STCSG - Oracle Compute Cloud Service
STCSG - Oracle Compute Cloud Service
STCSG - Oracle Compute Cloud Service
May 2016
Documentation for Oracle Compute Cloud Service users and
administrators that describes how to provision and manage
instances, configure network and storage resources, add
machine images, and manage SSH keys.
Oracle Cloud Using Oracle Compute Cloud Service (IaaS),
E63022-07
Copyright © 2015, 2016, Oracle and/or its affiliates. All rights reserved.
Contributing Authors: Jeffrey Welsch, Sudipa Bhattacharya, Gururaj BS, Mirek Chocholous, Jitendra
Chouhan, Bryn Divey, Vidya Gopal, Andrei Isaev, Diby Malakar, Stephen Mayer, Tim McDuff, Irina Mok,
Raja Mukherjee, Octave Orgeron, Kiran Palan, Vimal Patel, Jeffrey Pleau, Gary Resnick, Modin Shaik, Vivek
Sedhumadhavan, Costa Siourbas, Sundar Srinivasan, Jeff Welsch, Paul Wickstrom, Chen Xie, Xiaofeng Yang,
Vincent Yee
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are
"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the
programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron,
the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless
otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates
will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party
content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface ................................................................................................................................................................ ix
Audience ....................................................................................................................................................... ix
Related Resources ........................................................................................................................................ ix
Conventions.................................................................................................................................................. ix
3 Managing Instances
About Instances......................................................................................................................................... 3-1
About Machine Images and Shapes....................................................................................................... 3-2
Instance Life Cycle.................................................................................................................................... 3-3
Workflow for Creating Your First Instance .......................................................................................... 3-4
Workflow for Creating Your First Oracle Linux Instance .......................................................... 3-4
iii
Workflow for Creating Your First Oracle Solaris Instance ........................................................ 3-5
Workflow for Creating Your First Windows Instance................................................................ 3-6
Creating Instances..................................................................................................................................... 3-7
Creating an Instance from the Instances Page ............................................................................. 3-7
Creating an Instance Using a Custom Machine Image............................................................. 3-13
Creating an Instance Using an Image from Oracle Cloud Marketplace ................................ 3-18
Creating Instances Using Orchestrations.................................................................................... 3-23
Creating Instances Using Launch Plans...................................................................................... 3-23
Listing Instances...................................................................................................................................... 3-29
Monitoring Instances.............................................................................................................................. 3-30
Logging In to an Instance ...................................................................................................................... 3-31
Retrieving Instance Metadata ............................................................................................................... 3-31
About Instance Metadata .............................................................................................................. 3-32
Retrieving Predefined Instance Metadata .................................................................................. 3-33
Retrieving User-Defined Instance Attributes............................................................................. 3-35
Sample Scenario for Specifying and Using Instance Attributes .............................................. 3-35
Updating an Instance ............................................................................................................................. 3-36
Attaching a Storage Volume to an Instance ............................................................................... 3-36
Detaching a Storage Volume from an Instance.......................................................................... 3-37
Adding an Instance to a Security List.......................................................................................... 3-38
Removing an Instance from a Security List................................................................................ 3-40
Cloning an Instance by Using Instance Snapshots ........................................................................... 3-41
Creating an Instance Snapshot .................................................................................................... 3-42
Registering the Image Generated by an Instance Snapshot..................................................... 3-43
Creating an Instance from an Instance Snapshot....................................................................... 3-44
Deleting an Instance Snapshot .................................................................................................... 3-44
Restarting an Instance ............................................................................................................................ 3-45
Restarting an Oracle Linux Instance............................................................................................ 3-45
Restarting an Oracle Solaris Instance .......................................................................................... 3-45
Restarting a Windows Instance.................................................................................................... 3-46
Deleting an Instance ............................................................................................................................... 3-46
Updating Packages on an Oracle Solaris Instance ............................................................................. 3-47
4 Managing Orchestrations
About Orchestrations ............................................................................................................................... 4-1
Orchestration Templates.......................................................................................................................... 4-7
Workflow for Creating Instances Using Orchestrations ................................................................... 4-15
Building Your First Orchestration........................................................................................................ 4-15
Attributes in Orchestrations.................................................................................................................. 4-19
Top-Level Orchestration Attributes............................................................................................. 4-19
Object Plan Attributes.................................................................................................................... 4-21
Orchestration Attributes Specific to Each Object Type............................................................. 4-22
Uploading an Orchestration.................................................................................................................. 4-38
iv
Orchestration Life Cycle ........................................................................................................................ 4-39
Starting an Orchestration....................................................................................................................... 4-40
Monitoring Orchestrations .................................................................................................................... 4-42
Return Parameters Displayed in an Orchestration ............................................................................ 4-43
Stopping an Orchestration..................................................................................................................... 4-44
Downloading an Orchestration ............................................................................................................ 4-45
Updating an Orchestration.................................................................................................................... 4-46
Deleting an Orchestration...................................................................................................................... 4-47
v
7 Configuring Network Settings
About Network Settings .......................................................................................................................... 7-1
Managing Security Lists .......................................................................................................................... 7-3
About Security Lists......................................................................................................................... 7-3
Creating a Security List ................................................................................................................... 7-6
Updating a Security List.................................................................................................................. 7-7
Adding an Instance to a Security List............................................................................................ 7-7
Removing an Instance from a Security List.................................................................................. 7-7
Deleting a Security List.................................................................................................................... 7-8
Managing Security Rules ......................................................................................................................... 7-8
About Security Rules ....................................................................................................................... 7-9
Creating a Security Rule .................................................................................................................. 7-9
Updating a Security Rule .............................................................................................................. 7-11
Deleting a Security Rule ................................................................................................................ 7-11
Managing Security Applications .......................................................................................................... 7-12
About Security Applications......................................................................................................... 7-12
Creating a Security Application ................................................................................................... 7-13
Deleting a Security Application .................................................................................................. 7-14
Managing Security IP Lists.................................................................................................................... 7-15
About Security IP Lists .................................................................................................................. 7-15
Creating a Security IP List............................................................................................................. 7-16
Updating a Security IP List ........................................................................................................... 7-17
Deleting a Security IP List ............................................................................................................. 7-18
Managing Public IP Addresses............................................................................................................. 7-18
About Public IP Addresses ........................................................................................................... 7-19
Reserving a Public IP Address ..................................................................................................... 7-19
Updating an IP Reservation.......................................................................................................... 7-20
Attaching a Public IP Address to an Instance ............................................................................ 7-21
Removing a Public IP Address from an Instance ...................................................................... 7-21
Deleting an IP Reservation............................................................................................................ 7-22
Setting Up Firewalls and Opening Ports for a Sample Scenario ..................................................... 7-23
vi
11 Connecting to Oracle Compute Cloud Service Instances Using VPN
About Oracle Network Cloud Service – VPN for Dedicated Compute.......................................... 11-1
Requesting Oracle Network Cloud Service – VPN for Dedicated Compute................................. 11-3
Configuring Your VPN Gateway ......................................................................................................... 11-3
Example Configuration of a VPN Gateway ............................................................................... 11-4
Managing Your VPN Connections....................................................................................................... 11-6
Starting a VPN Connection ........................................................................................................... 11-6
Listing Your VPN Connections .................................................................................................... 11-7
Viewing Details of a VPN Connection ........................................................................................ 11-8
Updating a VPN Connection ........................................................................................................ 11-8
Disabling a VPN Connection........................................................................................................ 11-9
Deleting a VPN Connection........................................................................................................ 11-10
Accessing Your Instances Using VPN ............................................................................................... 11-11
vii
Can’t attach a storage volume to an instance ............................................................................. 15-4
Can't detach a storage volume from an instance ....................................................................... 15-4
Can't delete a storage volume....................................................................................................... 15-5
Can’t remove an IP address from an instance............................................................................ 15-5
Can’t delete a security application............................................................................................... 15-5
Can’t delete an SSH key ................................................................................................................ 15-6
Instance Life Cycle Problems ................................................................................................................ 15-6
My orchestration hasn’t created any instances .......................................................................... 15-6
Can’t create an instance using a launch plan. Error: Shape does not exist ............................ 15-6
Can’t create an instance using a launch plan. Error: Unable to open file .............................. 15-7
Can’t create an instance using a launch plan. Error displayed: Data is invalid JSON......... 15-7
My instance was created using an incorrect image................................................................... 15-7
Unable to restart an instance ........................................................................................................ 15-8
Networking Problems ............................................................................................................................ 15-8
Can’t connect to an instance using SSH ...................................................................................... 15-8
RSA key fingerprint error while connecting to an instance ..................................................... 15-9
Can’t get instances to communicate with each other ............................................................. 15-10
Can’t access my instance even though it has a public IP address......................................... 15-10
Can’t remove an IP address from an instance.......................................................................... 15-11
Can’t delete a security application............................................................................................. 15-11
SSH Key Problems ................................................................................................................................ 15-12
Can’t connect to an instance using SSH .................................................................................... 15-12
Can’t access an instance as a local user over SSH.................................................................... 15-13
RSA key fingerprint error while connecting to an instance ................................................... 15-13
Can’t delete an SSH key .............................................................................................................. 15-14
Storage Volume Problems ................................................................................................................... 15-14
Can’t attach a storage volume to an instance ........................................................................... 15-14
Can’t access a storage volume on my instance ........................................................................ 15-15
I can no longer access my storage volume from my instance................................................ 15-15
Can't detach a storage volume from an instance ..................................................................... 15-16
Can't delete a storage volume..................................................................................................... 15-16
Orchestration Problems ....................................................................................................................... 15-16
Can’t upload an orchestration .................................................................................................... 15-16
My orchestration hasn’t created any instances ........................................................................ 15-17
Error while starting an orchestration ........................................................................................ 15-17
My instance was created using a wrong image ....................................................................... 15-18
My orchestration is stuck in the stopping state ....................................................................... 15-18
Launch Plan Problems ......................................................................................................................... 15-19
Can’t create an instance using a launch plan. Error: Shape does not exist .......................... 15-19
Can’t create an instance using a launch plan. Error: Unable to open file ............................ 15-19
Can’t create an instance using a launch plan. Error displayed: Data is invalid JSON....... 15-19
viii
Preface
Using Oracle Compute Cloud Service describes how to provision and manage Oracle
Compute Cloud Service instances, configure network and storage resources, add
machine images, and manage SSH keys.
Topics
• Audience
• Related Resources
• Conventions
Audience
This document is intended for administrators and users of Oracle Compute Cloud
Service.
Related Resources
For more information, see these Oracle resources:
Conventions
This table describes the text conventions used in this document.
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated with an
action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
ix
1
Getting Started with Oracle Compute Cloud
Service
Topics
– When you subscribe to Oracle Compute Cloud Service, you can opt for a
dedicated environment, called a site, that consists of high-performance x86
servers reserved for your use. Depending on the configuration that you
subscribe to, you get compute power equivalent to 500, 1000, 1500, or 2000
physical cores (OCPUs) of a modern Intel Xeon processor with hyperthreading
enabled.
You can migrate your on-premises applications to virtual machines that you
create on these dedicated sites, and take advantage of the elastic compute,
storage, and network capabilities that Oracle Compute Cloud Service provides.
And because you’re the only tenant on the site, you get predictable performance
in the cloud. Besides, you can extend your data center to Oracle Cloud by
requesting Oracle Network Cloud Service - VPN for Dedicated Compute.
– You can also subscribe for the required number of OCPUs in a site that’s shared
with other tenants. You can opt for a metered or nonmetered subscription.
In the case of a nonmetered subscription, you can provision resources up to
twice the subscribed capacity. For example, if you’ve paid for a nonmetered
subscription for 20 OCPUs, you can provision instances that consume up to 40
OCPUs. The additional usage will be charged per hour and billed monthly.
For pricing information, go to https://cloud.oracle.com/compute and click the
Pricing tab.
• Create and configure your account on Oracle Cloud. See Getting an Oracle.com
Account in Getting Started with Oracle Cloud.
• Understand the features of the service. See About Oracle Compute Cloud Service.
• Be familiar with the Oracle Compute Cloud Service terminology. See Oracle
Compute Cloud Service Terminology.
2. Activate the service. See Activating Your Trial Subscription or Activating Your
Order in Getting Started with Oracle Cloud.
3. Verify activation. See Verifying That Your Trial Is Running or Verifying That a
Service Is Running in Getting Started with Oracle Cloud.
4. Learn about the users and roles. See About Oracle Compute Cloud Service Roles.
5. Create users and assign appropriate roles to each user. See Managing User
Accounts and Managing User Roles in Managing and Monitoring Oracle Cloud.
6. Get familiar with Oracle Compute Cloud Service terminology. See Oracle Compute
Cloud Service Terminology.
Shape A shape is a resource profile that specifies the number About Machine
of CPUs and the amount of memory to be allocated to Images and
an instance in Oracle Compute Cloud Service. Shapes
Storage Volume A storage volume is a virtual disk that provides About Storage
persistent block storage space for instances in Oracle Volumes
Compute Cloud Service.
Security IP List A security IP list is a list of IP subnets (in the CIDR About Security
format) or IP addresses that are external to instances in IP Lists
Oracle Compute Cloud Service. You can use a security
IP list as the source or the destination in security rules
to control network access to or from Oracle Compute
Cloud Service instances.
In the API, security IP lists are called seciplists.
Security Rule A security rule is a firewall rule that you can define to About Security
control network access to Oracle Compute Cloud Rules
Service instances over a specified security application.
You can use a security rule to control network access,
• between instances in two security lists, or
• from a set of external hosts (a security IP list) to
instances in a security list.
In the API, security rules are called secrules.
4. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
Note:
For security, the web console automatically times out after 15 minutes of
inactivity. To continue using the web console, log in again.
3. From the menu, select View Details. The Service Details page is displayed.
Role Description
TenantAdminGroup (Identity Users who are assigned this role can perform all the tasks in
Domain Administrator) the My Services application, including user and role
management tasks.
Note that Oracle assigns this role to all trial users.
Role Description
service-instance- Users who are assigned this role can view, create, update,
name.Compute_Operations and delete Oracle Compute Cloud Service resources.
(Service Administrator) The identity domain administrator can create additional
service administrators, as required, by assigning this role in
Oracle Cloud My Services.
For business continuity, consider creating at least two users
with the Compute_Operations role. These users must be
IT system administrators in your organization.
service-instance- Users who are assigned this role can view Oracle Compute
name.Compute_Monitor Cloud Service resources.
The identity domain administrator can create users with
this role in Oracle Cloud My Services.
See Adding Users and Assigning Roles in Getting Started with Oracle Cloud.
Monitor the service. Check on the day-to-day operation of your Managing and Monitoring
service, monitor performance, and review Oracle Cloud Services in
important notifications. Managing and Monitoring Oracle
Cloud
Understand Oracle Compute Learn about instances, images, shapes, Oracle Compute Cloud Service
Cloud Service terminology. security lists, security rules, and so on. Terminology
Generate SSH key pairs. Generate the SSH key pairs that you plan to Generating an SSH Key Pair
use to access your Linux instances.
Access the service. Access the service through the Oracle Accessing Oracle Compute
Compute Cloud Service web console or Cloud Service Using the Web
RESTful API. Console
(Optional) Build machine Build your own machine images, upload Workflow for Creating
images and add them to Oracle them to Oracle Storage Cloud Service, and Instances Using a Custom
Compute Cloud Service register them in Oracle Compute Cloud Machine Image
Service.
(Optional) Create boot disks. Create storage volumes that can be used as Creating a Bootable Storage
boot disks for instances. Volume
(Optional) Create storage Provide storage for your instances by Managing Storage Volumes
volumes. creating and attaching storage volumes.
Create instances. Create instances with the required CPU, Managing Instances
hard disk, and memory requirements
according to the needs of your business.
(Optional) Configure security Set up firewalls for your instances by using Configuring Network Settings
lists and security rules security lists and security rules.
Log in to the instances. Access your instances securely. Accessing an Oracle Linux
Instance Using SSH
Accessing an Oracle Solaris
Instance Using SSH
Accessing a Windows Instance
Using RDP
This section provides information about generating and using SSH keys to enable
secure access to your instances.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard. To log in to your Windows instance using RDP, see
Accessing a Windows Instance Using RDP.
For information about using an SSH key to log in to your Linux instance, see
Accessing an Oracle Linux Instance Using SSH or Accessing an Oracle Solaris Instance
Using SSH.
Topics
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard. To log in to your Windows instance using RDP, see
Accessing a Windows Instance Using RDP.
SSH is a cryptographic network protocol that uses two keys, a public key and a private
key, to provide secure communication between two computers. SSH uses port 22 by
default.
Before creating instances, generate at least one SSH key pair and ensure that the
private key is available on each host that you’ll use to access instances. You can use
any SSH utility to generate SSH keys and log in to your instances. For example, if
you’re logging in from a Windows host, you can use PuTTY. If you’re using a Linux
host, you can use OpenSSH.
You can associate a single SSH public key with multiple instances. Also, if you’ve
already created and uploaded SSH public keys to Oracle Compute Cloud Service, then
you can associate multiple SSH keys with an instance when you create the instance. If
you’ve created your instance using an Oracle-provided Oracle Linux image or an
Oracle-provided Oracle Solaris image, then you can use SSH to log in to your instance
as the opc user. You can then inject additional SSH public keys by editing the /home/
opc/.ssh/authorized_keys file on your instance.
Caution:
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any SSH public keys that you added or edited manually (that is, not
during instance creation) must be added or edited again. To do this, you must
log in to the instance by using the original SSH private key. So retain and
safeguard your original SSH private key.
To log in to an instance by using SSH, you must provide the private key that matches a
public key associated with the instance.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard. To log in to your Windows instance using RDP, see
Accessing a Windows Instance Using RDP.
Caution:
Keep your SSH keys secure. Lay down policies to ensure that the keys aren’t
lost or compromised when employees leave the organization or move to other
departments. If you lose your private key, then you can’t access your
instances. For business continuity, ensure that the SSH keys of at least two IT
system administrators are added to your instances.
Topics
You can use the -t option to specify the length (bit size) of the key, as shown in
the following example:
ssh-keygen -b 2048 -t rsa
2. The command prompts you to enter the path to the file in which you want to save
the key.
A default path and file name are suggested in parentheses. For example: /home/
user_name/.ssh/id_rsa. To accept the default path and file name, press
Enter. Otherwise, enter the required path and file name, and then press Enter.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard. To log in to your Windows instance using RDP, see
Accessing a Windows Instance Using RDP.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have generated an SSH key pair. See Generating an SSH Key Pair.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
• In the Value field, paste the value of the SSH public key that you want to add.
Important:
Paste the key value exactly as it was generated. Don’t append or insert any
spaces, characters, or line breaks.
See the following example:
• To enable the key, select the Enabled check box. Alternatively, you can deselect
the check box and enable the key later.
5. Click Add.
After adding an SSH public key, you can attach it to an instance when you create the
instance.
To add an SSH public key using the API, use the POST /sshkey/ method. For more
information, see REST API for Oracle Compute Cloud Service.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard. To log in to your Windows instance using RDP, see
Accessing a Windows Instance Using RDP.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
3. You can filter the list of SSH public keys according to their category or status. To
list SSH keys with a specific status (such as enabled or disabled), click the Show
menu and select the appropriate filter. To list SSH keys of a specific category (such
as all or personal), click the Category menu and select the appropriate filter.
4. Go to the SSH key that you want to view. From the menu, select View.
To view an SSH public key using the API, use the GET /sshkey/name method. For
more information, see REST API for Oracle Compute Cloud Service.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
3. Identify the key that you want to update. From the menu, select Update.
4. Paste the new public key value (or enable or disable the key), and click Update.
If you update the value of an SSH public key, remember to make the new private key
(corresponding to the public key that you just updated) available on each of your local
hosts that’ll be used to access instances.
Note:
If a key is associated with one or more instances, then you can’t update the
key value through the web console. For such instances, you can update SSH
public keys by logging in to the instances and editing the ~/.ssh/
authorized_keys file.
If you need to edit the ~/.ssh/authorized_keys file of a user on your
instance, then before you make any changes to the file, start a second ssh
session and ensure that it remains connected while you edit the
authorized_keys file. This second ssh session serves as a backup. If the
authorized_keys file gets corrupted or you inadvertently make changes
that result in your getting locked out of the instance, then you can use the
backup ssh session to fix or revert the changes. Before closing the backup ssh
session, test the changes you made in the authorized_keys file by logging
in with the new or updated SSH key.
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any SSH public keys that you added or edited manually (that is, not
during instance creation) must be added or edited again. To do this, you must
log in to the instance by using the original SSH private key. So retain and
safeguard your original SSH private key.
To update an SSH key using the API, use the PUT /sshkey/name method. For more
information, see REST API for Oracle Compute Cloud Service.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
3. Identify the SSH public key that you want to disable. From the menu, select
Update.
4. In the Edit SSH Public Key dialog box, deselect Enabled and click Update.
To disable an SSH public key using the API, use the PUT /sshkey/name method. For
more information, see REST API for Oracle Compute Cloud Service.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
3. Identify the SSH public key that you want to enable. From the menu, select
Update.
4. On the Edit SSH Public Key dialog box, select Enabled and click Update.
To enable an SSH public key using the API, use the PUT /sshkey/name method. For
more information, see REST API for Oracle Compute Cloud Service.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that the SSH public key that you want to delete isn’t used in any instance.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click the Network tab and then click the SSH Public Keys tab in the left pane.
3. Identify the SSH key that you want to delete. From the menu, select Delete.
Note that the Delete action is disabled for keys that are associated with instances.
To delete an SSH public key using the API, use the DELETE /sshkey/name method.
For more information, see REST API for Oracle Compute Cloud Service.
Topics
• About Instances
• Creating Instances
• Listing Instances
• Monitoring Instances
• Logging In to an Instance
• Updating an Instance
• Restarting an Instance
• Deleting an Instance
About Instances
An Oracle Compute Cloud Service instance is a virtual machine running a specific
operating system and with CPU and memory resources that you specify.
Defining Instances
An instance is defined by its machine image and shape. A machine image is a virtual
hard disk that has a specific operating system installed. A shape defines the number of
CPUs and RAM available to an instance. See About Machine Images and Shapes.
Identifying Instances
You can specify a name as well as a label to identify your instance. The instance name
that you specify becomes a prefix for an ID that’s generated automatically. If you’ve
specified a label, then the label is displayed in the web console. Otherwise, the system-
generated ID is displayed.
You can assign tags to your instances to make it easy to sort and find instances.
Adding Storage
You can attach up to 20 TB of block storage to each of your instances for storing data
and applications, by creating multiple persistent storage volumes and attaching them
to the instances. Even after you delete instances, the data stored in the storage volumes
remains intact until you delete the volumes.
While creating an instance, you can set it up to boot from a persistent disk, ensuring
that any changes that you make at the operating system-level persist when the
instance is re-created.
See Managing Storage Volumes.
Configuring Network Settings
You can implement fine-grained control over network access to your instances, both
from other Oracle Compute Cloud Service instances as well as from external hosts.
When you create an instance, by default, it doesn’t allow access from any other
instance or external host. To enable unrestricted communication among some of your
instances, you can create a security list and add all the instances to that security list.
When you add an instance to a security list, the instance can communicate with all the
other instances in the same list.
By default, the instances in a security list are isolated from hosts outside the list. You
can override this default setting by creating security rules. Each security rule defines a
specific communication path, which consists of a source, a destination, and a protocol-
port combination over which communication is allowed.
See Configuring Network Settings.
• While selecting the shape for an instance, consider the nature of the applications
that you plan to deploy on the instance, the number of users that you expect to use
the applications, and also how you expect the load to scale in the future. Remember
to also factor in the CPU and memory resources that are necessary for the operating
system.
• Select a shape that meets the requirements of your workload with a sufficient
buffer for intermittent spikes in the load. If you’re not sure what shape is
appropriate for an instance, then start small, experiment with a representative
workload, and then settle on a shape. This approach may help you achieve an
optimal trade-off between resource allocation and performance.
