java Cloud Service
• Overview of Load Balancer Administration Tasks
• Disable or Enable the Load Balancer for an Oracle Java Cloud Service Instance
• Add a Load Balancer to a Service Instance
• Add a Second Load Balancer Node to a Service Instance
• Remove a Load Balancer Node from a Service Instance
• Configure a Load Balancer for a Service Instance
• Set Up an Oracle Cloud Infrastructure Load Balancer
• About the Storage Volumes Attached to the Load Balancer Nodes
13-1
Chapter 13
About the Load Balancer in Oracle Java Cloud Service
13-2
Chapter 13
About the Load Balancer in Oracle Java Cloud Service
13-3
Chapter 13
About the Load Balancer in Oracle Java Cloud Service
13-4
Chapter 13
Overview of Load Balancer Administration Tasks
13-5
Chapter 13
Disable or Enable the Load Balancer for an Oracle Java Cloud Service Instance
Configure SSL between the client and the Configure SSL for a Service Instance
load balancer.
Note:
• You cannot enable or disable the load balancer for a service instance
while the instance is being backed up.
• This procedure is for enabling and disabling Oracle Traffic Director or
Oracle Cloud Infrastructure Load Balancing Classic load balancer. It
does not apply to Oracle Cloud Infrastructure Load Balancing.
Topics:
• Disable and Enable Oracle Traffic Director
• Disable and Enable an Oracle-Managed Load Balancer
13-6
Chapter 13
Disable or Enable the Load Balancer for an Oracle Java Cloud Service Instance
2. Click Manage this instance in the instance name bar at the top of the page.
3. Click Disable Load Balancer or Enable Load Balancer, as required.
4. Click Yes, Disable Load Balancer or Yes, Enable Load Balancer.
The instance is in maintenance mode until the operation is completed. After the
operation is completed, the State field in the Oracle Load Balancer section changes
to Traffic Disabled or Traffic Enabled, as appropriate.
This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud
Infrastructure Used by a Service Instance.
Disable and enable the Oracle-managed load balancer in an Oracle Java Cloud
Service instance.
1. Navigate to the Overview page for the instance for which you want to enable or
disable the load balancer.
2. Locate and expand the Load Balancer section of the page.
The load balancer endpoint is displayed.
Within the Load Balancer section, if you click Expand at the left edge of the
row, the web console shows the details of the listener configured for the load
balancer. Instead of disabling the load balancer endpoint, you can choose to
disable just the listener. But the effect of either choice is the same; that is, client
requests to the load balancer are not forwarded to the WebLogic Servers.
4. At the confirmation prompt, click OK.
The instance is in maintenance mode until the operation is completed. After the
operation is completed, the icon is displayed if you disabled the load balancer,
and the icon is displayed if you enabled it.
13-7
Chapter 13
Add a Load Balancer to a Service Instance
Note:
This procedure applies only to adding a user-managed load balancer (Oracle
Traffic Director) that’s hosted on nodes within your service instance. You
can’t use Oracle Java Cloud Service to add an Oracle-managed load
balancer to an existing service instance. Instead you must manually
provision and configure an Oracle-managed load balancer by using either
Oracle Cloud Infrastructure Load Balancing or Oracle Cloud Infrastructure
Load Balancing Classic, depending on the region where the service instance
was created. Refer to these topics:
• Getting Started with Load Balancing in the Oracle Cloud Infrastructure
documentation
• Typical Workflow for Creating a Load Balancer in Using Oracle Cloud
Infrastructure Load Balancing Classic
2. Click Manage this instance in the instance name bar at the top.
3. Select Add Load Balancer.
4. In the Add Load Balancer dialog box, define the routing policy and compute shape
for the load balancer, and the user name and password for the Oracle Traffic
Director administrator.
The user name and password are used to access the Load Balancer Console as
described in Accessing the Administrative Consoles Used by Oracle Java Cloud
Service.
Note:
If you add a load balancer to an Oracle Java Cloud Service instance
after the service instance was created, you must define the user name
and password for the Oracle Traffic Director administrator explicitly. The
user name and password are not set by default to the user name of the
WebLogic Server administrator. This behavior differs from the behavior
when a load balancer is added to a service instance while the service
instance is being created.
13-8
Chapter 13
Add a Load Balancer to a Service Instance
Option Description
Load Balancer Select the policy to use for routing requests to the load balancer.
Policy Valid policies include:
• Least Connection Count—Passes each new request to the
Managed Server with the least number of connections. This
policy helps prevent a Managed Server from getting
overloaded. Managed Servers with greater processing power
to handle requests will receive more connections over time.
• Least Response Time—Passes each new request to the
Managed Server with the fastest response time. This policy is
useful when Managed Servers are distributed across networks.
• Round Robin—Passes each new request to the next
Managed Server in line, evenly distributing requests across all
Managed Servers regardless of the number of connections or
response time.
Compute Shape Select the compute shape to use for all the load balancer nodes in
the service instance. The compute shape is the number of Oracle
Compute Units (OCPUs) and amount of memory (RAM) that you
want to allocate to these nodes.
The list of available shapes varies depending on whether you
selected an Oracle Cloud Infrastructure Classic or Oracle Cloud
Infrastructure region.
You are billed for Oracle Traffic Director nodes at the same price
that you are billed for Oracle WebLogic Server nodes in your
Oracle Java Cloud Service subscription.
Reserved IPs If this service instance is in a region, you can assign each load
balancer node a public IP address that you had previously
reserved.
See Creating an IP Reservation.
Add Another Active Choose whether to add a second Oracle Traffic Director (OTD)
OTD Node node to this service instance.
Note:
A configuration with two active load balancer nodes can
be used to provide high availability and higher load-
balancing capacity. But Oracle Java Cloud Service does
not fail-over application requests between load-balancer
nodes. The failover-group feature of Oracle Traffic
Director is not supported. If one of the load-balancer
nodes is unavailable, you are responsible for ensuring
that requests fail over to another node.
User Name Enter a user name for the Oracle Traffic Director administrator.
Admin Password Define the password for the Oracle Traffic Director administrator.
Confirm Admin Re-enter the password for the Oracle Traffic Director administrator.
Password
5. Click Add.
The Overview page is updated to show that the load balancer is being added. Click the
13-9
Chapter 13
Add a Second Load Balancer Node to a Service Instance
While the load balancer is being added, the service instance is in maintenance status
and you cannot start any other management operation on the service instance.
If you require the WebLogic Plug-in Enabled control to be set in Oracle WebLogic
Server, you must set this control manually. If you add a load balancer to an Oracle
Java Cloud Service instance after the service instance was created, Oracle Java
Cloud Service does not set the WebLogic Plug-in Enabled control in Oracle WebLogic
Server for you. This behavior differs from the behavior when a load balancer is added
to a service instance while the service instance is being created. See Understanding
the use of “WebLogic Plugin Enabled”.
Note:
This procedure applies only to service instances that include a user-
managed load balancer (Oracle Traffic Director). You can’t use Oracle Java
Cloud Service to add an Oracle-managed load balancer to an existing
service instance. Instead you must manually provision and configure the load
balancer by using either Oracle Cloud Infrastructure Load Balancing or
Oracle Cloud Infrastructure Load Balancing Classic, depending on the region
where the service instance was created.
A service instance can include zero, one, or two Oracle Traffic Director (OTD) nodes.
Each node is assigned a separate public IP address. A configuration with two active
load balancer nodes can be used to provide high availability and higher load-balancing
capacity.
Note:
Oracle Java Cloud Service does not fail-over application requests between
load-balancer nodes. If one of the load-balancer nodes is unavailable, you
are responsible for ensuring that requests fail over to another node. The
failover-group feature of Oracle Traffic Director is not supported.
To add a second Oracle Traffic Director node to a service instance, complete the
following steps:
1. Navigate to the Overview page for the instance to which you want to add a node.
2. Click Manage this instance next to the instance name and select Scale Out.
3. In the Scale Out dialog box, select OTD.
4. If the first load balancer node uses a reserved IP address, you must select an IP
reservation for the second node in the Reserved IPs field.
To reserve an IP address for use by the second load balancer node, click the gear
icon next to this field. See Creating an IP Reservation.
13-10
Chapter 13
Remove a Load Balancer Node from a Service Instance
operation on the service instance. Click the (Refresh) icon to check the latest
status.
Both the load balancer nodes are active and can distribute requests to the Managed
Servers in your service instance. Each load balancer node has a unique public IP
address.
If you require the WebLogic Plug-in Enabled control to be set in Oracle WebLogic
Server, you must set this control manually. If you add a load balancer to an Oracle
Java Cloud Service instance after the service instance was created, Oracle Java
Cloud Service does not set the WebLogic Plug-in Enabled control in Oracle WebLogic
Server for you. This behavior differs from the behavior when a load balancer is added
to a service instance while the service instance is being created. For details, see
Understanding the use of “WebLogic Plugin Enabled”.
Note:
This procedure applies only to service instances that include a user-
managed load balancer (Oracle Traffic Director). You can’t use Oracle Java
Cloud Service to remove an Oracle-managed load balancer (Oracle Cloud
Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing
Classic) from an existing service instance.
3. Click Manage this node next to the second load balancer node, and select
Remove Node.
The Remove Node dialog box is displayed.
4. Click Remove Node.
The Overview page is updated to show that the load balancer node is being removed.
While the node is being removed, the service instance is in maintenance status, and
you cannot start any other management operation on the instance.
13-11
Chapter 13
Configure a Load Balancer for a Service Instance
Topics
• Configure Oracle Traffic Director
• Configure an Oracle Cloud Infrastructure Load Balancing Instance
• Configure an Oracle Cloud Infrastructure Load Balancing Classic Instance
Note:
Prior to modifying the default load balancer configuration, read the
administration best practices for Oracle Traffic Director in Administration Best
Practices.
2. Click Manage this instance for the desired service instance and select Open
Load Balancer Console.
(Optional) Enter the result of the step here.
3. Log in to Oracle Traffic Director Administration Console using the credentials that
you defined when provisioning your Oracle Java Cloud Service instance.
4. For service instances running Oracle Traffic Director 12c refer to these topics in
Administering Oracle Traffic Director:
• Features of Oracle Traffic Director
• Overview of Administration Tasks
For service instances running Oracle Traffic Director 11g refer to these topics in
Oracle Traffic Director Administrator’s Guide:
• Features of Oracle Traffic Director
• Overview of Administration Tasks
13-12
Chapter 13
Set Up an Oracle Cloud Infrastructure Load Balancer
Cloud Service instance. But if you created and configured an Oracle Cloud
Infrastructure Load Balancing instance manually, then you can update its configuration
at any time.
See Managing a Load Balancer in the Oracle Cloud Infrastructure documentation.
Topics:
• Prepare to Set Up an Oracle Cloud Infrastructure Load Balancer
• Create and Configure an Instance of Oracle Cloud Infrastructure Load Balancing
13-13
Chapter 13
Set Up an Oracle Cloud Infrastructure Load Balancer
13-14
Chapter 13
Set Up an Oracle Cloud Infrastructure Load Balancer
2. In the Regions list near the upper-right corner, select the region in which you
created your Oracle Java Cloud Service instance.
3. Create an instance of Oracle Cloud Infrastructure Load Balancing.
a. From the navigation menu, under the Core Infrastructure group, select
Networking, and then select Load Balancers.
b. In the Compartment field, select the compartment that you want to create the
load balancer in.
c. Click Create Load Balancer.
d. Enter a name for the load balancer.
e. Specify whether the load balancer must be public or private.
f. Select the bandwidth shape.
Note that the shape you choose here affects the billing for the load balancer.
g. Select the virtual cloud network (VCN) and the subnets to which you want to
attach the load balancer.
In a region that has more than one availability domain (AD), you can select
either a single regional subnet (recommended) or two AD-specific subnets.
h. Click Next Step.
i. Select a load balancing policy.
j. Click Add Backends.
k. Click Change Compartment, and then select
ManagedCompartmentForPaaS.
l. Locate and select the nodes of your Oracle Java Cloud Service instance.
The names of the compute nodes are in the format, subscriptionID|JaaS|
jcsInstanceName|wls|vm-n.
