Managing Resources Using Orchestrations v1

6 Managing Resources Using Orchestrations v1

Topics

About Orchestrations v1

Topics

What Is an Orchestration?

An orchestration defines the attributes and interdependencies of a collection of compute, networking, and storage resources in Compute Classic. You can use orchestrations to automate the provisioning and lifecycle operations of an entire virtual compute topology.

For example, you can use orchestrations to create and manage a collection of instances hosting a multitiered application stack with all the necessary networking, storage, and security settings.

A newer version of orchestrations, Orchestrations v2, offers a similar method of creating and managing resources. To understand the differences between the two versions and for an overview of the benefits of Orchestrations v2, see Comparing Orchestrations v1 and Orchestrations v2.

At any time, you can delete and re-create all the instances in an orchestration just by terminating and restarting the orchestration. Storage attachments, security lists, and so on are re-associated automatically. When the HA policy in an orchestration is set to active, if an instance in such an orchestration goes down, the instance is re-created automatically.

Note that networking and storage objects needn’t be defined in the same orchestrations that you use to create instances. You can define the networking and storage objects in separate orchestrations, and then refer to them in the orchestrations that define the instances. With this approach, you can remove and re-create instances independent of the associated resources.

To create instances using orchestrations, you build an orchestration in a JSON-formatted file, upload it to Compute Classic, and then start the orchestration. For a simple example of an orchestration file that you can use to learn how to build your first orchestration, see Building Your First Orchestration v1. But before that, do read the remainder of this topic and become familiar with the features, terminology, and concepts of orchestrations.

Orchestration Terminology

Term Description

Term	Description
object plan (`oplan`)	An object plan, or `oplan`, is the primary building block of an orchestration. Each `oplan` contains all the attributes for the object type defined in that `oplan`. An orchestration can contain up to 10 object plans, and each `oplan` can include up to 10 objects.
object type (`obj_type`)	An object type refers to the Compute Classic resource that you want to create. For example, if you want to create a storage volume, the `obj_type` would be `storage/volume`. If you want to create an instance, the `obj_type` would be `launchplan`. See Object Types in an Orchestration.
object (`objects`)	The `objects` attribute defines the properties or characteristics of the the Compute Classic resource that you want to create, as specified by the `obj_type` attribute. The fields in the `objects` section vary depending on the specified `obj_type`. For example, if you want to create a storage volume, the `obj_type` would be `storage/volume`, and the `objects` would include `size` and `bootable`. If you want to create an instance, the `obj_type` would be `launchplan,` and the `objects` would include `instances,` along with instance-specific attributes, such as `imagelist` and `shape.`

object plan (oplan)

An object plan, or oplan, is the primary building block of an orchestration.

Each oplan contains all the attributes for the object type defined in that oplan.

An orchestration can contain up to 10 object plans, and each oplan can include up to 10 objects.

object type (obj_type)

An object type refers to the Compute Classic resource that you want to create.

For example, if you want to create a storage volume, the obj_type would be storage/volume. If you want to create an instance, the obj_type would be launchplan.

See Object Types in an Orchestration.

object (objects)

The objects attribute defines the properties or characteristics of the the Compute Classic resource that you want to create, as specified by the obj_type attribute.

The fields in the objects section vary depending on the specified obj_type.

For example, if you want to create a storage volume, the obj_type would be storage/volume, and the objects would include size and bootable. If you want to create an instance, the obj_type would be launchplan, and the objects would include instances, along with instance-specific attributes, such as imagelist and shape.

For information about the attributes of each object type, see Attributes in Orchestrations v1.

Object Types in an Orchestration

In an orchestration, you can define any of the following object types:

Object Type	Description
`integrations/osscontainer`	Creates a container in the specified Oracle Cloud Infrastructure Object Storage Classic account.
`ip/reservation`	Reserves an IP address. To associate an IP reservation with an instance that’s defined in the same orchestration, you must specify a relationship between the `ip/reservation` and the `launchplan` object plans.
`launchplan`	Creates an instance. To add an instance to a security list that’s defined in the same orchestration, you must specify a relationship between the `launchplan` and the `seclist` object plans.
`network/v1/acl`	Creates an access control list (ACL) that can be applied to interfaces that are part of your IP networks.
`network/v1/ipaddressprefixset`	Creates an IP address prefix set. This can be used as a source or destination in security rules that determine access to or from the virtual interfaces of instances that are attached to IP networks.
`network/v1/ipassociation`	Associates a public IP address reservation with an interface on an instance that is attached to an IP network.
`network/v1/ipnetwork`	Creates an IP network. You can specify an IP network in the networking attributes while creating an instance.
`network/v1/ipnetworkexchange`	Creates an IP network exchange. You can add IP networks to an IP network exchange either while creating the IP network, or later, by updating the IP network.
`network/v1/ipreservation`	Reserves a public IP address from a specified IP pool. This IP address can be associated with the virtual interface of an instance that is attached to an IP network.
`network/v1/route`	Creates a route to a specified destination using the specified vNICset.
`network/v1/secprotocol`	Specifies a permitted transport protocol and ports. Security protocols are used in security rules which determine the permitted flow of traffic across your IP networks.
`network/v1/secrule`	Creates a security rule which can be added to an ACL. Security rules are applied through an ACL to control the permitted flow of traffic across your IP networks.
`network/v1/vnicset`	Creates a vNICset of one or more virtual network interfaces (vNICs). A vNICset is used to specify the next hop in a route. While creating an instance, you can specify if you want a vNIC to be added to either the shared network or an IP network.
`orchestration`	Starts a set of orchestrations. See About Nested Orchestrations.
`secapplication`	Creates a security application. To use this security application in a security rule that’s defined in the same orchestration, you must specify a relationship between these objects.
`seciplist`	Creates a security IP list. To use this security IP list in a security rule that’s defined in the same orchestration, you must specify a relationship between these objects.
`seclist`	Creates a security list. To use this security list in a security rule that’s defined in the same orchestration, you must specify a relationship between these objects.
`secrule`	Creates a security rule. If this security rule uses security applications, security lists, or security IP lists that are defined in the same orchestration, then you must specify a relationship between these objects.
`storage/volume`	Creates a storage volume. To attach this storage volume to an instance that’s defined in the same orchestration, you must specify a relationship between the `storage/volume` and the `launchplan` object plans.

An orchestration can contain up to 10 object plans, and each oplan can contain up to 10 objects.

An orchestration can also contain up to three levels of nested orchestrations. So you can use a single orchestration to manage many individual components. See About Nested Orchestrations.

Relationships Between Object Plans

You can use the relationships attribute in an orchestration to specify the sequence in which the objects in the orchestration must be created.

The relationships attribute specifies the two objects that have a relationship, identified by their oplan labels. It also specifies the relationship type, which is set to depends.

For example, if you define a storage volume in an orchestration and you also define an instance that the storage volume is attached to, then in the relationships section of the orchestration, you can specify that the launchplan object plan depends on the storage/volume object plan. This ensures that the storage volume is created before the instance is created.

So if you define a storage volume in an orchestration with the oplan label storagevolume1, and a launch plan with the oplan label boot-from-storagevolume1, then define the relationship between these objects as follows:

 "relationships": [
        {
            "oplan": "boot-from-storagevolume1",
            "to_oplan": "storagevolume1",
            "type": "depends"
        }
    ]

For more complex scenarios, you can define multiple relationships.

For example, to create a security list (seclist1), a security application (secapplication1), and a security rule (secrule1) in a single orchestration, define the following relationships to ensure that both the security application and the security list are created before the security rule:

"relationships": [
        {
            "oplan": "secrule1",
            "to_oplan": "seclist1",
            "type": "depends"
        },
        {
            "oplan": "secrule1",
            "to_oplan": "secapplication1",
            "type": "depends"
        }
    ]

Relationships Between Objects Within a Launch Plan Object

You can also specify relationships within launchplan objects (that is, instances).

For example, if you define two instances with the labels instanceA and instanceB in an orchestration and you want those instances to be created on separate nodes, then in the launchplan object plan, define the relationship between the instances as follows:

"relationships": [
                        {
                            "instances": [
                                "instanceA",
                                "instanceB"
                            ],
                            "type": "different_node"
                        }
                    ]

The type attribute under relationships in a launch plan can have one of the following values:

same_node: The specified instances are created on the same physical server. This is useful if you want to ensure low latency across instances.
different_node: The specified instances aren’t created on the same physical server. This is useful if you want to isolate instances for security or redundancy.

About Nested Orchestrations

You can specify orchestration as an object type within an orchestration. You can use such an orchestration to start and terminate multiple other orchestrations.

For example, if you’ve defined the following orchestrations:

/Compute-acme/joe.jonathan@example.com/instances_orch: An orchestration that defines multiple instances.
/Compute-acme/joe.jonathan@example.com/networking_orch: An orchestration that defines networking objects such as security lists and security rules.
/Compute-acme/joe.jonathan@example.com/storage_orch: An orchestration that defines storage volumes.

You can synchronize the management of all the resources defined in these orchestrations, through the following master orchestration:

{
   "name": "/Compute-acme/joe.jonathan@example.com/master_orch",
   "oplans": [
          {
          "label" : "master-orchestration",
          "obj_type" : "orchestration",
          "objects": [
          {
              "name": "/Compute-acme/joe.jonathan@example.com/instances_orch"
          },
          {
              "name": "/Compute-acme/joe.jonathan@example.com/networking_orch"
          },
          {
              "name": "/Compute-acme/joe.jonathan@example.com/storage_orch"
          }
           
        ]
        }
   ]
}

When you start the master orchestration, all of the nested orchestrations are started. Note that when you add a master orchestration to Compute Classic, the nested orchestrations are not added automatically. You must add each of the nested and master orchestrations separately.

Depending on the nature of the orchestrations, you might also need to define relationships between the different orchestration object plans in the master orchestration, to ensure that the objects defined in the various orchestrations are created in the appropriate sequence.

For example, to ensure that your network and storage resources are created before the orchestration that defines the instances is started, you can create a master orchestration with relationships defined as follows:

{
    "name": "/Compute-acme/joe.jonathan@example.com/master_orch",
    "oplans": [
        {
            "label": "instances-orchestration",
            "obj_type": "orchestration",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/instances_orch"
                }
            ]
        },
        {
            "label": "network-orchestration",
            "obj_type": "orchestration",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/networking_orch"
                }
            ]
        },
        {
            "label": "storage-orchestration",
            "obj_type": "orchestration",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/storage_orch"
                }
            ]
        }
    ],
	"relationships": [
        {
            "oplan": "instances-orchestration",
            "to_oplan": "network-orchestration",
            "type": "depends"
        },
        {
            "oplan": "instances-orchestration",
            "to_oplan": "storage-orchestration",
            "type": "depends"
        }
    ]

}

You can terminate and restart each nested orchestration individually as required. When you terminate the master orchestration, all the nested orchestrations are stopped, and the objects created by those orchestrations are deleted.

If you delete the master orchestration, the nested orchestrations aren’t automatically deleted. However, if you use the web console to delete a master orchestration, you can select the option to delete all nested orchestrations as well. See Deleting an Orchestration v1.

An orchestration can contain up to three levels of nested objects.

About High-Availability Policies in an Orchestration

You can specify a high availability (HA) policy in the ha_policy attribute of an orchestration, to specify the behavior when an object stops unexpectedly.

You can specify one of following HA policies:

active

You can specify this policy only for instances, that is, only for objects of type launchplan.

