2 Administering Oracle Container Cloud Service
Learn how to order an Oracle Container Cloud Service subscription and how to access the Oracle Container Cloud Service Console to administer Oracle Container Cloud Service instances.
Typical Workflow for Setting Up and Administering Oracle Container Cloud Service
Here’s a typical workflow showing the tasks you’ll usually perform to set up and administer Oracle Container Cloud Service.
Task | Description | More Information |
---|---|---|
Order and activate a subscription for Oracle Container Cloud Service |
You choose whether to:
When you order a subscription for Oracle Container Cloud Service, you automatically get a subscription for Oracle Developer Cloud Service as an entitlement. You can also purchase other subscriptions, such as Oracle Database Cloud Service and Oracle Messaging Cloud Service, if needed for your application. Note: Oracle Container Cloud Service requires access to block and object storage in Oracle Cloud. You’ll probably already have access to this storage through your subscriptions to other cloud services (for example, Oracle Storage Cloud Service, Oracle Compute Cloud Service, Oracle Database Cloud Service, Oracle Java Cloud Service). If not, you’ll have to order a subscription to a service that does provide Oracle Cloud block and object storage. |
Ordering a Subscription for Oracle Container Cloud Service |
Create an Oracle Container Cloud Service service instance | Sign in to the My Services application to access the Oracle Container Cloud Service Console and create a service instance. |
Accessing the Service Console for Oracle Container Cloud Service |
Administer Oracle Container Cloud Service | Use the Oracle Container Cloud Service Console to administer Oracle Container Cloud Service and service instances, including to:
|
Accessing the Service Console for Oracle Container Cloud Service Creating Oracle Container Cloud Service Instances Adding Public SSH Keys to Oracle Container Cloud Service Instances Managing Access Rules for Oracle Container Cloud Service Instances Viewing Activity for Oracle Container Cloud Service Instances |
Ordering a Subscription for Oracle Container Cloud Service
Before you can start using Oracle Container Cloud Service, you have to order a subscription.
-
Sign-in credentials (a username, temporary password, identity domain, and data center where the service is located)
-
My Services URL
Administering Oracle Container Cloud Service Instances
Learn how to administer Oracle Container Cloud Service instances.
Topics
-
Accessing the Service Console for Oracle Container Cloud Service
-
Viewing Information about Oracle Container Cloud Service Instances
-
Stopping, Starting, and Restarting Oracle Container Cloud Service Instances
-
Uploading Your Own SSL Certificates to a Manager Node Using SSH
-
Changing the Number of Worker Node Hosts in Oracle Container Cloud Service Instances
-
Managing Access Rules for Oracle Container Cloud Service Instances
-
Viewing Activity for Oracle Container Cloud Service Instances
-
Viewing Log Files on Oracle Cloud Container Service Manager and Worker Nodes Using SSH
-
Changing the Username or Password for an Oracle Container Cloud Service Instance Administrator
-
Resetting the Password for an Oracle Container Cloud Service Instance Administrator Using SSH
-
Backing Up and Restoring Oracle Container Cloud Service Instances
Accessing the Service Console for Oracle Container Cloud Service
If you’re responsible for administering and monitoring Oracle Container Cloud Service instances, you’ll be using the Service Console.
- Sign in to the My Services application at the URL and using the credentials you’ve received, either from your administrator or in an email from Oracle Cloud.
- In the My Services dashboard, navigate to the Oracle Container Cloud Service entry and select Open Service Console from the menu.
- On the Service Details page, click Open Service Console to display the Services tab of the Oracle Container Cloud Service Console.
- Administer Oracle Container Cloud Service instances by performing tasks such as:
Creating Oracle Container Cloud Service Instances
You can use a simple wizard to define and create Oracle Container Cloud Service instances, specifying (amongst other things) the number of worker nodes that can run Docker containers.
-
using the Container Console (see Changing the Username or Password for an Oracle Container Cloud Service Instance Administrator)
-
using SSH (see Resetting the Password for an Oracle Container Cloud Service Instance Administrator Using SSH)
Every Oracle Container Cloud Service instance you create will always have one manager node, and the number of worker nodes that you specify. Oracle Container Cloud Service software running on the manager node orchestrates the deployment of Docker containers to the worker nodes in the instance.