For example: 599949999|JaaS|myJCSinstance|wls|vm-1
Look for the compute nodes where jcsInstanceName matches the name of
your Oracle Java Cloud Service instance.
m. Click Add Selected Backends.
n. Change the Port of each server to the port at which the managed server node
listens for requests (for example, 8001).
o. Optional: Click Advanced Options, and then change the default name of the
backend set.
p. Click Next Step.
q. Optional: Change the default listener name and port.
r. Select or paste your SSL certificate.
s. If you selected a self-signed certificate, then select or paste the corresponding
private key, and enter the private key passphrase.
t. Click Create Load Balancer.
4. Configure the load balancer to include the WL-Proxy-SSL header in the requests
that it forwards to the Oracle WebLogic Server nodes in the backend set.
Oracle WebLogic Server uses this header to determine that the requests came to
the load balancer over SSL/TLS.
13-15
Chapter 13
Set Up an Oracle Cloud Infrastructure Load Balancer
a. From the load balancer details page, under Resources in left navigation pane,
click Rule Sets.
b. Click Create Rule Set.
c. Enter a name for the rule set.
d. Select Specify Request Header Rules.
e. Configure the rule:
• Action: Select Add Request Header.
• Header: Enter WL-Proxy-SSL
• Value: Enter true
f. Click Create.
g. Click Close.
Wait for the rule to be created.
h. Under Resources in the left navigation pane, click Listeners.
i. Locate the listener that you created earlier, click , and then select Edit.
j. In the Edit Listener dialog box, in the Rule Sets section, click Additional Rule
Set.
k. Select the rule set that you created, and then click Save Changes.
l. Click Close.
5. Ensure that the security list of the load balancer's subnet has the required security
rules to allow TCP traffic from the Internet to the listener port that you created.
If your region has more than one AD and if you specified two AD-specific subnets
for the load balancer, then complete the following steps for each of the two
subnets.
a. On the Load Balancer Details page, locate the Subnet field, and then click the
subnet.
The VCN that contains the subnet is displayed.
b. Click your load balancer's subnet.
c. Click the first security list for the subnet.
d. Under Ingress Rules, check whether a rule with the following properties
exists:
Source: 0.0.0.0/0
IP Protocol: TCP
Source Port Range: All
Destination Port Range: yourListenerPort
If the rule exists, then skip the remainder of this substep and proceed to the
"Verify access" step.
e. If the rule doesn't exist, then click Add Ingress Rules.
f. For Source CIDR, enter 0.0.0.0/0.
g. For Destination Port Range, enter the port number of your listener.
13-16
Chapter 13
About the Storage Volumes Attached to the Load Balancer Nodes
Note:
This topic applies only to service instances that include a user-managed load
balancer (Oracle Traffic Director). It does not apply to service instances that
use an Oracle-managed load balancer (Oracle Cloud Infrastructure Load
Balancing.
The following table lists the mount points of the storage volumes that are attached to a
load balancer node:
13-17
Chapter 13
About the Storage Volumes Attached to the Load Balancer Nodes
13-18
14
About the Infrastructure Resources Used
by Oracle Java Cloud Service
When you create an Oracle Java Cloud Service instance, the required virtual
machines (VMs), block storage volumes, and most of the network settings are
provisioned and configured for you.
Topics:
• About the Deployment Topology
• Compute Topology for Oracle Java Cloud Service Instances
• About the Storage Volumes Attached to the WebLogic Server Nodes
14-1
Chapter 14
About the Deployment Topology
In this example, the Oracle Java Cloud Service instance has a single Oracle WebLogic
Server domain that contains an Administration Server and a cluster of two Managed
Servers for hosting applications. The load balancer is a dual-node Oracle Traffic
Director setup.
Note:
For information about the network protocols and default ports that can be
used to access an Oracle Java Cloud Service instance, see Understanding
the Default Access Ports. The HTTP port is disabled if you created the
instance by using the instance-creation wizard in the web console.
14-2
Chapter 14
Compute Topology for Oracle Java Cloud Service Instances
domain. For information about the deployment topology when Oracle Coherence is
enabled for an Oracle Java Cloud Service instance, see About Oracle Coherence in
Oracle Java Cloud Service.
Note:
By default a load balancer is not enabled for an instance that has a single-
node WebLogic cluster, so the Oracle Traffic Director node won't be present.
When you create a service instance that consists of a multinode cluster in
the domain, Oracle recommends that you enable a load balancer for the
service instance. If enabled, the Oracle Traffic Director node would be
present.
When Oracle Coherence is enabled for a service instance, a node on the Coherence
data tier can have one or more storage-enabled Managed Servers. You configure the
14-3
Chapter 14
About the Storage Volumes Attached to the WebLogic Server Nodes
initial number of Coherence nodes and the number of Managed Servers per node
when you create the service instance.
The following table summarizes the number of nodes on the application tier and
Coherence data tier, and the corresponding Managed Servers contained in the nodes
for an Oracle Java Cloud Service—Coherence instance. The example in the table
shows a configuration consisting of a 2-node application tier cluster (storage-disabled),
and a 3-node Coherence data tier cluster (storage-enabled) in which one Managed
Server is running on each node:
Appropriate security rules are configured on the Oracle Java Cloud Service nodes to
enable communication among the different nodes hosting the WebLogic managed
servers, and also with the Oracle Traffic Director nodes and the Oracle Database
Cloud Service nodes.
You have access to all the compute nodes, including the node on which the WebLogic
Administration Server is running. You can use a Secure Shell (SSH) client to log into a
node, as described in Access a Node with a Secure Shell (SSH).
14-4
Chapter 14
About the Storage Volumes Attached to the Load Balancer Nodes
Note:
This topic applies only to service instances that include a user-managed load
balancer (Oracle Traffic Director). It does not apply to service instances that
use an Oracle-managed load balancer (Oracle Cloud Infrastructure Load
Balancing.
The following table lists the mount points of the storage volumes that are attached to a
load balancer node:
14-5
15
Troubleshoot Oracle Java Cloud Service
This section describes common problems that you might encounter when using Oracle
Java Cloud Service and explains how to solve them.
Topics:
• Before You Begin Troubleshooting
• Find Diagnostic Information to Help with Troubleshooting
• Problems with Failure of a Running Service when the Schema User Password
Expires
• Problems with Creating Service Instances
– I cannot create an Oracle Java Cloud Service — Virtual Image instance when I
choose a Oracle Database Cloud Service — Virtual Image database
deployment
– I receive a database connectivity error message
– I cannot create a service when I have many service instances
– I cannot create a service instance, even after waiting for an hour
– I cannot create a service instance when the service instance name is not
unique
– I can create a service instance but the Coherence Data Tier failed to create
– I receive an error message stating that no database service is available
– I encounter Intermittent provisioning failures for clustered instances based on
WebLogic Server 12.2.1
– I encounter a database connection error when creating an Oracle Java Cloud
Service instance
– I cannot select my Autonomous Transaction Processing database or Oracle
Cloud Infrastructure Database from the web console
• Problems with Deploying and Accessing Applications
– I can’t deploy an application to an Oracle Java Cloud Service instance based
on WebLogic Server 11g
– I can’t access an application using the URL from the WebLogic Server
Administration Console Testing tab
– I can’t access an application through the HTTP port
• Problems with Scaling
– My scale-out operation does not start
– My scale-in operation is not allowed
– My service is too busy to allow scaling
– My scaling operation failed when the storage space threshold was exceeded
15-1
Chapter 15
Before You Begin Troubleshooting
15-2
Chapter 15
Find Diagnostic Information to Help with Troubleshooting
1. Ensure that you are using best practices. See Keeping Your Instances
Manageable by Oracle Java Cloud Service.
2. Check Known Issues with Oracle Java Cloud Service for known problems and
solutions that could help you address your issues with Oracle Java Cloud Service.
Topics:
• Use the WebLogic Server Administration Console to Find Diagnostic Information
• Use the WebLogic Server Administration Console to Find Log Files
• Find Status Messages for Oracle Java Cloud Service Instances
• Find VM Boot Log Messages
a. Click the Manage this instance icon and select Open WebLogic Server
Administration Console.
A new browser opens and you are redirected to the login page.
If the server is protected with a self-signed certificate, you will be warned that
this certificate is not trusted. This warning only appears if you have not added
the self-signed certificated to the browser’s exception list previously.
b. Accept the certificate.
c. When the WebLogic Server Console appears, enter the user name and
password your provided when you created the service instance.
The WebLogic Server Administration Console is displayed.
4. In the Domains area, expand Diagnostics.
5. Click on the diagnostics that interests you.
For information on the diagnostic choices, click on Diagnostics.
15-3
Chapter 15
Find Diagnostic Information to Help with Troubleshooting
a. Click the Manage this instance icon and select Open WebLogic Server
Administration Console.
A new browser opens and you are redirected to the login page.
If the server is protected with a self-signed certificate, you will be warned that
this certificate is not trusted. This warning only appears if you have not added
the self-signed certificated to the browser’s exception list previously.
b. Accept the certificate.
c. When the WebLogic Server Console appears, enter the user name and
password your provided when you created the service instance.
The WebLogic Server Administration Console is displayed.
4. In the Domains area, expand Diagnostics.
5. Click Log Files.
6. The Log Files table is displayed.
7. Click the option to the left of the log file you want to view.
8. Click View.
The log file you selected is displayed in the table.
9. (Optional) If you do not find the information you are looking for, customize the
table to select the time interval you want to view.
a. View the log file.
b. Click the Customize this table link above the log file.
c. From the Time Interval drop-down menu, select the time interval for filtering
the information the information in the table.
You can choose an interval ranging from the last five minutes to the last one
week. You can also view all log entries or customize the time interval.
15-4
Chapter 15
Problems with Failure of a Running Service when the Schema User Password Expires
Another symptom of this problem is that a patch precheck, restoration, or scale out
operation may fail.
Note:
By default the schema password is set to Weblogic Administrator password
during the provisioning of the Oracle Java Cloud Service instance.
See Change the Database Schema Password for an Oracle Java Cloud Service
Instance.
15-5
Chapter 15
Problems with Creating Service Instances
In the process of creating a service, the operation failure becomes visible in the
following way:
1. The service instance appears in the Services list in the Oracle Java Cloud Service
Console.
2. An In progress... message appears in the service instance details.
3. When the creation process fails, a Failed message is displayed and a red
exclamation mark appears on the service instance's icon.
4. The service instance is listed in the Instance Create and Delete History section.
5. Click on Details to view progress and error messages.
You can locate additional error messages using the procedure in Find Status
Messages for Oracle Java Cloud Service Instances.
The most common sources of failure when creating a service instance include:
• Timeout errors
• SSH connection isssues
• Incorrect credentials
• Database listener down
The following solutions apply to problems creating service instances for Oracle Java
Cloud Service.
I cannot create an Oracle Java Cloud Service — Virtual Image instance when I
choose a Oracle Database Cloud Service — Virtual Image database deployment
A failure will occur when you attempt to create an Oracle Java Cloud Service instance
with a Oracle Database Cloud Service — Virtual Image database deployment.
To prevent this failure, you must first configure the Oracle Database Cloud Service —
Virtual Image environment. See Use a Database Cloud Service - Virtual Image
Database Deployment.
15-6
Chapter 15
Problems with Creating Service Instances
I cannot create a service instance when the service instance name is not unique
Oracle Java Cloud Service instance creation can fail if the name you choose for the
new service instance is identical to the name of another service instance, including a
failed service instance. Also, the Oracle Java Cloud Service instance name cannot be
the same as the name of an Database Cloud Service instance.
After an attempt to create an Oracle Java Cloud Service instance fails, Oracle Java
Cloud Service may require some time to remove items that were created during the
attempt. If the new and failed service instance names are identical, a naming conflict
may occur and the attempt to create the new service instance may fail.
Note:
As a best practice, always ensure that your Oracle Java Cloud Service
instance names are unique.
I can create a service instance but the Coherence Data Tier failed to create
Delete the service instance. Wait before you try again to create the service instance. If
the problem persists, contact Oracle Support Services.
There are no Oracle Database Cloud Service instances available for Service
Level:
Oracle Java Cloud Service
Create a new database deployment with backups enabled and specify this database
deployment when you create a new Oracle Java Cloud Service instance.
15-7
Chapter 15
Problems with Creating Service Instances
To help identify the problem, confirm that the user name and password are correct by
connecting to the database via sqlplus. Also, confirm that you have the correct
privileges. For more information, see About Database Cloud Service Roles and Users
in Administering Oracle Database Cloud Service.
If you have done these checks and do not see any issues, the problem might be that
the oracle password has expired on the database node.
You can change the properties of the oracle user so that the password does not
expire. See Problems Administering Deployments in Administering Oracle Database
Cloud Service.
15-8
Chapter 15
Problems with Deploying and Accessing Applications
I can’t access an application using the URL from the WebLogic Server
Administration Console Testing tab
You cannot access a deployed application from the public internet if you use the URL
displayed on the Testing tab of the WebLogic Sever Administration Console. The
URLs shown on this tab are internal to Oracle Java Cloud Service. Instead, use the
procedure in Access an Application Deployed to an Oracle Java Cloud Service
Instance.
15-9
Chapter 15
Problems with Scaling
• Updating the Default Access Ports When Creating a Service Instance in REST API
for Oracle Java Cloud Service.
My scaling operation failed when the storage space threshold was exceeded
A scaling operation fails when local disk storage usage exceeds a certain threshold.
For a scale-out operation, the threshold is 90 percent. For a scale-in operation the
threshold is 98 percent. A scaling precheck operation performs a disk usage check
and issues an error message if the threshold has been exceeded, and then scaling
fails. If you receive this error message, free up space on local disk storage.
A scale-in operation attempts to create a backup before scaling in. If you initiate
frequent backups, local storage can fill up because backups are retained for seven
days.
If you create frequent backups, delete backups before scaling in to avoid this problem.
See Delete a Backup.
15-10
Chapter 15
Problems with Backup and Restoration
My identity key store and trust store are missing after a patching, rollback, or
restoration operation
If you have identity key stores and trust stores, they can disappear after you apply a
patch, roll back a patch, or restore a backup. You may have configured one of the
following:
• Custom identity key store and custom trust store
• Custom identity key store and Java standard trust store
• WebLogic Server identity key store and WebLogic Server trust store
Patching , rollback, and restoration operations replace the directories you may have
used to keep the custom key store and trust store, so they are essentially emptied.
To protect your key store and trust store, create the key stores and trust stores by
using the OPSS KeyStoreService (KSS). See Configuring the OPSS Keystore Service
for Demo Identity and Trust in Administering Security for Oracle WebLogic Server.
If you don’t want to use the OPSS KeyStoreService, you can put the key store and
trust store in the WebLogic domain created by Oracle Java Cloud Service.
It’s particularly important to protect your key store and trust store for JDK patching.
Each JDK patch replaces the previous version.
Before you apply a WebLogic Server patch:
• Do not put CA certificates in the existing demo keystores
• Do not put custom key stores and trust stores in the <MW_HOME>/wlserver/lib
directory
• Do not put CA certificates anywhere on the system except in key stores
I receive a message stating that the service is busy with another operation
You cannot apply a patch when the service is under maintenance, for example, scaling
or backup.
Wait until the service is no longer under maintenance and try patching again.
15-11
Chapter 15
Problems with Backup and Restoration
address when you created the service instance, you will receive an email message
after each backup failure, and also after backups are disabled. The email message
specifies the cause of the backup failure. To identify the cause of the backup failure by
using the REST API, see View the Backup Configuration and View the Status of an
Operation by Job Id in REST API for Oracle Java Cloud Service.
The most common cause for a backup failure are invalid storage credentials (see
below). After correcting the cause of the backup failure, you can enable backups on
the service instance. See Enable or Disable Backups.
a. Click the menu icon for your service instance and choose Open Load
Balancer Console.
A new browser opens and you are redirected to the Load Balancer Console’s
log-in page.
If the server is protected by a self-signed certificate and you have not specified
the certificate previously, you will be warned that your connection is not
secure.
b. Accept the certificate.
c. When the log-in page appears, enter the username and password you
provided when you created the service instance.
The Oracle Traffic Director Administration Console is displayed.
3. On the left panel, select Services.
The Services page is displayed on the right.
4. Notice the Status, State, and Health of your load balancer. The load balance is up
and in good health if:
• The arrow under Status is green and pointing up
• The State is Running
15-12
Chapter 15
Problems with Backup and Restoration
• The Health is OK
Otherwise, the load balancer is down and the health of the load balancer is not
okay.
df -k
4. If there is not enough space for the backup, add more storage.
See Add Storage to a Node.
The restoration operation fails and generates an error about pre-check failure
Either one or more servers are currently unreachable, or there is not enough space on
one of the storage volumes.
To find the reason for the restoration failure:
1. Navigate to the Backup page.
a. Click the name of the service instance for which you want to find the
restoration status information.
The Oracle Java Cloud Service Instance page is displayed with the Overview
tile in focus, displaying detailed information about the service instance.
b. Click the Administration tile.
The Oracle Java Cloud Service Instance page is refreshed with the
Administration tile in focus.
c. Click the Backup tab.
The Backup page is displayed.
2. Locate the icon for the restoration that failed.
3. Click on the date to the right of the icon.
A pop-up containing the status details is displayed.
If the problem is that a server is unreachable, restart the VM or perform a scale-in
operation if it is no longer needed. Try restoring the service again.
If there is not enough space for the backup, you will receive an error message telling
you to scale-in the VMs, which were either not backed up or added after the backup
operation, or use the force option for restoration.
Do one of the following:
15-13
Chapter 15
Problems with Backup and Restoration
• Scale-in the VMs that were either not backed up or added after the backup
operation.
• Try to restore the backup by using the force option.
• Delete any unwanted backups. See Delete a Backup.
• Archive one or more backups to an Oracle Cloud Infrastructure Object Storage
Classic container. See Move a Backup (Download or Archive) in REST API for
Oracle Java Cloud Service.
This problem does not affect the newly completed backup. However, the presence of
the older backups may cause future backups to fail because of insufficient space.
To prevent such failures, ensure that Oracle Java Cloud Service can remove the older
backups when the next scheduled backup is completed:
1. To find out why Oracle Java Cloud Service could not move or remove the
backups, place the cursor over the icon.
A text rollover appears that contains detailed information about why Oracle Java
Cloud Service could not move or remove the backups.
2. Correct the problem that prevented Oracle Java Cloud Service from moving or
removing the backups.
For example, to correct an access permission problem, ensure that the user name
and password for the administrator of the Oracle Cloud Infrastructure Object
Storage Classic container are correct. If necessary, change them as explained in
Configure Scheduled Backups for an Oracle Java Cloud Service Instance.
3. When the next scheduled backup is completed, determine whether it shows the
icon for a successful backup, thus:
15-14
Chapter 15
Problems with Performance of Oracle Java Cloud Service—Coherence Service Instances
Restart fails after a scale down operation intended to remedy a quota breach
You can scale down a Oracle Database Cloud Service database deployment or Oracle
Java Cloud Service instance if you have a quota breach in your account. Scaling down
reduces compute resources. However, the automatic restart action can fail after scale-
down.
For example, you could scale down a node from shape oc5 to oc3. Oracle Java Cloud
Service puts the service instance into Maintenance mode, changes the state of the
node to Configuring, and stops any servers running on the node. After applying the
15-15
Chapter 15
Problems with Connectivity
changes, Oracle Java Cloud Service is supposed to start the servers automatically. If
the quota breach is not cleared by the time the orchestration is restarted with the
smaller shape, the automatic server restart action could fail.
If the restart action fails, wait one hour for the quota breach to clear, then restart the
service instance by using the Oracle Java Cloud Service Console.
Topics:
• My private key is lost or corrupted
• My connection to a VM is refused
• I received a hostname verification error when attempting to connect to Node
Manager
15-16
Chapter 15
Problems with Connectivity
My connection to a VM is refused
Be sure you are connecting to the VM as the opc user. Other OS users such as oracle
and root cannot be used to establish a remote connection to a VM.
After successfully connecting to a VM as opc, you can switch to a different user. See
Access a Node with a Secure Shell (SSH).
To disable hostname verification, use the following -D flag when invoking WLST:
15-17
Chapter 15
Problems with Database Connectivity When Upgrading the Infrastructure Schema Database
When I try to restart the Administration Server, I discover that the Node Manager
is not running
For information about restarting the Administration Server through the Node Manager,
see Use WLST Commands to Start the Administration Server.
To restart the Node Manager:
1. Use an SSH client of your choice to access the VM of the Administration Server.
If you do not have an SSH client on Windows, you can use PuTTY to access the
VM by establishing an SSH tunnel.
If you are not automatically logged in as user opc, log in accordingly.
2. In the command window, change to user oracle.
sudo su - oracle
3. Change directories to where startNodeManager.sh exists.
If you are using Oracle Fusion Middleware 11.1.1.7, the location is:
/u01/app/oracle/middleware/wlserver_10.3/server/bin
15-18
Chapter 15
Problems with the Node Manager
If you are using Oracle Fusion Middleware 12.1.3 or Oracle Fusion Middleware
12.2.1, the location is:
/u01/data/domains/<domain_name>/bin
For example:
cd /u01/data/domains/OurServi_domain/bin
4. Start the Node Manager:
nohup startNodeManager.sh
5. Check to see that the Node Manager is running:
ps -ef | grep NodeManager
You should receive messages showing that the Node Manager is running.
6. (Optional) If you have more than one host in your Oracle Java Cloud Service
instance, you must restart the Node Manager on each host.
a. SSH to the second host:
ssh <hostname>
For example:
ssh ourserviceinstance-wls-2
You can find the hostname on the Oracle Java Cloud Service Instance page in
the Oracle Java Cloud Service Console.
b. Change directories to where startNodeManager.sh exists.
If you are using Oracle Fusion Middleware 11.1.1.7, the location is:
/u01/app/oracle/middleware/wlserver_10.3/server/bin
For example:
cd /u01/data/domains/OurServi_domain/bin
c. Start Node Manager:
nohup startNodeManager.sh
d. Check to see whether the Node Manager is running:
ps -ef | grep NodeManager
You should receive messages showing that the Node Manager is running.
e. Exit the second host:
exit
7. Exit the oracle session:
exit
8. Exit out of the command window:
15-19
Chapter 15
Problems with a Database Deployment
exit
cd $ORACLE_HOME/bin
3. Start sqlplus.
./sqlplus
7. Exit sqlplus.
exit
15-20
Chapter 15
Problems with Connection validation when provisioning an Oracle Java Cloud Service-Virtual Image instance with Oracle
Database Cloud Service 12.1 VI
Could not connect to Database Cloud Service. Error Details: [No match
found]
This error occurs because the database deployment has been created without a
domain name.
To work around this issue:
1. Log on to the database deployment’s VM:
ssh -i <private-key> opc@ip-address-of-db-vm
2. Change to user oracle.
sudo -s -u oracle
3. Connect to the PDB as sysdba.
$ORACLE_HOME/bin/sqlplus sys/<password>@"<host>:<port>/<pdb name> as
sysdba
4. Create a service using a domain name.
exec dbms_service.create_service('<pdb name>.<domain name>', '<pdb
name>.<domain name>');
For example, the domain name could be:
<identity domain>.oraclecloud.internal
5. Start the service.
exec dbms_service.start_service('<pdb name>.<domain name>');
6. Using the Oracle Java Cloud Service provisioning wizard to provision an instance,
enter a connect string.
For example:
1521/<pdb name>.<domain name>
7. Continue to provision the Oracle Java Cloud Service instance.
15-21
Chapter 15
Problems with Transparent Data Encryption Wallet Error when Provisioning an Oracle Java Cloud Service-Virtual Image
Instance with Oracle Database Cloud Service 11g Virtual Image
ENCRYPTION_WALLET_LOCATION =
(SOURCE =(METHOD = FILE)(METHOD_DATA) =
(DIRECTORY = <wallet directory>/$ORACLE_SID/encryption_keystore/)
15-22
Chapter 15
Problems Accessing Applications Via a Custom Web Server
The Host is not resolvable. Most commonly this is due to mistyping the URL
in
the browser bar. Please verify the spelling and that the site exists and
hit refresh.
15-23
Chapter 15
How can I Fine-Tune Performance?
