Before You Begin
Purpose
This tutorial shows you how you can use an orchestration to create multiple Compute Classic instances using Oracle-provided Oracle Linux images. You'll also use this orchestration to associate the required networking and storage resources with your instances.
An orchestration is a collection of attributes of various Compute Classic objects (instances, storage volumes, security lists, and so on) defined in a JSON-formatted file. After you create an orchestration and upload it to Compute Classic, you can use it to create, delete, and re-create all the resources defined in the orchestration at any time with a single step. When you create an instance from the Compute Classic web console by using the Create Instance wizard, the required orchestrations are created automatically for you. However, by creating your own orchestrations, you can create multiple instances and associated resources and manage all the objects through a single orchestration.
In this tutorial, you'll provision two instances using an Oracle-provided Oracle Linux image and boot your instances from persistent storage volumes. You'll add each instance to an IP network as well as to the shared network. After you’ve created your instances, you’ll also set up a security rule on the shared network, to enable HTTP access to your instances on port 80.
Note: When you add instances to IP networks, you must configure your network by creating IP network exchanges, security rules, and access control lists to ensure access to instances that have interfaces on the IP networks. However, configuring IP networks is beyond the scope of this tutorial. This tutorial only explains how to add instances to IP networks and vNICs to vNICsets while creating instances.
Time to Complete
One hour
What Do You Need?
-
To perform the steps in this tutorial, you must have a subscription to Compute Classic. You must be a user with the
Compute_Operations
roles. See How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic. -
One of the following tools for generating SSH key pairs:
-
On Windows: PuTTY (http://www.putty.org)
-
On UNIX or UNIX-like machines: The
ssh-keygen
utility. Many UNIX and UNIX-like installations already includessh-keygen
. To see if you have it, run thessh-keygen
command. If it isn't available, then obtain OpenSSH from http://www.openssh.com/portable.html.
-
Process Overview
To create a Compute Classic instance and set up HTTP access to the instance, you must:
- Generate one or more SSH key pairs on your local system.
- Upload the SSH public keys to Compute Classic.
- Reserve public IP addresses to use in the shared network.
- Create a security list to group your instances.
- Create a security rule to enable SSH access to the security list containing your instances.
- (Optional) Reserve public IP addresses to use in IP networks.
- (Optional) Create IP networks.
- (Optional) Create vNICsets.
- Create storage volumes to boot your instances from and, optionally, to store your data and applications.
- Build an orchestration file that defines your instances, add each instance to an IP network, associate a public IP addresses with each instance, configure the instances for SSH access, and attach the storage volumes you created (if any).
- Upload your orchestration to Compute Classic and start it.
- (Optional) Configure your instances for HTTP access.
- Log in to your instances using
ssh
. - If you attached storage volumes to your instance, mount those storage volumes on your instance.
In this tutorial, you'll create the required IP reservations, security lists, security rules, IP networks, and storage volumes using the Compute Classic web console. However, you can also create these objects using orchestrations. You can use the sample orchestrations in the attached zip file as a starting point to create objects using orchestrations. Edit these sample orchestrations to replace the example object names with the appropriate values. After you've created your orchestrations, upload them to Compute Classic and start them to create the required objects.
Generating an SSH Key Pair
When you create your Compute Classic instance, you must provide an SSH public key that will be used for authentication when you log in to the instance. Generate your SSH key pair and upload the SSH public key to Compute Classic before you start to create your instance.
Generating an SSH Key Pair on UNIX or UNIX-Like Systems Using ssh-keygen
-
Run the
ssh-keygen
command.ssh-keygen -b 2048 -t rsa
-
The command prompts you to enter the path to the file in which you want to save the key. A default path and file name are suggested in parentheses. For example:
/home/user_name/.ssh/id_rsa.
To accept the default path and file name, press Enter.
Otherwise, enter the required path and file name, and then press Enter.
-
The command prompts you for a passphrase. Enter a passphrase.
Note that the passphrase isn't displayed when you type it in. Remember the passphrase. If you forget the passphrase, you can't recover it.
-
When prompted, enter the passphrase again to confirm it.
-
Make a note of the path where you've saved the SSH key pair. When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding private key and enter the passphrase when prompted.
The command generates an SSH key pair
consisting of a public key and a private key,
and saves them in the specified path. The file
name of the public key is created
automatically by appending .pub
to the name of the private key file. For
example, if the file name of the SSH private
key is id_rsa
, then the file
name of the public key would be id_rsa.pub.
