A standard Oracle PCA environment could span up to three racks containing up to 85 compute nodes: 25 compute nodes in the base rack and 30 in each of two expansion racks. A tenant group is a logical subset of a single Oracle PCA environment. Tenant groups provide an optional mechanism for an Oracle PCA administrator to subdivide the environment in arbitrary ways for manageability and isolation. The tenant group offers a means to isolate compute, network and storage resources per customer. It also offers isolation from cluster faults.
Up to Oracle PCA Controller Software Release 2.2.1, a factory-installed appliance base rack has all compute nodes configured as part of a single Oracle VM server pool, named Rack1_ServerPool. As of release 2.2.1, or during a controller software update to release 2.2.1, this server pool becomes the default tenant group.
Oracle PCA supports a maximum of 8 tenant groups. This number includes the default tenant group, which cannot be deleted from the environment. A single tenant group can contain up to 32 compute nodes. When expansion racks are added to the Oracle PCA environment, the provisioning system does not add those compute nodes to a tenant group, but to the Oracle VM Unassigned Servers list instead. After provisioning has completed, you can add the new compute nodes in the expansion rack(s) to the tenant group of your choice.
Regardless of tenant group membership, all compute nodes are connected to all of the default Oracle PCA networks. Custom networks can be assigned to multiple tenant groups. When a compute node joins a tenant group, it is also connected to the custom networks associated with the tenant group. When you remove a compute node from a tenant group, it is disconnected from those custom networks. A synchronization mechanism, built into the tenant group functionality, keeps compute node network connections up to date when tenant group configurations change.
When you reprovision compute nodes, they are automatically removed from their tenant groups, and treated as new servers. Consequently, when the a compute node from the base rack is reprovisioned, it is added automatically to Rack1_ServerPool. When a compute node in an expansion rack is reprovisioned, it is placed in the Unassigned Servers list. After successful reprovisioning you can add the compute node to the appropriate tenant group.
The tenant group functionality can be accessed through the CLI. With a specific set of commands you manage the tenant groups, their member compute nodes, and the associated custom networks. The CLI initiates a number of Oracle VM operations to set up the server pool, and a synchronization service maintains settings across the members of the tenant group.
You must not modify the server pool in Oracle VM Manager because this causes inconsistencies in the tenant group configuration and disrupts the operation of the synchronization service and the Oracle PCA CLI. Only server pool policies may be edited in Oracle VM Manager.
If you inadvertently used Oracle VM Manager to modify a tenant group, see Section 7.14, “Recovering from Tenant Group Configuration Mismatches”.
For detailed information about the Oracle PCA CLI tenant group commands, see Chapter 3, The Oracle Private Cloud Appliance Command Line Interface (CLI).
Creating and Populating a Tenant Group
Using SSH and an account with superuser privileges, log into the active management node.
NoteThe default
root
password is Welcome1.# ssh root@10.100.1.101 root@10.100.1.101's password: root@ovcamn05r1 ~]#
Launch the Oracle PCA command line interface.
# pca-admin Welcome to PCA! Release: 2.2.1 PCA>
Create the new tenant group.
PCA> create tenant-group
myTenantGroup
Status: Success PCA> show tenant-groupmyTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant Group ID 0004fb0000020000155c15e268857a78 Servers None State ready Tenant Group VIP 192.168.140.131 Networks None Pool Filesystem ID 3600144f0d29d4c86000057162ecc0001 ----------------------------------------The new tenant group appears in Oracle VM Manager as a new server pool. It has a 12GB server pool file system located on the internal ZFS storage appliance, and is assigned a virtual IP address in the
192.168.140.0/24
subnet. The IP address is accessible once a member server of the tenant group has been assigned the server pool master role.Add compute nodes to the tenant group.
If a compute node is currently part of another tenant group, it is first removed from that tenant group.
CautionRemoving a compute node from an existing tenant group will fail if the server is hosting virtual machines, or if storage repositories are presented. If so, you have to migrate the virtual machines and unpresent the repositories before adding the compute node to a new tenant group.
PCA> add server ovcacn09r1
myTenantGroup
Status: Success PCA> add server ovcacn10r1myTenantGroup
Status: SuccessAdd a custom network to the tenant group.
PCA> add network-to-tenant-group
myPublicNetwork
myTenantGroup
Status: SuccessCustom networks can be added to the tenant group as a whole. This command creates synchronization tasks to configure custom networks on each server in the tenant group.
Verify the configuration of the new tenant group.
PCA> show tenant-group
myTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant Group ID 0004fb0000020000155c15e268857a78 Servers ['ovcacn09r1', 'ovcacn10r1'] State ready Tenant Group VIP 192.168.140.131 Networks ['myPublicNetwork'] Pool Filesystem ID 3600144f0d29d4c86000057162ecc0001 ---------------------------------------- Status: SuccessThe new tenant group corresponds with an Oracle VM server pool with the same name and has a virtual IP an pool file system. The command output also shows that the servers and custom network were added successfully.
These configuration changes are reflected in the Servers and VMs tab in Oracle VM Manager. Figure 2.5 shows a second server pool named MyTenantGroup, which contains the two compute nodes that were added as examples in the course of this procedure.
The system does not create a storage repository for a new tenant group. An administrator must configure the necessary storage resources for virtual machines in Oracle VM Manager. See Section 4.7, “Viewing and Managing Storage Resources”.
Reconfiguring and Deleting a Tenant Group
Identify the tenant group you intend to modify.
PCA> list tenant-group Name Default State ---- ------- ----- Rack1_ServerPool True ready myTenantGroup False ready ---------------- 2 rows displayed Status: Success PCA> show tenant-group
myTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant Group ID 0004fb0000020000155c15e268857a78 Servers ['ovcacn09r1', 'ovcacn10r1'] State ready Tenant Group VIP 192.168.140.131 Networks ['myPublicNetwork'] Pool Filesystem ID 3600144f0d29d4c86000057162ecc0001 ---------------------------------------- Status: SuccessRemove a network from the tenant group.
A custom network that has been associtated with a tenant group can be removed again. The command results in serial operations, not using the synchronization service, to unconfigure the custom network on each compute node in the tenant group.
PCA> remove network-from-tenant-group
myPublicNetwork
myTenantGroup
************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: SuccessRemove a compute node from the tenant group.
Use Oracle VM Manager to prepare the compute node for removal from the tenant group. Make sure that virtual machines have been migrated away from the compute node, and that no storage repositories are presented.
PCA> remove server ovcacn09r1
myTenantGroup
************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: SuccessWhen you remove a compute node from a tenant group, any custom network associated with the tenant group is automatically removed from the compute node network configuration. Custom networks that are not associated with the tenant group are not removed.
Delete the tenant group.
Before attempting to delete a tenant group, make sure that all compute nodes have been removed.
PCA> delete tenant-group myTenantGroup ************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: Success
When the tenant group is deleted, operations are launched to free the virtual IP address for re-use, and to remove the server pool file system LUN from the internal ZFS storage appliance. The tenant group's associated custom networks are not destroyed.