In OCI, one of the authentication mechanism is using "Instance Principals". Here we don't need to use a key to execute OCI CLI commands, instead of key we are allowing OCI Compute instance the permission to execute CLI commands.
In this video you can see the steps.
1. Get the OCID of the compute instance
2. Create a Dynamic group
3. Create a Policy
4. Validate the setup
5. Execute your CLI commands {oci os object put --bucket-name backup-bucket --file sc_laundry_db-202412181734507003.sql --auth instance_principal}
I am trying to mount OCI Object Storage bucket as a file system in one of my application server. It will helps me a lot to take backups and in automation I can point this OCI bucket as the destination of scripts output. As OCI object storage is S3 compatible, I am here using S3fs-fuse utility to mount the bucket.
OS : Oracle Linux 9
As a pre-request, please make sure that the compartment you are trying to mount the object storage is S3 compatible.
Go to "Governance & Administration --> Tenancy Details --> Edit object storage settings"
Now follow the below steps.
Step 1 : SSH to your application server
Step 2 : dnf update -y
Step 3 : vi /etc/yum.repos.d/oracle-epel-ol9.repo
Step 4 : Update "enabled=0" to "enabled=1" and save the file
Step 5 : yum install s3fs-fuse -y
Step 6 : Login to OCI console and generate your "Access key" and "Secret key" (keep it safe with you)
Step 7 : SSH to application server
Step 8 : vi /home/opc/.passwd-s3fs
Step 9 : Input your Access key id : Secret key id (Both in one line with a colon separated)
Step 10 : chmod 600 /home/opc/.passwd-s3fs
Step 11 : Create bucket in your OCI account (My bucket name is skynet-upload-bucket)
Step 12 : Identify your OCI region identifier (https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm)
# oci os object put -bn my-upload-bucket --file mssql-july31.sql
In this example, the backup file is mssql-july31.sql and this should be in the path or you need to add the full path and the bucket name is my-upload-bucket.
Once you have entered a valid email address, select the Verify my email button.
Go to your email. You will see an account validation email from Oracle in your inbox. The
email will be similar to the following
Select the link (if possible) or copy and paste the link into your browser.
Enter the following information to create your Oracle Cloud Free Tier account.
Choose a Password Enter your Company Name
Your Cloud Account Name will generate automatically based on your inputs. You can
change that name by entering a new value. Remember what you wrote. You'll need
this name later to sign in.
Choose a Home Region. Your Home Region cannot be changed once you sign-up.
Note: Based on the current design of the workshop and resource availability, it is
recommended not to use the London region for this workshop at this time.
Click Continue
Enter your Address information. Click Continue.
Choose your country and enter a mobile number for verification. Click the Text me a code
button.
Once you receive your code, enter it and click Verify My Code.
Click the Add payment verification method button.
Choose the verification method. In this case, click the Credit Card button. Enter your
information and payment details.
Note: This is a free credit promotion account. You will not be charged unless you elect to
upgrade the account.
Once your payment verification is complete, review and accept the agreement by clicking the check box. Click the Start my free trial button.
Your account is provisioning and should be available soon! You might want to log out as
you wait for your account to be provisioned. You'll receive two emails from Oracle. One
email will be the initial notification that provisioning is underway. The other email will be a
notification that provisioning is complete. Here is a copy of the final notification:
After fixing the error, I came to know that the issue is related to "Signature Version". For changing the signature version, there is no option in web. We need to go to "C:\Program Files\Arcserve\Unified Data Protection\Management\BIN\CCI\Config"
then open the file "AmazonPlugin", change the line from true to false
# original
#Set S3SignerType Override to true
SIGNER_OVERRIDE=true
#after change
#Set S3SignerType Override to true
SIGNER_OVERRIDE=false
Then restart the arcserver.
Try to connect, your OCI object storage account will connect now.
Attaching Block Volume Storage in Oracle Cloud Infrastructure Instance
1. Login to your OCI console, search for block volume or from the left hamburger menu, select "Storage" then "Block Volume" then "Create Block Volume"
2. Input your block volume name, compartment, AD, block volume size etc.
3. Once it is created, go to your instance and from left side you can see "Attach Block Volumes" Then you need to make sure the attach type, compartment.
4. At the right of the side, you can see "iSCSI Commands & Information", click on that, you will see the commands to attach the volume to the instance.
5. Login to the linux instance. Issue the above commands. You can see a successful message.
6. Now to identify attach volume or device use unix command lsblk. This command helps you to identify the device for me its /dev/sbd
7. Format the disk using unix command fdisk and make file system using unix commnd mkfs as you want in this case i am gong to make it as ext4 command is mkfs.ext4 /dev/sbb.
8. Create a folder directory for the mount mkdir /data
9. For permanent mounting you need to add an entry in /etc/fstab
/dev/sbd1 /data ext4 defaults,noatime,_netdev 0 2
10. Now we are going to mount. mount /dev/sdb1 /data
That's it. You can verify it using the command df -h
I am trying to install a gateway node setup using a OCI-classic. Though i could complete the action install,configure & start in sequence, i am unable to finish the JOIN action. I am doing the steps in sequence. Below is the snip of the logs that i have got from registerNode.log (full logs attached as a image): DEBUG:root:Performing dev env SSL related workarounds ERROR:root:Error: Unable to add grant , reason = ['Traceback (most recent call last):\n', ' File "APIGateway.py", line 2246, in addGrantToUser\n resp = urllib2.urlopen(request,data = addGrantJson,context=sslContext)\n', ' File "urllib2.py", line 154, in urlopen\n', ' File "urllib2.py", line 429, in open\n', ' File "urllib2.py", line 447, in _open\n', ' File "urllib2.py", line 407, in _call_chain\n', ' File "urllib2.py", line 1241, in https_open\n', ' File "urllib2.py", line 1201, in do_open\n', ' File "httplib.py", line 1121, in getresponse\n', ' File "httplib.py", line 438, in begin\n', ' File "httplib.py", line 402, in _read_status\n', "BadStatusLine: ''\n"] WARNING:root:Gateway runtime user could not be given the requisite node service account grants INFO:status:complete action: join isSuccess: failed detail: {"status": "NOT_JOINED"} ERROR:main:Action join has failed. Detail: {"status": "NOT_JOINED"} INFO:main:Gateway join complete.Status = NOT_JOINED.Please check log files for more details I am pretty sure that i have the entered Gateway runtime user in the node service account grants of the logical gateway itself. The gatewayExecutionMode is Development. And, i have checked the status of the gateway node but it looks alright. I have attached the logs as image. I doubt this is related to network. But, could someone please give me a clarity on this ? Solution : Check your MTU setting for the network interface of the gateway node machine. It should be 1500. For more details, how to set the MTU to 1500 (http://www.linuxblackmagic.com/search/label/MTU)