Generating an SSH Key Pair On Windows Using the PuTTY Key Generator
-
Find
puttygen.exe
in the PuTTY folder on your computer, and double-click it. -
Accept the default key type, SSH-2 RSA, and set the Number of bits in a generated key to 2048, if it is not already set. Then click Generate.
-
Move your mouse around the blank area to generate randomness. The SSH key pair is generated.
-
Save your private key.
-
The key comment is the name of the key. You can keep the generated key comment or create your own.
-
Enter a passphrase in the Key passphrase and the Confirm passphrase fields.
Note: Remember the passphrase. You can't recover a passphrase if you forget it.
-
To save the private key in the PuTTY PPK format, click Save private key.
Enter the same name as you used for the key comment, so that you know which public key to use this private key with. The private key is saved in PuTTY's Private Key (PPK) format, which is a proprietary format that works only with the PuTTY toolset. You can use this key whenever you use PuTTY for SSH.
-
-
Next, save your SSH public key.
-
In the PuTTY Key Generator, select all of the characters in the Public key for pasting into OpenSSH authorized_keys file: field.
Note: Make sure you select all the characters, not just the ones you can see in the narrow window. If there is a scroll bar next to the characters, you aren't seeing all the characters.
-
Right click somewhere in the selected text and select Copy from the menu.
-
Open a text editor and paste the characters. Ensure that you paste the text at the first character in the text editor, and don't insert any line breaks.
-
Save the key using the same root name that you used for the private key. Add a
.pub
extension. You can give it any extension you want, but.pub
is a useful convention to indicate that this is a public key. -
Exit PuTTY Key Generator.
-
-
Make a note of the public and private key names and where they are saved. When you create instances, you must specify the SSH public key. When you log in to an instance, you must provide the path to the corresponding SSH private key and enter the passphrase when prompted.
Uploading the SSH Public Key
-
Sign in to the Oracle Cloud My Services application at https://cloud.oracle.com/sign_in. The My Services Dashboard page is displayed.
-
Click the menu at the upper left corner of the page and select Compute.
The Compute Classic web console is displayed.
- Click the Network tab.
-
Click SSH Public Keys in the left pane.
The SSH Public Keys page is displayed.
-
Click Add SSH Public Key.
-
In the Add SSH Public Key dialog box, do the following:
-
Enter a name for the key.
Note the name that you assign. You'll specify this name later in the orchestration.
-
Paste the value of the SSH public key that you generated earlier, or click Select File and select the SSH public key file.
Note: If you paste the SSH public key value, make sure that you paste it exactly as it was generated. Don't append or insert any extra characters, line breaks, or spaces.
-
click Add.
The SSH public key is added to Compute Classic.
-
Reserving Public IP Addresses to Use in the Shared Network
Next, reserve a public IP address to use in the shared network. Later in this tutorial, you'll associate a public IP address with each instance on the shared network.
-
On the Compute Classic web console, click the Network tab.
- Click the Shared Network tab in the left pane.
-
Click the IP Reservations tab in the left pane, and then click Create IP Reservation.
-
In the Create Public IP Reservation dialog box, enter a name for the IP address reservation, and then click Create.
Note this name. You'll specify it later in the orchestration.
Note: Do not select an instance from the For Instance list. You'll use this IP address for the instance that you are about to create.
Note: Make a note of this public IP address. You'll use it to access your instance using SSH later.
Repeat these steps to create an IP reservation to use with the second instance on the shared network.
Creating a Security List for SSH Access
To permit SSH access to your instances, add them to a security list and then create a security rule.
To create a security list:
-
On the Compute Classic console, click the Network tab.
-
Click the Security Lists tab in the left pane, and then click Create Security List.
-
In the Create Security List dialog box, select or enter the following information, and then click Create.
-
Name: Enter an appropriate name. For the purpose of this tutorial, enter For-ssh-access.
Note this name. You'll specify it later when you create the orchestration.
-
Inbound Policy: Retain the default policy, Deny (Drop packets, no reply).
-
Outbound Policy: Retain the default policy, Permit (Allow packets).
-
Description: Enter a description.
-
Creating a Security Rule for SSH Access
Create a security rule to permit SSH traffic to the instances in the security list that you created earlier.
