OCI Basics Lab (VCN, Compute, Boot, Block Volume)
The goal of this lab is to demonstrate the basic functionality of OCI and allow the learner to start thinking about creative ways to use cloud infrastructure. In this lab we will show how simple it is to deploy a single instance web application environment in OCI. The application will need a secured virtual cloud network (VCN), a compute instance, and attached block volume storage. We'll install and configure open source Apache for our web server. After the system has been successfully deployed, we'll illustrate how easy it is to re-use the boot and block volumes from the initial instance. A similar architecture could prove useful with disaster recovery or scaling of compute and storage resources.
- Create a virtual cloud network
- Deploy a Linux based virtual machine in the cloud
- Attach block volume storage to the instance
- Login remotely via secure connection
- Install and configure a simple web-application
- Terminate the instance and transfer the boot and block volumes to another instance
Lab Overview Video
- Watch the video below for an accelerated view of the lab steps run through by the author.
OCI Basics Demonstration Video
- Beginner/Intermediate technical learners
- New to cloud
- New to Oracle Cloud Infrastructure
- Basic computer knowledge, networking, and storage
- Familiarity with Linux command line
Having an issue with the lab? Have an idea on how it could be made better? Want to tell us how awesome the lab is? Click the icon below to contact the team and let us know your feedback.
Task 1: Create a VCN
- From the OCI Services menu, choose Networking > Virtual Cloud Networks.
- Before you can create a VCN, you'll need to be in a compartment where you have authorization to create resources. From the List Scope section, locate the Compartment dropdown field. Expand the compartment selections using the plus signs until you find your assigned compartment underneath the Luna-Labs compartment, then click on it to select it.
Note: You will not be able to create any resources in the root, Luna-Labs or ManagedCompartmentForPaaS compartments. Any resources necessary for the lab have been made available in your assigned sub-compartment.
- Click the Start VCN Wizard button. Verify that you've chosen the correct compartment.
- Select the radio button to create VCN with Internet Connectivity and choose the Start VCN Wizard button again from the bottom of the pop-up screen.
- Fill out the configuration form with the following information: (The default CIDR blocks should be filled in already. Accept the defaults for this lab.)
|COMPARTMENT:||Ensure your compartment is selected|
|VCN CIDR BLOCK:||Provide a CIDR block for the entire network (10.0.0.0/16)|
|PUBLIC SUBNET CIDR BLOCK:||Provide a CIDR block for the public facing network (10.0.0.0/24)|
|PRIVATE SUBNET CIDR BLOCK:||Provide a CIDR block for the private internal network (10.0.1.0/24)|
|DNS RESOLUTION:||Leave "Use DNS Hostnames in this VCN" checked|
- Click Next
- Review the information and click the Create button.
Note: An important item to note is how much networking infrastructure is being created with one or two clicks. You're creating subnets, gateways, security lists, public access, DNS labels and more, in a matter of a few seconds. This kind of stuff used to take hours or days.
- You have created a virtual cloud network (VCN) with following components:
- 1 x Public subnet
- 1 x Private subnet
- Internet gateway (IG)
- NAT gateway (NAT)
- Service gateway (SG)
- DNS domain information
- Security list and routing information
- After the workflow has completed, click View Virtual Cloud Network to display your VCN details.
In the next step we will change the VCN security list and open port 80 to the internet. This will allow http traffic to pass through to the application we're going to deploy on our instance.
- From the Resources section on the left hand side of the VCN screen, choose Security Lists and then Default Security list for <YOUR_VCN_NAME>
- Click Add Ingress Rule under Ingress Rules.
- Use the information from the table to add a stateful ingress rule:
|STATELESS||Leave flag unchecked|
|SOURCE TYPE:||CIDR (default)|
|IP PROTOCOL:||TCP (Default)|
|SOURCE PORT RANGE:||ALL (Default)|
|DESTINATION PORT RANGE:||80|
- Click the Add Ingress Rules button at the bottom of the dialog box.
Note: This rule is telling the gateway to allow traffic from any location (0.0.0.0/0) to transport information over port 80 (http) using the TCP protocol stack.
