My Blog

IaaS for Apps – Building the Foundations: Orchestration Basics

by Philip Brown on 20th March 2017 No comments

In this series of blogs called IaaS Foundations for Applications – Building the Foundations, we will be taking you through step by step how to build the foundations for application infrastructure using the tools of the Oracle Cloud, starting with Orchestration Basics.

You can read part two about Deploying into IP Networks here and part three about Downloads and Upload Images to OPC here.

If you want to learn more about Cloud Infrastructure as a Service, why not watch our on demand webinar? Click here to see it now!

Below we will go through the IaaS Orchestration Basics:

Choose Your Image:

Oracle supply OL 6.3 to 7.2 and other pre-canned images of Windows and other OSs.

Applications on Oracle IaaS – Building the Foundations

Choose Your Shape:

The shapes you can choose will be specific to your service provision and DC; Oracle have started rolling out OC1MIO which are High Memory / High I/O shapes in OPC.  I don’t have access to these….yet! 

Applications on Oracle IaaS – Building the Foundations

Choose Your Instance:

Specify Instance attributes and either select pre-created SSH keys.  HA Policy refers to what will happen if the Orchestration fails; if it is set to Active it will auto-recreate it in the event of an error.  Name and Label can be anything; name is obvious, label is what’s used in the instance detail page and when defining relationships in the master orchestration.

Applications on Oracle IaaS – Building the Foundations

Choose Your Network:

You can specify your instance to a have a specific Public IP Address or one that is auto-generated.  When we say ‘specific’ IP address that is not an address you choose but an address that you request and then get to keep.  Here you can also specify specific subnets for up to 8 vNIC.  Finally, you specify a Security List which are used in conjunction with Security Rules and Security Applications.

Applications on Oracle IaaS – Building the Foundations

Choose Your Storage:

Here you can attach existing volumes or create new volumes.

Applications on Oracle IaaS – Building the Foundations

Review:

Applications on Oracle IaaS – Building the Foundations

Pretty simple for sure; I had an instance up and running and accessible within 5 minutes.  Spinning up an operating system is the easiest thing to do in Cloud and making it accessible is very very easy and within a couple of clicks you’re there.  But I wouldn’t say this IaaS instance is ready for any installation.

Want to learn more about Cloud Infrastructure as a Service? Click here to download a free copy of Enterprise Cloud Infrastructure for Dummies now!

Security Patches

As you saw from the video I picked up a 6.8 OEL image.  This image comes with some but not all security patches installed.  Checking your security patches is very simple and you can use the following commands:

[opc@c57709 ~]$ yum updateinfo list --security --sec-severity=Critical

Loaded plugins: security, ulninfo

Severity "Critical" not found applicable for this system

updateinfo list done

So it’s good that there are no outstanding Critical patches.

[opc@c57709 ~]$ yum updateinfo list --security --sec-severity=Important

Loaded plugins: security, ulninfo

ELSA-2017-0036 Important/Sec. kernel-2.6.32-642.13.1.el6.x86_64

ELSA-2017-0293 Important/Sec. kernel-2.6.32-642.13.2.el6.x86_64

ELSA-2016-3655 Important/Sec. kernel-uek-4.1.12-61.1.23.el6uek.x86_64

ELSA-2017-3508 Important/Sec. kernel-uek-4.1.12-61.1.25.el6uek.x86_64

ELSA-2017-3514 Important/Sec. kernel-uek-4.1.12-61.1.27.el6uek.x86_64

ELSA-2017-3520 Important/Sec. kernel-uek-4.1.12-61.1.28.el6uek.x86_64

ELSA-2016-3655 Important/Sec. kernel-uek-firmware-4.1.12-61.1.23.el6uek.noarch

ELSA-2017-3508 Important/Sec. kernel-uek-firmware-4.1.12-61.1.25.el6uek.noarch

ELSA-2017-3514 Important/Sec. kernel-uek-firmware-4.1.12-61.1.27.el6uek.noarch

ELSA-2017-3520 Important/Sec. kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch

updateinfo list done

Here we can see some important ones:

[opc@c57709 ~]$ yum updateinfo list --cve CVE-2017-6074

Loaded plugins: security, ulninfo

ELSA-2017-0293 Important/Sec. kernel-2.6.32-642.13.2.el6.x86_64

ELSA-2017-3520 Important/Sec. kernel-uek-4.1.12-61.1.28.el6uek.x86_64

ELSA-2017-3520 Important/Sec. kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch

updateinfo list done

And this is how you find a specific one based on information posted here.