The following tables list the shapes that are currently available in Oracle Compute
Cloud Service.
General Purpose Shapes
OC4 2 4 15
OC5 4 8 30
OC6 8 16 60
OC7 16 32 120
High-Memory Shapes
OC2M 2 4 30
OC3M 4 8 60
OC4M 8 16 120
OC5M 16 32 240
• When you create an instance, the initial status is Preparing. Oracle Compute Cloud
Service allocates resources and prepares to create the instance.
• While the specified image is being installed, the state changes to Initializing.
• After the image is installed and the instance starts, the status changes to Running.
When an instance is in the Running status, you can connect to it. You can also
attach or detach storage volumes and security lists.
For example, when you create an instance by starting its orchestration, if some of
the resources required to create the instance aren’t available, then the status of the
instance changes to Error.
Note:
If you use an orchestration to create an instance, you can control the status of
the instance through its orchestration. For example, you can create or delete an
instance by starting or stopping its orchestration. See About Orchestrations.
2. Sign in to Oracle Compute Cloud Service. See Accessing Oracle Compute Cloud
Service Using the Web Console.
3. Add the SSH public keys. See Adding an SSH Public Key.
4. Create an instance using the web console. See Creating an Instance from the
Instances Page.
After creating the instance, you can do the following:
• Create and attach storage volumes. See Creating a Storage Volume and Attaching a
Storage Volume to an Instance.
• Add your instance to a security list to control network access to the instance. See
Managing Security Lists.
• Access your instance securely by using SSH. See Accessing an Oracle Linux
Instance Using SSH.
See Also:
2. Sign in to Oracle Compute Cloud Service. See Accessing Oracle Compute Cloud
Service Using the Web Console.
3. Add the SSH public keys. See Adding an SSH Public Key.
4. Create an instance using the web console. See Creating an Instance from the
Instances Page.
After creating the instance, you can do the following:
• Create and attach storage volumes. See Creating a Storage Volume and Attaching a
Storage Volume to an Instance.
• Add your instance to a security list to control network access to the instance. See
Managing Security Lists.
• Access your instance securely by using SSH. See Accessing an Oracle Solaris
Instance Using SSH.
See Also:
2. Think of a password for the Administrator of your Windows instance and keep
the password handy. You’ll need to set this password while creating the instance.
3. Click Get App and follow the process to create an instance using the web console.
See Creating an Instance Using an Image from Oracle Cloud Marketplace.
Note:
The custom attributes required to enable RDP and set the Administrator
password that you specified are pre-populated in the Create Instance wizard.
If you want to add other users to your Windows instance and enable RDP
access for them, then enter the list of users and passwords. See Attributes
Specific to Windows Instances.
• Create and attach storage volumes. See Creating a Storage Volume and Attaching a
Storage Volume to an Instance.
• Add your instance to a security list to control network access to the instance. See
Managing Security Lists.
• Access your instance securely by using RDP. See Accessing a Windows Instance
Using RDP.
• Create other Windows instances. After you’ve selected a Windows image from
Oracle Cloud Marketplace and added it to your account, the Windows machine
image is added to the list of images available while creating an instance or while
creating a bootable storage volume. You can then directly select this image to create
another Windows instance or a bootable storage volume. See Creating an Instance
from the Instances Page and Creating a Bootable Storage Volume.
See Also:
Creating Instances
You can create Oracle Compute Cloud Service instances in several ways.
• To quickly create a single instance using the web console, see Creating an Instance
from the Instances Page.
• To select a custom machine image that you’ve already created, uploaded, and
registered with Oracle Compute Cloud Service and use it to create an instance, see
Creating an Instance Using a Custom Machine Image.
• To create an instance using a machine image that you’ve identified in Oracle Cloud
Marketplace, see Creating an Instance Using an Image from Oracle Cloud
Marketplace.
• To specify one or more instances and associated resources that you want to create
or delete in a synchronized manner, see Creating Instances Using Orchestrations.
• To create one or more instances using the API, see Creating Instances Using
Launch Plans.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Generate an SSH key pair and add the SSH public key. See Enabling Secure Access
to Instances Using SSH.
Note:
You can’t use SSH keys to log in to a Windows instance. However, you must
specify an SSH public key while creating your Windows instance using the
Create Instance wizard.
• If you want to attach storage volumes while creating the instance, then create the
required storage volumes first. See Creating a Storage Volume.
Note:
You can’t detach storage volumes that are attached during instance creation.
• If you want to add your instance to security list while creating the instance, create
the required security lists first. See Managing Security Lists.
Procedure
Tip:
Before you begin, read Best Practices for Using Oracle Compute Cloud
Service.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
– If you specify a name in the Create Instance wizard, then the full name of the
instance would be in the format, /Compute-identity_domain/user/
name_you_specify/id.
– If you don’t specify a name in the wizard, then the full name would be in the
format, /Compute-identity_domain/user/id.
In either case, id is an autogenerated ID.
Examples of Instance Names:
– When a name (vm1 in this case) is specified in the Create Instance wizard:
/Compute-myDomain/jack/vm1/300a7479-ec90-4826-98b9-
a725662628f1
Enter a label that’s meaningful and that you can use to identify the instance
easily later. Try to assign a unique label for each instance. This label is displayed
on the Instances page and also on other pages that reference the instance.
If you don’t specify a label for the instance, then its name is displayed on the
Instances page.
• Specify one or more tags to help you identify and categorize the instance.
• In the Custom Attributes field, enter any additional attributes that you want to
store on the instance. This field allows you to customize your instance by
providing additional information specific to each instance. You can enter
arbitrary key-value pairs in plain text. The text you enter here must be in JSON
format. This information is stored as user data on your instance.
If you’re creating a Windows instance, you must specify the following required
attributes:
{
"enable_rdp": true,
"administrator_password": "Specify_password_here"
}
Note:
Solaris machine images don’t include the opc-init scripts. So you can’t use
opc-init to automate instance configuration of Solaris instances.
After the instance is created, the attributes that you specify here are available
within the instance at http://192.0.0.192/latest/user-data. For
information about retrieving user data, see Retrieving User-Defined Instance
Attributes.
• If you want to be able to delete and re-create the instance after the instance is
created, then select Manage Instance Using an Orchestration. When the
instance is created, an orchestration is automatically created for it. For more
information about orchestrations, see About Orchestrations.
If you select Manage Instance Using an Orchestration, then enter a name, label,
and description for the orchestration and select a high availability (HA) policy.
See About High-Availability Policies in an Orchestration.
• If you want to connect to this instance over the Internet, then select an
autogenerated public IP address, or select an IP address from the Persistent
Public IP Reservation list.
If you select an autogenerated public IP address, the IP address persists while
the instance is running, but will change if you delete the instance and create it
again later. See About Public IP Addresses.
• If you want to connect to this instance from the public Internet by using SSH,
select Configure Instance for Public SSH Access.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
Alternatively, you can add this instance to one or more security lists. You can
then control access to this instance by creating security rules that use the
specified security lists as a source or destination.
If you select Add Instance to Security Lists and don’t select any security lists,
then the instance is added automatically to the default security list, default/
default.
For more information about configuring network settings for your instance, see
About Network Settings.
5. On the Storage page, you can attach data storage volumes and bootable storage
volumes to your instance, if required. To attach data volumes that you’ve already
created:
a. Select all the storage volumes that you want to attach in the Available Storage
Volumes list, and move them to the Selected Storage Volumes list.
b. If you select multiple storage volumes to attach, you can use the arrows next to
the Available Storage Volumes list to change the order of the storage volumes
in the Selected Storage Volumes list. The order that you specify here
determines the sequence in which the storage volumes are attached as virtual
disks to your instance.
6. By default, the instance is set up to boot from a nonpersistent boot disk and the
Boot Volume field is set to Default Instance Store. To set up the instance to boot
from a persistent storage volume, on the Storage page, do either of the following:
c. The size is set automatically to accommodate the disk size that’s specified in
the image that you selected earlier. If you want a larger boot disk than that
specified in the image, then enter a larger size.
Note:
The web console might show other storage properties. But don’t select any of
them.
b. Move the bootable storage volume that you want to use to boot your
instance to the top of the Selected Storage Volumes list.
Note:
You can select multiple bootable storage volumes. However, you can specify
only one bootable storage volume to be used to boot your instance. The
storage volume that you want to use to boot your instance must be the first
storage volume in the Selected Storage Volumes list.
c. Select the required bootable storage volume in the Boot Volume list.
Note:
If you’ve selected the option to create a bootable storage volume and you’ve
also specified a bootable storage volume in the Boot Volume list, then the
storage volume specified in the Boot Volume list is used to boot your
instance.
7. On the SSH Public Keys page, select the keys that you want to associate with this
instance from the Available SSH Public Keys list, and move them to the Selected
SSH Public Keys list.
Alternatively, to add a new SSH public key, select Add New SSH Public Key,
enter a name for the SSH public key, and paste the public key in the Value field.
Important:
Paste the key value exactly as it was generated. Don’t append or insert any
spaces, characters, or line breaks.
Tip:
The keys that you specify are stored as metadata on the instance. This
metadata can be accessed from within the instance at http://
192.0.0.192/{version}/meta-data/public-keys/{index}/
openssh-key.
• In images that you build, you can write and include a script that runs
automatically when the instance starts, retrieves the SSH public keys, and
adds the keys to the authorized_keys file of the appropriate users.
8. On the Review page, verify the information that you’ve entered, and then click
Create.
• When you create an instance, the initial status is Preparing. Oracle Compute
Cloud Service allocates resources and prepares to create the instance.
• While the specified image is being installed, the state changes to Initializing.
• After the image is installed and the instance starts, the status changes to
Running.
When an instance is in the Running status, you can connect to it. You can also
attach or detach storage volumes and security lists.
Note:
If you use an orchestration to create an instance, you can control the status of
the instance through its orchestration. For example, you can create or delete an
instance by starting or stopping its orchestration. See About Orchestrations.
See Also:
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• The custom machine image that you want to use must already be available as a
machine image in Oracle Compute Cloud Service. See Workflow for Creating
Instances Using a Custom Machine Image for information about creating,
uploading, and registering your custom machine images.
Procedure
Tip:
Before you begin, read Best Practices for Using Oracle Compute Cloud
Service.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the image that you want to use, and from the menu, select Create
Instance.
– If you specify a name in the Create Instance wizard, then the full name of the
instance would be in the format, /Compute-identity_domain/user/
name_you_specify/id.
– If you don’t specify a name in the wizard, then the full name would be in the
format, /Compute-identity_domain/user/id.
In either case, id is an autogenerated ID.
Examples of Instance Names:
– When a name (vm1 in this case) is specified in the Create Instance wizard:
/Compute-myDomain/jack/vm1/300a7479-ec90-4826-98b9-
a725662628f1
• The image field contains the name of the machine image that you selected.
Verify that this is the image you want to use. If you want to use another image,
click Cancel to exit the Create Instance wizard. Go back to Step 2 to select
another image.
• Select a shape.
The shape specifies the CPU and memory resources to be allocated to the
instance. See About Machine Images and Shapes.
• Specify one or more tags to help you identify and categorize the instance.
• In the Custom Attributes field, enter any additional attributes that you want to
store on the instance. This field allows you to customize your instance by
providing additional information specific to each instance. You can enter
arbitrary key-value pairs in plain text. The text you enter here must be in JSON
format. This information is stored as user data on your instance.
If you’re creating a Windows instance, you must specify the following required
attributes:
{
"enable_rdp": true,
"administrator_password": "Specify_password_here"
}
Note:
Solaris machine images don’t include the opc-init scripts. So you can’t use
opc-init to automate instance configuration of Solaris instances.
After the instance is created, the attributes that you specify here are available
within the instance at http://192.0.0.192/latest/user-data. For
information about retrieving user data, see Retrieving User-Defined Instance
Attributes.
• If you want to be able to delete and re-create the instance after the instance is
created, then select Manage Instance Using an Orchestration. When the
instance is created, an orchestration is automatically created for it. For more
information about orchestrations, see About Orchestrations.
If you select Manage Instance Using an Orchestration, then enter a name, label,
and description for the orchestration and select a high availability (HA) policy.
See About High-Availability Policies in an Orchestration.
• If you want to connect to this instance over the Internet, then select an
autogenerated public IP address, or select an IP address from the Persistent
Public IP Reservation list.
If you select an autogenerated public IP address, the IP address persists while
the instance is running, but will change if you delete the instance and create it
again later. See About Public IP Addresses.
• If you want to connect to this instance from the public Internet by using SSH,
select Configure Instance for Public SSH Access.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
Alternatively, you can add this instance to one or more security lists. You can
then control access to this instance by creating security rules that use the
specified security lists as a source or destination.
If you select Add Instance to Security Lists and don’t select any security lists,
then the instance is added automatically to the default security list, default/
default.
For more information about configuring network settings for your instance, see
About Network Settings.
c. The size is set automatically to accommodate the disk size that’s specified in
the image that you selected earlier. If you want a larger boot disk than that
specified in the image, then enter a larger size.
Note:
The web console might show other storage properties. But don’t select any of
them.
7. To attach data volumes to your instance, on the Storage page, do the following:
a. Select all the storage volumes that you want to attach in the Available Storage
Volumes list, and move them to the Selected Storage Volumes list.
b. If you select multiple storage volumes to attach, you can use the arrows next to
the Available Storage Volumes list to change the order of the storage volumes
in the Selected Storage Volumes list. The order that you specify here
determines the sequence in which the storage volumes are attached as virtual
disks to your instance.
8. On the SSH Public Keys page, select the keys that you want to associate with this
instance from the Available SSH Public Keys list, and move them to the Selected
SSH Public Keys list.
Alternatively, to add a new SSH public key, select Add New SSH Public Key,
enter a name for the SSH public key, and paste the public key in the Value field.
Important:
Paste the key value exactly as it was generated. Don’t append or insert any
spaces, characters, or line breaks.
Tip:
The keys that you specify are stored as metadata on the instance. This
metadata can be accessed from within the instance at http://
192.0.0.192/{version}/meta-data/public-keys/{index}/
openssh-key.
• In images that you build, you can write and include a script that runs
automatically when the instance starts, retrieves the SSH public keys, and
adds the keys to the authorized_keys file of the appropriate users.
9. On the Review page, verify the information that you’ve entered, and then click
Create.
• When you create an instance, the initial status is Preparing. Oracle Compute
Cloud Service allocates resources and prepares to create the instance.
• While the specified image is being installed, the state changes to Initializing.
• After the image is installed and the instance starts, the status changes to
Running.
When an instance is in the Running status, you can connect to it. You can also
attach or detach storage volumes and security lists.
Note:
If you use an orchestration to create an instance, you can control the status of
the instance through its orchestration. For example, you can create or delete an
instance by starting or stopping its orchestration. See About Orchestrations.
See Also:
Note:
If you’ve identified an image from Oracle Cloud Marketplace that you’d like
to use, check if that image already exists in your Oracle Compute Cloud
Service account. If another user requested the same image from Oracle Cloud
Marketplace earlier on, it would have already been added to the images listed
in the Private Images page. In that case, to use that machine image to create an
instance, follow the procedure described in Creating an Instance Using a
Custom Machine Image or Creating an Instance from the Instances Page.
Tip:
Before you begin, read Best Practices for Using Oracle Compute Cloud
Service.
2. From the Products drop-down list, select Infrastructure (IaaS), and then select
Compute Cloud.
3. Enter the name of the image that you want to use in the Search bar at the top of the
page and click Go.
You’re directed to a page with more information for the selected image.
8. Select the required account from the drop-down list and click Next.
9. Review the information on the Review screen and click Submit Request.
You’ll receive an email notification confirming that your application has been
installed.
10. On the Confirmation screen, after your request is confirmed, to create an instance,
click Start Compute Console.
11. On the General page of the Create Instance wizard, select or enter the following
information:
– If you specify a name in the Create Instance wizard, then the full name of the
instance would be in the format, /Compute-identity_domain/user/
name_you_specify/id.
– If you don’t specify a name in the wizard, then the full name would be in the
format, /Compute-identity_domain/user/id.
In either case, id is an autogenerated ID.
Examples of Instance Names:
– When a name (vm1 in this case) is specified in the Create Instance wizard:
/Compute-myDomain/jack/vm1/300a7479-ec90-4826-98b9-
a725662628f1
• The image field contains the name of the machine image that you selected.
Verify that this is the image you want to use. If you want to use another image,
click Cancel to exit the Create Instance wizard. Go back to Oracle Marketplace
to select another image.
• Select a shape.
The shape specifies the CPU and memory resources to be allocated to the
instance. See About Machine Images and Shapes.
• Specify one or more tags to help you identify and categorize the instance.
• In the Custom Attributes field, enter any additional attributes that you want to
store on the instance. This field allows you to customize your instance by
providing additional information specific to each instance. You can enter
arbitrary key-value pairs in plain text. The text you enter here must be in JSON
format. This information is stored as user data on your instance.
If you’re creating a Windows instance, you must specify the following required
attributes:
{
"enable_rdp": true,
"administrator_password": "Specify_password_here"
}
Note:
Solaris machine images don’t include the opc-init scripts. So you can’t use
opc-init to automate instance configuration of Solaris instances.
After the instance is created, the attributes that you specify here are available
within the instance at http://192.0.0.192/latest/user-data. For
information about retrieving user data, see Retrieving User-Defined Instance
Attributes.
• If you want to be able to delete and re-create the instance after the instance is
created, then select Manage Instance Using an Orchestration. When the
instance is created, an orchestration is automatically created for it. For more
information about orchestrations, see About Orchestrations.
If you select Manage Instance Using an Orchestration, then enter a name, label,
and description for the orchestration and select a high availability (HA) policy.
See About High-Availability Policies in an Orchestration.
• If you want to connect to this instance over the Internet, then select an
autogenerated public IP address, or select an IP address from the Persistent
Public IP Reservation list.
If you select an autogenerated public IP address, the IP address persists while
the instance is running, but will change if you delete the instance and create it
again later. See About Public IP Addresses.
• If you want to connect to this instance from the public Internet by using SSH,
select Configure Instance for Public SSH Access.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
Alternatively, you can add this instance to one or more security lists. You can
then control access to this instance by creating security rules that use the
specified security lists as a source or destination.
If you select Add Instance to Security Lists and don’t select any security lists,
then the instance is added automatically to the default security list, default/
default.
For more information about configuring network settings for your instance, see
About Network Settings.
13. On the Storage page, to specify a bootable storage volume, do either of the
following:
c. The size is set automatically to accommodate the disk size that’s specified in
the image that you selected earlier. If you want a larger boot disk than that
specified in the image, then enter a larger size.
Note:
The web console might show other storage properties. But don’t select any of
them.
14. To attach data volumes to your instance, on the Storage page, do the following:
a. Select all the storage volumes that you want to attach in the Available Storage
Volumes list, and move them to the Selected Storage Volumes list.
b. If you select multiple storage volumes to attach, you can use the arrows next to
the Available Storage Volumes list to change the order of the storage volumes
in the Selected Storage Volumes list. The order that you specify here
determines the sequence in which the storage volumes are attached as virtual
disks to your instance.
15. On the SSH Public Keys page, select the keys that you want to associate with this
instance from the Available SSH Public Keys list, and move them to the Selected
SSH Public Keys list.
Alternatively, to add a new SSH public key, select Add New SSH Public Key,
enter a name for the SSH public key, and paste the public key in the Value field.
Important:
Paste the key value exactly as it was generated. Don’t append or insert any
spaces, characters, or line breaks.
Tip:
The keys that you specify are stored as metadata on the instance. This
metadata can be accessed from within the instance at http://
192.0.0.192/{version}/meta-data/public-keys/{index}/
openssh-key.
• In images that you build, you can write and include a script that runs
automatically when the instance starts, retrieves the SSH public keys, and
adds the keys to the authorized_keys file of the appropriate users.
16. On the Review page, verify the information that you’ve entered, and then click
Create.
• When you create an instance, the initial status is Preparing. Oracle Compute
Cloud Service allocates resources and prepares to create the instance.
• While the specified image is being installed, the state changes to Initializing.
• After the image is installed and the instance starts, the status changes to
Running.
When an instance is in the Running status, you can connect to it. You can also
attach or detach storage volumes and security lists.
Note:
If you use an orchestration to create an instance, you can control the status of
the instance through its orchestration. For example, you can create or delete an
instance by starting or stopping its orchestration. See About Orchestrations.
See Also:
Topics
shape required The name of the shape that defines the number of CPUs and
the RAM that you require for the instance.
tags optional A JSON array or list of strings used to tag the instance.
By assigning a human-friendly tag to an instance, you can
identify the instance easily when you perform an instance
listing. These tags aren’t available from within the instance.
{
"enable_rdp": true,
"administrator_password":
"Specify_password_here"
}
Note:
Solaris machine images don’t
include the opc-init scripts. So
you can’t use opc-init to
automate instance configuration
of Solaris instances.
reverse_dns optional If set to true (default), then reverse DNS records are
created.
If set to false, no reverse DNS records are created.
networking optional This parameter can contain any or all of the following sub-
parameters:
• seclists: The security lists that you want to add the
instance to.
For each security list, specify the three-part name in
the /Compute-identity_domain/user/
object_name format. You can attach an instance to a
maximum of five security lists. If you launch an instance
without specifying any security list, the instance is
assigned to the /Compute-identity_domain/
default/default security list.
• nat: Indicates whether a temporary or permanent
public IP address should be assigned to the instance.
– To associate a temporary IP address with the
instance for use during the lifetime of the instance,
specify ippool:/oracle/public/ippool.
– To associate a persistent IP address, specify
ipreservation:ipreservation_name, where
ipreservation_name is the three-part name of an
existing IP reservation in the /Compute-
identity_domain/user/object_name format.
If nat is not specified, then no public IP address is
associated with your instance when it is created. If
required, you can associate an IP address with the
instance after the instance has been created.
• dns: DNS name for this instance.
This name is relative to the internal DNS domain.
• model: The type of network interface card (NIC). The
only allowed value is e1000.
sshkeys optional A list of the SSH public keys that you want to associate with
the instance.
Note:
You don’t need to provide any
SSH public keys if you’re
creating a Windows instance,
because you can’t access a
Windows instance using SSH.
To access a Windows instance,
see Accessing a Windows
Instance Using RDP.
Listing Instances
After creating instances in Oracle Compute Cloud Service, you can view a list of your
instances using the web console.
To complete this task, you must have the Compute_Monitor or
Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then
ask your system administrator to ensure that the role is assigned to you in Oracle
Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle
Cloud.
4. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
Your instances are listed on the Instances page. For each instance, you can view details
including the label, the current status, the attached storage volumes, and the public
and private IP addresses associated with it.
To list your instances using the API, use the GET /instance/container method.
For more information, see REST API for Oracle Compute Cloud Service.
Monitoring Instances
After creating instances in Oracle Compute Cloud Service, you can view a list of your
instances and get details of each instance.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. The Instances page shows a list of instances, along with information about each
instance.
Tip:
You can filter the list of instances according to their category or status. To list
instances with a specific status (such as running, error, or stopped), click the
Show menu and select the appropriate filter. To view instances of a specific
category (such as PaaS, IaaS, or personal), click the Category menu and select
the appropriate filter.
3. Go to the instance that you want to view. From the menu, select View.
The instance details page shows all the details of the selected instance, such as the
public and private IP addresses, and the storage volumes, security lists, and SSH
keys associated with it. You can add or remove storage volumes and security lists
from this page. For more information, see Updating an Instance.
To view details of an instance using the API, use the GET /instance/name method.
For more information, see REST API for Oracle Compute Cloud Service.
Logging In to an Instance
After you’ve associated a public IP address with your instance, you can log in to the
instance.
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site, you can
use the private IP address of your instance to connect to the instance. To set up a VPN
tunnel, see Connecting to Oracle Compute Cloud Service Instances Using VPN.
To connect to your Oracle-provided Oracle Linux instance using ssh, see Accessing an
Oracle Linux Instance Using SSH.
Note:
To connect to your Oracle Solaris instance using ssh, see Accessing an Oracle Solaris
Instance Using SSH.
