Managing Private Cloud Appliance Tenancies
A tenancy is an environment where users create and manage cloud resources in order to build and configure virtualized workloads. A Private Cloud Appliance environment must contain at least one tenancy.
All the tenancies in the environment are collectively referred to as the Compute Enclave. However, tenancy management is a responsibility of the appliance administrator. Tenancies are created from the Service Enclave and subsequently handed over to the initial user in the tenancy: the primary tenancy administrator. For more information, see Enclaves and Interfaces.
Creating and Updating a Tenancy
An infrastructure administrator sets up a tenancy from the Service Enclave and provides access details to the primary tenancy administrator. Then the tenancy administrator can start configuring additional user accounts and cloud resources in the Compute Enclave.
- Using the Service Web UI
-
-
In the navigation menu, click Tenancies.
-
In the top-right corner of the Tenancies page, click Create Tenancy.
The Create Tenancy window appears.
-
Fill out the tenancy details:
-
Name: Enter a name for the new tenancy.
-
Description: Optionally, enter a description for the new tenancy.
-
Service Namespace: Set a unique namespace for all resources created within this tenancy.
-
Authentication Credentials: Set a user name and password for the primary tenancy administrator.
This account must be used to log in to the tenancy for the first time. The tenancy administrator sets up additional user accounts, defines compartments, policies and other resources, and generally configures the cloud environment so that users can start deploying their required resources.
-
-
Click Save Changes to create the new tenancy.
The new tenancy is displayed in the Tenancies list.
-
- Using the Service CLI
-
-
Create a new tenancy with the
create Tenant
command.The name, namespace and admin account credentials are required parameters; a description is optional.
Syntax (entered on a single line):
create Tenant name=<tenancy_name> serviceNamespace=<tenancy_namespace> description=<tenancy_description> adminUserName=<tenancy_admin_user_name> adminPassword=<tenancy_admin_password> confirmPassword=<tenancy_admin_password>
Example:
PCA-ADMIN> create Tenant name=myTestTenancy serviceNamespace=test description="A tenancy for testing purposes" \ adminUserName=testadmin adminPassword=************ confirmPassword=************ JobId: a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4 Data: id:ocid1.tenancy.....<uniqueID> name:myTestTenancy
-
Use the job ID to check the status of your command.
PCA-ADMIN> show Job id=a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4 Data: Id = a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4 Type = Job AssociatedObj = id:ocid1.tenancy.unique_ID type:Tenant name:myTestTenancy AssociatedObj Type = Tenant AssociatedObj Id = ocid1.tenancy.unique_ID Done = true Name = CREATE_TYPE Run State = Succeeded [...]
-
Verify that the new tenancy was created correctly. Use the
list
andshow
commands to display the tenancy information.PCA-ADMIN> list Tenant Data: id name -- ---- ocid1.tenancy.unique_ID myTenancy1 ocid1.tenancy.unique_ID myTenancy2 ocid1.tenancy.unique_ID myTenancy3 ocid1.tenancy.unique_ID myTestTenancy PCA-ADMIN> show Tenant name=myTestTenancy Data: Id = ocid1.tenancy.unique_ID Type = Tenant Name = myTestTenancy Description = A tenancy for testing purposes Service Namespace = test
-
Provide the Compute Web UI URL, tenancy name, user name and password to the primary tenancy administrator. The tenancy is now ready for use.
The tenancy administrator sets up additional user accounts, defines compartments, policies and other resources, and generally configures the cloud environment so that users can start deploying their required resources.
-
- Updating a Tenancy
-
The only tenancy property that an administrator can modify at this time is the description.
-
Service Web UI: Open the tenancy detail page and click Edit.
-
Service CLI: Use the command
edit Tenant name=<tenancy_name> description=<tenancy_description>
-
Deleting a Tenancy
Ensure that tenancy users have removed all their resources. The tenancy can only be deleted if it is empty.
- Using the Service Web UI
-
-
In the navigation menu, click Tenancies.
-
In the tenancies table, click the name of the tenancy you want to delete.
The tenancy detail page is displayed.
-
In the top-right corner of the tenancy detail page, click Delete. Confirm the operation when prompted.
-
- Using the Service CLI
-
-
Look up the name and ID of the tenancy you want to delete.
PCA-ADMIN> list Tenant Data: id name -- ---- ocid1.tenancy.unique_ID myTenancy1 ocid1.tenancy.unique_ID myTenancy2 ocid1.tenancy.unique_ID myTenancy3 ocid1.tenancy.unique_ID myTestTenancy
-
To delete the tenancy, use the
delete Tenant
command followed by the tenancy name or ID.PCA-ADMIN> delete Tenant name=myTestTenancy Status: Running JobId: 92b84ac2-1f2c-41d7-980e-d7549957ef93
-
Verify that the deleted tenancy is no longer displayed in the tenancy list.
PCA-ADMIN> list Tenant Data: id name -- ---- ocid1.tenancy.unique_ID myTenancy1 ocid1.tenancy.unique_ID myTenancy2 ocid1.tenancy.unique_ID myTenancy3
-
Providing OCI Images
OCI Images, also called platform images, are loaded onto the system during Private Cloud Appliance installation, and new platform images might be provided during appliance upgrade or patching operations. The images are placed in the management cluster shared storage under /nfs/shared_storage/oci_compute_images
.
To enable users to deploy instances from the platform images, these images must also be imported into the Compute Enclave. During appliance upgrade or patching, the import is part of the normal process. If the Oracle-provided OCI images were not correctly imported, or if you uploaded custom images to be used by all Compute Enclave users, run the importPlatformImages
command as described in this section.
New versions of an image, added during upgrade and patching, never replace any existing versions. If earlier versions of an image are obsolete and should no longer be available to users, an administrator must delete those older versions manually as described in this section. If more than three versions of an image are available, only the three most recent versions are shown when images are listed in the Compute Enclave. Older platform images are still available, and can be selected by specifying the image OCID.
- Importing OCI Images
-
From the Service CLI, run the
importPlatformImages
command to make all images that are in the management cluster shared storage (/nfs/shared_storage/oci_compute_images
) also available in all tenancies in the Compute Enclave.PCA-ADMIN> importPlatformImages JobId: f21b9d86-ccf2-4bd3-bab9-04dc3adb2966
Use the
JobId
to get more detailed information about the job. In the following example, no new images have been delivered:PCA-ADMIN> show job id=f21b9d86-ccf2-4bd3-bab9-04dc3adb2966 Data: Id = f21b9d86-ccf2-4bd3-bab9-04dc3adb2966 Type = Job Done = true Name = OPERATION Progress Message = There are no new platform image files to import Run State = Succeeded
- Listing OCI Images
-
In the Service CLI, use the
listplatformImages
command to list all platform images that have been imported from the management cluster shared storage.PCA-ADMIN> listplatformImages Data: id displayName lifecycleState -- ----------- -------------- ocid1.image.unique_ID uln-pca-Oracle-Linux-7.9-2024.05.29_0.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux-8-2024.05.29_0.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux-9-2024.05.29_0.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux8-OKE-1.26.6-20240611.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux8-OKE-1.27.7-20240602.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux8-OKE-1.28.3-20240602.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Solaris-11-2024.05.07_0.oci AVAILABLE
Compute Web UI users see the same
lifecycleState
thatlistplatformImages
shows. Shortly after the import operation, new images are displayed with life cycle stateIMPORTING
. When the import job is complete, the life cycle state changes toAVAILABLE
.If you delete a platform image, both the Service CLI and the Compute Web UI list the image as
DELETING
orDELETED
. - Deleting OCI Images
-
In the Service CLI, use the
deleteplatformImage
command to delete a platform image. The image shows asDELETING
and thenDELETED
in the Service CLI output and in the Compute Enclave, and eventually is not listed at all.Important
The
deleteplatformImage
command does not delete the image file from shared storage. It must also be removed from the file system. Running theimportPlatformImages
command reimports the image and makes it available again in the Compute Enclave.PCA-ADMIN> deleteplatformImage imageId=ocid1.image.unique_ID_7 JobId: 401567c3-3662-46bb-89d2-b7ad1541fa2d PCA-ADMIN> listplatformImages Data: id displayName lifecycleState -- ----------- -------------- ocid1.image.unique_ID uln-pca-Oracle-Linux-7.9-2024.05.29_0.oci AVAILABLE ocid1.image.unique_ID uln-pca-Oracle-Linux-8-2024.05.29_0.oci AVAILABLE [...] ocid1.image.unique_ID uln-pca-Oracle-Solaris-2024.05.07_0.oci DELETED