Confirm - Instance ------------------------- | Check that the instance is connected to FastConnect and can be accessed by Fugaku and HPCI. Create Instance ^^^^^^^^^^^^^^^^^^^^^^^^^ | Below is an example of how to create an instance. | This is an instance that can be accessed from the Fugaku login node using the Private IP address. (1) Select "Instance" for the Menue .. image:: ../img/OracleCloud-INS-01.png :scale: 30% (2) Select "Compartment Name(Ex: RequestorComp) .. image:: ../img/OracleCloud-INS-02.png :scale: 30% (3) Select "Create Instance" | Note: You must register your SSH public key. .. image:: ../img/OracleCloud-INS-03.png :scale: 30% (4) Wait for the completion of the provisioning and confirm that the Private IP address is set .. image:: ../img/OracleCloud-INS-04.png :scale: 30% Access check of Instance ^^^^^^^^^^^^^^^^^^^^^^^^^ (1) Login for Fugaku Login Node | If you want to log in to the instance via SSH, please use SSH forwarding such as "ssh -A". (2) SSH Login for Instance :: $ ssh 172.30.XX.XX Create and check access to instants using OCI commands ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | The OCI commands provided by Oracle Cloud Infrastructer allow you to create and access instances and Object Storage buckets with commands. | The OCI command can be easily installed locally using the curl command. | This section describes how to install the OCI command and how to create, access and delete instances with the OCI command. (1) Login for Fugaku Login Node or R-CCS Login Node * Fugaku Login nodes * login.fugaku.r-ccs.riken.jp * login1.fugaku.riken.jp * login2.fugaku.riken.jp * login3.fugaku.riken.jp * login4.fugaku.riken.jp * login5.fugaku.riken.jp * login6.fugaku.riken.jp * csgw.fugaku.r-ccs.riken.jp * csgw1.fugaku.riken.jp * csgw2.fugaku.riken.jp | By using csgw.fugaku.r-ccs.riken.jp, one of the above Fugaku login nodes, you can transfer data between Fugaku Storage and the Cloud without any restrictions on the transfer. | In addition, csgw.fugaku.r-ccs.riken.jp also has the client environment of Shared Storage installed. This makes it possible to transfer data between Shared Storage, Fugaku Storege and OCI respectively. :: $ ssh csgw.fugaku.r-ccs.riken.jp | Shared storage users can also use the R-CCS Shared Storage Login Node. | As of March 09, 2021, the following shared storage login nodes are available. * hpciss04.r-ccs.riken.jp (General Login Node) * hpciss05.r-ccs.riken.jp (General Login Node) * hpciss06.r-ccs.riken.jp (General Login Node) * das.r-ccs.riken.jp (Gfarm clients with large memory and GPGPU) | You can login to the login node by using GSI-SSH. | You can also login with SSH public key authentication by applying for a local account and SSH public key login. | Please refer to the following for the application procedure. | https://www.hpci-office.jp/info/pages/viewpage.action?pageId=201525760 | The following computation nodes are connected to das.r-ccs.riken.jp (Gfarm clients with large memory and GPGPU). | These can be used by any shared storage user. | In particular, das{01..04} is equipped with an NVIDIA T100 GPU, which can be used for visualization and computation. | Each compute node also has a shared storage client installed, which allows you to use shared storage directly from the compute node. | (Of course, the OCI client can be installed for fast data transfer to the OCI). * Compute Node * das01.r-ccs.riken.jp * das02.r-ccs.riken.jp * das03.r-ccs.riken.jp * das04.r-ccs.riken.jp * hpciss02.r-ccs.riken.jp * hpciss03.r-ccs.riken.jp (2) Install OCI Command | The OCI command can be installed locally by executing the following | On the shared storage login node, the installation will take a little longer due to pip and package