This blog site is hosted at OCI on an ARM64 processor host with 6GB memory. It has been very stable. I do maintain it occasionally by executing sudo yum update -y && sudo yum upgrade -y but other than that I haven’t had to do much with the host to serve my blog contents. Here is how long the host has been running without a reboot.

23:07:52 up 62 days, 55 min,  1 user,  load average: 0.00, 0.10, 0.08

Surely, this blog site is light on traffic, so there is not much going on so that helps but when I imagine if this host was a Windows server, it would probably need a few reboots per month. I don’t know… Windows server might have improved. It’s been a few years since I dealt with Windows server machines.

VPN Server After a Month Usage

It’s been more than a month since I started to provision a VPN server in Tokyo on Oracle Cloud Infrastructure. I’ve been watching TVs and movies in Japan whenever I have time. I analyzed how much it would cost me to have a semi-permanent VPN server in Japan on OCI previously and I estimated it at $1.8 per month. Has it been really that little? Here is the actual cost.

So for entire March (31 days), it was $1.98. If cost per day is $0.06, it would be $1.86 but it was $1.98. I found out the resource cost to the fraction of cent is $0.064, so it came up to $1.98. That said, a stable and reliable VPN server without noisy neighbor problem at less than $5 is very very reasonable.

One thing I found out is that if you connect multiple devices at the same time, it can get unstable. I have no problem with it because I can’t watch multiple TVs at the same time. If I wanted to have multiple devices connected, I’d provision one or two more VPN servers because one ARM host is at around $2 after all.

Validating Downloaded File with File Size from Object Storage on OCI

This is a note for myself.

#!/usr/bin/env python3

import oci.object_storage
import urllib3
import os

def download_backup(bucket_name, file_name, local_dir):
    signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
    object_client = oci.object_storage.ObjectStorageClient(config={},signer=signer)

    object = object_client.get_object('id4qji14rv70', bucket_name, file_name)
    restored_file = os.path.join(local_dir, file_name)
    with open(restored_file, 'wb') as f:
        for chunk in object.data.raw.stream(1024 * 1024, decode_content=False):

    object_meta = object_client.head_object('id4qji14rv70', bucket_name, file_name)

    file_stats = os.stat(file_name)

    if file_stats.st_size == int(content_length):
        print(f"Validated {content_length}")
        print(f"Validation failed. Expected: {content_length} Actual: {file_stats.st_size}")

if __name__ == '__main__':
    download_backup('backup', '2022-03-21.zip', '/home/opc')

Managing Your Own DNS on OCI

You can manage your public DNS for your domain on OCI.

But first, you have to change the DNS delegation to OCI’s name servers like the following.

Whatever domain registerer you use, I am pretty sure you can change name servers for your domain. Once you change the domain delegation, you can start to manage your DNS records within OCI console.

Once you navigate to DNS Management on OCI console, click Create Zone.

I have iriumi.study as a domain that I want to be hosted on OCI, so I am going to create it.

Once you create the zone, you can add records.

Select A record for the record type and enter the public IP address you want to assign. I am leaving subdomain as blank because I want the name to resolve to the IP address without any subdomain. Also enter the value of TTL. TTL stands for time to live and it’s a duration how long the DNS resolution is cached before reaches back out to collect new and updated details. I am setting it 60 seconds for now but longer or shorter TTL has their own purposes, so I’d recommend that you look it up.

Now you can click Submit button at the bottom of the screen.

Then, click Publish Changes button to get it published.

If you go to DNS Checker and see how it is propagating around the world, you get to see something like this.

How to Validate a Big Downloaded File from Object Storage (OCI)

When you upload relatively a big file to Object Storage in OCI, it doesn’t have the MD5 hash ready for you. It’s because the big file is split into multi parts and they are uploaded into separate space. Then, when you download the file, the multi parts are downloaded sequentially and they are put into one file on the client side. Object Storage does not calculate the MD5 hash putting the multi parts together on the service side due to its sheer required processing power it may need. When you try to view the information of the file on Object Storage, you don’t see the actual MD5 hash.

Tough opc-multipart-md5 looks promising, that’s just a part of the whole thing. To get my point crossed, when I uploaded a small file, MD5 hash is calculated and available on the service side.

Now, how do we solve this problem? The best way is to calculate the MD5 hash before you upload the file with md5sum and then attach the MD5 hash to metadata when uploading the file to Object Storage.

You can get the data by executing the following command.

 oci os object head --auth instance_principal -bn backup --name 2022-03-20.zip

Here is the data you get as JSON.

  "accept-ranges": "bytes",
  "access-control-allow-credentials": "true",
  "access-control-allow-methods": "POST,PUT,GET,HEAD,DELETE,OPTIONS",
  "access-control-allow-origin": "*",
  "access-control-expose-headers": "accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-type,date,etag,last-modified,opc-client-info,opc-client-request-id,opc-meta-md5hash,opc-multipart-md5,opc-request-id,storage-tier,version-id,x-api-id",
  "content-length": "217286450",
  "content-type": "application/octet-stream",
  "date": "Sun, 20 Mar 2022 04:42:05 GMT",
  "etag": "500168df-c90a-4d35-b4f6-c7a6c99d5969",
  "last-modified": "Sun, 20 Mar 2022 04:40:27 GMT",
  "opc-client-request-id": "92C495DFAA8647C4B230B10580FED145",
  "opc-meta-md5hash": "1eed774bb61c15f8c50c7771e71bbb24",
  "opc-multipart-md5": "i1Ap4X2OnVAU7aK8RwxgMg==-2",
  "opc-request-id": "iad-1:mHbU0Aq4kW9abs3NCSv77cOKPDYdcQ74lsT4sPgfDI44xXLWLwYk8MKcX3WmPE7L",
  "storage-tier": "Standard",
  "version-id": "29ba4883-5fb3-4316-acbc-ceb218b5e3d1",
  "x-api-id": "native"

So the process would be to execute oci os object head on the object you are going to download and keep the MD5 hash in a variable. Then once you download the file, have md5sum calculate the MD5 hash on the downloaded file. And then see if the calculated MD5 matches the one from oci os object head.

