Accessing a Roving Edge Infrastructure Device
Describes the different methods for accessing a Roving Edge Infrastructure device.
The Command Line Interface (CLI) is covered in a separate topic due to the complexity of the configuration. See Using the Command Line Interface with a Device.
Use only ASCII text for all inputs to Roving Edge Infrastructure and Roving Edge Infrastructure devices. This requirement applies to the browser-based Consoles, CLIs, and APIs.
Accessing the Oracle Cloud Infrastructure Cloud Console
You can create and manage your Roving Edge Infrastructure device-based nodes using the Oracle Cloud Infrastructure Cloud Console. Here is where you also specify the workloads that determine the provision of these devices.
You must have internet access to access the Oracle Cloud Infrastructure Cloud Console.
Accessing the Roving Edge Infrastructure Device Console
Use the browser-based Roving Edge Infrastructure Device Console to manage your workloads, perform tasks, and monitor system health. No internet access is required to access the Device Console. You can synchronize your object storage data using a connection to your home region.
The Device Console retains the look and feel of the OCI Cloud Console, and allows you to manage and control the on-box services on your device.
When you first sign in to the Device Console, you're prompted to regenerate the password. The Device Console expires after 90 days, after which you must reset it.
Securely store the Device Console password. If you lose or forget this password, you can't retrieve it and you're no longer able to access the Device Console. Don't share this password with other users who might reset the password and not communicate the change. We recommend you closely manage your Device Console passwords within your organization.
User Management
We recommend creating users and assigning them to user groups. You can then apply permissions to these user groups for better access management. See Identity and Access Management (IAM).
Device Console Sessions
You can have a maximum of three Device Console sessions per user connected to a Roving Edge Infrastructure device at a time. A session is considered a user sign-in into Roving Edge Infrastructure device from a single browser. You can have several tabs open within a specific browser, such as Chrome or Firefox, but it's still considered a single session. However, using two or more different browsers counts as separate sessions toward the maximum.
If you try to access Device Console sessions beyond this maximum limit, you receive an error. If you're at the maximum number of allowed sessions, close an existing session by logging out of the Device Console before opening a new one.
A Device Console session is automatically ended after 15 minutes of inactivity. When active, a session is automatically ended after 4 hours.
API Keys
You can set up API keys and use them to communicate with the RED using the Oracle Cloud Infrastructure command line interface (CLI). See API Signing Keys.
The following example shows how you can use the CLI to set up API keys for managing the password:
Get the credential ocid for the user
$ oci iam user oauth2-credential list --user-id
Delete the credential for the user
$ oci iam user oauth2-credential delete --user-id <> --oauth2-client-credential-id <>
Create a new credential (note the generated password from the response to login to UI, UI will ask for regenerate password on login)
$oci iam user oauth2-credential create --user-id <> --name "UI-console-oauth-credential" --description "Oauth credential for UI Console" --scopes '[{"audience":"","scope":<tenancy_id>}]'
Response:
{
"data": {
"compartment-id": "ocid1.tenancy.orei..exampleuniqueID",
"description": "Oauth credential for UI Console",
"expires-on": "2023-06-15T17:06:52.487000+00:00",
"id": "ocid1.credential.orei..exampleuniqueID",
"lifecycle-state": "ACTIVE",
"name": "UI-console-oauth-credential",
"password": "T<z0[;EzIK_MPA-Ayew5",
"scopes": [
{
"audience": "",
"scope": "ocid1.tenancy.orei..exampleuniqueID"
}
],
"time-created": "2023-06-15T17:06:52.490000+00:00",
"user-id": "ocid1.user.orei..exampleuniqueID"
},
"etag": "0fcd03d4fdbe303335f6b24fda89b2a879a1461d"
}
Certificate Requirements
Download a root CA certificate from each Roving Edge Infrastructure device and import it to your Device Console host to gain access to that device. The following sections describe this process for different operating systems.
Linux and Mac OS
Linux and Mac OS: Use the following command to download the root CA certificate from a Roving Edge Infrastructure device:
echo -n | openssl s_client -showcerts -connect ip_address:8015 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > redroot.pem
where ip_address
is the IP address of the Roving Edge Infrastructure device.