To create a security rule:
-
On the Compute Classic console, click the Network tab, and then click the Security Rules tab in the left pane.
-
Click Create Security Rule.
-
In the Create Security Rule dialog box, select or enter the following information, and then click Create.
-
Name: Enter an appropriate name. For the purpose of this tutorial, enter Allow-ssh-access.
-
Status: Retain the default, Enabled.
-
Security Application: Select ssh.
-
Source: From the Security IP Lists list, select public-internet.
-
Destination: From the Destination list, select the security list that you created earlier, For-ssh-access.
-
Description: Enter a description.
-
(Optional) Reserving Public IP Addresses to Use in IP Networks
Next, reserve a public IP address to use in your IP networks. Later in this tutorial, you'll associate a public IP address with each instance that has an interface on an IP network.
-
On the Compute Classic web console, click the Network tab.
- Click the IP Network tab in the left pane.
-
Click the IP Reservations tab in the left pane, and then click Create IP Reservation.
-
In the Create Public IP Reservation dialog box, select or enter the following information, and then click Create.
- Name: Enter a name for the IP reservation. For the purpose of this tutorial, enter ip-res-2.
Note this name. You'll specify it later in the orchestration.
- IP Pool: Select the required IP pool. If you select public-ippool, then your instance can communicate with external hosts over the public Internet. If you select cloud-ippool , then your instance can communicate with other Oracle Cloud services, such as the REST endpoint of an Oracle Cloud Infrastructure Object Storage Classic account in the same region, without sending traffic over the public Internet.
- For Instance: Select the instance that you want to associate this IP reservation with. An IP address is associated with a virtual Network Interface Card (vNIC) on an instance. After you select the instance, you must also select the vNIC on that instance, that you want to associate this IP reservation with. Don't select an instance now. You'll associate this IP reservation with an instance later, when you create the instance.
- vNIC: Select the vNIC that you want to associate this IP reservation with. If you haven’t selected an instance, this list shows all available vNICs. If you’ve selected an instance, this field shows available vNICs on the specified instance. Don't select a vNIC now. You'll associate this IP reservation with a vNIC later, when you create the instance.
- Description: Enter a description.
- Name: Enter a name for the IP reservation. For the purpose of this tutorial, enter ip-res-2.
Repeat these steps to create an IP reservation, ip-res-3, for the second instance.
(Optional) Creating IP Networks
An IP network allows you to define an IP subnet in your account. The address range of an IP network is determined by the IP address prefix that you specify while creating the IP network. These IP addresses aren’t part of the common pool of Oracle-provided IP addresses used by the shared network. When you add an instance to an IP network, the instance is assigned an internal IP address in that subnet. So you have complete control over the IP addresses assigned to your instances.
An instance can be added to an IP network only while creating the instance. After adding an instance to one or more IP networks, you can configure network settings in your IP networks to route traffic across instances and between instances and the public Internet.
An instance can be added to up to eight networks. If the instance has one interface on the shared network, it can have a maximum of seven interfaces on IP networks. You can associate a public IP address with each interface, either while creating the instance, or later, when the instance is running.
To create an IP network:
-
On the Compute Classic web console, click the Network tab.
- Click the IP Network tab in the left pane.
-
Click the IP Networks tab in the left pane, and then click Create IP Network.
-
In the Create IP Network dialog box, select or enter the following information, and then click Create.
- Name: Enter a name for the IP network. For this tutorial, enter
IPnet1.
Note this name. You'll specify it later in the orchestration.
- IP address prefix: Enter the IP address prefix for this IP network, in CIDR format. When you create instances, you can associate a vNIC on the instance with an IP network. That vNIC on the instance is then allocated an IP address from the specified IP network.
Select the IP address prefix for your IP networks carefully. Consider the number of instances that you might want to add to the network. This will help determine the size of the subnet required.
If you create multiple IP networks and you might want to add these IP networks to the same IP network exchange, then ensure that you don’t allocate overlapping address ranges to these IP networks.
Similarly, if you plan to connect to your IP networks using VPN, then ensure that the addresses you specify for your IP networks don’t overlap with each other, or with the IP addresses used in your on-premises network.
For the purpose of this tutorial, enter the IP address prefix 192.168.2.0/24.
