[ Part 3 ] Setup OCI CLI Configuration

In Part 3 we will setup OCI CLI Configuration on the newly deployed instance, "mysqlshellinstance"

Steps to be implemented

  • Gather necessary data (Tenancy OCID & User OCID)

  • Generate PEM keys

  • Add API RSA public key to OCI User from OCI UI

  • Setup configuration file for OCI CLI

  • Test OCI CLI

You will need to configure OCI CLI (along with .pem keys) on mysqlshellinstance host in order to perform data transfer to Object Storage.

[1 ] Gather necessary data (Tenancy OCID & User OCID)

From Cloud-Shell, run the following commands for finding out your Tenancy OCID and User OCID.

You will need to save these details (in a notepad, etc), since they are needed for step 4.

[ 1.1] Tenancy OCID (saved as an environment variable):

TENANCY=$(oci iam compartment list --access-level ACCESSIBLE |\
 grep -i tenancy | \
 awk 'NR==1{print $2}' | \
 sed -e 's/,//g' -e 's/"//g')

Check if the environment variable has been saved:

zack@cloudshell:~ (eu-frankfurt-1)$ echo $TENANCY
ocid1.tenancy.oc1..aaaaaaaahereisyourtenancyOCID

[ 1.2 ] User OCID

a) Extract your username

myuser=$(whoami)

---

b) Extract 2 fields (fields1 and fields2) - these are your user's Email and your Name.

field1=$(oci iam user list --compartment-id $TENANCY | grep description | awk 'NR==1 {print $2}' | sed  -e 's/"//g' -e 's/,//g')

---

field2=$(oci iam user list --compartment-id $TENANCY | grep description | awk 'NR==2 {print $2}' | sed -e 's/"//g' -e 's/,//g')

---

c) Extract User OCID

 oci iam user list --compartment-id $TENANCY --output table | grep $myuser | grep $field2 | grep $field1 | awk {'print $30'}

[ 2 ] Generate PEM Keys

Following steps to be implemented on the "mysqlshellinstance"

[ 2.1 ] Log in to newly deployed instance, "mysqlshellinstance" (your IP will be different)

zack@cloudshell:MdsReplication (eu-frankfurt-1)$ terraform output
MySqlSourceIP = 129.159.196.152
zack@cloudshell:MdsReplication (eu-frankfurt-1)$ ssh ubuntu@129.159.196.152
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1035-oracle x86_64)
[... snip ...]
ubuntu@mysqlshellinstance:~$ 
ubuntu@mysqlshellinstance:~$ sudo -i
root@mysqlshellinstance:~#

[ 2.2 ] Download script install.sh and perfom configuration:

bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

[ 2.3 ] Generate PEM keys and fingerprint:

This step will be implemented with the help of generate_pemkeys.sh script. 

root@mysqlshellinstance:~# cd /home
root@mysqlshellinstance:/home# wget https://raw.githubusercontent.com/isaac-kami/MdsReplication/main/generate_pemkeys.sh

Make it executable, and run it:

root@mysqlshellinstance:/home# chmod +x generate_pemkeys.sh 
root@mysqlshellinstance:/home# ./generate_pemkeys.sh

[ 2.4 ] Check if files were created under /root/.oci

root@mysqlshellinstance:/home# ls -ltr /root/.oci/
total 12
-rw------- 1 root root 1675 Apr 17 10:02 oci_api_private_key.pem
-rw-r--r-- 1 root root  451 Apr 17 10:02 oci_api_key_public.pem
-rw-r--r-- 1 root root   48 Apr 17 10:02 oci_api_key_fingerprint

[ 3 ] Add API RSA public key to OCI User from OCI UI

The API RSA public key:

root@mysqlshellinstance:/home#  more /root/.oci/oci_api_key_public.pem
-----BEGIN PUBLIC KEY-----
MII=============================================================
=============================================================Vm6
gfl=============================================================
=============================================================S7u
SQX=============================================================
=============================================================zIX
yQ=====
-----END PUBLIC KEY-----

[ 3.1 ] Copy the content of oci_api_key_public.pem and go to OCI UI > Menu > Identity > Users:

[ 3.2 ] Select your User, and go down the page.