When the HA policy for an instance is set to active, if the instance stops unexpectedly, it is re-created automatically. Note, however, that the instance is re-created automatically only if the orchestration was in the Ready state and the instance was running without an error. If an instance is in an error state, it isn’t re-created automatically.
monitor

You can specify this policy only for instances, storage volumes, and orchestrations, that is, for objects of type launchplan, storage/volume, and orchestration.

When the HA policy for an object is set to monitor, if the object goes to an error state or stops unexpectedly, the orchestration changes to the Error state. However, the object isn’t re-created automatically.

You can’t specify an HA policy for any objects other than instances, storage volumes, and orchestrations. Attempting to do so results in an error. Also, if you don’t specify an HA policy for instances, storage volumes, or orchestrations explicitly, then no HA policy is applied. That is, the policy is set to none by default.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to delete an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state.

Orchestrations v1 Templates

The following sample JSON file illustrates the high-level structure of an orchestration. For templates for individual object types, see Orchestration Templates for Each Object Type.

The orchestration templates provided here might not illustrate the use of all the attributes of each object. For a complete list of attributes and their description, see Attributes in Orchestrations v1. To get started with building an orchestration, see Building Your First Orchestration v1.

{
  "description": "someDescriptionHere",
  "name": "/Compute-identity_domain/user/name",
  "relationships: [see Relationships Between Object Plans],
  "oplans": [
    {
      "label": "someText",
      "obj_type": "objectType", (see Object Types in an Orchestration)
      "ha_policy: "policy", (see About High-Availability Policies in an Orchestration)
      "objects": [
        {
          attributes (see Attributes in Orchestrations v1)
        }
      ]
    },
    {
      "label": "someText",
      "obj_type": "objectType", (see Object Types in an Orchestration)
      "objects": [
        {
          attributes (see Attributes in Orchestrations v1)
        }
      ]
    },
    .
    . up to 10 oplans
    .
  ]
}

Template for Top-Level Attributes of an Orchestration

Top-level attributes contain the name and description of an orchestration, along with other information such as the relationship between objects defined in the orchestration, start and stop times for the orchestration, and the list of objects in the orchestration.

 {
   "name": "/Compute-acme/joe.jonathan@example.com/myOrchestration",
   "description": "sample orchestration",
   "relationships": [],
   "schedule": {"start_time": "2015-06-21T12:00:00Z"},
   "oplans": [
     {
     <Define your oplans here. See Orchestration Template for oplans.>
     }
   ]
 }

Orchestration Template for oplans

An object plan, or oplan, is a top-level orchestration attribute. Within an object plan, you can specify various object types and define one or more object for each object type.

{
  <Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>

  "oplans": [

    {
      "label": "My orchestration",
      "obj_type": "orchestration",
      "objects": [
        <Define your objects here. See Orchestration Templates for Each Object Type.>
      ]
    }
  ]

}

Orchestration Templates for Each Object Type

Orchestration Template for integrations/osscontainer

Use this object type if you want to create a container in your associated Oracle Cloud Infrastructure Object Storage Classic account.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My-OSS-Container",
      "obj_type": "integrations/osscontainer",

      "objects": [
        {
          "account": "/Compute-acme/cloud_storage",
          "container": "Container_1",
          "delete_remote": false
        }
                
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for ip/reservation

Use this object type if you want to reserve permanent IP addresses in the shared network to attach with your instances. For more information, see About Public IP Addresses.

To associate an IP reservation with an instance that’s defined in the same orchestration, you must specify a relationship between the ip/reservation and the launchplan object plans.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My IP reservations",
      "obj_type": "ip/reservation",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/ipres1",
          "parentpool": "/oracle/public/ippool",
          "permanent": true
        },
        {
          "name": "/Compute-acme/joe.jonathan@example.com/ipres2",
          "parentpool": "/oracle/public/ippool",
          "permanent": true
        }
        <Define other IP reservations here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for launchplan

Use this object type if you want to define one or more instances. In an orchestration, instance is an attribute of the launchplan object type.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My instances",
      "obj_type": "launchplan",

      "objects": [
        {
          "instances": [
            {
              <Define your instance here. See Orchestration Template for Instances.>
            }
			<Define other instances here.>
          ]
        }
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for Instances

In an orchestration, instance is an attribute of the launchplan object type. If any of the objects referred to in instance attributes are defined in the same orchestration as the instance, you must specify a relationship between each such object and the instance launch plan. For more information, see Relationships Between Object Plans.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [
    {
      "label": "My instances",
      "obj_type": "launchplan",
      "objects": [

        {
          "instances": [

            {
              "shape": "oc3",
              "boot_order": [1],
              "label": "vm-1",
              "networking": {
                "eth0": {
                  "seclists": ["/Compute-acme/joe.jonathan@example.com/wlsadmin_seclist"],
                  "nat": "ipreservation:/Compute-acme/joe.jonathan@example.com/ipres1"
                     },
                "eth1" : {
                  "ipnetwork" : "/Compute-acme/joe.jonathan@example.com/ipnet-1",
            			"ip": "192.168.4.2",
			          "vnic": "/Compute-acme/joe.jonathan@example.com/eth1-ipnet1"
                    }
                 },
              "sshkeys": ["/Compute-acme/joe.jonathan@example.com/key1"],
              "storage_attachments": [
                {
                  "index": 1,
                  "volume": "/Compute-acme/joe.jonathan@example.com/boot"
                }
              ]
            }
            <Define other instances here.>
          ]
        }
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/acl

Use this object type if you want to create an access control list (ACL). For more information about using ACLs in IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "ACL1-for-vnicset1",
            "obj_type": "network/v1/acl",
            "objects": [
                {
                  "name": "/Compute-acme/joe.jonathan@example.com/acl_1",
                  "enabledFlag": true
                }
                 <Define other ACLs here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/ipaddressprefixset

Use this object type if you want to create IP address prefix set to use as a source or destination in a security rule. For more information about using IP address prefix sets in IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "IPaddress-prefix-set-1",
            "obj_type": "network/v1/ipaddressprefixset",
            "objects": [
                {
                  "name": "/Compute-acme/joe.jonathan@example.com/ext_ip_addresses",
                  "ipAddressPrefixes": ["203.0.113.0/30", "192.51.100.1/24"]
                 }
                 <Define other IP address prefix sets here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/ipassociation

Use this object type if you want to create an IP association between an IP reservation and a vNIC in an IP network. For more information about IP associations in IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "IP-Association-for-vnic1-on-instance1",
            "obj_type": "network/v1/ipassociation",
            "objects": [
                {
                  "name": "/Compute-acme/joe.jonathan@example.com/IP-association-vnic1",
                  "ipAddressReservation": "/Compute-acme/joe.jonathan@example.com/IPres-for-instance1-vnic1",
				        "vnic": "/Compute-acme/joe.jonathan@example.com/instance1-vnic1"
                 }
                 <Define other IP associations here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/ipnetwork

Use this object type if you want to create IP networks. For more information about setting up and using IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "ipnet1",
            "obj_type": "network/v1/ipnetwork",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/ipnet1",
                    "ipAddressPrefix": "192.168.3.0/24",
                    "ipNetworkExchange": "/Compute-acme/joe.jonathan@example.com/ipnetworkexchange1",
                    "description": "IP network with IP network exchange"
                 }
                 <Define other IP networks here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/ipnetworkexchange

Use this object type if you want to create IP network exchanges. For more information about setting up and using IP networks and IP network exchanges, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
              "label": "ipnetworkexchange",
              "obj_type": "network/v1/ipnetworkexchange",
		    	    "objects": [
		             {
                    "name": "/Compute-acme/joe.jonathan@example.com/ipnetworkexchange1"
		        		  }
		            <Define other IP network exchanges here.>
               ]
          }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/ipreservation

Use this object type if you want to create an IP reservation for IP networks. For more information about IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

         {
            "label": "IP-Reservation-for-IP-network",
            "obj_type": "network/v1/ipreservation",
            "objects": [
                {
                  "name": "/Compute-acme/joe.jonathan@example.com/IPres-for-instance1-vnic1",
                  "ipAddressPool": "/oracle/public/public-ippool"
                 }
                 <Define other IP reservations for IP networks here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/route

Use this object type if you want to create routes to direct traffic across your IP networks. See Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "route",
            "obj_type": "network/v1/route",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/route1",
                    "nextHopVnicSet": "/Compute-acme/joe.jonathan@example.com/vnicset1",
                    "ipAddressPrefix": "203.0.113.0/24",
                    "adminDistance": "0"
                }
             <Define other routes here.>
            ]
        }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/secprotocol

Use this object type if you want to create a security protocol for IP networks. For more information about IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
               "label": "Security-protocol-for-IP-networks",
               "obj_type": "network/v1/secprotocol",
               "objects": [
                 {
                    "description": "Security Protocol 1",
                    "dstPortSet": ["20", "155-1100"],
                    "ipProtocol": "tcp",
                    "name": "/Compute-acme/joe.jonathan@example.com/secprotocol_1",
                    "srcPortSet": ["10", "55-100"]
                }
                 <Define other security protocols for IP networks here.>
		       ]
         }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/secrule

Use this object type if you want to create a security rule for IP networks. For more information about IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

         {
            "label": "IP-network-secrule-1",
            "obj_type": "network/v1/secrule",
            "objects": [
                       {
                       "acl": "/Compute-acme/joe.jonathan@example.com/acl_1",
                       "description": "Sec Rule 1",
                       "flowDirection": "egress",
                       "name": "/Compute-acme/joe.jonathan@example.com/ipnetSecrule1",
                       "secProtocols": ["/Compute-acme/joe.jonathan@example.com/secprotocol_1"],
                       "srcIpAddressPrefixSets": ["/Compute-acme/joe.jonathan@example.com/ext_ip_address_list_1"]
                       }
                       <Define other security rules for IP networks here.>
                     ]
                }       
          <Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for network/v1/vnicset

Use this object type if you want to create vNICsets in IP networks. For information about using vNICsets in IP networks, see Configuring IP Networks.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

        {
            "label": "vnicset",
            "obj_type": "network/v1/vnicset",
            "objects": [
                {
                    "name": "/Compute-acme/joe.jonathan@example.com/vnicset1",
                    "vnics": ["/Compute-acme/joe.jonathan@example.com/vnic1", 
                              "/Compute-acme/joe.jonathan@example.com/vnic2"]
                }
                <Define other vnicsets here.>
            ]
        }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for orchestration

Use this object type if you want to use an orchestration to start or stop multiple nested orchestrations. For more information, see About Nested Orchestrations.

{
  <Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My orchestration",
      "obj_type": "orchestration",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/myInstances"
        },
        {
          "name": "/Compute-acme/joe.jonathan@example.com/myStorageVolumes"
        }
        <Add names of other nested orchestrations here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for secapplication

Use this object type to define security applications to use in security rules in the shared network. For more information, see About Security Applications.

To associate an IP reservation with an instance that’s defined in the same orchestration, you must specify a relationship between the ip/reservation and the launchplan object plans.

{
  <Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My security applications",
      "obj_type": "secapplication",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/wlsadmin_ssl",
          "dport": 7002,
          "protocol": "tcp"
        }
		<Define other security applications here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for seciplist

Use this object type to define a set of IP addresses that you want to use as a source in a security rule in the shared network. For more information, see About Security IP Lists.

To use this security IP list in a security rule that’s defined in the same orchestration, you must specify a relationship between these objects.

{
 <Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "admin-ip-list",
      "obj_type": "seciplist",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/admin_ips",
          "secipentries": ["203.0.113.0/30"]
        }
		<Define other security IP lists here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for seclist

Use this object type to define security lists to group your instances in the shared network. For more information, see About Security Lists.

