Complete the Initial Setup
The initial configuration wizard creates an administrator account, binds your system to your Oracle Cloud Infrastructure environment, and configures network connections for your appliance. Once you have completed the initial interview, network and compute services come online, and you can begin to build your cloud.
Complete the Initial Installation Checklist, if you have not already done so and ensure the web browser on your workstation is connected to the Oracle Private Cloud Appliance initial configuration interface on the active management node at https://100.96.2.32:30099.
Caution:
Do not power down the management nodes during the initial configuration process.
Note:
If you configure a separate administration network, read and understand the implications described in Administration Network Configuration Notes.
-
From the Private Cloud Appliance First Boot page, create the primary administrative account for your appliance, which is used for initial configuration and will persist after the first boot process. Additional accounts can be added later.
- Enter an Administrative Username.
- Enter and confirm the Administrative Password.
Note:
Passwords must contain a minimum of 12 characters with at least one of each: uppercase character, lowercase character, digit, and any punctuation character (except for double quote ('"') characters, which are not allowed).
- Click Create Account & Login.
Important:
At the Service Enclave Sign In page, Do not sign in and do not refresh your browser.
- Open a terminal to access the Service CLI and
unlock the system.
- Log into one of the management nodes using the primary administrative account details
you just created.
Note:
Management nodes are namedpcamn01
,pcamn02
andpcamn03
by default. You change these names later in the configuration process.$ ssh new-admin-account@pcamn01 -p 30006 Password authentication Password: PCA-ADMIN>
- At the
PCA-ADMIN>
prompt, entersystemStateunlock
. - Verify the system is
unlocked.
PCA-ADMIN> show pcaSystem Command: show pcaSystem Status: Success Time: 2022-09-16 12:24:28,232 UTC Data: Id = 5709f72b-c439-4c3a-8959-758df94eff25 Type = PcaSystem System Config State = Config System Params system state locked = false
- Close the terminal or type
exit
.
- Log into one of the management nodes using the primary administrative account details
you just created.
-
Refresh your web browser to return to the Service Enclave Sign In page and sign in to the system with the primary administrative account.
Note:
You might need to accept the self-signed SSL certificate again before signing in. -
Provide the following appliance details. Required entries are marked with an asterisk.
-
System Name*
-
Domain*
-
Rack Name
-
Description
-
-
Confirm the parameters you just entered are correct. Once System Name and Domain are set, they cannot be changed. Click Save Changes when you are ready to proceed.
-
Refresh your web browser and sign in to the system with the primary administrative account.
Note:
You might need to accept the self-signed SSL certificate again before signing in.The Configure Network Params wizard displays.
- Refer to the information you gathered in the Initial Installation Checklist to complete the system configuration. It is helpful to enter all this information in a text file.
-
Select either static or dynamic routing.
For static routing configurations
Enter the following data center information, then click Next.
-
Routing Type: Static*
-
Uplink gateway IP Address*
-
Spine virtual IP* (comma-separated values if using the 4 port dynamic mesh topology)
-
Uplink VLAN
-
Uplink HSRP Group
For dynamic configurations
Enter the following data center information, then click Next.
-
Routing Type: Dynamic*
-
Peer1 IP and ASN*
-
Peer2 IP and ASN
-
Uplink Gateway
-
Oracle ASN
-
BGP Topology (square, mesh, triangle), KeepAlive Timer and HoldDown Timer
-
MD5 Authentication: enable or disable
Note:
Communication between VCNs on different DRGs residing on a PCA rack is possible if route entries and firewall access on the customer data center network that connects the two VCNs are provided by the customer. -
-
Enter a shared virtual IP and associated host name for the management node cluster; add an IP address and host name for each of the three individual management nodes; and then click Next.
-
Enter the following data center uplink information and then click Next.
-
IP Address for Spine Switch 1 and 2*
-
Uplink Port Speed and Port Count*
-
Uplink VLAN MTU and Netmask*
-
Uplink Port FEC
Note:
Uplinks ports are always configured as port-channels, even when only one uplink port count is configured. Port-channel is configured with LACP mode with LACP rate as fast.
-
-
Enter the NTP configuration details and then click Next.
To specify multiple NTP servers, enter a comma separated list of IP addresses or fully qualified host names.
