OCI CLI 사용방법 및 가상머신 인스턴스 만들기

작성자: 정영균

OCI 관리 작업은 기본적으로 웹콘솔에서 수행하지만, 명령어 인터페이스(Command Line Interface, CLI)를 이용해서도 할 수 있습니다. OCI CLI를 이용하면 Shell 스크립트, crontab 등을 함께 이용해서 OCI 자원을 자동화하거나, OCI 관리를 정기적인 작업으로 등록할 수 있습니다. 예를 들어 업무 시간 후에는 개발 인스턴스들을 동시에 shutdown 시켰다가 아침에 다시 start 시킨다거나, 결산 등이 이루어지는 월말, 연말에 CPU를 더 할당해서 인스턴스를 확장한다든지 하는 작업에 사용할 수 있습니다.

이번 글에서는 OCI CLI 설치와 사용 방법에 대해서 정리해 보았습니다. 아래 OCI 문서를 참조했습니다.

https://docs.cloud.oracle.com/iaas/Content/API/Concepts/cliconcepts.htm

Tenancy, Compartment, User OCID나 RSA 키값 등은 전체 내용을 노출시키지 않기 위해 “........”로 대체했습니다.

OCI CLI는 Python 엔진 위에서 작동합니다. 따라서 OCI를 설치할 때 해당 호스트에 Python(2.7.5 또는 3.5 이상)이 설치되어 있지 않다면 자동으로 설치됩니다. 내부적으로 Python 코드가 OCI API를 호출하는 방식으로 작동합니다. 현재 호스트에 설치된 Python 버전은 “python –version” 명령으로 확인합니다.

OCI CLI 설치 소스는 오라클 GitHub에 올라와 있습니다. 윈도우와 유닉스 계열에서 설치 가능한데, 이번 테스트에서는 오라클 리눅스 7.6 OCI 가상머신에서 수행했습니다. 아래 curl 명령으로 OCI CLI를 설치합니다. OCI CLI bin, lib 등 디렉토리 설정 등은 엔터를 쳐서 기본값으로 했습니다.