To access the Device Console with a host name, use one or both the following methods:
First, obtain the SSL certificate device name by using the following command with the redroot.pem
file downloaded:
openssl x509 -in redroot.pem -text -noout | grep DNS
-
If the output of the above command is prefixed with
*
, it indicates a wildcard certificate. Prefix the value with the subdomain of your choice and add the host name and IP address to the hosts file on your local system. -
If the output has multiple DNS values, use any of the comma-separated values and add the host name and IP address to the hosts file on your local system.
If you are using a Mac OS system on a Safari or Chrome browser, use the MacOS Keychain.
Open the Finder and look for the redroot.pem
file. Double-click the file
and install the certificate.
If you are using a Mac OS or Linux system on a Firefox browser, go to Firefox Settings (or Preferences) > Privacy & Security > View Certificates > Authorities tab > Import and select the redroot.pem
file. If a pop-up appears about trust settings, check both boxes regarding ability to identify websites and identify mail users.
If you are using a Linux system on a Chrome browser, go to Chrome Settings (or Preferences) > Security and Privacy > Security> Manage certificates > Authorities tab > Import > Browse and choose the redroot.pem
file in the location where you created it. Next, click Open and select the Trust this certificate for identifying websites option. The certificate appears in the list of certificate authorities.
Now you can securely access the Device Console with your browser.
Windows
As a prerequisite, download and use the pre-built openssl binaries from the following sites:
Next, obtain the Roving Edge Infrastructure device's Root CA and Intermediate CA using SSL by running the following command:
execute command - openssl.exe s_client -connect device_ip_address:8015 -showcerts
For example:
D:\temp\openssl-3.0.0-win64-mingw\bin>openssl.exe s_client -connect 10.145.140.57:8015 -showcerts
CONNECTED(00000130)
Can't use SSL_get_servername
depth=2 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-root-CA
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-root-CA
verify return:1
depth=1 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-intermediate-CA
verify return:1
depth=0 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1
verify return:1
Obtain the certificate by pointing your browser at the Roving Edge Infrastructure device and clicking the NET-ERR_CERT_AUTHORITY_INVALID error message that appears.
The root CA certificate is the last (or third) certificate in the chain shown by Edge and
Chrome browsers, or the middle (or second) certificate in Firefox browsers. Copy and paste
the root CA certificate from the browser to Notepad and save the file with the filename
redroot.cer
. The certificate starts with a line containing: BEGIN
CERTIFICATE
and end with the line containing: END
CERTIFICATE
If you are using an Edge and Chrome browser, add the certificate to the trust store by
opening the File Explorer and double-clicking the redroot.cer
file.
Install the certificate. Place all certificates in the Trusted Root Certificate Authorities
folder.
If you are using a Firefox browser, import the redroot.cer
file into
Firefox. Go to Firefox Settings > Privacy & Security > View Certificates > Authorities
tab > Import, and choose the redroot.cer
file. If a pop-up appears about
trust settings, check both boxes regarding ability to identify websites and identify mail
users.
Now you can securely access the Device Console with your browser.
Command Line Interface
The Oracle Cloud Infrastructure Command Line Interface (CLI) provides a set of commands for configuring and running Roving Edge Infrastructure tasks. Use the CLI as an alternative to running commands from the Device Console. Sometimes you must use the CLI to complete certain tasks where no Device Console equivalent is available.
Use the CLI to perform Roving Edge Infrastructure service tasks within the Oracle Cloud Infrastructure cloud. These tasks can include requesting nodes, and running tasks directly on device nodes. Install the CLI separately on each device. CLIs installed on devices run locally within your environment and don't require internet access.
See Using the Command Line Interface for information on how to install, set up, and use CLIs with Roving Edge Infrastructure.
API
Roving Edge Infrastructure provides REST APIs for most of its supported features and functionality. API Reference and Endpoints provides endpoint details and links to the available API reference documents. For general information about using the API, see REST APIs in the Oracle Cloud Infrastructure documentation.