Oracle OCI CLI setup and basics

To be honest, this blog is really more for me, cause I cant seem to remeber how to setup OCI CLI each time I need.  So effectively this is a cheat-sheet, for me and anyone else who needs it to support Oracle CLI.  I will be doing a similiar post for AWS CLI.  Its was not meant to compare/contrast….so no wagering please.

Th main parts of this process is the following:

  1. Install CLI bits (ensure your want this python version).  Install of python3x is outside of this scope.  I have purposely kept all the details from the installation.  Its so well illustrated, its worth walking thru it.
  2. Configure for OCI tenancy (get tenancy, compartment details) including setting credentials
  3. Test oci cli commands

Note, this install is being done on OEL, but its pretty much the same on any plaform.

  1. First, we need to download/acquire the CLI bits.  We do this by running curl get:

bash -c "$(curl -L"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 13968  100 13968    0     0  22391      0 --:--:-- --:--:-- --:--:-- 22384

    You have started the OCI CLI Installer in interactive mode. If you do not wish
    to run this in interactive mode, please include the --accept-all-defaults option.
    If you have the script locally and would like to know more about
    input options for this script, then you can run:
    ./ -h
    If you would like to know more about input options for this script, refer to:
Downloading Oracle Cloud Infrastructure CLI install script from to /tmp/oci_cli_install_tmp_L7tU.
######################################################################## 100.0%
Python3 not found on system PATH
Running install script.
python /tmp/oci_cli_install_tmp_L7tU 
-- Verifying Python version.
-- Python version 2.7.5 okay.

===> In what directory would you like to place the install? (leave blank to use '/home/nitin/lib/oracle-cli'): 
-- Creating directory '/home/nitin/lib/oracle-cli'.
-- We will install at '/home/nitin/lib/oracle-cli'.

===> In what directory would you like to place the 'oci' executable? (leave blank to use '/home/nitin/bin'): 
-- Creating directory '/home/nitin/bin'.
-- The executable will be in '/home/nitin/bin'.

===> In what directory would you like to place the OCI scripts? (leave blank to use '/home/nitin/bin/oci-cli-scripts'): 
-- Creating directory '/home/nitin/bin/oci-cli-scripts'.
-- The scripts will be in '/home/nitin/bin/oci-cli-scripts'.