$ ssh -i C:\\Users\\youjung\\.ssh\\id_rsa opc@129.213.62.228 Last login: Mon Jan 14 07:21:29 2019 from 156.151.8.10 [opc@bastion ~]$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100  6283  100  6283    0     0  29167      0 --:--:-- --:--:-- --:--:-- 29359 Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/6dc61e3b5fd2781c5afff2decb532c24969fa6bf/scripts/install/install.py to /tmp/oci_cli_install_tmp_tOxd. ######################################################################## 100.0% Python3 not found on system PATH Running install script. python /tmp/oci_cli_install_tmp_tOxd  < /dev/tty -- Verifying Python version. -- Python version 2.7.5 okay. -- Verifying native dependencies. -- Unable to verify native dependencies. dist=oracle linux server, version=7.6. Continuing...   ===> In what directory would you like to place the install? (leave blank to use '/home/opc/lib/oracle-cli'): -- Creating directory '/home/opc/lib/oracle-cli'. -- We will install at '/home/opc/lib/oracle-cli'.   ===> In what directory would you like to place the 'oci' executable? (leave blank to use '/home/opc/bin'): -- Creating directory '/home/opc/bin'. -- The executable will be in '/home/opc/bin'.   ===> In what directory would you like to place the OCI scripts? (leave blank to use '/home/opc/bin/oci-cli-scripts'): -- Creating directory '/home/opc/bin/oci-cli-scripts'. -- The scripts will be in '/home/opc/bin/oci-cli-scripts'. -- Downloading virtualenv package from https://github.com/pypa/virtualenv/archive/15.0.0.tar.gz. -- Downloaded virtualenv package to /tmp/tmpd0wZUD/15.0.0.tar.gz. -- Checksum of /tmp/tmpd0wZUD/15.0.0.tar.gz OK. -- Extracting '/tmp/tmpd0wZUD/15.0.0.tar.gz' to '/tmp/tmpd0wZUD'. -- Executing: ['/usr/bin/python', 'virtualenv.py', '--python', '/usr/bin/python', '/home/opc/lib/oracle-cli'] Already using interpreter /usr/bin/python New python executable in /home/opc/lib/oracle-cli/bin/python Installing setuptools, pip, wheel...done. -- Executing: ['/home/opc/lib/oracle-cli/bin/pip', 'install', '--cache-dir', '/tmp/tmpd0wZUD', 'oci_cli', '--upgrade'] Collecting oci_cli   Downloading https://files.pythonhosted.org/packages/17/2b/............../oci_cli-2.4.41-py2.py3-none-any.whl (2.4MB)     100% |████████████████████████████████| 2.4MB 8.6MB/s Collecting cryptography==2.1.4 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/69/7b/............../cryptography-2.1.4-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)     100% |████████████████████████████████| 2.2MB 9.8MB/s Collecting idna<2.7,>=2.5 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/27/cc/............../idna-2.6-py2.py3-none-any.whl(56kB)     100% |████████████████████████████████| 61kB 20.6MB/s Collecting arrow==0.10.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/54/db/............../arrow-0.10.0.tar.gz (86kB)     100% |████████████████████████████████| 92kB 25.2MB/s Collecting jmespath==0.9.3 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/b7/31/............../jmespath-0.9.3-py2.py3-none-any.whl Collecting configparser==3.5.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/7c/69/............../configparser-3.5.0.tar.gz Collecting cx-Oracle==6.2.1 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/24/95/............../cx_Oracle-6.2.1-cp27-cp27mu-manylinux1_x86_64.whl (579kB)     100% |████████████████████████████████| 583kB 20.9MB/s Collecting httpsig-cffi==15.0.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/93/f5/............../httpsig_cffi-15.0.0-py2.py3-none-any.whl Collecting pyOpenSSL==17.5.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/79/db/............../pyOpenSSL-17.5.0-py2.py3-none-any.whl (53kB)     100% |████████████████████████████████| 61kB 21.0MB/s Collecting terminaltables==3.1.