Select API Keys > Add API Keys, and then paste the content. Click "Add" to apply changes:

[ 4 ] Setup configuration file for OCI CLI

At this step, you must provide the Tenancy OCID and User OCID you saved at step 1.

[ 4.1 ] Setup configuration file for OCI by running the following command:

root@mysqlshellinstance:~/.oci# /root/bin/oci setup config

Running this command will require from you to provide:

  • a location for your config - you will keep here the default: 

    /root/.oci/config

  • your User OCID

  • your Tenancy OCID

  • your region by index or name - my account is located in eu-frankfurt-1, so I will go with index 13

  • you will be asked if you want to generate a new API Signing RSA key pair -- choose "n" (no)

  • provide the location of your API Signing private key file - here you provide following path:

    /root/.oci/oci_api_private_key.pem

Possible output:

root@mysqlshellinstance:/home# /root/bin/oci setup config
    This command provides a walkthrough of creating a valid CLI config file.

    The following links explain where to find the information required by this
    script:

    User API Signing Key, OCID and Tenancy OCID:

        https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other

    Region:

        https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm

    General config documentation:

        https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm


Enter a location for your config [/root/.oci/config]: 
Enter a user OCID: ocid1.user.oc1..aaaaaaaa4UserOCID
Enter a tenancy OCID: ocid1.tenancy.oc1..aaaaaaaa5uTenancyOCID
Enter a region by index or name(e.g.
1: ap-chiyoda-1, 2: ap-chuncheon-1, 3: ap-hyderabad-1, 4: ap-melbourne-1, 5: ap-mumbai-1,
6: ap-osaka-1, 7: ap-seoul-1, 8: ap-sydney-1, 9: ap-tokyo-1, 10: ca-montreal-1,
11: ca-toronto-1, 12: eu-amsterdam-1, 13: eu-frankfurt-1, 14: eu-zurich-1, 15: me-dubai-1,
16: me-jeddah-1, 17: sa-santiago-1, 18: sa-saopaulo-1, 19: uk-cardiff-1, 20: uk-gov-cardiff-1,
21: uk-gov-london-1, 22: uk-london-1, 23: us-ashburn-1, 24: us-gov-ashburn-1, 25: us-gov-chicago-1,
26: us-gov-phoenix-1, 27: us-langley-1, 28: us-luke-1, 29: us-phoenix-1, 30: us-sanjose-1): 13
Do you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: n
Enter the location of your API Signing private key file: /root/.oci/oci_api_private_key.pem
Fingerprint: 0a:f7:f8:f4:ca:b5:1c:ed:4e:91:82:4a:da:0d:b0:9f
Config written to /root/.oci/config


    If you haven't already uploaded your API Signing public key through the
    console, follow the instructions on the page linked below in the section
    'How to upload the public key':

        https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2


root@mysqlshellinstance:/home#

[ 4.2 ] Check if config file was created under /root/.oci/ folder:

root@mysqlshellinstance:/home# ls -ltr /root/.oci/con*
-rw------- 1 root root 306 Apr 18 15:46 /root/.oci/config

[ 4.3 ] Call OCI CLI tool without full path:

root@mysqlshellinstance:~/.oci# echo 'export PATH="$PATH:/root/.oci/"' >> ~/.bashrc 
root@mysqlshellinstance:~/.oci# source ~/.bashrc
root@mysqlshellinstance:~/.oci#  oci -v
2.22.2

[ 5 ] Test OCI CLI

Let's find out the namespace of our Object storage:

root@mysqlshellinstance:/home# oci os ns get
{
  "data": "s0meDataHere"
}
root@mysqlshellinstance:/home#
Previous[ Part 2 ] Deploying the infrastructureNext[ Part 4 ] Data transfer & GTID purging

Last updated