installation. | The installation will take some time. | The installation adds a setting to the shell configuration file to pass the PATH for the OCI command. | For this reason, you should run "exec -l $SHELL" to reload the shell configuration file after the installation, as described in the execution results. :: $ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 17208 100 17208 0 0 102k 0 --:--:-- --:--:-- --:--:-- 103k ****************************************************************************** You have started the OCI CLI Installer in interactive mode. If you do not wish to run this in interactive mode, please include the --accept-all-defaults option. If you have the script locally and would like to know more about input options for this script, then you can run: ./install.sh -h If you would like to know more about input options for this script, refer to: https://github.com/oracle/oci-cli/blob/master/scripts/install/README.rst ****************************************************************************** Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v2.14.4/scripts/install/install.py to /tmp/oci_cli_install_tmp_B5uW. ######################################################################## 100.0% -- ** Run `exec -l $SHELL` to restart your shell. ** -- -- Installation successful. -- Run the CLI with /home//bin/oci --help $ $ exec -l $SHELL $ (3) Configuration OCI Command | You can create a configuration file for the OCI command with the following command | Please login to the WebUI to get the OCID of the user or tenant. :: $ oci setup config Enter a location for your config [/home//.oci/config]: - Specify the path to the config file. If you do not enter anything, ~/.oci/config will be created. Enter a user OCID: ocid1.user.oc1.... - Please enter the OCID of your own OCI user account, you will need to obtain this by logging into the WebUI. Enter a tenancy OCID: ocid1.tenancy.oc1..aaaaaaaalycfhttkn5rxeu44yxkrmmhwfsj3siqyxjvld336inu5grvy7kka - Please provide the OCID of your tenant, you will need to obtain this by logging into the WebUI. Enter a region by index or name(e.g. 1: ap-chiyoda-1, 2: ap-chuncheon-1, 3: ap-hyderabad-1, 4: ap-melbourne-1, 5: ap-mumbai-1, 6: ap-osaka-1, 7: ap-seoul-1, 8: ap-sydney-1, 9: ap-tokyo-1, 10: ca-montreal-1, 26: us-gov-phoenix-1, 27: us-langley-1, 28: us-luke-1, 29: us-phoenix-1, 30: us-sanjose-1): 9 - Specify the region; if you are using FastConnect, specify the Tokyo region (ap-tokyo-1). Do you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: Y - Automatically generate an RSA key for tenant access. In this case we have specified "Y" to create it. Enter a directory for your keys to be created [/home//.oci]: - Enter a directory for your keys to be created[/home//.oci] Enter a name for your key [oci_api_key]: - Enter the directory path where you want to store your RSA keys. If you do not enter anything, ~/.oci/config will be selected. Public key written to: /home//.oci/oci_api_key_public.pem - Enter the name of your RSA key. In this example, the default (no entry) is oci_api_key. Enter a passphrase for your private key (empty for no passphrase): Repeat for confirmation: - Please enter the password for your RSA key. Private key written to: /home//.oci/oci_api_key.pem Fingerprint: a0:02:18:ad:5d:a5:67:40:b5:1a:a0:85:b0:b6:fd:60 Do you want to write your passphrase to the config file? (if not, you will need to supply it as an argument to the CLI) [y/N]: y - If you specify "y", the passphrase of the RSA key will be included in the configuration file. * Please note that the configuration file will contain the password in plain text. Config written to /home//.oci/config | The setup config will create a configuration file that looks like this. :: $ cat .oci/config [DEFAULT] user=ocid1.user.oc1.. fingerprint=a0:02:18:ad:XX:XX:XX:XX:XX:XX:XX:85:b0:b6:fd:60 key_file=/home//.oci/oci_api_key.pem tenancy=ocid1.tenancy.oc1.. region=ap-tokyo-1 pass_phrase= | You can also create a configuration file such as oci_cli_rc in .oci/config. | This file contains the OCID of the compartment to be used as an option for the oci command, and can be omitted when executing the | This can be omitted at command execution time. | Here is an example of setting the OCID of a compartment :: $ vim .oci/oci_cli_rc [DEFAULT] compartment-id=ocid1.compartment.oc1...... | Once the configuration is complete, you will need to link the key file(OCI API Key) you have created to the user via the WebUI. | The public key for the OCI API Key has been created below if you have created it with the default path. :: $ cat ~/.oci/oci_api_key_public.pem | Set to your OCI API Key for access with OCI commands. | Please login to WebUI and select User -> Your account. | In this example, the user name is OracleCloudFastConnectUser. Please replace it as appropriat .. image:: ../img/OracleCloud-OCID-USER01.png :scale: 30% .. image:: ../img/OracleCloud-OCID-USER02.png :scale: 30% | Select "API Key" .. image:: ../img/OracleCloud-APIKEYSETUP-01.png :scale: 30% | Please add the OCI API Public Key (oci_api_key_public.pem) that you created from Add Public Key. You can also add it by copy and paste. .. image:: ../img/OracleCloud-APIKEYSETUP-02.png :scale: 30% .. image:: ../img/OracleCloud-APIKEYSETUP-03.png :scale: 30% | Once you have completed the configuration and linking process, please run the following command to check that you can retrieve your user information. | In the field, enter your OCI user name. :: $ oci iam user list --name { "data": [ { "capabilities": { "can-use-api-keys": true, "can-use-auth-tokens": true, "can-use-console-password": true, "can-use-customer-secret-keys": true, "can-use-o-auth2-client-credentials": true, "can-use-smtp-credentials": true }, "compartment-id": "ocid1.tenancy.oc1...... "defined-tags": { "Oracle-Tags": { "CreatedBy": "ocid1.saml2idp.oc1..... "CreatedOn": "2020-02-12T01:16:43.685Z" } }, "description": "" "email": "XXXX@riken.jp", "email-verified": true, "external-identifier": null, "freeform-tags": {}, "id": "ocid1.user.oc1....... "identity-provider-id": null, "inactive-status": null, "is-mfa-activated": false, "last-successful-login-time": "2021-03-16T00:07:01.567000+00:00", "lifecycle-state": "ACTIVE", "name": "", "previous-successful-login-time": null, "time-created": "2020-02-12T01:16:43.808000+00:00" } ] } $ (4) Create Instance and login with OCI Command | Get the OCID of the compartment with OCI Command. | Please get the OCID of the compartment connected to FastConnect. | If you have included the OCID of the compartment in the configuration file, you can skip this step. :: $ oci iam compartment list { "data": [ { "compartment-id": "ocid1.tenancy.oc1..... }, { "compartment-id": "ocid1.tenancy.oc1..... "defined-tags": { }, "description": "" "freeform-tags": {}, "id": "ocid1.compartment.oc1.... <- Compartment OCID "name": "", <- Compartment Name }, | The following example uses the OCI command to create an instance in the compartment. | The first step is to get a list of available images(OS). :: $ oci compute image list -c { "agent-features": null, "base-image-id": null, "compartment-id": null, "create-image-allowed": true, "defined-tags": {}, "display-name": "Oracle-Linux-8.3-2020.12.17-0", "freeform-tags": {}, "id": "ocid1.image.oc1.ap-tokyo-1.aaaaaaaakpfqgimyvpzw6xbdvtqd2cp7sxianqx5azyaqfsmjxdjy6pudloq", "launch-mode": "NATIVE", "launch-options": { "boot-volume-type": "PARAVIRTUALIZED", "firmware": "UEFI_64", "is-consistent-volume-naming-enabled": true, "is-pv-encryption-in-transit-enabled": true, "network-type": "PARAVIRTUALIZED", "remote-data-volume-type": "PARAVIRTUALIZED" }, "lifecycle-state": "AVAILABLE", "operating-system": "Oracle Linux", "operating-system-version": "8", "size-in-mbs": 47694, "time-created": "2020-12-20T20:29:22.687000+00:00" }, | Next, you will get a list of available shapes (virtual machines and bare metal). | If you don't see the shape you want, you can request the shape you want to use from Oracle via the WebUI. :: $ oci compute shape list -c { "gpu-description": null, "gpus": 0, "local-disk-description": null, "local-disks": 0, "local-disks-total-size-in-gbs": null, "max-vnic-attachment-options": null, "max-vnic-attachments": 2, "memory-in-gbs": 15.0, "memory-options": null, "networking-bandwidth-in-gbps": 1.0, "networking-bandwidth-options": null, "ocpu-options": null, "ocpus": 1.0, "processor-description": "2.0 GHz Intel...", "shape": "VM.Standard2.1" }, | Get the subnet-id and availability name needed to create the instance. :: $ oci network subnet list -c { "data": [ { "cidr-block": "172.30.1.0/26", <- CIDR Block "compartment-id": "ocid1.compartment.oc1.... }, "display-name": "OracleCloudFastConnectServiceSubnet", <- Subnet "id": "ocid1.subnet.oc1.ap-tokyo-1..... <- OCID } ] } $ oci iam availability-domain list { "data": [ { "compartment-id": "ocid1.tenancy.oc1.... "id": "ocid1.availabilitydomain.oc1. ..... "name": "jbxI:AP-TOKYO-1-AD-1" } ] } | Create an instantiation based on the information retrieved. Once the instance has been successfully created, you will get the following information about the created instance :: $ ssh-keygen $ oci compute instance launch \ --availability-domain "" \ -c \ --shape "" \ --display-name "" \ --image-id \ --ssh-authorized-keys-file ~/.ssh/id_rsa.pub \ --subnet-id { "data": { "agent-config": { "are-all-plugins-disabled": false, "is-management-disabled": false, "is-monitoring-disabled": false, "plugins-config": null }, "availability-config": { "recovery-action": "RESTORE_INSTANCE" }, "availability-domain": "jbxI:AP-TOKYO-1-AD-1", "display-name": "test_instance", "extended-metadata": {}, "freeform-tags": {}, "id": "ocid1.instance.oc1.ap-tokyo-1....." "image-id": "ocid1.image.oc1.ap-tokyo-1.aaaaaaaakpfqgimyvpzw6xbdvtqd2cp7sxianqx5azyaqfsmjxdjy6pudloq", "instance-options": { "are-legacy-imds-endpoints-disabled": false }, (6) Access for instance | Please get the OCID of your created instance. :: $ oci compute instance list -c "display-name": "test_instance", "extended-metadata": {}, "freeform-tags": {}, "id": "ocid1.instance.oc1.ap-tokyo-1.,,,,," <- OCID of Instance "image-id": "ocid1.image.oc1.ap-tokyo-1.aaaaaaaakpfqgimyvpzw6xbdvtqd2cp7sxianqx5azyaqfsmjxdjy6pudloq", "instance-options": { "are-legacy-imds-endpoints-disabled": false }, | You can get the startup status of an instance with instance get. | Please specify the instance id as an option. | If lifecycle-state is "RUNNING", then the instance is running. :: $ oci compute instance get --instance-id ocid1.instance.oc1.ap-tokyo-1..., 2>/dev/null | grep life "lifecycle-state": "RUNNING", | The next step is to get an IP address for the connection. | In the example below, 172.30.1.4 has been assigned. :: $ oci compute instance list-vnics --instance-id ocid1.instance.oc1.ap-tokyo-1.... 2>/dev/null | grep ip "private-ip": "172.30.1.4", "public-ip": null, "skip-source-dest-check": false, | Try to login using ssh command. The default user is "opc". :: $ ssh -i ~/.ssh/key opc@172.30.1.4 (7) Delete to instance with OCI Command | You can use "instance terminate" command to remove a tenant you have created. :: $ oci compute instance terminate --instance-id ocid1.instance.oc1.ap-tokyo-1....