Salesforce, Python, SQL, & other ways to put your data where you need it

Need event music? 🎸

Live and recorded jazz, pop, and meditative music for your virtual conference / Zoom wedding / yoga class / private party with quality sound and a smooth technical experience

Oracle Cloud CLI

01 Jul 2022 🔖 devops
💬 EN

Table of Contents

OCI CLI

https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#InstallingCLI__verifying_the_cli_install

oci setup config

Standard place to let it put a config file is ~/.oci/config.

It prompted me for my user OCID, which I was able to figure out how to get from https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#Other

Then it prompted me for my tenancy OCID, which https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five told me how to get.

Then it suggested I pick a region from a list, and I picked the one I’d set during account setup as my home region, just for simplicity.

Then it asked me if I wanted to generate a new “API Signing RSA key pair,” and I said yes and let it store them in ~/.oci/ and call it oci_api_key. Yes, I gave it a passphrase. Oops, I regret that, because I used one that’s actually a secret, so I couldn’t save it to the config file, so now I have to type this terrible password every single oci command I run.

Let’s try this again:

oci setup config

OK cool yay I got to start over. No passphrase, it’s just a trial account w/o any of my money attached.

Then I uploaded the public key it generated into the web console https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#How2

Then it told me to put some stuff it generated into my ~/.oci/config file, so I did.

OK, this command looks useful:

oci session validate

Nope, darnit:

ERROR: No security_token_file was found in config for profile: DEFAULT

OK let’s try this:

oci session authenticate

It prompts me for a region – again, I guess I’ll choose my usual.

OCI in WSL figured out how to open my web browser, although a Windows Security Alert popped up and asked me if I wanted to let WSL Ubuntu’s version of Python through the firewall. I just kind of dragged it aside for now, clicking neither Allow access nor Cancel.

OK, the oci CLI asked me to nickname this “profile” – guess I’ll call it myprof or something.

It suggested I try this command:

oci iam region list --config-file /home/my_linux_username/.oci/config --profile myprof --auth security_token

OK, that did some output. How about this one now?

oci session validate

OK that still didn’t work but this did:

oci session validate --profile myprof --auth security_token

As did this:

oci session validate --profile myprof

All right, I think I’m going to hit Cancel on that Windows Defender Firewall popup.

OK here we go, here’s a command that satisfies me I’ve got Linux talking to Oracle Cloud – I get a nice JSON object w/ stuff about myself in it from this command:

oci iam user list --profile myprof --auth security_token

All done!


Pulumi

Pulumi.yaml

name: oci-project
runtime: yaml
description: Trying to do OCI with YAML

Pulumi.oci-stack.yaml

config:
  oci:configFileProfile: myprof
  oci:region: us-ashburn-1

Initial create attempts

pulumi up

OK, that creates an empty stack

It looks like maybe putting things into OCI “compartments” is going to be important, so I ran this and noted the id property’s value of my one and only compartment so far, which came with my Oracle Cloud setup:

oci iam compartment list --profile myprof --auth security_token

Eh, I’m just gonna see what happens if I try to create an OCI bucket w/o it having a “namespace” or “compartment” … OK, nevermind, pulumi up says I can’t do that.

Then I thought I’d figured out a good Main.yaml, but another pulumi up ran for 2 minutes then errored out as follows:

        * 409-BucketAlreadyExists, Either the bucket 'my-bucket' in namespace 'id12345678' already exists or you are not authorized to create it
    Suggestion: The resource is in a conflicted state. Please retry again or contact support for help with service: Object Storage Bucket
    Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/object_storage_bucket
    Request Target: POST https://objectstorage.us-ashburn-1.oraclecloud.com/n/id12345678/b
    Provider version: 4.72.0, released on 2022-04-21. This provider is 10 Update(s) behind to current.
    Service: Object Storage Bucket
    Operation Name: CreateBucket
    OPC request ID: (censored-for-blog)

  pulumi:pulumi:Stack (oci-project-oci-stack):
    INFO 2022/07/01 12:10:27.527414 Time elapsed for retry: 0s;  Expected retry duration: 2m0s
    INFO 2022/07/01 12:10:29.453963 Time elapsed for retry: 2s;  Expected retry duration: 2m0s
    INFO 2022/07/01 12:10:30.655111 Time elapsed for retry: 3s;  Expected retry duration: 2m0s
    INFO 2022/07/01 12:10:44.203885 Time elapsed for retry: 17s;  Expected retry duration: 2m0s
    INFO 2022/07/01 12:11:11.997661 Time elapsed for retry: 45s;  Expected retry duration: 2m0s
    INFO 2022/07/01 12:11:55.561987 Time elapsed for retry: 1m28s;  Expected retry duration: 2m0s

    error: update failed

The bucket isn’t visible in the web console, so maybe OCI didn’t like me trying to create a bucket inside the existing compartment. That seems weird though, as it looks like the web console would let me do it.

Interesting … even the web console doesn’t want to let me. Same error.

OK, so … if I don’t have the compartment as that one that showed up inside my “root” compartment, but instead as the root compartment itself, then I CAN create a bucket. So I’ll try that in my Main.yaml instead.

OK, there we go!

I guess I should learn about Oracle Cloud compartments at some point.

Here’s what worked:

Main.yaml

variables:
  myPrimaryCompartment:
    Fn::Invoke:
      Function: oci:Identity/getCompartment:getCompartment
      Arguments:
        id: "the-id-of-my-root-compartment-not-the-one-i-found-through-compartment-list"
  theNamespaceOfMyPrimaryCompartment:
    Fn::Invoke:
      Function: oci:ObjectStorage/getNamespace:getNamespace
      Arguments:
        compartmentId: ${myPrimaryCompartment.id}

resources:
  myBucket:
    type: oci:ObjectStorage:Bucket
    properties:
      name: my-bucket
      compartmentId: ${myPrimaryCompartment.id}
      namespace: ${theNamespaceOfMyPrimaryCompartment.namespace}

outputs:
  name: ${myBucket.name}

Add a storage bucket

OK, so at first, https://cloud.oracle.com/object-storage/buckets?region=us-ashburn-1 is empty.

Then I do:

pulumi up

Verify it’s there

Takes a little while to run (over 2 minutes), but eventually I see a “my-bucket” bucket at https://cloud.oracle.com/object-storage/buckets?region=us-ashburn-1, yay

Delete the bucket

I’m sure there are ways to clean up that aren’t quite so “nuclear,” but here’s how I did so: I deleted every last resource in “oci-stack:”

pulumi destroy -s my-pulumi-username/oci-project/oci-stack

Verify it’s gone

Back to https://cloud.oracle.com/object-storage/buckets?region=us-ashburn-1, and yay, it’s empty again.


Database

Here’s a Main.yaml that spun me up a little Oracle database in Oracle Cloud for me:

variables:
  myPrimaryCompartment:
    Fn::Invoke:
      Function: oci:Identity/getCompartment:getCompartment
      Arguments:
        id: "the-id-of-my-root-compartment-not-the-one-i-found-through-compartment-list"

resources:
  mypuldb:
    type: oci:Database:AutonomousDatabase
    properties:
      compartmentId: ${myPrimaryCompartment.id}
      dbName: SUCHACOOLDBNAME
      adminPassword: a-really-great-password # Root username becomes "ADMIN"
      dbVersion: 19c
      dbWorkload: OLTP
      displayName: My cool DB
      isFreeTier: true
      isMtlsConnectionRequired: false
      whitelistedIps:
        - 123.231.123.231
--- ---