Get going quickly with Command Line Interface for Oracle Cloud Infrastructure using Docker container image

Get going quickly with Command Line Interface for Oracle Cloud Infrastructure using Docker container

Related imageOracle Cloud Infrastructure is Oracle’s second generation infrastructure as a service offering – that support many components including compute nodes, networks, storage, Kubernetes clusters and Database as a Service. Oracle Cloud Infrastructure can be administered through a GUI – a browser based console – as well as through a REST API and with the OCI Command Line Interface. Oracle offers a Terraform provider that allows automated, scripted provisioning of OCI artefacts.

This article describes an easy approach to get going with the Command Line Interface for Oracle Cloud Infrastructure – using the oci-cli Docker image. Using a Docker container image and a simple configuration file, oci commands can be executed without locally having to install and update the OCI Command Line Interface (and the Python runtime environment) itself.

These are the steps to get going on a Linux or Mac Host that contains a Docker engine:

  • create a new user in OCI (or use an existing user) with appropriate privileges; you need the OCID for the user
  • also make sure you have the name of the region and the OCID for the tenancy on OCI
  • execute a docker run command to prepare the OCI CLI configuration file
  • update the user in OCI with the public key created by the OCI CLI setup action
  • edit the .profile to associate the oci command line instruction on the Docker host with running the OCI CLI Docker image

At that point, you can locally run any OCI CLI command against the specified user and tenant – using nothing but the Docker container that contains the latest version of the OCI CLI and the required runtime dependencies.

In more detail, the steps look like this:

Create a new user in OCI

(or use an existing user) with appropriate privileges; you need the OCID for the user

You can reuse an existing user or create a fresh one – which is what I did. This step I performed in the OCI Console:

image

 

I then added this user to the group Administrators.

image

And I noted the OCID for this user:

image

also make sure you have the name of the region and the OCID for the tenancy on OCI:

image

Execute a docker run command to prepare the OCI CLI configuration file

On the Docker host machine, create a directory to hold the OCI CLI configuration files. These files will be made available to the CLI tool by mounting the directory into the Docker container.

mkdir ~/.oci

Run the following Docker command:

docker run --rm --mount type=bind,source=$HOME/.oci,target=/root/.oci -it stephenpearson/oci-cli:latest setup config

This starts the OCI CLI container in interactive mode – with the ~/.oci directory mounted into the container at /root/oci – the  and executes the setup config command on the OCI CLI (see https://docs.cloud.oracle.com/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/setup/config.html).

This command will start a dialog that results in the OCI Config file being written to /root/.oci inside the container and to ~/.oci on the Docker host. The dialog also result in a private and public key file, in that same dircetory.

image

Here is the content of the config file that the dialog has generated on the Docker host:

image

Update the user in OCI with the public key created by the OCI CLI setup action

The contents of the file that contains the public key – ~/.oci/oci_api_key_public.pem in this case – should be configured on the OCI user – kubie in this case – as API Key:

image

 

Create shortcut command for OCI CLI on Docker host

We did not install the OCI CLI on the Docker host – but we can still make it possible to run the CLI commands as if we did. If we edit the .profile file to associate the oci command line instruction on the Docker host with running the OCI CLI Docker image, we get the same experience on the host command line as if we did install the OCI CLI.

Edit ~/.profile and add this line:

oci() { docker run --rm --mount type=bind,source=$HOME/.oci,target=/root/.oci stephenpearson/oci-cli:latest "$@"; }

SNAGHTML70b7f88a

 

On the docker host I can now run oci cli commands (that will be sent to the docker container that uses the configuration in ~/.oci for connecting to the OCI instance)

Run OCI CLI command on the Host

We are now set to run OCI CLI command – even though we did not actually install the OCI CLI and the Python runtime environment.

Note: most commands we run will require us to pass the Compartment Id of the OCI Compartment against which we want to perform an action. It is convenient to set an environment variable with the Compartment OCID value and then refer in all cli commands to the variable.

For example:

export COMPARTMENT_ID=ocid1.tenancy.oc1..aaaaaaaaot3ihdt

Now to list all policies in this compartment:

oci iam policy list --compartment-id $COMPARTMENT_ID --all

And to create a new policy – one that I need in order to provision a Kubernetes cluster:

oci iam policy create  --name oke-service --compartment-id $COMPARTMENT_ID  --statements '[ "allow service OKE to manage all-re
sources in tenancy"]' --description 'policy for granting rights on OKE to manage cluster resources'

Or to create a new compartment:

oci iam compartment create --compartment-id $COMPARTMENT_ID  --name oke-compartment --description "Compartment for OCI resources created for OKE Cluster"

From here on, it is just regular OCI CLI work, just as if it had been installed locally. But by using the Docker container, we keep our system tidy and we can easily benefit from the latest version of the OCI CLI at all times.

 

Resources

OCI CLI Command Reference – https://docs.cloud.oracle.com/iaas/tools/oci-cli/latest/oci_cli_docs/index.html

Terraform Provider for OCI: https://www.terraform.io/docs/providers/oci/index.html

GitHub repo for OCI CLI Docker –  https://github.com/stephenpearson/oci-cli