If you installed Oracle HTTP Server or similar software on a node in your service
instance, you might not be able to access this software using ports 80 or 443. The
operating system on a node is typically configured to intercept and redirect incoming
traffic on these ports to the WebLogic Server listen ports, such as ports 9073 and
9074. To view these network policies, run the iptables command as the root user:
Use the -D option in iptables to delete the redirect policy that is causing your access
issue.
15-24
A
Oracle Fusion Middleware Products
Certified on Oracle Java Cloud Service
Oracle Fusion Middleware is a portfolio of products that enable you to build and deploy
enterprise applications for web collaboration, content management, data integration,
and portals. Certified Oracle Fusion Middleware products can be provisioned on your
Oracle Java Cloud Service instances.
Note:
Only the Oracle Fusion Middleware products that are listed in this section are
certified on Oracle Java Cloud Service. The products that are not listed here
are not certified.
If the installation of any product on your Oracle Java Cloud Service instance
modifies the MW_HOME directory, then the patching capability within Oracle
Java Cloud Service can’t be used to patch the instance. If you try to patch
the instance, the precheck operation fails.
Contents
• Certified Oracle Fusion Middleware Products
• Certified Oracle Java Cloud Service–Virtual Image SKUs
• Processor License Ratio to Oracle Compute Unit (OCPU)
• Deployment Tutorials
Note:
Some of these products are certified on only the Oracle Java Cloud Service
Virtual Image service level, which is not available for universal credits
subscriptions.
A-1
Appendix A
A-2
Appendix A
Note:
For Oracle Data Integrator, only the processor(s) where the data
transformation processes are executed must be counted for the purposes of
determining the number of licenses required.
A-3
Appendix A
Deployment Tutorials
Refer to the following tutorials for information about provisioning a certified Oracle
Fusion Middleware product on Oracle Java Cloud Service.
• Provisioning Oracle Data Integrator Cloud Service
• Provisioning Oracle Data Integrator on Oracle Java Cloud Service
• Provisioning Oracle WebCenter Portal Cloud Service in the Development
Topology
• Provisioning Oracle WebCenter Portal Cloud Service in the EDG Topology
• Provisioning Oracle WebCenter Sites on Oracle Java Cloud Service
• Provisioning Oracle SOA Suite on Oracle Java Cloud Service
• Provisioning Oracle BPM Suite on Oracle Java Cloud Service
• Provisioning Oracle Service Bus on Oracle Java Cloud Service
• Provisioning Oracle Enterprise Data Quality on Oracle Java Cloud Service
• Provisioning Oracle Business Intelligence Publisher 12c on Oracle Java Cloud
Service
• Provisioning Oracle Business Intelligence Publisher 11g on Oracle Java Cloud
Service
A-4
B
Oracle Applications Certified on Oracle
Java Cloud Service
On-Premises Licensable Certi Oracle Java Cloud Oracle Java Cloud
Applicable fied Service Software Service Software
Versi Release Edition
on
Oracle Documaker Enterprise 12.6. Oracle WebLogic Server • Standard Edition
Edition 2 12c Release 2 (12.2.1.2) Acceptable for
developing
functionality testing
(non-loaded
systems)
• Enterprise Edition
Recommended for
production and
load- tested
environments. You
may need to use
clustered scaling,
depending on the
production loads
and number of
users.
• Enterprise Edition
with Coherence
Permitted but not
required
Oracle Health Insurance 2.17. Oracle WebLogic Server Enterprise Edition with
Components 2 12c Release 2 (12.2.1.1) Coherence
Oracle Health Insurance 3.18. Oracle WebLogic Server Enterprise Edition with
Components 1 12c Release 2 (12.2.1.1) Coherence
Oracle Insurance Policy 11.1. Oracle WebLogic Server Enterprise Edition with
Administration for Life and 0 12c Release 2 (12.2.1.1) Coherence
Annuity
Oracle Insurance Policy 11.1. Oracle WebLogic Server Enterprise Edition with
Administration for Group Benefits 0 12c Release 2 (12.2.1.1) Coherence
B-1
C
Effect of Lifecycle and Administration
Operations on Billing
1 When using the REST API, if you opt for automatic backup of the instance before deletion, then that final
backup will be retained in object storage.
C-1
D
Migrate Applications to Oracle Java Cloud
Service with AppToCloud
Topics:
• Typical Workflow for Migrating Applications to Oracle Java Cloud Service with
AppToCloud
• Prerequisites for Using AppToCloud
• AppToCloud Considerations and Limitations
• Migrate an Oracle Database to Oracle Cloud for Oracle Java Cloud Service
• Install the On-Premises AppToCloud Tools
• Check the Health on an On-Premises WebLogic Domain
• Export an On-Premises WebLogic Domain
• Create a Service Instance with AppToCloud
• Import Applications into a Service Instance
• Recreate On-Premises Domain Resources
• AppToCloud Command Reference
D-1
Appendix D
Typical Workflow for Migrating Applications to Oracle Java Cloud Service with AppToCloud
• The on-premises tasks involve archiving your existing Oracle WebLogic Server
environment and applications and uploading the files into Oracle Cloud.
• The cloud tasks involve creating an Oracle Java Cloud Service service instance
and automatically provisioning it with the same resources and applications as your
on-premises environment.
Topics:
• On-Premises Tasks
• Cloud Tasks
On-Premises Tasks
D-2
Appendix D
Typical Workflow for Migrating Applications to Oracle Java Cloud Service with AppToCloud
Cloud Tasks
D-3
Appendix D
Prerequisites for Using AppToCloud
Topics
• Source WebLogic Server Domain
• Destination Oracle Java Cloud Service
Note:
An Oracle Java Cloud Service created with AppToCloud will always be
provisioned with Oracle WebLogic Server 12c, even if your source
domain is running 11g.
Note:
While the source domain cannot be JRF-enabled, all Oracle Java Cloud
Service instances are JRF-enabled.
D-4
Appendix D
AppToCloud Considerations and Limitations
• Any Java EE applications to export must be in the active deployment state. They
cannot be in the admin state.
• All files and directories to export must be accessible from the file system of the
Administration Server, including:
– Java EE applications
– Deployment plans
– Additions to the server CLASSPATH
– Contents of DOMAIN_HOME/lib
Note:
AppToCloud does not currently support Oracle Cloud Infrastructure Object
Storage buckets. You must use an Oracle Cloud Infrastructure Object
Storage Classic container.
If your source domain contains multiple clusters, AppToCloud can add all of these
clusters to a single Oracle Java Cloud Service instance, but only if both of these
conditions are true:
• The service instance is created in an Oracle Cloud Infrastructure Classic region.
• Your Oracle Cloud account includes Oracle Identity Cloud Service.
Alternatively, AppToCloud can export a specific cluster from your source domain.
D-5
Appendix D
AppToCloud Considerations and Limitations
Consider the following scenarios before using AppToCloud to migrate your on-
premises Oracle WebLogic Server domain to Oracle Java Cloud Service.
Topics:
• Database Services
• Multiple Clusters
• 11g Applications
• File System Locations
• Server Classpath
• Exploded Archive Deployments
Database Services
Multiple Clusters
Note:
AppToCloud does not support the migration of a source domain that contains
more than eight clusters.
D-6
Appendix D
AppToCloud Considerations and Limitations
11g Applications
Server Classpath
D-7
Appendix D
Migrate an Oracle Database to Oracle Cloud for Oracle Java Cloud Service
The AppToCloud tools export all folders and files found in the server’s CLASSPATH,
including any subdirectories at these locations.
Verify that any custom locations in your CLASSPATH include only those files that you
want to export and upload to Oracle Cloud.
D-8
Appendix D
Check the Health on an On-Premises WebLogic Domain
Download and extract the AppToCloud archive to the machine hosting the
Administration Server of the domain that you want to export.
1. Access the Oracle Java Cloud Service console.
2. Click your user icon at the top right of the console, select Help, and then select
Download Center.
3. Click the download icon for AppToCloud.
4. Upload the file a2c-zip-installer.zip to the machine running the domain’s
Administration Server.
5. If necessary, create a destination directory for the AppToCloud tools.
For example:
Linux: mkdir /u01/tools
Windows: mkdir c:\u01\tools
6. Use an archive tool to extract a2c-zip-installer-.zip to your destination
directory.
For example:
Linux: unzip a2c-zip-installer.zip -d /u01/tools
Windows: From Windows Explorer, right-click a2c-zip-installer.zip, select
Extract All, and then enter c:\u01\tools.
7. Verify that the file oracle_jcs_app2cloud/bin/a2c-healthcheck.sh or
oracle_jcs_app2cloud/bin/a2c-healthcheck.cmd exists in your destination
directory.
For example: /u01/tools/oracle_jcs_app2cloud/bin/a2c-healthcheck.sh
D-9
Appendix D
Check the Health on an On-Premises WebLogic Domain
Decide how you want to specify the administrator credentials for the domain. Choose
from one of these options:
• Enter the credentials in the AppToCloud Client user interface.
• Use the AppToCloud Client to store the credentials in a new Oracle Wallet file, or
select credentials in an existing file.
• Use the WebLogic Scripting Tool (WLST) storeUserConfig command to generate
an encrypted file containing the credentials. Provide the locations of this file and
the associated key file.
Any warnings or errors that the Health Check tool detects are written to a log, an
HTML report, and the archive file. The Export tool checks the validation results in the
archive before completing the export of your domain’s configuration.
To check the health of a WebLogic Server domain:
1. Access the host that is running the Administration Server for your domain.
2. Identify the top level directory of your WebLogic Server installation on this
machine. This location is also referred to as ORACLE_HOME.
For example, /u01/app/fmw.
3. Start all servers in the domain if they are not already running.
Refer to the relevant documentation for your version of WebLogic Server. For
example:
• Starting and Stopping Servers in Administering Server Startup and Shutdown
for Oracle WebLogic Server (12.2.1.3)
• Starting and Stopping Servers in Administering Server Startup and Shutdown
for Oracle WebLogic Server (12.2.1.2)
• Starting and Stopping Servers in Managing Server Startup and Shutdown for
Oracle WebLogic Server (10.3.6)
4. Determine the administration URL of the Administration Server: t3://host:port.
For example, t3://myserver.mycompany.com:7001 or t3://192.0.2.10:9001
AppToCloud connects to your domain using the T3 protocol. Do not use HTTP.
5. Launch a terminal.
6. If not already configured on your machine, set the JAVA_HOME environment variable
to the directory where you have installed the Java SE Development Kit (JDK)
version 7 or later.
For example, on Linux:
export JAVA_HOME=/u01/jdk
On Windows:
set JAVA_HOME=c:\u01\jdk
D-10
Appendix D
Check the Health on an On-Premises WebLogic Domain
Note:
Do not run the AppToCloud tools using an older JDK version than the
version being used to run your WebLogic Server domain. In addition, if
your domain is running JDK 6, you must use a separate JDK 7
installation to run the AppToCloud tools.
9. Specify the Oracle Home directory for your WebLogic Server installation. Also
enter an Output Directory for the Health Check.
Optionally use the folder icons to browse your local file system. If the output
directory does not exist it will be created.
10. Enter the Admin URL for your running administration server.
• Password: Enter the Admin User and Admin Password for your domain.
• Wallet: Proceed to the next step.
• Config File: Use WLS Config File and WLS Key File to provide the location
of your WebLogic credential file and corresponding key file.
12. If you selected the Wallet authentication option:
D-11
Appendix D
Check the Health on an On-Premises WebLogic Domain
• Select an existing wallet: Select the folder containing the wallet. Enter a
password if one is required.
• Create a new wallet: Select a folder for your new wallet.
• Create a new encrypted wallet: Select a folder for your new wallet and
then enter a password.
c. Click the user icon next to Admin User Alias.
The Select Credential dialog is displayed.
d. Select an existing credential in the wallet or click New to create a new one.
For a new credential, enter its Alias, User and Password.
Click OK to return to the main Health Check page.
13. Click Run Health Check.
14. Use the Progress, Report and Log tabs to verify that the Health Check
completed successfully.
An example Progress output:
Initializing...
Connecting to domain...
Checking Java configuration...
Checking applications health...
Checking datasource health...
Checking JMS health...
