Install and configure OCI CLI

At step "Create instance" we have created the instance "deploymentmachine" which we would be using for installing and configuring OCI CLI.

Preparation for next steps

1. Login to instance "deploymentmachine" from a terminal; provide the Public IP you have in the Oracle Cloud UI:

root@isaacEXE:/home/zack/# ssh ubuntu@xx.xx.xx.xx
ubuntu@deploymentmachine:~$
ubuntu@deploymentmachine:~$ hostname
deploymentmachine
ubuntu@deploymentmachine:~$ id
uid=1001(ubuntu) gid=1001(ubuntu) groups=1001(ubuntu)
ubuntu@deploymentmachine:~$ pwd
/home/ubuntu
buntu@deploymentmachine:~$

2. Become root user, and prepare the environment for installing OCI CLI

ubuntu@deploymentmachine:~$ sudo -i
root@deploymentmachine:~#
root@deploymentmachine:~#
root@deploymentmachine:~# apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB]
Hit:2 http://eu-frankfurt-1-ad-3.clouds.archive.ubuntu.com/ubuntu focal InRelease
[ ... skip output ... ]

3. Change the root password, and the ubuntu password:

root@deploymentmachine:~# passwd root
New password: <new root password>
Retype new password: <new root password>
passwd: password updated successfully
root@deploymentmachine:~# 
root@deploymentmachine:~# passwd ubuntu
New password: <new ubuntu password>
Retype new password: <new ubuntu password>
passwd: password updated successfully

Once again, SSH keys...

Now that we have updated our system, it is time to generate a pair of ssh keys on this particular machine. This time, we will be doing the whole process, step by step, since it will be pretty useful in the future:

1. Generate the SSH keys by running "ssh-keygen":

root@deploymentmachine:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:asdasdasdascasc 
The key's randomart image is:
+---[RSA 3072]----+
|=o.=E.           |
|+ =+=.           |
|.B.O.            |
|o X.*  . o       |
| o X..o S .      |
|..o.=. .         |
|o .+..           |
|+oooo            |
|=+oo.o.          |
+----[SHA256]-----+
root@deploymentmachine:~#
root@deploymentmachine:~# ls -ltr /root/.ssh/
total 12
-rw------- 1 root root  738 Jan 24 13:51 authorized_keys
-rw-r--r-- 1 root root  576 Jan 24 14:01 id_rsa.pub
-rw------- 1 root root 2610 Jan 24 14:01 id_rsa
root@deploymentmachine:~#

2. Modify /etc/ssh/sshd_config, and change the following:

#PermitRootLogin prohibit-password
PermitRootLogin yes

#PasswordAuthentication no
PasswordAuthentication yes

3. Restart ssh service

root@deploymentmachine:~# service ssh restart
root@deploymentmachine:~#

4. Test if you can ssh into localhost

From now on, when connecting locally or from a remote instance via ssh, you will provide the password you have setup earlier.

root@deploymentmachine:~/.oci# ssh root@localhost
root@localhost's password: <insert here root password>
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1029-oracle x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Sun Jan 24 18:41:14 UTC 2021

  System load:  0.0               Processes:             139
  Usage of /:   4.4% of 44.97GB   Users logged in:       2
  Memory usage: 37%               IPv4 address for ens3: 10.0.0.5
  Swap usage:   0%


45 updates can be installed immediately.
15 of these updates are security updates.
To see these additional updates run: apt list --upgradable


Last login: Sun Jan 24 18:39:47 2021 from 127.0.0.1
root@deploymentmachine:~#

Congrats! Your ssh service and keys are working properly!

1. Installing and configuring OCI CLI

Download and run install.sh script:

root@deploymentmachine:~# bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 16053  100 16053    0     0  84047      0 --:--:-- --:--:-- --:--:-- 84489

    ******************************************************************************
    You have started the OCI CLI Installer in interactive mode. If you do not wish
    to run this in interactive mode, please include the --accept-all-defaults option.
    If you have the script locally and would like to know more about
    input options for this script, then you can run:
    ./install.sh -h
    If you would like to know more about input options for this script, refer to:
    https://github.com/oracle/oci-cli/blob/master/scripts/install/README.rst
    ******************************************************************************
Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v2.14.4/scripts/install/install.py to /tmp/oci_cli_install_tmp_zyA7.
############################################################################################################################################################################################################ 100.0%
Python not found on system PATH
Running install script.
python3 /tmp/oci_cli_install_tmp_zyA7
-- Verifying Python version.
-- Python version 3.8.5 okay.

