A standard Oracle Private Cloud Appliance environment built on a full rack configuration contains 25 compute nodes. A tenant group is a logical subset of a single Oracle Private Cloud Appliance environment. Tenant groups provide an optional mechanism for an Oracle Private Cloud Appliance administrator to subdivide the environment in arbitrary ways for manageability and isolation. The tenant group offers a means to isolate compute, network and storage resources per end customer. It also offers isolation from cluster faults.
Oracle Private Cloud Appliance supports a maximum of 8 tenant groups. This number includes the default tenant group, which cannot be deleted from the environment, and must always contain at least one compute node. Therefore, a single custom tenant group can contain up to 24 compute nodes, while the default Rack1_ServerPool can contain all 25.
Regardless of tenant group membership, all compute nodes are connected to all of the default Oracle Private Cloud Appliance networks. Custom networks can be assigned to multiple tenant groups. When a compute node joins a tenant group, it is also connected to the custom networks associated with the tenant group. When you remove a compute node from a tenant group, it is disconnected from those custom networks. A synchronization mechanism, built into the tenant group functionality, keeps compute node network connections up to date when tenant group configurations change.
When you reprovision compute nodes, they are automatically removed from their tenant groups, and treated as new servers. Consequently, when a compute node is reprovisioned, or when a new compute node is added to the environment, it is added automatically to Rack1_ServerPool. After successful provisioning you can add the compute node to the appropriate tenant group.
The tenant group functionality can be accessed through the Oracle Private Cloud Appliance CLI. With a specific set of commands you manage the tenant groups, their member compute nodes, and the associated custom networks. The CLI initiates a number of Oracle VM operations to set up the server pool, and a synchronization service maintains settings across the members of the tenant group.
Do not modify the tenant group configuration while upgrade operations are running. No management operations are supported during upgrade, as these may lead to configuration inconsistencies and significant repair downtime.
You must not modify the server pool in Oracle VM Manager because this causes inconsistencies in the tenant group configuration and disrupts the operation of the synchronization service and the Oracle Private Cloud Appliance CLI. Only server pool policies may be edited in Oracle VM Manager.
If you inadvertently used Oracle VM Manager to modify a tenant group, see Section 7.14, “Recovering from Tenant Group Configuration Mismatches”.
For detailed information about the Oracle Private Cloud Appliance CLI tenant group commands, see Chapter 4, The Oracle Private Cloud Appliance Command Line Interface (CLI).
The command output samples in this section reflect the network configuration on an Ethernet-based system. The network-related properties of a tenant group look slightly different on an InfiniBand-based system.
Creating and Populating a Tenant Group
Using SSH and an account with superuser privileges, log into the active management node.
NoteThe default
root
password is Welcome1. For security reasons, you must set a new password at your earliest convenience.# ssh root@10.100.1.101 root@10.100.1.101's password: root@ovcamn05r1 ~]#
Launch the Oracle Private Cloud Appliance command line interface.
# pca-admin Welcome to PCA! Release: 2.4.2 PCA>
Create the new tenant group.
PCA> create tenant-group
myTenantGroup
Status: Success PCA> show tenant-groupmyTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant_Group_ID 0004fb00000200008154bf592c8ac33b Servers None State ready Tenant_Group_VIP None Tenant_Networks ['storage_internal', 'mgmt_internal', 'underlay_internal', 'underlay_external', 'default_external', 'default_internal'] Pool_Filesystem_ID 3600144f0d04414f400005cf529410003 ---------------------------------------- Status: SuccessThe new tenant group appears in Oracle VM Manager as a new server pool. It has a 12GB server pool file system located on the internal ZFS storage appliance.
Add compute nodes to the tenant group.
If a compute node is currently part of another tenant group, it is first removed from that tenant group.
CautionIf the compute node is hosting virtual machines, or if storage repositories are presented to the compute node or its current tenant group, removing a compute node from an existing tenant group will fail . If so, you have to migrate the virtual machines and unpresent the repositories before adding the compute node to a new tenant group.
