Oracle OCI CLI using Instance Principal Authentication

Here are my steps to install the OCI CLI and configure it to use Instance Principals.  Instance principals give the OCI instance (VM) rights to execute  OCI API commands.  We grant the instance rights and then configure the CLI to use instance principals.  

Here is a good article from the Oracle A Team 

OCI CLI Documentation

My install

bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

100 15017  100 15017    0     0  78687      0 –:–:– –:–:– –:–:– 79036

    ******************************************************************************

    You have started the OCI CLI Installer in interactive mode. If you do not wish

    to run this in interactive mode, please include the –accept-all-defaults option.

    If you have the script locally and would like to know more about

    input options for this script, then you can run:

    ./install.sh -h

    If you would like to know more about input options for this script, refer to:

    https://github.com/oracle/oci-cli/blob/master/scripts/install/README.rst

    ******************************************************************************

Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v2.12.7/scripts/install/install.py to /tmp/oci_cli_install_tmp_xObK.

######################################################################## 100.0%

Running install script.

python3 /tmp/oci_cli_install_tmp_xObK 

— Verifying Python version.

— Python version 3.6.8 okay.

===> In what directory would you like to place the install? (leave blank to use ‘/home/opc/lib/oracle-cli’): 

— Creating directory ‘/home/opc/lib/oracle-cli’.

— We will install at ‘/home/opc/lib/oracle-cli’.

===> In what directory would you like to place the ‘oci’ executable? (leave blank to use ‘/home/opc/bin’): 

— Creating directory ‘/home/opc/bin’.

— The executable will be in ‘/home/opc/bin’.

===> In what directory would you like to place the OCI scripts? (leave blank to use ‘/home/opc/bin/oci-cli-scripts’): 

— Creating directory ‘/home/opc/bin/oci-cli-scripts’.

— The scripts will be in ‘/home/opc/bin/oci-cli-scripts’.

===> Currently supported optional packages are: [‘db (will install cx_Oracle)’]

What optional CLI packages would you like to be installed (comma separated names; press enter if you don’t need any optional packages)?: db

— The optional packages installed will be ‘db’.

— Trying to use python3 venv.

— Executing: [‘/usr/bin/python3’, ‘-m’, ‘venv’, ‘/home/opc/lib/oracle-cli’]

— Executing: [‘/home/opc/lib/oracle-cli/bin/pip’, ‘install’, ‘–upgrade’, ‘pip’]

Collecting pip

  Downloading https://files.pythonhosted.org/packages/5a/4a/39400ff9b36e719bdf8f31c99fe1fa7842a42fa77432e584f707a5080063/pip-20.2.2-py2.py3-none-any.whl (1.5MB)

    100% |████████████████████████████████| 1.5MB 667kB/s 

Installing collected packages: pip

  Found existing installation: pip 9.0.3

    Uninstalling pip-9.0.3:

      Successfully uninstalled pip-9.0.3

Successfully installed pip-20.2.2

— Executing: [‘/home/opc/lib/oracle-cli/bin/pip’, ‘install’, ‘–cache-dir’, ‘/tmp/tmp4zkt545y’, ‘wheel’, ‘–upgrade’]

Collecting wheel

  Downloading wheel-0.35.1-py2.py3-none-any.whl (33 kB)

Installing collected packages: wheel

Successfully installed wheel-0.35.1

— Executing: [‘/home/opc/lib/oracle-cli/bin/pip’, ‘install’, ‘–cache-dir’, ‘/tmp/tmp4zkt545y’, ‘oci_cli[db]’, ‘–upgrade’]

Collecting oci_cli[db]

  Downloading oci_cli-2.12.9-py2.py3-none-any.whl (9.5 MB)

     |████████████████████████████████| 9.5 MB 7.1 MB/s 

Collecting terminaltables==3.1.0

  Downloading terminaltables-3.1.0.tar.gz (12 kB)

Collecting pyOpenSSL==18.0.0

  Downloading pyOpenSSL-18.0.0-py2.py3-none-any.whl (53 kB)

     |████████████████████████████████| 53 kB 2.9 MB/s 

Collecting pytz>=2016.10

  Downloading pytz-2020.1-py2.py3-none-any.whl (510 kB)

     |████████████████████████████████| 510 kB 31.9 MB/s 

Collecting six==1.14.0

  Downloading six-1.14.0-py2.py3-none-any.whl (10 kB)

Collecting PyYAML==5.1.2

  Downloading PyYAML-5.1.2.tar.gz (265 kB)

     |████████████████████████████████| 265 kB 36.2 MB/s 

Collecting oci==2.21.2

  Downloading oci-2.21.2-py2.py3-none-any.whl (5.2 MB)

     |████████████████████████████████| 5.2 MB 26.7 MB/s 

Collecting retrying==1.3.3

  Downloading retrying-1.3.3.tar.gz (10 kB)

Collecting jmespath==0.10.0

  Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB)

Collecting click==6.7

  Downloading click-6.7-py2.py3-none-any.whl (71 kB)

     |████████████████████████████████| 71 kB 12.7 MB/s 

Collecting certifi

  Downloading certifi-2020.6.20-py2.py3-none-any.whl (156 kB)

     |████████████████████████████████| 156 kB 36.6 MB/s 

Collecting cryptography==2.8

  Downloading cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl (2.3 MB)

     |████████████████████████████████| 2.3 MB 30.6 MB/s 

Collecting python-dateutil<3.0.0,>=2.5.3

  Downloading python_dateutil-2.8.1-py2.py3-none-any.whl (227 kB)

     |████████████████████████████████| 227 kB 36.5 MB/s 

Collecting arrow==0.14.7

  Downloading arrow-0.14.7-py2.py3-none-any.whl (39 kB)

Collecting configparser==4.0.2

  Downloading configparser-4.0.2-py2.py3-none-any.whl (22 kB)

Collecting cx-Oracle==7.0; extra == “db”

  Downloading cx_Oracle-7.0.0-cp36-cp36m-manylinux1_x86_64.whl (675 kB)

     |████████████████████████████████| 675 kB 36.5 MB/s 

Collecting cffi!=1.11.3,>=1.8

  Downloading cffi-1.14.2-cp36-cp36m-manylinux1_x86_64.whl (400 kB)

     |████████████████████████████████| 400 kB 32.3 MB/s 

Collecting pycparser

  Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)

     |████████████████████████████████| 112 kB 37.1 MB/s 

Building wheels for collected packages: terminaltables, PyYAML, retrying

  Building wheel for terminaltables (setup.py) … done

  Created wheel for terminaltables: filename=terminaltables-3.1.0-py3-none-any.whl size=15354 sha256=cd1b9d5d3f56f4aa05ba6e02c1cb2af48012375c44e13653e05c02e9ce72d4aa

  Stored in directory: /tmp/tmp4zkt545y/wheels/86/1b/58/c23af2fe683acd8edc15d5a1268f0242be1ff2cf827fe34737

  Building wheel for PyYAML (setup.py) … done

  Created wheel for PyYAML: filename=PyYAML-5.1.2-cp36-cp36m-linux_x86_64.whl size=44103 sha256=c2eee252ae048d5c851f18d9d4937c9c1fb11cb62376b256cf9ae9773ca8bf20

  Stored in directory: /tmp/tmp4zkt545y/wheels/d8/9b/e7/75af463b873c119dd444151fc54a8e190c87993593e1fa194a

  Building wheel for retrying (setup.py) … done

  Created wheel for retrying: filename=retrying-1.3.3-py3-none-any.whl size=11429 sha256=fed592b7351d2ee9d26b30d371eb54c4382b2ac16dea2a65c1e72af466825fef

  Stored in directory: /tmp/tmp4zkt545y/wheels/ac/cb/8a/b27bf6323e2f4c462dcbf77d70b7c5e7868a7fbe12871770cf

Successfully built terminaltables PyYAML retrying

Installing collected packages: terminaltables, six, pycparser, cffi, cryptography, pyOpenSSL, pytz, PyYAML, certifi, python-dateutil, configparser, oci, retrying, jmespath, click, arrow, cx-Oracle, oci-cli

Successfully installed PyYAML-5.1.2 arrow-0.14.7 certifi-2020.6.20 cffi-1.14.2 click-6.7 configparser-4.0.2 cryptography-2.8 cx-Oracle-7.0.0 jmespath-0.10.0 oci-2.21.2 oci-cli-2.12.9 pyOpenSSL-18.0.0 pycparser-2.20 python-dateutil-2.8.1 pytz-2020.1 retrying-1.3.3 six-1.14.0 terminaltables-3.1.0

===> Modify profile to update your $PATH and enable shell/tab completion now? (Y/n): Y

===> Enter a path to an rc file to update (file will be created if it does not exist) (leave blank to use ‘/home/opc/.bashrc’): 

— Automatically created rc file at ‘/home/opc/”

— Tab completion set up complete.

— If tab completion is not activated, verify that ‘/home/opc/” is sourced by your shell.

 

— ** Run `exec -l $SHELL` to restart your shell. **

 

— Installation successful.

— Run the CLI with /home/opc/bin/oci –help

***************************************************

Instance Principal Setup 

Link to documentation. 

 

Note that the screenshots in this example show only providing read access.  They are also named after why I originally created it which was to use these for showoci.py.  Setting up the CLI and these instance principals are a prerequisite for using the OCI python SDK which also may use instance principals for authentication.  

Pasted Graphic 3.png

Pasted Graphic 2.png

Use the CLI with Instance Principals

Set the environment variable to tell the CLI to use instance principals rather than the configuration file with the API keys.

$ export OCI_CLI_AUTH=instance_principal

Run the following as a test

$ oci os ns get –auth instance_principal

A couple more OCI CLI examples.  Here we see the use of JMESPath to format the output.

Before running the following commands, set T environment variable to the Compartment OCID

$ export T=ocid.xxxxx … 

$ oci compute instance list --compartment-id $T --query "data[*]".{"name:\"display-name\",os:\"operating-system\""} --output table

$ oci compute instance list --compartment-id $T --query "data[*]".{"name:\"display-name\",ocpus:\"shape-config\".\"ocpus\""} --output table

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.