===> In what directory would you like to place the install? (leave blank to use '/root/lib/oracle-cli'):
-- Creating directory '/root/lib/oracle-cli'.
-- We will install at '/root/lib/oracle-cli'.

===> In what directory would you like to place the 'oci' executable? (leave blank to use '/root/bin'):
-- Creating directory '/root/bin'.
-- The executable will be in '/root/bin'.

===> In what directory would you like to place the OCI scripts? (leave blank to use '/root/bin/oci-cli-scripts'):
-- Creating directory '/root/bin/oci-cli-scripts'.
-- The scripts will be in '/root/bin/oci-cli-scripts'.

===> Currently supported optional packages are: ['db (will install cx_Oracle)']
What optional CLI packages would you like to be installed (comma separated names; press enter if you don't need any optional packages)?:
-- The optional packages installed will be ''.
-- Executing: ['sudo', 'apt-get', 'update']
Hit:1 https://apt.releases.hashicorp.com focal InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease
[...]



==

Keep pressing enter or provide required details, and choose Y or N when asked to...

2. Configure OCI CLI

[ 2.1 ] Collect the OCID of your Tenancy, Compartment and User.

I suggest you save the following details in a file located on the "deploymentmachine" instance .

[ 2.1.1 ] Tenancy OCID

Go to Oracle Cloud Menu, and from Administration choose Tenancy Details:

.. and copy the Tenancy OCID (as marked with green):

[ 2. 1. 2 ] Compartment OCID (in our case, the root compartment)

Go to Oracle Cloud Menu, and from Identity, choose Compartments

Select the root compartment (as marked with green):

... and copy the OCID

[ 2. 1. 3 ] User OCID

Go to Oracle Cloud Menu, and from Identity, and choose Users:

... and copy the OCID of user with Administrator rights (usually, the one you used to create the account)

In my case, I have saved all these details under a file (ready to be exported as environment variables):

root@deploymentmachine:~# more /home/ubuntu/details.txt
export TENANCY="ocid1.tenancy.oc1..aaaaaasomefaketenancyidinhereaaaaa323423421"
export COMPARTMENT="ocid1.tenancy.oc1..aaaaaasomefakecompartmentidinhereaaaaa323423422"
export USER="ocid1.user.oc1..aaaaaasomefakeuseridinhereaaaaa323423423"

[ 2.2 ] Generate RSA API Keys

[ 2.2.1 ] Create /root/.oci folder Create folder /root/.oci and file oci_api_private_key.pem under /root/.oci/ folder

root@deploymentmachine:~# mkdir -p /root/.oci
root@deploymentmachine:~# cd /root/.oci/
root@deploymentmachine:~/.oci# touch oci_api_private_key.pem

[2.2.2] Generate API RSA private key Generate private RSA key and save it into oci_api_private_key.pem

root@deploymentmachine:~/.oci#  openssl genrsa -out ~/.oci/oci_api_private_key.pem 2048 
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
.................................................+++++
e is 65537 (0x010001)

root@deploymentmachine:~/.oci# ls -ltr
total 8
-rw-r--r-- 1 root root 1679 Jan 24 14:49 oci_api_private_key.pem
root@deploymentmachine:~/.oci#

[2.2.3] Generate fingerprint

root@deploymentmachine:~/.oci# openssl rsa -pubout -outform DER -in ~/.oci/oci_api_private_key.pem | openssl md5 -c 
writing RSA key
(stdin)= x5:x2:xx:xx:xx:31:xx:af:xx:xx:xx:xx:xx:xx:xx:xx

Let's make it more presentable, and save it in a file, oci_api_key_fingerprint

root@deploymentmachine:~/.oci# openssl rsa -in ~/.oci/oci_api_private_key.pem -pubout -outform DER | openssl md5 -c  | sed s/\(stdin\)=\\s//g > oci_api_key_fingerprint 
writing RSA key
root@deploymentmachine:~/.oci# more oci_api_key_fingerprint
x5:x2:xx:xx:xx:31:xx:af:xx:xx:xx:xx:xx:xx:xx:xx

[2.2.4] Generate API RSA public key

root@deploymentmachine:~/.oci# openssl rsa -pubout -in /root/.oci/oci_api_private_key.pem -out /root/.oci/oci_api_key_public.pem 
writing RSA key

So far, we have the following files under /root/.oci

root@deploymentmachine:~/.oci# ls -ltr
total 16
-rw-r--r-- 1 root root 1679 Jan 24 14:49 oci_api_private_key.pem
-rw-r--r-- 1 root root   48 Jan 24 14:51 oci_api_key_fingerprint
-rw-r--r-- 1 root root  451 Jan 24 15:10 oci_api_key_public.pem

