2.8 Tenant Groups

2.8.1 Design Assumptions and Restrictions
2.8.2 Configuring Tenant Groups

A standard Oracle PCA environment built on a full rack configuration contains 25 compute nodes. A tenant group is a logical subset of a single Oracle PCA environment. Tenant groups provide an optional mechanism for an Oracle PCA administrator to subdivide the environment in arbitrary ways for manageability and isolation. The tenant group offers a means to isolate compute, network and storage resources per customer. It also offers isolation from cluster faults.

2.8.1 Design Assumptions and Restrictions

Up to Oracle PCA Controller Software Release 2.2.1, a factory-installed appliance base rack has all compute nodes configured as part of a single Oracle VM server pool, named Rack1_ServerPool. As of release 2.2.1, or during a controller software update to release 2.2.1, this server pool becomes the default tenant group. Oracle PCA supports a maximum of 8 tenant groups. This number includes the default tenant group, which cannot be deleted from the environment, and must always contain at least one compute node. Therefore, a single custom tenant group can contain up to 24 compute nodes, while the default Rack1_ServerPool can contain all 25.

Regardless of tenant group membership, all compute nodes are connected to all of the default Oracle PCA networks. Custom networks can be assigned to multiple tenant groups. When a compute node joins a tenant group, it is also connected to the custom networks associated with the tenant group. When you remove a compute node from a tenant group, it is disconnected from those custom networks. A synchronization mechanism, built into the tenant group functionality, keeps compute node network connections up to date when tenant group configurations change.

When you reprovision compute nodes, they are automatically removed from their tenant groups, and treated as new servers. Consequently, when a compute node is reprovisioned, it is added automatically to Rack1_ServerPool. After successful reprovisioning you can add the compute node to the appropriate tenant group.

2.8.2 Configuring Tenant Groups

The tenant group functionality can be accessed through the CLI. With a specific set of commands you manage the tenant groups, their member compute nodes, and the associated custom networks. The CLI initiates a number of Oracle VM operations to set up the server pool, and a synchronization service maintains settings across the members of the tenant group.

Warning

Do not modify the tenant group configuration while upgrade operations are running. No management operations are supported during upgrade, as these may lead to configuration inconsistencies and significant repair downtime.

Caution

You must not modify the server pool in Oracle VM Manager because this causes inconsistencies in the tenant group configuration and disrupts the operation of the synchronization service and the Oracle PCA CLI. Only server pool policies may be edited in Oracle VM Manager.

If you inadvertently used Oracle VM Manager to modify a tenant group, see Section 8.23, “Recovering from Tenant Group Configuration Mismatches”.

Note

For detailed information about the Oracle PCA CLI tenant group commands, see Chapter 4, The Oracle Private Cloud Appliance Command Line Interface (CLI).

Creating and Populating a Tenant Group

  1. Using SSH and an account with superuser privileges, log into the active management node.

    Note

    The default root password is Welcome1. For security reasons, you must set a new password at your earliest convenience. 

    # ssh root@10.100.1.101
root@10.100.1.101's password:
root@ovcamn05r1 ~]#

  2. Launch the Oracle PCA command line interface. 

    # pca-admin
Welcome to PCA! Release: 2.3.2
PCA>

  3. Create the new tenant group. 

    PCA> create tenant-group myTenantGroup
Status: Success

PCA> show tenant-group myTenantGroup

----------------------------------------
Name                 myTenantGroup
Default              False
Tenant Group ID      0004fb0000020000155c15e268857a78
Servers              None
State                ready
Tenant Group VIP     None
Networks             None
Pool Filesystem ID   3600144f0d29d4c86000057162ecc0001
----------------------------------------

    The new tenant group appears in Oracle VM Manager as a new server pool. It has a 12GB server pool file system located on the internal ZFS storage appliance, and is assigned a virtual IP address in the 192.168.140.0/24 subnet. The IP address is accessible once a member server of the tenant group has been assigned the server pool master role.

  4. Add compute nodes to the tenant group.

    If a compute node is currently part of another tenant group, it is first removed from that tenant group.

    Caution

    Removing a compute node from an existing tenant group will fail if the server is hosting virtual machines, or if storage repositories are presented. If so, you have to migrate the virtual machines and unpresent the repositories before adding the compute node to a new tenant group. 