-
If you elected to segregate administrative appliance access from the data traffic, configure the administration network by entering the following mandatory and optional information and then click Next.
-
Enable Admin Networking
- Admin Management VIP address and Hostname
- Admin Management 1 and 2 and 3 IP address and Hostname
- At least 1, but up to 3, Admin DNS Server IP addresses
-
Admin Port Speed, Port Count, and Admin Router Group
-
Admin VLAN, MTU, Port FEC, and Gateway IP
-
Admin IP Address for Spine Switch 1 and 2, and a shared Virtual IP
- Admin Peer1 and Peer2 IP address and ASN for BGP
- Admin Toplogy (Triangle, Square, Mesh)
- Admin BGP Authentication (Enable/Disable). Keepalive Timer, Hold Down Timer, and Static Routing.
-
-
Enter at least one, but up to three DNS servers in the respective fields and then click Next.
-
Enter the data center IP addresses that the appliance can assign to resources as public IPs.
-
Public IP list of CIDRs in a comma-separated list
-
Object Storage Public IP (must be outside the public IP range)
-
- Use the Previous/Next buttons to recheck that the information you entered is correct and
then click Save Changes.
Your network configuration information does not persist until you commit your changes in the following step. If you need to change any parameters after testing begins, you must re-enter all information.
Caution:
Once you click Save Changes,network configuration and testing begins and can take up to 15 minutes. Do not close the browser window during this time.If a problem is encountered, the Configure Network Params wizard reopens and the error is displayed.
- At the Testing Network Parameters page, you can re-enter network configuration information
or commit the changes.
- Click Re-enter Network Configuration. You are returned to a blank Configure Network Params wizard where you must enter all your information again.
- Click Commit Changes. The network parameters are locked. Once locked, the routing type and public IPs cannot be changed.
Caution:
Once you click Commit Changes, system initialization begins and can take up to 15 minutes. Do not close the browser window during this time.If a problem is encountered, the Configure Network Params wizard reopens and the error is displayed. Otherwise, a Configuration Complete message displays.
- Click Sign Out. You are returned to the Service Enclave.
-
To continue configuration, connect to the Service Web UI at the new virtual IP address of the management node cluster:
https://<virtual_ip>:30099
.Note:
You might need to accept the self-signed SSL certificate again before signing in. -
Verify your system configuration.
- From the Dashboard, click Appliance to view the system details and click Network Environement to view the network configuration.
- Alternatively, you can log in to the Service CLI as an administrator and run the following commands to confirm your
entries.
# ssh 100.96.2.32 -l admin -p 30006 Password: PCA-ADMIN> show pcaSystem [...] PCA-ADMIN> show networkConfig [...]
For details about the software configuration process, and for advanced configuration and update options, refer to What Next and the Oracle Private Cloud Appliance Administrator Guide.
Configure the Appliance Using the CLI
Using the GUI is the preferred method to perform the initial installation of the Appliance, however, if you need to configure the Appliance using the CLI, use the following procedure.
-
Connect a workstation directly to the management network using an Ethernet cable connected to port 2 in the management switch.
-
Configure the wired network connection of the workstation to use the static IP address 100.96.3.254/23.
-
Sign in to the Oracle Private Cloud Appliance management node cluster for initial configuration. When prompted for a password, press enter.
# ssh 100.96.2.32 -l "" -p 30006 Password authentication Password:
100.96.2.32 is the predefined virtual IP address of the management node cluster for configuring Oracle Private Cloud Appliance.
-
Confirm initial user sign-in, where
System Config State = Config User
.PCA-ADMIN> show pcaSystem Command: show pcasystem Status: Success Time: 2022-01-20 14:20:01,069 UTC Data: Id = o780c522-fkl5-43b1-8g30-eea90263f2e9 Type = PcaSystem System Config State = Config User
-
Create the primary administrative account for the appliance.
Passwords must contain at least 12 characters with at least one of each: uppercase character, lowercase character, digit, punctuation character, and no doublequote ('"').
PCA-ADMIN> createadminaccount name=admin password=password confirmpassword=password Command: createadminaccount name=admin password=******** confirmpassword=******* Status: Success Time: 2022-01-20 14:23:01,069 UTC JobId: 302a6h99-fh7y-41sd-8i30-ea28581dcw9e
- Log out of the CLI.
