Fixed SOA Suite CS Error in Oracle Cloud: Validation Failed – Unable to Create Service / Invalid Storage Container

Situation

This post should provide some help for those working for the first time with SOA CS in the Oracle Cloud.

After working a lot with ACCS, OCCS, Developer CS, and JCS, surprisingly I struggled with the provisioning of SOA CS in the Oracle Cloud. Part of the problem was that the storage service seems to be accessed in (at least) three different ways within OPC .

  1. The syntax StorageName-IDDomain/chosenContainerName workes fine for DB and Java CS. There also you can create the storage container while provisioning the service.
  2. I have seen slides at OOW2017 where the storage container name was specified as a single identifier, e.g. “xyzcontainer” (however I cannot find the my paparazzi for that cloud service right now).
  3. For SOA CS none of this worked. Also the reported solution in the ODC forum did not apply in this case. The tooltip actually suggested the syntax 1).

    Also the error message(s) is not that helpful. “Validation Failed” could mean anything. “Check the log file for the real cause” makes me wonder in case of a PaaS service. What worked for SOA CS is using pre-creating the container and using the REST endpoint of the storage service.

Some Details

For SOA CS, when using the syntax that nicely worked for DB and JCS as described in 1) be prepared to see the following error message:

If you are trying to use the REST endpoint of the storage service, you might see the following rather cryptic error message if you are slightly off with the syntax.

Solution

What worked for me:

  • Precreate the storage container with the storage service console
  • Get the REST endpoint from the storage service. This is a bit hidden under Storage / View Details.
  • The syntax of the endpoint is like this:
    https://Storage-a534966.storage.oraclecloud.com/v1/Storage-f275638b05994123123123
  • Append the container name to the REST endpoint
  • Use this as storage container name

Improvements

Anyway. Thanks to Jenny for suggesting solution 3.)! IMHO, error messages given by SOA CS need improvement, also the handling of storage container needs be unified across all services and communicated in a much better way. As I already posted for Big Data CS-CE, the tooltip information for storage container is conflicting with the documentation.

A few days ago, I forwarded these issues to Oracle and received feedback that they will work on 1) improving our Cloud UI / UX design and consistency, 2) delivering useful tooltips and error messages.

For those who care: I started to write a posting about design criteria for a good PaaS.

Application Container Cloud (ACCS) supports Java EE

This is my personal entry for the ODC appreciation day that was initiated once more by Tim Hall.

Intro

Oracle’s Application Container Cloud Service (ACCS) is a cloud native, container based runtime for applications and microservices implemented with Java, Node.js, Ruby, Python and PHP. It’s simplicity makes it most attractive. All you need to do is bundle and upload your code, and add a .json file to let ACCS know how to start your application.

Since a couple of days ACCS is now supporting Java EE as well – this is great news! Note, that there is still Java Cloud Service JCS, which gives you a fully fledged WebLogic domain. However, JCS is more complex to set up and to deploy to, so ACCS is a good option for those that only want to deploy and run a Java EE module.

ACCS with Java EE

The provisioning, as shown in the following screenshot, is PaaS-worthy, easy enough as with any other ACCS deployment type.

ACCS: Application Container Cloud Service with Java EE

 

ACCS with Java EE, Some Details

Here are some more facts as they are currently known:

  • You can simply upload a .war file. The .json manifest that is required to tell ACCS how to start a Java application is not mandatory for Java EE since the module is running in WebLogic.
  • The current versions used in ACCS when deploying a Java EE module are: WebLogic 12.2.1.2 (which supports Java EE 7), running on Java 8.
  • ACCS with Java EE currently does not support clustering.
  • ACCS does not let you access the WebLogic admin console. This is fine. It’s PaaS!
  • ACCS with Java EE can make use of Java Flight Recorder. In continuous mode, all profiling and event data is captured. If Java Flight Recorder is not in continuous more, then 60 seconds of data is captured. You can download the files and use Java Mission Control to analyze the recordings.
  • The URL syntax to invoke a deployed web module is as follows:

    https://<ACCSName>-<IDDomain>.apaas.<REGION>.oraclecloud.com/<DocRoot>

  • Typically the URL to call a deployed application is shown in the ACCS service console. Note, that the DocRoot -even if required to call the deployment – is not shown.
  • A Java EE deployment is running across 2 instances as default which requires a load balancer to be provisioned by ACCS. Currently OTD is used.
  • If you feel brave enough, just give it a go and deploy the sample app.
  • If you are lost working with ACCS by yourself, then follow this tutorial, explaining how to deploy a Java EE module to ACCS. The instruction mentioned in the tutorial worked OOTB for me.