Here is the bash script I came up with to upload the file with the metadata.

rm -rf /home/opc/backup.zip
zip -r /home/opc/backup.zip /home/opc/wordpress/*

md5=`md5sum backup.zip | awk '{ print $1 }'`
filename=`date +%Y-%m-%d`.zip
oci os object put --auth instance_principal -bn backup --file backup.zip --name $filename --force --metadata $json

I have cron’ed the bash script to run every day so the file backup is automated.

Tokyo VPN Server Cost

I provisioned an ARM64 VM in Tokyo last weekend to create a VPN server in Japan. I noticed that I was starting to get charged for it. Here is how much…

So far only $0.09. Looks like only $0.06 per day. That means $0.06 x 30 = $1.8 a month. A full blown VPN server just for myself for $1.8 a month. The boot volume size is what’s costing me, and the size is 47GB. That’s the default size I picked.

I thought up to 4 ARM64 hosts were free but that seems to be only in the home region, which is us-ashburn-1 in my case. But still $1.8 per month for my own VPN server in Japan is very very cheap and I have no problem keeping it running. I have been using the VPN server to watch movies and contents in Japan and I have been very happy with it.

I used to have an VPN server in Japan with Azure and it used to cost me around $20 a month for mostly data transfer but OCI seems to be very generous in the amount of data transferred.

My Own VPN Server in Japan

I’m from Japan and I want to watch movies and TV programs in Japan from time to time. I subscribe to Amazon Prime in Japan but the IP address here in US prevents me from watching movies on it. In my opinion, that kind of service really kills advantage of the Internet but there must be business reasons why they want to filter the traffic by the source IP address.

To get around it, you could use a VPN connection. You can connect to a server in Japan and watch contents there pretending that you are in Japan. Yeah, there are VPN services out there and you can easily get decent service relatively reasonably but as an engineer, I thought why don’t I create a VPN host in Japan.

I provisioned a host in Japan on OCI. It is a ARM64 Ubuntu host. After Googling some, I was able to find a nice article that let me walk through steps to configure a VPN server. After like 20 to 30 mins, I was able to use the VPN server. It was a breeze.

As far as I see, the ARM64 Ubuntu host in Japan is free so far, so as long as you are willing to go through some steps your self, you get a free VPN server in the country you want.

Migrated Yet Again

I didn’t feel right that I had to clone the boot volume and recreated the blog instance out of it to recover my SSH key, so I created an ARM instance from scratch again.

It was very easy to install and configure the Docker containers this time because I already had an Ansible project to automate it.

If you are seeing this article, you are seeing it on a yet another ARM host with Dockerized WordPress.

Recovering SSH Key

I stupidly reinstalled Ubuntu on my desktop on which I had Linux Mint just because I wanted to try it but I ended up with going back to Linux Mint again. I’m writing this blog from my Linux Mint. I casually formatted the hard drive and did a little distro hopping. When I tried to SSH into my blog host on OCI, I realized that I lost the SSH key and no other host can access the blog host. Crap!

However, I was able to recover it relatively quickly. Here is the list of what I did.

  1. Cloned the existing boot volume.
  2. Created an instance out of the cloned boot volume. When I created the instance, I had a chance to enter public key.
  3. Since it was a cloned volume, everything was already on it. Since it’s got a different public IP, I just changed the DNS A Record to point to the new instance.

It’s all back up and I am able to SSH into the host again.

Experiment with Azure

I remember doing some experiment with Ansible on Azure sometime in January for about 2 weeks. I just got charged $12.16. Azure charges come to my as surprise… Hmm I didn’t think it was costing that much, kind of surprise. I should have monitored the cost as I was using it but I provisioned just one small VM, so I didn’t think it was going to be $12.

I went head and did some analysis. Here is the details of the cost.

  • VM License: $7.43
  • Storage: $2.50
  • VM: $0.77

Oh, I was paying to a VM license… I wondered what I provisioned… If I remember correctly, it was Oracle Linux. When you use Oracle Linux on Azure, it costs about $0.019/h. I had it a little more than 2 weeks so it makes sense. However, as far as I know, Oracle does not charge anything for its license if you provision Oracle Linux on Oracle Cloud Infrastructure (OCI), so if you want to use Oracle Linux, OCI is a good choice.

I see people posting question like “Which distro is good other than CentOS?”. I’d say Oracle Linux is a very good choice. It is 100% compatible with RedHat Linux and it’s free. As far as I know, Oracle Linux is very well maintained by Oracle very often and as long as Oracle is in business, it will continue to be distributed for free. RedHat dropped the ball on CentOS because it didn’t make business sense to RedHat but Oracle uses Oracle Linux for their production a lot so I don’t see them dropping the ball anytime soon.