You have now created a security rule to allow http traffic into your VCN.
In the next step, you will create and configure a compute instance and deploy a simple web application.
Task 2: Launch Compute Instance
In order for customers to run their business applications, they'll need computing resources. Oracle provides several different types of compute instances to help customers fulfill their application and performance needs. Oracle provides bare metal and virtual machine (VM) instance types with different cpu and memory configurations called shapes. In this section you'll learn how to deploy a virtual compute instance with a simple web server application. This is the basis of cloud computing.
- From OCI services menu, Click Compute then Instances to bring up the Create Compute Instance section
- Click the Create Instance button.
There are several sections in the Create Compute Instance dialog. Generally, the sections are Instance Information, including name and compartment. Placement and hardware, which includes Availability Domain location, Fault Domains, image type and shape. Next is networking where you choose the network configuration that was created earlier. There's a section for adding SSH keys followed by boot volume options. And there's an Advanced Options section where you can choose the Fault Domain, add a script to execute on boot, and more. We will not work with the advanced options in this lab but feel free to explore on your own.
Use the information from the following tables to fill out the Create Compute Instance form:
- Enter the compute instance name, select the compartment, and choose an availability domain.
|Name||Enter a name - ex: oci-basics-instance|
|Create in compartment||Select your compartment|
|Availability Domain||AD 1|
- Accept the default operating system image of the latest version of Oracle Linux.
- For the compute instance section, review the information provided. The default shape changes often in the OCI compute dialog. In this case, the dialog has defaulted to VM.Standard.E4.Flex. You'll need to change that. For this lab we have resources allocated for VM.Optimized3.Flex. Note that OCI has compute shapes to fit any customer compute needs, OCPU type, memory, bare metal, Amp and more. Click on the Change Shape button.
- In the Browse all shapes dialog, select Virtual Machine, then click on Intel. Check the box next to VM.Optimized3.Flex, then click on the Select Shape button.
- In the Networking section, you will accept the defaults, but notice the different options. Choose the button for Select existing virtual cloud network and confirm that the VCN you created earlier is listed. Choose Select existing subnet and confirm that public subnet from your VNC is displayed. Confirm the radio button is selected for Assign a public IP address
|Network||Select existing virtual cloud network|
|Virtual cloud network||Choose the VCN you created earlier|
|Subnet||Select existing subnet|
|Subnet||Verify that Public subnet from your compartment is selected|
|Use network security groups to control traffic||Leave unchecked|
|Assign a public IP address||Select the radio button|
Next is the Add SSH Keys section. SSH Keys are a requirement for a secure connection to the instance you'll be creating. You can generate keys from the OCI dialog, you can choose existing keys on your system, or you can paste the keyfile contents into the OCI dialog. For this lab we're going to keep things simple and use keys that have already been generated for you and stored on the Luna demo system.
- In the Add SSH keys section, select the radio button for Upload public key files. Then click on the link that says Drop .pub files here. Or Browse.
- The Open Files dialog should initially show only the Desktop and Downloads folders. Right click anywhere within the file manager window and you'll get a menu. Click the check mark to Show Hidden Files. You will see a number of new directories appear. Double click on the .ssh subdirectory.
- Click on the file named id_rsa.pub, then click Open. This is the public key that will be stored on your new instance to allow secure connectivity.
- The Add SSH keys dialog should show your stored key below the SSH public keys box reflecting that it's a properly formatted public key.
- In the boot volume section, leave the boxes unchecked at their defaults.
- Click on the Create button to create the instance.
The instance will begin provisioning. You should see the instance details screen with the orange icon indicating it's in provisioning status. Wait a few moments. When it's finished, the icon will turn green and enter the running state.
- Wait for Instance to enter the Running state. Examine the information in the Instance Information screen. Identify the assigned fault domain, private and public IP addresses, and other important information. Note that you can control your instance with buttons for Stop, Reboot, and Change Shape. If you forget how to connect to the instance you can click on connect to a running instance for a link to the documentation on how to connect to a cloud instance.
Task 3: Connect to the instance
- In the Instance Details screen, locate the field containing the Public IP Address. Click the Copy link to copy the IP address to the clipboard. The link will change briefly to copied to indicate success. Alternately you can right click/drag, then copy the IP address if you wish. The next step will require the IP address as we connect to the instance.
- Open a Terminal Emulator from the main desktop applications menu.
- From the terminal window enter the following SSH command. You are specifying the default admin name opc followed by the '@' sign and then the IP address of your virtual machine. You don't need to specify the SSH key or its location because it's stored in default .ssh directory. Answer yes to the prompt about accepting the identity and adding to the list of known hosts.
Note: If you receive a message like, "key_exchange_identification: read: Connection reset by peer", wait a few more minutes as this means your VM is still booting up.
- In the terminal window enter the following command. 'opc' is the default admin user, the @ symbol, and the ip address of your virtual machine copied from the OCI console window.
ssh opc@ The IP Address of your VM
You have successfully created an instance and logged in via SSH. Feel free to explore the instance environment if you have time. If you're not familiar with Linux or the command line, there are tons of how-to's and basic Linux tutorials available. In the next section we'll add external block storage to the instance for application data storage.
Task 4: Create and mount block storage
OCI offers 3 types of storage that offer different levels of performance, access, and redundancy for customer applications.
Block storage is based on physical blocks organized on a physical storage medium, namely SSDs (Solid State Disk), and organized via a file system. Block storage is accessed via a dedicated storage network commonly referred to as a SAN (Storage Area Network). Block storage is limited to the physical size of the disk or array of disks, but it is also considered the highest performance option for most applications. It's ideal for databases and mission critical applications.
Object Storage is a data storage architecture that manages data as objects. Object storage presents massive capacity and the ability to store unstructured data. Object storage is commonly used for disaster recovery, document storage, and analytics data.
File Storage. File storage is essentially an OS filesystem that's shared over the network and commonly referred to as NAS (Network Attached Storage). File storage is a basic Unix function and was commercialized as hardware file storage systems called NAS Appliances.
You will create block storage for this simple application exercise.
- From OCI services menu click Block Volumes under the Block Storage section of the menu.
- Ensure you're in the correct compartment and click on the Create Block Volume button. Fill out the form with the following information.
Note: For volume size and performance, the default size is 1024 GB which is equal to roughly 1 terabyte. The following steps will require a formatted, mounted filesystem so we'll need to decrease this size to 50GB to keep our lab simple and straightforward. Change the default size to Custom and change the size the 50GB.
|Name:||Name of your choice ex: oci-basics-bv|
|Create in Compartment:||Select your compartment|
|Availability Domain:||Create in the same AD as the instance|
|Size:||Custom - 50 GB|
|Volume Performance:||Leave as 'Balanced' but note that you can change this if you wish|
|Backup Policy:||No selection is necessary|
|Cross Region Replication||OFF|
|Encryption:||Default to Oracle Managed Keys|
- Click the Create Block Volume button. The volume icon will turn orange in color and enter the Provisioning state. In a few moments it will turn green and enter the Available state. It is now ready to use with your instance.
In the next step, we'll attach the block volume to the compute instance. You can attach a block volume from either the Instance section of the console or from the Block Volume section of the console.
- From the Block Volume information screen, click on Attached Instances under the Resources section.
- Click the Attach to Instance button and use the following information to fill out the resulting dialog box:
|Choose Instance:||Choose the instance you created earlier|
|Device Name:||Choose the first available path from the drop down.|
Note: Paravirtualized is a faster connection method that could result in slower performance. iSCSI connection is a more direct path but takes more steps to connect. For the simplicity of this lab you will use paravirtualization.
- Click Attach. After a few moments, you'll get confirmation that your block volume has been attached.
Note: For this example we've chosen paravirtualized attach because it's fast and simple. A paravirtualized attachment is a technique where the guest OS utilizes the hypervisor API to access remote storage directly as if it were a local device. It's fast and simple to mount storage. There may be a performance hit using paravirtualized block volumes so you may also want to be familiar with mounting storage directly via iSCSI. See the OCI documentation for instructions on mounting storage to instances via iSCSI. For more details see the link in the resources section to a blog explaining the differences between paravirtualized and iSCSI direct.