PCA> add compute-node ovcacn07r1
myTenantGroup
Status: Success PCA> add compute-node ovcacn09r1myTenantGroup
Status: SuccessAdd a custom network to the tenant group.
PCA> add network-to-tenant-group
myPublicNetwork
myTenantGroup
Status: SuccessCustom networks can be added to the tenant group as a whole. This command creates synchronization tasks to configure custom networks on each server in the tenant group.
CautionWhile synchronization tasks are running, make sure that no reboot or provisioning operations are started on any of the compute nodes involved in the configuration changes.
Verify the configuration of the new tenant group.
PCA> show tenant-group
myTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant_Group_ID 0004fb00000200008154bf592c8ac33b Servers ['ovcacn07r1', 'ovcacn09r1'] State ready Tenant_Group_VIP None Tenant_Networks ['storage_internal', 'mgmt_internal', 'underlay_internal', 'underlay_external', 'default_external', 'default_internal', 'myPublicNetwork'] Pool_Filesystem_ID 3600144f0d04414f400005cf529410003 ---------------------------------------- Status: SuccessThe new tenant group corresponds with an Oracle VM server pool with the same name and has a pool file system. The command output also shows that the servers and custom network were added successfully.
These configuration changes are reflected in the Servers and VMs tab in Oracle VM Manager. Figure 2.9 shows a second server pool named MyTenantGroup, which contains the two compute nodes that were added as examples in the course of this procedure.
The system does not create a storage repository for a new tenant group. An administrator must configure the necessary storage resources for virtual machines in Oracle VM Manager. See Section 5.7, “Viewing and Managing Storage Resources”.
Reconfiguring and Deleting a Tenant Group
Identify the tenant group you intend to modify.
PCA> list tenant-group Name Default State ---- ------- ----- Rack1_ServerPool True ready myTenantGroup False ready ---------------- 2 rows displayed Status: Success PCA> show tenant-group
myTenantGroup
---------------------------------------- Name myTenantGroup Default False Tenant_Group_ID 0004fb00000200008154bf592c8ac33b Servers ['ovcacn07r1', 'ovcacn09r1'] State ready Tenant_Group_VIP None Tenant_Networks ['storage_internal', 'mgmt_internal', 'underlay_internal', 'underlay_external', 'default_external', 'default_internal', 'myPublicNetwork'] Pool_Filesystem_ID 3600144f0d04414f400005cf529410003 ---------------------------------------- Status: SuccessRemove a network from the tenant group.
A custom network that has been associated with a tenant group can be removed again. The command results in serial operations, not using the synchronization service, to unconfigure the custom network on each compute node in the tenant group.
PCA> remove network-from-tenant-group
myPublicNetwork
myTenantGroup
************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: SuccessRemove a compute node from the tenant group.
Use Oracle VM Manager to prepare the compute node for removal from the tenant group. Make sure that virtual machines have been migrated away from the compute node, and that no storage repositories are presented.
PCA> remove server ovcacn09r1
myTenantGroup
************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: SuccessWhen you remove a compute node from a tenant group, any custom network associated with the tenant group is automatically removed from the compute node network configuration. Custom networks that are not associated with the tenant group are not removed.
Delete the tenant group.
Before attempting to delete a tenant group, make sure that all compute nodes have been removed.
Before removing the last remaining compute node from the tenant group, use Oracle VM Manager to unpresent any shared repository from the compute node, and then release ownership of it. For more details, refer to the support note with Doc ID 2653515.1
PCA> delete tenant-group myTenantGroup ************************************************************ WARNING !!! THIS IS A DESTRUCTIVE OPERATION. ************************************************************ Are you sure [y/N]:y Status: Success
When the tenant group is deleted, operations are launched to remove the server pool file system LUN from the internal ZFS storage appliance. The tenant group's associated custom networks are not destroyed.