- Unlock the system.
- Sign into one of the management nodes using the primary administrative account details you just
created.
Note:
Management nodes are namedmn01
,mn02
andmn03
unless you change these names later in the configuration process.$ ssh new-admin-account@mn01 -p 30006 Password authentication Password: PCA-ADMIN>
- Enter
systemStateunlock
. - Verify the system is unlocked.
PCA-ADMIN> show pcaSystem Command: show pcaSystem Status: Success Time: 2022-09-16 12:24:28,232 UTC Data: Id = 5709f72b-c439-4c3a-8959-758df94eff25 Type = PcaSystem system state locked = false
- Sign into one of the management nodes using the primary administrative account details you just
created.
-
Log out, then log back in with the new credentials you created.
PCA-ADMIN> exit # ssh new-admin-account@100.96.2.32 -p 30006 Password authentication Password: PCA-ADMIN>
-
Confirm the system is ready for configuration, when the
System Config State = Config System Params
.PCA-ADMIN> show pcaSystem Command: show pcasystem Status: Success Time: 2022-01-20 14:26:01,069 UTC Data: Id = o780c522-fkl5-43b1-8g30-eea90263f2e9 Type = PcaSystem System Config State = Config System Params […]
-
Configure the system name and domain name, then confirm the settings.
When the Admin Network is enabled, some services will be accessed through the Admin Management VIP instead of the Management VIP. Any address record for those services should reference the Admin Network IP instead of the Standard Network IP. The list of services is:
'admin'
'adminconsole'
'prometheus-gw'
'prometheus'
'grafana'
'api'
'alertmanager'
'rps'
Refer to the information you gathered in the Initial Installation Checklist to complete the system configuration.PCA-ADMIN> setDay0SystemParameters systemName=name domainName=us.example.com PCA-ADMIN> show pcasystem Command: show pcasystem Status: Success Time: 2022-01-20 14:26:01,069 UTC Data: Id = o780c522-fkl5-43b1-8g30-eea90263f2e9 Type = PcaSystem […] System Name = name Domain Name = us.example.com Availability Domain = AD-1
-
Configure the network parameters. After you enter these details, network initialization begins, and takes up to 15 minutes.
Note:
Uplinks ports are always configured as port-channels, even when only one uplink port count is configured. Port-channel is configured with LACP mode with LACP rate as fast.-
For a dynamic network configuration, enter the parameters on a single line.
PCA-ADMIN> setDay0DynamicRoutingParameters uplinkPortSpeed=100 uplinkPortCount=2 uplinkVlanMtu=9216 spine1Ip=10.nn.nn.17 spine2Ip=10.nn.nn.25 uplinkNetmask=255.255.255.252 mgmtVipHostname=example-vip mgmtVip=10.nn.nn.8 ntpIps=10.nn.nn.1 peer1Asn=50000 peer1Ip=10.nn.nn.18 peer2ASN=50000 peer2Ip=10.nn.nn.22 objectStorageIp=10.nn.nn.1 mgmt01Ip=10.nn.nn.nn mgmt02Ip=10.nn.nn.nn mgmt03Ip=10.nn.nn.nn bgpTopology=topology-type BGPAuthentication=true BGPAuthenticationPassword=<bgp-password> adminBGPAuthentication=true adminBGPAuthenticationPassword=<admin-bgp-password>
The following example shows a dynamic mesh topology configuration using BGP authentication on the uplinks as well as the Admin network:setDay0DynamicRoutingParameters uplinkPortSpeed=40 uplinkPortCount=4 uplinkVlanMtu=9216 spine1Ip=10.nn.nn31,10.nn.nn.21 spine2Ip=10.nn.nn32,10.nn.nn.29 uplinkNetmask=255.255.255.252,255.255.255.252 mgmtVipHostname=example_vip mgmtVip=10.nn.nn.46 ntpIps=10.nn.nn.1,10.nn.nn.2 peer1Asn=50000 peer1Ip=10.nn.nn.31,10.nn.nn.26 peer2Asn=50000 peer2Ip=10.nn.nn.34,10.nn.nn.30 objectStorageIp=10.nn.nn.72 mgmt01Ip=10.nn.nn.44 mgmt02Ip=10.nn.nn.45 mgmt03Ip=10.nn.nn.46 bgpTopology=mesh BGPAuthentication=true BGPAuthenticationPassword=bgp-password adminBGPAuthentication=true adminBGPAuthenticationPassword=admin-bgp-password
Note:
BGP authentication isn't enabled if you don't specify a password.Because BGP often involves separate administrative domains, password coordination is necessary between those responsible for both ends of the BGP links.