To use this security list in a security rule that’s defined in the same orchestration, you must specify a relationship between these objects.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "admin-seclists",
      "obj_type": "seclist",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/sysadmin_seclist"
        },
        {
          "name": "/Compute-acme/joe.jonathan@example.com/wlsadmin_seclist"
        }
		<Define other security lists here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for secrule

Use this object type to define security rules that control access to your instances in the shared network. For more information, see About Security Rules.

If this security rule uses security applications, security lists, or security IP lists that are defined in the same orchestration, then you must specify a relationship between these objects.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My security rules",
      "obj_type": "secrule",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/admin_ssh_to_sysadmin_rule",
          "application": "/oracle/public/ssh",
          "src_list": "seciplist:/Compute-acme/joe.jonathan@example.com/admin_ips",
          "dst_list": "seclist:/Compute-acme/joe.jonathan@example.com/sysadmin_seclist",
          "action": "PERMIT"
        },
        {
          "name": "/Compute-acme/joe.jonathan@example.com/dbadmin_ssh_to_db_rule",
          "application": "/oracle/public/ssh",
          "src_list": "seclist:/Compute-acme/joe.jonathan@example.com/dbadmin_seclist",
          "dst_list": "seclist:/Compute-acme/joe.jonathan@example.com/db_seclist",
          "action": "PERMIT"
        }
		<Define other security rules here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Orchestration Template for storage/volume

Use this object type to create storage volumes that you want to attach to your instances. For more information, see About Storage Volumes.

Note:

Don’t define storage volumes and instances in the same orchestration. By keeping storage volumes and instances in separate orchestrations, you can shut down and start the instances when required and yet preserve the attached storage volumes. Note that the recommendation here is to define the storage volumes outside the instance orchestration. To ensure that the storage volumes remain attached after an instance is re-created, you must define the storage attachments within the instance orchestration.

{
<Define the top-level attributes of your orchestration here. See Template for Top-Level Attributes of an Orchestration.>
  "oplans": [

    {
      "label": "My storage volumes",
      "obj_type": "storage/volume",

      "objects": [
        {
          "name": "/Compute-acme/joe.jonathan@example.com/boot",
          "bootable": true,
          "imagelist": "/oracle/public/OL_6.7_UEKR4_x86_64",
          "properties": ["/oracle/public/storage/default"],
          "size": "22548578304"
        },
        {
          "name": "/Compute-acme/joe.jonathan@example.com/data",
          "properties": ["/oracle/public/storage/latency"],
          "size": "32212254720"
        }
        <Define other storage volumes here.>
      ]
    }
<Define other objects here. See Orchestration Templates for Each Object Type.>
  ]
<Define other oplans here. See Orchestration Template for oplans.>
}

Workflow for Creating Instances Using Orchestrations v1

To use an orchestration to create and manage compute, networking, or storage resources:

Build your orchestration.
An orchestration is defined in a JavaScript Object Notation (JSON) file that contains the attributes of the Compute Classic objects that you want to create. See Building Your First Orchestration v1.
Upload the orchestration to Compute Classic. See Uploading an Orchestration v1.
To create the objects defined in the orchestration, start the orchestration. See Starting an Orchestration v1.
To delete the objects defined in the orchestration, stop the orchestration. See Terminating an Orchestration v1.

Building Your First Orchestration v1

Topics

Before You Begin

Before building your orchestration JSON file, do the following:

Read Best Practices for Using Compute Classic.
Create the security, storage, and networking resources that you plan to reference in your orchestration.

These tasks require the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- If you want to create a Linux instance with SSH access enabled, upload your SSH public keys to Compute Classic. See Adding an SSH Public Key.
  
  Note:
  
  You don’t need to do this if you’re creating a Windows instance, because you can’t log in to a Windows instance using SSH.
- If you want your instances to boot from a persistent storage disk, create bootable storage volumes. See Creating a Bootable Storage Volume.
- Create storage volumes for the data and applications that you plan to deploy on your instances. See Creating a Storage Volume. When you create the storage volumes, don’t attach them to any existing instance. You’ll specify the storage volumes later in the orchestration.
- If you want your instances to have fixed public IP addresses, then create the required IP reservation. See Reserving a Public IP Address.
- Create the required security lists. See Creating a Security List.

Sample Orchestration for Creating a Single Instance

You can use the following sample orchestration as a starting point for building your first orchestration.

{
  "description": "Simple oplan with an ssh key and a security list",
  "name": "/Compute-acme/joe.jonathan@example.com/simple_orchestration",
  "oplans": [
    {
      "label": "simple_oplan",
      "obj_type": "launchplan",
      "objects": [
        {
          "instances": [
            {
              "imagelist": "/oracle/public/OL_6.7_UEKR4_x86_64",
              "label": "OL_6.7",
              "networking": {
                "eth0": {
                  "seclists": [
                    "/Compute-acme/joe.jonathan@example.com/my_instances"
                  ],
                  "nat": "ipreservation:/Compute-acme/joe.jonathan@example.com/ip1"
                }
              },
              "shape": "oc3",
              "storage_attachments": [
                {
                  "index": 1,
                  "volume": "/Compute-acme/joe.jonathan@example.com/OL66_boot"
                  
                },
                {
                  "index": 2,
                  "volume": "/Compute-acme/joe.jonathan@example.com/data1"
                }
              ],
              "boot_order": [1],
              "sshkeys": [
                "/Compute-acme/joe.jonathan@example.com/ssh-key1"
              ]
            }
          ]
        }
      ]
    }
  ]
}

This sample orchestration does the following:

Defines an instance with the label OL_6.7, the oc3 shape, and using the /oracle/public/OL_6.7_UEKR4_x86_64 image.
Adds the instance to the security list/Compute-acme/joe.jonathan@example.com/my_instances.
Associates the IP reservation /Compute-acme/joe.jonathan@example.com/ip1 with the instance.
Attaches the bootable storage volume /Compute-acme/joe.jonathan@example.com/OL66_boot to the instance.
Attaches the data storage volume /Compute-acme/joe.jonathan@example.com/data1 to the instance.
Associates the SSH public key /Compute-acme/joe.jonathan@example.com/ssh-key1 with the instance.

Note:

To learn about the structure of an orchestration, see Orchestrations v1 Templates. For information about all the attributes that you can define in an orchestration, see Attributes in Orchestrations v1.

Steps for Building Your First Orchestration

Copy the sample orchestration to a plain text file, and open the file in any text editor.
Replace the name of the orchestration with an appropriate three-part name (/Compute-identity_domain/user/object).

Note:

While editing this sample file, remember to replace all placeholder values with values specific to your environment. For example, replace the identity domain name acme with your identity domain name and the user name joe.jonathan@example.com with your user name.
Change the value of the imagelist attribute to any image that you want to use.
Under instances, change the value of the label attribute to any label that you want.
Replace the security list /Compute-acme/joe.jonathan@example.com/my_instances with a security list that you’ve already created.
If you want to attach the instance to more security lists, remember to enclose each security-list name in double quotation marks and separate the security-list names by using commas. See the following example:
```
"seclists": [
  "/Compute-acme/joe.jonathan@example.com/my_instances",
  "/Compute-acme/joe.jonathan@example.com/dev_instances",
  "/Compute-acme/joe.jonathan@example.com/prod_instances"
]
```
Replace the IP reservation /Compute-acme/joe.jonathan@example.com/ip1 with an IP reservation that you’ve already created.
Replace the oc3 shape with the shape that you want to use.
Replace the storage volume /Compute-acme/joe.jonathan@example.com/OL66_boot with the bootable storage volume that your instance should boot from.
Replace the storage volume /Compute-acme/joe.jonathan@example.com/data1 with a storage volume that you want to attach to the instance.
If you don’t want to attach any storage volume, then remove the following section (and the comma preceding it) from the orchestration.
```
{
  "index": 2,
  "volume": "/Compute-acme/joe.jonathan@example.com/data1"
}
```
If you want to attach more storage volumes, then specify the index for the storage attachment and the name of the storage volume as follows. Separate the storage volume definitions using commas. See the following example:
```
{
  "index": 2,
  "volume": "/Compute-acme/joe.jonathan@example.com/admin/data1"
},
{
  "index": 3,
  "volume": "/Compute-acme/joe.jonathan@example.com/data2"
}
```
If you’re creating a Linux instance enabled for SSH access, replace the SSH key /Compute-acme/joe.jonathan@example.com/ssh-key1 with a key that you’ve created and added to Compute Classic.
If you want to add more SSH keys, then enclose each key in double quotation marks and separate the keys by using commas. See the following example:
```
"sshkeys": [
  "/Compute-acme/joe.jonathan@example.com/ssh-key1",
  "/Compute-acme/joe.jonathan@example.com/ssh-key2",
  "/Compute-acme/joe.jonathan@example.com/ssh-key3"
]
```
Note:

You don’t need to do this if you’re creating a Windows instance, because you can’t log in to a Windows instance using SSH. To log in to your Windows instance using RDP, see Accessing a Windows Instance Using RDP.
Save the orchestration file.

You should also validate your JSON file. You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON format isn’t valid, then an error message is displayed when you upload the orchestration.

Note:

Oracle doesn’t support or endorse any third-party JSON-validation tool.

Your orchestration file is now ready.

To create instances by using this orchestration, you must upload it to Compute Classic. See Uploading an Orchestration v1.

Attributes in Orchestrations v1

You specify attributes in orchestrations at several levels. At the highest level, you specify certain attributes for the orchestration as a whole. Then, you specify attributes for each object plan defined in the orchestration. Finally, there are attributes that are specific to each object type.

Top-level attributes

Top-level attributes contain the name and description of an orchestration, along with other information such as the relationship between objects defined in the orchestration, start and stop times for the orchestration, and the list of objects in the orchestration. See Top-Level Attributes in Orchestrations v1. For a template of top-level orchestration attributes, see Template for Top-Level Attributes of an Orchestration.
Object plan attributes

An object plan, or oplan, is a top-level orchestration attribute. Within an object plan, you can specify various object types and define one or more object for each object type. Object plan attributes define the characteristics of each oplan, including its label, object type and list of objects, and the HA policy, if applicable. See Object Plan Attributes. For an oplan template, see Orchestration Template for oplans.
Attributes specific to each object type

These are the characteristics specific to each object type. See Orchestration v1 Attributes Specific to Each Object Type. The attributes that you can specify for each object type in an orchestration are the same as the parameters that you can specify with the POST method for that resource using the API.

For orchestration templates that you can use to create individual objects, see Orchestration Templates for Each Object Type.

Top-Level Attributes in Orchestrations v1

Attributes for objects defined in an orchestration vary according to the object type. For a list of objects and object-specific attributes in orchestrations v1, see Orchestration v1 Attributes Specific to Each Object Type.

The following sample JSON shows the required top-level orchestration attributes, name and oplans. A description of each of the required and optional top-level attributes is provided in the table below.

{
       "name": "/Compute-acme/joe/myOrchestration",
       "oplans": [
                       {
                       ...
                       }
                 ]
}

Parameter	Required or Optional	Description
`name`	required	The three-part name of the orchestration (`/Compute-identity_domain/user/object_name`).
`oplans`	required	The list of object plans (`oplans`) in the orchestration. An `oplan` is the primary building block of an orchestration. Each `oplan` contains all the attributes for the object type defined in it. An orchestration can contain up to 10 object plans.
`description`	optional	Text string describing the orchestration.
`relationships`	optional	The relationship between the objects that are created by this orchestration. The only supported relationship type for orchestrations is `depends`. The `depends` relationship type specifies that one object must be instantiated first. For example, you could define a storage volume in one `oplan` and attach that storage volume to an instance in another `oplan`. The second `oplan` would then depend on the first.
`schedule`	optional	The start and stop dates and times, in ISO 8601 format. You must specify the time zone as UTC. `start_time` (Optional) Date and time when you want the orchestration to start. For example, to start an orchestration at noon on 6/21/2015, UTC, enter the start time as `2015-06-21T12:00:00Z`. Here `Z` denotes UTC. If you enter a start time that is earlier than the time you upload the orchestration, then the orchestration starts immediately. `stop_time` (Optional) Date and time when you want the orchestration to stop. For example, to stop an orchestration at 11:59 p.m. on 12/31/2015, enter the stop time as `2015–12–31T23:59:59Z`. Here `Z` denotes UTC. The stop time must be at least 120 seconds after the start time.

Object Plan Attributes

An object plan, or oplan, is a top-level orchestration attribute. Within an object plan, you can specify various object types and define one or more object for each object type. You must provide a label for each oplan. You can also specify a High Availability policy, if applicable.

The following sample JSON shows the required attributes of an object plan. A description of each of the required and optional attributes is provided in the table below.

{
        "name": "/Compute-amce/joe/myOrchestration",
        "oplans": [
                        {
                          "label": "My orchestration",
                          "obj_type": "orchestration",
                          "objects": [
                                      ...
                                      ]
                         }
                   ]
}

Parameter	Required or Optional	Description
`label`	required	Text string describing the object plan. Maximum length: 256 characters.
`obj_type`	required	The type of object that you want to create. Specify one of the following object types. `integrations/osscontainer` `ip/reservation` `launchplan` `network/v1/acl` `network/v1/ipaddressprefixset` `network/v1/ipassociation` `network/v1/ipnetwork` `network/v1/ipnetworkexchange` `network/v1/ipreservation` `network/v1/route` `network/v1/secprotocol` `network/v1/secrule` `network/v1/vnicset` `orchestration` `secapplication` `seciplist` `seclist` `secrule` `storage/volume` For a brief description of each object type, see Object Types in an Orchestration. Each object type has a specific set of attributes. See Orchestration v1 Attributes Specific to Each Object Type.
`objects`	required	The list of objects, depending on the type of object that you’re creating, as defined in the `obj_type` attribute. See Orchestration v1 Attributes Specific to Each Object Type
`ha_policy`	optional	The high availability policy: `active` or `monitor`. You can specify either `active` or `monitor` for instances, and `monitor` for storage volumes or orchestrations. You can’t specify a high availability policy for other objects. Attempting to do so results in an error. If you don’t specify a high availability policy for instances, storage volumes, or orchestrations, no high availability policy is applied. That is, by default, `ha_policy` is set to none. See High Availability Policies.

Orchestration v1 Attributes Specific to Each Object Type

You can specify various object types in an orchestration, including launch plans, networking objects such as security lists and security rules, storage volumes, and even other orchestrations. The attributes for each object vary depending on the object type.

The following sections describe the attributes for each object type that you can create using an orchestration. Each set of attributes corresponds to an object under the specified obj_type in the orchestration file.

All objects in an orchestration are contained within an object plan. For information about object plan attributes, see Object Plan Attributes. For information about defining the name and other characteristics of an orchestration, see Top-Level Attributes in Orchestrations v1.

Orchestration v1 Attributes for `integrations/osscontainer`

The following sample JSON shows the key attributes of the integrations/osscontainer object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

 {
                  "account": "/Compute-acme/cloud_storage",
                  "container": "Container_1",
                  "delete_remote": false
 }

Parameter	Required or Optional	Description
`account`	required	The two-part name of the account (`/Compute-identity_domain/cloud_storage`) that contains the credentials and access details of the associated Oracle Cloud Infrastructure Object Storage Classic instance.
`container`	required	The name of the container that you want to create. Container names must: Contain only UTF-8 characters Be a maximum of 256 bytes Avoid using a slash (/) character because this character acts as a delimiter between the container name and the object name Ensure that a container of the same name doesn’t already exist.
`delete_remote`	required	When set to `true`, deletes the Oracle Cloud Infrastructure Object Storage Classic container along with all the objects in the container when you delete the `integration/osscontainer` object created by this orchestration. When set to `false`, only the `integrations/osscontainer` object created by this orchestration is deleted. The container in Oracle Cloud Infrastructure Object Storage Classic remains intact, along with all objects in the container.
`name`	optional	The three-part name of the `integrations/osscontainer` object created by this orchestration. This name is in the format `/Compute-identity_domain/user/object`. If you don’t specify a name for this object, then the name is generated automatically. Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.

Orchestration v1 Attributes for `ip/reservation`

The following sample JSON shows the key attributes of the ip/reservation object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

 {
          "name": "/Compute-acme/joe/ipres1",
          "parentpool": "/oracle/public/ippool",
          "permanent": true
  }

Parameter	Required or Optional	Description
`parentpool`	required	Specify `/oracle/public/ippool`
`permanent`	required	Set to `True`
`account`	optional	Specify `/Compute-identity_domain/default`
`name`	optional	The three-part name of the object (`/Compute-identity_domain/user/object`). If you don’t specify a name for this object, then the name is generated automatically. Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.

Orchestration v1 Attributes for `launchplan`

Launch plan objects are used to define instances. The following sample JSON shows the required attributes of the launchplan object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

 {
          "instances": 
     [
             {
               ...
             }
      ]
 }

Parameter Required or Optional Description

Parameter	Required or Optional	Description
`instances`	required	A list of instances. For instance attributes, see Orchestration v1 Attributes for instances.
`relationships`	optional	The relationships between instances. Valid values: `same_node`: The specified instances are created on the same physical server. This is useful if you want to ensure low latency across instances. `different_node`: The specified instances aren’t created on the same physical server. This is useful if you want to isolate instances for security or redundancy.

instances

required

A list of instances.

For instance attributes, see Orchestration v1 Attributes for instances.

relationships

optional

The relationships between instances.

Valid values:

same_node: The specified instances are created on the same physical server. This is useful if you want to ensure low latency across instances.
different_node: The specified instances aren’t created on the same physical server. This is useful if you want to isolate instances for security or redundancy.

After defining a launchplan object, to define an instance, see Orchestration v1 Attributes for instances.

Orchestration v1 Attributes for `instances`

Note:

An instance is not in itself an object type. It is an attribute of the launchplan object type.

Topics:

Instance Attributes

Instances are an attribute of the launchplan object type. Instances have a number of required and optional attributes. The following sample JSON shows some of the key instance attributes. A description of each of the required and optional instance attributes is provided in the table below.

{
  "instances": [
    {
      "shape": "oc3",
      "boot_order": [
        1
      ],
      "label": "vm-1",
      "networking": {
        "eth0": {
          "seclists": [
            "/Compute-acme/joe/wlsadmin_seclist"
          ],
          "nat": "ipreservation:/Compute-acme/joe/ipres1"
        },
        "eth1": {
          "ipnetwork": "/Compute-acme/joe/ipnet1",
          "ip": "192.168.4.2",
          "vnic": "/Compute-acme/joe/eth1-ipnet1"
        }
      },
      "sshkeys": [
        "/Compute-acme/joe/key1"
      ],
      "storage_attachments": [
        {
          "index": 1,
          "volume": "/Compute-acme/joe/boot"
        }
      ]
    }
  ]
}

Parameter	Required or Optional	Description
`shape`	required	The name of the shape that defines the number of OCPUs and the RAM that you require for the instance. For general purpose and high-memory shapes, you can select the block storage disk size, but for high I/O shapes, the size of the SSD storage is determined by the shape.
`name`	optional	The three-part name of the instance (`/Compute-identity_domain/user/name`). If you specify this parameter, then the full name of the instance would be in the format, `/Compute-identity_domain/user/name_you_specify/id`. If you don’t specify this parameter, then the full name would be in the format, `/Compute-identity_domain/user/id`. In either case, id is an autogenerated ID. Examples of Instance Names: When you specify `/Compute-acme/jack/vm1` as the value of the `name` parameter: `/Compute-acme/jack/vm1/300a7479-ec90-4826-98b9-a725662628f1` When you don’t specify the `name` parameter: `/Compute-acme/jack/38ef677e-9e13-41a7-a40c-2d99afce1714` Although this is an optional parameter, specifying a meaningful name makes it easier for you to identify your instances.
`label`	optional	A text string to identify the instance. This label is used when defining relationships in an orchestration. A label can contain only alphanumeric characters, hyphens, and underscores. It can’t contain unicode characters and spaces. Maximum length is 256 characters.
`tags`	optional	A JSON array or list of strings used to tag the instance. By assigning a human-friendly tag to an instance, you can identify the instance easily when you perform an instance listing. These tags aren’t available from within the instance.
`attributes`	optional	A JSON object or dictionary of user-defined attributes to be made available to the instance. If you’re creating a Windows instance, you must specify the following required attributes: `{ "enable_rdp": true, "administrator_password": "Specify_password_here" }` For more information about specifying user-defined attributes that can be used to automate instance configuration, see Automating Instance Initialization Using opc-init. Note: Solaris machine images don’t include the opc-init scripts. So you can’t use opc-init to automate instance configuration of Solaris instances. The attributes that you specify can be accessed from within the instance at `http://192.0.0.192/latest/attributes`. For more information about retrieving user-defined attributes, see Retrieving User-Defined Instance Attributes.
`imagelist`	optional	The three-part name (`oracle/public/imagelist_name`) of the image list containing the image to be used (example: `/oracle/public/OL_6.7_UEKR4_x86_64`). You must use this attribute if you don’t specify a bootable storage volume by using the `boot_order` attribute. If you specify the `imagelist` attribute as well as the `boot_order` attribute, then the `imagelist` attribute is ignored.
`storage_attachments`	optional	If you specify the `storage_attachments` parameter, then specify the following subparameters for each attachment: `volume`: The three-part name (`/Compute-identity_domain/user/object_name`) of the storage volume that you want to attach to the instance. Note that volumes attached to an instance at launch time can't be detached. `index`: The index number for the volume. The allowed range is 1 to 10. If you want to use a storage volume as the boot disk for an instance, you must specify the index number for that volume as `1`. The index determines the device name by which the volume is exposed to the instance. Index 0 is allocated to a nonpersistent boot disk, `/dev/xvda.` An attachment with index 1 is exposed to the instance as `/dev/xvdb`, an attachment with index 2 is exposed as `/dev/xvdc`, and so on.
`boot_order`	optional	The index number of the bootable storage volume that should be used to boot the instance. The only valid value is `1`. If you set this attribute, you must also specify a bootable storage volume with index number `1` in the `volume` sub-parameter of `storage_attachments`. When you specify `boot_order`, you don’t need to specify the `imagelist` attribute, because the instance is booted using the image on the specified bootable storage volume. If you specify both `boot_order` and `imagelist,` the `imagelist` attribute is ignored.
`hostname`	optional	The host name assigned to the instance. On an Oracle Linux instance, this host name is displayed in response to the `hostname` command. Only relative DNS is supported. The domain name is suffixed to the host name that you specify. The host name must not end with a period. If you don’t specify a host name, then a name is generated automatically. The DNS name of an instance depends on its host name, as follows: If no DNS name is specified in the `networking` attribute, then the DNS name is set to the host name, and a reverse DNS record (PTR) is created for the host name. If the DNS name specified in the `networking` attribute matches the host name, then that record also creates a reverse DNS record for the host name. If the `dns` attribute under `networking` is set to an empty list (`[]`), then no DNS records are created even if a host name is specified. The instance still receives its host name through DHCP, and can perform a reverse lookup of its host name. However, no other instance can perform this reverse lookup. Note: If an instance has network interfaces defined only for IP networks and doesn’t have any interface on the shared network, then when `hostname` is specified, no DNS entries are set. In this case, DNS entries are set by the `dns` subparameter of the `networking` attribute.
`reverse_dns`	optional	If set to `true` (default), then reverse DNS records are created. If set to `false`, no reverse DNS records are created.
`networking` (attributes for the shared network)	optional	`ethn`: The interface that you’re defining. Oracle-provided images with release version 16.3.6 and later support eight vNICs. You can also create private images that support multiple vNICs. If the image you’ve specified supports eight vNICs, then you can specify up to eight network interfaces, from `eth0` to `eth7`. Note: For each interface, you can specify parameters for either the shared network, or for an IP network. You can’t specify parameters for both networks for the same `ethn` interface. Only one interface on an instance can be added to the shared network. To add an interface to the shared network, you can specify the following subparameters: `seclists:` (Optional) The security lists that you want to add the instance to. `nat:` (Optional) Indicates whether a temporary or permanent public IP address should be assigned to the instance. `dns:` (Optional) A list of the DNS A record names for the instance. This name is relative to the internal DNS domain. `model:` (Optional) The type of network interface card (NIC). The only allowed value is `e1000`. `name_servers:` (Optional) The name servers that are sent through DHCP as option 6. You can specify a maximum of eight name server IP addresses per interface. `search_domains:` (Optional) The search domains that should be sent through DHCP as option 119. You can enter a maximum of eight search domain zones per interface. For more information about each of these subparameters, see Subparameters for a Network Interface on the Shared Network.
`networking` (attributes for IP networks)	optional	`ethn`: The interface that you’re defining. Oracle-provided images with release version 16.3.6 and later support eight vNICs. You can also create private images that support multiple vNICs. If the image you’ve specified supports eight vNICs, then you can specify up to eight network interfaces, from `eth0` to `eth7`. Note: For each interface, you can specify parameters for either the shared network, or for an IP network. You can’t specify parameters for both networks for the same `ethn` interface. To add this instance to an IP network, specify the following subparameters: `ipnetwork:` The name of the IP network that you want to add the instance to. `ip:` (Optional) If you want to associate a static private IP address with the instance, specify an available IP address from the IP address range of the specified `ipnetwork`. `address:` (Optional) The MAC address of the interface, in hexadecimal format, where each digit is separated by colon. For example, you can enter `01:02:03:04:ab:cd` as the MAC address but not `01-02-03-04-ab-cd`. `nat:` (Optional) A list of IP reservation that you want to associate with this interface, in the format: `"nat": ["network/v1/ipreservation:IP_reservation_name"]`. Here IP_reservation_name is the three-part name of the IP reservation in the `/Compute-identity_domain/user/object_name` format. `vnic:` (Optional) The three-part name of the vNIC in the `/Compute-identity_domain/user/object_name` format. `vnicsets:` (Optional) A list of the three-part names of the vNICsets that you want to add this interface to. `is_default_gateway:` (Optional) If you want to specify the interface to be used as the default gateway for all traffic, set this to `true`. The default is `false`. If the instance has an interface on the shared network, that interface is always used as the default gateway. `dns:` (Optional) A list of the DNS A record names for the instance. `name_servers:` (Optional) A list of the name servers that should be sent through DHCP as option 6. You can specify a maximum of eight name server IP addresses per interface. `search_domains:` (Optional) A list of the search domains that should be sent through DHCP as option 119. You can enter a maximum of eight search domain zones per interface. For more information about each of these subparameters, see Subparameters for a Network Interface on an IP Network.
`sshkeys`	optional	A list of the SSH public keys that you want to associate with the instance. Note: You don’t need to provide any SSH public keys if you’re creating a Windows instance, because you can’t access a Windows instance using SSH. To access a Windows instance, see Accessing a Windows Instance Using RDP. For each key, specify the three-part name in the `/Compute-identity_domain/user/object_name` format. You can associate the same key with multiple instances. The keys that you specify are stored as metadata on the instance. This metadata can be accessed from within the instance at `http://192.0.0.192/{version}/meta-data/public-keys/{index}/openssh-key`. Oracle-provided images include a script that runs automatically when the instance starts, retrieves the keys, and adds them to the `authorized_keys` file of the `opc` user. In images that you build, you can write and include a script that runs automatically when the instance starts, retrieves the SSH public keys, and adds the keys to the `authorized_keys` file of the appropriate users.

Networking Attributes for Instances

There are several subparameters that you can specify under the ethn parameter in the networking section of instance attributes. The list of subparameters varies depending on whether you’re defining a network interface on a shared network or an IP network.

Only one interface can be added to the shared network. If no subparameters are specified for the ethn parameter, the interface is implicitly added to the default security list in the shared network. You can’t explicitly or implicitly define two interfaces to be added to the shared network.

Subparameters for a Network Interface on the Shared Network

seclists: (Optional) The security lists that you want to add the instance to.

For each security list, specify the three-part name in the /Compute-identity_domain/user/object_name format. You can attach an instance to a maximum of five security lists. If you launch an instance without specifying any security list, the instance is assigned to the /Compute-identity_domain/default/default security list.
nat: (Optional) Indicates whether a temporary or permanent public IP address should be assigned to the instance.
- To associate a temporary IP address with the instance for use during the lifetime of the instance, specify ippool:/oracle/public/ippool.
- To associate a persistent IP address, specify ipreservation:ipreservation_name, where ipreservation_name is the three-part name of an existing IP reservation in the /Compute-identity_domain/user/object_name format.
If nat is not specified, then no public IP address is associated with your instance when it is created. If required, you can associate an IP address with the instance after the instance has been created.
dns: (Optional) A list of the DNS A record names for the instance. The name is relative to the internal DNS domain.
model: (Optional) The type of network interface card (NIC). The only allowed value is e1000.
name_servers: (Optional) Enter the name servers that are sent through DHCP as option 6. You can specify a maximum of eight name server IP addresses per interface. If name_servers are set in both the IP network settings as well as the shared network settings, the name servers in the shared network will be used. To ensure that the name servers specified in the IP network are used, specify the same values for name servers on each interface.
search_domains: (Optional) Enter the search domains that should be sent through DHCP as option 119. You can enter a maximum of eight search domain zones per interface. If search_domains are set in both the IP network settings as well as the shared network settings, the search domains in the shared network will be used. To ensure that the search domains specified in the IP network are used, specify the same values for search domains on each interface.

Subparameters for a Network Interface on an IP Network

ipnetwork: The name of the IP network that you want to add the instance to.

If no name is specified, the interface isn’t added to any IP network. Instead, it is implicitly added to the shared network. However, only one instance interface can be added to the shared network. If another interface is either implicitly or explicitly added to the shared network, the instance won’t be created and will display an error.

Specify the three-part name of the IP network, in the /Compute-identity_domain/user/object_name format.

⁭If an IP network belongs to an IP network exchange and if you have specified a host name, then that host name is resolvable by all IP networks connected to the IP network exchange.
ip: (Optional) The static private IP address of the instance. This is a persistent private IP address, which is reserved for use with this instance. The private IP address must be unused and it must belong to the subnet of the selected IP network. Remember, too, that certain IP addresses in a subnet are reserved. For example, the first unicast IP address of any IP network is reserved for the default gateway, the DHCP server, and the DNS server of that IP network.

If you don’t specify an IP address, an IP address is assigned dynamically from the available IP addresses of the specified ipnetwork. However in this case, if you delete and re-create the instance, its IP address might change.

Note:

Dynamically allocated IP addresses are assigned from the top of the subnet range. It is recommended that you specify static IP addresses starting from the end of the subnet range to avoid conflicts.
address: (Optional) The MAC address of the interface, in hexadecimal format, where each digit is separated by colon. For example, you can enter 01:02:03:04:ab:cd as the MAC address but not 01-02-03-04-ab-cd. Ensure that the MAC addresses that you specify are unique within each IP network exchange and each IP network. If you specify a duplicate MAC address, each vNIC with that MAC address is disabled.
nat: (Optional) A list of IP reservations that you want to associate with this interface. Specify network/v1/ipreservation:ipreservation_name, where ipreservation_name is the three-part name of an existing IP reservation in the /Compute-identity_domain/user/object_name format.

When you create an IP reservation, you specify the IP pool from which you want to reserve the IP address. You can associate a maximum of two IP reservations with each vNIC, one from each IP pool.

Example:
```
"networking":
{
                "eth0": {
                  "ipnetwork": "/test-customer/ipnet-1",
                  "ip": "192.168.2.14",
                  "nat": ["network/v1/ipreservation:/Compute-acme/joe/public-ipres-1"]
                        }
}
```
vnic: (Optional) The three-part name of the vNIC in the /Compute-identity_domain/user/object_name format.

If you don’t specify a name for this object, then the name is generated automatically.

When the vNIC name is generated automatically, the autogenerated instance id in included as part of the object_name. So if you delete and re-create an instance, the vNIC name will change. However, if you specify a vNIC name, the name won’t change if you delete and re-create the instance.

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.
vnicsets: (Optional) A list of the three-part names of the vNICsets that you want to add this vnic to. Specifying vNICsets ensures that this vNIC is added to the required vNICsets whenever the instance is created and removed from the vNICset whenever the instance is deleted.

While creating an instance, you can add a vNIC to up to 4 vNICsets. To add a vNIC to more than 4 vNICsets, update the required vNICsets after the instance is created.

The vNICsets that you specify here must already exist when you create or re-create an instance.

If no vNICset is specified, then the vNIC is added to the default vNICset, /Compute-identity_domain/default.

If an empty list ("vnicsets": [] ) is specified, this vNIC isn't added to any vNICset, including the default vNICset.
is_default_gateway: (Optional) If you want to specify the interface to be used as the default gateway for all traffic, set this to true. The default is false. Only one interface on an instance can be specified as the default gateway. If the instance has an interface on the shared network, that interface is always used as the default gateway. You can specify an interface on an IP network as the default gateway only when the instance doesn’t have an interface on the shared network.
dns: (Optional) A list of the DNS A record names for the instance.

Each IP network has its own DNS server listening on the first IP address of the subnet. You can specify up to eight DNS A record names for each instance on an IP network. These names can be queried by instances on any IP network in the same IP network exchange.

If no static IP address is specified for the instance on the IP network, an IP address on the specified IP network is assigned automatically. After the instance is launched, the defined names are associated with the IP address that was automatically allocated to the instance.

The same DNS A record name can be specified for multiple instances.

Example:
```
"networking": 
{
                "eth1": {
                    "ipnetwork": "/Compute-acme/joe/ipnet1",
                    "dns": [ "dns1.example.com", "dns2.bar.com" ]
                        }
 }
```
name_servers: (Optional) A list of the name servers that are sent through DHCP as option 6. You can specify a maximum of eight name server IP addresses per interface. If name_servers are set in both the IP network as well as the shared network, the name servers in the shared network will be used. To ensure that the name servers specified in the IP network are used, specify the same values for name servers on each interface.

Example:
```
"networking": 
{
                "eth1": {
                    "ipnetwork": "/Compute-acme/joe/ipnet1",
                    "dns": ["dns1.example.com", "dns2.bar.com"],
                    "name_servers": ["192.168.12.1", "192.168.12.2"]
                        }
 }
```
In this example, the name servers 192.168.12.1 and 192.168.12.2 will be pushed to the instance through DHCP.
search_domains: (Optional) A list of the search domains that should be sent through DHCP as option 119. You can enter a maximum of eight search domain zones per interface. If search_domains are set in both the IP network as well as the shared network, the search domains in the shared network will be used. To ensure that the search domains specified in the IP network are used, specify the same values for search domains on each interface.

Example:
```
"networking": 
{
                "eth1": {
                    "ipnetwork": "/Compute-acme/joe/ipnet1",
                    "dns": ["dns1.example.com", "dns2.bar.com"],
                    "name_servers": ["192.168.12.1", "192.168.12.2"],
                    "search_domains": ["example.com", "us.example1.com"]
                        }
 }
```
In this example, the search domain zones example.com and us.example1.com will be pushed to the instance through DHCP.

Orchestration v1 Attributes for `network/v1/acl`

The following sample JSON shows the key attributes of the network/v1/acl object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

{
                  "name": "/Compute-acme/joe/acl_1",
                  "enabledFlag": true
}

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`enabledFlag`	optional	Allows the ACL to be enabled or disabled. This parameter is set to `true` by default. Specify `false` to disable the ACL.
`description`	optional	Description of the ACL.
`tags`	optional	Strings that you can use to tag the ACL.

Orchestration v1 Attributes for `network/v1/ipaddressprefixset`

The following sample JSON shows the key attributes of the network/v1/ipaddressprefixset object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

 {
                  "name": "/Compute-acme/joe/ext_ip_address_list_1",
                  "ipAddressPrefixes": ["203.0.113.0/30", "192.51.100.1/24"]
 }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipAddressPrefixes`	optional	Set of IPv4 addresses in CIDR address prefix format.
`description`	optional	Description of the IP address prefix set.
`tags`	optional	Strings that you can use to tag the IP address prefix set.

Orchestration v1 Attributes for `network/v1/ipassociation`

The following sample JSON shows the key attributes of the network/v1/ipassociation object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

{
                  "name": "/Compute-acme/joe/IP-association-vnic1",
                  "ipAddressReservation": "/Compute-acme/joe/IPres-for-instance1-vnic1",
                  "vnic": "/Compute-acme/joe/instance1-vnic1"
}

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipAddressReservation`	optional	The name of the IP reservation that you want to associate with an instance.
`vnic`	optional	The name of the vNIC that you want to associate the IP reservation with.
`description`	optional	Description of the IP association.
`tags`	optional	Strings that you can use to tag the IP association.

Orchestration v1 Attributes for `network/v1/ipnetwork`

The following sample JSON shows the attributes of the network/v1/ipnetwork object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

               {
                  "name": "/Compute-acme/joe/ipnet1",
                  "ipAddressPrefix": "192.168.3.0/24",
                  "ipNetworkExchange": "/Compute-acme/joe/ipnetworkexchange1"
                }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipAddressPrefix`	required	The set of IP addresses allocated to your IP network, specified in the CIDR format. When you create instances, you can associate a vNIC on the instance with an IP network. That vNIC on the instance is then allocated an IP address from the specified IP network. Select the IP address prefix for your IP networks carefully. Consider the number of instances that you might want to add to the network. This will help determine the size of the subnet required. If you create multiple IP networks and you might want to add these IP networks to the same IP network exchange, then ensure that you don’t allocate overlapping address ranges to these IP networks. Similarly, if you plan to connect to your IP networks using VPN, then ensure that the addresses you specify for your IP networks don’t overlap with each other, or with the IP addresses used in your on-premises network.
`ipNetworkExchange`	optional	The IP network exchange that you want to add this IP network to. An IP network can belong to only one IP network exchange. Before you specify an IP network exchange for an IP network, ensure that the IP addresses in this IP network don’t overlap the IP addresses in any other network in the same IP network exchange. Note: You should ensure that the IP network exchange you reference currently exists. If the IP network exchange hasn’t been created or has been deleted, then when you add an instance interface to this IP network while creating the instance, the instance will go into an error state and won’t be created. If you want to connect IP networks by using an IP network exchange, it is recommended that you do this before creating instances with an interface on those IP networks. This ensures that routes are appropriately configured on instances by the DHCP client during instance initialization.
`description`	optional	Description of the IP network.
`tags`	optional	Strings that you can use to tag the IP network.

Orchestration v1 Attributes for `network/v1/ipnetworkexchange`

The following sample JSON shows the required attribute of the network/v1/ipnetworkexchange object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

    {
		   "name": "/Compute-acme/joe/ipnetworkexchange1"
	  }

Parameter Required or Optional Description

name

required

The three-part name of the object (/Compute-identity_domain/user/object).

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.

description

optional

Description of the IP network exchange.

tags

optional

Strings that you can use to tag the IP network exchange.

Orchestration v1 Attributes for `network/v1/ipreservation`

The following sample JSON shows the key attributes of the network/v1/ipreservation object type for IP networks. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

         {
                  "name": "/Compute-acme/joe/IPres-for-instance1-vnic1",
                  "ipAddressPool": "/oracle/public/public-ippool"
         }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipAddressPool`	required	The IP address pool from which you want to reserve an IP address. Enter one of the following: `/oracle/public/public-ippool`: When you attach an IP address from this pool to an instance, you enable access between the public Internet and the instance. `/oracle/public/cloud-ippool`: When you attach an IP address from this pool to an instance, the instance can communicate privately (that is, without traffic going over the public Internet) with other Oracle Cloud services, such as the REST endpoint of an Oracle Cloud Infrastructure Object Storage Classic account in the same region.
`description`	optional	Description of the IP reservation.
`tags`	optional	Strings that you can use to tag the IP reservation.

Orchestration v1 Attributes for `network/v1/route`

The following sample JSON shows the required attributes of the network/v1/route object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

       {
                    "name": "/Compute-acme/joe/route1",
                    "nextHopVnicSet": "/Compute-acme/joe/vnicset1",
                    "ipAddressPrefix": "192.168.0.0/16"
       }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipAddressPrefix`	required	The IP address prefix, in CIDR format, of the destination network that you want to specify the route to.
`nextHopVnicSet`	required	The vNICset that you want to use to route packets to the destination network. When a vNICset containing multiple vNICs is used in a route, Equal Cost Multipath (ECMP) anycast routing is implemented. Traffic routed by that route is load balanced across all the vNICs in the vNICset. Using vNICsets with multiple vNICs also ensures high availability for traffic across the specified vNICs.
`adminDistance`	optional	The route’s administrative distance. Specify 0 (the default), 1, or 2. The administrative distance indicates the priority of a route. The highest priority is 0. The route with the highest priority is used. If multiple routes have the highest priority, all those routes are used.
`description`	optional	Description of the route.
`tags`	optional	Strings that you can use to tag the route.

Orchestration v1 Attributes for `network/v1/secprotocol`

The following sample JSON shows the key attributes of the network/v1/secprotocol object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

          {
                    "description": "Sec Protocol 1",
                    "dstPortSet": ["20", "155-1100"],
                    "ipProtocol": "tcp",
                    "name": "/Compute-acme/joe/secprotocol_1",
                    "srcPortSet": ["10", "55-100"]
          }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`ipProtocol`	optional	The protocol used in the data portion of the IP datagram. The value that you specify can be either a text representation of a protocol or any unsigned 8-bit assigned protocol number in the range 0–254. See Assigned Internet Protocol Numbers (`http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml`). The following text representations are allowed: `tcp` `udp` `icmp` `igmp` `ipip` `rdp` `esp` `ah` `gre` `icmpv6` `ospf` `pim` `sctp` `mplsip` `all` Any number from 0 to 254 If no protocol is specified, all protocols are allowed.
`srcPortSet`	optional	List of port numbers or port range strings to match the packet's source port. For `tcp,` `sctp,` and `udp,` each port is a source transport port, between 0 and 65535, inclusive. For `icmp`, each port is an ICMP type, between 0 and 255, inclusive. If no source ports are specified, all source ports or ICMP types are allowed.
`dstPortSet`	optional	List of port numbers or port range strings to match the packet's destination port. For `tcp,` `sctp,` and `udp,` each port is a destination transport port, between 0 and 65535, inclusive. For `icmp`, each port is an ICMP code, between 0 and 255, inclusive. If no destination ports are specified, all destination ports or ICMP codes are allowed.
`description`	optional	Description of the security protocol.
`tags`	optional	Strings that you can use to tag the security protocol.

Orchestration v1 Attributes for `network/v1/secrule`

The following sample JSON shows the key attributes of the network/v1/secrule object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

           {
                       "acl": "/Compute-acme/joe/acl_1",
                       "description": "Sec Rule 1",
                       "flowDirection": "egress",
                       "name": "/Compute-acme/joe/ipnetSecrule1",
                       "secProtocols": ["/Compute-acme/joe/secprotocol_1"],
                       "srcIpAddressPrefixSets": ["/Compute-acme/joe/ext_ip_address_list_1"]
            }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`flowDirection`	required	The direction of flow of traffic that this rule applies to. Allowed values are `ingress` or `egress`.
`srcVnicSet`	optional	The vNICset from which you want to permit traffic. Only packets from vNICs in the specified vNICset are permitted. When no source vNICset is specified, traffic from any vNIC is permitted.
`dstVnicSet`	optional	The vNICset to which you want to permit traffic. Only packets to vNICs in the specified vNICset are permitted. When no destination vNICset is specified, traffic to any vNIC is permitted.
`srcIpAddressPrefixSets`	optional	A list of IP address prefix sets from which you want to permit traffic. Only packets from IP addresses in the specified IP address prefix sets are permitted. When no source IP address prefix sets are specified, traffic from any IP address is permitted.
`dstIpAddressPrefixSets`	optional	A list of IP address prefix sets to which you want to permit traffic. Only packets to IP addresses in the specified IP address prefix sets are permitted. When no destination IP address prefix sets are specified, traffic to any IP address is permitted.
`secProtocols`	optional	A list of security protocols for which you want to permit traffic. Only packets that match the specified protocols and ports are permitted. When no security protocols are specified, traffic using any protocol over any port is permitted.
`enabledFlag`	optional	Allows the security rule to be enabled or disabled. This parameter is set to `true` by default. Specify `false` to disable the security rule.
`acl`	optional	The name of the access control list (ACL) that contains this security rule.
`description`	optional	Description of the security rule.
`tags`	optional	Strings that you can use to tag the security rule.

Orchestration v1 Attributes for `network/v1/vnicset`

The following sample JSON shows the key attributes of the network/v1/vnicsets object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

        {
                    "name": "/Compute-acme/joe/vnicset1",
                    "appliedAcls": ["/Compute-acme/joe/acl_1", "/Compute-acme/joe/acl_2"] 
        }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`vnics`	optional	The list of vNICs associated with this vNICset.
`appliedAcls`	optional	The names of the ACLs applied to the vNICs in the vNICset. A vNICset can have multiple ACLs applied to it and an ACL can be applied to multiple vNIC sets.
`description`	optional	Description of the route.
`tags`	optional	Strings that you can use to tag the IP network exchange.

Orchestration v1 Attributes for `orchestration`

The orchestration object type is used in nested orchestrations, when you want to launch one or more orchestrations from within an orchestration. See About Nested Orchestrations. The orchestration object type has only a single attribute, name. The following sample JSON shows this attribute and the table below provides a description of this attribute.

 {
          "name": "/Compute-acme/joe/myInstances"
 }

Parameter Required or Optional Description

name

required

The three-part name of the object (/Compute-identity_domain/user/object).

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

Orchestration v1 Attributes for `secapplication`

The following sample JSON shows the key attributes of the secapplication object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

 {
          "name": "/Compute-acme/joe/wlsadmin_ssl",
          "dport": 7002,
          "protocol": "tcp"
 }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`protocol`	required	The protocol to use. The value that you specify can be either a text representation of a protocol or any unsigned 8-bit assigned protocol number in the range 0–254. See Assigned Internet Protocol Numbers (`http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml`). For example, you can specify either `tcp` or the number 6. The following text representations are allowed: `tcp`, `udp`, `icmp`, `igmp`, `ipip`, `rdp`, `esp`, `ah`, `gre`, `icmpv6`, `ospf`, `pim`, `sctp`, `mplsip`, `all`. To specify all protocols, set this to `all`.
`dport`	optional	The TCP or UDP destination port number. You can also specify a port range, such as 5900-5999 for TCP. If you specify `tcp` or `udp` as the protocol, then the `dport` parameter is required; otherwise, it is optional. This parameter isn’t used by the ICMP protocol or the GRE protocol. Note: This request fails if the range-end is lower than the range-start. For example, if you specify the port range as 5000–4000.
`icmptype`	optional	The ICMP type. This parameter is relevant only if you specify `icmp` as the protocol. You can specify one of the following values: `echo` `reply` `ttl` `traceroute` `unreachable` If you specify `icmp` as the protocol and don't specify `icmptype` or `icmpcode`, then all ICMP packets are matched.
`icmpcode`	optional	The ICMP code. This parameter is relevant only if you specify `icmp` as the protocol. You can specify one of the following values: `network` `host` `protocol` `port` `df` `admin` If you specify `icmp` as the protocol and don't specify `icmptype` or `icmpcode`, then all ICMP packets are matched.
`description`	optional	A description of the security application.

Orchestration v1 Attributes for `seciplist`

The following sample JSON shows the required attributes of the seciplist object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

    {
          "name": "/Compute-acme/joe/admin_ips",
          "secipentries": ["203.0.113.0/30"]
    }

Parameter Required or Optional Description

name

required

The three-part name of the object (/Compute-identity_domain/user/object).

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

secipentries

required

A comma-separated list of the subnets (in CIDR format) or IPv4 addresses for which you want to create this security IP list.

For example, to create a security IP list containing the IP addresses 203.0.113.1 and 203.0.113.2, enter one of the following:

“203.0.113.0/30”

“203.0.113.1”, “203.0.113.2”

description

optional

A description of the security IP list.

Orchestration v1 Attributes for `seclist`

The following sample JSON shows the required attribute of the seclist object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

    {
          "name": "/Compute-acme/joe/sysadmin_seclist"
    }

Parameters	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`policy`	optional	The policy for inbound traffic to the security list. You can specify one of the following values: `deny` (default): Packets are dropped. No response is sent. `reject`: Packets are dropped, but a response is sent. `permit`: Packets are allowed. This policy effectively turns off the firewall for all instances in this security list.
`outbound_cidr_policy`	optional	The policy for outbound traffic from the security list. You can specify one of the following values: `deny`: Packets are dropped. No response is sent. `reject`: Packets are dropped, but a response is sent. `permit` (default): Packets are allowed.
`description`	optional	A description of the security list.

Orchestration v1 Attributes for `secrule`

The following sample JSON shows the required attributes of the secrule object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

   {
          "name": "/Compute-acme/joe/admin_ssh_to_sysadmin_rule",
          "application": "/oracle/public/ssh",
          "src_list": "seciplist:/Compute-acme/joe/admin_ips",
          "dst_list": "seclist:/Compute-acme/joe/sysadmin_seclist",
          "action": "PERMIT"
   }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.
`src_list`	required	The three-part name (`/Compute-identity_domain/user/object_name`) of the source security list or security IP list. You must use the prefix `seclist:` or `seciplist:` to identify the list type.
`dst_list`	required	The three-part name (`/Compute-identity_domain/user/object_name`) of the destination security list or security IP list. You must use the prefix `seclist:` or `seciplist:` to identify the list type. Note: You can specify a security IP list as the destination in a secrule, provided `src_list` is a security list that has DENY as its outbound policy.
`application`	required	The three-part name of the security application: (`/Compute-identity_domain/user/object_name`) for user-defined security applications and `/oracle/public/object_name` for predefined security applications.
`action`	required	Set this parameter to `PERMIT`.
`description`	optional	A description of the security rule.
`disabled`	optional	Indicates whether the security rule is enabled (set to `True`) or disabled (`False`). The default setting is `False`.

Orchestration v1 Attributes for `storage/volume`

The following sample JSON shows the key attributes of the storage/volume object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

    {
          "name": "/Compute-acme/joe/boot",
          "bootable": true,
          "imagelist": "/oracle/public/oel_6.6_20GB_x11_RD",
          "properties": ["/oracle/public/storage/default"],
          "size": "22548578304"
     }

Parameter	Required or Optional	Description
`name`	required	The three-part name of the object (`/Compute-identity_domain/user/object`). Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.
`size`	required	The size of this storage volume. Use one of the following abbreviations for the unit of measurement: `B` or `b` for bytes `K` or `k` for kilobytes `M` or `m` for megabytes `G` or `g` for gigabytes `T` or `t` for terabytes For example, to create a volume of size 10 gigabytes, you can specify `10G`, or `10240M`, or `10485760K`, and so on. The allowed range is from 1 GB to 2 TB, in increments of 1 GB.
`properties`	required	Based on your latency and IOPS requirements, select one of the following storage properties: For standard latency and throughput, specify `/oracle/public/storage/default`. For high latency and throughput, specify `/oracle/public/storage/latency`. For the highest latency and throughput, specify `/oracle/public/storage/ssd/gp1`.
`description`	optional	The description of the storage volume.
`bootable`	optional	Indicates whether the storage volume can be used as the boot disk for an instance. The default value is `False` (not a bootable volume). If you set the value to `True`, then you must specify values for the following parameters: `imagelist` The machine image that you want to extract on to the storage volume that you’re creating. `imagelist_entry` (Optional) The version of the image list entry that you want to extract. The default value is 1.
`tags`	optional	Strings that you can use to tag the storage volume.

Uploading an Orchestration v1

To use an orchestration to control the provisioning and life cycle of resources in Compute Classic, you must define the orchestration in a JSON-format file and then upload the orchestration to Compute Classic.

Prerequisites

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
You must have already created the orchestration file that you want to upload. See Building Your First Orchestration v1.

You should also validate your JSON file. You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON isn’t valid, then an error occurs when you upload the orchestration. Oracle doesn’t support or endorse any third-party JSON-validation tool.

Procedure

Sign in to the Compute Classic console.
(Optional) If your domain spans multiple sites, then check that the site you’ve selected has sufficient capacity to create the required resources. Click Site near the top of the page to view the aggregate resource usage by all tenants on the currently selected site. If resource usage on the selected site is close to maximum, pick another site.

If you’re using the REST API to create resources, note the API end point of the site that you want to use.
Click the Orchestrations tab.
Click Upload Orchestration and select the orchestration file that you want to upload.

To upload an orchestration using the CLI, use the opc compute orchestration add command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To upload an orchestration using the API, use the POST /orchestration/ method. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

Orchestrations v1 Life Cycle

When you start an orchestration, the objects defined in it are created and the orchestration moves to the ready state. When you terminate an orchestration, the objects defined in it are deleted and the orchestration moves to the stopped state.

The following figure shows the states that an orchestration can be in.

Orchestration states, described in the table that follows the figure.

starting

The orchestration is starting.

scheduled

A future start_time has been specified for the orchestration.

When the current time is equal to or past the start_time value, then the state of the orchestration changes to starting.
To cancel a current schedule, terminate the orchestration. The state of the orchestration then changes to stopping.

ready

The orchestration is running.

Note that, for any object where the HA policy isn’t specified or is set to none, you can still update or delete the object using the web console or the API. In this case, the orchestration continues to be in the ready state, even though some or all of the objects created using that orchestration may have been deleted.
For instances where the HA policy is set to active, if the orchestration is in the ready state, you can update the instance using the web console or the API, but you can’t delete the instance, because it is re-created automatically. To delete such instances, you must terminate the orchestration.

updating

The orchestration is being updated.

When an orchestration is in the ready or error state, you can update it by using the PUT /orchestration/name API call. This causes the state of the orchestration to change to updating.
When an orchestration is in the updating state, no further updates can be made. Attempts to update such an orchestration are rejected with a validation error.
If an orchestration in the updating state encounters an error, its state changes error. If no errors are encountered, then the orchestration completes the updates and returns to the ready state.
When you terminate an orchestration that’s in the updating state, it transitions to the stopping state.

error

One or more instances in the orchestration have encountered an error.

The orchestration remains in the error state until all the instances defined in it are running.
Wait to see if all the instances start running and the state of the orchestration changes automatically to ready. If that doesn’t happen, then terminate the orchestration, identify and fix the error, and start the orchestration again.

stopping

The orchestration is stopping.

If any of the objects defined in an orchestration are used or referenced by another object, the orchestration won’t be able to delete the referenced objects, and it can get stuck in the Stopping state. See My orchestration is stuck in the stopping state.

stopped

The orchestration has stopped. All the objects defined in the orchestration have been deleted.

Starting an Orchestration v1

When you start an orchestration, the objects defined in it are created, and when you stop an orchestration, those objects are deleted.

Plan your orchestrations carefully, so that you can control the creation and deletion of objects that consume resource quotas. For example, if you’re about to start an orchestration that creates a large number of storage volumes, consider whether you really need all those resources. If not, redefine your orchestration to create only the resources that you need.

Prerequisites

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
You must have uploaded the orchestration to Compute Classic. See Uploading an Orchestration v1.
You must have already created all the objects or nested orchestrations that this orchestration depends on.
If you created an instance using the Create Instance wizard, the appropriate master, instance, and storage orchestrations would have been created automatically. Next, if you stopped the master orchestration, the instance and storage orchestrations would have stopped. If you want to start those orchestrations again, ensure that all of the objects referenced by those orchestrations exist and are available before starting the master orchestration.

Note:

If any of the objects defined in an orchestration already exist, another object of the same type with the same name won’t be created and the existing object won’t be modified. The orchestration will continue starting, without reporting an error. To ensure that an orchestration creates each object that is defined in it, ensure that each object defined in an orchestration has a unique name, so that objects of the same type with the same name don’t already exist.

Procedure

Sign in to the Compute Classic console.
(Optional) If your domain spans multiple sites, then check that the site you’ve selected has sufficient capacity to create the required resources. Click Site near the top of the page to view the aggregate resource usage by all tenants on the currently selected site. If resource usage on the selected site is close to maximum, pick another site.

If you’re using the REST API to create resources, note the API end point of the site that you want to use.
Click the Orchestrations tab.
Go to the orchestration that you want to start. From the menu, select Start.

When you start an orchestration, its status changes to Starting and the objects defined in the orchestration are provisioned. When all the objects have been created, the status of the orchestration changes to Ready.

If the orchestration can’t create an object, its status changes to Error. An orchestration might transition from the Error to the Ready state when it completes creating all the specified objects.

If the status of your orchestration continues to show Error, then stop the orchestration, identify and fix the issue in the orchestration JSON file, and the start the orchestration again.

To start an orchestration using the CLI, use the opc compute orchestration update ––action START command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To start an orchestration using the API, use the PUT /orchestration/name method with the query argument action=START. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

After starting an orchestration, you can view its status on the Orchestrations page. If you no longer require any of the objects created by an orchestration, then to delete the objects, stop the orchestration. See Terminating an Orchestration v1.

Monitoring Orchestrations v1

The Orchestrations page shows you a list of your orchestrations and the status of each orchestration.

