Complete the Initial Setup

The initial configuration wizard creates an administrator account, binds your system to your Oracle Cloud Infrastructure environment, and configures network connections for your appliance. Once you have completed the initial interview, network and compute services come online, and you can begin to build your cloud.

Complete the Initial Installation Checklist, if you have not already done so and ensure the web browser on your workstation is connected to the Oracle Private Cloud Appliance initial configuration interface on the active management node at https://100.96.2.32:30099.

Caution:

Do not power down the management nodes during the initial configuration process.

Note:

If you configure a separate administration network, read and understand the implications described in Administration Network Configuration Notes.

From the Private Cloud Appliance First Boot page, create the primary administrative account for your appliance, which is used for initial configuration and will persist after the first boot process. Additional accounts can be added later.
1. Enter an Administrative Username.
2. Enter and confirm the Administrative Password.
  
  Note:
  
  Passwords must contain a minimum of 12 characters with at least one of each: uppercase character, lowercase character, digit, and any punctuation character (except for double quote ('"') characters, which are not allowed).
3. Click Create Account & Login.
  
  Important:
  At the Service Enclave Sign In page, Do not sign in and do not refresh your browser.
Open a terminal to access the Service CLI and unlock the system.
1. Log into one of the management nodes using the primary administrative account details you just created.
  
  Note:
  Management nodes are named pcamn01, pcamn02 and pcamn03 by default. You change these names later in the configuration process.
```
$ ssh new-admin-account@pcamn01 -p 30006
Password authentication
Password:
PCA-ADMIN>
```
2. At the PCA-ADMIN> prompt, enter systemStateunlock.
3. Verify the system is unlocked.
```
PCA-ADMIN> show pcaSystem
Command: show pcaSystem
Status: Success
Time: 2022-09-16 12:24:28,232 UTC
Data:
  Id = 5709f72b-c439-4c3a-8959-758df94eff25
  Type = PcaSystem
  System Config State = Config System Params
  system state locked = false
```
4. Close the terminal or type exit.
Refresh your web browser to return to the Service Enclave Sign In page and sign in to the system with the primary administrative account.

Note:
You might need to accept the self-signed SSL certificate again before signing in.
Provide the following appliance details. Required entries are marked with an asterisk.
- System Name*
- Domain*
- Rack Name
- Description
Confirm the parameters you just entered are correct. Once System Name and Domain are set, they cannot be changed. Click Save Changes when you are ready to proceed.
Refresh your web browser and sign in to the system with the primary administrative account.

Note:
You might need to accept the self-signed SSL certificate again before signing in.

The Configure Network Params wizard displays.
Refer to the information you gathered in the Initial Installation Checklist to complete the system configuration. It is helpful to enter all this information in a text file.
Select either static or dynamic routing.

For static routing configurations

Enter the following data center information, then click Next.
- Routing Type: Static*
- Uplink gateway IP Address*
- Spine virtual IP* (comma-separated values if using the 4 port dynamic mesh topology)
- Uplink VLAN
- Uplink HSRP Group
For dynamic configurations

Enter the following data center information, then click Next.
- Routing Type: Dynamic*
- Peer1 IP and ASN*
- Peer2 IP and ASN
- Uplink Gateway
- Oracle ASN
- BGP Topology (square, mesh, triangle), KeepAlive Timer and HoldDown Timer
- MD5 Authentication: enable or disable
Note:
Communication between VCNs on different DRGs residing on a PCA rack is possible if route entries and firewall access on the customer data center network that connects the two VCNs are provided by the customer.
Enter a shared virtual IP and associated host name for the management node cluster; add an IP address and host name for each of the three individual management nodes; and then click Next.
Enter the following data center uplink information and then click Next.
- IP Address for Spine Switch 1 and 2*
- Uplink Port Speed and Port Count*
- Uplink VLAN MTU and Netmask*
- Uplink Port FEC
  
  Note:
  Uplinks ports are always configured as port-channels, even when only one uplink port count is configured. Port-channel is configured with LACP mode with LACP rate as fast.
Enter the NTP configuration details and then click Next.