Manager nodes and worker nodes are Oracle Compute virtual machines (VMs), also known as compute nodes or compute VMs. When you create an Oracle Container Cloud Service instance, you’re billed for the total number of compute VMs you request for the instance (the number of worker nodes, plus one manager node).
To create a new Oracle Container Cloud Service service instance using the Oracle Container Cloud Service Console:
Viewing Information about Oracle Container Cloud Service Instances
Use the Oracle Container Cloud Service Console to see summary and detailed information about Oracle Container Cloud Service instances in the identity domain.
Stopping, Starting, and Restarting Oracle Container Cloud Service Instances
Learn about how to stop, start, and restart Oracle Container Cloud Service instances.
Stopping an Oracle Container Cloud Service Instance
When you stop an Oracle Container Cloud Service instance using the Oracle Container Cloud Service Console, the manager node and all worker nodes in the instance are stopped. You cannot perform management operations on a stopped instance except to start it or to delete it. When you stop an instance, its CPU and RAM are stopped.
To stop an Oracle Container Cloud Service instance:
Starting an Oracle Container Cloud Service Instance
When you start a stopped Oracle Container Cloud Service instance using the Oracle Container Cloud Service Console, the manager node and all worker nodes in the instance are started. You can once again perform management operations such as changing the number of worker nodes and backing up the instance.
To start an Oracle Container Cloud Service instance:
Restarting an Oracle Container Cloud Service Instance
When you restart an Oracle Container Cloud Service instance using the Oracle Container Cloud Service Console, the manager node and all worker nodes in the instance are stopped and then immediately started again.
To re-start an Oracle Container Cloud Service instance:
Stopping, Starting, and Restarting Manager and Worker Nodes
Learn about how to stop, start, and restart Oracle Container Cloud Service manager nodes and worker nodes.
Stopping, Starting, and Restarting Manager Nodes
You use the Oracle Container Cloud Service Console to restart the manager node in an Oracle Container Cloud Service instance. While the manager node is being restarted, the instance is not available for Oracle Container Cloud Service operations.
Manager nodes are implicitly stopped, started, and restarted when you stop, start, and restart Oracle Container Cloud Service instances. When you:
-
Stop a running instance, the manager node and all worker nodes in the instance are stopped. You cannot start worker nodes while the manager node is stopped.
-
Start a stopped instance, the manager node and all worker nodes in the instance are started.
-
Restart a running instance, the manager node and all worker nodes in the instance are stopped, and then started.
What happens when you explicitly restart the manager node of an Oracle Container Cloud Service instance depends on whether the instance is running:
-
If you restart the manager node of a running instance, the manager node and all running worker nodes are first stopped. Then the manager node is started, followed by all the worker nodes. The instance is returned to a running state.
-
If you restart the manager node of a stopped instance (that is, an instance in which the manager node and all worker nodes are already stopped), the manager node is started. However, note that worker nodes are not restarted. You have to restart the worker nodes individually, starting with the original worker nodes that were originally defined when the instance was initially created. When the original worker nodes have all been restarted, you can restart additional worker nodes that were added after the instance was initially created.
To explicitly restart the manager node in an Oracle Container Cloud Service instance:
Stopping, Starting, and Restarting Worker Nodes
You use the Oracle Container Cloud Service Console to stop, start, and restart the worker nodes in an Oracle Container Cloud Service instance.
Worker nodes are implicitly stopped, started, and restarted when you stop, start, and restart Oracle Container Cloud Service instances. When you:
-
Stop a running instance, the manager node and all worker nodes in the instance are stopped. You cannot start worker nodes while the manager node is stopped.
-
Start a stopped instance, the manager node and all worker nodes in the instance are started.
-
Restart a running instance, the manager node and all worker nodes in the instance are stopped, and then started.
Whether you can explicitly stop, start, and restart individual worker nodes depends on:
-
Whether the worker node is the first of the original worker nodes defined and created when the instance itself was first created, or whether the worker node is a second (or subsequent) original worker node or an additional worker node that was added to the instance later.
-
Whether the instance and/or manager node is currently running. If the instance and/or manager node is currently stopped, you cannot stop, start, or restart any worker nodes. If the instance and/or manager node is currently running:
-
you can restart the first of the original worker nodes (this node usually has a name that ends with "-occs-wkr-1")
-
you can stop, start, and restart other worker nodes, provided the first of the original worker nodes is already running
-
Note:
Before you stop a worker node, it is generally good practice to first use the Oracle Container Cloud Service Container Console to stop any deployments that are running on that worker node.
