Install OCI-CLI in 5 minutes
I recently had a weekly digest from the Medium website and noticed a blog post talking about configuring OCI in 5 minutes. The funny thing is that you had to pay a subscription to read about what Oracle documented for free. I don’t know how Search Engine Optimization (SEO) works but I thought I would use the same title in case people wanted to get access to a comparable tutorial for free. And since my next articles will depend on OCI-CLI, I might a well do it for me.
Context: This is the first article in a series of 4.
They are aimed to prepare learners for quick hands-on experiences on OCI.
- Install and configure oci-cli.
- Launch an instance using oci-cli.
- Launch a VCN and an Instance using Terraform.
- Launch an instance using oci ansible modules.
Requirement
I have done the installation on windows 10 but the basic install will always require 3 elements:
I. OCI CLI Installation
PS C:\Users\BrokDB> Set-ExecutionPolicy RemoteSigned
PS C:\Users\BrokDB> powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.ps1'))"
[root]# bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"
On Linux, the install script will install python 3.5 for you. However, it won’t be the case for Mac OS as you’d have to install a compatible python version before installing oci-cli.
- Common prompts: You might be asked to confirm an upgrade if there is an existing version
as well as whether you want to update the PATH environment variable.
II. Configure CLI
Once your free account is created and Git Bash installed proceed with the below CLI Setup tasks:
- Gather Tenancy OCID
Go to the profile icon on the top right of the console page and click on Tenancy.
> Click copy under the tenancy information’s OCID field. Save in your notepad.
- Gather Compartment OCID
Go to Menu -> Identity -> Compartments and hover on the ocid column to see the little info bubble and copy the ocid.
Save it in your notepad.
- Gather User OCID
Go to Menu -> Identity> Users and select the User with your email as a handle.
brokedba@ MINGW64> cd ~/.oci
$ openssl genrsa -out .oci/oci_api_key.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
Public pem key
$ openssl rsa -pubout -in .oci/oci_api_key.pem -out .oci/oci_api_key_public.pem
Fingerprint
$ openssl rsa -in .oci/oci_api_key.pem -pubout -outform DER | openssl md5 -c | awk -F= '{gsub(" ","",$2);print $2}' > .oci/oci_api_key_fingerprint
- Add the API Key public key to your oci user
Copy the content of the public key and add an API key in the oci Console.
$ cat oci_api_key_public.pem | pbcopy
Sign in in to the Cloud Console and Go to Menu -> Identity -> Users -> API Keys -> Add Public Key
> Copy the content of the pem public key and click Add.
$ oci -v
2.10.0
$ oci setup config
Enter a location for your config [/c/Users/brokedba/.oci/config]: Enter a user OCID: # paste your User OCID Enter a tenancy OCID: # paste your tenancy OCID Enter a region : # choose the one defined in your tennacy (Webconsole)
Do you want to generate a new API Signing RSA key pair?
[Y/n]: n
Enter the location of your API Signing private key file: /c/Users/brokedba/.oci/oci_api_key.pem
Fingerprint: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Config written to /c/Users/brokedba/.oci/config
Important: Avoid folder Names that have spaces, Python hates it. Just keep the default directory “C:\Users\MyUser”.
Below is the final content of the config file needed upon each API request:
$ cat /c/Users/brokedba/.oci/config
[DEFAULT]
user=ocid1.user.oc1..aaaaaaaayd2yf6ru5xxxxxxxxxx fingerprint=bf:3b:2e:48:a2:98:xx:xx:xx:xx:xx:xx:xx key_file=C:\Users\brokedba\.oci\oci_api_key.pem tenancy=ocid1.tenancy.oc1..aaaaaaxxxx region=ca-toronto-1
III.Test your first API request
What you can do if it’s just a free tier account and you want to practice real quick with oci-cli is to:
- Create environment variables that store all your tenancy, user and Compartment ocids so your commands would be shorter (can be in a file that you’d source).
export T="ocid1.tenancy.oc1.xxxx"
export U="ocid1.user.oc1..xxx"
export C="ocid1.tenancy.oc1..xxx"
- Create a collection of shortcuts and command abbreviations that can be used with default profile:
$ oci setup oci-cli-rc
# adds parameters such as command aliases and predefined queries
- Remove the warning about encryption Key permissions since it’s a windows environment (no chmod):
$ export OCI_CLI_SUPPRESS_FILE_PERMISSIONS_WARNING=True
Now go and run your first list request to get the default availability domain in your tenancy:
$ oci iam availability-domain list
{ "data": [
{ "compartment-id": "ocid1.tenancy.oc1..axxxxx",
"id": "ocid1.availabilitydomain.oc1..aaaaaaaawshktv3wktr5rplplpshn5vsugutbhi",
"name": "BahF:CA-TORONTO-1-AD-1"
}
]
}
If you don’t like the Json output you can always go for a table layout:
oci iam availability-domain list --output table
+-----------------------------+------------------+------------------------+
| compartment-id | id | name |
+-----------------------------+------------------+------------------------+
| ocid1.tenancy.oc1..aaaa5g4a | ocid1.availabili | BahF:CA-TORONTO-1-AD-1 |
+-----------------------------+------------------+------------------------+
Conclusion:
I think I said 5 minutes which was a bit optimistic but you got the idea ;), and that’s what you’ll remember. Feel free to consult the OCI CLI Command Reference for more request examples.
More from this Author
Intro First, before anyone starts sending me print screens about their successful AutoUpgrade, or flexing about how their 100+ databases were smoothly migrated to PDBs over the weekend, I am stopping you right there. This is my honest feedback on the experience I had when trying the tool on a windows environment. It is obviously not... Read More
Intro I have been asked to read about Oracle database fleet management at work but the turnoff was that it relied entirely on OEM. Aggregating both functionalities makes provisioning, in my opinion, cumbersome and unattractive for shops that only want to manage the fleet. Luckily for me, I got acquainted with an even better framework that’s dedicated... Read More