===> Currently supported optional packages are: ['db (will install cx_Oracle)']
What optional CLI packages would you like to be installed (comma separated names; press enter if you don't need any optional packages)?: 
-- The optional packages installed will be ''.
-- Downloading virtualenv package from
-- Downloaded virtualenv package to /tmp/tmpq_dJj9/15.0.0.tar.gz.
-- Checksum of /tmp/tmpq_dJj9/15.0.0.tar.gz OK.
-- Extracting '/tmp/tmpq_dJj9/15.0.0.tar.gz' to '/tmp/tmpq_dJj9'.
-- Executing: ['/usr/bin/python', '', '--python', '/usr/bin/python', '/home/nitin/lib/oracle-cli']
Already using interpreter /usr/bin/python
New python executable in /home/nitin/lib/oracle-cli/bin/python
Installing setuptools, pip, wheel...done.
-- Executing: ['/home/nitin/lib/oracle-cli/bin/pip', 'install', '--cache-dir', '/tmp/tmpq_dJj9', 'oci_cli', '--upgrade']
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting oci_cli
  Downloading (4.0MB)
     |████████████████████████████████| 4.0MB 3.2MB/s 
Collecting idna<2.7,>=2.5 (from oci_cli)
  Downloading (56kB)
     |████████████████████████████████| 61kB 14.8MB/s 
Collecting arrow==0.10.0 (from oci_cli)
  Downloading (86kB)
     |████████████████████████████████| 92kB 10.7MB/s 
Collecting jmespath==0.9.3 (from oci_cli)
Collecting configparser==3.5.0 (from oci_cli)
Collecting oci==2.2.14 (from oci_cli)
  Downloading (2.1MB)
     |████████████████████████████████| 2.1MB 9.9MB/s 
Collecting httpsig-cffi==15.0.0 (from oci_cli)
Collecting cryptography==2.4.2 (from oci_cli)
  Downloading (2.1MB)
     |████████████████████████████████| 2.1MB 6.0MB/s 
Collecting terminaltables==3.1.0 (from oci_cli)
Collecting click==6.7 (from oci_cli)
  Downloading (71kB)
     |████████████████████████████████| 71kB 4.1MB/s 
Collecting retrying==1.3.3 (from oci_cli)
Collecting pytz==2016.10 (from oci_cli)
  Downloading (483kB)
     |████████████████████████████████| 491kB 10.8MB/s 
Collecting PyYAML==3.13 (from oci_cli)
  Downloading (270kB)
     |████████████████████████████████| 276kB 11.1MB/s 
Collecting certifi (from oci_cli)
  Downloading (157kB)
     |████████████████████████████████| 163kB 13.0MB/s 
Collecting python-dateutil==2.7.3 (from oci_cli)
  Downloading (211kB)
     |████████████████████████████████| 215kB 12.4MB/s 
Collecting pyOpenSSL==18.0.0 (from oci_cli)
  Downloading (53kB)
     |████████████████████████████████| 61kB 15.3MB/s 
Collecting six==1.11.0 (from oci_cli)
Collecting enum34; python_version < "3" (from cryptography==2.4.2->oci_cli)
Collecting cffi!=1.11.3,>=1.7 (from cryptography==2.4.2->oci_cli)
     |████████████████████████████████| 419kB 12.5MB/s 
Collecting asn1crypto>=0.21.0 (from cryptography==2.4.2->oci_cli)
  Downloading (101kB)
     |████████████████████████████████| 102kB 10.9MB/s 
Collecting ipaddress; python_version < "3" (from cryptography==2.4.2->oci_cli)
Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography==2.4.2->oci_cli)
  Downloading (158kB)
     |████████████████████████████████| 163kB 12.6MB/s 
Building wheels for collected packages: arrow, configparser, terminaltables, retrying, PyYAML, pycparser
  Building wheel for arrow ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/ce/4f/95/64541c7466fd88ffe72fda5164f8323c91d695c9a77072c574
  Building wheel for configparser ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/a3/61/79/424ef897a2f3b14684a7de5d89e8600b460b89663e6ce9d17c
  Building wheel for terminaltables ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/30/6b/50/6c75775b681fb36cdfac7f19799888ef9d8813aff9e379663e
  Building wheel for retrying ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/d7/a9/33/acc7b709e2a35caa7d4cae442f6fe6fbf2c43f80823d46460c
  Building wheel for PyYAML ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/ad/da/0c/74eb680767247273e2cf2723482cb9c924fe70af57c334513f
  Building wheel for pycparser ( ... done
  Stored in directory: /tmp/tmpq_dJj9/wheels/f2/9a/90/de94f8556265ddc9d9c8b271b0f63e57b26fb1d67a45564511
Successfully built arrow configparser terminaltables retrying PyYAML pycparser
Installing collected packages: idna, six, python-dateutil, arrow, jmespath, configparser, enum34, pycparser, cffi, asn1crypto, ipaddress, cryptography, pyOpenSSL, pytz, certifi, oci, httpsig-cffi, terminaltables, click, retrying, PyYAML, oci-cli
Successfully installed PyYAML-3.13 arrow-0.10.0 asn1crypto-0.24.0 certifi-2019.6.16 cffi-1.12.3 click-6.7 configparser-3.5.0 cryptography-2.4.2 enum34-1.1.6 httpsig-cffi-15.0.0 idna-2.6 ipaddress-1.0.22 jmespath-0.9.3 oci-2.2.14 oci-cli-2.5.15 pyOpenSSL-18.0.0 pycparser-2.19 python-dateutil-2.7.3 pytz-2016.10 retrying-1.3.3 six-1.11.0 terminaltables-3.1.0

===> Modify profile to update your $PATH and enable shell/tab completion now? (Y/n): Y

===> Enter a path to an rc file to update (leave blank to use '/home/nitin/.bashrc'): 
-- Backed up '/home/nitin/.bashrc' to '/home/nitin/.bashrc.backup'
-- Tab completion set up complete.
-- If tab completion is not activated, verify that '/home/nitin/.bashrc' is sourced by your shell.
-- ** Run `exec -l $SHELL` to restart your shell. **
-- Installation successful.
-- Run the CLI with /home/nitin/bin/oci --help
[nitin@cloudmac ~]$ 


