Oracle Cloud - Create WebLogic instance with database service or ATP database from marketplace image
In this post, I am going to present, how to provision very easy and fast a Weblogic Application Server - FMW infrastructure with enabled JRF template and fully operational domain ready for ADF Application.
Oracle provides a very easy process for WebLogic installation by using a predefined image that is ready for cloud deployment and simple integration with all surrounding services in the cloud.
If you following the below steps you will see how simple is to bring up, for example, WebLogic with ATP database or Database as a Service with that internal development and predefined integration in the image it will make the process for deployment seamless
I will share a lot of tips and tricks and some of the process for debugging and testing in case of troubles
First, prior to any actions, you need to have Oracle account as Oracle Cloud free tier
Please read the following documentation in order to have a good understanding of what and how
https://docs.oracle.com/en/cloud/paas/weblogic-cloud/tutorial-create-jrf-domain-atp/
Using Oracle WebLogic Cloud with ATP database
What kind of policy should be added
---
Oracle Cloud Free Tier
Oracle Cloud with Create WebLogic instance from the marketplace
Configure WebLogic Instance Parameters
Specify the parameters needed to configure the WebLogic instance domain.
In the WebLogic Server Instance section, enter the resource name prefix.
The maximum character length is 8.This prefix is used by all the created resources.Select the WebLogic Server shape for the compute instances.
Only the following shapes are supported:VM.Standard2.x
,VM.Standard.E2.x
,BM.Standard2.x
,BM.Standard.E2.x
- Enter the SSH public key.
- Select the availability domain where you want to create the domain.
Select the number of managed servers you want to create. You can specify up to
4
if you're using WebLogic Server 11g Standard Edition. For all other editions and versions, you can specify up to8
nodes.The managed servers will be members of a cluster, unless you selected WebLogic Server Standard Edition.- Enter a user name for the WebLogic Server administrator.
- Enter an encrypted password for the WebLogic Server administrator. The password must be encrypted. See Create an Encryption Key.
Database System. Then select or enter the following:
- The compartment in which you've created the database.
- The VCN on which you've created the database. If this VCN is different than the WebLogic Server VCN, they cannot have overlapping CIDRs. For example, you cannot create a domain on VCN
10.0.0.0/16
that uses a database on VCN10.0.0.1/24
. - The DB system to use for this WebLogic domain.
- The database home within the selected DB system.
- The database home version.
- The database within the selected DB system where you want to create the JRF schemas for this domain.
- The Pluggable database (PDB) name, only if the selected database is running Oracle Database 12c or later.
- The name of a database user with database administrator (DBA) privileges, and the encrypted password for that database administrator.
- The database listen port (1521 by default)
You need to configure preliminary port access as described in the below two steps in order to give access from Weblogic to the database.
Also keep in mind that you may neeed to add more ports based on the configuration of MS servers, Console ports etc.
