After playing around with the CLI it’s time to run some instance on the Oracle Compute Cloud Service. Oracle offers a broad range of images divided in 3 categories namely: Oracle images, Private images and Marketplace. The marketplace holds almost 400 turn-key solutions (from PeopleSoft to WordPress) where the category Oracle images are mostly Oracle Enterprise Linux distributions.
For this blog I will start a Oracle Linux 7.2 machine on the Oracle Compute Cloud and connect through SSH from my own machine.
Setting up security (SSH)
First we need to create a private and public keypair to authenticate against the Linux instance. Where the private key is safely stored on my desktop, the public key will be uploaded to the Oracle Compute Cloud. Run the following command:
jvzoggel$ ssh-keygen -b 2048 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/jvzoggel/.ssh/id_rsa): Enter passphrase (empty for no passphrase): verySecret1 Enter same passphrase again: verySecret1 Your identification has been saved in /Users/jvzoggel/.ssh/id_rsa. Your public key has been saved in /Users/jvzoggel/.ssh/id_rsa.pub.
In the Oracle Compute Cloud Service console we select Network -> SSH Public Keys.
Select the generated .pub file (which holds your public key and is safe to share).
Now that the Oracle cloud knows our public key it can allow secure authentication to it’s instances. However we need to do some security configuration to make sure the SSH traffic will be able to passthrough. This can be done during the instance creation, but I think it’s better to do it upfront.
Creating a secure ip list (source)
Under Network -> Shared Network -> Security IP-Lists we add a new entry. Any entry can hold multiple IP ranges, but in our case we will just add 1 IP address which is our public IP address on the internet. If you don’t know what your IP is entering the WWW then google on “what is my IP address” and many sites will help you out. Enter your address as shown below and select create.
Creating a secure list (target)
The next step is to create a security list. A security list is a bundle of 1 to many instances that you can use as source or destination in security rules. Before we create our security rule and even instance, we create the list upfront that will hold that 1 instance for security rule destination.
Creating a secure rule (bring it all together)
You can use security rules to control network access between your instances and the Internet. In this case we will create a rule that allows only SSH traphic, from our own machine to the soon to be created instance in our (now empty) security list. Oracle Compute recognises a lot of default security applications among them SSH. Make sure to select the IP list as source and list as destination.
Security should be all set, let’s start our first instance.
Creating a secure Instance on Oracle Compute Cloud
Under Instances -> Instance we select Oracle Images and get a latest version of Oracle Enterprise Linux. Make sure not to select Review and Create but use the “>” button on the right of it. My opinion the UX is not really explanatory here, it would be better to label it “Configure and Create” or something.
Go through the wizard and during the Instance step make sure to add the public SSH key we uploaded earlier. This will allow access to our instance with SSH without the need of a password.
In the Network step of the wizard we add the new instance to our freshly created security list. With this, the instance will inherit all the security rule configurations we made earlier.
Finish the wizard and wait for the Compute Cloud Orchestration to complete. After that your instance should be running.
Proof of the pudding
Check the public IP of your Oracle Compute Cloud instance and use it in your shell to connect with the SSH command.
And voila…
jvzoggel$ ssh -i /Users/jvzoggel/.ssh/id_rsa opc@120.140.10.50 [opc@bd8ee6 /] [opc@bd8ee6 /]$ whoami opc [opc@bd8ee6 /]$ [opc@bd8ee6 /]$ cat /etc/oracle-release Oracle Linux Server release 7.2
References
- Oracle: Using Oracle Compute Cloud Service (for PaaS) – Generating an SSH Key Pair
- Oracle: Permitting SSH Access to Oracle Compute Cloud Service Instances