To connect to your Windows instance using an RDP connection, see Accessing a
Windows Instance Using RDP.
Note:
2007-10-10
2007-12-15
2008-02-01
2009-04-04
Tip:
New metadata versions may be released in the future. Metadata versions may
not be backward compatible. So use metadata from a specific version (for
example, from http://192.0.0.192/2008-02-01/) and not from
http://192.0.0.192/latest/.
For the steps to retrieve the predefined instance metadata, see Retrieving Predefined
Instance Metadata.
User-Defined Instance Attributes
User-defined attributes are key-value pairs that you can specify in the attributes
parameter of machine images, image-list entries, and instance launch plans.
When you create instances, all the attributes that are specified in the attributes
parameter in the orchestration or launch plan, machine image, and image list entry
that are used to create your instances are stored on those instances. If an attribute in an
image-list entry has the same name as an attribute in the machine image
corresponding to that image-list entry, then the attribute in the image-list entry
overrides the attribute in the machine image. Similarly, if an attribute in a launch plan
has the same name as an attribute in an image-list entry or a machine image, then the
attribute in the launch plan takes precedence.
User-defined instance attributes are stored within the instance at http://
192.0.0.192/latest/user-data. For the steps to retrieve these attributes, see
Retrieving User-Defined Instance Attributes.
The following are a few sample use cases for user-defined instance attributes:
• If you want identical user data to be available on a set of instances, then specify the
required user data in the machine image or image list entry that you'll use to create
the instances. For example, you might require a certain pre-bootstrap script to be
executed or specific applications to be installed on all instances that use a particular
image. By specifying this script as user data in the machine image or the image list
entry, you ensure that every instance that’s created with that image has the
specified user data.
• If each instance should have unique user data, use an orchestration to provide
specific user data for each instance. This is useful if, for example, you want to
specify a unique user name and password, or inject a unique SSH public key into
each instance.
2. Get a list of the available metadata versions by running the following command:
curl http://192.0.0.192
Note:
The cURL commands provided in this document are for Linux and Oracle
Solaris instances. On Windows instances, go to the PowerShell, and use the
Invoke-RestMethod command instead of cURL.
3. From the list of versions displayed, select the version that you want to use.
curl http://192.0.0.192/{version}/meta-data
In this command, replace {version} with the version that you identified in the
previous step.
Example:
curl http://192.0.0.192/2007-08-29/meta-data
5. Retrieve the specific metadata that you want, by running one of the following
command examples:
Note:
When you run these commands, replace 2007-08-29 with the metadata
version that you want to use.
• To retrieve information about the memory and CPU resources of the instance:
curl http://192.0.0.192/2007-08-29/meta-data/instance-type
7680 ram, 2.0 cpus
• To find out how many SSH public keys are stored on the instance:
curl http://192.0.0.192/2007-08-29/meta-data/public-keys
0
1
2
In this example, three SSH public keys are stored as metadata, with index
numbers 0, 1, and 2.
2. Get a list of all the top-level attributes that are specified for the instance, by running
the following command:
curl http://192.0.0.192/latest/user-data
Note:
The cURL commands provided in this document are for Linux and Oracle
Solaris instances. On Windows instances, go to the PowerShell, and use the
Invoke-RestMethod command instead of cURL.
In this example, the output shows that the instance has two top-level user-defined
attributes: pre-bootstrap and packages.
curl http://192.0.0.192/latest/user-data/{topLevelAttribute}
Example:
curl http://192.0.0.192/latest/user-data/pre-bootstrap
The following sample output indicates that two attributes are specified under the
pre-bootstrap attribute:
failonerror
scriptURL
4. Run the same command for successive levels of attributes until you get the
required attribute value, as shown in the following example:
curl http://192.0.0.192/latest/user-data/pre-bootstrap/failonerror
true
Create an image list containing two entries, both for the same machine image, but one
entry with the attribute {"role":"manager"} and the other with the attribute
{"role":"worker"} in the attributes field. To create an image list entry using
the API, use the POST /imagelist/name/entry method. See REST API for Oracle
Compute Cloud Service
In the launch plan that you use to provision the instances in the distributed system,
define a number of worker instances that use the image list entry with the
{"role":"worker"} attribute, and define a manager instance that uses the image
list entry with the {"role":"manager"} attribute.
After the instances are created, the software running on each instance can determine
the role that the instance should play based on the value of the role attribute stored
at http://192.0.0.192/version/user-data.
Updating an Instance
Topics
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have created the storage volume that you want to attach to your instance.
See Creating a Storage Volume.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. On the Instances page, identify the instance to which you want to attach a storage
volume. From the menu, select View.
5. The Attach as Disk # field is filled automatically with the next available index at
which the volume can be attached. You can leave this field at the automatically
selected disk number or enter a higher number up to 10.
The disk number that you specify here determines the device name. The disk
attached at index 1 is named /dev/xvdb, the disk at index 2 is /dev/xvdc, the
disk at index 3 is /dev/xvdd, and so on.
Make a note of the disk number. You’ll need it later when you mount the storage
volume on the instance.
6. Click Attach.
You can also attach a storage volume to a running instance from the Storage page. See
Attaching a Storage Volume to an Instance.
To attach a storage volume to an instance using the API, you must add a storage
attachment object by using the POST /storage/attachment method. See REST
API for Oracle Compute Cloud Service.
After attaching a storage volume to an instance, to access the block storage, you must
mount the storage volume on your instance. See Mounting a Storage Volume on a
Linux Instance.
After you detach a storage volume from an instance, you can no longer read from or
write data to the storage volume, unless you attach the volume to any instance.
Note:
You can’t detach or delete a storage volume that was attached while creating
an instance.
If you’re sure that a storage volume is no longer required, then back up the
data elsewhere and delete the storage volume.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that you’ve unmounted the storage volume that you want to detach. See
Unmounting a Storage Volume from a Linux Instance.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. On the Instances page, identify the instance that you want to update. From the
menu, select View.
3. On the instance details page, identify the storage volume that you want to detach.
From the menu, select Detach Storage Volume.
To detach a storage volume from an instance using the API, you must remove a
storage attachment object, by using the DELETE /storage/attachment/name
method. For more information, see REST API for Oracle Compute Cloud Service.
Internally, an instance is associated with security lists by using the instance’s vcable,
which provides an attachment point to a specific network interface on the instance.
You can dynamically add or remove an instance from a security list, without stopping
the instance.
You can add an instance to up to five security lists.
Caution:
When you add an instance to a security list, all the security rules that use that
security list—as either the source or destination—are applicable to the
instance. Consider a security list that is the destination in two security rules,
one rule that allows SSH access from the public Internet and another rule
permitting HTTPS traffic from the public Internet. When you add an instance
to this security list, the instance is accessible from the public Internet over both
SSH and HTTPS. Keep this in mind when you decide the security lists that you
want to add an instance to.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have created the security list that you want to add your instance to. See
Creating a Security List.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. On the Instances page, identify the instance that you want to update. From the
menu, select View.
4. Select the security list that you want to add your instance to, and click Attach.
To add an instance to a security list using the API, you must first find out the vcable
ID of the instance. To find out the vcable ID of an instance using the API, use the
GET /instance/name method. Next, to create an association between the vcable ID
and the security list, use the POST /secassociation/ method and specify the
vcable ID. See REST API for Oracle Compute Cloud Service.
Note:
When an instance is deleted and re-created, any security lists to which you
had added the instance manually (that is, not during instance creation), must
be associated again.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
Internally, an instance is associated with security lists by using the instance’s vcable.
When you add an instance to a security list, a security association is created between
the vcable and the specified security list. To remove an instance from a security list,
you must delete the security association that binds the instance to the security list.
Note:
When you remove an instance from a security list, the security rules that are
defined for the security list are no longer applicable to the instance, and the
instance can’t communicate with other instances in the security list. An
instance that isn’t associated with any security list is completely inaccessible.
When an instance that you had previously removed from the /default/
default security list is re-created, you must remove the instance from the
security list again after the instance is re-created.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. On the Instances page, identify the instance that you want to update. From the
menu, select View.
3. On the instance details page, go to the security list that you want to remove your
instance from. From the menu, select Remove from Security List.
To remove an instance from a security list using the API, you must remove a security
association, by using the DELETE /secassociation/name method. See REST API
for Oracle Compute Cloud Service.
Note:
If your instance uses a bootable storage volume and you want to clone the
storage volume, see Cloning a Storage Volume by Using Storage Volume
Snapshots.
When your instance is running, customize your instance as required, by adding users,
or installing and configuring applications. These changes are stored on your
nonpersistent boot disk.
When you’re done customizing your instance, to use the instance as a template to
create other instances, create an instance snapshot. Instance snapshots capture the
current state of your boot disk and create a corresponding machine image, which is
uploaded to your Oracle Storage Cloud Service account. You can then register this
machine image with your Oracle Compute Cloud Service account and use it to create
instances. These instances will contain all the configuration and customization that
you’d done on the original instance when you took the snapshot.
When you create an instance using a nonpersistent boot disk, if you want to delete the
instance, then using instance snapshots also allows you to preserve the changes you’ve
made to your instance before you delete the instance. Later on, you can use this
machine image to create another instance identical to the one you deleted.
Topics
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
Note:
Instance snapshots capture the state of your nonpersistent boot disk. You can’t
create an instance snapshot if your instance uses a bootable storage volume.
To create a snapshot of a storage volume, see Cloning a Storage Volume by
Using Storage Volume Snapshots.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Go to the instance that you want to create a snapshot of. From the menu, select
Create Snapshot.
Alternatively, you can also create an instance snapshot from the instance details
page.
a. On the Instances page, go to the instance that you want to create a snapshot of,
and from the menu, select View.
b. On the instance details page, go to the Instance Snapshots section and click
Create Snapshot.
An instance snapshot is generated and it creates a custom image. While the image
is being created, the instance details page shows the state of the instance snapshot
as Active. When the image has been created and is available in your Oracle
Storage Cloud Service account, the state of the instance snapshot changes to
Complete. Next, to register this image, see Registering the Image Generated by an
Instance Snapshot.
To create an instance snapshot using the API, use the POST /snapshot/ method.
The image created by an instance snapshot is stored in your Oracle Storage Cloud
Service account. Before you can use this image to create an instance, you must register
this image in your Oracle Compute Cloud Service account.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
1. Go to the Oracle Compute Cloud Service console:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the snapshot that you want to use. From the menu, select Associate
Image.
Alternatively, you can also register a snapshot from the instance details page.
• On the Instances page, go to the instance that you want to clone. From the
menu, select View.
After you’ve registered the image generated by an instance snapshot, the machine
image is added to the list of custom images on your Private Images page. To create an
instance using this machine image, see Creating an Instance Using a Custom Machine
Image.
After an instance snapshot has completed creating a machine image of an instance, the
instance snapshot record on the web console only provides information about when a
machine image was created from a given instance. You can also view the
autogenerated name of an instance snapshot, which helps to identify the
corresponding machine image file in you Oracle Storage Cloud Service account. If you
don’t require this information for record-keeping purposes, you can delete the
instance snapshot. Deleting an instance snapshot has no impact on the machine image
file stored in your Oracle Storage Cloud Service account, or on the private image that
you might have registered in your Oracle Compute Cloud Service account.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
To delete an instance snapshot:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Go to the instance that you want to view. From the menu, select View.
3. On the instance details page, in the Instance Snapshots section, go to the instance
snapshot that you want to delete. From the menu, click Delete.
To delete an instance snapshot using the API, use the DELETE /snapshot/ method.
Restarting an Instance
When your instance is running, if required, you can log in to your instance and restart
it.
Topics
1. Log in to the instance using ssh. See Accessing an Oracle Linux Instance Using
SSH.
Caution:
Don’t use the -h option of the shutdown command . If you stop an instance by
using the -h option of the shutdown command or by using the halt
command, you can’t restart the instance. The status of the instance on the web
console doesn’t get updated to Stopped. It continues to show the status of the
instance as Running. If you used an orchestration to create the instance, the
status of the orchestration continues to show as Ready. You’ll have to delete
the instance and create it again. To shut down and delete an Oracle Linux
instance, see Deleting an Instance or Stopping an Orchestration.
1. Log in to the instance using ssh. See Accessing an Oracle Solaris Instance Using
SSH.
su -
• reboot
• init 6
To check whether the instance has been rebooted, try connecting to it using ssh.
Until the instance is up again, the No route to host error is displayed.
Note:
3. Click the power button at the top right corner and select Restart.
Caution:
Don’t use the Shutdown option to stop your Windows instance. If you do,
you can’t restart that instance. The status of the instance on the web console
doesn’t get updated to Stopped. It continues to show the status of the instance
as Running. If you used an orchestration to create the instance, the status of
the orchestration continues to show as Ready. You’ll have to delete the
instance and create it again. To shut down and delete a Windows instance, see
Deleting an Instance or Stopping an Orchestration.
Deleting an Instance
When you delete an instance, its status changes to stopping. After the instance is
shut down, it is deleted.
Caution:
When you delete an instance that uses a nonpersistent boot disk, any changes
you may have made to the boot disk after the instance was created are lost.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that you didn’t create the instance with the HA policy set to active. If the
HA policy is set to active, then when the instance is deleted, it is re-created
automatically. To delete such an instance, you must stop the orchestration. See
Stopping an Orchestration.
• Any storage volumes that are attached to an instance are detached (but not deleted)
when you delete the instance. You must unmount attached storage volumes before
deleting an instance. See Unmounting a Storage Volume from a Linux Instance.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. On the Instances page, identify the instance that you want to delete. From the
menu, select Delete.
When you delete an instance, its status changes to stopping. After the instance is
shut down, it is deleted.
To delete an instance using the API, use the DELETE /instance/name method. See
REST API for Oracle Compute Cloud Service.
If you created an instance using an orchestration, then you can delete the instance by
stopping the orchestration. See Stopping an Orchestration.
Checking Whether the SSL Key and Certificate of the IPS Publisher Are
Associated
• If the SSL Key and SSL Cert fields have values and if the certificate hasn’t
expired yet (see the Cert. Expiration Date) field, as shown in the
following example, then proceed to Updating Packages.
Publisher: solaris
Alias:
Origin URI: https://pkg.oracle.com/solaris/support/
SSL Key: /var/pkg/ssl/0ea8b04aa00e4ea1621aa66cab649778b67ef486
SSL Cert: /var/pkg/ssl/66aac7c266473f285641fef2b8e6817248cb7f4e
Cert. Effective Date: March 27, 2016 09:10:48 AM
Cert. Expiration Date: April 4, 2018 09:10:48 AM
Client UUID: 0717ae7e-bb12-11e5-9a62-9bd968ceffe9
Catalog Updated: March 24, 2016 03:53:33 PM
Enabled: Yes
• If the SSL Key and SSL Cert fields show None, or if they show a value but
the certificate has expired, then complete the steps in Associating the SSL Key
and Certificate for the IPS Publisher.
Associating the SSL Key and Certificate for the IPS Publisher
You must complete the steps in this section if the pkg publisher solaris
command shows that the SSL key and certificate are not associated, or if the command
shows that the certificate is associated but has expired.
1. Go to https://pkg-register.oracle.com/.
3. On the Available Repositories page, look for the Oracle Solaris 11 Support row,
and click Request Access.
6. Copy the key and certificate to from your local host to your Oracle Solaris
instance:
scp pkg.oracle.com.*.pem opc@ip_address:~
Here, ip_address is the public IP address of your Oracle Solaris instance. This
command copies
pkg.oracle.com.key.pem and pkg.oracle.com.certificate.pem from
your local host to the /export/home/opc directory of your Oracle Solaris
instance.
Updating Packages
1. Verify that the SSL key and certificate are set for the IPS publisher.
See Checking Whether the SSL Key and Certificate of the IPS Publisher Are
Associated.
ITEMS
Removing old actions 732/732
Installing new actions 1317/1317
Updating modified actions 7658/7658
Updating package state database Done
Updating package cache 154/154
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
---------------------------------------------------------------
NOTE: Please review release notes posted at:
https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------
4. In the output, note the name of the new boot environment (BE), solaris-1 in
this example.
• The currently active solaris BE, indicated by the N (=active now) flag
6. For the new BE to take effect, restart the instance. See Restarting an Oracle Solaris
Instance.
Topics
• About Orchestrations
• Orchestration Templates
• Attributes in Orchestrations
• Uploading an Orchestration
• Starting an Orchestration
• Monitoring Orchestrations
• Stopping an Orchestration
• Downloading an Orchestration
• Updating an Orchestration
• Deleting an Orchestration
About Orchestrations
Topics
• What Is an Orchestration?
• Orchestration Terminology
What Is an Orchestration?
An orchestration defines the attributes and interdependencies of a collection of
compute, networking, and storage resources in Oracle Compute Cloud Service. You
can use orchestrations to automate the provisioning and lifecycle operations of an
entire virtual compute topology.
For example, you can use orchestrations to create and manage a collection of instances
hosting a multitiered application stack with all the necessary networking, storage, and
security settings.
At any time, you can delete and re-create all the instances in an orchestration just by
stopping and restarting the orchestration. Storage attachments, security lists, and so on
are re-associated automatically. When the HA policy in an orchestration is set to
active, if an instance in such an orchestration goes down, the instance is re-created
automatically.
Note that networking and storage objects needn’t be defined in the same
orchestrations that you use to create instances. You can define the networking and
storage objects in separate orchestrations, and then refer to them in the orchestrations
that define the instances. With this approach, you can remove and re-create instances
independent of the associated resources.
To create instances using orchestrations, you build an orchestration in a JSON-
formatted file, upload it to Oracle Compute Cloud Service, and then start the
orchestration. For a simple example of an orchestration file that you can use to learn
how to build your first orchestration, see Building Your First Orchestration. But before
that, do read the remainder of this topic and become familiar with the features,
terminology, and concepts of orchestrations.
Orchestration Terminology
Term Description
object plan (oplan) An object plan, or oplan, is the primary building block of an
orchestration.
Each oplan contains all the attributes for the object type defined
in that oplan.
An orchestration can contain up to 10 object plans, and each
oplan can include up to 10 objects.
object type (obj_type) An object type refers to the Oracle Compute Cloud Service
resource that you want to create.
For example, if you want to create a storage volume, the
obj_type would be storage/volume. If you want to create an
instance, the obj_type would be launchplan.
See Object Types in an Orchestration.
Term Description
For information about the attributes of each object type, see Attributes in
Orchestrations.
Object Types in an Orchestration
In an orchestration, you can define any of the following object types:
An orchestration can contain up to 10 object plans, and each oplan can contain up to
10 objects.
An orchestration can also contain up to three levels of nested orchestrations. So you
can use a single orchestration to manage many individual components. See About
Nested Orchestrations.
Relationships Between Object Plans
You can use the relationships attribute in an orchestration to specify the sequence
in which the objects in the orchestration must be created.
The relationships attribute specifies the two objects that have a relationship,
identified by their oplan labels. It also specifies the relationship type, which is set to
depends.
For example, if you define a storage volume in an orchestration and you also define an
instance that the storage volume is attached to, then in the relationships section of
the orchestration, you can specify that the launchplan object plan depends on the
storage/volume object plan. This ensures that the storage volume is created before
the instance is created.
So if you define a storage volume in an orchestration with the oplan label
storagevolume1, and a launch plan with the oplan label boot-from-
storagevolume1, then define the relationship between these objects as follows:
"relationships": [
{
"oplan": "boot-from-storagevolume1",
"to_oplan": "storagevolume1",
"type": "depends"
}
]
The type attribute under relationships in a launch plan can have one of the
following values:
• same_node: The specified instances are created on the same physical server. This
is useful if you want to ensure low latency across instances.
• /Compute-acme/[email protected]/instances_orch: An
orchestration that defines multiple instances.
• /Compute-acme/[email protected]/networking_orch: An
orchestration that defines networking objects such as security lists and security
rules.
• /Compute-acme/[email protected]/storage_orch: An
orchestration that defines storage volumes.
You can synchronize the management of all the resources defined in these
orchestrations, through the following master orchestration:
{
"name": "/Compute-acme/[email protected]/master_orch",
"oplans": [
{
"label" : "master-orchestration",
"obj_type" : "orchestration",
"objects": [
{
"name": "/Compute-acme/[email protected]/instances_orch"
},
{
"name": "/Compute-acme/[email protected]/networking_orch"
},
{
"name": "/Compute-acme/[email protected]/storage_orch"
}
]
}
]
}
When you start the master orchestration, all of the nested orchestrations are started.
Note that when you add a master orchestration to Oracle Compute Cloud Service, the
nested orchestrations are not added automatically. You must add each of the nested
and master orchestrations separately.
Depending on the nature of the orchestrations, you might also need to define
relationships between the different orchestration object plans in the master
orchestration, to ensure that the objects defined in the various orchestrations are
created in the appropriate sequence.
For example, to ensure that your network and storage resources are created before the
orchestration that defines the instances is started, you can create a master
orchestration with relationships defined as follows:
{
"name": "/Compute-acme/[email protected]/master_orch",
"oplans": [
{
"label": "instances-orchestration",
"obj_type": "orchestration",
"objects": [
{
"name": "/Compute-acme/[email protected]/instances_orch"
}
]
},
{
"label": "network-orchestration",
"obj_type": "orchestration",
"objects": [
{
"name": "/Compute-acme/[email protected]/networking_orch"
}
]
},
{
"label": "storage-orchestration",
"obj_type": "orchestration",
"objects": [
{
"name": "/Compute-acme/[email protected]/storage_orch"
}
]
}
],
"relationships": [
{
"oplan": "instances-orchestration",
"to_oplan": "network-orchestration",
"type": "depends"
},
{
"oplan": "instances-orchestration",
"to_oplan": "storage-orchestration",
"type": "depends"
}
]
You can stop and restart the sub-orchestrations individually as required. When you
stop the master orchestration, all the nested orchestrations are stopped, and the objects
created by those orchestrations are deleted.
If you delete the master orchestration, the nested orchestrations and the objects
defined in them aren’t deleted.
An orchestration can contain up to three levels of nested objects.
About High-Availability Policies in an Orchestration
You can specify a high availability (HA) policy in the ha_policy attribute of an
orchestration, to specify the behavior when an object stops unexpectedly.
You can specify one of following HA policies:
• active
You can specify this policy only for instances, that is, only for objects of type
launchplan.
When the HA policy for an instance is set to active, if the instance stops
unexpectedly, it is re-created automatically. Note, however, that the instance is re-
created automatically only if the orchestration was in the Ready state and the
instance was running without an error. If an instance is in an error state, it isn’t re-
created automatically.
• monitor
You can specify this policy only for instances, storage volumes, and orchestrations,
that is, for objects of type launchplan, storage/volume, and orchestration.
When the HA policy for an object is set to monitor, if the object goes to an error
state or stops unexpectedly, the orchestration changes to the Error state.
However, the object isn’t re-created automatically.
You can’t specify an HA policy for any objects other than instances, storage volumes,
and orchestrations. Attempting to do so results in an error. Also, if you don’t specify
an HA policy for instances, storage volumes, or orchestrations explicitly, then no HA
policy is applied. That is, the policy is set to none by default.
Orchestration Templates
The following sample JSON file illustrates the high-level structure of an orchestration.
For templates for individual object types, see Orchestration Templates for Each Object
Type.
The orchestration templates provided here might not illustrate the use of all the
attributes of each object. For a complete list of attributes and their description, see
Attributes in Orchestrations. To get started with building an orchestration, see
Building Your First Orchestration.
Note:
These orchestration templates use placeholder text for object names, labels,
and other user-specific values. When you use these templates to build your
orchestration, remember to replace placeholder values with values specific to
your environment.
{
"description": "someDescriptionHere",
"name": "/Compute-identity_domain/user/name",
"relationships: [see Relationships Between Object Plans],
"oplans": [
{
"label": "someText",
"obj_type": "objectType", (see Object Types in an Orchestration)
"ha_policy: "policy", (see About High-Availability Policies in an Orchestration)
"objects": [
{
attributes (see Attributes in Orchestrations)
}
]
},
{
"label": "someText",
"obj_type": "objectType", (see Object Types in an Orchestration)
"objects": [
{
attributes (see Attributes in Orchestrations)
}
]
},
.
. up to 10 oplans
.
]
}
"oplans": [
{
"label": "My orchestration",
"obj_type": "orchestration",
"objects": [
<Define your objects here. See Orchestration Templates for Each Object Type.>
]
}
]
{
"label": "My IP reservations",
"obj_type": "ip/reservation",
"objects": [
{
"name": "/Compute-acme/[email protected]/ipres1",
"parentpool": "/oracle/public/ippool",
"permanent": true
},
{
"name": "/Compute-acme/[email protected]/ipres2",
"parentpool": "/oracle/public/ippool",
"permanent": true
}
<Define other IP reservations here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
{
"label": "My instances",
"obj_type": "launchplan",
"objects": [
{
"instances": [
{
<Define your instance here. See Orchestration Template for Instances.>
}
<Define other instances here.>
]
}
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
"objects": [
{
"instances": [
{
"shape": "oc3",
"boot_order": [1],
"label": "vm-1",
"networking": {
"eth0": {
"seclists": ["/Compute-acme/[email protected]/
wlsadmin_seclist"],
"nat": "ipreservation:/Compute-acme/[email protected]/
ipres1"
}
},
"sshkeys": ["/Compute-acme/[email protected]/key1"],
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-acme/[email protected]/boot"
}
]
}
<Define other instances here.>
]
}
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
{
"label": "My orchestration",
"obj_type": "orchestration",
"objects": [
{
"name": "/Compute-acme/[email protected]/myInstances"
},
{
"name": "/Compute-acme/[email protected]/myStorageVolumes"
}
<Add names of other nested orchestrations here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
{
"label": "My security applications",
"obj_type": "secapplication",
"objects": [
{
"name": "/Compute-acme/[email protected]/wlsadmin_ssl",
"dport": 7002,
"protocol": "tcp"
}
<Define other security applications here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
{
"label": "admin-ip-list",
"obj_type": "seciplist",
"objects": [
{
"name": "/Compute-acme/[email protected]/admin_ips",
"secipentries": ["203.0.113.0/30"]
}
<Define other security IP lists here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
{
"label": "admin-seclists",
"obj_type": "seclist",
"objects": [
{
"name": "/Compute-acme/[email protected]/sysadmin_seclist"
},
{
"name": "/Compute-acme/[email protected]/wlsadmin_seclist"
}
<Define other security lists here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
{
"label": "My security rules",
"obj_type": "secrule",
"objects": [
{
"name": "/Compute-acme/[email protected]/
admin_ssh_to_sysadmin_rule",
"application": "/oracle/public/ssh",
"src_list": "seciplist:/Compute-acme/[email protected]/admin_ips",
"dst_list": "seclist:/Compute-acme/[email protected]/
sysadmin_seclist",
"action": "PERMIT"
},
{
"name": "/Compute-acme/[email protected]/dbadmin_ssh_to_db_rule",
"application": "/oracle/public/ssh",
"src_list": "seclist:/Compute-acme/[email protected]/
dbadmin_seclist",
"dst_list": "seclist:/Compute-acme/[email protected]/db_seclist",
"action": "PERMIT"
}
<Define other security rules here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
Note:
{
<Define the top-level attributes of your orchestration here. See Template for Top-Level
Attributes of an Orchestration.>
"oplans": [
{
"label": "My storage volumes",
"obj_type": "storage/volume",
"objects": [
{
"name": "/Compute-acme/[email protected]/boot",
"bootable": true,
"imagelist": "/oracle/public/oel_6.6_20GB_x11_RD",
"properties": ["/oracle/public/storage/default"],
"size": "22548578304"
},
{
"name": "/Compute-acme/[email protected]/data",
"properties": ["/oracle/public/storage/latency"],
"size": "32212254720"
}
<Define other storage volumes here.>
]
}
<Define other objects here. See Orchestration Templates for Each Object Type.>
]
<Define other oplans here. See Orchestration Template for oplans.>
}
3. To create the objects defined in the orchestration, start the orchestration. See
Starting an Orchestration.
4. To delete the objects defined in the orchestration, stop the orchestration. See
Stopping an Orchestration.
• Create the security, storage, and networking resources that you plan to reference in
your orchestration.
These tasks require the Compute_Operations role. If this role isn’t assigned to
you or you’re not sure, then ask your system administrator to ensure that the role is
assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
– If you want to create a Linux instance with SSH access enabled, upload your
SSH public keys to Oracle Compute Cloud Service. See Adding an SSH Public
Key.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH.
– If you want your instances to boot from a persistent storage disk, create
bootable storage volumes. See Creating a Bootable Storage Volume.
– Create storage volumes for the data and applications that you plan to deploy on
your instances. See Creating a Storage Volume. When you create the storage
volumes, don’t attach them to any existing instance. You’ll specify the storage
volumes later in the orchestration.
– If you want your instances to have fixed public IP addresses, then create the
required IP reservation. See Reserving a Public IP Address.
},
{
"index": 2,
"volume": "/Compute-acme/[email protected]/data1"
}
],
"boot_order": [1],
"sshkeys": [
"/Compute-acme/[email protected]/ssh-key1"
]
}
]
}
]
}
]
}
• Defines an instance with the label OL_6.6_20GB, the oc3 shape, and using the /
oracle/public/ol_6.6_20GB image.
Note:
1. Copy the sample orchestration to a plain text file, and open the file in any text
editor.
3. Change the value of the imagelist attribute to any image that you want to use.
4. Under instances, change the value of the label attribute to any label that you
want.
If you want to attach the instance to more security lists, remember to enclose each
security-list name in double quotation marks and separate the security-list names
by using commas. See the following example:
"seclists": [
"/Compute-acme/[email protected]/my_instances",
"/Compute-acme/[email protected]/dev_instances",
"/Compute-acme/[email protected]/prod_instances"
]
7. Replace the oc3 shape with the shape that you want to use.
If you don’t want to attach any storage volume, then remove the following section
(and the comma preceding it) from the orchestration.
{
"index": 2,
"volume": "/Compute-acme/[email protected]/data1"
}
If you want to attach more storage volumes, then specify the index for the storage
attachment and the name of the storage volume as follows. Separate the storage
volume definitions using commas. See the following example:
{
"index": 2,
"volume": "/Compute-acme/[email protected]/admin/data1"
},
{
"index": 3,
"volume": "/Compute-acme/[email protected]/data2"
}
10. If you’re creating a Linux instance enabled for SSH access, replace the SSH key /
Compute-acme/[email protected]/ssh-key1 with a key that
you’ve created and added to Oracle Compute Cloud Service.
If you want to add more SSH keys, then enclose each key in double quotation
marks and separate the keys by using commas. See the following example:
"sshkeys": [
"/Compute-acme/[email protected]/ssh-key1",
"/Compute-acme/[email protected]/ssh-key2",
"/Compute-acme/[email protected]/ssh-key3"
]
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
You should also validate your JSON file. You can do this by using a third-party
tool, such as JSONLint, or any other validation tool of your choice. If your JSON
format isn’t valid, then an error message is displayed when you upload the
orchestration.
Note:
Attributes in Orchestrations
You specify attributes in orchestrations at several levels. At the highest level, you
specify certain attributes for the orchestration as a whole. Then, you specify attributes
for each object plan defined in the orchestration. Finally, there are attributes that are
specific to each object type.
• Top-level attributes
Top-level attributes contain the name and description of an orchestration, along
with other information such as the relationship between objects defined in the
orchestration, start and stop times for the orchestration, and the list of objects in the
orchestration. See Top-Level Orchestration Attributes. For a template of top-level
orchestration attributes, see Template for Top-Level Attributes of an Orchestration.
relationship optional The relationship between the objects that are created by
s this orchestration.
The only supported relationship type for orchestrations
is depends. The depends relationship type specifies
that one object must be instantiated first. For example,
you could define a storage volume in one oplan and
attach that storage volume to an instance in another
oplan. The second oplan would then depend on the
first.
schedule optional The start and stop dates and times, in ISO 8601 format.
You must specify the time zone as UTC.
• start_time
(Optional) Date and time when you want the
orchestration to start. For example, to start an
orchestration at noon on 6/21/2015, UTC, enter the
start time as 2015-06-21T12:00:00Z. Here Z
denotes UTC.
If you enter a start time that is earlier than the time
you upload the orchestration, then the orchestration
starts immediately.
• stop_time
(Optional) Date and time when you want the
orchestration to stop. For example, to stop an
orchestration at 11:59 p.m. on 12/31/2015, enter the
stop time as 2015–12–31T23:59:59Z. Here Z
denotes UTC.
The stop time must be at least 120 seconds after the
start time.
objects required The list of objects, depending on the type of object that
you’re creating, as defined in the obj_type attribute.
See Orchestration Attributes Specific to Each Object
Type
Note:
– Instance Attributes
Instance Attributes
Instances are an attribute of the launchplan object type. Instances have a number of
required and optional attributes. The following sample JSON shows some of the key
instance attributes. A description of each of the required and optional instance
attributes is provided in the table below.
shape required The name of the shape that defines the number of CPUs and
the RAM that you require for the instance.
tags optional A JSON array or list of strings used to tag the instance.
By assigning a human-friendly tag to an instance, you can
identify the instance easily when you perform an instance
listing. These tags aren’t available from within the instance.
{
"enable_rdp": true,
"administrator_password":
"Specify_password_here"
}
Note:
Solaris machine images don’t
include the opc-init scripts. So
you can’t use opc-init to
automate instance configuration
of Solaris instances.
reverse_dns optional If set to true (default), then reverse DNS records are
created.
If set to false, no reverse DNS records are created.
networking optional This parameter can contain any or all of the following sub-
parameters:
• seclists: The security lists that you want to add the
instance to.
For each security list, specify the three-part name in
the /Compute-identity_domain/user/
object_name format. You can attach an instance to a
maximum of five security lists. If you launch an instance
without specifying any security list, the instance is
assigned to the /Compute-identity_domain/
default/default security list.
• nat: Indicates whether a temporary or permanent
public IP address should be assigned to the instance.
– To associate a temporary IP address with the
instance for use during the lifetime of the instance,
specify ippool:/oracle/public/ippool.
– To associate a persistent IP address, specify
ipreservation:ipreservation_name, where
ipreservation_name is the three-part name of an
existing IP reservation in the /Compute-
identity_domain/user/object_name format.
If nat is not specified, then no public IP address is
associated with your instance when it is created. If
required, you can associate an IP address with the
instance after the instance has been created.
• dns: DNS name for this instance.
This name is relative to the internal DNS domain.
• model: The type of network interface card (NIC). The
only allowed value is e1000.
sshkeys optional A list of the SSH public keys that you want to associate with
the instance.
Note:
You don’t need to provide any
SSH public keys if you’re
creating a Windows instance,
because you can’t access a
Windows instance using SSH.
To access a Windows instance,
see Accessing a Windows
Instance Using RDP.
policy optional The policy for inbound traffic to the security list. You can
specify one of the following values:
deny (default): Packets are dropped. No response is
sent.
reject: Packets are dropped, but a response is sent.
permit: Packets are allowed. This policy effectively
turns off the firewall for all instances in this security list.
outbound_cid optional The policy for outbound traffic from the security list. You
r_policy can specify one of the following values:
deny: Packets are dropped. No response is sent.
reject: Packets are dropped, but a response is sent.
permit (default): Packets are allowed.
size required The size of this storage volume. Use one of the
following abbreviations for the unit of measurement:
• B or b for bytes
• K or k for kilobytes
• M or m for megabytes
• G or g for gigabytes
• T or t for terabytes
For example, to create a volume of size 10 gigabytes,
you can specify 10G, or 10240M, or 10485760K, and
so on.
The allowed range is from 1 GB to 2 TB, in increments
of 1 GB.
tags optional Strings that you can use to tag the storage volume.
Uploading an Orchestration
To use an orchestration to control the provisioning and life cycle of resources in Oracle
Compute Cloud Service, you must define the orchestration in a JSON-format file and
then upload the orchestration to Oracle Compute Cloud Service.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have already created the orchestration file that you want to upload. See
Building Your First Orchestration.
You should also validate your JSON file. You can do this by using a third-party
tool, such as JSONLint, or any other validation tool of your choice. If your JSON
isn’t valid, then an error occurs when you upload the orchestration. Oracle doesn’t
support or endorse any third-party JSON-validation tool.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Click Upload Orchestration and select the orchestration file that you want to
upload.
To upload an orchestration using the API, use the POST /orchestration/ method.
For more information, see REST API for Oracle Compute Cloud Service.
To create the resources defined in your orchestration, see Starting an Orchestration.
starting
The orchestration is starting.
scheduled
A future start_time has been specified for the orchestration.
• When the current time is equal to or past the start_time value, then the state of
the orchestration changes to starting.
• To cancel a current schedule, stop the orchestration. The state of the orchestration
then changes to stopping.
ready
The orchestration is running.
• Note that, for any object where the HA policy isn’t specified or is set to none, you
can still update or delete the object using the web console or the API. In this case,
the orchestration continues to be in the ready state, even though some or all of the
objects created using that orchestration may have been deleted.
• For instances where the HA policy is set to active, if the orchestration is in the
ready state, you can update the instance using the web console or the API, but
you can’t delete the instance, because it is re-created automatically. To delete such
instances, you must stop the orchestration.
updating
The orchestration is being updated.
• When an orchestration is in the ready or error state, you can update it by using
the PUT /orchestration/name API call. This causes the state of the
orchestration to change to updating.
• When you stop an orchestration that’s in the updating state, it transitions to the
stopping state.
error
One or more instances in the orchestration have encountered an error.
• The orchestration remains in the error state until all the instances defined in it
are running.
• Wait to see if all the instances start running and the state of the orchestration
changes automatically to ready. If that doesn’t happen, then stop the
orchestration, identify and fix the error, and start the orchestration again.
stopping
The orchestration is stopping.
If any of the objects defined in an orchestration are used or referenced by another
object, the orchestration won’t be able to delete the referenced objects, and it can get
stuck in the Stopping state. See My orchestration is stuck in the stopping state.
stopped
The orchestration has stopped. All the objects defined in the orchestration have been
deleted.
Starting an Orchestration
When you start an orchestration, the objects defined in it are created, and when you
stop an orchestration, those objects are deleted.
Plan your orchestrations carefully, so that you can control the creation and deletion of
objects that consume resource quotas. For example, if you’re about to start an
orchestration that creates a large number of storage volumes, consider whether you
really need all those resources. If not, redefine your orchestration to create only the
resources that you need.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have uploaded the orchestration to Oracle Compute Cloud Service. See
Uploading an Orchestration.
• You must have already created all the objects or orchestrations that this
orchestration depends on.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the orchestration that you want to start. From the menu, select Start.
When you start an orchestration, its status changes to Starting and the objects defined
in the orchestration are provisioned. When all the objects have been created, the status
of the orchestration changes to Ready.
If the orchestration can’t create an object, its status changes to Error. An orchestration
might transition from the Error to the Ready state when it completes creating all the
specified objects.
If the status of your orchestration continues to show Error, then stop the orchestration,
identify and fix the issue in an offline copy of the orchestration JSON file, upload the
modified orchestration file, and start the orchestration.
To start an orchestration using the API, use the PUT /orchestration/name
method with the query argument action=START. For more information, see REST
API for Oracle Compute Cloud Service.
After starting an orchestration, you can view its status on the Orchestrations page. If
you no longer require the objects created by an orchestration, then to delete the
objects, stop the orchestration. See Stopping an Orchestration.
Monitoring Orchestrations
The Orchestrations page shows you a list of your orchestrations and the status of each
orchestration.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
All orchestrations are displayed, with information about their description and
status.
Tip:
You can filter the list of orchestrations according to their category or status. To
view orchestrations with a specific status (such as ready, error, or stopped),
click the Show menu and select the appropriate filter. To view orchestrations
of a specific category (such as all or personal), click the Category menu and
select the appropriate filter.
3. Go to the orchestration that you want to view and, from the menu, select View.
The orchestration details page shows you the details of the current state of the
orchestration, including return parameters, in JSON format. For information about
the return parameters of an instance, see Return Parameters Displayed in an
Orchestration.
To get a list of your orchestrations using the API, use the GET /orchestration/
container method and to view the details of an orchestration, use the GET /
orchestration/name method. For more information, see REST API for Oracle
Compute Cloud Service.
For information about the status of an orchestration, see Orchestration Life Cycle. To
start an orchestration, see Starting an Orchestration and to stop an orchestration, see
Stopping an Orchestration.
Top-level Parameters
info The nested parameter errors shows which object in the orchestration has
encountered an error. Empty if there are no errors.
status_timestamp This information is generally displayed at the end of the orchestration JSON. It
indicates the time that the current view of the orchestration was generated.
This information shows only when the orchestration is running.
Oplan Parameters
info If the orchestration has encountered an error, the nested parameter errors
shows the errors. Empty if there are no errors.
status_timestamp This information is generally displayed towards the end of the orchestration
JSON. It indicates the time that the current view of the orchestration was
generated. This information shows only when the orchestration is running.
Instance Parameters
ip If the instance is running, this parameter shows its private IP address. This
information doesn’t show when an instance is not running.
state If the orchestration is running, this parameter shows the current state of the
instance. This information doesn’t show when an orchestration is stopped or if
the instance couldn’t be created due to an error.
start_time If the orchestration is running, this parameter shows the time the instance was
created. This information doesn’t show when an orchestration is stopped or if
the instance couldn’t be created due to an error.
error_reason If the instance goes into an error state, this parameter shows the reason for the
error. This information doesn’t show when an instance is not in an error state.
nimbula_orchestration If any user-defined attributes are entered using the attributes parameter,
then the nested parameter nimbula_orchestration shows the three-part
name of the orchestration used to create the instance.
Stopping an Orchestration
When you stop an orchestration, all the instances and other resources that were
provisioned by that orchestration are deleted.
Note:
When you stop an orchestration, only the resources that are created by the
orchestration are deleted. For example, if you use an orchestration to create
storage volumes and attach them to your instances, then such storage volumes
are deleted when you stop the orchestration, and you lose the data stored on
those storage volumes. However, if an orchestration specifies only attachments
to storage volumes that are created outside the orchestration, then when you
stop the orchestration, the storage volumes aren’t deleted.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the orchestration that you want to stop. From the menu, select Stop.
Note:
After all objects have been deleted, the status of the orchestration changes to Stopped.
You can view the orchestration, download it, or start it again.
To stop an orchestration using the API, use the PUT /orchestration/name
method with the query argument action=STOP. For more information, see REST API
for Oracle Compute Cloud Service.
When you no longer need an orchestration, you can delete it. See Deleting an
Orchestration.
Downloading an Orchestration
You can download the orchestration file to your local host, edit it, and upload a
modified orchestration file as a new orchestration.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the orchestration that you want to download. From the menu, select
Download, and save the orchestration file on your local host.
You can edit the downloaded orchestration file on your local host, as required, by
using any text editor, and then upload the edited orchestration file as a new
orchestration. Remember to change the name attribute in the JSON file.
For the procedure to upload an orchestration to Oracle Compute Cloud Service, see
Uploading an Orchestration.
To download an orchestration using the API, use the GET /orchestration/name
method. After editing an orchestration, to upload it using the API, use the PUT /
orchestration/name method. For more information, see REST API for Oracle
Compute Cloud Service.
Updating an Orchestration
To update an orchestration, download the orchestration file to your local host, edit it,
and upload the modified orchestration.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the orchestration that you want to download. From the menu, select
Download, and save the orchestration file on your local host.
4. Delete the orchestration from Oracle Compute Cloud Service. See Deleting an
Orchestration.
5. Edit the downloaded orchestration file on your local host, as required, by using any
text editor.
6. Upload the edited orchestration file to Oracle Compute Cloud Service. See
Uploading an Orchestration.
Deleting an Orchestration
When you start an orchestration, the objects defined in it are created, and when you
stop an orchestration, those objects are deleted. However, stopping an orchestration
doesn’t cause the orchestration itself to be deleted. After you stop an orchestration, the
orchestration continues to be listed on the Orchestrations page, where its status is
shown as Stopped. You can still start, view, or download the orchestration. When you
delete an orchestration, however, it’s no longer listed on the Orchestrations page, and
you can’t perform any action on it.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have stopped the orchestration that you want to delete. See Stopping an
Orchestration.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the orchestration that you want to delete. From the menu, select Delete.
Topics
• Development tools: Expect, Java OpenJDK, GCC suite, GNU utilities, Perl, Ruby,
Python, and so on.
• Xterm client
• /boot: 500 MB
• swap: 4 GB
• / (root): Remainder
Oracle Linux Repositories Enabled for Yum Configuration
• public_ol6_latest
• public_ol6_UEK_latest
• public_ol6_UEKR3_latest
Language Support
Arabic, Chinese - Simplified, Chinese - Traditional, Czech, Danish, Dutch, English,
Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean,
Norwegian, Polish, Portuguese - Brazilian, Romanian, Russian, Slovak, Spanish,
Swedish, Thai, Turkish
Note:
Oracle Solaris Kernel Zones are not supported. The only virtualization that’s
supported within Oracle Solaris instances in Oracle Compute Cloud Service is
native non-global zones.
Users
In instances created by using any of the Oracle-provided Oracle Solaris images, a user
named opc is preconfigured. The opc user is assigned the System Administrator
profile and can perform basic administration tasks without entering a password by
using pfexec. The opc user is configured for remote access over the SSH v2 protocol
using RSA keys. The SSH public keys that you specify while creating instances are
added to the /export/home/opc/.ssh/authorized_keys file.
Note:
Direct login as root is disabled. You can assume the root role by running su
-. The password is solaris_opc and is marked as expired. You must change
the password the first time that you assume the root role.
Disk Layout
The images include a single disk that’s mapped to the root ZFS storage pool (rpool).
Support and Package Updates
When you create instances by using an Oracle-provided Oracle Solaris image, you get
a support entitlement for Oracle Solaris. You can update packages from the support
repository, file service requests to get support, and so on. The default IPS publisher,
named solaris, is preconfigured to use the Oracle Solaris support repository
(https://pkg.oracle.com/solaris/support/).
Language Support
See Managing Available Locales in International Language Environments Guide for Oracle
Solaris 11.3.
Language Support
English only.
1. Build your machine image. See Building Your Own Machine Images.
2. Upload the tar.gz machine image file to Oracle Storage Cloud Service. See
Uploading Machine Image Files to Oracle Storage Cloud Service.
4. (Optional) Create a bootable storage volume using the machine image. See
Creating a Bootable Storage Volume.
make them sparse files. On Linux, you can convert a file to the sparse format by
running the command, cp --sparse=always original_file
sparse_file. And when creating the tar archive, to ensure that the tar utility
stores the sparse file appropriately, specify the -S option.
• User access
Before creating the final image file, plan ahead and provision any users that you'd
like to be available when instances are created using the image.
Note:
While creating instances, you can specify one or more SSH public keys.
The keys that you specify are stored as metadata on the instance. This
metadata can be accessed from within the instance at http://
192.0.0.192/{version}/meta-data/public-keys/{index}/
openssh-key.
– In images that you build, you can write and include a script that runs
automatically when the instance starts, retrieves the SSH public keys, and
adds the keys to the authorized_keys file of the appropriate users.
• Format
The image must be a full disk image, including a partition table and boot loader.
The virtual disk image must be converted to the raw format, packaged in a tar
archive that contains only the image, and compressed using gzip. The final image
must be a tar.gz file.
Choose a tar.gz file name that you can use later to easily identify the key
characteristics of the image, such as the OS name, OS version, and the disk size. For
example, for a root-disabled, Oracle Linux 6.6 image with a 20-GB disk, consider
using a file name such as OL66_20GB_RD.tar.gz.
After building a machine image, to use it to launch instances, you must upload the
tar.gz image file to Oracle Storage Cloud Service. See Uploading Machine Image
Files to Oracle Storage Cloud Service.
Note:
For information about the operating systems that you can use to build
machine images, see Guidelines for Building Private Images.