- IP exchange: Specify the IP network exchange that you want to add this IP network to. An IP network can belong to only one IP network exchange. Before you specify an IP network exchange for an IP network, ensure that the IP addresses in this IP network don’t overlap the IP addresses in any other network in the same IP network exchange. If you don’t specify an IP network exchange while creating an IP network, you can do so later, by updating an IP network.
In this tutorial, we won't use an IP network exchange. Leave this field blank.
- Description: Enter a meaningful description for your IP network, if required.
- Name: Enter a name for the IP network. For this tutorial, enter
IPnet1.
Repeat these steps to create a second IP network, IPnet2.
(Optional) Creating vNICsets
A Virtual NIC Set (vNICset) is a collection of one or more virtual Network Interface Cards (vNICs). vNICsets are useful when you want to use multiple vNICs for the same action. For example, consider a scenario where you have a number of instances on various IP networks and you want to enable access to interfaces on each of those instances using specific protocols and ports, or from a specific source. To do this, create a vNICset and an Access Control List (ACL) and apply the ACL to the vNICset. Access to all the vNICs that you add to that vNICset is then controlled by the security rules in the applied ACL.
To create a vNICset:
-
On the Compute Classic web console, click the Network tab.
- Click the IP Network tab in the left pane.
-
Click the Virtual NIC Sets tab in the left pane, and then click Create vNICset.
-
In the Create vNICset dialog box, select or enter the following information, and then click Create.
- Name: Enter an appropriate name. For the purpose of this tutorial, enter vnicset1.
Note this name. You'll specify it later in the orchestration.
- vNICs: You can select the required vNICS from the list of existing vNICs. For now, leave this field blank. You'll add vNICs to this vNICset while creating instances.
- Applied Access Control Lists: You can specify the ACLs that you want to apply to this vNICset. For the purpose of this tutorial, leave this field blank. This tutorial doesn't explain how to create security rules and apply ACLs in IP networks.
- Description: Enter a meaningful description for your vNICset, if required.
- Tags: Enter text to tag this vNICset.
- Name: Enter an appropriate name. For the purpose of this tutorial, enter vnicset1.
Repeat these steps to create a second vNICset, vnicset2.
Creating Bootable Storage Volumes
When you create a Compute Classic instance, by default, it is set up to boot from a nonpersistent disk. To use a persistent boot disk, create a bootable storage volume. If you use a bootable storage volume as the boot disk for an instance, then any changes that you make to the boot disk aren't lost even when you delete the instance.
A storage volume can be attached to only one instance at a time. Create a separate bootable storage volume for each instance. For the purpose of this tutorial, you'll create two bootable storage volumes.
To create a bootable storage volume:
-
On the Compute Classic web console, click the Storage tab, and then click Create Storage Volume.
-
In the Create Storage Volume dialog box, select or enter the following and then click Create.
-
Name: Enter an appropriate name. For the purpose of this tutorial, enter bootable-vol-1.
Note this name. You'll specify it later in the orchestration.
-
Boot Image: Select the image that you want to use to create the bootable storage volume.
-
Size: Enter an appropriate size, in GB. For the purpose of this tutorial, enter 21.
Note: The size of the storage volume must be at least 5% larger than the selected image size.
-
Storage Property: Select storage/default.
-
Description: Enter an appropriate description. For the purpose of this tutorial, enter Bootable Storage Volume, 20 GB.
-
-
Your storage volume is created.
Repeat these steps to create a bootable storage volume, bootable-vol-2 for the second instance.
(Optional) Creating Storage Volumes for Applications and Data
If you want to create separate storage volumes for your applications and data, then repeat the steps in Creating Bootable Storage Volumes for each volume that you want to create, but don't select a boot image. Storage volumes that are to be used for data and applications (that is, not boot disks) must be mounted on the instance after the instance is created. See Mounting a Storage Volume on Your Instance.
Building Your Orchestration
Build your orchestration in a JavaScript Object Notation (JSON) formatted file.
The following sections step through the process of constructing your orchestration JSON file. You can use the attached sample orchestration as a template, and edit it to replace the example object names with the appropriate values.
In this tutorial, both instances defined in this orchestration use a bootable storage volume and are configured for SSH access.
Defining the Top-Level Attributes
Start your orchestration file with a name and description of your orchestration.
{
"description": "Create instances with ssh access",
"name": "/Compute-your_identity_domain/your_user_name/orchestration",
Specifying the Object Type
You can use an orchestration to create different types of objects: instances, storage volumes, security lists, security rules, and so on.