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
Click the Orchestrations tab.
All orchestrations are displayed, with information about their description and status.

Tip:

You can filter the list of orchestrations according to their category or status. To view orchestrations with a specific status (such as ready, error, or stopped), click the Show menu and select the appropriate filter. To view orchestrations of a specific category (such as all or personal), click the Category menu and select the appropriate filter.
Go to the orchestration that you want to view and, from the menu, select View.

The orchestration details page shows you the details of the current state of the orchestration, including return parameters, in JSON format. For information about the return parameters of an instance, see Return Parameters Displayed in Orchestrations v1.

To get a list of your orchestrations using the CLI, use the opc compute orchestration list command and to view the details of an orchestration, use the opc compute orchestration get command. For help with these commands, run each command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To get a list of your orchestrations using the API, use the GET /orchestration/container method and to view the details of an orchestration, use the GET /orchestration/name method. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

For information about the status of an orchestration, see Orchestrations v1 Life Cycle.

To start an orchestration, see Starting an Orchestration v1 and to stop an orchestration, see Terminating an Orchestration v1.

Return Parameters Displayed in Orchestrations v1

When you view an orchestration using the web console, you’ll see that the orchestration contains additional information about your instances, such as its status and the most recent start or stop time. This information contains return parameters that tell you about the current state of your instance. These return parameters are not part of the input that you provided in the JSON file that you uploaded.

You’ll also see that the orchestration includes certain optional parameters that you might not have specified in the JSON that you uploaded. These optional parameters are displayed either empty, or with a default value. For a description of optional input parameters, see Attributes in Orchestrations v1.

You might also notice that the sequence of objects is different from the sequence of objects in the JSON file that you uploaded. This happens because Compute Classic rearranges the objects according to a certain internal sequence. However, this has no impact on the values you provided or the way your orchestration works.

The following table shows the return parameters displayed for your instance when you view an orchestration using the web console.

Return Parameters	Description
Top-level Parameters
`status`	Shows the current status of the orchestration.
`account`	Shows the default account for your identity domain.
`uri`	Shows the complete URI of the orchestration.
`info`	The nested parameter `errors` shows which object in the orchestration has encountered an error. Empty if there are no errors.
`status_timestamp`	This information is generally displayed at the end of the orchestration JSON. It indicates the time that the current view of the orchestration was generated. This information shows only when the orchestration is running.
Oplan Parameters
`status`	Shows the current status of the `oplan`.
`info`	If the orchestration has encountered an error, the nested parameter `errors` shows the errors. Empty if there are no errors.
`status_timestamp`	This information is generally displayed towards the end of the orchestration JSON. It indicates the time that the current view of the orchestration was generated. This information shows only when the orchestration is running.
Instance Parameters
`placement_requirements`	Empty. This parameter is not used.
`ip`	If the instance is running, this parameter shows its private IP address. This information doesn’t show when an instance is not running.
`state`	If the orchestration is running, this parameter shows the current state of the instance. This information doesn’t show when an orchestration is stopped or if the instance couldn’t be created due to an error.
`start_time`	If the orchestration is running, this parameter shows the time the instance was created. This information doesn’t show when an orchestration is stopped or if the instance couldn’t be created due to an error.
`error_reason`	If the instance goes into an error state, this parameter shows the reason for the error. This information doesn’t show when an instance is not in an error state.

Terminating an Orchestration v1

When you terminate or stop an orchestration, all the instances and other resources that were provisioned by that orchestration are deleted.

Note:

When you terminate an orchestration, only the resources that are created by the orchestration are deleted. For example, if you use an orchestration to create storage volumes and attach them to your instances, then such storage volumes are deleted when you terminate the orchestration, and you lose the data stored on those storage volumes. However, if an orchestration specifies only attachments to storage volumes that are created outside the orchestration, then when you terminate the orchestration, the storage volumes aren’t deleted.

If you use the Create Instance wizard to create an instance and the required storage volumes, then separate orchestrations are automatically created for the instance and the storage volumes. When you delete an instance, if you want to retain the data on the attached storage volumes, ensure that you terminate only the instance orchestration, not the master orchestration. If you terminate the master orchestration, both the instance and the storage volumes that were created while creating the instance will be deleted. When you start the master orchestration again later on to re-create the instance, the storage volumes will be re-created; however, the data you had written to those storage volumes will be lost.

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
Click the Orchestrations tab.
Identify the orchestration that you want to terminate. From the menu, select Terminate.
The status of the orchestration changes to Stopping.

Note:

After all objects have been deleted, the status of the orchestration changes to Stopped. You can view the orchestration, download it, or start it again.

To terminate an orchestration using the CLI, use the opc compute orchestration update ––action STOP command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To terminate an orchestration using the API, use the PUT /orchestration/name method with the query argument action=STOP. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

When you no longer need an orchestration, you can delete it. See Deleting an Orchestration v1.

Downloading an Orchestration v1

You can download the orchestration file to your local host, edit it, and upload a modified orchestration file as a new orchestration.

Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
Click the Orchestrations tab.
Identify the orchestration that you want to download. From the menu, select Download, and save the orchestration file on your local host.

You can edit the downloaded orchestration file on your local host, as required, by using any text editor, and then upload the edited orchestration file as a new orchestration. Remember to change the name attribute in the JSON file.

For the procedure to upload an orchestration to Compute Classic, see Uploading an Orchestration v1.

To download an orchestration using the CLI, use the opc compute orchestration get command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To download an orchestration using the API, use the GET /orchestration/name method. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

Updating an Orchestration v1

You can update an orchestration in either of the following ways:

Directly in the web console, by selecting the Update option.

This option is enabled only when the orchestration is in the Stopped state.
By downloading the orchestration file to your local host and updating it using a text editor.

You’ll have to stop and delete the existing orchestration before you can upload the modified orchestration and start it.

Caution:

You must stop an orchestration to update it. When you stop an orchestration, all the resources that were provisioned by that orchestration are deleted.

Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
Click the Orchestrations tab.
You can update an orchestration either directly in the web console, or by downloading it to your local host.
- To update an orchestration directly in the web console:
  1. Identify the orchestration that you want to update. If the orchestration is in the Ready state, to stop the orchestration, from the menu, select Stop.
    
    Caution:
    
    When you stop an orchestration, all the resources that were provisioned by that orchestration are deleted.
  2. When the orchestration is in the Stopped state, from the menu, select Update.
  3. Modify the orchestration as required. Ensure that your modifications contain valid JSON and that you don’t update any return parameters or read-only information. When you’re done, click Update.
- To download an orchestration and edit it on your local host:
  1. Identify the orchestration that you want to update. From the menu, select Download, and save the orchestration file on your local host.
  2. Modify the downloaded orchestration file on your local host, as required, by using any text editor. You should also validate your JSON file. You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON isn’t valid, then an error occurs when you upload the orchestration. Oracle doesn’t support or endorse any third-party JSON-validation tool.
  3. Stop the existing orchestration. Go to the orchestration that you want to update and, from the menu, select Stop.
    
    Caution:
    
    When you stop an orchestration, all the resources that were provisioned by that orchestration are deleted.
  4. Delete the existing orchestration. Go to the orchestration that you want to update and, from the menu, select Delete.
  5. Upload the edited orchestration file. Click Upload Orchestration and select the updated orchestration file, then click Upload.
To start the updated orchestration, from the menu, select Start.

To download an orchestration using the CLI, use the opc compute orchestration get command. After editing an orchestration, to upload it using the CLI, use the opc compute orchestration update command. For help with these commands, run each command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To download an orchestration using the API, use the GET /orchestration/name method. After editing an orchestration, to upload it using the API, use the PUT /orchestration/name method. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

Deleting an Orchestration v1

After you’ve stopped an orchestration, if you don’t need it any more, you can delete the orchestration. When you delete an orchestration, it’s no longer listed on the Orchestrations page, and you can’t perform any action on it.

Note:

Deleting an orchestration doesn’t delete the objects created by the orchestration. To delete the objects created by an orchestration, you must stop the orchestration.

Prerequisites

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
You must have stopped the orchestration that you want to delete. See Terminating an Orchestration v1.

Procedure

Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
Click the Orchestrations tab.
Identify the orchestration that you want to delete. From the menu, select Delete.
You’re prompted to confirm the deletion.

If the orchestration that you’re deleting is a master orchestration that references other orchestrations, and if all the nested orchestrations are in the stopped state, then to delete all the nested orchestrations, select Delete all nested orchestrations.

Note:

If any of the nested orchestrations aren’t in the stopped state, then you can stop and delete each nested orchestration individually, if required.

Click Yes to confirm the deletion.

To delete an orchestration using the CLI, use the opc compute orchestration delete command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To delete an orchestration using the API, use the DELETE /orchestration/name method. For more information, see REST API for Oracle Cloud Infrastructure Compute Classic.

About Orchestrations v1

Orchestrations v1 Templates

Workflow for Creating Instances Using Orchestrations v1

Building Your First Orchestration v1

Attributes in Orchestrations v1

Top-Level Attributes in Orchestrations v1

Object Plan Attributes

Orchestration v1 Attributes Specific to Each Object Type

Orchestration v1 Attributes for integrations/osscontainer

Orchestration v1 Attributes for ip/reservation

Orchestration v1 Attributes for launchplan

Orchestration v1 Attributes for instances

Orchestration v1 Attributes for network/v1/acl

Orchestration v1 Attributes for network/v1/ipaddressprefixset

Orchestration v1 Attributes for network/v1/ipassociation

Orchestration v1 Attributes for network/v1/ipnetwork

Orchestration v1 Attributes for network/v1/ipnetworkexchange

Orchestration v1 Attributes for network/v1/ipreservation

Orchestration v1 Attributes for network/v1/route

Orchestration v1 Attributes for network/v1/secprotocol

Orchestration v1 Attributes for network/v1/secrule

Orchestration v1 Attributes for network/v1/vnicset

Orchestration v1 Attributes for orchestration

Orchestration v1 Attributes for secapplication

Orchestration v1 Attributes for seciplist

Orchestration v1 Attributes for seclist

Orchestration v1 Attributes for secrule

Orchestration v1 Attributes for storage/volume

Uploading an Orchestration v1

Orchestrations v1 Life Cycle

Starting an Orchestration v1

Monitoring Orchestrations v1

Return Parameters Displayed in Orchestrations v1

Terminating an Orchestration v1

Downloading an Orchestration v1

Updating an Orchestration v1

Deleting an Orchestration v1

Orchestration v1 Attributes for `integrations/osscontainer`

Orchestration v1 Attributes for `ip/reservation`

Orchestration v1 Attributes for `launchplan`

Orchestration v1 Attributes for `instances`

Orchestration v1 Attributes for `network/v1/acl`

Orchestration v1 Attributes for `network/v1/ipaddressprefixset`

Orchestration v1 Attributes for `network/v1/ipassociation`

Orchestration v1 Attributes for `network/v1/ipnetwork`

Orchestration v1 Attributes for `network/v1/ipnetworkexchange`

Orchestration v1 Attributes for `network/v1/ipreservation`

Orchestration v1 Attributes for `network/v1/route`

Orchestration v1 Attributes for `network/v1/secprotocol`

Orchestration v1 Attributes for `network/v1/secrule`

Orchestration v1 Attributes for `network/v1/vnicset`

Orchestration v1 Attributes for `orchestration`

Orchestration v1 Attributes for `secapplication`

Orchestration v1 Attributes for `seciplist`

Orchestration v1 Attributes for `seclist`

Orchestration v1 Attributes for `secrule`

Orchestration v1 Attributes for `storage/volume`