Oracle Cloud Infrastructure Documentation

Self-Provision the Roving Edge Device

The latest Roving Edge devices ship from the factory with only a small installer OS in eligible realms. To enhance security and flexibility in assigning devices to different projects, the installer OS enables you to self-provision the device at your location instead of Oracle provisioning the device. As part of the installation process, you self-provision the device. Self-provisioning involves configuring device network settings, connecting to your OCI tenancy, setting up device credentials, and installing the full Roving Edge software.

To self-provision a device, perform the following tasks:

If you encounter problems, see Troubleshooting: Self-Provisioning

Prerequisites

The following tasks must be completed before you can self-provision the device:

Determine If the Device Needs to be Self-Provisioned

Some devices are provisioned at the factory by Oracle and other devices are self-provisioned on-site by you.

Look at the serial console main menu.

  • If you see the following menu heading, follow the instructions in this section to self-provision the device. See Prepare to Self-Provision the Device,

    Roving Edge Basic Configuration Interface
Number selects a menu item, Enter accepts the selection, Ctrl+Z refreshes the menu, Ctrl+C returns to main menu, Backspace deletes a character.

1) Configure Networking
2) Set Up OCI Connectivity
3) Set Up Credentials
4) Install Roving Edge
5) Advanced Operations
 
Select option (1-5):

  • If you see the following menu heading, the device was provisioned at a secure Oracle facility. Go to Configure Network Parameters for a Factory Provisioned Device.

    Roving Edge Device
   -----------------------
1) Unlock Device
2) Change Passphrase
3) Configure Networking
4) Show Status
5) Show System Diagnostics
6) Shutdown Device
7) Reboot Device
8) Enter Safe-Mode
9) Exit Safe-Mode
10) Shred Key
11) Recover Key
12) Reset Device
13) Advanced Menu
14) Cluster Health
15) Node Health
16) Diagnostics
17) Help

Prepare to Self-Provision the Device

  1. Have your device Activation code. The code is a unique character string. Oracle provides you with the activation code when you request a device. If you don't have it, check with the person who requested the device. Example activation code:

    ABCD-EFGH-7YFH-5IFP-7P6V-TSDW-G4DL-IQWZ-C6IO-OBGQ-SGY2-UQMX-2YMN-QOH3-JDPA-T7TD-2QE4-Q5FR-1234-56

  2. Sign in to the OCI tenancy where the new device node was created, and get the following information:

    • Node OCID – Copy the OCID for the node associated with this device:

      While signed in to the tenancy, in the navigation menu, select Hybrid. Under Roving Edge Infrastructure, click Nodes. Click the node that was created for this device. Click the OCID copy button. Paste the OCID where you can retrieve it later.

      Example: ocid1.rovernode.<realm>.<region>.<unique-id>

  3. Establish a temporary OCI CLI session in the terminal emulator on your controlling host:

    For more information, see Token-based Authentication for the CLI.

    Note

    The session expires after 24 hours. If self-provisioning takes longer than that, you must establish a new session.

    1. Generate a session token by creating a temporary session that's used to authenticate with OCI during self-provisioning:

      oci session authenticate

    2. Display the configuration file that was created for the temporary session.

      You refer to this output in a subsequent task called Set Up Connectivity to OCI. Example:

      cat ~/.oci/config
[profile]
fingerprint = 1a:2b:3c:4d:5e:6f:7g:8h:9i:0k:e7:07:fa:b0:34:56
key_file = /Users/user1/.oci/sessions/profile/oci_api_key.pem
tenancy = ocid1.tenancy.oc1..unique-id
region = us-phoenix-1
security_token_file = /Users/user1/.oci/sessions/profile/token

What's Next?

Configure Device Networking

Configure Device Networking

This task configures the device network settings to enable access to the public network.

When working with the serial console menus, enter the menu number for the menu option.

  1. From the local computer that's displaying the serial console Basic Configuration Interface menu, select Configure Networking.

  2. Use the menu options to configure the device network parameters according to your network environment. Configure these parameters:

    • IP address: Enter an IP address using one of the these formats:

      A.B.C.D/P or A.B.C.D/M (P - prefix length or M - netmask). Example: 203.0.113.2/24

    • Gateway: Enter the gateway IP address. Example: 203.0.113.1

    • DNS servers: Enter DNS servers IP addresses, as A.B.C.D, separated by comma. Example: 216.146.35.35, 216.146.36.36

    • (Optional, but recommended) NTP servers: Enter NTP server IP addresses separated by a comma. Example: 203.0.113.15, 203.0.113.16, 203.0.113.17

    • (Optional) Proxy URL: Enter the Proxy URL. Example: https://<hostname>:<port> (Oracle Dynamics DNS)

  3. Select Test network connectivity to OCI. The device makes an HTTP call to oracle.com to verify public network access and name resolution.

  4. Select Check OCI server clock and device clock. The device fetches the OCI server clock and compares it with the device clock.

    Authentication fails if the client's clock is skewed more than 5 minutes from the server's clock. For more information, see Maximum Allowed Client Clock Skew. If the device clock is skewed more than 5 minutes from the server clock, reenter the NTP servers to update and sync the time. Then run the clock check again.