To create an instance, in the oplans
section of the orchestration, specify the object
type as launchplan
and give the
launch plan a label.
Tip: To ensure that the
instance is re-created automatically if it
crashes for any reason, specify the HA policy as
active.
"oplans": [
{
"label": "launchplan-for-vm1",
"obj_type": "launchplan",
"ha_policy": "active",
Specifying the Shape and Image for Your Instance
Within the oplans
section of the
orchestration, use the objects
attribute to specify the characteristics of your
instance.
-
Specify the shape that you want your instance to use. The shape determines the amount of CPU and memory resources that will be allocated to the instance.
See About Shapes in Using Oracle Cloud Infrastructure Compute Classic.
-
Also give the instance a label.
"objects": [
{
"instances": [
{
"shape": "oc3",
"label": "vm-1",
Note: In this tutorial, you set up your instances to boot from a persistent boot disk. So the instances are created with the image used to create the bootable storage volume that you specify later in the orchestration.
To set up an instance to boot from a
nonpersistent disk, you must specify the image
in the imagelist
attribute, as
shown in the following example:
"objects": [
{
"instances": [
{
"imagelist": "/oracle/public/oel_6.6_20GB_x11_RD",
"shape": "oc3",
"label": "vm-1",
If your orchestration specifies both a bootable
storage volume and the imagelist
attribute, then the bootable storage volume will
be used and the imagelist
attribute is ignored.
Configuring the Instance Interface on the Shared Network
networking
section
of the orchestration, to enable SSH access to your
instance, add your instance to the security list
that you created earlier, and associate an IP
reservation with the instance.
"networking": {
"eth0": {
"seclists": [
"/Compute-your_identity_domain/your_user_name/For-ssh-access"
],
"nat": "ipreservation:/Compute-your_identity_domain/your_user_name/ip-res-1"
}
},
(Optional) Configuring the Instance Interface on an IP Network
If you want to add your instance to IP networks, configure another network interface to specify the IP network you want to add the instance to. You can add an instance to one or more IP networks only while creating the instance. To add your instance to an IP network, for the interface eth1, specify the IP network IPnet1 and the vNICset vnicset1. Associate an IP reservation with this interface. You can also specify a static IP address 192.168.4.2 for this vNIC. If you don't specify an IP address, when the instance is created an IP address will be allocated dynamically from the available IP addresses in the specified IP network.
"networking": {
"eth1": {
"ipnetwork" : "/Compute-your_identity_domain/your_user_name/IPnet1",
"ip": "192.168.4.2",
"vnic": "/Compute-your_identity_domain/your_user_name/instance_name/eth1",
"vnicsets": "/Compute-your_identity_domain/your_user_name/vnicset1",
"nat": ["network/v1/ipreservation:/Compute-your_identity_domain/your_user_name/ip-res-2"]
}
},
Adding SSH Public Keys to the Instance
Specify the SSH public key that must be associated with the instance.
"sshkeys": [
"/Compute-your_identity_domain/your_user_name/rsa-key-1"
],
If you want to add multiple SSH public keys, specify them as shown in the following example.
"sshkeys": [
"/Compute-your_identity_domain/your_user_name/rsa-key-1",
"/Compute-your_identity_domain/your_user_name/rsa-key-2"
],
Note: The keys that you specify here are stored as metadata on the instance. This metadata can be accessed from within the instance at http://192.0.0.192/latest/meta-data/public-keys.
- Oracle-provided machine images include a
script that runs automatically when the
instance starts, retrieves the metadata from
http://192.0.0.192/latest/meta-data/public-keys
, and adds the keys to theauthorized_keys
file of theopc
user. - In machine images that you build, you can
write and include a script that runs
automatically when the instance starts,
retrieves the SSH public keys from
http://192.0.0.192/latest/meta-data/public-keys
, and adds the keys to theauthorized_keys
file of the appropriate users.
Attaching Storage Volumes to the Instance
To set up your instance to boot from a
persistent disk, you must attach a bootable
storage volume, specify an index number (in the
range 1 to 10) for the boot disk, and set the boot_order
attribute to the appropriate index.
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-your_identity_domain/your_user_name/bootable-vol-1"
}
],
"boot_order": [1],
You can also attach storage volumes to store your applications and data, as shown in the following example. Remember to assign a unique index number (in the range 1 to 10) to each attachment.