Possible Improvements

As you know, I usually write about features and showstoppers. A few minor things that should be improved in my opinion:

  • A few minor details are not visible in the console. E.g. the used Java version is not fully displayed.
  • Not sure if it is documented somewhere, but I would love to read more precisely about current restrictions for Java EE in ACCS. Actually I dropped the hint for some colleagues at Oracle to blog about it.

Is it Java EE or EE4J now?

You may have heard that Java EE went to the Eclipse foundation. The new name will be EE4J. Do you have to change all your slide decks and articles? Actually no. For some more details have a look at this article.

Acknowledgement

Many thanks to the team of Abhishek and Sriram for helping to clarify some questions and providing quick and precise feedback!

Purge / Empty / Drain a Kafka Topic in Oracle Event Hub Service (or any other Kafka broker)

I did not find this solution myself, but I am also not sure where I discovered it. Just a note to myself.

Actually it is becomes useful once you enabled client access to your Oracle Event Hub Cloud Service, since the web based console itself does not implement every functionality that is provided by Kafka.

On another thought: what if the Event Hub Console implemented draining a topic in the web console? And maybe it could also display the number of messages stored in topic.

Access Oracle Event Hub Kafka from External Kafka Client or Tool

Access Oracle Event Hub from external Tool or Command-Line Client

Oracle Event Hub provides a managed Kafka PaaS solution. To access it from an on-premises client you have to make sure to enable the ports to Event Hub Zookeeper and the Kafka broker.

Access to Kafka Broker

First lets enable access to Kafka broker. To do so, check the OPC Event Hub service for the connect string.

Create Event Hub Broker Access Rule

Then create a new access rule. Warning: In general you should not allow public access to access your Event Hub service! This is just for demo purposes to make the tool work. In case of doubt create a rule with your own IP address and talk your friendly security officer first of all.

The creation of the rule might take a few seconds:

Create Zookeeper Access Rule

Once the rule for the Kafka broker is created, we need to create a rule for Zookeeper which is using port 2181:

Explore Kafka Tool (or other)

Now lets start our Kafka tool (for demonstration purpose) only, configure the connection details for the Zookeeper IP and port, and then try to connect to Oracle Event Hub Service:

Voila, it is working 🙂 You can explore your topics or even create new ones. Note that  Oracle Event Hub uses a special naming convention for topics.

Oracle Event Hub Cloud Service: What you need to know about Topic Names

There are a number of things related to topics in Oracle Event Hub service that everybody should be aware of:

  • Oracle Event Hub topics created with the web console are automatically prefixed with the OPC ID domain.
  • Event hub topics can be created via the Kafka command-line from any host (assuming you allow the clients to access Event Hub CS). These topics are not prefixed with the OPC ID domain.
  • Topics created with the CLI (without ID domain prefix) are not shown in the service console.

IMHO, this is behaviour is not very useful for various reasons:

  • If you are planning to use Event Hub as a drop in replacement for another Kafka installation you won’t be able to create the proper topic names for already existing topics with the service console.
  • You have to add the ID domain prefix in every client. This is particularly bad e.g. for a Java producer. Hard-coded ID domains will show up sooner or later in the source code.
  • Being forced to use the ID domain prefix in every client might turn out to be a security issue. Did you note that most bloggers blacken their ID domains in screenshots when writing about OPC?

 

Oracle Big Data Compute Service: Unable to create service

When creating a new instance of the Oracle Big Data Compute Service I faced the following error message:

So far the reason is unknown. The same request was working using another account (provisioned in Europe, not in the US), so I assume it is somehow related to the account settings.

I escalated this issue to Oracle and they are working on it. Once there will be more news of course I will post the solution here.

