Setting up a Linux Instance in OCI
This chapter describes how to set up a basic Linux instance in OCI.
Contents
As this description shows the basic setup of a Linux instance in OCI, it does not list specific prerequisites. However, depending on the use case, the following prerequisites should be considered: Please note: This section only shows a very basic example. Please refer to the Oracle Cloud documentation for more detailed information. To start the creation of a new cloud instance, perform the following steps: Step 1: log in to your Oracle Cloud environment. Step 2: go to the instance list in the compute section and click on Create Instance. This opens the Create Compute Instance window. Step 3: on the first part of Create Compute Instance window, name your instance and select the correct image for it. If installing a prepackaged marketplace Charon image, this image must be used. If you plan to install Charon using RPM packages, use a Linux version supported for your Charon product version. To select the correct image, select Change Image. This will allow you to browse the different available categories for the image from which to launch your instance. The image below shows an example of the image selection screen: Optionally, change the compartment. Select the correct image and confirm your selection by clicking on Select Image at the bottom of the page. This will take you back to the Create Compute Instance window. Step 4: in the middle part of the Create Compute Instance window, select the appropriate shape (i.e., the virtual Charon host hardware), the subnet membership of the instance and whether to assign a public IP address. If required, you can also create a new virtual cloud network or a new subnet here. To select an appropriate shape conforming to the hardware requirements of the emulated SPARC system, click on Change Shape. This will open a window where you can select the correct system type. For flexible shapes you will have to configure the required number of OCPUs. Select the appropriate shape and confirm your selection by clicking on Select Shape at the bottom of the page. This will take you back to the Create Compute Instance window. Step 5: near the bottom of the Create Compute Instance window create a new SSH key-pair or upload the public SSH key of an existing key-pair that you will use to access your instance. If you create a new key-pair, you must download the private key and store it in a save place for later use. Optionally, you can also download the public key. Please note: if your management system supports it, for RHEL 9.x, Rocky Linux 9.x, and Oracle Linux 9.x use SSH key types ECDSA or ED25519. This will allow connecting to these Charon host Linux systems using an SSH tunnel without the default crypto-policy settings on the Charon host having to be changed for less secure settings. This is, for example, important for the Charon-SSP Manager. See also: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening. Step 6: optionally define non-default parameters (including the size) for the boot volume. The boot volume section allows you to configure the boot volume of your instance with additional non-default parameters. For example, you can configure disk encryption parameters and a non-default system disk size (recommended minimum system disk size: 30GB). Step 7: support an IMDSv2 authorization header for applications relying on the IMDS service to improve security. For this, open the additional options by clicking on Show Advanced Options at the bottom of the instance creation page, select the Management tab, and activate the authorization header, as shown below: For Charon-SSP marketplace images, this is supported starting with Charon-SSP marketplace images version 4.2.2 and VE license server 1.0.33. On existing instances, this parameter can be changed, by editing the instance metadata service settings for the instance (go to Instance Details and click on Edit in the line Instance Metadata Service). Step 8: Additional configuration for AutoVE setup. If the instance is launched from a Charon AL marketplace image and is planned to use AutoVE licensing (instead of the public license servers), you must add the corresponding information to the instance configuration before the first launch of the instance: For OCI, you have to enter a cloud-init script at instance configuration in the Advanced Options section. The following image shows an example: Valid User Data configuration options: where Please note: at least one license server must be configured at initial launch to enable AutoVE mode. Otherwise, the instance will bind to one of the public license servers operated by Stromasys. Step 9: The networking type selection may be required to allow offloading parameters to be disabled on an Ethernet interface dedicated to the emulator. For the Charon emulators, offloading parameters on the Ethernet interfaces it uses must be disabled. This is required for proper functionality and good performance of the emulator. To allow this configuration to be correctly reflected in the underlying cloud instance NICs for Charon-SSP versions before 4.1.32, the correct networking type (HARDWARE ASSISTED (SR-IOV) NETWORKING) must be chosen for the instance. For other emulator products, this is required if a dedicated interface is used by the emulator and there are problems with disabling offloading parameters. For this, open the additional options section by clicking on Show Advanced Options at the bottom of the network configuration section as shown below: On this tab select HARDWARE ASSISTED (SR-IOV) NETWORKING (after creation, the instance will display the NIC Attachment Type Step 10: Click on Create at the bottom of the page to create your instance. Step 11: verify your instance is running. Your instance should now be visible in the list of compute instances.General Prerequisites
OCI New Instance Launch
Only change the configuration to IMDSv2 if the image you launched the instance from supports it. Otherwise, you may not be able to connect to your instance. Please note: at the time of writing, the official CentOS 7 image on OCI did not support the new feature. If you create an instance to be used as a host for a manual VE license server or Charon VE installation, verify the capabilities of the image used before you enable the new IMDSv2 feature.
primary_server=<ip-address>[:<port>]
backup_server=<ip-address>[:<port>]
Initial Access to the Instance
Once you have access to the instance, you can create the access you require for your applications. This section just shows the basic steps for initial access to the instance.
SSH Interactive Access
To connect to the instance interactively, you must connect as the management user of your instance. Use the following command:
$ ssh -o ServerAliveInterval=30 -i
<path-to-your-private-key>
<management-user-name>
@
<cloudhost-IP-address>
The parameter ServerAliveInterval
will protect the connection from timing out.
Please note:
- Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
- The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
- The management user account normally allows sudo access to privileged commands (use sudo -i).
- If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for interactive login is the user sshuser.
File Transfer with SFTP
SFTP enables file transfers to and from the cloud instance. Use the management user of your instance. The security rules must allow SSH access to allow SFTP access to the cloud instance.
Please note: Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
To connect to the instance, use the following command:
$ sftp -i
<path-to-your-private-key>
<management-user-name>
@
<cloudhost-IP-address>
Please note:
- Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
- The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
- If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for file transfer is the user charon.
- If the user charon is used to transfer files, the home directory for the file transfer will be /charon/storage.
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.