To specify multiple NTP servers, enter a comma separated list of IP addresses or fully qualified host names.
If you elected to segregate administrative appliance access from the data traffic, configure the administration network by entering the following mandatory and optional information and then click Next.
- Enable Admin Networking
- Admin Management VIP address and Hostname
- Admin Management 1 and 2 and 3 IP address and Hostname
- At least 1, but up to 3, Admin DNS Server IP addresses
- Admin Port Speed, Port Count, and Admin Router Group
- Admin VLAN, MTU, Port FEC, and Gateway IP
- Admin IP Address for Spine Switch 1 and 2, and a shared Virtual IP
- Admin Peer1 and Peer2 IP address and ASN for BGP
- Admin Toplogy (Triangle, Square, Mesh)
- Admin BGP Authentication (Enable/Disable). Keepalive Timer, Hold Down Timer, and Static Routing.
Enter at least one, but up to three DNS servers in the respective fields and then click Next.
Enter the data center IP addresses that the appliance can assign to resources as public IPs.
- Public IP list of CIDRs in a comma-separated list
- Object Storage Public IP (must be outside the public IP range)
Use the Previous/Next buttons to recheck that the information you entered is correct and then click Save Changes.
Your network configuration information does not persist until you commit your changes in the following step. If you need to change any parameters after testing begins, you must re-enter all information.

Caution:
Once you click Save Changes,network configuration and testing begins and can take up to 15 minutes. Do not close the browser window during this time.

If a problem is encountered, the Configure Network Params wizard reopens and the error is displayed.
At the Testing Network Parameters page, you can re-enter network configuration information or commit the changes.
- Click Re-enter Network Configuration. You are returned to a blank Configure Network Params wizard where you must enter all your information again.
- Click Commit Changes. The network parameters are locked. Once locked, the routing type and public IPs cannot be changed.
Caution:
Once you click Commit Changes, system initialization begins and can take up to 15 minutes. Do not close the browser window during this time.

If a problem is encountered, the Configure Network Params wizard reopens and the error is displayed. Otherwise, a Configuration Complete message displays.
Click Sign Out. You are returned to the Service Enclave.
To continue configuration, connect to the Service Web UI at the new virtual IP address of the management node cluster: https://<virtual_ip>:30099.

Note:
You might need to accept the self-signed SSL certificate again before signing in.
Verify your system configuration.
- From the Dashboard, click Appliance to view the system details and click Network Environement to view the network configuration.
- Alternatively, you can log in to the Service CLI as an administrator and run the following commands to confirm your entries.
```
# ssh 100.96.2.32 -l admin -p 30006
Password:
PCA-ADMIN> show pcaSystem
[...]
PCA-ADMIN> show networkConfig
[...]
```

For details about the software configuration process, and for advanced configuration and update options, refer to What Next and the Oracle Private Cloud Appliance Administrator Guide.

Configure the Appliance Using the CLI

Using the GUI is the preferred method to perform the initial installation of the Appliance, however, if you need to configure the Appliance using the CLI, use the following procedure.

Connect a workstation directly to the management network using an Ethernet cable connected to port 2 in the management switch.
Configure the wired network connection of the workstation to use the static IP address 100.96.3.254/23.
Sign in to the Oracle Private Cloud Appliance management node cluster for initial configuration. When prompted for a password, press enter.
```
# ssh 100.96.2.32 -l "" -p 30006
Password authentication
Password:
```
100.96.2.32 is the predefined virtual IP address of the management node cluster for configuring Oracle Private Cloud Appliance.

Confirm initial user sign-in, where

System Config State = Config
          User

PCA-ADMIN> show pcaSystem
Command: show pcasystem
Status: Success
Time: 2022-01-20 14:20:01,069 UTC
Data:
  Id = o780c522-fkl5-43b1-8g30-eea90263f2e9
  Type = PcaSystem
  System Config State = Config User

Create the primary administrative account for the appliance.

Passwords must contain at least 12 characters with at least one of each: uppercase character, lowercase character, digit, punctuation character, and no doublequote ('"').
```
PCA-ADMIN> createadminaccount name=admin password=password confirmpassword=password
Command: createadminaccount name=admin password=******** confirmpassword=*******
Status: Success
Time: 2022-01-20 14:23:01,069 UTC
JobId: 302a6h99-fh7y-41sd-8i30-ea28581dcw9e
```
Log out of the CLI.
Unlock the system.
1. Sign into one of the management nodes using the primary administrative account details you just created.
  