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-your_identity_domain/your_user_name/bootable-vol-1"
},
{
"index": 2,
"volume": "/Compute-your_identity_domain/your_user_name/data-vol-1"
},
{
"index": 3,
"volume": "/Compute-your_identity_domain/your_user_name/data-vol-2"
}
],
"boot_order": [1],
Note: If you don't want the
instance to boot from a persistent disk, then
don't specify the boot_order
attribute, but do specify an image for the
instance in the imagelist
attribute. See Specifying
the Shape and Image for Your Instance
Defining the Second Instance
To define the second instance, repeat the steps from Specifying the Object Type to Attaching Storage Volumes to the Instance, with the appropriate objects required for the second instance.
Reviewing and Validating Your Orchestration File
At this point in the tutorial, you should have an orchestration JSON file that defines all the required attributes for two Compute Classic instances.
-
Review the structure of the orchestration JSON file and make sure that all the attributes are defined in the correct hierarchy.
The structure of your orchestration JSON file must be similar to the structure of this orchestration sample.
-
Validate the JSON syntax.
You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON format isn’t valid, then an error message will be displayed when you upload the orchestration.
Note: Oracle doesn’t support or endorse any third-party JSON-validation tool.
Uploading and Starting Your Orchestration
-
On the Compute Classic console, click the Orchestrations tab, and then click Upload Orchestration.
-
In the Upload Orchestration dialog box, browse to select the orchestration file that you just created and then click Upload.
Note: If you get an error while uploading your orchestration, check that you've created all the objects referenced in your orchestration. You can also use a third-party tool such as JSONLint to validate your orchestration.
-
From the menu, select Start.
- Refresh the page to update the status.
When you start an orchestration, its status changes to Starting.
When all the instances defined in the orchestration are created, the status of the orchestration changes to Ready.
- To see your instances on the Compute Classic console, click the Instances tab. If your instances are not listed, then refresh the page.
After your orchestration is uploaded, it is listed on the Orchestration page, with the status Stopped.
(Optional) Configuring the Instance for HTTP Access
Your instances are now configured to allow public access only over SSH.
To enable access to the instances over other protocols, such as HTTP or HTTPS, you must open the required ports. In this tutorial, you'll create a security rule to enable HTTP access to your instances over port 80.
Creating a Security List
A security list is a set of instances that can communicate with each other across all protocols and ports. When you create a security rule, you specify a security list as a destination. This allows traffic from a specified source (such as the public Internet) to access all the instances that are part of the destination security list over a specified protocol and port.
To create a security list:
-
On the Compute Classic web console, click the Network tab.
- Click the Security Lists tab in the left pane, and then click Create Security List.
-
In the Create Security List dialog box, select or enter the following information, and then click Create.
-
Name: Enter an appropriate name. For the purpose of this tutorial, enter For-http-access.
-
Inbound Policy: Retain the default policy, Deny (Drop packets, no reply).
-
Outbound Policy: Retain the default policy, Permit (Allow packets).
-
Description: Enter a description.
-
Adding Your Instances to the Security List for HTTP Access
If you've created multiple instances, then you
might not want to enable HTTP access for all of
those instances. Remember to add only those
instances to the For-http-access
security list, for which HTTP access should be
enabled. Remember also, that instances in the
same security list can communicate with each
other across all protocols and ports. If you
need to isolate instances, then create separate
security lists.
-
On the Compute Classic console, click the Instances tab.
-
Identify the instance that you want to enable HTTP access for, and from the menu, select View.
-
On the instance details page, click Add to Security List. Select the For-http-access security list that you created earlier, and click Attach.
Repeat these steps to add other instances to
the For-http-access
security list.
Creating a Security Rule for HTTP Access
When you create a security list, the instances in the security list are isolated from hosts outside the security list. You can use security rules to override the default access settings of security lists. Each security rule defines a source, a destination, and a protocol-port combination over which communication is allowed.
In this tutorial, you'll set up a security rule
to permit HTTP requests from hosts on the public
Internet to port 80 of the instances in the For-http-access
security list.
To create a security rule:
-
On the Compute Classic web console, click the Network tab, and then click the Security Rules tab in the left pane.
-
Click Create Security Rule.
-
In the Create Security Rule dialog box, select or enter the following information, and then click Create.
