Accessing a Roving Edge Infrastructure Device

Describes the different methods for accessing a Roving Edge Infrastructure device.

The Command Line Interface (CLI) is covered in a separate topic due to the complexity of the configuration. See Using the Command Line Interface with a Device.

Note

Use only ASCII text for all inputs to Roving Edge Infrastructure and Roving Edge Infrastructure devices. This requirement applies to the browser-based Consoles, CLIs, and APIs.

Accessing the Oracle Cloud Infrastructure Cloud Console

You can create and manage your Roving Edge Infrastructure device-based nodes using the Oracle Cloud Infrastructure Cloud Console. Here is where you also specify the workloads that determine the provision of these devices.

Note

You must have internet access to access the Oracle Cloud Infrastructure Cloud Console.

Accessing the Roving Edge Infrastructure Device Console

Use the browser-based Roving Edge Infrastructure Device Console to manage your workloads, perform tasks, and monitor your system health. No internet access is required to access the Device Console. You can synchronize your object storage data using a connection to your home region.

The Device Console retains the look and feel of the Oracle Cloud Infrastructure Cloud Console, and allows you to manage and control the on-box services on your RED.

When you first log into the Device Console, you are prompted to regenerate their password. The Device Console expires after 90 days, after which you must reset it.

Note

Securely store the Device Console password. If you lose this password, you cannot subsequently retrieve it and you are no longer able to access the Device Console. Avoid of sharing this password with other users who might reset the password and not communicate the change. Oracle recommends you closely manage your Device Console passwords within your organization.

Oracle recommends creating users and assigning them to user groups. You can then apply permissions to these user groups for better access management. See Identity and Access Management (IAM).

User Management

When you first sign in to the Device Console, you're prompted to regenerate their password. The Device Console expires after 90 days, after which you must reset it.

Note

Securely store the Device Console password. If you lose this password, you can't later retrieve it and you're no longer able to access the Device Console. Avoid of sharing this password with other users who might reset the password and not communicate the change. We recommend you closely manage the Device Console passwords within your organization.

We recommend creating users and assigning them to user groups. You can then apply permissions to these user groups for better access management. See Identity and Access Management (IAM).

Device Console Sessions

You can have a maximum of three Device Console sessions per user connected to a Roving Edge Infrastructure device at a time. A session is considered a user sign-in into Roving Edge Infrastructure device from a single browser. You can have several tabs open within a specific browser, such as Chrome or Firefox, but it's still considered a single session. However, using two or more different browsers counts as separate sessions toward the maximum.

If you try to access Device Console sessions beyond this maximum limit, you receive an error. If you're at the maximum number of allowed sessions, close an existing session by logging out of the Device Console before opening a new one. A Device Console session is automatically ended after 15 minutes of inactivity.

API Keys

You can set up API keys and use them to communicate with the RED using the Oracle Cloud Infrastructure command line interface (CLI). See API Signing Keys.

The following example shows how you can use the CLI to set up API keys for managing the password:

Get the credential ocid for the user
$ oci iam user oauth2-credential list --user-id 

Delete the credential for the user
$ oci iam user oauth2-credential delete --user-id <> --oauth2-client-credential-id <>

Create a new credential (note the generated password from the response to login to UI, UI will ask for regenerate password on login)
$oci iam user oauth2-credential create --user-id <> --name "UI-console-oauth-credential" --description "Oauth credential for UI Console" --scopes '[{"audience":"","scope":<tenancy_id>}]'
 
Response:
{
  "data": {
    "compartment-id": "ocid1.tenancy.orei..exampleuniqueID",
    "description": "Oauth credential for UI Console",
    "expires-on": "2023-06-15T17:06:52.487000+00:00",
    "id": "ocid1.credential.orei..exampleuniqueID",
    "lifecycle-state": "ACTIVE",
    "name": "UI-console-oauth-credential",
    "password": "T<z0[;EzIK_MPA-Ayew5",
    "scopes": [
      {
        "audience": "",
        "scope": "ocid1.tenancy.orei..exampleuniqueID"
      }
    ],
    "time-created": "2023-06-15T17:06:52.490000+00:00",
    "user-id": "ocid1.user.orei..exampleuniqueID"
  },
  "etag": "0fcd03d4fdbe303335f6b24fda89b2a879a1461d"
}

Certificate Requirements

Download a root CA certificate from each Roving Edge Infrastructure device and import it to your Device Console host to gain access to that device. The following sections describe this process for different operating systems.

