Slow updates recently as I was getting ready to two AWS exams. Happy to announce that I passed both the Solutions Architect Associate and the SysOps Administrator Associate!

As I’m working with Oracle Cloud Infrastructure (OCI) as well now then next stop will be to pass the OCI Solutions Architect Associate exam. I think it will have lot similarities with the AWS ones and then it should be fairly easy to catch different topics specially on the networking side.

But this post is about oci-cli!

In addition to console in OCI you can use python-based command line interface which is named as oci-cli same as in AWS you can use awscli. I thought brief introduction on it would make a good post.

What do you need to use oci-cli?

First of all you need a user in OCI who has some permissions. You can define the permissions on basis what the requirements are. It can be that user can create VM’s or access iam etc and that policy is assigned to the group the user belongs to.

After you have an existing user  you will need to create API key pair for your new user.

In the Oracle documentation they recommend to use git-bash to generate the keys:

https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#two

Once you have created the API keys remember to save your private key to safe place! You will need it soon. You will need to go to OCI console and browse to Identity – Users – User details. From there you can click the “Add Public Key” and paste your public key contents in it. If it’s successful you can then see fingerprint on the public key box.

oci_iam

Install and configure oci-cli

To install oci-cli you can follow instructions from here:

https://docs.us-phoenix-1.oraclecloud.com/Content/API/SDKDocs/cliinstall.htm

You can install it for windows or any computer with bash. Installation is quite straightforward as you will define the installation directory and bin directory for your executable. After that you are ready to use it!

In the later examples I’ve manually changed the OCID’s (Oracle Cloud ID) so if you see some discrepancy that is the reason.

Now I want to configure my oci-cli so it will have necessary information stored. For this I will run on windows the following:


oci.exe setup config

Enter a location for your config [C:\Users\simo\.oci\config]: c:\software\oracle-cli\config

Enter a user OCID: ocid1.user.oc1..3465y5bhdgdgggngndgndgndgndgn

Enter a tenancy OCID: ocid1.tenancy.oc1..4tgreeegeggrgrreg535334343

Enter a region (e.g. eu-frankfurt-1, us-ashburn-1, us-phoenix-1): eu-frankfurt-1
ac
Do you want to generate a new RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y
/n]: n

Enter the location of your private key file: c:\path\.oci\oci_api_key.pem

Enter the passphrase for your private key:

Fingerprint: b5:51:f0:ce:79:3d:f6:28:cd:f3:23:12:22:4a:c3:b1

Do you want to write your passphrase to the config file? (if not, you will need to supply it as an argument to the CLI)
[y/N]: y

Config written to c:\software\oracle-cli\config

Few things I must have when running the config – I will need my user OCID, tenancy OCID, the region I’m going to operate on and finally the location of my recently created private key.

That’s it! Now I can run commands through the oci-cli as it has necessary information in it’s config file. Let’s try.

To see list of available options and commands you can just run oci.exe. Available commands are:

audit                Audit Service
bv                     Block Volume Service
compute          Compute Service
db                     Database Service
dns                   API for managing DNS zones, records, and…
iam                   Identity and Access Management Service
lb                       Load Balancing Service
network           Networking Service
os                      Object Storage Service
setup                Setup commands for CLI

So you always need to have the necessary service first and then the subcommand for that service. For example when running the oci.exe iam:

Commands:
availability-domain                         One or more isolated, fault-tolerant Oracle…
compartment                                    A collection of related resources.
customer-secret-key                        A `CustomerSecretKey` is an Oracle-provided…
dynamic-group                                An dynamic group defines a matching rule.
group                                                 A collection of users who all need the same…
policy                                                 A document that specifies the type of access…
region                                                A localized geographic area, such as Phoenix,…
region-subscription                        An object that represents your tenancy’s…
tag                                                      A tag definition that belongs to a specific…
tag-namespace                                A managed container for defined tags.
user                                                   An individual employee or system that needs…

So to list my users I will run oci.exe iam user list. And similar to above then getting subcommands to iam user command you just run that.

To get list of my users I will also need to supply the compartment-id along the query. You can see this from Identity – Compartments. Remember compartment in OCI was collection of your resources grouped in to the compartment!


oci.exe iam user list --compartment-id ocid1.tenancy.oc1..aaaaaaa
45454ko54ko4ogplgdg090404opolf

{
"data": [
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "This is the cloud admin account",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv235",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.admin",
"time-created": "2018-02-13T08:54:49.231000+00:00"
},
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "this is the test user",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv238",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.readonly",
"time-created": "2018-02-13T10:32:52.872000+00:00"
},
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "Simo V",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv458",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "simo@mymail.com",
"time-created": "2018-02-13T08:36:06.617000+00:00"
}
],
"opc-next-page": "AAAAAAAAAAF0J19EgxQCxqtNSlWbUFrYYCgLLOIArstI-B7dqGJC7-DLBT-BcJEcKH2-rCTfS4r_c4utNr3RbYnsO2eqIXb9Yvz0
Hd9ogjMGDsLyosU7Hk1reajz7RkNwMbBYgOiXdOi2Mx7rEEiNHxTR1P7P74R78BseDqr9h90udYcTTVtKKi0X7xeJbxT-mJxkkPvzk8sFRALGKOQ00GEJbzZ
vFFEafbR1nobBXvb4oG74Z7qp_WJUIbLLCp_jK2eXoatDycsR9r598l1PGZnhTi0skEqJe6IGiyX48TQcDa2e1J4xdlRsO7i-RBq3XJz1oFU4nDLBTh8-MCK
PS40SvfkZBatlbfSKwtOWuYohMU1ke3CzFX5R06bf_gvUSbwKk19kWYRl0QfeYHeTNO5SpFEHHTqfIzKJZI-OGd48YWZKirYs7PUQKteM6gbsAmQI2PgdPSA
Vgh-NxOOmMif-Fjoz_m3iTNFRLS1SMTOsnqA2hvAFivJO7wA-zaoBTBGI83B5r7azlnFSupxhChW-2R5I8OiUijNmOYQvm8ad0HN08RKb3OUZAZSs1zyOcRq
0cW-cW6232ZnQibzUZDgq4Fr"
}

The output is by default displayed in JSON but you have option to use –output table for table-a-like output.

That’s it – now you have oci-cli working and can start working using it in addition to the console! There are lot of different possibilities on using it but this post only shows how you get it up and running.

More in the future!

 

Leave a Reply

Your email address will not be published. Required fields are marked *