top of page

Part 3: Building a short end-to-end environment in OCI

In Part 2 - https://www.letsdosometech.com/post/part-2-building-a-short-end-to-end-environment-in-oci we have covered the building of VCN , subnets, Security List, Internet Gateway, NAT Gateway & Service Gateway.



Areas covered so far -


- Building Compartments. ( Completed in Part 1)

- Building VCN’s. ( Completed in Part 2)

- Building Compute instances.

- Building Load Balancer.

- Building DB Systems.

- Create domain zones.

- Create WAF.

- Create VCN Flow logs.

- Create Load balancer Logging.

- Create object storage & replication policies.

- Create resources in secondary region.

- Create DRG’s in both regions.

- Remote peering connections.

- Validate connectivity between both regions.


Let's continue with creating Compute instances and Load balancer in this article.


Pre-requisite & assumptions:

  • A ssh key pair has already been generated and is readily available.

  • A jump server would be created in mgmt subnet which would be used to further SSH to the app & database server in the private subnets.


Building a Compute instance:


Let's build a compute instance in mgmt subnet which servers as a jump server to ssh to the servers which we would create in the private subnet. Switch to the compartment - compute under NetworkArchitecture compartment. We would be using this compartment to hold all the compute instances.


Click on Compute -> Instances -> Create with the below data

  1. Compartment : Compute

  2. Primary VCN - WebVCN

  3. Subnet - mgmtsubnet

  4. Assign a public IP

  5. Paste the public key generated.




Once the server is created, use the OCI CLI or putty to connect to the server using it's public IP and the PPK file generated(whose public key is tagged while creation).


Create compute instance in Appsubnet:


Click on Compute -> Instances -> Create with the below data

  1. Compartment : Compute

  2. Primary VCN - WebVCN

  3. Subnet - appsubnet

  4. Assign a private IP

  5. Paste the public key generated.






Once the server is created, logon to the jump server first using the key(opc user) and further ssh to this newly created instance using the private key and the private IP.


Install tomcat on the webserver for our demonstration to point the load balancer to the tomcat service running on this server. (Tomcat installation is not covered in this article, please do put your comments incase you need one, will cover that as a separate topic)


Enable the firewall on the webserver to accept traffic on the ports - 80, 8080 & 8443 to & from the webserver. (Firewall service should be restarted post addition for the new rules to come into effect)



Creation of Load Balancer:


Let's create a load balancer to point to the tomcat services running on the web server we created.

Click on Network -> Load Balancer -> Create with below inputs -

  • Visibility - Public

  • VCN - WebVCN

  • Subnet - LBsubnet

  • Protocol - HTTP

  • Backend - Webserver

  • Port - 8080







Update the Load balancer security list to allow connections from internet and connections to the web server in the private subnet. Also, update the App subnet's security list to allow connections from the Load balancer subnet. Once these rules are made, we should be able to see the updated load balancer availability status.



The Backend health status should be always OK to make sure that the services on web server running and available.


To this point we have our Bastion server, tomcat web server & load balancer pointing to the tomcat web server is created. Let's now go ahead and create a DB system to complete the application setup. Please note that we are creating this for demo purpose only and won't be deploying any application on the tomcat web services to talk to database.


Building a Database Server:


We are going to create a DB System under database compartment as below -

  1. VM shape - VM Standard 2.2

  2. DB System - DemoDB

  3. Db version - 19.16.0.0

  4. Type - Enterprise edition with high performance

  5. Licensing option - License included.














Let's meet again in the next part where we continue building our environment .


Rest of the parts can be accessed through -








Comments


Drop Me a Line, Let Me Know What You Think

Thanks for submitting!

copyrights @letsdosometech.com

bottom of page