What's Next?

Set Up Connectivity to OCI

Set Up Connectivity to OCI

This task registers the device with OCI. Registration links the device with the corresponding device order in the OCI Cloud Console.

  1. In the serial console, type Ctrl+C to return to the Basic Configuration Interface (main menu).
  2. Select Set Up OCI Connectivity.
  3. Select Region: Enter the region listed in the config file output. Examples: us-ashburn-1, uk-london-1, us-phoenix-1
  4. Select Node OCID: Enter the OCID from Prepare to Self-Provision the Device, Step 2.

  5. Select Session token: Enter the contents of the security_token_file that's listed in the config file output.

    Only select the session token output. Omit any % symbols and any characters after the % symbol. In the following example, % user1 OC1_CUSTOMER $ isn't copied and entered.

    $ cat token 
abcdefghijklmnopqrstuvwxyzeyJraWQiOiJhc3dfaWFkXzE3MTU2NDgwNzIzNzciLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJvY2lkMS51c2VyLm9jMS4uYWFh
.
.
.
IjETGPAyLLife-sOZU0qRaWodAcTdV3CewWJZDRnD4yyZy5oz7qlJ6c1SQaMLZXVQvN3G-jQERQ9xVFJIM1HZB8Tbmx4hcEAIlC6V0SDef8dLBWat0I-MLwuIZX
hia04-YzxddQ12345677890% user1 OC1_CUSTOMER $

  6. Select Session private key: Enter the contents of the key_file that's listed in the config file output.

    Only copy the lines starting with BEGIN PRIVATE KEY and ending with END PRIVATE KEY. Omit any other characters. In the following example, OCI_API_KEY% user1 OC1_CUSTOMER $ $ isn't copied and entered.

    $ cat oci_api_key.pem 
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD7EqlbJj7l1DD0
.
.
.
QEuLAD1TE6M312345677890==
-----END PRIVATE KEY-----
OCI_API_KEY% user1 OC1_CUSTOMER $

    After you paste the key, press Return twice to exit input mode.

  7. Select Activation code: Enter the activation code that was provided to you by the sales representative.

  8. Select Register device to OCI.

    The device serial number is registered to the OCI node in your tenancy, Complete Device Registration runs automatically, and the following output is displayed: 

    Complete Device Registration succeeded.
Go to the main menu (Ctrl+C), and select:
3) Set Up Credentials

Press any key to continue

    If this step fails, try it again by running Complete Device Registration.

What's Next?

Set Up Credentials

Set Up Credentials

This task creates a passphrase, password, and recovery key. Descriptions of each credential are provided in the following steps.

Important

Store the passphrase, password, and recovery key in a secure place such as OCI Vault. If you forget the unlock passphrase and the recovery key, Oracle can't help you recover the device, and the device must be replaced.

  1. In the serial console, type Ctrl+C to return to the Basic Configuration Interface (main menu).

  2. Select Set Up Credentials.

  3. Select Device Unlock Passphrase, then enter a passphrase.

    After the device is self-provisioned, the master key passphrase is used to unlock the device. Until the device is unlocked, the device has limited functionality.

  4. Select Web Console UI Password (root user), then enter a password.

    The password is used to access the Roving Edge Web UI console which is used to manage resources on the device.

  5. Select Recovery Key, then copy the recovery key to a secure place. This is the only time the recovery key is displayed.

    The recovery key might be needed later if you forget the master key passphrase, or if the master key is shredded because of multiple failed sign-in attempts.

  6. After the key is saved, press Return.

  7. Choose to either hide or unhide the credentials by selecting the appropriate menu option.

What's Next?

Download and Install Software

Download and Install Software

The device is shipped with a small installer OS. In this task, you download and install the complete Roving Edge software.

The software file size is about 25 GB. We recommend that you use a high-speed network for this task.

Important

Don't interrupt the download or installation processes.
  1. In the serial console, type Ctrl+C to return to the Basic Configuration Interface (main menu).

  2. Select Download installation files.

    Wait for the download to complete.

  3. Select Start installation.

    The installation completes within 10 minutes, then the device reboots. The reboot can take another 10 minutes. When the reboot is finished, the following Roving Edge Device menu is displayed.

    Roving Edge Device
   -----------------------
1) Unlock Device
2) Change Passphrase
3) Configure Networking
4) Show Status
5) Show System Diagnostics
6) Shutdown Device
7) Reboot Device
8) Enter Safe-Mode
9) Exit Safe-Mode
10) Shred Key
11) Recover Key
12) Reset Device
13) Advanced Menu
14) Cluster Health
15) Node Health
16) Diagnostics
17) Help

    All future access to the serial console requires the device unlock passphrase.

    If the installation fails, the interface displays a BASE64 encoded string which contains a compressed archived with the logs. For example:

    BASE64 encoded output for the logs archive follows:
============
<BASE64_string>
============

    Copy and save the BASE64 output (text in between === lines) to a file. Then send the file to Oracle Support. See Collecting Self-Provisioning Logs. You can also restart the installation.

What's Next?

Unlock the Device