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/9b/c4/............../terminaltables-3.1.0.tar.gz Collecting click==6.7 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/34/c1/............../click-6.7-py2.py3-none-any.whl (71kB)     100% |████████████████████████████████| 71kB 13.5MB/s Collecting retrying==1.3.3 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/44/ef/............../retrying-1.3.3.tar.gz Collecting pytz==2016.10 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/f5/fa/............../pytz-2016.10-py2.py3-none-any.whl (483kB)     100% |████████████████████████████████| 491kB 22.1MB/s Collecting oci==2.1.4 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/4c/d6/............../oci-2.1.4-py2.py3-none-any.whl (1.5MB)     100% |████████████████████████████████| 1.5MB 13.1MB/s Collecting certifi (from oci_cli)   Downloading https://files.pythonhosted.org/packages/9f/e0/............../certifi-2018.11.29-py2.py3-none-any.whl (154kB)     100% |████████████████████████████████| 163kB 26.6MB/s Collecting python-dateutil==2.7.3 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/cf/f5/............../python_dateutil-2.7.3-py2.py3-none-any.whl (211kB)     100% |████████████████████████████████| 215kB 30.4MB/s Collecting six==1.11.0 (from oci_cli)   Downloading https://files.pythonhosted.org/packages/67/4b/............../six-1.11.0-py2.py3-none-any.whl Collecting cffi>=1.7; platform_python_implementation != "PyPy" (from cryptography==2.1.4->oci_cli)   Downloading https://files.pythonhosted.org/packages/14/dd/............../cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB)     100% |████████████████████████████████| 409kB 26.5MB/s Collecting enum34; python_version < "3" (from cryptography==2.1.4->oci_cli)   Downloading https://files.pythonhosted.org/packages/c5/db/............../enum34-1.1.6-py2-none-any.whl Collecting asn1crypto>=0.21.0 (from cryptography==2.1.4->oci_cli)   Downloading https://files.pythonhosted.org/packages/ea/cd/............../asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)     100% |████████████████████████████████| 102kB 21.6MB/s Collecting ipaddress; python_version < "3" (from cryptography==2.1.4->oci_cli)   Downloading https://files.pythonhosted.org/packages/fc/d0/............../ipaddress-1.0.22-py2.py3-none-any.whl Collecting pycparser (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography==2.1.4->oci_cli)   Downloading https://files.pythonhosted.org/packages/68/9e/............../pycparser-2.19.tar.gz (158kB)     100% |████████████████████████████████| 163kB 23.2MB/s Building wheels for collected packages: arrow, configparser, terminaltables, retrying, pycparser   Running setup.py bdist_wheel for arrow ... done   Stored in directory: /tmp/tmpd0wZUD/wheels/ce/4f/95/64541c7466fd88ffe72fda5164f8323c91d695c9a77072c574   Running setup.py bdist_wheel for configparser ... done   Stored in directory: /tmp/tmpd0wZUD/wheels/a3/61/79/424ef897a2f3b14684a7de5d89e8600b460b89663e6ce9d17c   Running setup.py bdist_wheel for terminaltables ... done   Stored in directory: /tmp/tmpd0wZUD/wheels/30/6b/50/6c75775b681fb36cdfac7f19799888ef9d8813aff9e379663e   Running setup.py bdist_wheel for retrying ... done   Stored in directory: /tmp/tmpd0wZUD/wheels/d7/a9/33/acc7b709e2a35caa7d4cae442f6fe6fbf2c43f80823d46460c   Running setup.py bdist_wheel for pycparser ... done   Stored in directory: /tmp/tmpd0wZUD/wheels/f2/9a/90/de94f8556265ddc9d9c8b271b0f63e57b26fb1d67a45564511 Successfully built arrow configparser terminaltables retrying pycparser Installing collected packages: idna, pycparser, cffi, enum34, six, asn1crypto, ipaddress, cryptography, python-dateutil, arrow, jmespath, configparser, cx-Oracle, httpsig-cffi, pyOpenSSL, terminaltables, click, retrying, pytz, certifi, oci, oci-cli Successfully installed arrow-0.10.0 asn1crypto-0.24.0 certifi-2018.11.29 cffi-1.11.5 click-6.7 configparser-3.5.0 cryptography-2.1.4 cx-Oracle-6.2.1 enum34-1.1.6 httpsig-cffi-15.0.0 idna-2.6 ipaddress-1.0.22 jmespath-0.9.3 oci-2.1.4 oci-cli-2.4.41 pyOpenSSL-17.5.0 pycparser-2.19 python-dateutil-2.7.3pytz-2016.10 retrying-1.3.3 six-1.11.0 terminaltables-3.1.0   ===> Modify profile to update your $PATH and enable shell/tab completion now? (Y/n):   ===> Enter a path to an rc file to update (leave blank to use '/home/opc/.bashrc'): -- Backed up '/home/opc/.bashrc' to '/home/opc/.bashrc.backup' -- Tab completion set up complete. -- If tab completion is not activated, verify that '/home/opc/.bashrc' is sourced by your shell. -- -- ** Run `exec -l $SHELL` to restart your shell. ** -- -- Installation successful. -- Run the CLI with /home/opc/bin/oci --help

 

설치가 정상적으로 되었는지 “oci –help” 명령을 수행해 봅니다.

[opc@bastion ~]$ oci --help Usage: oci [OPTIONS] COMMAND [ARGS]...     Oracle Cloud Infrastructure command line interface, with support for   Audit, Block Volume, Compute, Database, IAM, Load Balancing, Networking,   DNS, File Storage, Email Delivery and Object Storage Services.     Most commands must specify a service, followed by a resource type and then   an action. For example, to list users (where $T contains the OCID of the   current tenant):       oci iam user list --compartment-id $T     Output is in JSON format.     For information on configuration, see https://docs.us-   phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm.   Options:   -v, --version                   Show the version and exit.   --config-file TEXT              The path to the config file.  [default:                                   ~/.oci/config]   --profile TEXT                  The profile in the config file to load. This                                   profile will also be used to locate any                                   default parameter values which have been                                   specified in the OCI CLI-specific                                   configuration file.  [default: DEFAULT]   --cli-rc-file, --defaults-file TEXT                                   The path to the OCI CLI-specific                                   configuration file, containing parameter                                   default values and other configuration                                   information such as command aliases and                                   predefined queries. The --defaults-file                                   option is deprecated and you should use the                                   --cli-rc-file option instead.  [default:                                   ~/.oci/oci_cli_rc]   --opc-request-id, --opc-client-request-id, --request-id TEXT                                   The request id to use for tracking the                                   request.   --region TEXT                   The region to make calls against.  For a                                   list of valid region names use the command:                                   "oci iam region list".   --endpoint TEXT                 The value to use as the service endpoint,                                   including any required API version path. For                                   example: "https://iaas.us-                                   phoenix-1.oracle.com/20160918". This will                                   override the default service endpoint / API                                   version path. Note: The --region parameter                                   is the recommended way of targeting                                   different regions.   --cert-bundle TEXT              The full path to a CA certificate bundle to                                   be used for SSL verification. This will                                   override the default CA certificate bundle.   --output [json|table]           The output format. [Default is json]   --query TEXT                    JMESPath query [http://jmespath.org/] to run                                   on the response JSON before output.                                     Queries                                   can be entered directly on the command line                                   or referenced from the                                   [OCI_CLI_COMMAND_ALIASES] section of your                                   configuration file by using the syntax                                   query://<query_name>, for example                                   query://get_id_and_name   --raw-output                    If the output of a given query is a single                                   string value, this will return the string                                   without surrounding quotes   --auth [api_key|instance_principal]                                   The type of auth to use for the API request.                                   By default the API key in your config file                                   will be used.  This value can also be                                   provided in the OCI_CLI_AUTH environment                                   variable.   --generate-full-command-json-input                                   Prints out a JSON document which represents                                   all possible options that can be provided to                                   this command.                                     This JSON document can be                                   saved to a file, modified with the                                   appropriate option values, and then passed                                   back via the --from-json option. This                                   provides an alternative to typing options                                   out on the command line.   --generate-param-json-input TEXT                                   Complex input, such as arrays and objects,                                   are passed in JSON format.                                     When passed the                                   name of an option which takes complex input,                                   this will print out example JSON of what                                   needs to be passed to that option.   --no-retry                      Disable retry logic for calls to services.   -d, --debug                     Show additional debug information.   -?, -h, --help                  For detailed help on the individual OCI CLI                                   command, enter <command> --help.   Commands:   audit               Audit   bv                  Block Volume Service   ce                  Container Engine for Kubernetes   compute             Compute Service   compute-management  Compute Management Service   db                  Database Service   dns                 DNS   email               Email Delivery Service   fs                  File Storage Service   iam                 Identity and Access Management Service   kms                 Key Management Service   lb                  Load Balancing   network             Networking Service   os                  Object Storage Service   search              Search Service   setup               Setup commands for CLI

 

OCI CLI 설치가 되었다고 해서 바로 컴퓨트, 네트웍, 스토리지 등의 OCI 자원을 관리할 수 있는 것은 아닙니다. Tenancy, User 등 OCI CLI 설정 작업을 해야 OCI 자원에 대한 사용이 가능합니다. OCI CLI가 어떤 Tenancy에서 어느 유저로 OCI 작업을 할 지 설정해 주는 것이 필요합니다. 이를 위해 아래 정보를 미리 확인해야 합니다.

•       Tenancy OCID

•       User OCID

•       Compartment OCID: OCI CLI 설정때는 필요없지만, 설정 후 조회, 관리 작업때 많이 사용되는 정보이므로 미리 확인하면 좋습니다.

 

Tenancy OCID는 [Governance and Administration] > [Administration] > [Tenancy Details] 에서 확인할 수 있습니다. “Copy”를 클릭해서 OCID를 메모해 둡니다.

User OCID는 [Governance and Administration] > [Identity] > [Users]의 OCI CLI를 사용할 유저의 상세화면에서 확인할 수 있습니다. . “Copy”를 클릭해서 OCID를 메모해 둡니다. 참고로 해당 유저의 권한에 따라 조회/관리가 안되는 자원이 있을 수 있습니다.

Compartment OCID는 [Governance and Administration] > [Identity] > [Compartments]의 OCI CLI를 사용할 Compartment 상세화면에서 확인할 수 있습니다. “Copy”를 클릭해서 OCID를 메모해 둡니다.

OCI CLI 설정하기 전에 “oci” 명령을 수행하면 아래와 같이 config 파일을 찾을 수 없다는 메시지를 받습니다.

[opc@bastion ~]$ oci iam compartment list -c ocid1.tenancy.oc1..aaaaaaaaef57jy.............................5rx5cfberp3na --all ERROR: Could not find config file at /home/opc/.oci/config

 

OCI CLI 설정은 “oci setup config” 명령으로 합니다. 앞서 메모해 둔, Tenancy OCID, User OCID를 사용합니다. Region은 현재 Tenancy, User가 속한 Region을 입력합니다. 그리고 RSA Key Pair를 새로 만들지, 기존 키를 등록할 지를 물어봅니다. 여기서는 새로 키를 만들었습니다. 새로 키를 만든 경우, 아래 표시된 퍼블릭 키 파일(.pem포맷의 API 키) 위치를 기억해 둡니다.

[opc@bastion ~]$ oci setup config     This command provides a walkthrough of creating a valid CLI config file.       The following links explain where to find the information required by this     script:       User OCID and Tenancy OCID:           https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#Other       Region:           https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm       General config documentation:           https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm     Enter a location for your config [/home/opc/.oci/config]: Enter a user OCID: ocid1.user.oc1..aaaaaaaaywajon.................................................gwtgrgusq5uhptcy3za Enter a tenancy OCID: ocid1.tenancy.oc1..aaaaaaaaef................................................geiofz5rx5cfberp3na Enter a region (e.g. eu-frankfurt-1, uk-london-1, us-ashburn-1, us-phoenix-1): us-ashburn-1 Do you want to generate a new RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: Y Enter a directory for your keys to be created [/home/opc/.oci]: Enter a name for your key [oci_api_key]: Public key written to: /home/opc/.oci/oci_api_key_public.pem Enter a passphrase for your private key (empty for no passphrase): Private key written to: /home/opc/.oci/oci_api_key.pem Fingerprint: 7f:21:99:09:38:a6:86:c9:0b:75:5e:6b:d6:ec:16:e5 Config written to /home/opc/.oci/config         If you haven't already uploaded your public key through the console,     follow the instructions on the page linked below in the section 'How to     upload the public key':           https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#How2     [opc@bastion ~]$

 

OCI CLI 설정이 끝났습니다. Key Pair가 생성된 위치에 “config” 파일이 생성되어 있습니다. User, Tenancy, Region 정보가 명시되어 있는 것을 볼 수 있습니다.

[opc@bastion ~]$ cat /home/opc/.oci/config [DEFAULT] user=ocid1.user.oc1..aaaaaaaaywajon62qa65l................................................usq5uhptcy3za fingerprint=7f:21:99:09:38:a6:86:c9:0b:75:5e:6b:d6:ec:16:e5 key_file=/home/opc/.oci/oci_api_key.pem tenancy=ocid1.tenancy.oc1..aaaaaaaaef57jyq74yf...........................................eiofz5rx5cfberp3na region=us-ashburn-1

 

이제 OCI CLI 설정을 위해 남은 작업은 앞서 생성한 RSA 퍼블릭 키를 OCI 유저에 등록하는 것입니다. OCI CLI에서 수행되는 명령은 OCI 유저를 통해서 수행되는데, 이때 OCI CLI 설정 때 신규생성 또는 등록한 인증키가 필요합니다. 호스트의 퍼블릭 키 위치로 가서 키 내용을 복사합니다.

OCI CLI에서 앞선 설정 단계에서 사용하겠다고 등록한 유저의 상세화면에서 [API Keys] > “Add Public Key”를 클릭합니다. 여기에서 복사한 키 내용을 붙여 넣고 “Add”를 클릭합니다.

OCI CLI 사용을 위한 설정이 끝났습니다. 이제 Tenancy 내 Compartment를 조회하는 명령을 수행합니다. Tenancy OCID를 인자값으로 사용했습니다.

[opc@bastion ~]$ oci iam compartment list -c ocid1.tenancy.oc1..aaaaaaaaef57jyq...............................x5cfberp3na --all {   "data": [     {       "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaef57jyq74...........................................................fberp3na",       "defined-tags": {},       "description": "compartment for database application configuration",       "freeform-tags": {},       "id": "ocid1.compartment.oc1..aaaaaaaatpkwsiy7fw.......................................................rrmsrk6ava",       "inactive-status": null,       "is-accessible": null,       "lifecycle-state": "ACTIVE",       "name": "dbapp_comp",       "time-created": "2018-12-28T01:26:12.999000+00:00"     },     {       "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaef57jyq..................................................................erp3na",       "defined-tags": {},       "description": "compatment for oci demo",       "freeform-tags": {},       "id": "ocid1.compartment.oc1..aaaaaaaan7z3q5jl2k6.........................................................................pxjuala",       "inactive-status": null,       "is-accessible": null,       "lifecycle-state": "ACTIVE",       "name": "demo",       "time-created": "2018-12-10T06:33:29.463000+00:00"     },     {       "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaef57jyq74y..................................................................cfberp3na",       "defined-tags": {},       "description": "idcs-9ff758ccbc3d4ff994496527008c65c2|22077939|ykyunjung@naver.com-????????????(???) (?????????, KR)-576",       "freeform-tags": {},       "id": "ocid1.compartment.oc1..aaaaaaaa3zi4ddmt.................................................................qow6ybsq",       "inactive-status": null,       "is-accessible": null,       "lifecycle-state": "ACTIVE",       "name": "ManagedCompartmentForPaaS",       "time-created": "2018-12-10T02:13:19.565000+00:00"     }   ] }

 

OCI CLI 명령어 전체 레퍼런스는 아래 사이트에서 전체 내용을 확인할 수 있습니다.

OCI CLI Command Reference

https://docs.cloud.oracle.com/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/compute.html

OCI 유저에 대한 상세 정보를 조회한 내용입니다. User OCID를 인자값으로 사용합니다.

[opc@bastion ~]$ oci iam user get --user-id ocid1.user.oc1..aaaaaaaabykerb7jmky................................................c2nlqzq {   "data": {     "capabilities": {       "can-use-api-keys": true,       "can-use-auth-tokens": true,       "can-use-console-password": true,       "can-use-customer-secret-keys": true,       "can-use-smtp-credentials": true     },     "compartment-id": "ocid1.tenancy.oc1..aaaaaaaaef57jyq74y.................................................................cfberp3na",     "defined-tags": {},     "description": "..........",     "external-identifier": null,     "freeform-tags": {},     "id": "ocid1.user.oc1..aaaaaaaabykerb7jmkyz.................................................................c2nlqzq",     "identity-provider-id": null,     "inactive-status": null,     "lifecycle-state": "ACTIVE",     "name": ".............................",     "time-created": "2018-12-10T02:02:52.825000+00:00"   },   "etag": "5a69aa91cdce2ff094507d80e3d7173dbf15ed2d" }

 

특정 Compartment의 컴퓨트 인스턴스 목록을 확인해 보았습니다. 조회되는 내용이 많으므로 grep 명령에서 “-ie” 옵션으로 필터링을 했습니다.

[opc@bastion ~]$ oci compute instance list -c ocid1.compartment.oc1..aaaaaaaatpk...........................................srk6ava | grep -ie availability-domain -ie shape -ie display-name       "availability-domain": "bsHl:US-ASHBURN-AD-1",       "display-name": "web1",       "shape": "VM.Standard2.1",       "availability-domain": "bsHl:US-ASHBURN-AD-2",       "display-name": "bastion",       "shape": "VM.Standard2.2",       "availability-domain": "bsHl:US-ASHBURN-AD-2",       "display-name": "web2",       "shape": "VM.Standard2.1",

 

이제 OCI CLI로 컴퓨트 인스턴스를 만들어 보겠습니다. 컴퓨트 인스턴스를 만들 때 다양한 사용자 설정을 할 수 있지만, 여기서는 테스트를 단순화하기 위해 최소한의 내용으로 설정했습니다. 아래 정보가 필요합니다.

•       Availability Domain

•       Compartment OCID

•       Image OCID

•       Shape

•       Hostname

•       SSH Public Key

•       Subnet OCID

•       퍼블릭 IP 할당 여부

 

위 정보는 웹 콘솔에서 확인해도 되고, CLI로 확인해도 됩니다. 아래는 CLI로 Image OCID를 확인한 내용입니다.

[opc@bastion ~]$ oci compute image list -c ocid1.compartment.oc1..aaaaaaaatpkwsiy..................................msrk6ava | grep -ie display-name -ie ocid1.image : : :       "display-name": "Oracle-Linux-7.6-Gen2-GPU-2018.12.19-0",       "id": "ocid1.image.oc1.iad.aaaaaaaayvmxa5es.................................................................qhgdzwa",       "display-name": "Oracle-Linux-7.6-Gen2-GPU-2018.11.19-0",       "id": "ocid1.image.oc1.iad.aaaaaaaa5ghgpkur.................................................................5p5xziua",       "display-name": "Oracle-Linux-7.6-2018.12.19-0",       "id": "ocid1.image.oc1.iad.aaaaaaaawiur3bi46......................................................................y2fba",       "display-name": "Oracle-Linux-7.6-2018.11.19-0",       "id": "ocid1.image.oc1.iad.aaaaaaaa2mnepq.................................................................ktdiq",       "display-name": "Oracle-Linux-7.5-Gen2-GPU-2018.10.16-0",       "id": "ocid1.image.oc1.iad.aaaaaaaauai7xdsfc.................................................................huq", : : :

 

Compartment 내에 가용한 Shape이 어떤 것이 있는 지 확인한 내용입니다.

[opc@bastion ~]$ oci compute shape list -c ocid1.compartment.oc1..aaaaaaaatpkwsiy.........................................k6ava | grep shape       "shape": "VM.Standard2.1"       "shape": "VM.Standard2.2"       "shape": "VM.Standard2.1"       "shape": "VM.Standard2.2"       "shape": "VM.Standard2.1"       "shape": "VM.Standard2.2"

 

CLI로 컴퓨트 인스턴스 생성을 아래와 같이 수행했습니다.

[opc@bastion ~]$ oci compute instance launch --availability-domain bsHl:US-ASHBURN-AD-3 -c ocid1.compartment.oc1..aaaaaaaatpkwsiy7.........................................................6ava --image-id ocid1.image.oc1.iad.aaaaaaaaw....................................................y2fba --shape VM.Standard2.1 --hostname-label instance1oci --metadata '{"ssh_authorized_keys": "ssh-rsa AAAAB3Nza..................................UYn youjung@YOUJUNG-KR"}' --subnet-id ocid1.subnet.oc1.iad.aaaaaaaax3z6dqr..............................................uolzq --assign-public-ip true {   "data": {     "availability-domain": "bsHl:US-ASHBURN-AD-3",     "compartment-id": "ocid1.compartment.oc1..aaaaaaaatpkwsiy7f.................................................................rk6ava",     "defined-tags": {},     "display-name": "instance20190121063709",     "extended-metadata": {},     "fault-domain": "FAULT-DOMAIN-2",     "freeform-tags": {},     "id": "ocid1.instance.oc1.iad.abuwc.................................................................qbjzicq",     "image-id": "ocid1.image.oc1.iad.aaaaaaaawiur3bi.................................................................2fba",     "ipxe-script": null,     "launch-mode": "NATIVE",     "launch-options": {       "boot-volume-type": "PARAVIRTUALIZED",       "firmware": "UEFI_64",       "is-consistent-volume-naming-enabled": true,       "is-pv-encryption-in-transit-enabled": true,       "network-type": "VFIO",       "remote-data-volume-type": "PARAVIRTUALIZED"     },     "lifecycle-state": "PROVISIONING",     "metadata": {       "ssh_authorized_keys": "ssh-rsa AAAAB3NzaC1y.......................................................ElUee6OikPp5eN6UjBLDU11yxSUYn youjung@YOUJUNG-KR"     },     "region": "iad",     "shape": "VM.Standard2.1",     "source-details": {       "boot-volume-size-in-gbs": null,       "image-id": "ocid1.image.oc1.iad.aaaaaaaaw.................................................................uhzy2fba",       "kms-key-id": null,       "source-type": "image"     },     "time-created": "2019-01-21T06:37:09.608000+00:00",     "time-maintenance-reboot-due": null   },   "etag": "bf3383e679163981e7e2512c4c17c583ac33d0fd2c8338074a776c20d4b8b825" }

 

위 CLI 명령을 수행한 다음, 웹콘솔에서 확인해 보면 신규 인스턴스가 만들어졌음을 알 수 있습니다. 인스턴스명(display-name”)을 지정하지 않았기 때문에 오라클이 부여한 인스턴스 이름으로 생성되어 있습니다.

만들어진 컴퓨트 인스턴스에 SSH 연결 테스트도 합니다. 여기서 기술하지는 않았지만, SSH 연결을 위한 관련 인터넷 게이트웨이, 라우트 테이블, 시큐리티 리스트는 미리 설정했습니다.

$ ssh -i C:\\Users\\youjung\\.ssh\\id_rsa opc@132.145.151.166 The authenticity of host '132.145.151.166 (132.145.151.166)' can't be established. ECDSA key fingerprint is SHA256:AwVhTOzC/Dw5dbauzOG7PENlzQIQb7l0bUnHIERonwA. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '132.145.151.166' (ECDSA) to the list of known hosts. [opc@instance1oci ~]$ hostname instance1oci [opc@instance1oci ~]$ exit logout Connection to 132.145.151.166 closed.

 

CLI를 통해 “shutdown” 명령으로 컴퓨트 인스턴스를 중지 시킬 수 있습니다.

[opc@bastion ~]$ oci compute instance action --instance-id ocid1.instance.oc1.iad.abuwcl....................................................qbjzicq --action softstop {   "data": {     "availability-domain": "bsHl:US-ASHBURN-AD-3",     "compartment-id": "ocid1.compartment.oc1..aaaaaaaatpk.................................................................msrk6ava",     "defined-tags": {},     "display-name": "instance20190121063709",     "extended-metadata": {},     "fault-domain": "FAULT-DOMAIN-2",     "freeform-tags": {},     "id": "ocid1.instance.oc1.iad.abuw.................................................................3beqbjzicq",     "image-id": "ocid1.image.oc1.iad.aaaaaaaawiur3b.................................................................y2fba",     "ipxe-script": null,     "launch-mode": "NATIVE",     "launch-options": {       "boot-volume-type": "PARAVIRTUALIZED",       "firmware": "UEFI_64",       "is-consistent-volume-naming-enabled": true,       "is-pv-encryption-in-transit-enabled": true,       "network-type": "VFIO",       "remote-data-volume-type": "PARAVIRTUALIZED"     },     "lifecycle-state": "STOPPING",     "metadata": {       "ssh_authorized_keys": "ssh-rsa AAAAB3N.................................................................p5eN6UjBLDU11yxSUYn youjung@YOUJUNG-KR"     },     "region": "iad",     "shape": "VM.Standard2.1",     "source-details": {       "boot-volume-size-in-gbs": null,       "image-id": "ocid1.image.oc1.iad.aaaaaaaawiur3.................................................................iyuhzy2fba",       "kms-key-id": null,       "source-type": "image"     },     "time-created": "2019-01-21T06:37:09.608000+00:00",     "time-maintenance-reboot-due": null   },   "etag": "88cd89ba22d2c992a9afe99bc9ee1d70cd7006f4061187d32b9f42ef63a5c206" }

 

다시 Start를 하면 인스턴스의 상태가 “Starting”에서 “Running”으로 변경되는 것을 알 수 있습니다.

[opc@bastion ~]$ oci compute instance action --instance-id ocid1.instance.oc1.iad.abuwcljsyy5x................................................................................3beqbjzicq --action start {   "data": {     "availability-domain": "bsHl:US-ASHBURN-AD-3",     "compartment-id": "ocid1.compartment.oc1..aaaaaaaatpkwsiy7f.................................................................srk6ava",     "defined-tags": {},     "display-name": "instance20190121063709",     "extended-metadata": {},     "fault-domain": "FAULT-DOMAIN-2",     "freeform-tags": {},     "id": "ocid1.instance.oc1.iad.abuwcljsyy5xa.................................................................eqbjzicq",     "image-id": "ocid1.image.oc1.iad.aaaaaaaawiu.................................................................y2fba",     "ipxe-script": null,     "launch-mode": "NATIVE",     "launch-options": {       "boot-volume-type": "PARAVIRTUALIZED",       "firmware": "UEFI_64",       "is-consistent-volume-naming-enabled": true,       "is-pv-encryption-in-transit-enabled": true,       "network-type": "VFIO",       "remote-data-volume-type": "PARAVIRTUALIZED"     },     "lifecycle-state": "STARTING",     "metadata": {       "ssh_authorized_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB.....................2ElUee6OikPp5eN6UjBLDU11yxSUYn youjung@YOUJUNG-KR"     },     "region": "iad",     "shape": "VM.Standard2.1",     "source-details": {       "boot-volume-size-in-gbs": null,       "image-id": "ocid1.image.oc1.iad.aaaaaaaawiur3bi.................................................................zy2fba",       "kms-key-id": null,       "source-type": "image"     },     "time-created": "2019-01-21T06:37:09.608000+00:00",     "time-maintenance-reboot-due": null   },   "etag": "edffea4da60bb7452dc1183bef470c0d01e84cb5792334cd62a72b91a016e35c" } [opc@bastion ~]$ oci compute instance get --instance-id ocid1.instance.oc1.iad.abuw...............................................jzicq | grep -ie lifecycle-state     "lifecycle-state": "STARTING", [opc@bastion ~]$ oci compute instance get --instance-id ocid1.instance.oc1.iad.abuwcljsyy...............................................beqbjzicq | grep -ie lifecycle-state     "lifecycle-state": "RUNNING",