Tip:
You can also upload machine image files to Oracle Cloud Storage Service by
using the upload-img CLI tool. With the CLI tool, you can upload multiple
files by using a single command. See the Uploading a Machine Image to Oracle
Storage Cloud Service tutorial.
Prerequisites
• Make sure that the .tar.gz file that you want to upload is available on the host
from which you’re accessing the web console.
• Make sure that you have the required role to upload images to Oracle Storage
Cloud Service.
– If this is the first machine image being uploaded to Oracle Storage Cloud
Service, then you must have the Storage Administrator role.
• Make sure that a replication policy has been set for your Oracle Storage Cloud
Service account:
3. If a replication policy is already set, the Set Replication Policy link is disabled.
If the Set Replication Policy link is enabled, then click it to set the policy for
your account. See Selecting a Data Center for Oracle Storage Cloud Service in
Using Oracle Storage Cloud Service.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
5. In the Image File field, browse to select the .tar.gz machine image file that you
want to upload.
The path where the machine image will be uploaded and the size of the machine
image are displayed.
6. In the Target Object field, enter the name of the object that the machine image file
should be stored as in Oracle Storage Cloud Service.
By default, this field is filled automatically with the name of the selected machine
image file. You can use that name or enter a new name. The name must be unique
and it must end with .tar.gz (example: myImage.tar.gz).
Note this name. You’ll need it later when you want to add a machine image to
Oracle Compute Cloud Service using the POST /machineimage/ HTTP request or
delete the machine image file from Oracle Storage Cloud Service.
7. Click Upload.
If a machine image already exists with the name specified in the Target Object
field, you’re prompted to enter another name. If you proceed with the upload
without changing the name, the existing machine image is overwritten.
The progress indicator shows the percentage of task that is complete. The time
taken to upload the file varies depending the size of the machine image file. Do not
close this browser window while the upload is still in progress.
To launch instances using the machine image files that you uploaded to Oracle Storage
Cloud Service, you must register the machine images in Oracle Compute Cloud
Service. See Registering a Machine Image in Oracle Compute Cloud Service.
Tip:
By default, any user in your Oracle Storage Cloud Service account who has the
Storage_ReadWriteGroup role has full read and write access to the
compute_images container in which you store machine image files. To
restrict access to the compute_images container, create a custom role in
Oracle Cloud My Services, assign that role to only the users who must be
allowed to access the compute_images container, and then assign the role to
the X-Container-Write ACL of the container. See the Restrict Read and
Write Access to Containers by Using the REST API tutorial.
Note:
For information about the operating systems that you can use to build
machine images, see Guidelines for Building Private Images.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• You must have uploaded the machine image file to Oracle Storage Cloud Service.
See Uploading Machine Image Files to Oracle Storage Cloud Service.
Procedure
1. Go to the Oracle Compute Cloud Service console:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Enter a name and description for the new image, select the image file, and click
Add.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
The Private Images page displays all the images that you’ve added.
To view a list of private machine images using the API, use the GET /
machineimage/Compute-account/user method. For more information, see REST
API for Oracle Compute Cloud Service.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Make sure that the machine image isn’t used in any orchestration.
Caution:
If you delete a machine image that’s used in an orchestration, then when that
orchestration is stopped and re-started, the instances won’t be created.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the image that you want to delete, and from the menu, select Delete.
To delete an image using the API, use the DELETE /machineimage/name method.
For more information, see REST API for Oracle Compute Cloud Service.
Note:
When you delete a machine image from Oracle Compute Cloud Service, the
image file that’s stored in Oracle Storage Cloud Service is not removed.
• At any time, you can register the machine image again in Oracle Compute
Cloud Service and then use the image to launch instances.
Note:
For information about the operating systems that you can use to build
machine images, see Guidelines for Building Private Images.
For example, you can group multiple versions of an Oracle Linux 6.6 machine image,
each containing a different set of packages, in an image list. To view the details of all
your Oracle Linux 6.6 image versions, all you need to do is view the details of the
image list that contains those images. In an orchestration, you can quickly change the
machine image that must be used, say from one Oracle Linux 6.6 image version to
another, by simply changing the imagelist_entry number.
When you add a machine image using the web console, an image list is created
automatically by using the name that you specified for the image. The new machine
image becomes the default (and only) entry in the image list.
Topics
• When you create a storage volume, you can specify the capacity that you need. The
allowed range is from 1 GB to 2 TB, in increments of 1 GB.
• You can attach one or more storage volumes to an instance either while creating the
instance or later, while the instance is running.
• After creating an instance, you can easily scale up or scale down the block storage
capacity for the instance by attaching or detaching storage volumes. However, you
can’t detach a storage volume that was attached during instance creation. Note
that, when a storage volume is detached from an instance or when the instance is
deleted, data stored on the storage volume isn’t lost.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
Note:
Tip:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
• Enter a name for the storage volume. Note this name. You’ll need it later to
search for the storage volume on the Storage page.
Pick a name that you can use later to quickly identify the key characteristics of
the storage volume.
• To make this storage volume a boot disk, select a machine image in the Boot
Image field. Later, while creating an instance, you can specify this volume as
the boot disk for the instance.
If you select a machine image with a large disk size, it may take a while for the
storage volume to be created.
• Enter the size, in GB, of the storage volume. The allowed range is 1 GB to 2 TB.
Consider the storage capacity needs of the applications that you plan to deploy
on the instance, and leave some room for attaching more storage volumes in the
future. This approach helps you use the available block storage capacity
efficiently in the long run.
If you intend to use this storage volume as a boot disk, then the size must be at
least 5% higher than the boot image disk size.
Note:
The web console might show other storage properties. But don’t select any of
them.
5. Click Create.
While the new storage volume is being created, the Status field for the storage volume
shows Initializing.
When the storage volume is ready, the Status field changes to Online.
To view details of the new storage volume, search for it by using the name that you
noted earlier. From the menu, select View.
To create a storage volume using the API, use the POST /storage/volume/
method. To attach a storage volume to an instance, you must add a storage attachment
object, by using the POST /storage/attachment/ method. For more information
about these API methods, see REST API for Oracle Compute Cloud Service.
After creating a storage volume, you must attach the storage volume to an instance
and then mount the storage volume on the instance. See Attaching a Storage Volume
to an Instance and Mounting a Storage Volume on a Linux Instance.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
• Enter a name for the storage volume. Note this name. You’ll need it later to
search for the storage volume on the Storage page.
Pick a name that you can use later to quickly identify the key characteristics of
the storage volume. For example, consider a name such as boot-OL66-20G for
a bootable storage volume with an Oracle Linux 6.6 machine image on a 20-GB
disk).
• Enter the size, in GB, of the storage volume. The allowed range is 1 GB to 2 TB.
The size you enter must be at least 5% higher than the boot image disk size.
For storage volumes that require low latency and high IOPS, such as for storing
database files, select storage/latency. For all other storage volumes, select
storage/default.
Note:
The web console might show other storage properties. But don’t select any of
them.
5. Click Create.
While the new storage volume is being created, the Status field for the storage volume
shows Initializing.
When the storage volume is ready, the Status field changes to Online. You can then
specify this storage volume as the boot disk while creating an instance.
To view details of the new storage volume, search for it using the name you noted
earlier. From the menu, select View.
To create a storage volume using the API, use the POST /storage/volume/
method. To attach a storage volume to an instance, you must add a storage attachment
object, by using the POST /storage/attachment/ method. For more information
about these API methods, see REST API for Oracle Compute Cloud Service.
Note:
Topics
Note:
You can create a snapshot of a storage volume either when it is attached to an instance
or after detaching it. If the storage volume is attached to an instance, then only data
that has already been written to the storage volume will be captured in the snapshot.
Data that is cached by the application or the operating system will be excluded from
the snapshot. To create a snapshot of a bootable storage volume that is currently being
used by an instance, you should delete the instance before you create the snapshot, to
ensure the consistency of data. You can create the instance again later on, after the
snapshot is created.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
To create a storage volume snapshot:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the storage volume that you want to create a snapshot of. From the menu,
select Create Snapshot.
4. In the Create Storage Snapshot dialog box, enter a name for the snapshot and, if
required, specify a description and tags to help you identify your storage snapshot.
Then click Create.
5. To see a list of storage snapshots, click Storage Snapshots in the left pane.
The Storage Snapshots page is displayed. On this page, you can view a list of
storage snapshots as well as other information including the volume used to create
the snapshot, and storage volumes cloned from a snapshot.
After you’ve created a storage volume snapshot, to use this snapshot to create a
storage volume, see Creating a Storage Volume from a Snapshot.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
The Storage Snapshots page is displayed. On this page, you can view the list of
snapshots with related information including the name of the storage volume that the
snapshot was created from, the date the snapshot was created, and the new storage
volumes created from the snapshot, if any.
Tip:
You can filter the list of storage volume snapshots according to their category.
To view storage volumes of a specific category (such as IaaS, PaaS, or
personal), click the Category menu and select the appropriate filter.
After you’ve created a storage volume snapshot, to use this snapshot to create a
storage volume, see Creating a Storage Volume from a Snapshot.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Go to the snapshot that you want to create a storage volume from. From the
menu, select Clone.
5. In the Clone Storage Volume dialog box, enter a name for the new storage volume,
specify a description if required, and select the required storage property.
For storage volumes that require low latency and high IOPS, such as for storing
database files, select storage/latency. For all other storage volumes, select storage/
default.
Note:
The web console might show other storage properties. But don’t select any of
them.
6. Click Clone.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Go to the snapshot that you want to delete. From the menu, select Delete.
Note:
You can’t delete a snapshot if it has been used to create new storage volumes.
In this case, the Delete option is disabled.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the storage volume that you want to attach. From the menu, select
Attach Instance.
5. The Attach as Disk # field is filled automatically with the next available index at
which the volume can be attached. You can leave this field at the automatically
selected disk number or enter a higher number up to 10.
The disk number that you specify here determines the device name. The disk
attached at index 1 is named /dev/xvdb, the disk at index 2 is /dev/xvdc, the
disk at index 3 is /dev/xvdd, and so on.
Make a note of the disk number. You’ll need it later when you mount the storage
volume on the instance.
6. Click Attach.
You can also attach a storage volume to a running instance from the Instances page.
See Attaching a Storage Volume to an Instance.
To attach a storage volume to a running instance using the API, use the POST /
storage/attachment/ method. For more information, see REST API for Oracle
Compute Cloud Service.
After attaching a storage volume to an instance, to access the block storage, you must
mount the storage volume on your instance. See Mounting a Storage Volume on a
Linux Instance.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
All storage volumes are displayed, along with information about each storage
volume.
Tip:
You can filter the list of storage volumes according to their category or status.
To view storage volumes with a specific status (such as online, offline, or
attached), click the Show menu and select the appropriate filter. To view
storage volumes of a specific category (such as IaaS, PaaS, or personal), click
the Category menu and select the appropriate filter.
3. Go to the storage volume that you want to view. From the menu, select View.
To view the details of a storage volume using the API, use the GET /storage/
volume/name method. For more information, see REST API for Oracle Compute Cloud
Service.
Note:
1. Identify the disk number of the storage volume that you want to mount. See
Viewing Details of a Storage Volume.
2. Log in to the instance. See Accessing an Oracle Linux Instance Using SSH.
ls /dev/xvd*
Device names start from /dev/xvdb and are determined by the index number that
you assigned when you attached the storage volumes. For example, if you attached
a storage volume at index 1, the volume gets the device name, /dev/xvdb. The
storage volume at index 2 would be /dev/xvdc, the storage volume at index 3
would be /dev/xvdd, and so on.
4. Identify the device name corresponding to the disk number that you want to
mount.
For example, if you want to mount the storage volume that you had attached at
index 3, the device name would be /dev/xvdd.
5. Use a tool such as mkfs to create a file system on the storage volume. For example,
to create an ext3 file system on /dev/xvdd, run the following command:
Note:
6. Create a mount point on your instance. For example, to create the mount
point /mnt/store, run the following command:
7. Mount the storage volume on the mount point that you created on your instance.
For example, to mount the device /dev/xvdd at the /mnt/store directory, run
the following command:
If you prefer, you can specify the disk UUID instead of the device name in the
mount command. To find out the UUID of the disks attached to your instance, run
the blkid command.
8. To make the mount persistent across instance restarts, edit the /etc/fstab file
and add the mount as an entry in that file.
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any mount points that you defined are lost. You must create the
mount points again.
Note:
1. Identify the disk number of the storage volume that you want to unmount. See
Viewing Details of a Storage Volume.
2. Log in to the instance. See Accessing an Oracle Linux Instance Using SSH.
3. List the devices available on your instance and their mount points:
sudo df -hT
Device names start from /dev/xvdb and are determined by the index number that
you assigned when you attached the storage volumes. For example, if you attached
a storage volume at index 1, then the volume gets the device name, /dev/xvdb.
The storage volume at index 2 would be /dev/xvdc, the storage volume at index 3
would be /dev/xvdd, and so on.
Note:
For an instance that’s set up to boot from a nonpersistent boot disk, /dev/
xvda is used for the boot disk.
4. Identify the device name corresponding to the disk number that you want to
unmount, and note the mount point for that device.
For example, to unmount the storage volume that is attached at index 3, you must
unmount /dev/xvdd.
6. If you had defined this mount point in /etc/fstab file, then edit /etc/fstab
and remove the mount.
If you no longer need the volume that you just unmounted, then you can detach it
from the instance and delete it. See Detaching a Storage Volume from an Instance and
Deleting a Storage Volume.
Note:
The steps to mount a storage volume on an Oracle Solaris instance vary depending on
whether a ZFS storage pool exists for the volume.
• If the storage volume that you want to mount was attached previously to any
Oracle Solaris instance, or if you’re not sure about this, then start with the steps in
Importing a ZFS Storage Pool.
• If the storage volume that you want to mount has just been created, or if you’re
sure that it has never been attached previously to any Oracle Solaris instance, then
proceed to Creating a ZFS Pool.
1. Identify and make a note of the disk number of the storage volume that you want
to mount.
See Viewing Details of a Storage Volume.
2. Log in to the instance on which you want to mount the storage volume.
See Accessing an Oracle Solaris Instance Using SSH.
Note:
If this is the first time that you’re assuming the root role on the instance, then
a prompt to change the password is displayed. Change the password as
prompted and then proceed.
• If the command lists one or more pools, then pick the pool that you want to
import.
Here’s an example of the output of the zpool import command:
pool: mypool2
id: 14352758040898370875
state: ONLINE
action: The pool can be imported using its name or numeric identifier.
config:
mypool2 ONLINE
c2t2d0 ONLINE
pool: mypool3
id: 1124470769081803325
state: ONLINE
action: The pool can be imported using its name or numeric identifier.
config:
mypool3 ONLINE
c2t3d0 ONLINE
In this example, two pools are available for importing: mypool2 (for disk
c2t2d0) and mypool3 (for disk c2t3d0).
In the disk names—that is, c2t2d0, c2t3d0, and so on—look at the t1, t2, t3, ...
number. This number, technically known as the target number, matches the index
that was specified when the volume was attached to the Oracle Solaris instance.
For example, c2t3d0 is the disk that’s attached to the instance at index 3.
6. Identify the disk that you want to mount, and note its pool name.
For example, if you want to mount the storage volume that’s attached to the
instance at index 3, then the disk in this example would be c2t3d0 in mypool3.
Note:
If the index number of the storage volume that you want to mount doesn’t
match the target number of any of the disks listed by the zpool import
command, then you must create a ZFS storage pool. See Creating a ZFS Pool.
7. Import the ZFS pool that you noted earlier, by running the zpool import
command, as shown in the following example:
zpool import mypool3
The storage volume and the ZFS file systems defined in it, if any, are now
mounted on the instance.
1. Identify and make a note of the disk number of the storage volume that you want
to mount.
See Viewing Details of a Storage Volume.
2. Log in to the instance on which you want to mount the storage volume.
See Accessing an Oracle Solaris Instance Using SSH.
Note:
If this is the first time that you’re assuming the root role on the instance, then
a prompt to change the password is displayed. Change the password as
prompted and then proceed.
4. Find out the names of the disks attached to your instance, by running the format
command:
format
The following is an example of the output of this command:
Searching for disks...done
In this example, three disks are attached to the instance: c2t1d0, c2t2d0 and
c2t3d0.
In the disk names—that is, c2t2d0, c2t3d0, and so on—look at the t1, t2, t3, ...
number. This number, technically known as the target number, matches the index
that was specified when the volume was attached to the Oracle Solaris instance.
For example, c2t3d0 is the disk that’s attached to the instance at index 3.
5. Using the storage volume index number that you noted earlier, identify and make
a note of the disk name of the storage volume that you want to mount.
For example, if you want to mount the storage volume that was attached at index
3, then the disk name in this example would be c2t3d0.
7. Create a ZFS storage pool for the disk that you want to mount:
Command syntax: zpool create pool_name disk_file_name
8. If required, create ZFS file systems in the new ZFS storage pool.
Command syntax: zfs create pool_name/filesystem_name
Command example: zfs create mypool3/myfs1
The ZFS file systems are mounted automatically. By default, the mount point of
each file system is its name.
9. To give the opc user access to the ZFS storage pool and its filesystems, make the
opc user the owner of the mount by using the chown command, as shown in the
following example:
chown -R opc /mypool
In this example,
• The rpool entries are for the root pool that contains the boot disk of the instance.
• mypool3 is the ZFS storage pool of the storage volume that you mounted. It is
mounted at /mypool3.
See Also:
1. Identify and make a note of the disk number of the storage volume that you want
to unmount. See Viewing Details of a Storage Volume.
2. Log in to the instance. See Accessing an Oracle Solaris Instance Using SSH.
su -
4. Find out the names of the disks mounted on your instance and the ZFS pool to
which each disk belongs, by running the following command:
zpool status
pool: mypool
state: ONLINE
scan: none requested
config:
pool: rpool
state: ONLINE
scan: none requested
config:
In this example, two disks are mounted on the instance: c2t1d0 (in rpool) and
c2t2d0 (in mypool)
Focus on the t1, t2, ... number in the disk file names. This number corresponds to
the index that was specified while attaching the storage volume to the instance.
5. Identify and make a note of the disk file name of the storage volume that you want
to unmount.
For example, if you want to unmount the storage volume that was attached at
index 2, then the disk file name in this example would be c2t2d0.
Caution:
rpool is the pool that contains the boot disk. Do NOT unmount it.
6. Export the ZFS pool that contains the disk that you want to unmount:
This command unmounts the ZFS pool and any file systems in it. To verify that the
pool has been exported, run the zpool import command. The output shows that the
pool that you exported is available for importing, as shown in the following example:
pool: mypool
id: 1124470769081803325
state: ONLINE
action: The pool can be imported using its name or numeric identifier.
config:
mypool ONLINE
c2t2d0 ONLINE
If you no longer need the volume that you just unmounted, then you can detach it
from the instance and delete it. See Detaching a Storage Volume from an Instance and
Deleting a Storage Volume.
To mount the volume again, run the zpool import command, as shown in the
following example:
zpool import mypool
See Also:
• Exporting a ZFS Storage Pool in Managing ZFS File Systems in Oracle Solaris
11.3.
• Importing a ZFS Storage Pool in Managing ZFS File Systems in Oracle Solaris
11.3.
Note:
When an instance is re-created, storage volumes that were attached manually
(that is, not attached automatically through the orchestration that was used to
create the instance) must be attached again.
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, all the storage volumes attached to the instance must be mounted
again.
3. Navigate to File and Storage Services, and from there to Volumes, and then
Disks.
The storage volumes that are attached to the instance are listed as disks.
For newly attached disks, the Partition type would be Unknown and the
Unallocated capacity would be equal to the total size of the disks.
See the following example:
5. If the Status of the disk is Offline, right-click and select Bring Online.
8. In the Volumes pane, click Tasks and select New Volume, as shown in the
following example:
Note:
Don’t confuse the term volume that you see in Windows with the concept of
storage volumes in Oracle Compute Cloud Service.
A storage volume in Oracle Compute Cloud Service is a virtual disk that you
can attach to an instance. In the context of Windows, a volume is essentially a
partition on a disk that’s attached to a server. You can create multiple
partitions on each storage volume that you attach to your Windows instance.
9. Follow the instructions in the New Volume Wizard to complete creation of the
partition.
The new partitions are now available at the drive letters that you assigned while
partitioning the disk, as shown in the following example:
3. Navigate to File and Storage Services, and from there to Volumes, and then
Disks.
The storage volumes that are attached to the instance are listed as disks.
Wait for a few seconds, until the Status of the disk changes to Offline.
Note:
The partitions and data on the disk are intact. You can either bring the disk
online later on the same instance, or detach it from this instance and attach it
to another instance.
For detailed instructions for managing disks and partitions, see the Windows Server
documentation.
If you no longer need the volume that you just unmounted, then you can detach it
from the instance and delete it. See Detaching a Storage Volume from an Instance and
Deleting a Storage Volume.
After you detach a storage volume from an instance, you can no longer read from or
write data to the storage volume, unless you attach it to any instance.
Note:
You can’t detach or delete a storage volume that was attached while creating
an instance.
If you’re sure that a storage volume is no longer required, then back up the
data elsewhere and delete the storage volume.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that you’ve unmounted the storage volume that you want to detach. See
Unmounting a Storage Volume from a Linux Instance.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the storage volume that you want to detach. From the menu, select Detach
Instance.
You can also detach a storage volume from the Instances page. See Detaching a
Storage Volume from an Instance.
To detach a storage volume from an instance using the API, you must remove a
storage attachment object, by using the DELETE /storage/attachment/name
method. For more information, see REST API for Oracle Compute Cloud Service.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that the storage volume that you want to delete isn’t attached to any
instance. See Detaching a Storage Volume from an Instance.
• Ensure that there are no snapshots of the storage volume that you want to delete.
See Listing Storage Volume Snapshots.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the storage volume that you want to delete. From the menu, select Delete.
To delete a storage volume using the API, use the DELETE /storage/volume/name
method. For more information, see REST API for Oracle Compute Cloud Service.
Topics
• Instances in Security-list-a can receive HTTPS traffic from any host on the
public internet, as defined by Security-rule-b.
• Instances in Security-list-b can receive traffic over SSH from any of the IP
addresses specified in Security-IP-list-a, as defined by Security-rule-c.
If no security rules are defined for a security list, then, by default, instances in that
security list can’t receive traffic from hosts outside the security list. However, instances
in the security list can still access other instances in the same security list.
When you remove an instance from a security list, the instance can no longer
communicate with other instances in that security list, and traffic to and from that
instance is no longer controlled by the security rules defined for that security list.
A security IP list specifies a set of IP addresses that can be used as a source or a
destination in security rules. See Managing Security IP Lists.
An instance can be added to multiple security lists. In case of conflicts in policy, the
most restrictive policy takes precedence. For example if an instance belongs to one
security list with the inbound policy permit and the same instance is added to
another security list with the inbound policy deny, effectively the inbound policy for
that instance would be deny.
See Also:
• The inbound policy controls the flow of traffic into the security list. For example, if
the inbound policy is set to permit, packets from all sources using any port or
protocol are permitted to the instances in the security list. To control the flow of
traffic to the instances in a security list, ensure that the inbound policy is set to
deny, and then define security rules to allow only traffic from specified sources to
access your instances using specified ports and protocols.
• The outbound policy controls the flow of traffic out of the security list. For
example, if the outbound policy is set to deny, packets can’t flow out of the
security list. To allow instances in a security list to communicate with hosts outside
the security list, set the outbound policy to permit.
By default, a security list has its inbound policy set to deny and outbound policy set to
permit. However, you can specify a different inbound or outbound policy when you
create a security list. If you specify either the inbound or the outbound policy as deny,
then you can set up security rules to override that policy. For example, if a security list
has its inbound policy set to deny, you can create security rules to permit traffic from
specified sources, over specified protocols and ports, to the instances in that security
list.
Note:
A security rule acts only on a policy that is set to deny. If a security list has its
inbound policy set to permit, then you don’t need to define security rules to
permit traffic to instances in that security list.