-
Name: Enter an appropriate name. For the purpose of this tutorial, enter Allow-http-access.
-
Status: Retain the default, Enabled.
-
Security Application: Select http.
Note: Many of the commonly-used protocol and port combinations are provided as predefined security applications in Compute Classic. However, if you wish to specify a particular protocol-port mapping that is not predefined, you can create the required security application on the Security Applications page.
-
Source: From the Security IP Lists list, select public-internet.
-
Destination: From the Destination list, select the security list that you created earlier, For-http-access.
-
Description: Enter a description.
-
Repeat these steps if you want to create security rules to enable access to instances using other protocols and ports, or if you want to specify a different source or destination.
Logging In to Your Instance Using SSH
Logging In from a UNIX or UNIX-Like Host
-
Enter the following command:
ssh -i /path/to/private_key opc@public_ip_address_on_the_shared_network
Note: If you don't know the public IP address of your instance, you'll find it on the Instances page of the Compute Classic console.
-
When prompted, enter the passphrase you had provided for your SSH key pair.
Logging In from a Windows System
-
Start PuTTY.
The PuTTY Configuration window is displayed, showing the Session panel.
-
In the Host Name (or IP address) field, enter the public IP address of your instance.
Note: If you don't know the public IP address of your instance, you'll find it on the Instances page of the Compute Classic console.
-
In the Connection type: field, select SSH if it is not already selected.
-
In the Category pane, expand Connection, and then click Data.
The Data panel is displayed.
-
In the Auto-login username field, enter opc.
Confirm that the When username is not specified option is set to Prompt.
-
In the Category pane, expand SSH, and then click Auth.
The Auth panel is displayed.
-
In the Private key file for authentication field, click Browse and select the private key file that you saved earlier.
-
In the Category tree, click Session.
The Session panel is displayed.
-
In the Saved Sessions field, enter a name for this connection configuration, and then click Save.
-
Click Open to open the connection.
The PuTTY Configuration window is closed and the PuTTY window is displayed.
-
Enter the passphrase you had provided for your SSH key pair.
-
The first time you connect to your instance, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue.
Mounting a Storage Volume on Your Instance
-
List the devices available on the instance:
ls /dev/xvd*
Device names start from
/dev/xvdb
and are determined by the index number that you assigned while attaching a storage volume. For example, if you attached a storage volume at index 1, the volume gets the device name,/dev/xvdb
. The storage volume at index 2 would be/dev/xvdc
, the storage volume at index 3 would be/dev/xvdd
, and so on. -
Determine the device name corresponding to the disk index number that you want to mount.
For example, if you want to mount the storage volume that you had attached at index 2, the device name would be
/dev/xvdc
. -
Use a tool such as
mkfs
to create a file system on the storage volume.For example, to create an
ext3
file system on/dev/xvdc
, enter the following command:sudo mkfs -t ext3 /dev/xvdc
Note: If the Extended File System utilities are not available on your instance, you’ll see a message such as the following:
mkfs.ext3: No such file or directory
To install the Extended File System utilities, enter the following command:
sudo yum install e4fsprogs
-
Create a mount point directory on your instance.
For example, to create the mount point
/mnt/store
, enter the following command:sudo mkdir /mnt/store
-
Mount the storage volume on the mount point that you just created.
For example, to mount the device
/dev/xvdc
at the/mnt/store
directory, enter the following command:sudo mount /dev/xvdc /mnt/store
If you prefer, you can specify the disk UUID instead of the device name in the
mount
command.To find out the UUID of the disks attached to your instance, use the
blkid
command. -
To make the mount persistent across instance restarts, edit the
/etc/fstab
file and add the mount as an entry in that file, as shown in the following example:/dev/xvdc /mnt/store ext3 defaults 0 0
Want to Learn More?
-
Managing Orchestrations in Using Oracle Cloud Infrastructure Compute Classic
-
Managing Instances in Using Oracle Cloud Infrastructure Compute Classic
-
Managing Storage Volumes in Using Oracle Cloud Infrastructure Compute Classic
-
Configuring the Shared Network in Using Oracle Cloud Infrastructure Compute Classic
-
Configuring IP Networks in Using Oracle Cloud Infrastructure Compute Classic
Credits
-
Lead Curriculum Developer: Anamika Mukherjee
-
Other Contributors: Judy Zhu, Vimal Patel, Kumar Dhanagopal