You should now have confirmation that the block volume has been attached to the instance. In the next step, we'll switch back to the SSH session, verify that the block volume is attached, format it, create a filesystem, and mount it to the instance.
- Return to the terminal window. Login to the instance again, if necessary. As the opc user issue the
lsblkcommand to verify the paravirtualized block volume has mounted and confirm the device path. In this case, we used the console to choose /dev/sdb and sized it to 50GB so we can verify the device has been mounted.
- Format the volume for use by the operating system. Type the following command into the terminal window.
sudo fdisk /dev/sdb -l
- Create a filesystem on the volume using the ext4 filesystem and naming the volume 'data'. Type the following command:
sudo mkfs.ext4 -L data /dev/sdb
- Create a mount point. mount the block volume, and verify that it's mounted to the system. Type the following three commands.
sudo mkdir -p /mnt/www/html
sudo mount /dev/sdb /mnt/www/html
You have successfully formatted and mounted the external block volume. Next you will install and configure a simple web application.
Task 5: Install and configure a web application
In the following section we'll install the Apache web server and configure it for use with our simple application.
- Install the httpd server, enter the following command in a terminal window connected to your OCI cloud instance:
sudo yum install httpd -y
In an earlier step, we added a security rule to allow traffic from the internet to port 80 through our virtual cloud network. You also need to configure the standard Linux firewall to allow traffic on the instance itself.
- Open port 80 on the instance firewall to allow http traffic.
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
Start up the web service and install a simple html application.
- Start the httpd service. Enter the following command in the terminal. (Note: There's no output for this command.)
sudo systemctl start httpd
- Download a pre-built application and install it. Run the following command from the opc users home directory.
- Unzip the file into the opc users home directory. And copy the web application structure into the web servers document root.
sudo cp -R oci-quickstart-lab-master/static/* /mnt/www/html/
- Next you will need to modify the server configuration file (httpd.conf) with the application location. Use vi or your favorite Linux text editor and modify the web server configuration file,
/etc/httpd/conf/httpd.conf. You will be editing this file to change the default location where web application files are stored, from /var/www/html which would be located on the system drive, to /mnt/www/html which is located on the block volume that we created for our server.
Note: A good idea would be to make a copy of the configuration file with a .bak extension in case you make any mistakes or accidentally corrupt the file.
Note: Launch vi, from the a terminal window. vi is a standard text editor and available in every version of the Unix and Linux operating system. vi can be a bit awkward for some so if you're not familiar with it, do a search the web for a vi cheat sheet or use the one in the resources section of the Luna lab. There are many available text editors in Linux. You can use gedit, or whatever Unix/Linux editor you maybe be familiar with. You can use nano, vim, emacs from the terminal, or gedit, which is available on the Luna desktop or in the startup menu. The examples below will illustrate using vi.
sudo vi /etc/httpd/conf/httpd.conf
- Search for the string /var/www and replace it with /mnt/www. You'll make three replacements and one is a comment, you don't need to edit the comment if you don't want to. There are three references to the cgi-bin directory. You don't need to change those.
Here's a tip, use the below command to do a global search and replace of the var term with the mnt term. It will replace all instances so don't do this as a rule. But in our case it won't hurt anything. Enter command mode (:) and the below command. It should say that it's made 9 substitutions on 9 lines. Save your file and exit.
Be sure to save your changes. (Hint: In vi its
- Change the security context of the application subdirectory. And then restart the httpd server. Enter the following commands:
sudo chcon -R --type=httpd_sys_rw_content_t /mnt
sudo systemctl restart httpd
- In the browser window, navigate back to the compute instance details for your instance. Locate and copy the IP address.
- In the browser, open a new window or tab. In the uri locator field, enter http:// followed by your compute instance's public IP
http://The IP address of your VM instance
You should see the simple http application form in your browser. The form is just an example and doesn't actually do anything.
Congratulations! Your application is up and running on OCI!
So far you have created a cloud network, launched an instance, created and attached block storage, configured a web server, and created a simple application. In the next section you will delete the first compute instance. Then you'll launch a new compute instance with the boot and block volume that you created for the first instance, thus retaining the configuration information from the first instance.