When you create a security rule, you can specify a security list as a source or
destination in that security rule. A security list can be specified as the source or
destination in up to 10 security rules.
The following diagram shows the relationship between instances and security lists.
In this diagram,
• Security-list-c has the inbound policy set to permit. So traffic from the other
security lists can reach the instances in this security list, as indicated by the arrows.
Traffic from the Internet can also reach the instances in this security list.
Note:
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
5. Enter or select the required details—a name and description, and the inbound and
outbound policies—and click Create.
To create a security list using the API, use the POST /seclist/ method. See REST
API for Oracle Compute Cloud Service.
You can also create a security list by using an orchestration. See Orchestration
Attributes Specific to Each Object Type.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the security list that you want to update. From the menu, select Update.
To update a security list using the API, use the PUT /seclist/name method. See
REST API for Oracle Compute Cloud Service.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that no instance is attached to the security list that you want to delete.
• Ensure that no security rule uses the security list that you want to delete.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the security list that you want to delete. From the menu, select Delete.
To delete a security list using the API, use the DELETE /seclist/name method. See
REST API for Oracle Compute Cloud Service.
If you created a security list using an orchestration, then you can delete the security
list by stopping the orchestration. See Stopping an Orchestration.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
If you don’t enable SSH access during instance creation, then to enable SSH access to
your instance later, you must create a security list, add the instance to it, and set up a
security rule to permit SSH traffic to the security list.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
– The security application that you want to use in your security rule. See Creating
a Security Application.
– The security list for which you want to create the security rule. See Creating a
Security List.
– Either a security IP list or a security list that you want to use as the source in the
security rule. See Creating a Security IP List.
Caution:
Use security rules carefully and open only a minimal and essential set of ports.
Keep in mind your business needs and the IT security policies of your
organization.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
• By default, new security rules are enabled. If you’d like to enable the rule later,
then set Status to Disabled.
• In the Security Application field, select the protocol for which you want to
create this security rule.
• In the Source field, select the security list or security IP list from which traffic
over the specified protocol should be allowed.
• In the Destination field, select the security list to which traffic should be
allowed.
5. Click Create.
To create a security rule using the API, use the POST /secrule/ method. See REST
API for Oracle Compute Cloud Service.
You can also create a security rule by using orchestrations. See Orchestration
Attributes Specific to Each Object Type.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the security rule that you want to update. From the menu, select
Update.
4. In the Update Security Rule dialog box, change the Status as required, and click
Update.
To update a security rule using the API, use the PUT /secrule/name method. For
more information, see REST API for Oracle Compute Cloud Service.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Go to the security rule that you want to delete. From the menu, select Delete.
To delete a security rule using the API, use the DELETE /secrule/name method.
See REST API for Oracle Compute Cloud Service.
If you created a security rule using an orchestration, then you can delete the security
rule by stopping the orchestration. See Stopping an Orchestration.
dns-tcp tcp 53
dns-udp udp 53
http tcp 80
mail tcp 25
ssh tcp 22
telnet tcp 23
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
– If you select the tcp or udp port type, then enter the port range.
– If you select the icmp port type, then enter the ICMP type.
6. Click Create.
To create a security application using the API, use the POST /secapplication/
method. See REST API for Oracle Compute Cloud Service.
You can also create a security application by using orchestrations. See Orchestration
Attributes Specific to Each Object Type.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that no security rule is using the security application that you want to
delete.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the security application that you want to delete. From the menu, select
Delete.
To delete a security application using the API, use the DELETE /secapplication/
name method. See REST API for Oracle Compute Cloud Service.
If you created a security application using an orchestration, then you can delete the
security application by stopping the orchestration. See Stopping an Orchestration.
/oracle/public/public-internet You can use this security IP list as the source in security
rules to permit traffic from any host on the Internet.
/oracle/public/site Don’t use this security IP list as the source in any security
rule.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Click Create Security IP List. Enter the required details and click Create.
5. In the Create Security IP List dialog box, enter the following details:
• In the IP List field, enter a comma-separated list of the subnets (in CIDR format)
or IPv4 addresses for which you want to create the security IP list.
For example, to create a security IP list containing the IP addresses 203.0.113.1
and 203.0.113.2, enter one of the following in the IP List field:
203.0.113.0/30
203.0.113.1, 203.0.113.2
6. Click Create.
To create a security IP list using the API, use the POST /seciplist/ method. See
REST API for Oracle Compute Cloud Service.
You can also create a security IP list by using an orchestration. See Orchestration
Attributes Specific to Each Object Type.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
3. Identify the security IP list that you want to update. From the menu, select
Update.
4. In the Update Security IP List dialog box, change the IP List or Description field, as
required, and click Update.
To update a security IP list using the API, use the PUT /seciplist/name method.
You can use this method to replace the list of IP addresses and change the description.
To add IP addresses to the list, use the POST /seciplist/ method and specify the
new IP addresses. See REST API for Oracle Compute Cloud Service.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that no security rule is using the security list that you want to delete.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the security IP list that you want to delete. From the menu, select
Delete.
To delete a security IP list using the API, use the DELETE /seciplist/name
method. See REST API for Oracle Compute Cloud Service.
If you created a security IP list using an orchestration, then you can delete the list by
stopping the orchestration. See Stopping an Orchestration.
• Updating an IP Reservation
• Deleting an IP Reservation
Note:
Each instance also has a private IP address associated with it. When an
instance is created, its private IP address is assigned dynamically from a range
of private IP addresses. When an instance is restarted, its private IP address
might change.
To find out the public IP address or the private IP address of your instance, view the
information on the Instances page. See Listing Instances.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
6. In the For Instance field, you can select the instance that the IP address must be
attached with.
Alternatively, you can create the IP reservation now without attaching it to any
instance, and attach it later. See Attaching a Public IP Address to an Instance.
7. Click Create.
Updating an IP Reservation
You can change the status of an IP reservation or attach it to an instance by updating
the IP reservation.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the IP reservation that you want to update. From the menu, select
Update.
• If the selected IP reservation isn’t attached to an instance, then you can attach it
now.
• If the IP reservation is attached to an instance, then you can change its status to
Temporary or Permanent.
To change the status of an IP reservation using the API, use the PUT /ip/
reservation/name method. See REST API for Oracle Compute Cloud Service.
Note:
You can’t remove a temporary IP address from an instance. You can only
remove a persistent IP address. If you created an instance with an
autogenerated IP address or if you changed the status of the IP address
associated with an instance to temporary, then to remove that IP address from
the instance, first update it to change its status to permanent. See Updating an
IP Reservation.
To complete this task, you must have the Compute_Operations role. If this role isn’t
assigned to you or you’re not sure, then ask your system administrator to ensure that
the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in
Managing and Monitoring Oracle Cloud.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the IP reservation that you want to detach. From the menu, select
Remove Instance.
Deleting an IP Reservation
When you no longer need an IP reservation, you can delete it.
Prerequisites
• To complete this task, you must have the Compute_Operations role. If this role
isn’t assigned to you or you’re not sure, then ask your system administrator to
ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying
User Roles in Managing and Monitoring Oracle Cloud.
• Ensure that no instance is using the IP reservation that you want to delete.
Procedure
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
4. Identify the IP reservation that you want to delete. From the menu, select
Delete.
The following graphic illustrates the required communication routes between your
production and development instances and from external hosts over the public
Internet.
To implement these firewall rules using the web console, see Procedure Using the Web
Console.
To implement these firewall rules using orchestrations, see Procedure Using
Orchestrations.
For a graphic showing the topology with the firewall rules implemented, see Topology
with Firewall Rules Implemented.
1. Generate at least one SSH key pair and upload the SSH public key to Oracle
Compute Cloud Service. See Generating an SSH Key Pair and Adding an SSH
Public Key.
2. Reserve public IP addresses for the instances that will be accessed over SSH:
dev3, dev4, prod1, prod2, prod3, and prod4.
See Reserving a Public IP Address.
5. Create your instances. Remember to associate an SSH public key and a public IP
address with each of the instances that you will access over SSH: dev3, dev4,
prod1, prod2, prod3, and prod4. See Creating Instances.
• Add dev3 and dev4 to the dev and the dev_allow_access security lists.
• Add prod1, prod2, prod3, and prod4 to the prod security list.
See Adding an Instance to a Security List.
Adding all the development instances to the dev security list enables all instances
in the development environment to communicate with each other over any
protocol. By default, no host outside this security list can communicate with any
development instance, and no development instance can communicate with any
host outside this security list. This fulfils firewall requirements 1, 4, 5, and 6.
Adding all the production instances to the prod security list enables all instances
in the production environment to communicate with each other over any protocol.
This fulfils firewall requirement 3.
1. Generate at least one SSH key pair and upload the SSH public key to Oracle
Compute Cloud Service. See Generating an SSH Key Pair and Adding an SSH
Public Key.
2. Reserve public IP addresses for the instances that will be accessed over SSH:
dev3, dev4, prod1, prod2, prod3, and prod4 . You can use the following
sample orchestration to reserve public IP addresses. This sample shows you how
to reserve two public IP addresses. Use a similar JSON construct to reserve
another four IP addresses.
{
"name": "/Compute-acme/joe/myIPreservations",
"oplans": [
{
"label": "My IP reservations",
"obj_type": "ip/reservation",
"objects": [
{
"name": "/Compute-acme/joe/ipres1",
"parentpool": "/oracle/public/ippool",
"permanent": true
},
{
"name": "/Compute-acme/joe/ipres2",
"parentpool": "/oracle/public/ippool",
"permanent": true
},
<Add more IP reservations here.>
]
}
]
}
You can use the following sample orchestration to create security lists. This
sample shows you how to create the dev security list. Use a similar JSON
construct to create another two security lists.
{
"name": "/Compute-acme/joe/mySecurityLists",
"oplans": [
{
"label": "seclists",
"obj_type": "seclist",
"objects": [
{
"name": "/Compute-acme/joe/dev",
"outbound_cidr_policy": "deny"
},
<Add more security lists here.>
]
}
]
}
4. Create a bootable storage volume for each of your instances. You can use the
following sample orchestration to create storage volumes. This sample shows you
how to create one storage volume. Use a similar JSON construct to create all the
required storage volumes.
{
"name": "/Compute-acme/joe/myStorageVolumes",
"oplans": [
{
"label": "My storage volumes",
"obj_type": "storage/volume",
"objects": [
{
"name": "/Compute-acme/joe/boot",
"bootable": true,
"imagelist": "/oracle/public/oel_6.6_20GB_x11_RD",
"properties": ["/oracle/public/storage/default"],
"size": "22548578304"
},
<Add more bootable storage volumes here.>
]
}
]
}
Note:
5. Create your instances. Remember to associate an SSH public key and a public IP
address with each of the instances that you will access over SSH: dev3, dev4,
prod1, prod2, prod3, and prod4. You can also specify the security lists that you
want to add each instance to. Add your instances to the required security lists as
follows:
• Add dev3 and dev4 to the dev and the dev_allow_access security lists.
• Add prod1, prod2, prod3, and prod4 to the prod security list.
Adding all the development instances to the dev security list enables all instances
in the development environment to communicate with each other over any
protocol. By default, no host outside this security list can communicate with any
development instance, and no development instance can communicate with any
host outside this security list. This fulfils firewall requirements 1, 4, 5, and 6.
Adding all the production instances to the prod security list enables all instances
in the production environment to communicate with each other over any protocol.
This fulfils firewall requirement 3.
You can use the following sample orchestration to create your instances. This
sample shows you how to create the dev3 instance, and associate an SSH public
key and a public IP address with the instance. This sample orchestration also
shows you how to add this instance to the required security lists, dev and
dev_allow_access. Use similar JSON constructs to define each of the required
instances.
{
"name": "/Compute-acme/joe/myInstances",
"oplans": [
{
"label": "My instances",
"obj_type": "launchplan",
"objects": [
{
"instances": [
{
"name": "/Compute-acme/joe/dev3",
"shape": "oc3",
"boot_order": [1],
"label": "dev3",
"networking": {
"eth0": {
"seclists": ["/Compute-acme/joe/dev", "/Compute-acme/joe/
dev_allow_access"],
"nat": "ipreservation:/Compute-acme/joe/ipres1"
}
},
"sshkeys": ["/Compute-acme/joe/key1"],
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-acme/joe/boot"
}
]
},
<Add more instances here.>
]
}
]
}
]
}
You can use the following sample orchestration to create your security rules. This
sample shows you how to create the iplist-to-dev security rule. Use a similar
JSON construct to create another two security rules.
{
"name": "/Compute-acme/joe/mySecRules",
"oplans": [
{
"label": "My security rules",
"obj_type": "secrule",
"objects": [
{
"name": "/Compute-acme/joe/iplist-to-dev",
"application": "/oracle/public/ssh",
"src_list": "seciplist:/Compute-acme/joe/ip_list1",
"dst_list": "seclist:/Compute-acme/joe/dev_allow_access",
"action": "PERMIT"
},
<Add more security rules here.>
]
}
]
}
After you’ve created all the required orchestrations, upload and start your
orchestrations to create the required objects and instances. See Uploading an
Orchestration and Starting an Orchestration.
Remember that you must define relationships for objects referenced by another object
in the same orchestration. For example, if you create IP reservations or security lists
and instances in the same orchestration, you must define relationships to ensure that
the required IP reservations and security lists are created before the instances that use
them. Similarly, if you create security lists or security IP lists and security rules in the
same orchestration, define relationships to ensure that the security lists and security IP
lists are created before the security rules that use them. See Relationships Between
Object Plans.
Topics
Prerequisites
• Ensure that the SSH private key corresponding to the public key that you
associated with your instance while creating it is available on the host from which
you want to ssh to the instance.
• Ensure that the instance has a public IP address. See Managing Public IP
Addresses. To find out the public IP address of your instance, view the information
on the Instances page. See Listing Instances.
• While creating the instance, if you didn’t select the option to enable SSH access,
then you must enable SSH access now before attempting to access the instance
using SSH.
See the tutorial Permitting SSH Access to Oracle Compute Cloud Service Instances.
Procedure
You can use SSH to log in to your instance as the default user, opc, by using the
following command:
Note:
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site,
you can use the private IP address of your instance to connect to the instance.
To set up a VPN tunnel, see Connecting to Oracle Compute Cloud Service
Instances Using VPN.
Prerequisites
• This procedure assumes you’re using PuTTY to connect to your instance. Ensure
that you have PuTTY installed on your Windows host. To download PuTTY, go to
http://www.putty.org/.
• Ensure that the SSH private key corresponding to the public key that you
associated with your instance while creating it is available on the Windows host
from which you want to ssh to the instance.
• Ensure that the instance has a public IP address. See Managing Public IP
Addresses. To find out the public IP address of your instance, view the information
on the Instances page. See Listing Instances.
• While creating the instance, if you didn’t select the option to enable SSH access,
then you must enable SSH access now before attempting to access the instance
using SSH.
See the tutorial Permitting SSH Access to Oracle Compute Cloud Service Instances.
Procedure
2. In Host Name (or IP address) box, enter the public IP address of your instance.
Note:
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site,
you can use the private IP address of your instance to connect to the instance.
To set up a VPN tunnel, see Connecting to Oracle Compute Cloud Service
Instances Using VPN.
4. In the Category tree, expand Connection if necessary and then click Data.
6. Confirm that the When username is not specified option is set to Prompt.
8. Click the Browse button next to the Private key file for authentication box.
Navigate to and open the private key file that matches the public key that is
associated with your instance.
10. In the Saved Sessions box, enter a name for this connection configuration and click
Save.
The PuTTY Configuration window is closed and the PuTTY window is displayed.
12. If this is the first time you are connecting to an instance, the PuTTY Security Alert
window is displayed, prompting you to confirm the public key. Click Yes to
continue connecting.
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any users that were added manually (that is, users that weren’t
defined in the machine image) must be added again.
1. Generate an SSH key pair for the new user. See Generating an SSH Key Pair on
UNIX and UNIX-Like Systems.
2. Copy the public key value to a text file. You’ll use this key later in this procedure.
3. Log in to your instance. See Accessing an Instance from UNIX and UNIX-Like
Systems.
sudo su
useradd new_user
mkdir /home/new_user/.ssh
7. Copy the SSH public key that you noted earlier to the /home/new_user/.ssh/
authorized_keys file.
Here, key is the SSH public key value from the key pair that you generated earlier,
enclosed in double quotation marks.
8. Add the new user to the list of allowed users in the /etc/ssh/sshd_config file
on your instance, by editing the AllowUsers parameter, as shown in the following
example:
In this example, the AllowUsers parameter already had the opc user. The
myadmin user has now been added.
9. Change the owner and group of the /home/username/.ssh directory to the new
user:
11. To enable sudo privileges for the new user, edit the /etc/sudoers file by
running the visudo command.
In this command, ip_address is the public IP address of the instance, and private_key is
the full path and name of the file that contains the private key corresponding to the
public key that you added to the authorized_keys file earlier in this procedure.
Note:
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site,
you can use the private IP address of your instance to connect to the instance.
To set up a VPN tunnel, see Connecting to Oracle Compute Cloud Service
Instances Using VPN.
See Also:
In instances created by using any of the Oracle-provided Oracle Solaris images, a user
named opc is preconfigured. The opc user is assigned the System Administrator
profile and can perform basic administration tasks without entering a password by
using pfexec.
Prerequisites
• Ensure that the SSH private key corresponding to the public key that you
associated with your instance while creating it is available on the host from which
you want to ssh to the instance.
• Ensure that the instance has a public IP address. See Managing Public IP
Addresses. To find out the public IP address of your instance, view the information
on the Instances page. See Listing Instances.
Procedure
You can use SSH to log in to your instance as the default user, opc, by using the
following command:
ssh opc@ip_address —i private_key
In this command, ip_address is the public IP address of the instance, and private_key is
the full path and name of the file that contains the private key corresponding to the
public key associated with the instance that you want to access.
Note:
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site,
you can use the private IP address of your instance to connect to the instance.
To set up a VPN tunnel, see Connecting to Oracle Compute Cloud Service
Instances Using VPN.
Direct login as root is disabled. You can assume the root role by running su
-. The password is solaris_opc and is marked as expired. You must change
the password the first time that you assume the root role.
Remote desktop protocol (RDP) allows you to securely access your Windows instance
from a remote host. To access a Windows instance from a Windows host, you can use
the default RDP client, Remote Desktop Connection.
Prerequisites
Note:
This procedure assumes that your local host runs a Windows operating
system and that you’re using the Remote Desktop Connection client to access
your Windows instance. If your local host has another operating system, use
an appropriate RDP client to access your Windows instance.
• Ensure that you’ve created your Windows instance with the required userdata
attributes. See Creating an Instance from the Instances Page for information about
the required attributes. See Retrieving Instance Metadata to find out how to view
the metadata associated with your instance. If you’re using an orchestration to
manage your instance, you can view the orchestration to check the specified
attributes. See Monitoring Orchestrations.
• Ensure that your instance has a public IP address. See Managing Public IP
Addresses. To find out the public IP address of your instance, view the information
on the Instances page. See Listing Instances.
Procedure
RDP access to your Windows instance is not enabled by default. Before accessing your
Windows instance using RDP, you must add your instance to a security list and create
a security rule to enable RDP access.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
7. On the Instances page, identify the instance that you want to update. From the
menu, select View.
9. Select the Enable RDP access security list and click Attach.
12. Enter or select the required detail and then click Create.
• Source: From the Security IP Lists drop down list, select public-internet, or
select any other security IP list as the source.
• Destination: Select the Enable RDP access security list that you just created.
13. Next, on your Windows local host, start Remote Desktop Connection.
– Click the Start button and type Remote Desktop in the search field.
– In the Computer field, enter the public IP address of your Windows instance
and then click Connect.
– mstsc /v:public-IP-address-of-your-instance
Note:
If you’ve enabled a VPN tunnel to your Oracle Compute Cloud Service site, you
can use the private IP address of your instance to connect to the instance. To set up
a VPN tunnel, see Connecting to Oracle Compute Cloud Service Instances Using
VPN.
14. In the Windows security dialog box, enter the user name and password that you
specified in userdata attributes while creating the instance.
Note:
The first time you log in to your Windows instance, you must log in as
Administrator using the administrator_password that you specified while
creating the instance. After logging in, you can specify a list of users who are
allowed to access the Windows instance remotely using RDP. Subsequently, you
can log in as one of the new users. Alternatively, you can provide userdata
attributes while creating the instance, to add users with RDP access enabled. For
more information, see Attributes Specific to Windows Instances.
Note:
You can change the Administrator password after logging in. However, if
you’re using an orchestration to manage your Windows instance, then if you stop
the orchestration and start it again later, the Administrator password that you
specified in the orchestration will overwrite the password that you specified on
your Windows instance. This is true for any user password that you specify in an
orchestration. If you specify all administrators and users of an instance in an
orchestration and you stop and start that orchestration, all passwords will be reset
to the values specified in the orchestration. If you’ve lost or forgotten those
passwords, you can get locked out of your instance. For this reason, it is advisable
to create — directly on your Windows instance — additional administrators and
users who are enabled for remote access.
Oracle Network Cloud Service – VPN for Dedicated Compute allows you to establish
a secure communication channel between your data center and the instances in your
Oracle Compute Cloud Service site.
Topics
Note:
Oracle Network Cloud Service – VPN for Dedicated Compute is not available
by default with Oracle Compute Cloud Service. It must be requested
separately. See Requesting Oracle Network Cloud Service – VPN for
Dedicated Compute.
Using Oracle Network Cloud Service – VPN for Dedicated Compute, you can create
up to 20 VPN tunnels to your Oracle Compute Cloud Service site. You can use any
internet service provider to access your Oracle Compute Cloud Service site, provided
you have a VPN device to terminate an IPSec VPN tunnel.
IPSec is a suite of protocols designed to authenticate and encrypt all IP traffic between
two locations. This allows sensitive data to pass securely over networks that would
otherwise be considered insecure. Traffic between your data center and your Oracle
Compute Cloud Service site is encrypted and transmitted through this secure tunnel.
So your data can’t be stolen or intercepted. In other words, by using a site-to-site VPN
connection, you're effectively extending your data center network to include instances
in your Oracle Compute Cloud Service site.
You can request this service either while subscribing to Oracle Compute Cloud
Service, or later on. To request the Oracle Network Cloud Service – VPN for Dedicated
Compute service, work with your Oracle sales representative to raise a Service
Request (SR). You’ll receive a form asking you to provide detailed information. Use
this form to provide the following information:
Note:
Ensure that the range of IP addresses that you provide doesn’t overlap with
the private IP addresses used by other devices on your on-premises network.
Also check that the private IP addresses of existing Oracle Compute Cloud
Service instances do not conflict with private IP addresses used by any of your
on-premises devices. Such a conflict becomes relevant only when you
configure a VPN tunnel and your Oracle Compute Cloud Service instances
become an extension of you on-premises network.
It can take up to two weeks to process your request. After your SR is processed, Oracle
provides you the encoded PSK along with the name and public IP address of the
Oracle Cloud VPN gateway. Use these to configure your VPN gateway to connect to
the Oracle Cloud VPN gateway. See Configuring Your VPN Gateway.
Do the following:
2. Configure IPSec
After configuring your VPN gateway, to start a VPN connection, see Managing Your
VPN Connections.