  Note:
  Management nodes are named mn01, mn02 and mn03 unless you change these names later in the configuration process.
```
$ ssh new-admin-account@mn01 -p 30006
Password authentication
Password:
PCA-ADMIN>
```
2. Enter systemStateunlock.
3. Verify the system is unlocked.
```
PCA-ADMIN> show pcaSystem
Command: show pcaSystem
Status: Success
Time: 2022-09-16 12:24:28,232 UTC
Data:
  Id = 5709f72b-c439-4c3a-8959-758df94eff25
  Type = PcaSystem
  system state locked = false
```

Log out, then log back in with the new credentials you created.

PCA-ADMIN> exit
# ssh new-admin-account@100.96.2.32 -p 30006
Password authentication
Password:
PCA-ADMIN>

Confirm the system is ready for configuration, when the

System Config State =
            Config System Params

PCA-ADMIN> show pcaSystem
Command: show pcasystem
Status: Success
Time: 2022-01-20 14:26:01,069 UTC
Data:
  Id = o780c522-fkl5-43b1-8g30-eea90263f2e9
  Type = PcaSystem
  System Config State = Config System Params
[…]

Configure the system name and domain name, then confirm the settings.

When the Admin Network is enabled, some services will be accessed through the Admin Management VIP instead of the Management VIP. Any address record for those services should reference the Admin Network IP instead of the Standard Network IP. The list of services is:

'admin'

'adminconsole'

'prometheus-gw'

'prometheus'

'grafana'

'api'

'alertmanager'

'rps'
Refer to the information you gathered in the Initial Installation Checklist to complete the system configuration.
```
PCA-ADMIN> setDay0SystemParameters systemName=name domainName=us.example.com

PCA-ADMIN> show pcasystem
Command: show pcasystem
Status: Success
Time: 2022-01-20 14:26:01,069 UTC
Data:
  Id = o780c522-fkl5-43b1-8g30-eea90263f2e9
  Type = PcaSystem
[…]
  System Name = name
  Domain Name = us.example.com
  Availability Domain = AD-1
```

Configure the network parameters. After you enter these details, network initialization begins, and takes up to 15 minutes.

Note:

Uplinks ports are always configured as port-channels, even when only one uplink port count is configured. Port-channel is configured with LACP mode with LACP rate as fast.

For a dynamic network configuration, enter the parameters on a single line.

PCA-ADMIN> setDay0DynamicRoutingParameters 
uplinkPortSpeed=100 
uplinkPortCount=2 
uplinkVlanMtu=9216 
spine1Ip=10.nn.nn.17 
spine2Ip=10.nn.nn.25 uplinkNetmask=255.255.255.252 
mgmtVipHostname=example-vip 
mgmtVip=10.nn.nn.8 
ntpIps=10.nn.nn.1 
peer1Asn=50000 
peer1Ip=10.nn.nn.18 
peer2ASN=50000 
peer2Ip=10.nn.nn.22 
objectStorageIp=10.nn.nn.1 
mgmt01Ip=10.nn.nn.nn 
mgmt02Ip=10.nn.nn.nn 
mgmt03Ip=10.nn.nn.nn 
bgpTopology=topology-type 
BGPAuthentication=true 
BGPAuthenticationPassword=<bgp-password> 
adminBGPAuthentication=true 
adminBGPAuthenticationPassword=<admin-bgp-password>

The following example shows a dynamic mesh topology configuration using BGP authentication on the uplinks as well as the Admin network:

setDay0DynamicRoutingParameters  
uplinkPortSpeed=40 uplinkPortCount=4 
uplinkVlanMtu=9216 
spine1Ip=10.nn.nn31,10.nn.nn.21 
spine2Ip=10.nn.nn32,10.nn.nn.29 uplinkNetmask=255.255.255.252,255.255.255.252 
mgmtVipHostname=example_vip 
mgmtVip=10.nn.nn.46 
ntpIps=10.nn.nn.1,10.nn.nn.2 
peer1Asn=50000 
peer1Ip=10.nn.nn.31,10.nn.nn.26 
peer2Asn=50000 
peer2Ip=10.nn.nn.34,10.nn.nn.30 
objectStorageIp=10.nn.nn.72 
mgmt01Ip=10.nn.nn.44 
mgmt02Ip=10.nn.nn.45 
mgmt03Ip=10.nn.nn.46 
bgpTopology=mesh
BGPAuthentication=true
BGPAuthenticationPassword=bgp-password
adminBGPAuthentication=true
adminBGPAuthenticationPassword=admin-bgp-password

Note:

BGP authentication isn't enabled if you don't specify a password.

