Oracle Database 21c Express Edition on Oracle Linux 8 on Azure User Guide
Overview
This guide covers the deployment and configuration of Oracle Database 21c Express Edition on Oracle Linux 8 on Microsoft Azure using cloudimg's pre configured virtual machine image from the Azure Marketplace. Oracle Database 21c Express Edition is the free to use edition of Oracle Database, ideal for development, learning, and small production workloads. This variant provides full Oracle Database functionality on the Oracle Linux 8 platform with no licence cost.
What's included in this VM image:
- Oracle Database 21c Express Edition 21.3.0.0.0 (64 bit) installed at /opt/oracle
- Preconfigured XE container database with XEPDB1 pluggable database ready to start
- Oracle Listener preconfigured on port 1521
- Dedicated oracle OS user with environment scripts
- Helper scripts for starting and stopping the database and listener
- Randomly generated SYSTEM user credentials
- OS package update script for keeping the system current
- Azure Linux Agent (waagent) for Azure integration
- Cloud init for automated provisioning
- Latest security patches applied at build time
- 24/7 cloudimg support with guaranteed 24 hour response SLA
Platform: Microsoft Azure (Gen2 Hyper V)
Default user: azureuser
Database SID: XE
Pluggable database: XEPDB1
Prerequisites
Before deploying this image, ensure you have:
- An active Microsoft Azure subscription
- Access to the Azure Portal or Azure CLI
- An SSH key pair for Linux VM access
- Familiarity with Azure VM management
Recommended VM Size: Standard_D2s_v3 (2 vCPU, 8 GB RAM) or larger. The minimum requirements are 2 vCPU, 2 GB RAM, and 20 GB disk space, but Oracle Database 21c Express benefits significantly from additional memory for better performance.
Step 1: Deploy the Virtual Machine
Option A: Azure Portal
- Navigate to the Azure Marketplace and search for "Oracle Database 21c Express Edition Oracle Linux 8 cloudimg"
- Select the image and click Create
- Configure the basics:
- Subscription: Select your Azure subscription
- Resource Group: Create new or select existing
- Virtual Machine Name: Enter a name for your VM
- Region: Select your preferred Azure region
- Size:
Standard_D2s_v3recommended - Under Administrator Account, select SSH public key and enter your key
- Under Inbound Port Rules, allow SSH (port 22)
- On the Networking tab, add an additional inbound rule for TCP port 1521 from your trusted IP addresses
- Click Review + Create, then Create
Option B: Azure CLI
az vm create \
--resource-group myResourceGroup \
--name my-oracle-db-21c-xe-vm \
--image cloudimg:oracle-db-21c-xe-oel8:default:latest \
--size Standard_D2s_v3 \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Open port 1521 for Oracle Listener access from your trusted IP:
az vm open-port \
--resource-group myResourceGroup \
--name my-oracle-db-21c-xe-vm \
--port 1521 \
--priority 1010
Important: Restrict port 1521 to trusted application servers or your IP only. Do not open the Oracle Listener port to the public internet.
Step 2: Connect via SSH
Once your VM is running, connect using SSH:
ssh azureuser@<public-ip-address>
To find your VM's public IP:
az vm show --resource-group myResourceGroup --name my-oracle-db-21c-xe-vm --show-details --query publicIps -o tsv
Important: Wait for the VM to reach a running state before connecting. Early connection attempts may produce permission denied errors while cloud init completes initial provisioning.
Step 3: Switch to the Oracle User
The Oracle software is owned by the dedicated oracle OS user. Switch to this user to manage the database. Please type this command rather than copying and pasting:
sudo su - oracle
Three scripts are available in the oracle user's home directory:
- setEnv.sh sets the Oracle environment variables, enabling utilities such as sqlplus
- start_all.sh starts the XE database and its associated Oracle Listener
- stop_all.sh stops the XE database and its associated Oracle Listener
Step 4: Start the Oracle Database and Listener
Run the following commands as the oracle user to start the database and listener:
cd $HOME
. ./start_all.sh
Expected output:
LSNRCTL for Linux: Version 21.0.0.0.0 - Production
Starting /opt/oracle/product/21c/dbhomeXE/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 21.0.0.0.0 - Production
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The command completed successfully
SQL*Plus: Release 21.0.0.0.0 Production
Connected to an idle instance.
SQL> ORACLE instance started.
Database mounted.
Database opened.
Step 5: Connect with SQL*Plus
Set the Oracle environment variables and launch SQL*Plus:
cd $HOME
. ./setEnv.sh
sqlplus / as sysdba
Expected output:
SQL*Plus: Release 21.0.0.0.0 Production
Copyright (c) 1982, 2021, Oracle. All rights reserved.
Connected to:
Oracle Database 21c Express Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
SQL>
Verify the database instance and pluggable database:
SELECT STATUS FROM V$INSTANCE;
SHOW PDBS;
EXIT;
Expected output:
STATUS
------------
OPEN
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 XEPDB1 READ WRITE NO
Type EXIT to leave the SQL*Plus session.
Step 6: Connect Remotely with SQL Developer
To connect to the database from an external tool such as SQL Developer, use the following connection settings:
| Setting | Value |
|---|---|
| Database Type | Oracle |
| Authentication Type | Default |
| Username | SYSTEM |
| Password | See credentials file below |
| Connection Type | Basic |
| Hostname | Your VM public IP |
| Port | 1521 |
| Service Name | XEPDB1 |
Note: To retrieve the SYSTEM user password, refer to the randomly generated credentials file at /stage/scripts/oracle-database-credentials.log.
Server Components
| Component | Version | Install Path |
|---|---|---|
| Oracle Database 21c Express Edition | 21.3.0.0.0 | /opt/oracle/product/21c/dbhomeXE |
| Oracle Linux | 8 | / |
| Oracle Listener | 21.3.0.0.0 | /opt/oracle/product/21c/dbhomeXE/network/admin |
Note: Component versions may be updated on first boot by the automatic OS package update script.
Filesystem Layout
| Mount Point | Size | Description |
|---|---|---|
| / | 30 GB | Root filesystem |
| /boot | 1 GB | Operating system kernel files |
| /opt/oracle | 20 GB | Oracle software and data files |
Key Oracle directories:
| Directory | Purpose |
|---|---|
| /opt/oracle | Oracle base directory |
| /opt/oracle/product/21c/dbhomeXE | Oracle home directory |
| /opt/oracle/oradata/XE | Oracle database data files |
| /opt/oracle/product/21c/dbhomeXE/network/admin | Listener and TNS configuration files |
| /opt/oracle/diag | Oracle diagnostic and alert log files |
| /stage/scripts | cloudimg helper scripts and credentials file |
Managing the Oracle Database
The Oracle Database is managed using shell scripts provided in the oracle user's home directory. The database does not use systemd services by default in this image.
Start the database and listener:
sudo su - oracle
cd $HOME
. ./start_all.sh
Stop the database and listener:
sudo su - oracle
cd $HOME
. ./stop_all.sh
Check listener status:
sudo su - oracle
cd $HOME
. ./setEnv.sh
lsnrctl status
Scripts and Log Files
| Script/Log | Path | Description |
|---|---|---|
| initial_boot_update.sh | /stage/scripts | Updates the OS with the latest packages on first boot |
| initial_boot_update.log | /stage/scripts | Output log for the boot update script |
| oracle-database-credentials.log | /stage/scripts | Oracle Database SYSTEM user credentials |
| setEnv.sh | /home/oracle | Sets Oracle environment variables for sqlplus and other tools |
| start_all.sh | /home/oracle | Starts the XE database and Oracle Listener |
| stop_all.sh | /home/oracle | Stops the XE database and Oracle Listener |
On Startup
An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:
sudo rm -f /stage/scripts/initial_boot_update.sh
sudo crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh
Troubleshooting
Cannot connect via SSH
- Verify the VM is in Running state in the Azure Portal
- Check that port 22 is allowed in the Network Security Group
- Ensure you are using the correct username:
azureuser - Verify your SSH key matches the one configured during deployment
Oracle Listener fails to start
- Switch to the oracle user:
sudo su - oracle - Source the environment:
. ./setEnv.sh - Check listener status:
lsnrctl status - Review the listener log at
/opt/oracle/diag/tnslsnr/<hostname>/listener/alert/log.xml - Verify port 1521 is not in use by another process:
netstat -tlnp | grep 1521
Database fails to start
- Switch to the oracle user and source the environment
- Connect to sqlplus:
sqlplus / as sysdba - Check the instance status:
SELECT STATUS FROM V$INSTANCE; - Try starting manually:
STARTUP; - Review the alert log at
/opt/oracle/diag/rdbms/xe/XE/trace/alert_XE.log
Cannot connect remotely on port 1521
- Verify the Oracle Listener is running:
lsnrctl status - Confirm the Network Security Group allows inbound TCP port 1521 from your IP
- Test connectivity from your client:
telnet <vm-ip> 1521 - Confirm your SQL Developer connection uses service name
XEPDB1(not the old SID style) - Check that the listener.ora file binds to
0.0.0.0on the VM
Security Recommendations
- Restrict port access: Only allow port 1521 from trusted application servers or specific IP addresses
- Change default passwords: Update the SYSTEM and SYS user passwords immediately after first login
- Use strong passwords: Ensure all database user passwords meet complexity requirements
- Enable auditing: Configure Oracle Database auditing to track access and changes
- Encrypt connections: Configure Oracle Net Services to use SSL/TLS encryption for client connections
- Limit OS access: Restrict SSH access to authorised administrators only
- Review user privileges: Remove unnecessary grants and follow the principle of least privilege
- Keep the system updated: Apply Oracle Critical Patch Updates and OS security patches regularly
Support
If you encounter any issues with this product, contact cloudimg support:
- Email: support@cloudimg.co.uk
- Website: www.cloudimg.co.uk
- Product Catalogue: www.cloudimg.co.uk/products
- User Guides: www.cloudimg.co.uk/guides
- Support hours: 24/7 with guaranteed 24 hour response SLA