#
# VPN identifier in the e.g. below is tagged as, "vpn-dcz-site-1", to represent vpn
connection to
# Oracle "dcz" from a customer site "site-1". Customers can create VPN connections
from other sites as well. Each zone
# supports up to five different VPN tunnels.
# VPN Connection ID : vpn-dcz-site-1
#
#
# --------------------------------------------------------------------------------
# IPSec Tunnel #1
# --------------------------------------------------------------------------------
# #1: Internet Key Exchange (IKE) Configuration
#
# A proposal is established for the supported IKE encryption,
# authentication, Diffie-Hellman, and lifetime parameters.
#
set security ike proposal pre-g2-aes128-sha authentication-method pre-shared-keys
set security ike proposal pre-g2-aes128-sha dh-group group2
set security ike proposal pre-g2-aes128-sha authentication-algorithm sha1
set security ike proposal pre-g2-aes128-sha encryption-algorithm aes-128-cbc
set security ike proposal pre-g2-aes128-sha lifetime-seconds 86400
# The IKE gateway is defined to be the Virtual Private Gateway. The gateway
# configuration associates a local interface, remote IP address, and
# IKE policy.
#
# This example shows the outside of the tunnel as interface ge-0/0/0.0.
# This should be set to the interface that IP address 192.168.111.3 is
# associated with.
# This address is configured with the setup for your Customer Gateway.
#
# If the address changes, the Customer Gateway and VPN Connection must be recreated.
#
# The IPSec policy incorporates the Diffie-Hellman group and the IPSec
# proposal.
#
set security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2
set security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal
# A security association is defined here. The IPSec Policy and IKE gateways
# are associated with a tunnel interface (st0.0).
# The tunnel interface ID is assumed; if other tunnels are defined on
# your router, you will need to specify a unique interface name
# (for example, st0.10).
#
set security ipsec vpn vpn-dcz-site-1 bind-interface st0.0
set security ipsec vpn vpn-dcz-site-1 ike gateway gw-vpn-site-1
set security ipsec vpn vpn-dcz-site-1 ike ipsec-policy ipsec-phase2-policy
set security ipsec vpn vpn-dcz-site-1 establish-tunnels-immediately
# This option causes the router to reduce the Maximum Segment Size of
# TCP packets to prevent packet fragmentation.
#
set security flow tcp-mss ipsec-vpn mss 1350
# --------------------------------------------------------------------------------
# #4: Static Route Configuration
#
# Your Customer Gateway needs to set a static route for the prefix corresponding to
your VPC on the tunnel.
# An example for a VPC with the prefix 10.0.0.0/16 is provided below
# set routing-options static route 10.0.0.0/16 next-hop st0.0
#
Topics
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
• VPN Gateway IP: Enter the IP address of the VPN gateway in your data center
through which you want to connect to the Oracle Cloud VPN gateway. Your
gateway device must support route-based VPN and IKE (Internet Key
Exchange) configuration using pre-shared keys.
• Pre-shared Key: Enter the 128-bit/SHA1 pre-shared key. This must be the same
key that you provided when you requested the service.
5. To start the VPN connection as soon as the tunnel is created, click Enabled.
To start a VPN connection using the API, use the POST /vpnendpoint/ method
with the enabled parameter.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
After you’ve established a VPN connection to your Oracle Compute Cloud Service
site, if you want to end the VPN connection, see Disabling a VPN Connection.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
On this page, you can see all the VPN endpoints that you’ve created, and you can
start, stop, view, update, or delete your VPN endpoints.
To list your VPN connections using the API, use the GET /vpnendpoint/
container method.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
3. Go to the VPN endpoint that you want to view. From the menu, select Update.
The Edit VPN Endpoint page shows the details of the VPN endpoint.
To view details of a VPN connection using the API, use the GET /vpnendpoint/
name method.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
3. Go to the VPN endpoint that you want to update. From the menu, select
Update. Enter the details that you want to change and then click Update. You can
update any of the details, except name.
To update a VPN connection using the API, use the PUT /vpnendpoint/name
method. You can update any of the parameters, except name.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
3. Go to the VPN endpoint that you want to disable. From the menu, select
Update.
4. In the Edit VPN Endpoint page, deselect the Enabled check box, and then click
Update.
To disable or end a VPN connection using the API, use the PUT /vpnendpoint/
name method without the enabled parameter.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
After disabling a VPN connection, you can start it again later on. See Starting a VPN
Connection.
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Click near the upper right corner, and select Manage VPN Endpoints.
3. Go to the VPN endpoint that you want to delete. From the menu, select Delete.
To delete a VPN connection using the API, use the DELETE /vpnendpoint/name
method.
For more information about using the REST API, see REST API for Oracle Compute
Cloud Service.
After deleting a VPN connection, you can create it again later on. See Starting a VPN
Connection.
Note:
Do the following:
d. (Optional) This step is relevant only if your domain contains multiple sites. To
change the site, click Select Site near the upper left corner of the page.
2. Go to the instance that you want to access. Make a note of the private IP address of
the instance.
3. After you’ve enabled a VPN tunnel, the instances in your Oracle Compute Cloud
Service site appear as an extension of the network in your site. You can use the
private IP address of an Oracle Compute Cloud Service instance to connect to the
instance as you would connect to any host in your data center.
Note:
After you’ve enabled a VPN tunnel, you can also continue to access your
instances over the public Internet, as you did earlier. Any security rules that
you might have defined for your instances continue to apply.
Topics
• About opc-init
About opc-init
When you create an instance in Oracle Compute Cloud Service, you get a virtual
machine running the operating system specified by the image that you had selected
while creating the instance. Before you start using the instance, you may want to
customize it based on your business needs. For example, you may want to create
users, install additional packages, add SSH keys, run certain scripts, and so on. Instead
of doing all of this initial configuration manually every time an instance starts, you can
use the opc-init package to set up these steps to be performed automatically when an
instance starts.
The opc-init package contains scripts provided by Oracle that allow you to perform
specified instance configuration tasks automatically every time an instance is created.
You specify the required instance configuration tasks in the form of user data when
you create an instance. The opc-init scripts query the metadata service on the instance
for this user data. The specified user data is then used by the opc-init scripts to
perform the required prebootstrapping tasks. If no user data attributes are specified,
then no bootstrapping tasks are performed by opc-init.
The opc-init scripts are included by default in Oracle-provided Linux and Windows
machine images.
Note:
Solaris machine images don’t include the opc-init scripts. So you can’t use
opc-init to automate instance configuration of Solaris instances.
If you specify user data while creating an instance, the opc-init package retrieves this
data and uses it to do the following:
• Know JSON
• Have the required permissions and licences for installing Chef, Ruby, and the
associated Ruby gems
In addition, if you want to write your own scripts, you must be familiar with Python.
• If you create an instance using the web console, use the Custom Attributes field to
specify user data. The text you enter in this field must be in JSON format.
• If you use the API to create an image list entry or to add a custom machine image
to Oracle Compute Cloud Service, then you can use the attributes parameter of
Note:
• If each instance should have unique user data, use an orchestration or the
web console to provide specific user data for each instance. This is useful if,
for example, you want to specify a unique user name and password, or
inject a unique SSH public key into each instance.
If you specify identical attributes in a machine image, an image list entry, and while
creating an instance, then the values specified in the image list entry override the
values specified in the machine image, and the values specified while creating the
instance override the values specified in the image list entry and in the machine
image. Attributes with unique keys are appended. For example, consider that in the
machine image attributes, you specify the following key-value pairs:
• {”key1”: “value1”}
• {”key2”: “value2”}
In the image list entry attributes, you specify the following key-value pairs:
• {”key1”: “value1–a”}
• {”key3”: “value3”}
And in the attributes entered while creating an instance using the web console or an
orchestration, you specify the following key-value pairs:
• {”key1”: “value1–b”}
• {”key4”: “value4”}
Then, when your instance is created, key1 will contain the value specified while
creating the instance, while the other attributes specified in the machine image, image
list entry, and while creating the instance will get appended. When you view user data
on the instance, you’ll see the following attributes:
• {”key1”: “value1–b”}
• {”key2”: “value2”}
• {”key3”: “value3”}
• {”key4”: “value4”}
Although you can use custom attributes to enter any custom data that you require, if
you want the opc-init package to use this information, you must use the userdata
attribute of the attributes parameter. You can use userdata to specify the
following instance configuration instructions:
• Prebootstrap scripts. You can either provide the script inline, or point to a URL
where the script is available. This URL must be accessible from the instance.
• Chef attributes. You can provide instructions for the instance to be configured
either using chef solo, or as a chef client.
For information about the specific nested attributes that you can use in the userdata
attribute, see User Data Attributes. For more details about retrieving user data, see
Retrieving User-Defined Instance Attributes.
• Prebootstrap Attributes
The following sample JSON shows the prebootstrap attribute of the userdata
attribute, with the script specified inline.
"instances": [
{
<Specify other instance attributes. See Instance Attributes
"attributes": {
"userdata": {
"pre-bootstrap": {
"failonerror": true,
"script": [
"line1_ofscript",
"line2_ofscript",
...,
"lineN_ofscript"
]
}
<Specify other userdata attributes here, if required.>
}
<Specify other attributes here, if required.>
}
}
]
pre- Optional This attribute allows you to specify a script that must be run
bootstrap prior to any instance configuration that is performed by the
opc-init package. You can either enter the script here, or
point to a URL. This attribute contains the following nested
attributes:
A description of the chef attributes for a chef solo configuration is provided in the
following table. Nested attributes are indented in the Attributes column to indicate
their hierarchy.
chef Required This attribute allows you to specify data used by chef for a
chef solo configuration. This attribute contains the following
nested attributes:
Optional The chef version to install when using gem files. The default
version
is 11.4.2.
Optional The Ruby version to install when using gem files. The
default is 1.8.
ruby_version
A description of the chef attributes for a chef client configuration is provided in the
following table. Nested attributes are indented in the Attributes column to indicate
their hierarchy.
chef Required This attribute allows you to specify data used by chef for a
chef client configuration. This attribute contains the
following nested attributes:
Optional The chef version to install when using gem files. The default
version
is 11.4.2.
Required The URL where the chef client can access the chef server.
chef_server_url
Required A unique name used by the chef client to register with the
chef sever.
chef_node_name
Optional The Ruby version to install when using gem files. The
default is 1.8.
ruby_version
yum_repos Optional This attribute allows you to specify the desired .repo file
and the name of the yum repository. This attribute contains
the following nested attributes:
Name of the Required This attribute has no name. You must specify the name of
yum repository the yum repository to be added. This is used as the
repository filename in the format filename.repo.
Other optional Optional You can add all other repository file configuration options
attributes as nested attributes under the repository name.
packages Optional A JSON array of the packages you want yum to install from
the repositories. Each list entry consists of a single package.
If you want to specify a package version, then the list entry
is represented as a two-element array of the format [name,
version].
package_upgr Optional A boolean value indicating whether you want to run yum
ade update on the instance.
• Enabling RDP access and specifying the password for the Administrator user
To enable the Administrator user to connect to the instance by using a remote
desktop protocol (RDP) connection, you must specify the password for the user
and also enable RDP access. You can do this by specifying the
administrator_password and enable_rdp attributes in the userdata
section of your orchestration, as shown in the following example:
"instances": [
{
<Specify other instance attributes. See Instance Attributes
"attributes": {
"userdata": {
"administrator_password": "somePassword",
"enable_rdp": true
}
<Specify other attributes here, if required.>
}
}
]
• Creating users
You can also specify a list of users that must be created automatically after the
Windows instance is launched, by specifying the required users and their
passwords in the users attribute, as shown in the following example:
"instances": [
{
<Specify other instance attributes. See Instance Attributes
"attributes": {
"userdata": {
"administrator_password": "somePassword",
"enable_rdp": true,
"users": [
{
"name": "john",
"password": "somePassword"
}
{
"name": "amelia",
"password": "somePassword"
}]
}
<Specify other attributes here, if required.>
}
}
]
"attributes": {
"userdata": {
"winrm": {
"trustedhosts": "app1.prod.example.com,*.dev.example.com,203.0.113.25"
}
}
<Specify other attributes here, if required.>
}
}
]
As you create and manage instances and the associated resources in Oracle Compute
Cloud Service, consider the following guidelines and recommendations to get the best
out of the service in terms of cost, manageability, and performance.
Topics
• Naming Objects
• Selecting Shapes
• Only users with the Compute_Operations role can perform write operations
(that is, create, update, and delete resources) in Oracle Compute Cloud Service.
When you create users in Oracle Cloud My Services, assign the
Compute_Operations role to only those users who'll be responsible for creating,
updating, and deleting instances and the associated storage and networking
resources.
• For business continuity, consider creating at least two users with the
Compute_Operations role. These users must be IT system administrators in your
organization.
• The operating system and software that you use to build private images must have
the required licenses. You’re responsible for purchasing the required licenses and
ensuring support for any third-party operating systems and software that you run
on Oracle Compute Cloud Service instances.
• Plan the packages that you want to include in your images keeping in mind the
workload that you want to deploy.
Note:
While creating instances, you can specify one or more SSH public keys.
The keys that you specify are stored as metadata on the instance. This
metadata can be accessed from within the instance at http://
192.0.0.192/{version}/meta-data/public-keys/{index}/
openssh-key.
– In images that you build, you can write and include a script that runs
automatically when the instance starts, retrieves the SSH public keys, and
adds the keys to the authorized_keys file of the appropriate users.
• Keep your image disk size just as small as is essential. A large image requires more
time to be uploaded to Oracle Storage Cloud Service, and costs more to store. In
addition, creating instances and bootable storage volumes from a large image
requires more time. Before uploading image files to Oracle Storage Cloud Service,
make them sparse files. On Linux, you can convert a file to the sparse format by
running the command, cp --sparse=always original_file
sparse_file. And when creating the tar archive, to ensure that the tar utility
stores the sparse file appropriately, specify the -S option.
• Choose a tar.gz file name that you can use later to easily identify the key
characteristics of the image, such as the OS name, OS version, and the disk size. For
example, for a root-disabled, Oracle Linux 6.6 image with a 20-GB disk, consider
using a file name such as OL66_20GB_RD.tar.gz.
Naming Objects
When you create instances, storage volumes, security lists, and so on, select the name
of the object carefully. Pick a name that helps you quickly identify the key
characteristics of the object later. For example, when creating a bootable storage
volume, consider including the operating system name and the image disk size in the
name of the storage volume.
Selecting Shapes
• While selecting the shape for an instance, consider the nature of the applications
that you plan to deploy on the instance, the number of users that you expect to use
the applications, and also how you expect the load to scale in the future. Remember
to also factor in the CPU and memory resources that are necessary for the operating
system.
• Select a shape that meets the requirements of your workload with a sufficient
buffer for intermittent spikes in the load. If you’re not sure what shape is
appropriate for an instance, then start small, experiment with a representative
workload, and then settle on a shape. This approach may help you achieve an
optimal trade-off between resource allocation and performance.
• When using orchestrations to create and manage instances, set the high-availability
policy to active, to ensure minimal disruption to your operations.
• Don’t define storage volumes and instances in the same orchestration. By keeping
storage volumes and instances in separate orchestrations, you can stop and start
the instances when required and yet preserve the attached storage volumes. Note
that the recommendation here is to define the storage volumes outside the instance
orchestration. To ensure that the storage volumes remain attached after an instance
is re-created, you must define the storage attachments within the instance
orchestration.
• Using orchestrations, you can control the placement of instances. You can opt to
have instances placed on the same or on different physical nodes. When you use
the instance placement feature, consider your requirements for application
isolation and affinity. See Relationships Between Objects Within a Launch Plan
Object.
• When you decide the number and size of your storage volumes, consider the limits:
minimum 1 GB, maximum 2 TB, one-GB increments, and 10 volumes per instance.
– If you attach too many small storage volumes to an instance, then you may not
be able to scale block storage for the instance up to the full limit of 20 TB.
• Create and use separate storage volumes for your applications, data, and the
operating system. Use a configuration management framework such as Chef or
Puppet for managing the configuration of the operating system and applications.
• To ensure that storage volumes remain attached and mounted after instances are
stopped and re-created, do both of the following:
– Define the storage attachments within the orchestration that you use to create
instances. Note that the recommendation here is to define the storage
attachments, and not the storage volumes, in the orchestration that you use to
create instances.
• If you’re sure that a storage volume is no longer required, then back up the data
elsewhere and delete the storage volume.
• When you create an instance, if you opt for an autogenerated public IP address,
then the IP address so allocated persists only during the life of the instance. If the
instance is deleted and re-created by stopping and starting its orchestration, then
the instance gets a new public IP address. To assign a fixed public IP address to an
instance, reserve a public IP address, and attach it to the instance—either when you
create the instance or, later, by updating the IP reservation.
• You can attach an instance to a maximum of five security lists, and you can use a
security list as the source or destination in up to 10 security rules. Plan your
security lists and security rules keeping these overall limits in mind.
Note:
• Ensure instance isolation by creating security lists and adding instances to the
appropriate security lists. Instances within a security list can inter-communicate
freely over any protocol. To allow incoming traffic to all the instances in a security
list, set up a security rule with the security list as the destination and with the
required source and protocol settings.
• Use security rules carefully and open only a minimal and essential set of ports.
Keep in mind your business needs and the IT security policies of your
organization.
• When you add an instance to a security list, all the security rules that use that
security list—as either the source or destination—are applicable to the instance.
Consider a security list that is the destination in two security rules, one rule that
allows SSH access from the public Internet and another rule permitting HTTPS
traffic from the public Internet. When you add an instance to this security list, the
instance is accessible from the public Internet over both SSH and HTTPS. Keep this
in mind when you decide the security lists that you want to add an instance to.
• If you’re creating a Linux or Oracle Solaris instance, then try to determine, up front,
how many users you expect to access the instance and plan for a separate SSH key
pair for each user.
• Keep your SSH keys secure. Lay down policies to ensure that the keys aren’t lost or
compromised when employees leave the organization or move to other
departments. If you lose your private key, then you can’t access your instances. For
business continuity, ensure that the SSH keys of at least two IT system
administrators are added to your instances.
•
If you need to edit the ~/.ssh/authorized_keys file of a user on your instance,
then before you make any changes to the file, start a second ssh session and ensure
that it remains connected while you edit the authorized_keys file. This second
ssh session serves as a backup. If the authorized_keys file gets corrupted or
you inadvertently make changes that result in your getting locked out of the
This section provides answers to frequently asked questions about Oracle Compute
Cloud Service.
Topics
• Machine Image
• Interfaces
• Instance Properties
– What’s the maximum amount of memory that I can allocate across all my
instances?
• Instance Usage
• Windows Instances
– Who is responsible for the Windows license? Does Oracle provide it, or should I
bring my own?
– Can I use my own Windows license with Oracle Compute Cloud Service
Windows instances?
– Oracle Compute Cloud Service allows me to create custom images and use them
to create instances. Using the same process, can I create a Windows image and
use it to create Windows instances in Oracle Compute Cloud Service?
• Network Settings
• Storage Management
– How can I add block storage to my instance after I’ve created the instance?
• Orchestrations
– Can I associate a single SSH public key with more than one instance?
– My SSH private key has been compromised. I’ve generated a new SSH key pair
and I want to update the SSH public key on my running instances. How can I
do that?
– I want to give other users access to my instance, but I don’t want to share my
SSH private key. What should I do?
• Connecting to Instances
• Support
– To what extent will Oracle support the applications and services deployed on
Oracle Compute Cloud Service instances?
Machine Image
What base images can I use to create instances?
You can use Oracle-provided or your own images to create instances. See Managing
Machine Images.
Interfaces
What user interfaces does this service provide?
You can access Oracle Compute Cloud Service through the web console, or by using
the REST API. See Accessing Oracle Compute Cloud Service Using the Web Console.
Instance Properties
How much CPU and memory can I assign to an instance?
The number of CPUs and RAM allocated to an instance are determined by the shape
that you select while creating the instance. See About Machine Images and Shapes.
What’s the maximum amount of memory that I can allocate across all my
instances?
The memory allocated to each instance is determined by the shape that you select
while creating the instance. So the maximum amount of memory that you can use
across all your instances is the total amount of RAM associated with the shape that
you select for each of your instances. There’s no separate upper limit on memory
allocation. For the amount of RAM associated with each shape, see About Machine
Images and Shapes.
Instance Usage
What can I install on the Oracle Compute Cloud Service instances?
You can deploy any application—Oracle or third-party—that’s supported on the
operating system included in the machine image that you used to create the instance,
subject to the licensing and support terms of the vendor of that application. Oracle
doesn’t provide support or indemnification for any third-party applications and
software.
See Also:
• Stopping an Orchestration
Windows Instances
Who is responsible for the Windows license? Does Oracle provide it, or should I
bring my own?
When you get a Windows image from Oracle Cloud Marketplace, the terms and
conditions for using the image are displayed. You must read and accept those terms
before you can create a Windows instance. When you create an instance from an
Oracle-provided Windows image, you get a Microsoft Windows license. You needn't
purchase the license separately
What about licenses for other Microsoft products? Can I use my own licenses to
install Microsoft products on Oracle Compute Cloud Service Windows
instances?
Yes, you can use Microsoft’s License Mobility through Software Assurance to use
licenses for other Microsoft products on your Windows instances. See https://
www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-
license-mobility.aspx.
Can I use my own Windows license with Oracle Compute Cloud Service
Windows instances?
No. If you want to create a Windows instance in Oracle Compute Cloud Service, you
must use the Oracle-provided Windows images, available on Oracle Cloud
Marketplace. A bring-your-own-licence (BYOL) model is not currently supported.
Oracle Compute Cloud Service allows me to create custom images and use
them to create instances. Using the same process, can I create a Windows
image and use it to create Windows instances in Oracle Compute Cloud
Service?
No. If you want to create a Windows instance in Oracle Compute Cloud Service, you
must use the Oracle-provided Windows images, available on Oracle Cloud
Marketplace. A bring-your-own-VM (BYOVM) model is not currently supported.
Network Settings
Are the public IP addresses of instances fixed or dynamic?
While creating instances, you can choose whether the public IP address must be fixed
or assigned dynamically from a pool.
See Also:
• Instance Attributes
• Updating an IP Reservation
Storage Management
How can I add block storage to my instance after I’ve created the instance?
If you’ve already created the storage volume that you want to attach to a running
instance, see Attaching a Storage Volume to an Instance. If you want to create a
storage volume and attach it to an instance, see Creating a Storage Volume.
How many storage volumes can I attach to an instance?
You can attach up to 10 block storage volumes to an instance.
What is the allowed size for a storage volume?
The allowed range is from 1 GB to 2 TB, in increments of 1 GB. You can specify the size
of a storage volume when you create the volume.
Orchestrations
What kinds of resources can I create using an orchestration?
You can use orchestrations to create instances, storage volumes, or networking objects
such as security rules or security lists.
See Also:
• Attributes in Orchestrations
See Also:
• Deleting an Orchestration
• Uploading an Orchestration
the orchestration. See Stopping an Orchestration. Note, however, that when you stop
an orchestration, all the resources defined in it are deleted.
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any SSH public keys that you added or edited manually (that is, not
during instance creation) must be added or edited again. To do this, you must
log in to the instance by using the original SSH private key. So retain and
safeguard your original SSH private key.
Can I associate a single SSH public key with more than one instance?
Yes, you can associate an SSH public key with multiple instances.
My SSH private key has been compromised. I’ve generated a new SSH key pair
and I want to update the SSH public key on my running instances. How can I do
that?
To modify an SSH public key on a running instance, log in to the instance, and edit the
~/.ssh/authorized_keys file of the user. Remove the existing SSH public key in
this file and replace it with the new key.
Note:
You don’t need to do this if you’re creating a Windows instance, because you
can’t log in to a Windows instance using SSH. To log in to your Windows
instance using RDP, see Accessing a Windows Instance Using RDP.
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any SSH public keys that you added or edited manually (that is, not
during instance creation) must be added or edited again. To do this, you must
log in to the instance by using the original SSH private key. So retain and
safeguard your original SSH private key.
I want to give other users access to my instance, but I don’t want to share my
SSH private key. What should I do?
You can create new local users on your instance, generate SSH key pairs for these
users offline, and append the new public keys in the ~/.ssh/authorized_keys file
of the new users. These users can then ssh to the instance by using the appropriate
private keys. See Adding Users on an Oracle Linux Instance.
Note:
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any users that were added manually (that is, users that weren’t
defined in the machine image) must be added again.
When an instance that’s set up to boot from a nonpersistent boot disk is re-
created, any SSH public keys that you added or edited manually (that is, not
during instance creation) must be added or edited again. To do this, you must
log in to the instance by using the original SSH private key. So retain and
safeguard your original SSH private key.
Connecting to Instances
How can I connect (log in) to an instance?