Task 6: Re-use the boot and block volumes for a new instance.
In this section we're going to detach the block volume and terminate the instance. You will then use the existing boot volume to launch a new compute instance. And you'll re-attach the block storage. This type of action can be helpful for customers with disaster recovery or building 'golden images' which helps with resource re-use and streamlining of operations in the cloud.
- SSH to the instance and un-mount the block volume. Enter the following command, adding the device path from your instance.
sudo umount /dev/<VOLUME_NAME>
- Open the OCI console window, navigate to the compute instances page and click on the instance you created. Click on the Attached Block Volumes(1) in the Resources section. Click the ellipsis to the right and select Detach from the brief menu.
- You will receive a warning about detaching your block volume. Click OK and wait for the volume to completely detach.
- From the instance information screen, stop the compute instance by clicking the Stop button.
- Read the warning message and click Stop Instance to confirm your choice.
- The instance will begin shutting down, the icon will turn orange and display Stopping. Shutdown will take a few moments. Once it enters the Stopped state, select Boot Volume from the Resources section, click on the ellipsis (action menu) and select Detach. Click OK to confirm your selection.
- Click Detach Boot Volume to confirm the detachment.
In a few moments, the boot volume will report that it's been detached. Next you will terminate the compute instance.
- Return to the top of the Instance Details screen and click on the Terminate button to terminate the instance.
Note: In the confirmation dialog box, DO NOT check the box for "Permanently delete the attached Boot Volume"
- Once the instance has been terminated, scroll down to the Boot Volume section showing the detached boot volume and click the boot volume link to view boot volume details. You can also use the action menu ellipsis on the far right and choose View Boot Volume Details.
- In the Boot Volume Details window click the Create Instance button towards the top.
- Use the following information to create a new compute instance:
Note: The information will be largely the same from your prior instance but you won't have to choose an operating system image as it's already installed on the boot image. You also won't have to specify SSH keys because they're already installed on the instance boot volume.
|Name your instance:||oci-basics-instance-02|
|Choose an operating system or image source:||Defaults to Boot Volume|
|Availability Domain:||Select availability domain|
|Virtual cloud network compartment:||Select your compartment|
|Virtual cloud network:||Choose VCN created earlier|
|Subnet Compartment:||Choose your compartment.|
|Subnet:||Choose the Public Subnet|
|Use network security groups to control traffic:||Leave un-checked|
|Assign a public IP address:||Check this option|
|Add SSH Keys:||No SSH Keys|
Once the instance is in the Running state, use the Attached Block Volumes dialog in the Resources section to attach the block volume to this new instance. In the dialog, select Paravirtualized for volume attachment type. Select the block volume you created earlier oci-basics-bv from the drop down menu. Choose oraclevdb from the device path drop down and click Attach.
- Wait for the block volume to fully attach.
Once the volume has finished attaching, open a terminal window and SSH to the compute instance using the new IP address. Mount the block volume using the steps you followed earlier in the lab.
Locate the IP address of the instance from the instance details screen. You will have a new IP as it's a different instance.
- Open a terminal window and SSH to the instance. Type Yes to confirm the fingerprint.
ssh opc@<The IP address of the new instance>
- Enter the following commands to mount the block volume and restart the web server:
sudo mount /dev/sdb /mnt/www/html
sudo systemctl restart httpd
- Use the web browser and open a new window or tab. Enter
http://*your compute instance's public IP address*in the URI locator. The IP address below is just for example.
You should see the simple form for the web application that you created earlier. You have successfully re-used the boot and block volume that were attached to another instance with all the data preserved. This simple example could be used to change compute shapes, create a re-usable golden image, or any solution where a portable instance might come in handy.
Congratulations! You have completed the OCI Basics lab. You have created a cloud compute instance and a cloud network. You've attached block storage, installed a simple http application, and migrated boot and block storage to a new instance.
Having an issue with the lab? Have an idea on how it could be made better? Want to tell us how awesome the lab is? Click the icon below to contact the team and let us know your feedback.