Because BGP often involves separate administrative domains, password coordination is necessary between those responsible for both ends of the BGP links.

The adminBGPpassword must be established and changed on both ends of the BGP links at the same time. This might require careful coordination between different administrators. If one BGP authentication password is changed and the other isn't, the link fails.

To verify success in BGP operation, run the command show bgp sessions.

For a static network configuration, enter the parameters on a single line.

Note:

After static routing parameters are configured, monitor the process using the show networkConfig command. When the process is complete, the Network Config Lifecycle State is Creating rather than Active. The

Network Config Lifecycle
                    State

isn't Active until the lockDay0NetworkParameters command is issued.

PCA-ADMIN> setDay0StaticRoutingParameters 
uplinkPortCount=2 
uplinkMtu=9216  
mgmtVipHostname=name  
mgmtVip=10.nn.nn.22 
ntpIps=10.nn.nn.1,10nn.nn.105,nn.nn.17.1 
spine1Ip=10.nn.nn.18 
spine2Ip=10.nn.nn.19 
spineVip=10.nn.nn.20 
uplinkNetmask=255.255.255.248  
uplinkGateway=10.nn.nn.1   
uplinkVlan=678  
uplinkPortSpeed=40 
uplinkRouterGroup=116 
objectStorageIp=10.nn.nn.241
mgmt01Ip=10.nn.nn.7 
mgmt02Ip=10.nn.nn.8 
mgmt03Ip=10.nn.nn.9 
mgmt01Hostname=mn1 
mgmt02Hostname=mn2 
mgmt03Hostname=mn3 
dnsIp1=10.1nn.nn.200 
dnsIp2=206.nn.nn.1 
dnsIp3=206.nn.nn.2

Confirm the network parameters are configured. You can monitor the process using the show NetworkConfig command. When the process is complete, the Network Config Lifecycyle State = ACTIVE.

Note:
After static routing parameters are configured, the Network Config Lifecycle State is Creating rather than Active. The Network Config Lifecycle State isn't Active until the lockDay0NetworkParameters command is issued in the next step.
```
PCA-ADMIN> show networkConfig
Command: show networkConfig
Status: Success
Time: 2023-08-01 14:11:30,426 UTC
Data:
    Uplink Port Speed = 40
    Uplink Port Count = 2
    […]
    Uplink Router Group = 116
    Network Config Lifecycle State = ACTIVE
```
When this process is complete, the System Config State changes from Wait for Networking Service to Complete.
```
PCA-ADMIN> show pcasystem
Command: show pcaSystem
Status: Success
Time: 2023-08-01 14:20:32,603 UTC
Data:
  Id = 1e79d401-4a4a-44d2-9e60-57ec223b5418
  Type = PcaSystem
  System Config State = Complete
  […]
```
Lock the network parameters.
```
PCA-ADMIN> lockDay0NetworkParameters
```

Configure the management nodes and DNS servers. The dnsIp1 field is required.

PCA-ADMIN> edit NetworkConfig \
mgmt01Ip=10.nn.nn.9 \
mgmt02Ip=10.nn.nn.10 \
mgmt03Ip=10.nn.nn.11 \
mgmt01Hostname=apac01-mn1 \
mgmt02Hostname=apac01-mn2 \
mgmt03Hostname=apac01-mn3 \
dnsIp1=206.nn.nn.1 \
dnsIp2=206.nn.nn.2 \
dnsIp3=10.nn.nn.197

Enter the list of public IPs the appliance can access from the data center, in a comma-separated list on one line.

edit NetworkConfig publicIps=10.nn.nn.2/31,10.nn.nn.4/30,10.nn.nn.8/29, \
10.nn.nn.16/28,10.nn.nn.32/27,10.nn.nn.64/26,10.nn.nn.128/26,10.nn.nn.192/27, \
10.nn.nn.224/28,10.nn.nn.240/29,10.nn.nn.248/30,10.nn.nn.252/31,10.nn.nn.254/32