[root@c57709 ~]#  yum update --cve CVE-2017-6074

..

Resolving Dependencies

3 package(s) needed (+0 related) for security, out of 43 available

--> Running transaction check

---> Package kernel.x86_64 0:2.6.32-642.15.1.el6 will be installed

---> Package kernel-uek.x86_64 0:4.1.12-61.1.28.el6uek will be installed

---> Package kernel-uek-firmware.noarch 0:4.1.12-61.1.28.el6uek will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package                Arch      Version                   Repository     Size

================================================================================

Installing:

kernel                 x86_64    2.6.32-642.15.1.el6       ol6_latest     32 M

kernel-uek             x86_64    4.1.12-61.1.28.el6uek     ol6_UEKR4      50 M

kernel-uek-firmware    noarch    4.1.12-61.1.28.el6uek     ol6_UEKR4     2.0 M




…

…

…




Transaction Summary

================================================================================

Install       3 Package(s)




Total download size: 83 M

Installed size: 341 M

Is this ok [y/N]: y

Downloading Packages:

(1/3): kernel-2.6.32-642.15.1.el6.x86_64.rpm             |  32 MB     00:04

(2/3): kernel-uek-4.1.12-61.1.28.el6uek.x86_64.rpm       |  50 MB     00:06

(3/3): kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch. | 2.0 MB     00:00

--------------------------------------------------------------------------------

Total                                           6.9 MB/s |  83 MB     00:12




Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch             1/3

Installing : kernel-uek-4.1.12-61.1.28.el6uek.x86_64                      2/3

Installing : kernel-2.6.32-642.15.1.el6.x86_64                            3/3







Verifying  : kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch             1/3

Verifying  : kernel-uek-4.1.12-61.1.28.el6uek.x86_64                      2/3

Verifying  : kernel-2.6.32-642.15.1.el6.x86_64                            3/3




Installed:

kernel.x86_64 0:2.6.32-642.15.1.el6

kernel-uek.x86_64 0:4.1.12-61.1.28.el6uek

kernel-uek-firmware.noarch 0:4.1.12-61.1.28.el6uek

Complete!

[root@c57709 ~]#

[root@c57709 ~]#  yum updateinfo list --cve CVE-2017-6074

Loaded plugins: security, ulninfo

CVE "CVE-2017-6074" not found applicable for this system

updateinfo list done

Now this is a metered service so lets shut it down; this is done by stopping the orchestration

<Time Elapses>

Now we start it up again…

Now when I go back in let’s check the update again….you know where this is going….

[opc@c57709 ~]$ yum updateinfo list --cve CVE-2017-6074

Loaded plugins: security, ulninfo

ELSA-2017-0293 Important/Sec. kernel-2.6.32-642.13.2.el6.x86_64

ELSA-2017-3520 Important/Sec. kernel-uek-4.1.12-61.1.28.el6uek.x86_64

ELSA-2017-3520 Important/Sec. kernel-uek-firmware-4.1.12-61.1.28.el6uek.noarch

updateinfo list done

Hmmm so what happened.  Well the key thing to remember here is that the Orchestration is creating the resources but those objects aren’t persistent.  When you stop the Orchestration you’re deleting the resources.  Now in this instance the boot volume was created as part of the Orchestration; when you stop and start the Orchestration any modifications to the base image would be erased and effectively your starting from a template OS again.

So if you’re install application users, configuring security, input routing rules those will all be lost.  Now the way to resolve this is to pre-create your storage and boot volumes OUTSIDE the orchestration and just use the wizard to pick previously created objects.  You will see differences in the number of Orchestration files.  IaaSTest1_instance below just references storage objects previously created whereas IaaS_Build_storage is the creation of the storage object which then get used in the IaaS_Build_master (which brings together an instance with storage).

Applications on Oracle IaaS – Building the Foundations

It’s a very subtle thing but one which will burn your fingers if you’re not careful.  The beauty of IaaS is that it is sooooo easy to spin up infrastructure but you still need to have an awareness and appreciate of what else you need and should do.

This is just one aspect of spinning up IaaS and to have the foundations ready for applications it’s not just about security but also networking, connectivity and access all of which we will look at in this series of blogs.

READ MORE:

enterprise cloud infrastructure for dummies download

Philip BrownIaaS for Apps – Building the Foundations: Orchestration Basics

Related Posts

Take a look at these posts

Join the conversation