Vault should be created like this:
You need to Vault in order to be able to encrypt and decrypt keys via special endpoint service which is required during Stuck creation
Posible errors if you dont have correct policy setup on compartment of tenant:
<Jan 27, 2020 08:06:05 PM GMT> <ERROR> <oci_api_utils> <(host:TEST-wls-0.sub01270543829.vcnnew.oraclevcn.com) - <WLSC-VM-ERROR-0051> : Unable to get decrypt credential [HTTPSConnectionPool(host='auth.eu-frankfurt-1.oraclecloud.com', port=443): Max retries exceeded with url: /v1/x509 (Caused by ConnectTimeoutError(<oci._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f0d6ff681d0>, 'Connection to auth.eu-frankfurt-1.oraclecloud.com timed out. (connect timeout=10)'))]> <Jan 27, 2020 08:06:05 PM GMT> <ERROR> <wls_credentials.py> <(host:wls-0.sub01270543829.vcnnew.oraclevcn.com) - <WLSC-VM-ERROR-0119> : Failed to get attribute [cred1]: [Unable to get decrypt credential]> <Jan 27, 2020 08:06:06 PM GMT> <INFO> <terraform_init.sh> <(host:wls-0.sub01270543829.vcnnew.oraclevcn.com) - <WLSC-VM-INFO-0300> : Executing create domain script [12.2.1.3] on the admin vm> <Jan 27, 2020 08:06:06 PM GMT> <INFO> <db.py> <(host:TEST-wls-0.sub01270543829.vcnnew.oraclevcn.com) - <WLSC-VM-INFO-0141> : Generated DB connect string: [//TESTdb-scan.sub01270543829.vcnnew.oraclevcn.com:1521/TESTPDB.sub01270543829.vcnnew.oraclevcn.com]> <Jan 27, 2020 08:07:09 PM GMT> <ERROR> <oci_api_utils> <(host:TEST-wls-0.sub01270543829.vcnnew.oraclevcn.com) - <WLSC-VM-ERROR-0051> : Unable to get decrypt credential [HTTPSConnectionPool(host='auth.eu-frankfurt-1.oraclecloud.com', port=443): Max retries exceeded with url: /v1/x509 (Caused by ConnectTimeoutError(<oci._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fdfab0a0290>, 'Connection to auth.eu-frankfurt-1.oraclecloud.com timed out. (connect timeout=10)'))]> |
Prior any action password for weblogic admin user should be encoded with base64
This is one of the way to encode
e.g.
[weblogic@host ~]$ echo -n 'OraCOOL1234_1234_'| base64
T3JhQ09PTDEyMzRfMTIzNF8=
This is important but you have to remember that you need to pass encripted value.. here you can see what ill happns if you add plain text password
[weblogic@host ~]$ oci kms crypto encrypt --key-id ocid1.key.oc1.eu-frankfurt-1.bfpcyukqaacmg.gjghghgjhjjgkjgfkdlddfgkhhlj --endpoint https://kjggkglhkhkl-crypto.kms.eu-frankfurt-1.oraclecloud.com --plaintext OraCOOL1234_1234_
ServiceError:
{
"code": "InvalidParameter",
"message": "The plaintext must be a valid base64 encoded string.",
"opc-request-id": "B7C8F2A3DC0C402ABF956F0A69990ED2",
"status": 400
}
The above test validate that enpoint cannot work with plain text password :)
The correct way to trigger encrypt to the endpoint is following:
[weblogic@host ~]$ oci kms crypto encrypt --key-id ocid1.key.oc1.eu-frankfurt-1.bfpcyukqaacmg.gjghghgjhjjgkjgfkdlddfgkhhlj --endpoint https://kjggkglhkhkl-crypto.kms.eu-frankfurt-1.oraclecloud.com --plaintext T3JhQ09PTDEyMzRfMTIzNF8=
{
"data": {
"ciphertext": "lhlhlLkhKHl+Kgkgankafg/zBdU0013TMUlFXZDJPjCuh/AAAAAA=="
}
}
I will user following user/password for the WebLogic
WL-user : weblogictest
Password: lhlhlLkhKHl+Kgkgankafg/zBdU0013TMUlFXZDJPjCuh/AAAAAA==
Now we can validate decrypt process
[weblogic@host ~]$ oci kms crypto decrypt --key-id ocid1.key.oc1.eu-frankfurt-1.bfpcyukqaacmg.gjghghgjhjjgkjgfkdlddfgkhhlj --endpoint https://kjggkglhkhkl-crypto.kms.eu-frankfurt-1.oraclecloud.com --ciphertext lhlhlLkhKHl+Kgkgankafg/zBdU0013TMUlFXZDJPjCuh/AAAAAA==
{
"data": {
"plaintext": "T3JhQ09PTDEyMzRfMTIzNF8=",
"plaintext-checksum": "783888468"
}
}
if you have pass of the above process, this mean that all should work :)
*******
Enter the KMS encrypted password in creation wizard not the textual password
*******
Here you can see full process of Marketplace image deployment:
After a few minutes WebLogic instance will be ready and you can connect with ssh to check process for provisaning
Discovered Limitation Until Now:
Cannot change the name of the domain, the only option is to add prefix
Root access is not possible
Cannot change the path for Weblogic installation
....