• Oracle Linux images: See Accessing an Oracle Linux Instance Using SSH
• Oracle Solaris image: See Accessing an Oracle Solaris Instance Using SSH
Support
To what extent will Oracle support the applications and services deployed on
Oracle Compute Cloud Service instances?
• Support for Oracle applications that you deploy on Oracle Compute Cloud Service
instances will be provided according to the prevailing support policies for those
applications.
This section describes common problems that you might encounter when using Oracle
Compute Cloud Service and explains how to solve them.
Topics
• Networking Problems
• Orchestration Problems
Description
When I try to log in to the web console, the following error message is displayed:
You are not authorized to access the Oracle Compute Cloud Service (0706_043942.887).\
If the problem persists, contact Oracle Support.
Solution
This error indicates that you are not assigned any Oracle Compute Cloud Service role.
See About Oracle Compute Cloud Service Roles.
Ask your service administrator to assign the appropriate roles to you in Oracle Cloud
My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Description
When I try to create, update, or delete any object, an error message similar to the
following is displayed:
Unable to create security rule. [[email protected]_0706_045758.332] :
User /Compute-acme/[email protected] is not permitted to perform "secrule.add"
on
secrule:/Compute-acme/[email protected]/mysecrule
Solution
This error indicates that you’re not authorized to create, update, or delete resources in
Oracle Compute Cloud Service. Ask your service administrator to assign the
Compute_Operations role to you in Oracle Cloud My Services. See Modifying User
Roles in Managing and Monitoring Oracle Cloud.
Description
When I try to upload my orchestration file, I get the following error: “Unable to create
an orchestration from the JSON file.”
Solution
This error indicates that there are errors in the syntax of your orchestration JSON file.
Open the JSON file in a text editor to identify and fix the problems. You should also
validate your JSON file. You can do this by using a third-party tool, such as JSONLint,
or any other validation tool of your choice.
Note:
Description
I’ve uploaded my orchestration file but I don’t see my instances. What should I do?
Solution
After uploading your orchestration, the status of your orchestration is automatically
set to Stopped. To create the resources defined in your orchestration, start your
orchestration. See Starting an Orchestration.
Description
I’ve uploaded my orchestration, but when I start it, the following error occurs:
Specify either an ImageList or boot_order and StorageVolume.
Solution
This error indicates that your orchestration doesn’t specify either an image or a
bootable storage volume for your instance.
• To set up the instance to boot from a persistent disk, you must attach a bootable
storage volume by using the storage_attachment instance attribute, and then
specify the index number of the attached storage volume as the boot disk by using
the boot_order instance attribute.
{
"objects": [
{
"instances": [
{
"boot_order": [
1
],
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-acme/joe/bootable-vol1"
}
]
}
]
}
]
}
• To set up the instance to boot from a nonpersistent disk, specify the image that you
want to use by using the imagelist attribute.
{
"objects": [
{
"instances": [
{
"imagelist": "/oracle/public/oel6"
}
]
}
]
}
Note:
Description
When I try to attach my storage volume to an instance, the following error occurs:
APIConflictError: Attachment index 1 is already in use on instance /Compute-acmecorp/
acmeadmin/dev2/6073c806-f7da-47eb-9678-6e618931b29a
Solution
The index number that you’re trying to assign to this storage volume is already used
for another storage volume. Select a different index number and try again.
Note:
The disk number that you specify here determines the device name. The disk
attached at index 1 is named /dev/xvdb, the disk at index 2 is /dev/xvdc,
the disk at index 3 is /dev/xvdd, and so on.
Description
I've attached three storage volumes to my instance. Now I want to delete the instance.
So I started to detach the storage volumes. I detached two of the storage volumes, but
can’t detach the third one.
Solution
You can detach storage volumes that were attached to an instance after the instance
was created. You can’t detach storage volumes that were attached during instance
creation.
Description
I want to delete a storage volume that I no longer need, but the web console doesn’t
show the delete option for the storage volume.
Solution
You can't delete a storage volume if it’s attached to an instance. To find out whether a
storage volume is attached to an instance, view the storage volume information in the
web console. Click the Storage tab, scroll down to the storage volume that you want to
delete, and check the displayed details. If the storage volume that you want to delete is
attached to an instance, then you must detach it first. See Detaching a Storage Volume
from an Instance.
Also, you can’t delete a storage volume if you’ve created any snapshots or clones of
the storage volume. This feature is available only in the Dedicated Compute offering
of Oracle Compute Cloud Service. See Cloning a Storage Volume by Using Storage
Volume Snapshots.
Description
I associated a temporary IP address with my instance while creating the instance using
the Create Instance wizard. Now I want to remove the temporary IP address and use
an IP address reservation instead. How can I remove the temporary IP address from
my instance? The Remove Instance option in the web console is disabled.
Solution
You can’t remove a temporary IP address from an instance. You can only remove a
persistent IP address. If you created an instance with an autogenerated IP address or if
you changed the status of the IP address associated with an instance to temporary,
then to remove that IP address from the instance, first update it to change its status to
permanent. See Updating an IP Reservation.
Description
When I tried to delete the security application /oracle/public/snmp-trap-udp,
the following error message was displayed:
APIUnauthorizedError: User /Compute-acmecorp/acmeadmin is not permitted to perform
"secapplication.delete" on secapplication: /oracle/public/snmp-trap-udp
Solution
Oracle Compute Cloud Service has a set of predefined security applications. The
names of these security applications start with /oracle/public container. You can’t
delete these predefined security applications.
Tip:
To view a list of predefined security applications from the web console, click
the Network tab and then the Security Applications tab in the left pane. The
list of available security applications is displayed. In the search field, enter /
oracle/public, and click . A list of all the predefined security
applications is displayed.
Description
How can I delete an SSH key? There is no delete option in the web console.
Solution
You can't delete an SSH key if it’s associated with an instance. Remember, an SSH key
can be associated with multiple instances. To delete an SSH key that’s associated with
one or more instances, you must first delete all the instances that are associated with
the key.
Description
I’ve uploaded my orchestration file but I don’t see my instances. What should I do?
Solution
After uploading your orchestration, the status of your orchestration is automatically
set to Stopped. To create the resources defined in your orchestration, start your
orchestration. See Starting an Orchestration.
Can’t create an instance using a launch plan. Error: Shape does not exist
Description
When I try to create an instance using a launch plan, I get the error, "Shape does
not exist."
Solution
This error indicates that you might have entered the name of the shape incorrectly in
your launch plan. Check that your launch plan refers to one of the available shapes.
Then run the launch command again.
Can’t create an instance using a launch plan. Error: Unable to open file
Description
When I try to create an instance using a launch plan, I get the error, "Unable to
open file."
Solution
This error indicates that you might have entered the name or path to your JSON file
incorrectly. Check the filename and location of the JSON file that you want to use and
then run the launch command again.
Can’t create an instance using a launch plan. Error displayed: Data is invalid JSON
Description
When I try to create an instance using a launch plan, I get the error, "Data is
invalid JSON."
Solution
There may be an error in the JSON file that you specified with the launch command.
To identify the error in the JSON file, look at the text displayed on the console
immediately before this error message appeared. You might see a message similar to
the following:
Expecting delimiter: line 10 column 13 (char 314).
Open your JSON file in a text editor and use the information in the error message to
identify and fix the problem. You should also validate your JSON file. You can do this
by using a third-party tool, such as JSONLint, or any other validation tool of your
choice. Then run the launch command again.
Note:
Description
I created an instance using the web console and I specified an image in the Create
Instance wizard, but the instance was created using a different image.
Solution
When you create an instance using the web console, you can set up the instance to use
the image on a persistent boot disk that you’ve already created. To do this, you must
select a bootable storage volume in the Boot Volume field on the Storage page of the
Create Instance wizard. The instance is then created by using the image that you
specified while creating the bootable storage volume.
If you don’t select the bootable storage volume in the Boot Volume field, then the
instance is created using the image that you selected in the General screen of the
Create Instance wizard.
For more information, see Creating an Instance from the Instances Page.
Description
I tried to restart my instance, but it didn't come back up.
Solution
Your instance might have hung or gone into an unknown state. Delete the instance, as
described in Deleting an Instance and then create a new instance.
Networking Problems
This section lists problems that you might encounter while setting up security rules to
implement firewalls for your instances.
Description
I've created an instance but can’t connect to it using SSH.
Solution
Check for each of the following possible causes:
• To log in to an instance as a user that was created after the instance was
provisioned, you must generate an SSH key pair for the new user and copy the
public key to the ~/.ssh/authorized_keys file of the user. You must also
add the new user to the list of allowed users in the /etc/ssh/sshd_config
file on the instance. See Adding Users on an Oracle Linux Instance.
The private key that you specify must correspond to one of the public keys
associated with the instance.
4. Does the instance belong to a security list with the inbound policy set to deny?
An instance can be associated with multiple security lists. You can find out which
security lists an instance is attached to by viewing the details of the instance. See
Monitoring Instances.
You can see the policies used by each security list by viewing the details of the
security list from the web console.
If there’s a conflict between the policies of the various security lists, then the most
restrictive policy is applicable. This means that if even one of the security lists that
your instance is attached to has the inbound policy set to deny, then your instance
can’t receive traffic.
If this is the case, then create a security rule to explicitly allow traffic to a security
list that your instance is attached to.
Description
When I try to SSH to my Oracle Compute Cloud Service instance, I get a warning
message like the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d2:aa:50:d4:ff:dc:76:1d:16:95:4a:77:c4:12:87:0f.
Please contact your system administrator.
Add correct host key in /home/joe/.ssh/known_hosts to get rid of this message.
Offending key in /home/joe/.ssh/known_hosts:63
RSA host key for 11.12.13.14 has changed and you have requested strict checking.
Host key verification failed.
Solution
This error occurs when you use SSH to connect to an Oracle-provided Oracle Linux
instance that has a new RSA key fingerprint.
The RSA key fingerprint of an Oracle Compute Cloud Service instance changes when,
for example, an instance that isn’t set up to boot from a persistent disk is re-created.
When you first connected to your Oracle Compute Cloud Service instance, the original
RSA key fingerprint was stored on your local host. Subsequently, whenever you use
SSH to connect to your instance, the instance sends its current fingerprint. The SSH
client compares the received fingerprint with the locally stored fingerprint. If the
fingerprints don’t match, then this error occurs, and the ssh command fails.
Note that this warning message is returned by the OpenSSH client on an Oracle Linux
host. If you’re using a different SSH client or a different operating system, then the
error message may be different.
To solve this error, you must remove the old (and now invalid) RSA fingerprint of the
instance from the local host.
• In Linux, the RSA key fingerprints are usually stored in the /home/user/.ssh/
known_hosts file on the host from which you are trying to ssh to the instance.
Each line in this file starts with the IP address or host name of a remote host. Open
the file in a text editor, identify the line corresponding to the IP address of the
instance that you’re trying to access, and delete that line.
Caution:
Improper use of the Windows Registry Editor can cause serious problems.
Before you do this, make sure that you’re aware of the associated risks. See the
documentation accompanying the operating system of your local host.
The next time you use SSH to connect to the Oracle Compute Cloud Service instance, a
message is displayed indicating that the authenticity of the host can’t be established.
At the prompt to continue connecting, enter yes. The new fingerprint is added to the
local host, and the connection goes through.
Description
I’ve created multiple instances, but am unable to configure them to communicate with
each other.
Solution
By default, instances can communicate with each other only if they’re part of the same
security list. If your instances aren’t part of the same security list, then you can add
them to a security list, as described in Adding an Instance to a Security List.
Alternatively, if you want to keep your instances in separate security lists, then you
can define security rules that enable all instances in a specified security list to
communicate with all instances in another security list. See Managing Security Rules.
Description
I created an instance and associated a public IP address with it. I had earlier created an
instance that doesn’t have a public IP address. I tried to access the second instance
from the first instance, but ssh times out without connecting.
Solution
An instance that doesn’t have a public IP address can connect to any other instance
only over the private IP address of the destination instance. If you attempt to connect
to the public IP address of the newer instance, it will fail.
For example, let's say you created Inst1 without a public IP address. You subsequently
created Inst2 and associated a public IP address with Inst2. Now Inst1 can connect to
Inst2 using the private IP address of Inst2. However, Inst1 can’t connect to Inst2 using
the public IP address of Inst2.
To find out the public IP address or the private IP address of your instance, view the
information on the Instances page. See Listing Instances.
Description
I associated a temporary IP address with my instance while creating the instance using
the Create Instance wizard. Now I want to remove the temporary IP address and use
an IP address reservation instead. How can I remove the temporary IP address from
my instance? The Remove Instance option in the web console is disabled.
Solution
You can’t remove a temporary IP address from an instance. You can only remove a
persistent IP address. If you created an instance with an autogenerated IP address or if
you changed the status of the IP address associated with an instance to temporary,
then to remove that IP address from the instance, first update it to change its status to
permanent. See Updating an IP Reservation.
Description
When I tried to delete the security application /oracle/public/snmp-trap-udp,
the following error message was displayed:
APIUnauthorizedError: User /Compute-acmecorp/acmeadmin is not permitted to perform
"secapplication.delete" on secapplication: /oracle/public/snmp-trap-udp
Solution
Oracle Compute Cloud Service has a set of predefined security applications. The
names of these security applications start with /oracle/public container. You can’t
delete these predefined security applications.
Tip:
To view a list of predefined security applications from the web console, click
the Network tab and then the Security Applications tab in the left pane. The
list of available security applications is displayed. In the search field, enter /
oracle/public, and click . A list of all the predefined security
applications is displayed.
Description
I've created an instance but can’t connect to it using SSH.
Solution
Check for each of the following possible causes:
• To log in to an instance as a user that was created after the instance was
provisioned, you must generate an SSH key pair for the new user and copy the
public key to the ~/.ssh/authorized_keys file of the user. You must also
add the new user to the list of allowed users in the /etc/ssh/sshd_config
file on the instance. See Adding Users on an Oracle Linux Instance.
4. Does the instance belong to a security list with the inbound policy set to deny?
An instance can be associated with multiple security lists. You can find out which
security lists an instance is attached to by viewing the details of the instance. See
Monitoring Instances.
You can see the policies used by each security list by viewing the details of the
security list from the web console.
If there’s a conflict between the policies of the various security lists, then the most
restrictive policy is applicable. This means that if even one of the security lists that
your instance is attached to has the inbound policy set to deny, then your instance
can’t receive traffic.
If this is the case, then create a security rule to explicitly allow traffic to a security
list that your instance is attached to.
Description
I created a local user on an instance by using the useradd command, but I can't access
the instance over SSH as that user.
Solution
To SSH into an instance using a local user account created with useradd, you must
generate an SSH key pair for the new user and copy the SSH public key to the
appropriate path for the new user. You must also add the new user to the list of
allowed users in the /etc/ssh/sshd_config file on the instance. See Adding Users
on an Oracle Linux Instance.
Description
When I try to SSH to my Oracle Compute Cloud Service instance, I get a warning
message like the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d2:aa:50:d4:ff:dc:76:1d:16:95:4a:77:c4:12:87:0f.
Please contact your system administrator.
Add correct host key in /home/joe/.ssh/known_hosts to get rid of this message.
Offending key in /home/joe/.ssh/known_hosts:63
RSA host key for 11.12.13.14 has changed and you have requested strict checking.
Host key verification failed.
Solution
This error occurs when you use SSH to connect to an Oracle-provided Oracle Linux
instance that has a new RSA key fingerprint.
The RSA key fingerprint of an Oracle Compute Cloud Service instance changes when,
for example, an instance that isn’t set up to boot from a persistent disk is re-created.
When you first connected to your Oracle Compute Cloud Service instance, the original
RSA key fingerprint was stored on your local host. Subsequently, whenever you use
SSH to connect to your instance, the instance sends its current fingerprint. The SSH
client compares the received fingerprint with the locally stored fingerprint. If the
fingerprints don’t match, then this error occurs, and the ssh command fails.
Note that this warning message is returned by the OpenSSH client on an Oracle Linux
host. If you’re using a different SSH client or a different operating system, then the
error message may be different.
To solve this error, you must remove the old (and now invalid) RSA fingerprint of the
instance from the local host.
• In Linux, the RSA key fingerprints are usually stored in the /home/user/.ssh/
known_hosts file on the host from which you are trying to ssh to the instance.
Each line in this file starts with the IP address or host name of a remote host. Open
the file in a text editor, identify the line corresponding to the IP address of the
instance that you’re trying to access, and delete that line.
Caution:
Improper use of the Windows Registry Editor can cause serious problems.
Before you do this, make sure that you’re aware of the associated risks. See the
documentation accompanying the operating system of your local host.
The next time you use SSH to connect to the Oracle Compute Cloud Service instance, a
message is displayed indicating that the authenticity of the host can’t be established.
At the prompt to continue connecting, enter yes. The new fingerprint is added to the
local host, and the connection goes through.
Description
How can I delete an SSH key? There is no delete option in the web console.
Solution
You can't delete an SSH key if it’s associated with an instance. Remember, an SSH key
can be associated with multiple instances. To delete an SSH key that’s associated with
one or more instances, you must first delete all the instances that are associated with
the key.
Description
When I try to attach my storage volume to an instance, the following error occurs:
APIConflictError: Attachment index 1 is already in use on instance /Compute-acmecorp/
acmeadmin/dev2/6073c806-f7da-47eb-9678-6e618931b29a
Solution
The index number that you’re trying to assign to this storage volume is already used
for another storage volume. Select a different index number and try again.
Note:
The disk number that you specify here determines the device name. The disk
attached at index 1 is named /dev/xvdb, the disk at index 2 is /dev/xvdc,
the disk at index 3 is /dev/xvdd, and so on.
Description
I successfully created a storage volume by using the web console, but I can't see that
disk when I log in to my instance.
Solution
After creating a storage volume, you must attach it to your instance. Then you must
format the volume and mount it on your instance. See Attaching a Storage Volume to
an Instance and Mounting a Storage Volume on a Linux Instance.
Description
I had mounted a storage volume on my instance some time ago, but I don’t see it in
the list of devices mounted on the instance today.
Solution
In certain circumstances, storage volumes that were attached to and mounted on your
instance might need to be attached and mounted again. This happens if your instance
stopped and was re-created automatically, or if you deleted your instance and re-
created it. Consider the following:
• Did you attach the storage volume to the instance after creating the instance?
If yes, then when the instance is re-created, you must attach the storage volume
again.
Note that, though you might need to attach and mount a storage volume again after
an instance is re-created, the data stored on the storage volume isn’t lost.
Description
I've attached three storage volumes to my instance. Now I want to delete the instance.
So I started to detach the storage volumes. I detached two of the storage volumes, but
can’t detach the third one.
Solution
You can detach storage volumes that were attached to an instance after the instance
was created. You can’t detach storage volumes that were attached during instance
creation.
Description
I want to delete a storage volume that I no longer need, but the web console doesn’t
show the delete option for the storage volume.
Solution
You can't delete a storage volume if it’s attached to an instance. To find out whether a
storage volume is attached to an instance, view the storage volume information in the
web console. Click the Storage tab, scroll down to the storage volume that you want to
delete, and check the displayed details. If the storage volume that you want to delete is
attached to an instance, then you must detach it first. See Detaching a Storage Volume
from an Instance.
Also, you can’t delete a storage volume if you’ve created any snapshots or clones of
the storage volume. This feature is available only in the Dedicated Compute offering
of Oracle Compute Cloud Service. See Cloning a Storage Volume by Using Storage
Volume Snapshots.
Orchestration Problems
This section lists issues that you might encounter while using orchestrations to create
and manage objects.
Description
When I try to upload my orchestration file, I get the following error: “Unable to create
an orchestration from the JSON file.”
Solution
This error indicates that there are errors in the syntax of your orchestration JSON file.
Open the JSON file in a text editor to identify and fix the problems. You should also
validate your JSON file. You can do this by using a third-party tool, such as JSONLint,
or any other validation tool of your choice.
Note:
Description
I’ve uploaded my orchestration file but I don’t see my instances. What should I do?
Solution
After uploading your orchestration, the status of your orchestration is automatically
set to Stopped. To create the resources defined in your orchestration, start your
orchestration. See Starting an Orchestration.
Description
I’ve uploaded my orchestration, but when I start it, the following error occurs:
Specify either an ImageList or boot_order and StorageVolume.
Solution
This error indicates that your orchestration doesn’t specify either an image or a
bootable storage volume for your instance.
• To set up the instance to boot from a persistent disk, you must attach a bootable
storage volume by using the storage_attachment instance attribute, and then
specify the index number of the attached storage volume as the boot disk by using
the boot_order instance attribute.
{
"objects": [
{
"instances": [
{
"boot_order": [
1
],
"storage_attachments": [
{
"index": 1,
"volume": "/Compute-acme/joe/bootable-vol1"
}
]
}
]
}
]
}
• To set up the instance to boot from a nonpersistent disk, specify the image that you
want to use by using the imagelist attribute.
{
"objects": [
{
"instances": [
{
"imagelist": "/oracle/public/oel6"
}
]
}
]
}
Note:
Description
I created an instance using an orchestration. I specified an image in the orchestration
file, but my instance was created using a different image.
Solution
Check your orchestration file. In the instance attributes, did you specify a bootable
storage volume using the storage_attachment attribute? Did you also specify an
image in the imagelist attribute?
If you want to use a bootable storage volume to boot your instance, use the
boot_order instance attribute to specify the appropriate storage volume index
number. If you’ve not specified the appropriate index number in the boot_order
attribute, then your instance will be booted using the image you’ve specified in the
imagelist attribute.
If you want to boot your instance using a default, non-persistent storage volume,
ensure that you’ve not specified the boot_order attribute and that you’ve specified a
valid image for the instance using the imagelist attribute instead. Remember, if you
specify a valid value for both boot_order and imagelist, the imagelist attribute
is ignored and the instance is booted using the image stored on the bootable storage
volume specified by the boot_order attribute.
For more information about instance attributes, see Instance Attributes.
Description
I tried to stop an orchestration but it’s been stuck in the Stopping state for a long time
and the objects defined in that orchestration haven’t been deleted. Why did this
happen and what should I do?
Solution
An orchestration can get stuck in the Stopping state if any of the objects defined in the
orchestration are used or referenced by other objects. While stopping an orchestration,
ensure that none of the objects in that orchestration are used or referenced by any
other object.
For example, let’s say you’ve created an orchestration, seclist_orch, which defines
a set of security lists. If any security list in this orchestration is used in a security rule,
or has any running instances added to it, then that security list can’t be deleted. So the
seclist_orch orchestration can’t be stopped. In this example, you’d have to delete
any security rules that use any of the security lists in the seclist_orch
orchestration. You’d also have to detach any instances that have been added to any of
the security lists in the seclist_orch orchestration.
When you’ve cleared all existing dependencies, the orchestration that’s in the
Stopping state will automatically transition to the Stopped state.
Can’t create an instance using a launch plan. Error: Shape does not exist
Description
When I try to create an instance using a launch plan, I get the error, "Shape does
not exist."
Solution
This error indicates that you might have entered the name of the shape incorrectly in
your launch plan. Check that your launch plan refers to one of the available shapes.
Then run the launch command again.
Can’t create an instance using a launch plan. Error: Unable to open file
Description
When I try to create an instance using a launch plan, I get the error, "Unable to
open file."
Solution
This error indicates that you might have entered the name or path to your JSON file
incorrectly. Check the filename and location of the JSON file that you want to use and
then run the launch command again.
Can’t create an instance using a launch plan. Error displayed: Data is invalid JSON
Description
When I try to create an instance using a launch plan, I get the error, "Data is
invalid JSON."
Solution
There may be an error in the JSON file that you specified with the launch command.
To identify the error in the JSON file, look at the text displayed on the console
immediately before this error message appeared. You might see a message similar to
the following:
Expecting delimiter: line 10 column 13 (char 314).
Open your JSON file in a text editor and use the information in the error message to
identify and fix the problem. You should also validate your JSON file. You can do this
by using a third-party tool, such as JSONLint, or any other validation tool of your
choice. Then run the launch command again.
Note: