Slow updates recently as I was getting ready to two AWS exams. Happy to announce that I passed both the Solutions Architect Associate and the SysOps Administrator Associate!
As I’m working with Oracle Cloud Infrastructure (OCI) as well now then next stop will be to pass the OCI Solutions Architect Associate exam. I think it will have lot similarities with the AWS ones and then it should be fairly easy to catch different topics specially on the networking side.
But this post is about oci-cli!
In addition to console in OCI you can use python-based command line interface which is named as oci-cli same as in AWS you can use awscli. I thought brief introduction on it would make a good post.
First of all you need a user in OCI who has some permissions. You can define the permissions on basis what the requirements are. It can be that user can create VM’s or access iam etc and that policy is assigned to the group the user belongs to.
After you have an existing user you will need to create API key pair for your new user.
In the Oracle documentation they recommend to use git-bash to generate the keys:
https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#two
Once you have created the API keys remember to save your private key to safe place! You will need it soon. You will need to go to OCI console and browse to Identity – Users – User details. From there you can click the “Add Public Key” and paste your public key contents in it. If it’s successful you can then see fingerprint on the public key box.
To install oci-cli you can follow instructions from here:
https://docs.us-phoenix-1.oraclecloud.com/Content/API/SDKDocs/cliinstall.htm
You can install it for windows or any computer with bash. Installation is quite straightforward as you will define the installation directory and bin directory for your executable. After that you are ready to use it!
In the later examples I’ve manually changed the OCID’s (Oracle Cloud ID) so if you see some discrepancy that is the reason.
Now I want to configure my oci-cli so it will have necessary information stored. For this I will run on windows the following:
oci.exe setup config Enter a location for your config [C:\Users\simo\.oci\config]: c:\software\oracle-cli\config Enter a user OCID: ocid1.user.oc1..3465y5bhdgdgggngndgndgndgndgn Enter a tenancy OCID: ocid1.tenancy.oc1..4tgreeegeggrgrreg535334343 Enter a region (e.g. eu-frankfurt-1, us-ashburn-1, us-phoenix-1): eu-frankfurt-1 ac Do you want to generate a new RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y /n]: n Enter the location of your private key file: c:\path\.oci\oci_api_key.pem Enter the passphrase for your private key: Fingerprint: b5:51:f0:ce:79:3d:f6:28:cd:f3:23:12:22:4a:c3:b1 Do you want to write your passphrase to the config file? (if not, you will need to supply it as an argument to the CLI) [y/N]: y Config written to c:\software\oracle-cli\config
Few things I must have when running the config – I will need my user OCID, tenancy OCID, the region I’m going to operate on and finally the location of my recently created private key.
That’s it! Now I can run commands through the oci-cli as it has necessary information in it’s config file. Let’s try.
To see list of available options and commands you can just run oci.exe. Available commands are:
audit Audit Service
bv Block Volume Service
compute Compute Service
db Database Service
dns API for managing DNS zones, records, and…
iam Identity and Access Management Service
lb Load Balancing Service
network Networking Service
os Object Storage Service
setup Setup commands for CLI
So you always need to have the necessary service first and then the subcommand for that service. For example when running the oci.exe iam:
Commands:
availability-domain One or more isolated, fault-tolerant Oracle…
compartment A collection of related resources.
customer-secret-key A `CustomerSecretKey` is an Oracle-provided…
dynamic-group An dynamic group defines a matching rule.
group A collection of users who all need the same…
policy A document that specifies the type of access…
region A localized geographic area, such as Phoenix,…
region-subscription An object that represents your tenancy’s…
tag A tag definition that belongs to a specific…
tag-namespace A managed container for defined tags.
user An individual employee or system that needs…
So to list my users I will run oci.exe iam user list. And similar to above then getting subcommands to iam user command you just run that.
To get list of my users I will also need to supply the compartment-id along the query. You can see this from Identity – Compartments. Remember compartment in OCI was collection of your resources grouped in to the compartment!
oci.exe iam user list --compartment-id ocid1.tenancy.oc1..aaaaaaa
45454ko54ko4ogplgdg090404opolf
{
"data": [
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "This is the cloud admin account",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv235",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.admin",
"time-created": "2018-02-13T08:54:49.231000+00:00"
},
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "this is the test user",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv238",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.readonly",
"time-created": "2018-02-13T10:32:52.872000+00:00"
},
{
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "Simo V",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv458",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "simo@mymail.com",
"time-created": "2018-02-13T08:36:06.617000+00:00"
}
],
"opc-next-page": "AAAAAAAAAAF0J19EgxQCxqtNSlWbUFrYYCgLLOIArstI-B7dqGJC7-DLBT-BcJEcKH2-rCTfS4r_c4utNr3RbYnsO2eqIXb9Yvz0
Hd9ogjMGDsLyosU7Hk1reajz7RkNwMbBYgOiXdOi2Mx7rEEiNHxTR1P7P74R78BseDqr9h90udYcTTVtKKi0X7xeJbxT-mJxkkPvzk8sFRALGKOQ00GEJbzZ
vFFEafbR1nobBXvb4oG74Z7qp_WJUIbLLCp_jK2eXoatDycsR9r598l1PGZnhTi0skEqJe6IGiyX48TQcDa2e1J4xdlRsO7i-RBq3XJz1oFU4nDLBTh8-MCK
PS40SvfkZBatlbfSKwtOWuYohMU1ke3CzFX5R06bf_gvUSbwKk19kWYRl0QfeYHeTNO5SpFEHHTqfIzKJZI-OGd48YWZKirYs7PUQKteM6gbsAmQI2PgdPSA
Vgh-NxOOmMif-Fjoz_m3iTNFRLS1SMTOsnqA2hvAFivJO7wA-zaoBTBGI83B5r7azlnFSupxhChW-2R5I8OiUijNmOYQvm8ad0HN08RKb3OUZAZSs1zyOcRq
0cW-cW6232ZnQibzUZDgq4Fr"
}
The output is by default displayed in JSON but you have option to use –output table for table-a-like output.
That’s it – now you have oci-cli working and can start working using it in addition to the console! There are lot of different possibilities on using it but this post only shows how you get it up and running.
More in the future!
Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…
I bet few years back folks didn't expect that by 2024 we would be able…
This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…
Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…
View Comments
Hi ,
I have few questions on oci cli tool, can you please provide some guidance.
1. Is it possible to execute multiple oci cli command for single tenancy.
2. Is it possible to delete the objects of multiple tenancies with single command in oci cli.
Can you please help me here.
Thank you,
Sharath Natram
Hi Sharath,
I don't think you can execute multiple commands with oci-cli unless you put them in a shell script. Same also applies to second question since you need to define the tenancy so unless you script it in a shell script you can't do it in my opinion.
Hi Simo,
How are you doing :) Need your suggestion
How can we perform different tasks like deleting object storage, compute instances vcns from different tenancies through OCI CLI?
Can we have multiple profiles in a single config file and we can connect to tenancies individually to perform different activities.
For example, I will connect to one tenancy and delete object storage and parallelly connect to other tenancy to delete or create a compute instance.
How can we
Please help and provide some guidance :)
Thank you
Sharath Natram
Hi Simo,
How are you doing :)
I have one another question and I will be grateful if you share some guidance.
Question:
=======
Using the Shell script I am able to run few OCI CLI commands as shown below.
$ cat sharath.sh
clear
echo "1.List Users"
read ch
case $ch in
1)command oci iam compartment list ;;
esac
echo "Do u want to continue ?"
read i
if [ $i != "Y" ]
then
exit
fi
done
But I want to delete the objects inside Object storage of multiple tenancies.
Can you please share some guidelines on how it can be achieved.
Have a good day :)
Thank you,
Sharath Natram
Is there any example on how to query compute instances from different compartments NOT starting at root. or ALL, and query for the nested definedTags.namespace and the list of definedTags.keys/definitions ? Like below? I am new to oci trying to get inventory in a hurry.
"defined-tags": {
"Namespace": {
"definedTag.key_1: "definedTag.value_1",
"definedTag.key_2: "definedTag.value_2",
"definedTag.key_3: "definedTag.value_3",
"definedTag.key_4: "definedTag.value_4",
"definedTag.key_5: "definedTag.value_5",
"definedTag.key_6: "definedTag.value_6",
"definedTag.key_7: "definedTag.value_7",
"definedTag.key_8: "definedTag.value_8",
"definedTag.key_9: "definedTag.value_9",
}
in my script I want to print it out like this:
definedTag.key_1 definedTag.key_2 definedTag.key_3 definedTag.key_4
"definedTag.value_1" "definedTag.value_2" "definedTag.value_3" "definedTag.value_4"
Env Customer Location
Prod Acme Anywhere