Oracle Cloud Infrastructure Documentation

Recovering an Instance

 

The Oracle Cloud Infrastructure Compute service gives you the capability to boot an instance into recovery mode, which enables you to troubleshoot issues preventing access to an instance.

You can use this feature to recover instances impacted by the OPC user account expiration issue where the default security configuration for the Oracle Linux 6.9 and 7.4 images released between December 18, 2017 and April 5, 2018 required that credential rotation occur within 90 days or access to the instance was denied.

 

Warning

While using recovery mode, the serial console connection grants root access to the instance and access to all attached boot volumes and VNICs.

 

Recovery Image

The recovery image is an Oracle Linux 7.4 environment that enables troubleshooting and fixing common issues that prevent access to an instance. When you reboot into the recovery image, Oracle Cloud Infrastructure performs the following steps to recover your instance:

When you select the Reboot to Recovery Image option, you can choose whether you want Oracle Cloud Infrastructure to perform the steps to recover your instance in automated mode, or you can choose to perform the actions yourself in interactive mode.

Automated Mode

With automated mode, Oracle Cloud Infrastructure performs the actions to recover your instance for you. To use this mode, check the Fix OPC Account Expiration checkbox in the Reboot confirmation dialog when rebooting to the recovery image. When this option is checked, Oracle Cloud Infrastructure performs the following steps to recover your instance:

  1. Temporarily configures the instance to boot into the recovery image and reboots the instance.

  2. Runs a script to resolve the OPC user account's expiration, and logs all actions performed to the boot volume in the log file /instance_recovery.log.

  3. Reboots the instance.

With automated mode, you do not need to perform any additional actions.

Interactive Mode

With this option, the only action performed by Oracle Cloud Infrastructure is to temporarily configure the instance to boot into the recovery image and reboot the instance. You then need to connect to the instance using the serial console and perform the steps to recover your instance.

Use this mode for the following scenarios:

  • You want to perform the recovery steps for the OPC user account's expiration issue yourself.

  • You have a user other than OPC that needs to be recovered.

  • You need access to your boot volume for other instance recovery scenarios.

Using the Console

Note

Performing the steps described here modifies data on the boot volume attached to the instance.

  1. Open the Console, click Compute, and then choose your compartment.

  2. In the list of instances, find the instance you want to reboot.

  3. Click the highlighted name of the instance to display the instance details.

  4. Click Reboot.

  5. In the confirmation dialog, select Reboot to Recovery Image.

  6. Check Fix OPC Account Expiration and then click OK.

    Check Fix OPC Account Expiration for automated mode. Leave this option unchecked for interactive mode.

Next Steps Automated Mode

If the you are using automated mode, you do not need to perform any additional actions. You can connect to the serial console to monitor the progress. The recovery process should take approximately twenty minutes. During this process the instance will reboot twice. After the second reboot, your instance will start normally.

Next Steps Interactive Mode

  1. Create a serial console connection for the instance, see Creating the Instance Console Connection.

  2. Connect to the instance using the serial console, see Connecting to the Serial Console.

  3. The recovery image boots into single-user mode and waits for input at a shell prompt. From the prompt you can execute the steps to recover your instance.

    • To recover the OPC user account, run the following command:

      fix_account_expiry.sh opc
    • To recover another user account, replace opc with the username.

  4. Once you have finished performing the recovery steps, reboot the instance. You can reboot the instance from the serial console, the Console, or the API.

Required IAM Policy

To use the recovery image, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: Here is an example policy that grants the InstanceRecoverers group the necessary permissions to use the recovery image:

Allow group InstanceRecoverers to manage instance-family in tenancy
Allow group InstanceRecoverers to use subnets in tenancy
Allow group InstanceRecoverers to use vnics in tenancy
Allow group InstanceRecoverers to read instance-images in tenancy

It gives the specified group access to to do everything with instances launched into any cloud network and subnet in the tenancy, such as attach/detach any existing volumes, attach/detach any existing VNIC, and read any instance images.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.