    PCA> add compute-node ovcacn09r1 myTenantGroup
Status: Success

PCA> add compute-node ovcacn10r1 myTenantGroup
Status: Success

  5. Add a custom network to the tenant group. 

    PCA> add network-to-tenant-group myPublicNetwork myTenantGroup
Status: Success

    Custom networks can be added to the tenant group as a whole. This command creates synchronization tasks to configure custom networks on each server in the tenant group.

    Caution

    While synchronization tasks are running, make sure that no reboot or provisioning operations are started on any of the compute nodes involved in the configuration changes.

  6. Verify the configuration of the new tenant group. 

    PCA> show tenant-group myTenantGroup

----------------------------------------
Name                 myTenantGroup
Default              False
Tenant Group ID      0004fb0000020000155c15e268857a78
Servers              ['ovcacn09r1', 'ovcacn10r1']
State                ready
Tenant Group VIP     None
Networks             ['myPublicNetwork']
Pool Filesystem ID   3600144f0d29d4c86000057162ecc0001
----------------------------------------

Status: Success

    The new tenant group corresponds with an Oracle VM server pool with the same name and has a virtual IP an pool file system. The command output also shows that the servers and custom network were added successfully.

These configuration changes are reflected in the Servers and VMs tab in Oracle VM Manager. Figure 2.5 shows a second server pool named MyTenantGroup, which contains the two compute nodes that were added as examples in the course of this procedure.

Note

The system does not create a storage repository for a new tenant group. An administrator must configure the necessary storage resources for virtual machines in Oracle VM Manager. See Section 5.7, “Viewing and Managing Storage Resources”.

Figure 2.5 Oracle VM Manager View of New Tenant Group

Screenshot showing the Servers and VMs tab of the Oracle Private Cloud Appliance Dashboard. The newly created tenant group appears in the Server Pools list and contains the two servers that were added as part of the procedure.

Reconfiguring and Deleting a Tenant Group

  1. Identify the tenant group you intend to modify. 

    PCA> list tenant-group

Name                 Default      State
----                 -------      -----
Rack1_ServerPool     True         ready
myTenantGroup        False        ready
----------------
2 rows displayed

Status: Success

PCA> show tenant-group myTenantGroup

----------------------------------------
Name                 myTenantGroup
Default              False
Tenant Group ID      0004fb0000020000155c15e268857a78
Servers              ['ovcacn09r1', 'ovcacn10r1']
State                ready
Tenant Group VIP     None
Networks             ['myPublicNetwork']
Pool Filesystem ID   3600144f0d29d4c86000057162ecc0001
----------------------------------------

Status: Success

  2. Remove a network from the tenant group.

    A custom network that has been associated with a tenant group can be removed again. The command results in serial operations, not using the synchronization service, to unconfigure the custom network on each compute node in the tenant group. 

    PCA> remove network-from-tenant-group myPublicNetwork myTenantGroup
************************************************************
 WARNING !!! THIS IS A DESTRUCTIVE OPERATION.
************************************************************
Are you sure [y/N]:y

Status: Success

  3. Remove a compute node from the tenant group.

    Use Oracle VM Manager to prepare the compute node for removal from the tenant group. Make sure that virtual machines have been migrated away from the compute node, and that no storage repositories are presented. 

    PCA> remove server ovcacn09r1 myTenantGroup
************************************************************
 WARNING !!! THIS IS A DESTRUCTIVE OPERATION.
************************************************************
Are you sure [y/N]:y

Status: Success

    When you remove a compute node from a tenant group, any custom network associated with the tenant group is automatically removed from the compute node network configuration. Custom networks that are not associated with the tenant group are not removed.

  4. Delete the tenant group.

    Before attempting to delete a tenant group, make sure that all compute nodes have been removed. 

    PCA> delete tenant-group myTenantGroup
************************************************************
 WARNING !!! THIS IS A DESTRUCTIVE OPERATION.
************************************************************
Are you sure [y/N]:y

Status: Success

    When the tenant group is deleted, operations are launched to free the virtual IP address for re-use, and to remove the server pool file system LUN from the internal ZFS storage appliance. The tenant group's associated custom networks are not destroyed.

Copyright © 2013, 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices