Notes on OCI (Oracle Cloud Infrastructure)

Motivation

Some of my services are too light that I don’t want to run them endlessly on my beefy home server. One reason is that I want better availability and clearly it’s hard (a better word probably is expensive) to achieve that in my current set up. So I decided to go for the Cloud, after all… I was a cloud TA!

I chose OCI because they offer two always-free machines and it seems they are serious about this offer. So I migrated several of my services to OCI instances. This post is a summary of the quirks that I want to note down for future reference.

Firewall

I don’t know why they make it so hard to achieve the same effect as AWS security groups… But anyway, here’s what I need to do to reach my service via the public Internet.

Set up VPC rules through the portal

In the instance detail page, click Attached VNICs under the Resources tab. Then find the subnet of VLAN that this instance is attached with. You will be directed to the subnet detail page, where you can find the Security Lists, and that is our target (the equivalent of AWS security group). Then you can add/remove any rules you want.

Set up iptable rules via command line

This iptable thing actually confuses me a lot. I don’t know why they enforce iptable rules together with the security list set up.

SSH into the instance and run the following commands. These commands are taken from this SO post

  sudo iptables-save > ~/iptables-rules # backup
  sudo iptables -P INPUT ACCEPT # the following commands effectively disable iptables by allowing all traffic
  sudo iptables -P OUTPUT ACCEPT
  sudo iptables -P FORWARD ACCEPT
  sudo iptables -F