When implementing a PaaS service you should make make sure:

  • to provide meaningful error messages. Tell the user WHY something is not working.
  • make sure people if your PaaS really provides a log file and how to access it

Application Container Cloud Service (ACCS): Invalid Subscription. Please contact oracle support.

This error messages shows up with the Application Container Cloud Service (ACCS) if you did not set the replication policy for the Oracle Storage Cloud Service. Actually I remember that there was a time when the solution how to fix the issue was not included.

ACC Error. Oracle Cloud

Now we are better off, just read the documentation included in the error message link, or see below:

Should this happen? Here is my take (in progress).

Good news is, that you can fix it easily by setting the replication policy for the Storage Service.

Storage Container Name: Conflicting Syntax for Storage Container Names in Oracle Big Data Service Compute Edition

I already presented and published how to get Oracle Java Cloud Service to work, but it seems that a little help for Big Data Service Compute Edition can be useful as well.

One showstopper is the Storage Container Name. If you check the documentation it says you have to provide the REST URL:

Storage Container Syntax (Big Data Cloud Service Compute Edition)

On the cloud console however it says that you should use the Syntax that is known from JCS or DB as a Service:

Name of an Oracle Storage Cloud Service container of the form Storage-IDDomain/yourChoiceOfContainerName. e.g: storagesvc999-usoracleaccoutrial00999 /backupContainer; If not already created, you must create the container following the Oracle Cloud Storage documentation.

In this case the documentation is wrong. The following format is correct:

Oracle Storage Service: Geo Replication – you must set this!

Configuring the Oracle Storage replication policy should be step number zero if you start in the Oracle cloud with any service. I cannot stress this often enough. Many services such as DB as a service or Java Cloud service will not work without it. Even ACCS – a much newer and higher level PaaS service – will not work unless you set this storage policy.

  • For now: go and set the policy. I got into all kind of trouble trying without. Trust me, you won’t have the time for this.
  • To make cloud services such as JCS or ACCS work it is not so much important how you set the replication policy, it it just important that you set it. Functionally of course, there is a big difference if you data will be replicated asynchronously to another data center or not.
  • IMHO this should be improved by Oracle

Oracle Cloud: Set Storage Replication Policy

From the official Documentation

Guidelines for Selecting a Replication Policy
Read these guidelines before selecting a replication policy.

Oracle provides several replication policies. Broadly, they belong to one of the following types:

New Names For Oracle Cloud Services (was: Bare Metal)

Oracle cloud is moving even more towards the generic cloud model that I described in 2011. What used to go with the name “Bare Metal” becomes the new norm now. This is good news: In addition to the regions and availability zones that you already know from AWS, the new stack will provide a flat, non-blocking network and NVMe storage.

The Bare Metal Cloud Services user interface was updated to reflect the new name, Oracle Cloud Infrastructure. Also on September 26th, the Oracle Public Cloud user interface will be updated to reflect the new name, Oracle Cloud Infrastructure Classic.

Oracle Cloud Service Names. Old Name. New Name. Classic.

OTN Tour 2017 in Colombia: Fully booked Microservices with ACCS Workshop.

Here is some news regarding the OTN event in Cali Colombia in 2017: In addition to the two presentation that I gave, I delivered an 4h live and hands-on coding workshop on the Oracle Cloud using ACCS for microservices. We had a full house, feedback was flattering! Mauricio Naranjo offered local support for the event.

Microservices Cloud Workshop and Training. Curso de microservicios.

 

OTN Tour 2017 in Paraguay Asuncion: Serverless Architecture

This year we had the first OTN tour ever in Paraguay. Organization, venue, cultural events and also the food was great. Good to see how a first time event can be such a success.

Also I had a full room when presenting 🙂


I presented about Serverless Architectures which is currently dominated by AWS but upcoming at Oracle Cloud. I talked about parallels and differences and people were curious to see how it relates to OCCS, ACCS, and JCS.

 

Oracle OTN Tour 2017 Sao Paulo: Getting Started with Java Cloud Service (JCS)

At the 2017 OTN stop in Sao Paulo I did my first presentation to help customers to get started with Oracle Java Cloud Service (JCS).

