Managing Private Cloud Appliance Tenancies

A tenancy is an environment where users create and manage cloud resources in order to build and configure virtualized workloads. A Private Cloud Appliance environment must contain at least one tenancy.

All the tenancies in the environment are collectively referred to as the Compute Enclave. However, tenancy management is a responsibility of the appliance administrator. Tenancies are created from the Service Enclave and subsequently handed over to the initial user in the tenancy: the primary tenancy administrator. For more information, see Enclaves and Interfaces.

Creating and Updating a Tenancy

An infrastructure administrator sets up a tenancy from the Service Enclave and provides access details to the primary tenancy administrator. Then the tenancy administrator can start configuring additional user accounts and cloud resources in the Compute Enclave.

Using the Service Web UI
  1. In the navigation menu, click Tenancies.

  2. In the top-right corner of the Tenancies page, click Create Tenancy.

    The Create Tenancy window appears.

  3. Fill out the tenancy details:

    • Name: Enter a name for the new tenancy.

    • Description: Optionally, enter a description for the new tenancy.

    • Service Namespace: Set a unique namespace for all resources created within this tenancy.

    • Authentication Credentials: Set a user name and password for the primary tenancy administrator.

      This account must be used to log in to the tenancy for the first time. The tenancy administrator sets up additional user accounts, defines compartments, policies and other resources, and generally configures the cloud environment so that users can start deploying their required resources.

  4. Click Save Changes to create the new tenancy.

    The new tenancy is displayed in the Tenancies list.

Using the Service CLI
  1. Create a new tenancy with the create Tenant command.

    The name, namespace and admin account credentials are required parameters; a description is optional.

    Syntax (entered on a single line):

    create Tenant 
    name=<tenancy_name> 
    serviceNamespace=<tenancy_namespace> 
    description=<tenancy_description> 
    adminUserName=<tenancy_admin_user_name> 
    adminPassword=<tenancy_admin_password> 
    confirmPassword=<tenancy_admin_password>

    Example:

    PCA-ADMIN> create Tenant name=myTestTenancy serviceNamespace=test description="A tenancy for testing purposes" \
    adminUserName=testadmin adminPassword=************ confirmPassword=************
    JobId: a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4
    Data:
      id:ocid1.tenancy.....<uniqueID>  name:myTestTenancy
  2. Use the job ID to check the status of your command.

    PCA-ADMIN> show Job id=a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4
    Data:
      Id = a0ee398f-5d44-4b3f-8b9c-e5a9692c36a4
      Type = Job
      AssociatedObj = id:ocid1.tenancy.unique_ID  type:Tenant  name:myTestTenancy
      AssociatedObj Type = Tenant
      AssociatedObj Id = ocid1.tenancy.unique_ID
      Done = true
      Name = CREATE_TYPE
      Run State = Succeeded
    [...]
  3. Verify that the new tenancy was created correctly. Use the list and show commands to display the tenancy information.

    PCA-ADMIN> list Tenant
    Data:
      id                            name
      --                            ----
      ocid1.tenancy.unique_ID   myTenancy1
      ocid1.tenancy.unique_ID   myTenancy2
      ocid1.tenancy.unique_ID   myTenancy3
      ocid1.tenancy.unique_ID   myTestTenancy
    
    PCA-ADMIN> show Tenant name=myTestTenancy
    Data:
      Id = ocid1.tenancy.unique_ID
      Type = Tenant
      Name = myTestTenancy
      Description = A tenancy for testing purposes
      Service Namespace = test
  4. Provide the Compute Web UI URL, tenancy name, user name and password to the primary tenancy administrator. The tenancy is now ready for use.

    The tenancy administrator sets up additional user accounts, defines compartments, policies and other resources, and generally configures the cloud environment so that users can start deploying their required resources.

Updating a Tenancy

The only tenancy property that an administrator can modify at this time is the description.

  • Service Web UI: Open the tenancy detail page and click Edit.

  • Service CLI: Use the command edit Tenant name=<tenancy_name> description=<tenancy_description>

Deleting a Tenancy

Ensure that tenancy users have removed all their resources. The tenancy can only be deleted if it is empty.

Using the Service Web UI
  1. In the navigation menu, click Tenancies.

  2. In the tenancies table, click the name of the tenancy you want to delete.

    The tenancy detail page is displayed.

  3. In the top-right corner of the tenancy detail page, click Delete. Confirm the operation when prompted.

Using the Service CLI
  1. Look up the name and ID of the tenancy you want to delete.

    PCA-ADMIN> list Tenant
    Data:
      id                            name
      --                            ----
      ocid1.tenancy.unique_ID   myTenancy1
      ocid1.tenancy.unique_ID   myTenancy2
      ocid1.tenancy.unique_ID   myTenancy3
      ocid1.tenancy.unique_ID   myTestTenancy
  2. To delete the tenancy, use the delete Tenant command followed by the tenancy name or ID.

    PCA-ADMIN> delete Tenant name=myTestTenancy
    Status: Running
    JobId: 92b84ac2-1f2c-41d7-980e-d7549957ef93
  3. Verify that the deleted tenancy is no longer displayed in the tenancy list.

    PCA-ADMIN> list Tenant
    Data:
      id                            name
      --                            ----
      ocid1.tenancy.unique_ID   myTenancy1
      ocid1.tenancy.unique_ID   myTenancy2
      ocid1.tenancy.unique_ID   myTenancy3

Providing OCI Images

OCI Images, also called platform images, are loaded onto the system during Private Cloud Appliance installation, and new platform images might be provided during appliance upgrade or patching operations. The images are placed in the management cluster shared storage under /nfs/shared_storage/oci_compute_images.

To enable users to deploy instances from the platform images, these images must also be imported into the Compute Enclave. During appliance upgrade or patching, the import is part of the normal process. If the Oracle-provided OCI images were not correctly imported, or if you uploaded custom images to be used by all Compute Enclave users, run the importPlatformImages command as described in this section.

New versions of an image, added during upgrade and patching, never replace any existing versions. If earlier versions of an image are obsolete and should no longer be available to users, an administrator must delete those older versions manually as described in this section. If more than three versions of an image are available, only the three most recent versions are shown when images are listed in the Compute Enclave. Older platform images are still available, and can be selected by specifying the image OCID.

Importing OCI Images

From the Service CLI, run the importPlatformImages command to make all images that are in the management cluster shared storage (/nfs/shared_storage/oci_compute_images) also available in all tenancies in the Compute Enclave.

PCA-ADMIN> importPlatformImages
JobId: f21b9d86-ccf2-4bd3-bab9-04dc3adb2966

Use the JobId to get more detailed information about the job. In the following example, no new images have been delivered:

PCA-ADMIN> show job id=f21b9d86-ccf2-4bd3-bab9-04dc3adb2966
Data: 
  Id = f21b9d86-ccf2-4bd3-bab9-04dc3adb2966
  Type = Job
  Done = true
  Name = OPERATION
  Progress Message = There are no new platform image files to import
  Run State = Succeeded
Listing OCI Images

In the Service CLI, use the listplatformImages command to list all platform images that have been imported from the management cluster shared storage.

PCA-ADMIN> listplatformImages
Data:
  id                      displayName                                     lifecycleState
  --                      -----------                                     --------------
  ocid1.image.unique_ID   uln-pca-Oracle-Linux-7.9-2024.05.29_0.oci       AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux-8-2024.05.29_0.oci         AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux-9-2024.05.29_0.oci         AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux8-OKE-1.26.6-20240611.oci   AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux8-OKE-1.27.7-20240602.oci   AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux8-OKE-1.28.3-20240602.oci   AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Solaris-11-2024.05.07_0.oci      AVAILABLE

Compute Web UI users see the same lifecycleState that listplatformImages shows. Shortly after the import operation, new images are displayed with life cycle state IMPORTING. When the import job is complete, the life cycle state changes to AVAILABLE.

If you delete a platform image, both the Service CLI and the Compute Web UI list the image as DELETING or DELETED.

Deleting OCI Images

In the Service CLI, use the deleteplatformImage command to delete a platform image. The image shows as DELETING and then DELETED in the Service CLI output and in the Compute Enclave, and eventually is not listed at all.

Important

The deleteplatformImage command does not delete the image file from shared storage. It must also be removed from the file system. Running the importPlatformImages command reimports the image and makes it available again in the Compute Enclave.

PCA-ADMIN> deleteplatformImage imageId=ocid1.image.unique_ID_7
JobId: 401567c3-3662-46bb-89d2-b7ad1541fa2d

PCA-ADMIN> listplatformImages
Data:
  id                        displayName                               lifecycleState
  --                        -----------                               --------------
  ocid1.image.unique_ID   uln-pca-Oracle-Linux-7.9-2024.05.29_0.oci   AVAILABLE
  ocid1.image.unique_ID   uln-pca-Oracle-Linux-8-2024.05.29_0.oci     AVAILABLE
[...]
  ocid1.image.unique_ID   uln-pca-Oracle-Solaris-2024.05.07_0.oci     DELETED