Finished.
Checking componentName
Checking componentName
Done checking Domain Health
D-12
Appendix D
Export an On-Premises WebLogic Domain
Informational Messages:
Any informational messages
Warning Messages:
Any warning messages
Error Messages:
Any error messages
15. If any problems are described in the Report or Log, address these problems and
then click Run Health Check again.
If the AppToCloud Client experiences time-out errors while trying to connect to
your servers, click the Settings icon and modify the WLST Timeout field.
After completing the health check, you are ready to export the domain.
D-13
Appendix D
Export an On-Premises WebLogic Domain
If your source domain contains multiple clusters, the AppToCloud Client will prompt
you to either export all of the clusters or a specific cluster. You can export all clusters
only if your Oracle Cloud account includes Oracle Identity Cloud Service.
Any warnings or errors that the Export tool detects are written to a log, an HTML
report, and the archive file.
To export a WebLogic Server domain:
1. Launch the a2c-client and perform a Health Check if not done previously.
2. Click Go to Export.
The Export page is displayed.
Another way to access the Export page is to click the menu icon in the top left
corner and select Export.
The values of the Oracle Home and Archive File fields are set automatically
based on your previous Health Check parameters. Alternatively, use the Health
Check output, report or log to identify the path and filename of the generated
archive file. For example, /u01/jcs_a2c_output/domain1.zip. Use the folder
icons to browse your local file system.
3. Specify the top level Domain Directory.
For example, /u01/domains/domain1.
4. If you do not want the AppToCloud Client to upload the generated files to Oracle
Cloud, clear the check box Upload to Cloud Storage and skip to step 11.
5. Select Metered Storage if you have a metered subscription to Oracle Cloud
Infrastructure Object Storage Classic. If you have a non-metered subscription,
enter your storage Service Name.
6. Provide the name of a cloud user that has access to Oracle Cloud Infrastructure
Object Storage Classic. Select from these Authentication options:
• Password: Enter your Cloud Storage User and Cloud Storage Password.
• Wallet: Proceed to the next step.
D-14
Appendix D
Export an On-Premises WebLogic Domain
12. If the WebLogic Server domain contains multiple clusters, click Yes to export a
specific cluster, or click No to export all clusters.
If you clicked Yes, then select the cluster to export and click OK.
Note:
You can export all clusters only if your Oracle Cloud account includes
Oracle Identity Cloud Service.
13. Use the Progress, Report and Log tabs to verify that the Export completed
successfully. Also note the name of the generated JSON file.
An example Progress output:
D-15
Appendix D
Export an On-Premises WebLogic Domain
Informational Messages:
Other informational messages
Uploaded override file to Oracle Cloud Storage container containerName
Uploaded archive file to Oracle Cloud Storage container containerName
Warning Messages:
Any warning messages
Error Messages:
Any error messages
14. Address any problems described in the Error Messages section of the Report or
Log. Then click Run Export again.
By default the Export will fail if the previous Health Check resulted in any errors.
Alternatively, click the Settings icon and select the Force AppToCloud Export
check box. However, Oracle strongly recommends that you only export domains
that have successfully passed the Health Check.
The tool will output a warning message if any of the servers in your source domain
include the current directory (.) in its CLASSPATH. If this server has been started by
using the WebLogic Node Manager, the Node Manager adds the current directory
to the server’s CLASSPATH. Therefore you can ignore this warning message if using
the Node Manager.
15. If you did not use the AppToCloud Client to upload the generated files to Oracle
Cloud Infrastructure Object Storage Classic, then manually upload these files as
objects to an existing storage container:
• outputDirectory/domainName.zip
• outputDirectory/domainName.json
See Creating Containers and Creating a Single Object in Using Oracle Cloud
Infrastructure Object Storage Classic.
D-16
Appendix D
Create a Service Instance with AppToCloud
After exporting your domain and uploading the files to a storage container, you are
ready to create an Oracle Java Cloud Service instance.
If the output from the Export includes messages about features that are not yet
implemented, you will need to manually configure these features after creating your
service instance.
D-17
Appendix D
Create a Service Instance with AppToCloud
Field Description
Exported .json File Enter the URL of the JSON file that was uploaded to Oracle Cloud Infrastructure
Object Storage Classic. If you used the Export tool to upload this file to cloud storage,
the Export tool provided this URL in its output.
Format: rest_endpoint_url/containerName/fileName.json
You can also find the REST endpoint URL of the Oracle Cloud Infrastructure Object
Storage Classic service instance in the Oracle Cloud My Services portal. See Finding
the REST Endpoint URL for Your Cloud Account in Using Oracle Cloud Infrastructure
Object Storage Classic.
Example: https://foo.storage.oraclecloud.com/v1/MyService-bar/
MyContainer/mydomain.json
The corresponding AppToCloud ZIP file must be in the same location as the JSON
file in cloud storage.
AppToCloud does not currently support the creation of a service instance from a
JSON file in an Oracle Cloud Infrastructure Object Storage bucket.
Cloud Storage User Enter the user name of the Oracle Cloud Infrastructure Object Storage Classic
Name service user who created the container you specified earlier.
Cloud Storage Password Enter the password of the user you specified in the previous field.
4. Click OK.
5. Complete the Instance page:
Field Description
Instance Name Specify a name for the Oracle Java Cloud Service instance.
The service instance name:
• Must contain one or more characters.
• Must not exceed 30 characters.
• Must start with an ASCII letter: a to z , or A to Z.
• Must contain only ASCII letters or numbers.
• Must not contain a hyphen.
• Must not contain any other special characters.
• Must be unique within the identity domain.
Description (Optional) Enter a short description of the Oracle Java Cloud Service instance.
Notification Email (Optional) Specify an email address where you would like to receive a notification of
any events occurring with the service instance, including whether provisioning has
succeeded or failed.
Region (Available only if your account has regions) Select a region if you want to create the
service instance in a specific region, or if you want to use a custom IP network. You
must also select a region if you intend to assign reserved IP addresses to your
service instance nodes.
A region supports either Oracle Cloud Infrastructure or Oracle Cloud Infrastructure
Classic. For a list of available regions, see Data Regions for Platform and
Infrastructure Services.
The database that you intend to associate with your Oracle Java Cloud Service
instance must be in the same region.
If you select No Preference, Oracle Java Cloud Service will select one of the
available Oracle Cloud Infrastructure Classic regions. However, you will not be able
to use an IP network or reserved IP addresses for your service instance.
D-18
Appendix D
Create a Service Instance with AppToCloud
Field Description
Availability Domain (Available only on Oracle Cloud Infrastructure)
Select an availability domain. A region can have multiple isolated availability domains,
each with separate power and cooling. The availability domains within a region are
interconnected using a low-latency network.
Note that the database that you intend to associate with your Oracle Java Cloud
Service instance can be in a different availability domain within the selected region.
Subnet Select the Oracle Cloud Infrastructure subnet to which the nodes of your instance
must be attached.
This field provides a No Preference option and a list of the available subnets. Each
subnet is shown in the format compartmentName | vcnName | subnetName. A tooltip
lists the compartment name, VCN name, subnet name, and the OCID of the subnet.
• To have the subnet assigned automatically, select No Preference. The subnet
ManagedCompartmentForPaaS | svc-vcn | svc-subnet-... is used for your
instance.
Note: Don't select No Preference if you plan to associate an Oracle Cloud
Infrastructure Database with your service instance.
If you want to configure security rules for your instance, don’t select No
Preference or ManagedCompartmentForPaaS | svc-vcn | svc-subnet-....
Select a subnet in a VCN that you created.
• To assign a subnet explicitly, select a suitable subnet from the available options.
• If none of the available subnets meets your networking requirements, then
cancel the Create Instance wizard. In Oracle Cloud Infrastructure, create the
required VCN and subnets, create policies to allow Oracle Java Cloud Service to
use the VCN, and select the appropriate subnet while creating your instance.
See Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle
Cloud Infrastructure documentation.
Database instances in Oracle Database Cloud Service and Oracle Cloud
Infrastructure Database must be in the same region and virtual cloud network (VCN)
as the Oracle Java Cloud Service instance. The database and service instance do
not need to be in the same subnet. The database and service instance can be on
different VCNs only if you configure VCN peering.
IP Network (Only if a region is selected) (Not available on Oracle Cloud Infrastructure) Select an
IP network if you want to create the service instance in an IP network that you’ve
defined.
By default, each node in your instance is auto-assigned a public and a private IP
address. The IP addresses might change each time the service instance is restarted.
You can reserve and assign fixed public IP addresses.
In order to select an IP network if you have selected Enable Authentication Using
Identity Cloud Service, which automatically configures a managed load balancer,
you must first attach an internet-facing load balancer to the IP network.
This field is not relevant to Oracle Cloud Infrastructure.
Tags (Optional) Select existing tags or add tags to associate with the service instance.
To select existing tags, select one or more check boxes from the list of tags that are
displayed on the pull-down menu.
To create tags, click to display the Create Tags dialog box. In the New Tags
field, enter one or more comma-separated tags that can be a key or a key:value pair.
If you do not assign tags during provisioning, you can create and manage tags after
the service instance is created.
D-19
Appendix D
Create a Service Instance with AppToCloud
Field Description
Bring Your Own License The Bring Your Own License (BYOL) option enables you to bring your on-premises
Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances are billed at a
lower rate than other instances. See Frequently Asked Questions: Oracle BYOL to
PaaS.
You must own a Universal Credits or Government subscription in order to use BYOL.
BYOL is enabled by default. If you deselect this option, your account will be charged
for the new service instance according to your Oracle Java Cloud Service agreement.
Note: Before you scale up or scale out a BYOL instance, you must have enough
WebLogic Server licenses for the additional OCPUs that will be allocated to the
instance after it is scaled.
Software Release Select a WebLogic Server software release for this service instance:
• Oracle WebLogic Server 12c (12.1.3.0)
• Oracle WebLogic Server 12c (12.2.1.2)
• Oracle WebLogic Server 12c (12.2.1.3)
Oracle WebLogic Server 12c (12.2.1.4) is not supported.
The Oracle WebLogic Server 11g software release option is not available. All service
instances created with AppToCloud will be provisioned with Oracle WebLogic Server
12c, even if your source domain was running 11g.
Software Edition Select a WebLogic Server software edition:
• Enterprise Edition
• Enterprise Edition with Coherence
The Standard Edition option is not supported for a service instance created with
AppToCloud.
Metering Frequency This option appears only if you have a traditional metered subscription. If you have a
Universal Credits subscription, this field is absent.
Select a metering frequency to determine how you are billed for this service instance:
• Hourly—Pay only for the number of hours that this service instance was running
during your billing period.
• Monthly—Pay one price for the full month irrespective of the number of hours
that this service instance was running.
For services that are started in the middle of a month, the price will be pro-rated; you
pay only for the partial month from the day the service instance is created.
6. Click Next.
The Instance Details page is displayed.
7. If you want to configure any of the advanced options, including Backup and
Recovery, click Advanced.
You cannot provision a Coherence data tier for service instances created
with AppToCloud.
8. Complete the WebLogic Configuration section of the Instance Details page:
D-20
Appendix D
Create a Service Instance with AppToCloud
Field Description
Compute Shape Select the compute shape to use for all Administration Server and Managed Server nodes.
The compute shape is the number of Oracle Compute Units (OCPUs) and amount of
memory (RAM) that you want to allocate to these nodes. The selected shape is not used
for Coherence or Load Balancer nodes.
The list of available shapes varies depending on whether you selected an Oracle Cloud
Infrastructure Classic or Oracle Cloud Infrastructure region.
(Advanced option) When you create multiple WebLogic clusters, you can assign a different
compute shape for different clusters. This field displays the compute shape of the selected
cluster.
If you purchased a Universal Credits subscription for Oracle Java Cloud Service, you will
pay at the Pay-As-You-Go rate when you exceed your monthly or annual maximum credit.
SSH Public Key Specify the public key that will be used for authentication when connecting to a node in
your instance by using a Secure Shell (SSH) client.
Click Edit to display the SSH Public Key for VM Access dialog, and then specify the public
key using one of the following methods:
• Select Key file name and use your web browser to select a file on your machine that
contains the public key.
