Exploring Oracle Cloud and the Always Free Resources

A friend recently mentioned to me that Oracle Cloud has a pretty decent ‘Always Free’ Tier, with 4 ARM64 cores sharing 24GB of RAM, one AMD VM, and 200GB of block storage to divide between them.

I decided to have a look at the service, and below you will find my experiences.

Content below:

Signup process

After entering my email address and training the AI on how to recognise various types of airplanes, I am promised a confirmation email. The confirmation email comes in. It says “click the button below”. There is no button below, so I click “Load images” in my mail client.

The button appears. Ish.

confirmation email

(If you’re wondering about the compression artifacts in that header image, I got it like that.)

I click the button, the same form as before appears, with more fields, but empty. A few seconds later it reloads and at least my username and e-mail address are filled in again.

I am warned that ARM capacity is limited in many places. Luckily for me, Amsterdam is not among those places.

I am also warned:

Your home region is the geographic location where your account and identity resources will be created. It is not changeable after sign-up. See Regions for service availability.

I carefully pick Amsterdam.

Firefox generously offers to generate a password for me. I say yes, and Firefox concocts a creation nobody could imagine. Oracle Cloud will have none of it:

  • Password must contain a minimum of 8 characters, 1 lowercase, 1 uppercase, 1 numeric, and 1 special character .
  • Password cannot exceed 40 characters, contain the users first name, last name, email address, spaces, or ` ~ < > \ characters.

So I generate a password using pwgen -y and vandalise it until Oracle Cloud is happy.

I enter my address in an overabundance of “address” fields; my phone number; my city of residence. Then I come to the zip/postal code field, and I enter mine, which looks like “1234AB”. The format is not correct - I forgot to put a space between the numbers and the letters. How could I be so dumb! If only we had devices that could automatically fix obvious errors in input from humans.

I am redirected to a payment provider so that my credit card can be used to prevent abuse. I am promised that a single EUR will be captured and swiftly released. My online credit card statement confirms this seconds after.

The machine spends 30 seconds “setting up my account”. Then I get an email confirming various things, but also warning me

We’re still setting up billing and a few other details, but you can go ahead and get started now.

16 minutes later, I shall get an email telling me

Your account is now fully set up! You have €250 in credits that you can use towards any Oracle Cloud services for the next 30 days.

and

If you provided a credit card during sign-up, it was only used for verification and will not be charged unless you upgrade to a paid account. Note that usage during your promotional period is discounted.

I log in and start deploying VMs and poking around. See the Deploying VMs section below for my experiences with that.

After poking around for a while on the operational side of things, I decide to check that I really am not accidentally going to pay for anything. I click around and find the page where I might do the “upgrade to paid” (which I do not want to do at this point, but I want to make sure everything is right). The page tells me:

This account is managed by enterprise agreement with Oracle and any upgrade operation from this page is not available for the tenancy. Please contact your account manager to make any changes.

I trust this means that somebody will spend 30 minutes with me on the phone before any money changes hands.

Two hours after the “fully set up!” email I get another email:

You have been associated to a cloud subscription and granted access to a Support Identifier for Oracle Support.

Which, time wise, might have been when the trouble started.

It is around this time that I find myself logged out of the panel. The login page tells me:

We have detected that your tenancy has been federated to another Identity Provider.

I also can no longer log in. When I check my saved passwords, I notice that the saved one is definitely not the one I carefully crafted to meet Oracle’s absurd demands - it is the one Firefox invented for me just before that. I hit various buttons with labels such a “Get help signing in” and “Forgot password”. Eventually I am promised an email to reset my password.

No email has come. As I write this, I am locked out of my account, and also very happy I had not actually moved any services to the Oracle Cloud yet.

Deploying VMs

Console

Although Oracle’s set of services appears designed to look as impressive as Amazon’s, I find the console a delight to work with compared to Amazon’s “you should probably get a consultant” maze. However, the sluggishness and endless spinners for loading tables with zero or a few entries that I’ve grown accustomed to with Azure and Amazon are present here too. Almost feels like home.

VM Deployment

I deployed and destroyed a few VMs. Deployment of the first one took minutes, those after that deployed in 20-30 seconds I think.

OS choices are okay. A few flavours of Oracle Linux (both in 7 and 8, with 7.9 the current default), plus some Ubuntu. On the AMD VM (but not on the ARM machines), I think I spotted CentOS as an option.

Having to paste my SSH pubkey into a box for every VM deployment is a bit tedious. I trust there is a better way but it is not obvious from the VM deployment page.

The VMs, once deployed, look fine. Various Oracle processes are running - see Oracle Cloud Agents below. On the Oracle Linux 8 VMs, for some reason 10GB of the default 50GB root volume size is dedicated to storing system metrics in /var/oled. At least it’s LVM, so if I wanted to get rid of that partition, I easily could.

On an Oracle Linux 7 install, I get the full 50GB as /.

DNS Trouble

At one point, I deployed an ARM VM called “ampere” (named after the ARM CPUs they’re using). The VM creation form tells me my machine will be reachable at ampere.subnet08302137.vcn08302137.oraclevcn.com. After the creation form, that name is nowhere to be found anywhere in the control panel. The name servers for the oraclevcn.com domain appear to be entirely broken:

$ dig ampere.subnet08302137.vcn08302137.oraclevcn.com. @orcldns1.ultradns.com.

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ampere.subnet08302137.vcn08302137.oraclevcn.com. @orcldns1.ultradns.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53417
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ampere.subnet08302137.vcn08302137.oraclevcn.com. IN A

;; Query time: 35 msec
;; SERVER: 2001:502:f3ff::64#53(2001:502:f3ff::64)
;; WHEN: Tue Aug 31 21:00:16 CEST 2021
;; MSG SIZE  rcvd: 76

Oracle Cloud Agents

When deploying a new VM, hidden in advanced settings is a set of Oracle Cloud Agents. They can do fancy things like upgrade software for you (except, apparently, the agents themselves, the page warns me).

One of the agents looks very useful but also scary - it allows command execution from the control panel right inside your VM. I ponder the implications for a bit, but decide that somebody who has access to the control panel can do whatever they want, even if would normally take a few more steps (shut VM A down, make a new VM B, mount storage from VM A on VM B, change some passwords or drop an ssh pubkey in, etc.).

I try the command execution agent. It does not work. Logs on the system report an Authorization Error in talking to Oracle’s backend.

Conclusion

The Always Free Resources program is enticing. Many people would probably be happy to have the power to spin up a few VMs here and there without any payment relationship, and no financial risk if they accidentally leave something running.

The basic service I care about (the VMs) seems fine - but I did not get to play around inside them that much. Everything around the VMs is beta-quality or worse. Signup is somewhat painful, various help links in the control panel lead to 404s, and, as detailed above, account management is full of surprises, and eventually locked me out completely.

It is clear Oracle is trying to grab some market by drawing in users with some exciting free stuff. It is sad, then, that at least this user has been completely discouraged to spend money with them, a mere two hours after signup.

Updates

  • Thursday 23 September: I get an email “Your Oracle Cloud Free Trial expires in 7 days”. Then, a phone call. Oracle would like to know how my free trial is going. I tell the friendly person on the other end of the line that I lost access after a few hours and have not been able to get back in. He says he will look into it. (Nothing has come of this.)
  • Wednesday 29 September: Oracle Cloud randomly comes up in conversation, and I decide to give the password reset procedure another try. This time, I cracked the code. Wherever a form says “username” (and I do have a username!), you need to pretend it says “email address”. I have regained access to my account.
  • Also Wednesday 29 September: a friend who sees this blog post mentions to me he never managed to spawn an ARM VM. Having destroyed mine almost a month ago, I try making one now, but apparently they are out of stock.
  • November 7 2022: I try logging in. I am (I think, the dialog is not very clear) forced to change my password. The “change password” dialog is broken. Inspection of underlying requests shows a “400 Bad Request” response to a “ApplicablePasswordPolicyRetriever” call. I cannot log in.
  • November 17 2022: the retriever is fixed. However, Uncaught TypeError: v.oldPasswordValue() is undefined - so I still cannot log in.
updatedupdated2022-11-172022-11-17