In particular, note that when you stop a worker node, any deployments currently running on the worker node are restarted on the remaining nodes in the resource pool according to the service’s orchestration policy (see Creating a Service with Oracle Container Cloud Service). If you don’t want deployments restarted on other nodes in the resource pool, use the Oracle Container Cloud Service Container Console to stop deployments running on the worker node before you stop it.
To explicitly stop, start, or restart individual worker nodes in an Oracle Container Cloud Service instance:
Enabling and Disabling Secure Shell (SSH) Access to Oracle Container Cloud Service Manager and Worker Nodes
Learn how to connect to Oracle Container Cloud Service manager and worker nodes using SSH, and how to enable and disable SSH access.
Topics
-
About SSH Access to Oracle Container Cloud Service Manager and Worker Nodes
-
Connecting to Oracle Container Cloud Service Manager and Worker Nodes Through SSH
-
Adding Public SSH Keys to Oracle Container Cloud Service Instances
-
Removing Public SSH Keys from Oracle Container Cloud Service Manager and Worker Nodes Using SSH
About SSH Access to Oracle Container Cloud Service Manager and Worker Nodes
You have SSH (Secure Shell) access to the manager and worker nodes in an Oracle Container Cloud Service instance to perform a number of administrative tasks.
When you create an Oracle Container Cloud Service instance, you’re prompted to enter the public key of an SSH public/private key pair.
Later on, you might want to connect to a manager or worker node from an SSH client (for example, to reset the admin password, to retrieve support logs, or to upload your own signed SSL certificates). By default, port 22 on manager and worker nodes (the port used for SSH access) is open. If you want to connect to the node from an SSH client, you’ll have to use the paired private key when logging in.
If you want to connect to a manager or worker node from a machine other than the one where you originally ran the Oracle Container Cloud Service Console to create the Oracle Container Cloud Service instance, the other machine must have access to the original private key (for example, by copying the private key to the other machine).
-
The new key is appended to any existing public keys in the /.ssh/authorized_keys file on the instance’s manager and worker nodes. Existing public SSH keys can still be used to connect to the manager and worker nodes.
-
All the VMs in the service instance are restarted.
To prevent a particular public SSH key from being used to gain SSH access to a manager or worker node, you remove the public key from the /.ssh/authorized_keys file on the node.
Connecting to Oracle Container Cloud Service Manager and Worker Nodes Through SSH
To perform administrative tasks (for example, to reset the admin password, to retrieve support logs, or to upload your own signed SSL certificates) on an Oracle Container Cloud Service manager or worker node, you use SSH client software to establish a secure connection and log in.
A number of SSH clients are freely available for different platforms, including:
-
the ssh utility for UNIX and UNIX-like platforms
-
the PuTTY program for Windows
Connecting to Manager and Worker Nodes Using the ssh Utility on UNIX
On UNIX and UNIX-like platforms (including Solaris and Linux), you can connect through SSH to Oracle Container Cloud Service manager and worker nodes using the ssh utility (an SSH client) to perform administrative tasks.
-
Has the ssh utility installed.
-
Has access to the SSH private key file paired with the SSH public key that was specified when the service instance was created.
Connecting to Manager and Worker Nodes Using PuTTY on Windows
On Windows platforms, you can connect through SSH to Oracle Container Cloud Service manager and worker nodes using the PuTTY program (a freely available SSH client) to perform administrative tasks.
-
Has the PuTTY program installed.
If PuTTY is not installed, go to http://www.putty.org/ to download and install it.
-
Has access to the SSH private key file paired with the SSH public key that was specified when the service instance was created.
The private key file must in the PuTTY .ppk format. If the private key file was originally created on the Linux platform, use the PuTTYgen program to convert it to the .ppk format.
Adding Public SSH Keys to Oracle Container Cloud Service Instances
You can add additional public SSH keys to Oracle Container Cloud Service instances in your identity domain using the Oracle Container Cloud Service Console (for example, if you lose the original private key or it gets corrupted).
When you add a new public SSH key, it’s appended to any existing public SSH keys in the /.ssh/authorized_keys file on the instance’s manager and worker nodes (the existing public SSH keys can still be used). To connect to the manager node or worker nodes using the new public SSH key, the machine from which you’re connecting must have access to the private key paired with the new SSH public key.