2. Now lets configure our pem keys (private and public). We use openssl to gen our keys

[nitin@cloudmac ~]$ openssl genrsa -out ./nitin-oci-key.pem 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
[nitin@cloudmac ~]$ chmod go-rwx ./nitin-oci-key.pem 
[nitin@cloudmac ~]$ openssl rsa -pubout -in ./nitin-oci-key.pem  -out ./nitin-oci-key-pub.pem 
writing RSA key

[nitin@cloudmac ~]$ ls -ltr nitin-oci*
-rw-------. 1 nitin nitin 1679 Jun 19 13:12 nitin-oci-key.pem
-rw-rw-r--. 1 nitin nitin  451 Jun 19 13:14 nitin-oci-key-pub.pem


3. Configure the OCI configuration file.

a. Upload the PEM keys in the Users tab of the OCI Menu. After uploading you’ll see a Fingerprint tag associated with User

b, Use your UI to collect the following info USER OCID, Fingerprint, Tenancy OCID and Compartment OCID

c. Create a file called $HOME/.oci/configure

# OCID info for Nitin


4. Now lets do a simple test to verify the credentials. One test will be to list the regions, the 2nd test will be to list the VCNs (if you have correct IAM role). Note, for illustration, I have shown output as displayed in tabular an JSON format

oci iam region list --output table
| key | name           |
| FRA | eu-frankfurt-1 |
| IAD | us-ashburn-1   |
| ICN | ap-seoul-1     |
| LHR | uk-london-1    |
| NRT | ap-tokyo-1     |
| PHX | us-phoenix-1   |
| YYZ | ca-toronto-1   |

oci network vcn list --compartment-id ocid1.compartment.oc1..aaaaaaaadwopyqsoqdtsv5ykghdje7f6nvk5moxdo7xxxxxxxxxx
  "data": [
      "cidr-block": "", 
      "compartment-id": "ocid1.compartment.oc1..aaaaaaaadwopyqsoqdtsv5ykghdje7f6nvk5moxdo7xxxxxxxxx", 
      "default-dhcp-options-id": "ocid1.dhcpoptions.oc1.iad.aaaaaaaa6xiy26rweb2ydcjp4lqsvk7zkpuhglyakjpnhdfuhvvjjpjtd4aq", 
      "default-route-table-id": "ocid1.routetable.oc1.iad.aaaaaaaa6mzxjyh3yszohnz2kn7sfsy6ykpvvlgn5a3c5mf3ki3l4ycqzgka", 
      "default-security-list-id": "ocid1.securitylist.oc1.iad.aaaaaaaaun4berdcdxlrg4mg6veoqdvwdzz3p6zbldets76y6otxmlxn3o3a", 
      "defined-tags": {}, 
      "display-name": "ASH-Exadata", 
      "dns-label": "ashexadata", 
      "freeform-tags": {}, 
      "id": "ocid1.vcn.oc1.iad.aaaaaaaahe7kvbrqla25w27id5szra7j6oda2aelfbwt5w67x3c655bvsntq", 
      "lifecycle-state": "AVAILABLE", 
      "time-created": "2018-01-29T19:55:54.760000+00:00", 
      "vcn-domain-name": ""

Here's a quick example of query and retreiving information from OCI. 
In this example I'm gonna pull all database versions available to me for creating.  The second example polls with the db-system-shape

[nitin@cloudmac ~]$ oci db version list -c $COMPID --db-system-shape "VM.Standard1.1" --all --output table
| is-latest-for-major-version | supports-pdb | version         |
| True                        | False        |        |
| False                       | False        | |
| False                       | False        | |
| False                       | False        | |
| True                        | True         |        |
| False                       | True         | |
| False                       | True         | |
| False                       | True         | |
| True                        | True         |        |
| False                       | True         | |
| False                       | True         | |
| False                       | True         | |
| True                        | True         |        |
| False                       | True         |        |
| False                       | True         |        |
| False                       | True         |        |

[nitin@cloudmac ~]$ oci db version list -c $COMPID  --all --output table
| is-latest-for-major-version | supports-pdb | version  |
| True                        | False        | |
| True                        | True         | |
| True                        | True         | |
| True                        | True         | |

In the next Blog post, I'll work through an entire DB creation