Oracle Cloud Infrastructure (OCI) Getting Started Guide

Introduction

The Aviatrix Platform consists of the Aviatrix Controller, Gateways, and Aviatrix CoPilot. Gateways are launched from the Aviatrix Controller to specific VCNs. Use this guide to launch a new Aviatrix Controller from the OCI marketplace and onboard that account in Aviatrix CoPilot.

The Aviatrix Platform is a secure multicloud networking platform. Aviatrix recommends you deploy your Aviatrix Controller in clouds that offer metered pricing, then deploy your gateways in any supported cloud. Metered pricing offers you a true pay-as-you-go option without any up-front commitments or contract negotiations. The AWS and Azure clouds offer metered pricing for running the Aviatrix Controller image. The GCP and OCI clouds do not offer metered pricing for running the Aviatrix Platform image.

Subscribing to the Aviatrix License

  1. Go to Oracle Cloud Marketplace and search for Aviatrix to subscribe to the Aviatrix platform.

  2. Click Get App at the top of the App page.

  3. Select an OCI region and click Launch Image.

inst-region

  1. Choose the version and compartment and click Launch Instance.

inst-launch

On the "Create Compute Instance" page:

  1. Choose name, availability domain, and Virtual Machine as instance type.

  2. Choose an Instance Shape. The recommended shape is Standard2.2.

inst-flavor

  1. Choose the proper compartment for VCN and subnet. Optional: you could select Use network security groups to control traffic if you have one, otherwise leave it as you can create one later.

    inst_network

  2. Choose an ssh public key file.

  3. Click Create to launch the instance.

Locating your Controller ID

Controller ID is a 32-digit Universal Unique Identifier (UUID). This ID is unique per customer and used for tracking purposes.

This 32-digit UUID is available under Aviatrix CoPilot > Settings > Configuration > License tab.

Preparing Your Account in OCI

  1. Create an OCI account if you do not already have one.

  2. Set up your compartment. Although you can use default account and root compartment, it is recommended that you follow this doc to create your own user, group, and compartment with the right policy. For more details, refer to Setting Up Your Tenancy.

  3. Create a VCN that has Internet access by navigating to Networking > Virtual Cloud Networks in the OCI console. Then, click Create Virtual Cloud Network and select create virtual cloud network plus related resources.

  4. Alternatively, if you want to create a VCN with your own CIDR, select create virtual cloud network only. Continue to create a subnet and Internet gateway. Then, add a default route in the VCN default routing table to point to the newly created Internet gateway. This is to grant Internet access to the Controller inside of this VCN.

Information Needed to Onboard Your OCI Account

Onboarding helps you set up an account on the Aviatrix Platform that corresponds to an Oracle Cloud Infrastructure (OCI) account with compartment policies so that the Aviatrix Controller can launch gateways using OCI APIs.

To onboard the OCI account in your Aviatrix CoPilot account, you need the following four pieces of information:

  1. User OCID

  2. Tenancy OCID

  3. Compartment OCID

  4. API Private Key File

See the Accessing your User OCID, Accessing your Tenancy ID, and Accessing Your API Key sections below to find each piece of information in your OCI account.

Accessing Your User OCID

  1. Log in to your OCI console and open the Navigation menu in the top left > Identity > Users.

  2. Identify the IAM User who will be making the API calls and copy the User OCID.

oci_user

Accessing Your Tenancy OCID

  1. Log in to your OCI console and open the Navigation menu in the top left > Tenancy Details.

  2. Copy the Tenancy OCID.

oci_tenancy

Accessing Your Compartment OCID

  1. Log in to your OCI console and open the Navigation menu in the top left > Identity > Compartments.

  2. Choose the compartment and copy the Compartment OCID.

oci_compartment

Please note that if you have multiple compartments, choose one that has right set of policies which are required for Aviatrix to work. The best practice is to create a separate compartment for your operations and assign right policies to it.

Accessing Your API Key

If you already have an existing RSA key pair in .pem format, you can use that as well. However, please note that this key pair is not the SSH key that is used to access compute instances. Both the private key and public key must be in PEM format (not SSH-RSA format). If you do not have an existing RSA key pair, you can follow the aforementioned steps from the terminal in your laptop to generate the API key.

Generate an API Signing Key

If you’re using Windows, you’ll need to install "Git Bash for Windows" and run the following commands with that tool. Mac and Linux users can run the following commands on their terminal.

  1. Create a. oci directory to store the credentials: mkdir ~/ .oci

  2. Generate the private key without passphrase: openssl genrsa -out ~/.oci/oci_api_key.pem 2048

  3. Change the key settings, so that only you can read the file: chmod go-rwx ~/.oci/oci_api_key.pem

  4. Generate the Public Key: openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

5. Copy the contents of the public key in clipboard locally in your computer: cat ~/.oci/oci_api_key_public.pem | pbcopy.

You may have to install pbcopy, if it is not already installed on your system. Alternatively, you can also open the public key file on the terminal and copy the file from there.

Uploading the Public Key in the Console

  1. Log in to your OCI console and open the Navigation Menu in the top left > Identity > Users.

  2. Select the user who will be making the API call.

  3. Click Add Public Key.

  4. Paste the contents of the PEM public key and click Add. Once you complete this, you will see the Key’s fingerprint.

oci_api_key

For more details, please see Required Keys and OCIDs.

Onboarding your OCI Account in Aviatrix CoPilot

After using the sections above to retrieve your User OCID, Tenancy OCID, Compartment OCID, and API Private Key File from your OCI account, use these four pieces of information to add this OCI account to your Aviatrix CoPilot.

  1. Go to Aviatrix CoPilot > Cloud Account > click + Cloud Account.

  2. Enter the four pieces of information in the fields provided.

    Please note that you should upload the Private Key file in the Aviatrix controller (which is different than the one you put in the OCI console). You can find that key in the folder where you generated the key in the above steps.

  3. Select user permission groups for this account. For more information about permission groups, see the Accounts and Users document.

  4. Click Save.

Your OCI account is onboarded.

Oracle Cloud Infrastructure (OCI) Gov Account Onboarding

You need to subscribe to the Aviatrix image from OCI Marketplace in the same region and compartment used to onboard the OCI Gov account in the OCI Gov tenancy to your Aviatrix Controller.

If you have an OCI Gov tenancy, the workflow for onboarding OCI Gov accounts is identical to commercial OCI.

There are some limitations to using OCI Commercial (oc1) and OCI Gov (oc2) gateways in the same network.

  • OCI Gov and OCI Commercial have different regions, separate accounts, and separate compartments; they are completely isolated from each other. Therefore, you should treat them as two separate clouds.

  • HPE peering between OCI Commercial and OCI Gov gateways is not supported because oc2 and oc1 are two completely different environments and there is no native private connectivity between oc2 and oc1.

To create a VCN with all the dependencies, please navigate to the Useful Tools menu at the main menu on the left sidebar and select Create a VPC > +Create.

For more info, please see the Aviatrix product documentation at https://docs.aviatrix.com/.

Setting up OCI account credentials

Follow the instructions on Oracle Cloud Infrastructure Documentation.