• Select Key value and paste the value of the public key into the text area. Be sure the
value does not contain line breaks or end with a line break.
• Select Create a New Key if you want Oracle to generate a public/private key pair for
you. You will be prompted to download these generated keys.
If you choose to create a new key, the generated private key file is in OpenSSH format.
Before connecting to a node in this service instance with the PuTTY SSH client, you must
first convert the key to PuTTY’s proprietary format.
Server Count You can only edit this field if the source domain contains a single cluster.
Select the initial number of Managed Servers that you want to provision in this service
instance. The default value is the number of Managed Servers in the source domain.
Additional choices are: 1, 2, 4.
If you configure more than one Managed Server in the cluster, Oracle recommends that
you also enable the Load Balancer.
You can also perform scaling operations to increase or decrease the cluster size after
provisioning the service instance.
WebLogic Clusters You can only edit this field if the source domain contains multiple clusters and you selected
an Oracle Cloud Infrastructure Classic region.
Configure the initial number of Managed Servers that you want to provision in each cluster.
Select a cluster from the list, and then click Edit cluster. The default value is the number of
Managed Servers in the source domain. Additional choices are: 1, 2, 4. You can also
perform scaling operations to increase or decrease the cluster size after provisioning the
service instance.
You cannot remove existing clusters from the service instance, or add new clusters to the
service instance.
Enable Access to (Advanced option) Select this check box if you want to enable access to the WebLogic
Administration Service Administration Console, Fusion Middleware Control, and Load Balancer Console
Consoles for the service instance. If you do not select this option, these consoles will not be
externally accessible, and also will not appear as choices in the service instance’s menu
.
Alternatively, you can enable access to the administration consoles after creating the
service instance.
If you are creating this service instance in Oracle Cloud Infrastructure, access to the
administration consoles is enabled by default; selecting or deselecting this check box has
no effect.
D-21
Appendix D
Create a Service Instance with AppToCloud
Field Description
Deploy Sample (Advanced option) By default, a sample application, sample-app.war, is deployed
Application automatically to the Managed Servers in your instance. If you do not want to automatically
deploy the sample application, deselect this check box.
Reserved IPs (Not available on Oracle Cloud Infrastructure)
Select reserved IP addresses for the nodes in your cluster, or leave the default value as
Assign Automatically if you want Oracle to automatically assign IP addresses to these
nodes. The number of IP addresses that you select must equal the number of nodes in the
cluster.
This option is displayed only if you selected a specific Region for this service instance.
You create IP reservations by using the Reserved IPs tab in the Oracle Java Cloud
Service Console. If you do not see this tab on the console, click the gear icon next to this
field and follow the instructions to create your first IP reservation. After creating IP
reservations, you need to restart the instance creation wizard.
Field Description
Local Enter your choice of user name for the WebLogic Server administrator. The default is
Administrative User weblogic. This name is used to access the WebLogic Server Administration Console,
Name Fusion Middleware Control, and Load Balancer Console for the service instance.
The name must be between 8 and 128 characters long and cannot contain any of the
following characters:
• Tab
• Brackets
• Parentheses
• These special characters:
– Left angle bracket (<)
– Right angle bracket (>)
– Ampersand (&)
– Pound sign (#)
– Pipe symbol (|)
– Question mark (?)
You can also change the user name through the WebLogic Server Administration Console
after the service instance is provisioned.
D-22
Appendix D
Create a Service Instance with AppToCloud
Field Description
Password Specify a password for the WebLogic Server administrator and confirm the password.
If you selected an Oracle Database Exadata Cloud Service database deployment for
Database Instance Name, this password must start with a letter, be of 8 to 30 characters
in length, and contain at least:
• 1 uppercase character
• 1 lower case character
• 1 digit (0 through 9)
• One of the following special characters: _ (underscore), - (hyphen), or # (pound sign or
hash)
If you did not select an Oracle Database Exadata Cloud Service database deployment,
Oracle still recommends following these password requirements as a best practice.
However, the following basic password criteria are acceptable:
• Starts with a letter
• Is between 8 and 30 characters long
• Contains letters, at least one number, and, optionally, any number of these special
characters:
– Dollar sign ($)
– Pound sign (#)
– Underscore (_)
No other special characters are allowed.
Enable Select this check box if you want WebLogic Server to authenticate application users and
Authentication with administrators against Oracle Identity Cloud Service in addition to the local WebLogic
Oracle Identity Server identity store. This field appears only if your cloud account includes Oracle Identity
Cloud Service Cloud Service.
This check box is automatically selected for you if the source domain contains multiple
clusters, and you cannot change it. (Not available on Oracle Cloud Infrastructure)
10. Complete the Database Configuration section of the Instance Details page:
Field Description
Database Type (Available only on Oracle Cloud Infrastructure)
Select the type of database you want to associate with your service instance:
• Oracle Autonomous Transaction Processing
• Oracle Cloud Infrastructure Database
• Oracle Database Cloud Service (Classic)
Compartment Name (Available only on Oracle Cloud Infrastructure)
Select the compartment where the Oracle Autonomous Transaction Processing database
or Oracle Cloud Infrastructure Database resides.
D-23
Appendix D
Create a Service Instance with AppToCloud
Field Description
Database Instance For Oracle Cloud Infrastructure regions, select an existing database in Oracle Autonomous
Name Transaction Processing, Oracle Cloud Infrastructure Database or Oracle Database Cloud
Service.
• Database instances in Oracle Database Cloud Service and Oracle Cloud Infrastructure
Database must be in the same region and virtual cloud network (VCN) as the Oracle
Java Cloud Service instance. The database and service instance do not need to be in
the same subnet or availability domain. The database and service instance can be on
different VCNs only if you configure VCN peering.
• To use a Bare Metal database in Oracle Cloud Infrastructure Database, you must
create the service instance with the Oracle Java Cloud Service REST API or CLI.
• To use an Oracle Cloud Infrastructure Database running Oracle Database 12.2 or
later, the service instance must be running WebLogic Server 12.2.1 or later.
• For a 1-node virtual machine DB system in Oracle Cloud Infrastructure Database, you
cannot use a database that is created with the fast provisioning option. Oracle Java
Cloud Service does not yet support using Logical Volume Manager as the storage
management software for a 1-node virtual machine DB system.
• To use an Oracle Autonomous Transaction Processing database, the service instance
must be running WebLogic Server 12.2.1.3 or later. You must use an Oracle
Autonomous Transaction Processing database that is created with the serverless
option. Oracle Java Cloud Service does not yet support using a dedicated deployment
autonomous database.
For Oracle Cloud Infrastructure Classic regions, select an existing Oracle Database Cloud
Service or Oracle Database Exadata Cloud Service deployment.
• If you selected an IP Network for this service instance, you must also select an Oracle
Database Cloud Service deployment that is attached to an IP network. If the service
instance and database deployment are attached to different IP networks, the two IP
networks must be connected to the same IP network exchange.
• The Oracle Database Cloud Service deployment must not configured with a Backup
Destination set to None (not applicable to Oracle Database Cloud Service — Virtual
Image deployments).
Note the following additional restrictions for Oracle Database Cloud Service:
• You cannot use an Oracle Database Cloud Service deployment running Oracle
Database 18c as the infrastructure schema database.
• You can use an Oracle Database Cloud Service deployment running Oracle Database
12.2, but only for service instances running Oracle WebLogic Server 12.2.1 or later.
• Create Oracle Database Cloud Service deployments with a backup option other than
NONE. This configuration enables Oracle Java Cloud Service to coordinate backups
across your service instance and the database. Coordinated backups are not
supported for other database services.
PDB Name Select the pluggable database the service instance will connect to.
Note: The PDB value doesn't apply to databases running Oracle Database 11g.
• For Oracle Cloud Infrastructure databases, the PDB name is populated if you selected
the Oracle WebLogic Server 12c software release. If you did not specify a PDB name
when you created the Oracle Cloud Infrastructure database, the default PDB name
populated in this field is <dbName>_pdb1.
• For Oracle Database Cloud Service (Classic) databases, if you don't specify a PDB
name, Oracle Java Cloud Service uses the default Oracle Database 12c PDB name
that was provided when the Oracle Database Cloud Service (Classic) database
deployment was originally created.
D-24
Appendix D
Create a Service Instance with AppToCloud
Field Description
Administrator User Specify the name of the database administrator that Oracle Java Cloud Service will use to
Name connect to the selected database and to provision the required schemas for this service
instance.
This value is set automatically for:
• Oracle Autonomous Transaction Processing database: ADMIN
• Oracle Cloud Infrastructure Database: SYS
For Oracle Database Cloud Service (Classic) database deployments:
• If you selected the software release Oracle WebLogic Server 11g (11.1.1.7), you can
specify the default user SYS or any user that has been granted the DBA role.
• If you selected the software release Oracle WebLogic Server 12c (any version), you
can specify the user SYS or any user that has been granted the SYSDBA privilege.
Password Enter the password for the database administrator.
11. Complete the Backup and Recovery Configuration section of the Instance Details
page:
This section is displayed only if you clicked Advanced.
Field Description
Backup Destination (Advanced option) Select Both Remote and Disk Storage if you want to enable
automated and on-demand backups for this service instance. Backups will be saved to
object storage and to block storage volumes that are attached to the nodes of the instance.
The default value is None, meaning that you cannot use Oracle Java Cloud Service to take
backups of this service instance. You can configure backups on a service instance after
creating it.
This field is not relevant if you selected Oracle Java Cloud Service—Virtual Image.
D-25
Appendix D
Create a Service Instance with AppToCloud
Field Description
Object Storage This field is displayed only if Backup Destination is set to Both Remote and Disk
Container Storage.
Enter the object storage location where backups of the service instance must be stored.
The object storage container field in the instance creation wizard is auto-populated with a
default container URL in the format restEndpointUrl/JaaS, where restEndpointUrl is
the REST endpoint URL of the Oracle Cloud Infrastructure Object Storage Classic service
in the account, and JaaS is the default container name. You can change the container
name.
Note that if the account doesn’t include an Object Storage service entitlement or if the
region selected is an Oracle Cloud Infrastructure region, then the container field is not
autopopulated.
• Oracle Cloud Infrastructure Classic: Enter the URL of a container in Oracle Cloud
Infrastructure Object Storage Classic.
Format: rest_endpoint_url/containerName
You can find the REST endpoint URL of the Oracle Cloud Infrastructure Object
Storage Classic service instance in the Infrastructure Classic Console.
Example: https://acme.storage.oraclecloud.com/v1/MyService-acme/
MyContainer
Note: You can select the Create Object Storage Container check box to have a new
container created automatically.
• Oracle Cloud Infrastructure: Enter the URL of a bucket in Oracle Cloud Infrastructure
Object Storage. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure in
the Oracle Cloud Infrastructure documentation.
Format: https://swiftobjectstorage.region.oraclecloud.com/v1/
namespace/bucket
To find out your namespace, sign in to the Oracle Cloud Infrastructure web console,
click the tenancy name, and look for the Object Storage Namespace field.
Example: https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/
myCompany/myBucket
User Name This field is displayed only if Backup Destination is set to Both Remote and Disk
Storage.
In Oracle Cloud Infrastructure Classic regions only, this field is not displayed if you selected
Enable Authentication Using Identity Cloud Service.
• Oracle Cloud Infrastructure Classic: Enter the user name of the Oracle Cloud
Infrastructure Object Storage Classic service user who created the container you
specified earlier. If the container doesn’t exist, then enter the user name of a service
administrator.
• Oracle Cloud Infrastructure: Enter the user name of the Oracle Cloud Infrastructure
Object Storage user who created the bucket you specified earlier.
Password This field is displayed only if Backup Destination is set to Both Remote and Disk
Storage.
In Oracle Cloud Infrastructure Classic regions only, this field is not displayed if you selected
Enable Authentication Using Identity Cloud Service.
• Oracle Cloud Infrastructure Classic: Enter the password of the user you specified.
• Oracle Cloud Infrastructure: Enter the Auth Token generated in Oracle Cloud
Infrastructure for the user you specified. See Prerequisites for PaaS Services on
Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.
D-26
Appendix D
Create a Service Instance with AppToCloud
Field Description
Create Object This option is displayed only if Backup Destination is set to Both Remote and Disk
Storage Container Storage.
If the Oracle Cloud Infrastructure Object Storage Classic container that you specified
doesn’t exist, or if you aren’t sure whether it exists, then select this check box. If the
container doesn’t exist, it will be created automatically.
This option is not relevant to Oracle Cloud Infrastructure. The specified Oracle Cloud
Infrastructure Object Storage bucket must exist prior to creating a service instance.
12. Complete the Load Balancer section of the Service Details page:
Field Description
Provision Local (Advanced option) Select Yes to provision a load balancer node running Oracle Traffic
Load Balancer Director in this service instance. This user-managed load balancer is configured to
distribute client requests to the Managed Servers in the service instance.
Provisioning a load balancer is recommended if the cluster size is 2 or more. The default
value is No.
If you selected Enable Authentication Using Identity Cloud Service, then you cannot
configure a user-managed load balancer. An Oracle-managed load balancer is provisioned
for you automatically.
You can also add an Oracle Traffic Director load balancer node to a service instance after
creating the service instance.
Load Balancer This option is displayed only if you selected an Oracle Cloud Infrastructure region.
Select the type of load balancer that you want to configure for your service instance:
• Oracle-Managed Load Balancer: A dual-node, Oracle-managed instance of the
Oracle Cloud Infrastructure Load Balancing service, providing active-passive high-
availability. Failover from the active load-balancer node to the other node occurs
automatically.
You can't customize the default listeners, certificates, and so on for an Oracle Cloud
Infrastructure Load Balancing instance that is provisioned by Oracle Java Cloud
Service. If you need the ability to configure Oracle Cloud Infrastructure Load
Balancing, then you must create the load balancer manually. See Set Up an Oracle
Cloud Infrastructure Load Balancer.
• Oracle Traffic Director: One or two Oracle Traffic Director nodes within your service
instance.
The dual-node configuration is in active-active mode, but failover to the second node is
not automatic.
• None: No load balancer will be configured for this instance.
Provisioning a load balancer is recommended if the cluster size is 2 or more. The default
value is None.
If you selected Enable Authentication Using Identity Cloud Service, then you cannot
configure a user-managed load balancer. You must select Oracle-Managed Load
Balancer.
If you select Oracle Traffic Director and configure one Oracle Traffic Director node, you
can also add a second Oracle Traffic Director node to a service instance after creating the
service instance. If you configured two Oracle Traffic Director nodes during provisioning,
you cannot add another Oracle Traffic Director node.
If you select None, then you can add an Oracle Traffic Director load balancer after creating
the service instance.
D-27
Appendix D
Create a Service Instance with AppToCloud
Field Description
Compute Shape This option is displayed only if Provision Local Load Balancer is set to Yes or Load
Balancer is set to Oracle Traffic Director.
Select the compute shape to use for all the load balancer nodes in the service instance.
The compute shape is the number of Oracle Compute Units (OCPUs) and amount of
memory (RAM) that you want to allocate to these nodes.
The list of available shapes varies depending on whether you selected an Oracle Cloud
Infrastructure Classic or Oracle Cloud Infrastructure region.
You are billed for Oracle Traffic Director nodes at the same price that you are billed for
Oracle WebLogic Server nodes in your Oracle Java Cloud Service subscription.
Add Another Active This option is displayed only if Provision Local Load Balancer is set to Yes or Load
OTD Node Balancer is set to Oracle Traffic Director.
Select this check box to provision a second load balancer node running Oracle Traffic
Director (OTD) in this service instance. Both load balancer nodes route traffic to the cluster
of WebLogic Managed Servers.
You can also add a second load balancer node to a service instance after creating the
service instance.
Reserved IPs Select reserved IP addresses for the load balancer nodes in your cluster, or leave the
default value as Assign Automatically if you want Oracle to automatically assign IP
addresses to these nodes. The number of IP addresses that you select must equal the
number of load balancer nodes in the service instance.
This option is displayed only if these conditions are true:
• You selected a specific Oracle Cloud Infrastructure Classic Region for this service
instance.
• Provision Local Load Balancer is set to Yes
You create IP reservations by using the Reserved IPs tab in the Oracle Java Cloud
Service Console. If you do not see this tab on the console, click the gear icon next to this
field and follow the instructions to create your first IP reservation. After creating IP
reservations, you need to restart the instance creation wizard.
Load Balancing This option is displayed if you selected Enable Authentication Using Identity Cloud
Policy Service or Provision Local Load Balancer.
If you selected Provision Local Load Balancer, choose one of the following policies:
• Least Connection Count (default)—Passes each new request to the Managed Server
with the least number of connections. This policy is useful for smoothing distribution
when a Managed Server receives more requests than it can handle efficiently.
• Least Response Time—Passes each new request to the Managed Server with the
fastest response time.
• Round Robin—Evenly distributes requests across all Managed Servers, regardless of
the number of connections or response times.
If you selected Enable Authentication Using Identity Cloud Service, choose one of the
following policies:
• Round Robin— (default) Same as above.
• IP Hash—The IP Hash policy uses an incoming request's source IP address as a
hashing key to route traffic to the same backend server. The load balancer routes
requests from the same client to the same backend server as long as that server is
available.
• Least Connection Count—Same as above.
You can also use the Load Balancer console to modify this policy after creating the service
instance.
The Additional Details page is displayed if your source domain contains resources
that may require additional configuration. Otherwise skip to step 18.
D-28
Appendix D
Create a Service Instance with AppToCloud
14. Expand Application Data Source and select the first data source. Update the
data source’s configuration:
Field Description
DataSource Name The name of the data source you selected. This field is read-only.
Source DataSource Type The type of this data source in the original source domain (Generic, Multi, or
GridLink). This field is read-only.
DBCS Instance Select an existing Oracle Database Cloud Service database deployment. Oracle Java
Cloud Service will configure the selected data source to connect to this database
deployment.
You cannot select databases in other services such as Oracle Autonomous
Transaction Processing, Oracle Cloud Infrastructure Database, or Oracle Database
Exadata Cloud Service. However, after creating the service instance, you can
manually update the generated data sources and configure them to use any
database.
Target DataSource Type The type of this data source (Generic, Multi, or GridLink) that will be configured in the
service instance. This field may be read-only or a select box, depending on the
Software Edition you chose for this service instance, and whether or not you
selected a RAC-enabled database deployment in DBCS Instance:
• If the database deployment does not use Oracle RAC, the type must be Generic.
• If the database deployment uses Oracle RAC and the service instance is running
Enterprise Edition, the type must be Multi.
• If the database deployment uses Oracle RAC and the service instance is running
Enterprise Edition with Coherence, the type can either be Multi or GridLink.
Username Enter the name of a valid user in the selected Oracle Database Cloud Service
database deployment. This data source will connect to the database as this user.
Password Enter the database user’s password.
PDB Enter the name of the pluggable database for Oracle Database 12c. If not specified,
the PDB name provided when the Database Cloud Service database deployment was
created will be used.
This value does not apply to Database Cloud Service database deployments running
Oracle Database 11g.
15. Click OK to accept your changes or click Disable to remove this data source from
the service instance. Repeat the previous step for each additional data source in
the Application Data Source list.
A check mark icon indicates a data source that you have already configured.
16. Update the configuration for any other resources found on the Additional Details
page:
• Configure a Foreign JNDI Provider
• Configure a Java Mail Session
• Configure a Foreign JMS Server
• Configure a Remote SAF Context
• Configure a JMS Messaging Bridge Destination
• Disable a JMS Messaging Bridge
17. Click Next.
D-29
Appendix D
Create a Service Instance with AppToCloud
If you need to change the service instance details, use the navigation bar or Back
button at the top of the wizard to step back through the pages in the wizard.
Similarly, if you disabled a resource on the Additional Details page and now want
to include it in the service instance, select the resource and click Enable.
Click Cancel to cancel out of the wizard without creating a new service instance.
You can also review the log messages that were generated by the AppToCloud
Export tool for the source domain. Expand Export/Activity Log Messages.
19. Expand the Instance Create or Delete History section of the page, and then click
the service instance name or Details.
20. Monitor the progress and status of the creation of your service instance.
After your service instance is provisioned and is running, you are ready to import the
AppToCloud artifacts into the service instance.
Note:
The AppToCloud import operation can only be performed on a new and
unmodified service instance. Do not perform any scaling operations, modify
the domain configuration or otherwise change the service instance prior to
completing the import operation.
D-30
Appendix D
Create a Service Instance with AppToCloud
Field Description
Resource Name The name of the foreign JNDI provider you selected. This field is
read-only.
JCS Instance Choose one of these options:
• Select another Oracle Java Cloud Service instance to which
this domain will connect for this foreign JNDI provider.
• Select User Provided URL.
Provider URL Enter the URL that the domain will use to connect to this foreign
JNDI provider.
This field is only applicable if you choose User Provided URL.
Cluster Select a cluster within the target Oracle Java Cloud Service
instance.
This field is not shown if you choose User Provided URL.
Server Choose one of these options:
• Select All Servers in Cluster.
• Select a specific server within the target Oracle Java Cloud
Service instance.
This field is not shown if you choose User Provided URL.
Protocol The default protocol that is used for communication between
multiple WebLogic Server domains is t3. If a different protocol is
required, enter it here.
This field is not shown if you choose User Provided URL.
Username Enter the name of a user that is authorized to access this foreign
JNDI provider, if one is required.
Password Enter the JNDI user’s password, if a username is required.
Bypass Precheck By default, Oracle Java Cloud Service will validate the connection
to this provider and continue with the AppToCloud import operation
only if it succeeds. Select this check box to skip the validation of
this provider.
5. Click OK to accept your changes. Repeat these steps for each additional foreign
JNDI provider in the Foreign JNDI Provider list.
A check mark icon indicates a provider that you have already configured.
6. Continue with the creation of this service instance.
D-31
Appendix D
Create a Service Instance with AppToCloud
1. From the Additional Service Details page of the AppToCloud instance creation
wizard, expand Java Mail Session.
2. Select the name of the mail session.
3. Click Disable if you want to remove this mail session from the service instance.
Otherwise continue to the next step.
4. Update the configuration for this mail session:
Field Description
Mail Session Name The name of the mail session you selected. This field is read-only.
Protocol Enter the protocol, host name, port and credentials (if required) of
Host the mail server:
Port • For sending messages (Send)
Username • For receiving messages (Receive)
Password • To be used by default for both sending or receiving messages
(Default)
If a Host is not configured in either the Send or Receive sections,
you must configure a Default host.
Bypass Precheck By default, Oracle Java Cloud Service will validate the connection
to this mail server and continue with the AppToCloud import
operation only if it succeeds. Select this check box to skip the
validation of this provider.
Note:
You can also directly update the standard Java Mail properties found in
the Optional Properties text area.
5. Click OK to accept your changes. Repeat these steps for each additional mail
session in the Java Mail Session list.
A check mark icon indicates a resource that you have already configured.
6. Continue with the creation of this service instance.
D-32
Appendix D
Create a Service Instance with AppToCloud
• Enter the URL of the remote JNDI provider. If this is the location of another Oracle
Java Cloud Service instance, you must also enable network communication
between this service instance and your new one.
To configure a foreign JMS server:
1. From the Additional Service Details page of the AppToCloud instance creation
wizard, expand JMS Module.
2. Expand the JMS module containing the foreign JMS server.
3. Expand Foreign Server and select the name of the foreign JMS server.
4. Click Disable if you want to remove this foreign JMS server from the service
instance. Otherwise continue to the next step.
5. Update the configuration for this foreign JMS server:
Field Description
Name The name of the foreign server you selected. This field is read-only.
JCS Instance Choose one of these options:
• Select another Oracle Java Cloud Service instance to which
this domain will connect for this foreign JMS server.
• Select User Provided URL.
JNDI Connection Enter the URL that the domain will use to connect to this foreign
URL server.
This field is only applicable if you choose User Provided URL.
Cluster Select a cluster within the target Oracle Java Cloud Service
instance.
This field is not shown if you choose User Provided URL.
Server Choose one of these options:
• Select All Servers in Cluster.
• Select a specific server within the target Oracle Java Cloud
Service instance.
This field is not shown if you choose User Provided URL.
Protocol The default protocol that is used for communication between
multiple WebLogic Server domains is t3. If a different protocol is
required, enter it here.
This field is not shown if you choose User Provided URL.
Username Enter the name of a user that is authorized to access this foreign
server, if one is required.
Password Enter the JNDI user’s password, if a username is required.
Bypass Precheck By default, Oracle Java Cloud Service will validate the connection
to this foreign server and continue with the AppToCloud import
operation only if it succeeds. Select this check box to skip the
validation of this resource.
6. Click OK to accept your changes. Repeat these steps for each additional foreign
server on this page.
A check mark icon indicates a resource that you have already configured.
7. Continue with the creation of this service instance.
For more information on foreign JMS servers, refer to one of the following topics:
D-33
Appendix D
Create a Service Instance with AppToCloud
Field Description
Name The name of the remote SAF context you selected. This field is
read-only.
JCS Instance Choose one of these options:
• Select another Oracle Java Cloud Service instance to which
this domain will connect for this remote SAF context.
• Select User Provided URL.
URL Enter the URL that this domain will use to connect to the remote
server or cluster.
This field is only applicable if you choose User Provided URL.
D-34
Appendix D
Create a Service Instance with AppToCloud
Field Description
Cluster Select a cluster within the target Oracle Java Cloud Service
instance.
This field is not shown if you choose User Provided URL.
Server Choose one of these options:
• Select All Servers in Cluster.
• Select a specific server within the target Oracle Java Cloud
Service instance.
This field is not shown if you choose User Provided URL.
Protocol The default protocol that is used for communication between
multiple WebLogic Server domains is t3. If a different protocol is
required, enter it here.
This field is not shown if you choose User Provided URL.
Username Enter the name of a user that is authorized to access JMS
destinations on this remote server, if one is required.
Password Enter the user’s password, if a username is required.
Bypass Precheck By default, Oracle Java Cloud Service will validate the connection
to this remote server and continue with the AppToCloud import
operation only if it succeeds. Select this check box to skip the
validation of this resource.
6. Click OK to accept your changes. Repeat these steps for each additional remote
SAF context on this page.
A check mark icon indicates a resource that you have already configured.
7. Continue with the creation of this service instance.
For more information on SAF, refer to one of the following topics:
• Understanding the Store-and-Forward Service in Administering the Store-and-
Forward Service for Oracle WebLogic Server (12.2.1.3)
• Understanding the Store-and-Forward Service in Administering the Store-and-
Forward Service for Oracle WebLogic Server (12.2.1.2)
• Understanding the Store-and-Forward Service in Administering the Store-and-
Forward Service for Oracle WebLogic Server (12.1.3)
• Understanding the Store-and-Forward Service in Configuring and Managing Store-
and-Forward for Oracle WebLogic Server (11.1.1.7)
D-35
Appendix D
Create a Service Instance with AppToCloud
Field Description
Name The name of the bridge destination you selected. This field is read-
only.
JCS Instance Choose one of these options:
• Select another Oracle Java Cloud Service instance to which
this domain will connect for this bridge destination.
• Select User Provided URL.
JNDI Connection Enter the URL that this bridge destination will use to connect to the
URL JMS destination.
This field is only applicable if you choose User Provided URL.
Cluster Select a cluster within the target Oracle Java Cloud Service
instance.
This field is not shown if you choose User Provided URL.
Server Choose one of these options:
• Select All Servers in Cluster.
• Select a specific server within the target Oracle Java Cloud
Service instance.
This field is not shown if you choose User Provided URL.
Protocol The default protocol that is used for communication between
multiple WebLogic Server domains is t3. If a different protocol is
required, enter it here.
This field is not shown if you choose User Provided URL.
Username Enter the name of a user that is authorized to access the JMS
destination at this URL, if one is required.
Password Enter the user’s password, if a username is required.
Bypass Precheck By default, Oracle Java Cloud Service will validate the connection
to this URL and continue with the AppToCloud import operation
only if it succeeds. Select this check box to skip the validation of
this resource.
3. Click OK to accept your changes. Repeat these steps for each additional bridge
destination on this page.
A check mark icon indicates a resource that you have already configured.
4. Continue with the creation of this service instance.
For more information on the Messaging Bridge, refer to one of the following topics:
D-36
Appendix D
Import Applications into a Service Instance
D-37
Appendix D
Recreate On-Premises Domain Resources
After creating an AppToCloud service instance in Oracle Java Cloud Service, perform
an import to automatically update the service instance with the applications and other
domain resources collected from your on-premises environment.
Note:
It is strongly recommended that you back up your service instance prior to
performing an import. If the import fails, you will be able to restore the service
instance to a known working state.
2. Locate the AppToCloud service instance that you created previously. Click the
Menu icon adjacent to the service instance name and select AppToCloud Import.
3. When prompted for confirmation, click OK.
4. Click the Activity tab.
5. Monitor the progress of the import operation.
6. If the import process fails, you can try running it again:
a. Return to the Services tab.
b. Click the Menu icon adjacent to the service instance name and select Retry
AppToCloud Import.
The Service Details page is displayed.
c. Click the Show Error Details link for more information on the cause of the
failure.
d. If there was a problem validating a specific domain resource during the
precheck phase, the offending resource will be highlighted (an Application
Data Source, for example). Select this resource and either modify its
configuration or choose the Bypass Precheck option.
e. Click Submit.
After a successful import, the applications and other domain resources found in your
source domain are deployed to your service instance. You can verify these changes
by using one of the administration consoles.
If the output of the Export tool listed any features in your source domain that are not
yet implemented in AppToCloud, you can manually configure these features in your
service instance.
D-38
Appendix D
Recreate On-Premises Domain Resources
which cannot be automatically provisioned when you create a service instance. The
features that are not yet implemented by AppToCloud include:
• Custom users, groups, roles and policies in the security realm
• Keystores
• Coherence clusters
• Custom WebLogic Diagnostics Framework (WLDF) modules and policies
To recreate domain resources in a new service instance:
1. Use the activity log file or report file generated by the Export tool to identify
features that you must configure manually:
3. Click Manage this instance for the desired service instance and select Open
WebLogic Server Administration Console.
4. When the console login page appears, enter the WebLogic Server username and
password you provided when you created the service instance.
5. Recreate any custom users, groups, roles and policies in the security realm.
Refer to one of the following topics:
• Users, Groups, and Security Roles in Securing Resources Using Roles and
Policies for Oracle WebLogic Server (12.2.1.3)
• Users, Groups, and Security Roles in Securing Resources Using Roles and
Policies for Oracle WebLogic Server (12.2.1.2)
• Users, Groups, and Security Roles in Securing Resources Using Roles and
Policies for Oracle WebLogic Server (12.1.3)
6. Reconfigure any keystores.
Refer to one of the following topics:
• Configuring Keystores in Administering Security for Oracle WebLogic Server
(12.2.1.3)
• Configuring Keystores in Administering Security for Oracle WebLogic Server
(12.2.1.2)
• Configuring Keystores in Administering Security for Oracle WebLogic Server
(12.1.3)
Caution:
Do not create or modify keystore files in MW_HOME. Any changes you
make to this location may be lost when you perform management
operations on your Oracle Java Cloud Service instance like applying a
patch.
D-39
Appendix D
AppToCloud Command Reference
Prior to using any of the AppToCloud tools, set the JAVA_HOME environment variable to
the directory where you have installed the Java SE Development Kit (JDK).
Do not run the AppToCloud tools using an older JDK version than the version being
used to run your WebLogic Server domain. In addition, if your domain is running JDK
6, you must use a separate JDK 7 installation to run the AppToCloud tools.
Depending on the options you specify, the AppToCloud tools may prompt you for
various credentials (user names and passwords). When prompted, you can either
enter the values for these credentials interactively or pipe them into the standard input
stream. For example: echo "password" | a2c-healthcheck.sh. However, Oracle
does not recommend saving or displaying passwords in plain text.
Topics
• Client
• Health Check
D-40
Appendix D
AppToCloud Command Reference
• Export
• Wallet Manager
Client
a2c-client[.sh | .cmd]
By default, the log file for this tool is located in your AppToCloud tools installation at
logs/jcsa2c-client.log. If this location is not writable, the tool will attempt to write
the log file to either the current directory or the temporary directory for this user.
Health Check
Usage:
Example:
D-41
Appendix D
AppToCloud Command Reference
Option Description
oracle-home Top-level installation directory where WebLogic Server
is installed. If not set, the value of the ORACLE_HOME
environment variable is used by default.
admin-url URL to connect to the domain’s Administration Server;
for example, t3://myserver.example.com:7001
output-dir The directory to which the output files should be written;
this directory will be created if it does not already exist
timeout-millis The number of milliseconds WebLogic Scripting Tool
(WLST) online commands should wait before timing out.
admin-user (Optional) User with administrative rights to the domain. The tool
will prompt you for the password.
config-file and key-file (Optional) File containing the encrypted credentials for a user with
administrative rights to the domain, along with a file
containing the encryption key
Use the WLST storeUserConfig command to
generate this file
wallet-dir and wallet-alias (Optional) The location of an existing Oracle Wallet file and the
alias for credentials in this wallet that have
administrative rights to the domain. The tool will prompt
you for the wallet’s password, if it requires one.
If you specify both wallet-dir and admin-user,
admin-user is ignored. If you specify both wallet-dir
and config-file, config-file is ignored.
By default, the log file for this tool is located in your AppToCloud tools installation at
logs/jcsa2c-healthcheck.log. If this location is not writable, the tool will attempt to
write the log file to either the current directory or the temporary directory for this user.
Export
D-42
Appendix D
AppToCloud Command Reference
Usage:
Example:
Option Description
oracle-home Top-level installation directory where WebLogic Server
is installed. If not set, the value of the ORACLE_HOME
environment variable is used by default.
domain-dir The directory containing the domain to be exported
archive-file The archive file produced by the Health Check tool
cluster-name (Optional) If the domain contains multiple clusters, specify the
name of an existing cluster to export.
new-cluster-name (Optional) If the domain does not contain any clusters, specify the
name of a new cluster to add to the exported
configuration.
storage-container (Optional) The name of an existing storage container in Oracle
Cloud Infrastructure Object Storage Classic to which to
upload the generated AppToCloud artifacts
• For metered storage subscriptions, use the format
Storage-identitydomain/containername
• For non-metered storage subscriptions, use the
format storageservicename-identitydomain/
containername
storage-user (Optional) A cloud user that can access your Oracle Cloud
Infrastructure Object Storage Classic container. This
user is typically the same as those you use to log in to
the My Services dashboard.
The tool will prompt you for the password.
wallet-dir and wallet-alias (Optional) The location of an existing Oracle Wallet file and the
alias for credentials in this wallet that have access to
yourOracle Cloud Infrastructure Object Storage Classic
container.
The tool will prompt you for the wallet’s password, if it
requires one.
If you specify both wallet-dir and storage-user,
storage-user is ignored.
The -force option will attempt a domain export even if the previous health check
found errors. It is intended only for expert users.
D-43
Appendix D
AppToCloud Command Reference
If the -exportSingleCluster option is used and the source domain contains multiple
clusters, the user is prompted to enter the name of the cluster to export. Alternatively,
you can specify the cluster name with -clusterToExport.
By default, the log file for this tool is located in your AppToCloud tools installation at
logs/jcsa2c-export.log. If this location is not writable, the tool will attempt to write
the log file to either the current directory or the temporary directory for this user.
Wallet Manager
Example:
D-44
Appendix D
AppToCloud Command Reference
Option Description
dir-name Directory in which to create a new wallet or the location
of an existing wallet to edit
walletAutoLogin (Optional) Create a wallet that does not require a password to
access or edit it.
If not set, Wallet Manager prompts you for a password.
After starting a Wallet Manager session, you can issue one or more commands:
Command Description
a Add a new credential to this wallet. Each credential has
an alias, user name and password.
l List the alias and user name for each credential in this
wallet
r Remove an existing credential, given its alias.
u Update the user name and password of an existing
credential
q Quit Wallet Manager
By default, the log file for this tool is located in your AppToCloud tools installation at
logs/jcsa2c-wallet-manager.log. If this location is not writable, the tool will attempt
to write the log file to either the current directory or the temporary directory for this
user.
D-45