The
adminBGPpassword
must be established and changed on both ends of the BGP links at the same time. This might require careful coordination between different administrators. If one BGP authentication password is changed and the other isn't, the link fails.To verify success in BGP operation, run the command
show bgp sessions
. -
For a static network configuration, enter the parameters on a single line.
Note:
After static routing parameters are configured, monitor the process using theshow networkConfig
command. When the process is complete, theNetwork Config Lifecycle State
isCreating
rather thanActive
. TheNetwork Config Lifecycle State
isn'tActive
until thelockDay0NetworkParameters
command is issued.PCA-ADMIN> setDay0StaticRoutingParameters uplinkPortCount=2 uplinkMtu=9216 mgmtVipHostname=name mgmtVip=10.nn.nn.22 ntpIps=10.nn.nn.1,10nn.nn.105,nn.nn.17.1 spine1Ip=10.nn.nn.18 spine2Ip=10.nn.nn.19 spineVip=10.nn.nn.20 uplinkNetmask=255.255.255.248 uplinkGateway=10.nn.nn.1 uplinkVlan=678 uplinkPortSpeed=40 uplinkRouterGroup=116 objectStorageIp=10.nn.nn.241 mgmt01Ip=10.nn.nn.7 mgmt02Ip=10.nn.nn.8 mgmt03Ip=10.nn.nn.9 mgmt01Hostname=mn1 mgmt02Hostname=mn2 mgmt03Hostname=mn3 dnsIp1=10.1nn.nn.200 dnsIp2=206.nn.nn.1 dnsIp3=206.nn.nn.2
-
-
Confirm the network parameters are configured. You can monitor the process using the
show NetworkConfig
command. When the process is complete, theNetwork Config Lifecycyle State = ACTIVE.
Note:
After static routing parameters are configured, theNetwork Config Lifecycle State
isCreating
rather thanActive
. TheNetwork Config Lifecycle State
isn'tActive
until thelockDay0NetworkParameters
command is issued in the next step.PCA-ADMIN> show networkConfig Command: show networkConfig Status: Success Time: 2023-08-01 14:11:30,426 UTC Data: Uplink Port Speed = 40 Uplink Port Count = 2 […] Uplink Router Group = 116 Network Config Lifecycle State = ACTIVE
When this process is complete, theSystem Config State
changes fromWait for Networking Service
toComplete
.PCA-ADMIN> show pcasystem Command: show pcaSystem Status: Success Time: 2023-08-01 14:20:32,603 UTC Data: Id = 1e79d401-4a4a-44d2-9e60-57ec223b5418 Type = PcaSystem System Config State = Complete […]
-
Lock the network parameters.
PCA-ADMIN> lockDay0NetworkParameters
-
Configure the management nodes and DNS servers. The dnsIp1 field is required.
PCA-ADMIN> edit NetworkConfig \ mgmt01Ip=10.nn.nn.9 \ mgmt02Ip=10.nn.nn.10 \ mgmt03Ip=10.nn.nn.11 \ mgmt01Hostname=apac01-mn1 \ mgmt02Hostname=apac01-mn2 \ mgmt03Hostname=apac01-mn3 \ dnsIp1=206.nn.nn.1 \ dnsIp2=206.nn.nn.2 \ dnsIp3=10.nn.nn.197
-
Enter the list of public IPs the appliance can access from the data center, in a comma-separated list on one line.
edit NetworkConfig publicIps=10.nn.nn.2/31,10.nn.nn.4/30,10.nn.nn.8/29, \ 10.nn.nn.16/28,10.nn.nn.32/27,10.nn.nn.64/26,10.nn.nn.128/26,10.nn.nn.192/27, \ 10.nn.nn.224/28,10.nn.nn.240/29,10.nn.nn.248/30,10.nn.nn.252/31,10.nn.nn.254/32