[2.2.5] Add API RSA public key to OCI User

a) Copy the content of your public key (oci_api_key_public.pem)

b) Under User you have been used for the getting the OCID (Oracle Cloud Menu > Identity > Users), scroll down to "Resources" section and click on "API Keys":

c) Paste the content of oci_api_key_public.pem when choosing "Paste Public Key", and click "Add":

[ 2.3 ] Generate OCI configuration file

Now we are /almost/ ready to run OCI CLI commands... first of all:

[2.3.1]Check version of oci cli tool (notice how oci tool has entire path)

root@deploymentmachine:~/.oci# /root/bin/oci -v
2.19.0

[2.3.2] Create a valid CLI config file.

Remember that I have advised you to save the OCID of tenancy, user and compartment. You will need those details for this step

Run command "/root/bin/oci setup config" and provide the required details:

root@deploymentmachine:~/.oci# /root/bin/oci setup config
    This command provides a walkthrough of creating a valid CLI config file.

    The following links explain where to find the information required by this
    script:

    User API Signing Key, OCID and Tenancy OCID:

        https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other

    Region:

        https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm

    General config documentation:

        https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm


Enter a location for your config [/root/.oci/config]:
Enter a user OCID: ocid1.user.oc1..aaaaaasomefakeuseridinhereaaaaa323423423
Enter a tenancy OCID: ocid1.tenancy.oc1..aaaaaasomefaketenancyidinhereaaaaa323423421
Enter a region by index or name(e.g.
1: ap-chiyoda-1, 2: ap-chuncheon-1, 3: ap-hyderabad-1, 4: ap-melbourne-1, 5: ap-mumbai-1,
6: ap-osaka-1, 7: ap-seoul-1, 8: ap-sydney-1, 9: ap-tokyo-1, 10: ca-montreal-1,
11: ca-toronto-1, 12: eu-amsterdam-1, 13: eu-frankfurt-1, 14: eu-zurich-1, 15: me-dubai-1,
16: me-jeddah-1, 17: sa-santiago-1, 18: sa-saopaulo-1, 19: uk-cardiff-1, 20: uk-gov-cardiff-1,
21: uk-gov-london-1, 22: uk-london-1, 23: us-ashburn-1, 24: us-gov-ashburn-1, 25: us-gov-chicago-1,
26: us-gov-phoenix-1, 27: us-langley-1, 28: us-luke-1, 29: us-phoenix-1, 30: us-sanjose-1): eu-frankfurt-1
Do you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: n
Enter the location of your API Signing private key file: /root/.oci/
Error: No file found at: /root/.oci/
Enter the location of your API Signing private key file: /root/.oci/oci_api_private_key.pem
Fingerprint: x5:x2:xx:xx:xx:31:xx:af:xx:xx:xx:xx:xx:xx:xx:xx
Config written to /root/.oci/config


    If you haven't already uploaded your API Signing public key through the
    console, follow the instructions on the page linked below in the section
    'How to upload the public key':

        https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2


root@deploymentmachine:~/.oci#

[2.3.3] Check if file properly configured:

root@deploymentmachine:~/.oci# ls -ltr /root/.oci/config
-rw------- 1 root root 298 Jan 24 15:16 /root/.oci/config
root@deploymentmachine:~/.oci# cat /root/.oci/config
[...]

3. Run a command just for testing

root@deploymentmachine:~/.oci# /root/bin/oci  iam availability-domain list
{
  "data": [
    {
      "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "id": "ocid1.availabilitydomain.oc1..aaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "name": "Aodz:EU-FRANKFURT-1-AD-1"
    },
    {
      "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "id": "ocid1.availabilitydomain.oc1..aaaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "name": "Aodz:EU-FRANKFURT-1-AD-2"
    },
    {
      "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "id": "ocid1.availabilitydomain.oc1..aaaaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "name": "Aodz:EU-FRANKFURT-1-AD-3"
    }
  ]
}

4. Call the tool without full path

We have keep running the command oci with the entire path /root/bin/oci. Let's add it's PATH to .bashrc:

root@deploymentmachine:~/.oci# echo 'export PATH="$PATH:/root/.oci/"' >> ~/.bashrc 
root@deploymentmachine:~/.oci#
root@deploymentmachine:~/.oci# source ~/.bashrc
root@deploymentmachine:~/.oci#
root@deploymentmachine:~/.oci# oci -v
2.19.0
root@deploymentmachine:~/.oci#

References:
https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2

PreviousCreate instance NextOCI CLI small test

Last updated 4 years ago