Linux and Mac OS

Linux and Mac OS: Use the following command to download the root CA certificate from a Roving Edge Infrastructure device:

echo -n | openssl s_client -showcerts -connect ip_address:8015 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > redroot.pem

where ip_address is the IP address of the Roving Edge Infrastructure device.

To access the Device Console with a host name, use one or both the following methods:

First, obtain the SSL certificate device name by using the following command with the redroot.pem file downloaded:

openssl x509 -in redroot.pem -text -noout | grep DNS

  • If the output of the above command is prefixed with *, it indicates a wildcard certificate. Prefix the value with the subdomain of your choice and add the host name and IP address to the hosts file on your local system.

  • If the output has multiple DNS values, use any of the comma-separated values and add the host name and IP address to the hosts file on your local system.

If you are using a Mac OS system on a Safari or Chrome browser, use the MacOS Keychain. Open the Finder and look for the redroot.pem file. Double-click the file and install the certificate.

If you are using a Mac OS or Linux system on a Firefox browser, go to Firefox Settings (or Preferences) > Privacy & Security > View Certificates > Authorities tab > Import and select the redroot.pem file. If a pop-up appears about trust settings, check both boxes regarding ability to identify websites and identify mail users.

If you are using a Linux system on a Chrome browser, go to Chrome Settings (or Preferences) > Security and Privacy > Security> Manage certificates > Authorities tab > Import > Browse and choose the redroot.pem file in the location where you created it. Next, click Open and select the Trust this certificate for identifying websites option. The certificate appears in the list of certificate authorities.

Now you can securely access the Device Console with your browser.

Windows

As a prerequisite, download and use the pre-built openssl binaries from the following sites:

Next, obtain the Roving Edge Infrastructure device's Root CA and Intermediate CA using SSL by running the following command:

execute command - openssl.exe s_client -connect device_ip_address:8015 -showcerts 

For example:

D:\temp\openssl-3.0.0-win64-mingw\bin>openssl.exe s_client -connect 10.145.140.57:8015 -showcerts
CONNECTED(00000130)
Can't use SSL_get_servername
depth=2 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-root-CA
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-root-CA
verify return:1
depth=1 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1-intermediate-CA
verify return:1
depth=0 C = US, ST = CA, O = Oracle Corporation, OU = Oracle Roving Edge Infra, CN = lab-17-red-1
verify return:1

Obtain the certificate by pointing your browser at the Roving Edge Infrastructure device and clicking the NET-ERR_CERT_AUTHORITY_INVALID error message that appears.

The root CA certificate is the last (or third) certificate in the chain shown by Edge and Chrome browsers, or the middle (or second) certificate in Firefox browsers. Copy and paste the root CA certificate from the browser to Notepad and save the file with the filename redroot.cer. The certificate starts with a line containing: BEGIN CERTIFICATE and end with the line containing: END CERTIFICATE

If you are using an Edge and Chrome browser, add the certificate to the trust store by opening the File Explorer and double-clicking the redroot.cer file. Install the certificate. Place all certificates in the Trusted Root Certificate Authorities folder.

If you are using a Firefox browser, import the redroot.cer file into Firefox. Go to Firefox Settings > Privacy & Security > View Certificates > Authorities tab > Import, and choose the redroot.cer file. If a pop-up appears about trust settings, check both boxes regarding ability to identify websites and identify mail users.

Now you can securely access the Device Console with your browser.

Command Line Interface

The Oracle Cloud Infrastructure Command Line Interface (CLI) provides a set of command line-based tools for configuring and running Roving Edge Infrastructure tasks. Use the CLI as an alternative to running commands from the Device Console. Sometimes you must use the CLI to complete certain tasks where no Device Console equivalent is available.

Use CLIs to perform Roving Edge Infrastructure service tasks within the Oracle Cloud Infrastructure cloud. These tasks can include requesting nodes, and running tasks directly on device nodes. Install the CLI separately on each device. CLIs installed on devices run locally within your environment and don't require internet access.

See Using the Command Line Interface for information on how to install, set up, and use CLIs with Roving Edge Infrastructure.

API

Roving Edge Infrastructure provides REST APIs for most of its supported features and functionality. API Reference and Endpoints provides endpoint details and links to the available API reference documents. For general information about using the API, see REST APIs in the Oracle Cloud Infrastructure documentation.