To add a new SSH public key to an Oracle Container Cloud Service instance:
Removing Public SSH Keys from Oracle Container Cloud Service Manager and Worker Nodes Using SSH
You can prevent a particular public SSH key from being used to gain SSH access to an Oracle Container Cloud Service instance’s manager or worker node by removing the public SSH key from the /.ssh/authorized_keys file on the node.
-
you know the public SSH key that you want to prevent from accessing the manager or worker node
-
the machine you use to connect to the manager or worker node:
-
has an SSH client installed
-
has access to the SSH private key file paired with the SSH public key that was specified when the service instance was created
-
Uploading Your Own SSL Certificates to a Manager Node Using SSH
By default, the NGINX web server that runs on the Oracle Container Cloud Service manager node uses self-signed SSL certificates. If you prefer, you can upload your own SSL certificates that have been signed by a Certificate Authority for NGINX to use.
-
avoid users seeing the initial security warning
-
discourage users from simply ignoring security warnings
-
show the secure padlock icon in the browser url field (rather than an insecure icon)
-
ensure the Oracle Container Cloud Service REST API is accessed via https
-
has the ssh utility installed
-
has access to the SSH private key file paired with the SSH public key that was specified when the service instance was created
Changing the Number of Worker Node Hosts in Oracle Container Cloud Service Instances
To improve the performance and efficiency of your Docker environment, you can optimize the number of worker node hosts that are available to run Docker containers in an Oracle Container Cloud Service instance.
You ‘scale out’ an Oracle Container Cloud Service instance by adding worker node hosts.
You ‘scale in’ an Oracle Container Cloud Service instance by removing worker node hosts.
Adding Worker Node Hosts
You can improve the performance and resilience of your Docker environment by increasing the number of worker node hosts available to run Docker containers in an Oracle Container Cloud Service instance.
To add a new worker node host to an Oracle Container Cloud Service instance:
Removing Worker Node Hosts
You can reduce your usage of Oracle Compute resources by decreasing the number of worker node hosts available to run Docker containers in an Oracle Container Cloud Service instance.
When you initially create an Oracle Container Cloud Service instance, you specify the number of worker node hosts to create. Later on, you can add more worker node hosts in addition to the worker node hosts you initially specified. If you subsequently decide you no longer need the additional worker node hosts, you can remove them. Note that you can only remove the additional worker node hosts. You can’t remove the worker node hosts that were initially created.
Note:
When you remove a worker node host, any deployments currently running on the worker node host are restarted on the remaining hosts in the resource pool according to the service’s orchestration policy (see Creating a Service with Oracle Container Cloud Service). If you don’t want deployments restarted on other hosts in the resource pool, use the Oracle Container Cloud Service Container Console to stop deployments running on the worker node host before you remove it.
To remove a worker node host from an Oracle Container Cloud Service instance:
Managing Access Rules for Oracle Container Cloud Service Instances
You can control access to an Oracle Container Cloud Service instance by creating and managing access rules using the Oracle Container Cloud Service Console.
Access rules enable you to control access to the virtual machines (VMs) that make up a service instance. When you create a service instance, the system automatically creates and enables all the access rules you'll need for Oracle Container Cloud Service. For example:
-
access from the public internet to the manager node VM on port 22
-
access from the public internet to worker node VMs on all ports (ports 1 to 65535)
Since the necessary access rules have already been created for you, you probably won't need to change them. However, if you do want to change the access rules (for example, to explicitly restrict access to worker nodes to particular ports), you can use the Oracle Container Cloud Service Console to disable the default rules and create new rules.
To create a new access rule for an Oracle Container Cloud Service instance:Viewing Activity for Oracle Container Cloud Service Instances
You can view the activities of Oracle Container Cloud Service instances in your identity domain using the Oracle Container Cloud Service Console Activity page.
Viewing Log Files on Oracle Cloud Container Service Manager and Worker Nodes Using SSH
You can view the log files on the manager node and worker nodes in an Oracle Container Cloud Service instance using SSH (for example, for support purposes).