 There are  actually a few showstoppers that make customer’s experience more difficult than it should be in my opinion. I will blog about them later in autumn – for now please have a look at my presentation on Slideshare.

 

OSB 12c Schulung

Ich werde kurzfristig eine OSB 12c Schulung in München oder Frankfurt anbieten. Bei Interesse mich bitte per email kontaktieren. Danke!

Cloud Comparisons (IaaS)

I was currently consulting again at how AWS vs Azure compares on an IaaS level and how this is related to Oracle. Did you know that @azure compares itself to @awscloud and simply put a doc on the @microsoft site? Wouldn’t that be a cool thing to do for lets say Google and the Oracle cloud?

A collection of resources for AWS vs Microsoft:

 

Here is why Microsoft thinks that they are superior. Interesting that they (also) drill on the number of data centers which is simply a head to head race (where Microsoft was indeed leading as of April 2017).

 

Show EC2 Instances across all Regions

A note to myself (might be useful to you as well):

Originally from Stackoverflow

Oracle CODE Mexico City 2017

A fortnight ago I was travelling to Mexico City / Santa Fe to speak at the Oracle CODE event. It was a huge event, relaxed atmosphere and everybody seemed to have a great time learning new tech. Gossip was spreading that over 2000 people signed up for it.

Myself, I did a live-hacking session, explaining the reasoning from building an ‘artesania’ Docker Swarm cluster to moving to Oracle Container Cloud Service (OCCS) and Wercker. This included a complete CI/CD workflow: based on a simple git commit for a Spring Boot application, building a new Docker image that will be stored on Docker hub, and then pushed to OCCS . Yes, live on stage 🙂 and live in the cloud.

Maybe the biggest impact on my session had the Mexico vs. Germany football match that just ended a few minutes before my presentation. After Mexico not winning 1:4 against GER there were still some 100 people in the mood to attend my live hacking session. Many of those showed up afterwards to say hello and ask advanced questions which was a pleasant surprise!

This is part of the group. Can you spot Mini, the cluster?  🙂

Even after walking out of my session and hanging around in the foyer, I got heaps of questions from people asking me about clustering Docker containers, the reasoning and difficulty of building a Raspberry Pi based Docker cluster, how OCCS differs to all of this and why and how Oracle is involved in Docker.

Have you been there? Something worth to repeat? Share your opinion about the event as a comment.

 

Cloud, Microservices and Container Workshop in South Africa!

Lot’s of people are talking about these topics nowadays. Heaps of slides and samples are available for download, lots of presentations can simply be streamed from youtube.

In Johannesburg we were working with these solutions hands-on: I delivered a 3 day Cloud, Microservices and Containers workshop on behalf of Oracle.

Find attached some impressions from the smart and fun group of devs and architects I was working with.

 

 

User Wercker to Start a Kubernetes Cluster: Click2Kube

When Oracle recently acquired Wercker some people wondered how it will fit into the Oracle cloud portfolio. Now there is a bit more of a clue; Oracle started beta-testing Click2Kube which allows you to to use Wercker to spin up a Kubernetes cluster.

In a quick smoke test I achieved the following in a few minutes:

  • I provisioned a Kubernetes cluster in about 4 minutes.
  • Details about the endpoint in the form https://k8s-master.1234567.obmc.wercker.com was mailed to me
  • The cluster can be accessed using standard kubectl from the command-line. Also an example of how to configure access to the cluster for the endpoint given is provided.

Once more I am packing suitcases, yet I am looking forward to explore it a bit more in depth. Looks like there is exciting stuff ahead! Check out http://www.wercker.com/ for more details.

By the way, I will also be speaking about Wercker and how it works together with OCCS at Oracle CODE in Mexico City on June 29th, 2017. Save the date now, pass by, and say Hola!

 

WebLogic / JCS X-Powered-By Header and Penetration Tests

The following applies to WebLogic 11 / 12c and JCS the same way and can be important when you try to harden your WebLogic installation.

The X-Powered-By Header

WebLogic responds with an additional

X-Powered-By: Servlet/2.5 JSP/2.1

HTTP header to web requests. This is according to the Servlet 2.4 spec. However, sometimes it is desirable to expose as little information as possible and quite often the default behavior gets you a critical remark when a penetration test is done.

How to Disable

You can disable this behavior (and suppress the header completely) with the following MBean setting:

X-Powered-By Header WebLogic Server uses the X-Powered-By HTTP header, as recommended by the Servlet 2.4 specification, to publish its implementation information.

Following are the options:

  • “NONE”: X-Powered-By header will not be sent
  • “SHORT” (default): “Servlet/2.4 JSP/2.0”
  • “MEDIUM”: “Servlet/2.4 JSP/2.0 (WebLogic/9.1)”
  • “FULL”: “Servlet/2.4 JSP/1.2 (WebLogic/9.1 JDK/1.4.1_05)”

MBean Attribute:
WebAppContainerMBean.XPoweredByHeaderLevel

For details, check the documentation.

 

OSB 12c (12.2.1.2) More Maven Issues and Solutions

Existing Bugs and Issues with Maven and OSB 12.2.1.2 and How to Fix Them

It is a well known fact that Maven in OSB 12.2.1.1 came with glitches that required manual fixes as described in Robert Patrick’s blog posting and in the Oracle support notes Doc ID 2186338.1. However, this article is centered around the latest OSB 12.2.1.2, its particular Maven issues and how to fix them. Same as version OSB 12.2.1.1 also 12.2.1.2 suffers from various maven glitches, however in a more subtle way.

[Note, that I usually don’t post references to MOS, since not everybody has access to it. Anyway, if you cannot access to Doc ID 2186338.1 don’t worry. It basically describes what Robert writes about in his blog. In addition it recommends actually not to fix it manually, but instead wait for a patch. I actually I agree. Also note that as of OSB 12.2.1.2 this issue is not marked as fixed although the behavior of the newest version is different.]

The current situation with OSB 12.2.1.2 and Maven is “interesting”, to put it mildly:

  • mvn with OSB 12.2.1.2 and the maven push plugin only will not work out of the box. This means the official documentation won’t help you in this case. The good news – despite the fact that mvn with OSB 12.2.1.2 is not working correctly – is that it is rather easy to fix manually (see below, Fix 1: Maven with OSB 12.2.1.2 and the mvn push plugin).
  • Also mvn with OSB 12.2.1.2 and maven.oracle.com will not work (as of Jan 7, 2017). Since the required .pom and .jar files are pulled over from maven.oracle.com and several of them are missing it is obviously not easy to fix it yourself.
  • Here comes the crazy part (well, crazy on an IT scale): if you configure both, i.e. first use the OSB Maven plugin to push from an OSB 12.2.1.2 ORACLE_HOME into the .m2 repository, and then in addition configure the maven.oracle.com repository, then it is done twice. Yet then also both issues cancel each other out.

 

Here are the fixes, as promised

Fix 1:Maven with OSB 12.2.1.2 and the mvn push plugin

a) easy manual fix, updating two lines in two files:

After usign the push plugin, in .m2 Repository, e.g. D:\Users\frank\.m2\repository\com\oracle\servicebus\sbar-system-common\12.2.1-2-0 change the file sbar-system-common-12.2.1.2.pom as follows:

under

change the version tag to <version>12.2.1-2-0</version>

also for the file sbar-project-common-12.2.1.2.pom in the directory
.m2\repository\com\oracle\servicebus\sbar-project-common\12.2.1-2-0 change the version number the same way.

b.) Install patch 22392646

This is the second, alternative option to fix the issue. Install patch 22392646 from My Oracle Support. After a lengthy and tiring discussion I had with support it is now also applicable to OSB 12.2.1.2. – voilà! Depending on your provisioning approach this might be the easier fix, but actually you could just copy over the files (or even run sed on those two files).

 

Issue 2: Maven with OSB 12.2.1.2 and the maven.oracle.com

There is no known fix at the moment, maven.oracle.com is missing a whole lot of files (again) and also some of those delivered are wrong again. Bug 23698828 describes a very similar issue, yet reports it as fixed for 12.2.1.1. Oracle support knows about it, so let’s hope it will be fixed soon in maven.oracle.com. I will keep you posted, promised.

Update: After the first round with support their “solution” did not work. The issue is still not fixed. If you think about it for a second, how hard can it be to push a patched .m2 repo to maven.oracle.com? Stay tuned 🙂

To conclude

You are lucky if you simply retyped all the instructions available and configured both ways to use Maven with OSB 12.2.1.2 (although I somehow guess you would have not read this article then).

As soon as you follow a clear path and either go for the push plugin on a machine with OSB installed, or maven.oracle.com on a build server without an OSB installation, you will run into issues. It is obvious that Oracle would do good with automatically testing this functionality for future releases. Not being able to browse the maven.oracle.com repo makes it more difficult for customers to debug those issues, so it might be a good idea to use a local proxy / cache.

Let me know your feedback!

 

WebLogic 12c Zero Downtime Director’s Cut: What you missed …

Everything has limitations. And 2 Minute Tech Tips are 2 minutes only. Strict rules. Anyway, you missed a lot of the good stuff that I recorded in Manly Australia, i.e. the introduction of the 2 minute tech tip about Zero Downtime (ZDT):
Why I was standing on Manly Beach, the wildlife story about sharks that stopped me from having a bath, furthermore some whales (real whales! – not a Docker whale this time) and all the crazy things that happened while we recorded.

So here is the introduction. Enjoy.

DNS Lookup and Ping Times Measurement with Grafana on Oracle Container Cloud Service

Welcome back to a new posting about the Oracle Container Cloud service(OCCS). In my previous OCCS blog posting I went through some details of the brand new OCCS.

In the following webcast I try to measure some key characteristics like DNS lookup and ping times for major industry websites such as cloud.oracle.com, google.com and munzandmore.com. All the measurements are done from probes running in various capitals throughout the world. The important thing to understand is that we not measuring times from the Oracle Cloud to somewhere.

The results actually show that cloud.oracle.com is on a par with google.com and both obviously beat my own domain which is not a big surprise.

Grafana is visualizing the results of these probes. It is running in a Docker container which is running on Oracle Container Cloud Service (OCCS) – the newest addition to the Oracle Cloud.

Enjoy the webcast. Let me know if you have some interesting findings about measurements with Grafana and the worldping plugin or the Oracle Container Cloud service! For sure I will post more about it later.

 

 

The 2016 Leap Second in the Cloud: It’s spread out for Oracle DBs on RDS

The 27th leap second will be officially applied December 31, 2016 at 23:59:60 UTC. For Oracle DB instances on RDS the following applies:

  • RDS will spread out the leap second equally in the 24h surrounding the timestamp above.
  • After this period RDS time will be in sync with  Cordinated Universal Time.
  • This applies for Oracle DB instances with versions 11.2.0.2, 11.2.0.3, and 12.1.0.1. They will follow AWS Adjusted Time that is applied to RDS.

Oracle Database on Docker Official Now!

Those of you using Docker will know that we had a Docker file provided by Oracle for creating an Oracle database image since quite a while. However, the Oracle database was so far not certified to run on Docker. This has changed now!

Oracle database on on a Docker container is now officially certified, you can refer to the MOS Doc ID 2216342.1. Don’t worry if you cannot access the link. So far it only states some very basic facts. Also those who know me will understand that I generally dislike postings referring to closed content such as my Oracle support – please regard this as an add-on if you have access to MOS.

How it works

  • There won’t be simple way to just issue a docker run command to get an Oracle DB running since there is no publicly available Docker image for Oracle database due to legal reasons.
  • You have to build your own Docker image from based on a directory that you can check out from github.

Oracle DB on Docker – What is supported

  • A single instance Oracle DB, either Oracle Database – Enterprise Edition – Version 12.1.0.2+ or Oracle Database – Standard Edition – Version 12.1.0.2+
  • Docker containers running on Oracle Linux and Red Hat RHEL  x86-64

Oracle DB on Docker – What is not supported

  • Oracle RAC
  • Although not stated in the support notes there is probably more that is not supported, i.e. everything that is not explicitly listed (how about Golden Gate etc.?)