Part 1: Cloning Boot Volumes Between Two Tenancies in Oracle Cloud Infrastructure (OCI)

Author: Jason Beattie

Overview

Cloning a boot volume between two tenancies in OCI requires careful setup and planning. This blog outlines the prerequisites, policies, and steps to successfully clone a boot volume from a source tenancy to a target tenancy in the same region.

Prerequisites

Both tenancies must be in the same region.
Admin access to both tenancies is required.

In this example, the source tenancy is the existing environment, and the target tenancy is the new one. The region used here is London.

Steps to Clone a Boot Volume

Step 1: Define Policies

Policies are required in both tenancies to allow cross-tenancy operations.

In the Source Tenancy (Acceptor):

Define tenancy Requestor as OCIDOFTARGETTENANCY

Define group ADMINGROUPNAME (This is the group name in the target tenancy) as OCIDOFTARGETTENANCYGROUP

Admit group ADMINGROUPNAME (This is the group name in the target tenancy) of tenancy Requestor to manage remote-peering-to in compartment NAMEOFCOMPARTMENTINSOURCETENANCY

Admit group ADMINGROUPNAME (This is the group name in the target tenancy) of tenancy Requestor to use volumes in tenancy where ANY { request.operation='CreateVolume', request.operation='GetVolume', request.operation='CreateBootVolume', request.operation='GetBootVolume' }

Example:

Define tenancy Requestor as ocid1.tenancy.oc1..aaaaaaaaj2nao32ppy6ff6po3oudmikf5ook5xfybil4q4obexxxxxxxxxxxx

Define group targetAdministrators as ocid1.group.oc1..aaaaaaaa3xzhkdthgxteelq5eeipnhb3u2rzrpsrodrv72fexxxxxxxxxxxx

Admit group targetAdministrators of tenancy Requestor to manage remote-peering-to in compartment source-compartment

Admit group targetAdministrators of tenancy Requestor to use volumes in tenancy where ANY { request.operation='CreateVolume', request.operation='GetVolume', request.operation='CreateBootVolume', request.operation='GetBootVolume' }

In the Target Tenancy (Requestor):

Define tenancy Acceptor as OCIDOFSOURCETENANCY

Allow group targetAdministrators to manage remote-peering-from in compartment NAMEOFCOMPARTMENTINTARGETTENANCY

Endorse group targetAdministrators to manage remote-peering-to in tenancy Acceptor

Endorse group targetAdministrators to use volumes in tenancy Acceptor where ANY {request.operation='CreateVolume',request.operation='GetVolume',request.operation='CreateBootVolume', request.operation='GetBootVolume' }

Example:

Define tenancy Acceptor as ocid1.tenancy.oc1..aaaaaaaakb2xnvvzrdb7yjxfnj5lnyuu6w5dj4tuxxxxxxxxxxxxxxxxxxxxxx

Allow group Administrators to manage remote-peering-from in compartment testcomp

Endorse group Administrators to manage remote-peering-to in tenancy Acceptor

Endorse group Administrators to use volumes in tenancy Acceptor where ANY {request.operation='CreateVolume',request.operation='GetVolume',request.operation='CreateBootVolume', request.operation='GetBootVolume' }

Step 2: Set Up Remote Peering Connections (RPC)

In the Source Tenancy, create an RPC called Acceptor.
In the Target Tenancy, create an RPC called Requestor.
Establish the connection between the two RPCs.

Step 3: Configure Routing and Security Rules

Add route rules in both tenancies to point to the VCN CIDR of the other tenancy.
Update security rules to allow necessary communication.

Step 4: Configure OCI CLI Profile

Create an OCI CLI profile for the target tenancy:

[cross_tenancy_user_profile]

user=ocid1.user.oc1..aaaaaaaahgyrrkyoqn5bt4amtmkhdxxxxxv2xizrjsa6xxxxxxxx

fingerprint=47:36:df:5f:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

tenancy=ocid1.tenancy.oc1..aaaaaaaaj2nao32ppy6ff6po3oudxxxxxxxxxxxxxxxxxxxxxxxxxxxx

region=uk-london-1

key_file=/pathtofile

Test the profile to ensure it’s working.

Step 5: Clone the Boot Volume

Run the following OCI CLI command:

oci bv boot-volume create \ --profile=cross_tenancy_user_profile \ --region=uk-london-1 \ --source-boot-volume-id=OCID_OF_SOURCE_BOOT_VOLUME \ --display-name=boot-volume-clone \ --compartment-id=OCID_OF_TARGET_COMPARTMENT

Parameters:

--source-boot-volume-id: OCID of the source boot volume.
--display-name: Name for the cloned boot volume in the target tenancy.
--compartment-id: OCID of the compartment in the target tenancy.

Conclusion

You have successfully cloned a boot volume from the source tenancy to the target tenancy in the London region. The same process can be followed for additional boot volumes.

In the next blog, we will explore how to carry out the same steps for block volumes. Stay tuned to learn how you can seamlessly clone block volumes across tenancies to further optimize your Oracle Cloud Infrastructure environment