Three different Oracle Container Cloud Service components save log files on the manager node:
-
the Cluster Manager (which handles communication between the manager node and worker nodes) saves log files named occs-cluster-manager.log
-
the Service Manager (which handles API calls and the parsing of data structures) saves files named occs-data-manager.log
-
the Data Manager (which manages the local Oracle Container Cloud Service database) saves files named occs-service-manager.log
The Oracle Container Cloud Service Cluster Agent component runs on worker nodes and saves files named occs-cluster-agent.log.
-
has an SSH client installed
-
has access to the SSH private key paired with the SSH public key that was specified when the service instance was created
Changing the Username or Password for an Oracle Container Cloud Service Instance Administrator
Having specified a username and password for the instance administrator when you created an Oracle Container Cloud Service instance, you can change either or both later if you need to.
Resetting the Password for an Oracle Container Cloud Service Instance Administrator Using SSH
You can change an Oracle Container Cloud Service instance administrator’s password using SSH rather than using the Oracle Container Cloud Service Container Console.
-
You know the instance administrator’s current username. When creating a new instance, ‘admin’ is suggested as the administrator username, but a different username can be entered. Even if ‘admin’ was originally specified as the instance administrator’s username, the username can also be changed later on the My Profile page of the Container Console. You must know the instance administrator’s current username. If you don’t, you won’t be able to reset the administrator’s password.
-
The machine you use to connect to the manager node:
-
has an SSH client installed
-
has access to the SSH private key paired with the SSH public key that was specified when the service instance was created
-
Backing Up and Restoring Oracle Container Cloud Service Instances
Learn about how to back up and restore Oracle Container Cloud Service instances.
Backing Up an Oracle Container Cloud Service Instance
To avoid data loss as a result of hardware failure, file corruption, or accidental file deletion, it’s always good practice to back up Oracle Container Cloud Service instances regularly.
-
deployments
-
registries
-
services
-
stacks
You might back up an instance regularly as part of a disaster recovery policy. It’s also good practice to take a backup of the current state of an Oracle Container Cloud Service instance before restoring from an earlier backup file, and especially before deleting an instance. And you can also use back up (and restore) as a way to preserve instance configuration information when moving from a trial subscription to a paid subscription.
In addition, backing up an instance is a mandatory step when you upgrade to a new version of Oracle Container Cloud Service.
To back up an Oracle Container Cloud Service instance using the Oracle Container Cloud Service Container Console:
The backup file is saved with the name and in the location that you specified.
If you’re taking a backup as part of upgrading an instance, avoid making changes to the instance until you’ve completed the upgrade process. Any changes you do make will be lost. See Upgrading Oracle Container Cloud Service Instances.
Restoring an Oracle Container Cloud Service Instance
You can restore an Oracle Container Cloud Service instance to the state saved in a backup file.
When you back up an Oracle Container Cloud Service instance, you’re taking a copy of configuration information about:
-
deployments
-
registries
-
services
-
stacks
See Backing Up an Oracle Container Cloud Service Instance.
You might restore an instance from a backup file to recover from hardware failure, file corruption, or accidental file deletion. And you can also use back up (and restore) as a way to preserve instance configuration information when moving from a trial subscription to a paid subscription.
In addition, restoring from a backup file into a new instance is a mandatory step when you upgrade to a new version of Oracle Container Cloud Service.
Note that when you restore an existing instance from a backup file, the current state of the instance is completely replaced by the contents of the backup file. Because there’s no Undo option, it’s therefore a good idea to take a backup of the current state of the instance immediately before restoring from the backup file. That way, you can roll back the changes if restoring the instance from the backup file doesn’t progress as you expected.
To restore an Oracle Container Cloud Service instance from a backup file:
Upgrading Oracle Container Cloud Service Instances
When you’re notified that a new version of Oracle Container Cloud Service has been released, you’ll probably want to upgrade existing Oracle Container Cloud Service instances to take advantage of enhancements and bug fixes in the new version.
Deleting Oracle Container Cloud Service Instances
When you no longer require an Oracle Container Cloud Service instance, you can delete it. Your account is no longer charged for the instance.
Tip:
When you delete an Oracle Container Cloud Service instance, all the configuration information held in the instance (for example, service and stack definitions, entries in the Service Discovery database) is permanently deleted. It’s therefore a really good idea to take a backup of the instance before you delete it, just in case you need to retrieve the information later (see Backing Up an Oracle Container Cloud Service Instance).To delete an Oracle Container Cloud Service instance: