Manual Deployment OCI360 ADB

Introduction

This page will give you a walk-through of how to Deploy the OCI360 on a Compute Instance in your tenancy that will create a new report every X minutes and make it available via web server. The next steps are applicable only if you are planning the OCI360 tool with a Autonomous Oracle Database. For running it with a local 18c XE, please check the other topic.

Note that recommended and easier way to go is using docker: Installing OCI360 Tool.

• Introduction
• Pre-requisites
• Installation Steps
  • 1. Mount the Attached Block Volume Disk in the new compute
  • 2. Create the OS user for OCI360 tool
  • 3. Install the Oracle Database Client
  • 4. Move the Wallet to the compute and test the connection
  • 5. Create a schema for the OCI360 objects
  • 6. Configure oci360 OS profile
  • 7. Install oci-cli
  • 8. Install jq (json query)
  • 9. Install and configure apache
  • 10. Create the oci360 folders and config files
  • 11. Store database connection info
    • 11.1 Store user/pass in text format
    • 11.2 Store user/pass in Wallet
  • 12. Setup oci-cli
    • 12.1 Instance_principal method
    • 12.1 API Key method
  • 13. Deploy OCI360 files in their folders
  • 14. OCI360 Autonomous DB <> Bucket configuration.
    • 14.1. Create a Bucket and setup a user for ADB connection.
    • 14.2. Setup the DBMS_CREDENTIAL.
    • 14.3. Test the access to the bucket.
    • 14.4. Add the Credential name and the Bucket info into oci360.cfg.
    • 14.5. Give permissions to oci-cli to access and upload files in the Bucket.
  • 15. Enable oci360 auto-execution
  • 16. Run OCI360 manually and check logs
• Optional Steps
  • 17. Add usage info in OCI360:
  • 18. Add billing info in OCI360:

Pre-requisites

Deploy a new server with the following specifications in OCI:

• Oracle Linux 7.6 or higher
• Minimal Shape. VM.Standard.E2.1 - 1 Core OCPU, 8 GB Memory
• Root Disk = 50GB
• Attached Block Volume Disk = 50GB
  • This space will be used by OCI360 output.
• Public IP is not recommended

For security reasons, it's recommended to:

• KEEP SELinux running in enforcing mode. No need to stop it.
• KEEP iptables/firewalld service running. No need to stop it.

Installation Steps

1. Mount the Attached Block Volume Disk in the new compute

First, ensure your disk is detect by OS. If not, run ISCSIADM commands.

You can check it with lsblk command:

[ROOT]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sdb      8:16   0   50G  0 disk
sda      8:0    0 46.6G  0 disk
├─sda2   8:2    0    8G  0 part [SWAP]
├─sda3   8:3    0 38.4G  0 part /
└─sda1   8:1    0  200M  0 part /boot/efi

As you can see above, a new disk was detected.

Now let's create a lvm volume to manage and format it.

[ROOT]# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created.
[ROOT]# vgcreate vg_oci360 /dev/sdb
  Volume group "vg_oci360" successfully created
[ROOT]# lvcreate -n lv_oci360 -l 100%FREE vg_oci360
  Logical volume "lv_oci360" created.
[ROOT]# mkfs.xfs /dev/vg_oci360/lv_oci360
meta-data=/dev/vg_oci360/lv_oci360  isize=256    agcount=4, agsize=3276544 blks
         =                          sectsz=4096  attr=2, projid32bit=1
         =                          crc=0        finobt=0, sparse=0, rmapbt=0, reflink=0
data     =                          bsize=4096   blocks=13106176, imaxpct=25
         =                          sunit=0      swidth=0 blks
naming   =version 2                 bsize=4096   ascii-ci=0 ftype=1
log      =internal log              bsize=4096   blocks=6399, version=2
         =                          sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                      extsz=4096   blocks=0, rtextents=0 

Time to mount the disk:

[ROOT]# mkdir /u01
[ROOT]# mount /dev/vg_oci360/lv_oci360 /u01

Get the UUID and add the volume to fstab for auto-mount on boot.

[ROOT]# blkid /dev/vg_oci360/lv_oci360
/dev/vg_oci360/lv_oci360: UUID="4b3ef26a-1480-4052-942b-66100cbb4eb1" TYPE="xfs" 

Now add to fstab:

[ROOT]# echo "UUID=$(blkid -s UUID -o value /dev/vg_oci360/lv_oci360) /u01 xfs defaults,_netdev,_netdev 0 0" >> /etc/fstab

Umount and mount to test:

[ROOT]# umount /u01
[ROOT]# mount /u01

2. Create the OS user for OCI360 tool

Create the OCI360 user:

[ROOT]# useradd -g users -m -d /u01/oci360/ oci360
[ROOT]# ls -la /u01/
total 4
drwxr-xr-x.  3 root   root    20 May 20 15:31 .
dr-xr-xr-x. 18 root   root  4096 May 20 15:15 ..
drwx------.  2 oci360 users   62 May 20 15:31 oci360

3. Install the Oracle Database Client

First, you have to install the oracle-database-preinstall yum package to deploy all the pre-requirements:

[ROOT]# yum -y install oracle-database-preinstall-19c.x86_64
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
...
Complete!

Next, download Oracle Database 19c Client for Linux x86-64 from https://www.oracle.com/database/technologies/oracle19c-linux-downloads.html Download the LINUX.X64_193000_client_home.zip (or higher version).

You can download it straight to the server using wget, if you get the download link after the download starts on your browser.

The URL below is just an example. Don't use it or it will fail. You will need to get a new one using the steps above.

[ROOT]# sudo su - oracle
[ORACLE]$ wget -nv -O LINUX.X64_193000_client_home.zip https://download.oracle.com/otn/linux/oracle19c/190000/LINUX.X64_193000_client_home.zip?AuthParam=1589990453_4e78418598132ea5735403c777dce385
Saving to: ‘LINUX.X64_193000_client_home.zip’

For security reasons, check if the file checksum is correct:

df3ef12bc19d03cb3331ccdf3490ec361b6ed5d243da32df583f02f0774e2315

Now you can safely install the Oracle 19c Client ZIP.

Create the directory for the ORACLE_HOME and unzip it.

[ROOT]# mkdir -p /u01/oracle/database/product/19c
[ROOT]# chown -R oracle: /u01/oracle/
[ORACLE]$ unzip -q -d /u01/oracle/database/product/19c LINUX.X64_193000_client_home.zip

Change the response file with the correct values:

[ORACLE]$ vi /u01/oracle/database/product/19c/install/response/clientsetup.rsp
...
UNIX_GROUP_NAME=oinstall
INVENTORY_LOCATION=/u01/oracle/oraInventory
ORACLE_BASE=/u01/oracle/database

Install the Oracle Client:

[ORACLE]$ /u01/oracle/database/product/19c/runInstaller \
-silent -waitForCompletion \
-responseFile /u01/oracle/database/product/19c/install/response/clientsetup.rsp

Launching Oracle Database Client Setup Wizard...

The response file for this session can be found at:
 /u01/oracle/database/product/19c/install/response/client_2020-05-20_05-52-54PM.rsp

You can find the log of this install session at:
 /tmp/InstallActions2020-05-20_05-52-54PM/installActions2020-05-20_05-52-54PM.log

As a root user, execute the following script(s):
	1. /u01/oracle/oraInventory/orainstRoot.sh

Execute /u01/oracle/oraInventory/orainstRoot.sh on the following nodes:
[oci360comp]


Successfully Setup Software.
Moved the install session logs to:
 /u01/oracle/oraInventory/logs/InstallActions2020-05-20_05-52-54PM

Finally, run the orainstRoot.sh utility as root:

[ROOT]# /u01/oracle/oraInventory/orainstRoot.sh
Changing permissions of /u01/oracle/oraInventory.
Adding read,write permissions for group.
Removing read,write,execute permissions for world.

Changing groupname of /u01/oracle/oraInventory to oinstall.
The execution of the script is complete.

Add to the oracle account the default database info to allow fast connection.

[ROOT]# su - oracle
[ORACLE]$ echo 'export ORACLE_HOME=/u01/oracle/database/product/19c' >> ~/.bash_profile
[ORACLE]$ echo 'export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch' >> ~/.bash_profile
[ORACLE]$ . ~/.bash_profile

4. Move the Wallet to the compute and test the connection

Download the Oracle Wallet from your ADB instance and move it to the target compute.

If you haven't created the ADB for OCI360 yet (or you don't have any one available), follow the steps on this article to create a new one (can be the Always Free option): https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/adbcreating.htm

Once you scp the file to the target compute instance, unzip the contents on the $ORACLE_HOME/network/admin folder:

[ROOT]# su - oracle
[ORACLE]$ unzip -d $ORACLE_HOME/network/admin/ Wallet_oci360.zip
Archive:  Wallet_oci360.zip
  inflating: /u01/oracle/database/product/19c/network/admin/README
  inflating: /u01/oracle/database/product/19c/network/admin/cwallet.sso
  inflating: /u01/oracle/database/product/19c/network/admin/tnsnames.ora
  inflating: /u01/oracle/database/product/19c/network/admin/truststore.jks
  inflating: /u01/oracle/database/product/19c/network/admin/ojdbc.properties
replace /u01/oracle/database/product/19c/network/admin/sqlnet.ora? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: /u01/oracle/database/product/19c/network/admin/sqlnet.ora
  inflating: /u01/oracle/database/product/19c/network/admin/ewallet.p12
  inflating: /u01/oracle/database/product/19c/network/admin/keystore.jks

Test the connection:

[ORACLE]$ sqlplus /nolog
SQL> conn admin/xxx@oci360adb_medium
Connected.
SQL> select 1 from dual;

	 1
----------
	 1

5. Create a schema for the OCI360 objects

Create a schema in your ADB to handle the OCI360 objects:

[ORACLE]$ sqlplus /nolog
SQL> conn admin/xxx@oci360adb_medium
Connected.
SQL> create user OCI360 identified by "xxx";
User created.
SQL> alter user OCI360 default tablespace DATA quota unlimited on DATA;
User altered.
SQL> grant CREATE SESSION, ALTER SESSION, CREATE SEQUENCE, CREATE TABLE, CREATE VIEW to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.GV_$INSTANCE to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.GV_$OSSTAT to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.GV_$SYSTEM_PARAMETER2 to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$DATABASE to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$INSTANCE to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$PARAMETER to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$PARAMETER2 to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$PROCESS to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$SESSION to OCI360;
Grant succeeded.
SQL> grant SELECT on SYS.V_$SYSTEM_PARAMETER2 to OCI360;
Grant succeeded.
SQL> grant EXECUTE on SYS.DBMS_LOCK to OCI360;
Grant succeeded.
SQL> grant EXECUTE on DBMS_CLOUD to OCI360;
Grant succeeded.
SQL> grant READ on directory DATA_PUMP_DIR to OCI360;
Grant succeeded.

Test the connection:

[ORACLE]$ sqlplus /nolog
SQL> conn oci360/xxx@oci360adb_medium
Connected.
SQL> select 1 from dual;

	 1
----------
	 1

6. Configure oci360 OS profile

Add to the oci360 account the ORACLE_HOME and PATH info on its profile.

[ROOT]# su - oci360
[OCI360]$ echo 'export ORACLE_HOME=/u01/oracle/database/product/19c' >> ~/.bash_profile
[OCI360]$ echo 'export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch' >> ~/.bash_profile
[OCI360]$ . ~/.bash_profile

Test the connection:

[OCI360]$ sqlplus /nolog
SQL> conn oci360/xxx@oci360adb_medium
Connected.
SQL>

7. Install oci-cli

The extractor phase of oci360 requires oci-cli binary to be proper installed.

In order to RUN oci-cli and reach the REST API endpoints, the compute instance must either have:

1. Route to Service Gateway to run oci-cli privately. Choose the target type and the service CIDR label 'All &lt;region&gt; Services in Oracle Services Network'. Check this link for more details: https://blogs.oracle.com/cloud-infrastructure/access-oracle-services-privately-with-a-service-gateway
2. Route to public internet websites ending with: *.oraclecloud.com

After one of the two options above is delivered to your compute, we can proceed with the oci-cli installation.

[ROOT]# yum -y install python-oci-cli
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
...
Complete!
[ROOT]# oci -v
2.6.3

Only if the command above does not work , you can also deploy it manually. Check https://github.com/oracle/oci-cli for more details.

[OCI360]$ wget -nv https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh
Saving to: ‘install.sh’
...
[OCI360]$ bash install.sh --accept-all-defaults --exec-dir ~/oracle-cli/bin/ --install-dir ~/oracle-cli/lib/
Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v2.5.15/scripts/install/install.py to /tmp/oci_cli_install_tmp_oHpp.
-- Installation successful.
-- Run the CLI with /home/oracle/oracle-cli/bin/oci -help
...
[OCI360]$ /home/oracle/oracle-cli/bin/oci -v
2.6.4

8. Install jq (json query)

Also, you will require jq (https://stedolan.github.io/jq/) to handle the json parsing:

[ROOT]# yum -y install jq
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
...
Complete!
[ROOT]# jq -V
jq-1.6

If the command above does not work, you can also deploy it manually:

[OCI360]$ mkdir ~/bin/
[OCI360]$ wget -nv -O ~/bin/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
[OCI360]$ chmod +x ~/bin/jq
[OCI360]$ ~/bin/jq -V
jq-1.6

9. Install and configure apache

Apache will be used by oci360 to show the generated reports in a web server.

[ROOT]# yum -y install httpd
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
...
Complete!

Next, let's create the folder where the oci360 output will be stored. I've created it on /u01/ to offload ROOT filesystem:

[ROOT]# mkdir /u01/www/
[ROOT]# ln -s /u01/www/ /var/www/oci360
[ROOT]# chown -R oci360: /u01/www/

If you have SELinux enabled, you must tell the context for new files in order to allow apache to work:

[ROOT]# semanage fcontext -a -e /var/www/html /u01/www
[ROOT]# restorecon -R -v /u01/www

Now let's create a simple password only to protect the http access. Note that in the example below, the user for this case will be oci360 :

[ROOT]# htpasswd -c /etc/httpd/.htpasswd oci360
New password:
Re-type new password:
Adding password for user oci360

Configure the new oci360 folder on apache (copy and paste all the lines from cat until EOF):

[ROOT]# cat << 'EOF' > /etc/httpd/conf.d/oci360.conf
Alias /oci360 "/var/www/oci360/"
<Directory "/var/www/oci360">
  Options +Indexes
  AllowOverride All
  Require all granted
  Order allow,deny
  Allow from all
</Directory>
EOF

Now let's protect the oci360 folder with the password created 2 steps behind (copy and paste all the lines from cat until EOF):

[ROOT]# cat << 'EOF' > /var/www/oci360/.htaccess
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
EOF

Let's now enable firewall port for apache, enable and start the service:

[ROOT]# firewall-cmd --add-service=http
success
[ROOT]# firewall-cmd --permanent --add-service=http
success
[ROOT]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[ROOT]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service

10. Create the oci360 folders and config files

OCI360 tool will run under oci360 account. Create the required folders:

[ROOT]# sudo su - oci360
[OCI360]$ mkdir ~/oci360_tool/
[OCI360]$ mkdir ~/oci360_tool/{log,app,out,exp,scripts}

11. Store database connection info

Now you need to create a file to store the credentials to connect on the DB instance that you have configured and that will be used for OCI360. You have 2 options:

• Create the file with your user/password in text format. If the chosen DB is a XE, and only used by OCI360, this is usually not an issue.
• Create the file without the password in text format and use Oracle Wallet to secured store it.

11.1 Store user/pass in text format

Set the connection string for your ADB in oci360.cfg file:

[OCI360]$ echo "v_conn='oci360/xxx@oci360adb_medium'" > ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ chmod 600 ~/oci360_tool/scripts/oci360.cfg

Now test it:

[OCI360]$ . ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ sqlplus ${v_conn}

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Jun 30 12:48:55 2020
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.5.0.0.0

SQL>

11.2 Store user/pass in Wallet

When running an Oracle ADB, the wallet file already exists on your $TNS_ADMIN directory. So, all you will need is to include a new credential into it:

[ORACLE]$ mkstore -wrl $ORACLE_HOME/network/admin -createCredential oci360adb_medium oci360
Oracle Secret Store Tool Release 18.0.0.0.0 - Production
Version 18.1.0.0.0
Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.

Your secret/Password is missing in the command line
Enter your secret/Password:  <<< oci360 password
Re-enter your secret/Password: <<< oci360 password
Enter wallet password: <<< wallet password

Add to you local sqlnet config the Wallet Override flag:

[ORACLE]$ cat << 'EOF' >> $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.WALLET_OVERRIDE = TRUE
EOF

As you can see above, oci360adb_medium is the TNS alias we will use. Set the connection string for your oci360adb in oci360.cfg file:

[OCI360]$ echo "v_conn='/@oci360adb_medium'" > ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ chmod 600 ~/oci360_tool/scripts/oci360.cfg

Now test it:

[OCI360]$ . ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ sqlplus ${v_conn}

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Jun 30 12:48:55 2020
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.5.0.0.0

SQL>

12. Setup oci-cli

Now it's time to setup your oci-cli utility so the export phase of oci360 can run without any issues. To do that, you have 2 options:

• Make oci-cli authenticate to the API using instance_principal method (if this host in inside the OCI tenancy that you are reading from)
• Create a read-only user in your OCI web console tenancy and authenticate through API Key.

12.1 Instance_principal method

In instance_principal method, the oci-cli connect to the OCI internally and thus don't need to connect though the internet. Only to the Service Gateway.

First, set the OCI_CLI_AUTH variable in your bash_profile to define the new default authentication method.

[OCI360]$ echo 'export OCI_CLI_AUTH=instance_principal' >> ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ . ~/oci360_tool/scripts/oci360.cfg

Now, create a ~/.oci/config file, specifying into it just your tenancy OCID and the default region (copy and paste all the lines from cat until EOF):

[OCI360]$ mkdir ~/.oci/
[OCI360]$ cat << 'EOF' > ~/.oci/config
[DEFAULT]
tenancy=ocid1.tenancy.oc1..xxx
region=us-ashburn-1
EOF
[OCI360]$ chmod 600 ~/.oci/config

That's all you need to set in your compute side. Now you need to tell your tenancy that this compute can make REST API calls using the internal API.

Now, connect on OCI web-console and create:

1. Dynamic Group, named OCI360_DG with the simple rule include your own machine OCID:
   1. Name: OCI360_DG
   2. Description: Group to handle oci-cli calls from the host of OCI360.
   3. Rule:
      • instance.id = 'ocid1.instance.oc1.iad.xxx' (Your Compute OCID)
2. Policy, named OCI360_Policy with the simple rule include your own machine OCID:
   1. Name: OCI360_Policy
   2. Description: Policy to handle oci-cli calls from the host of OCI360.
   3. Rule:
      • allow dynamic-group OCI360_DG to read all-resources in tenancy

More info at: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingdynamicgroups.htm

Now test it:

[OCI360]$ ~/oci360_tool/app/sh/oci_json_export.sh Comp-Instances
{
  "data": [
...

12.1 API Key method

For this option, check this article that will show how to create a readonly user for your tenancy: https://www.dbarj.com.br/en/2018/09/creating-a-read-only-user-in-oracle-cloud-infrastructure/

13. Deploy OCI360 files in their folders

This step is to finally deploy the OCI360 tool in your system. The OCI360 github repo must be copied to your ~/oci360_tool/app/ folder:

[OCI360]$ cd ~/oci360_tool/
[OCI360]$ rm -rf ~/oci360_tool/app/
[OCI360]$ wget -nv -O oci360.zip https://github.com/dbarj/oci360/archive/master.zip
2020-06-25 13:41:25 URL:https://codeload.github.com/dbarj/oci360/zip/master [812224] -> "oci360.zip" [1]
[OCI360]$ unzip oci360.zip
[OCI360]$ mv ~/oci360_tool/oci360-master/ ~/oci360_tool/app/

Copy the ~/oci360_tool/app/sh/oci360_cron.sh to ~/oci360/scripts/oci360_run.sh

[OCI360]$ cp ~/oci360_tool/app/sh/oci360_cron.sh  ~/oci360_tool/scripts/oci360_run.sh 

If you check the oci360_run.sh contents, you will note some "v_retention_*" variables:

• If you want to change their values, declare them in oci360.cfg file. If you change their values in oci360_run.sh, you will lose the changes when the tool gets updated. Example:

[OCI360]$ echo "v_audit_period=10" >> ~/oci360_tool/scripts/oci360.cfg

• Change them to "0" to disable the collection.

The tool is deployed. Now all we need is to run it.

14. OCI360 Autonomous DB <> Bucket configuration.

When running OCI360 in ADB, the OCI Bucket will be your interface for reading the files.

To do that, you will need to create a credential in the Oracle Database that allows read access to the bucket where you are going to store the uploaded JSON and CSV files for processing. In local 18c XE, this step is not necessary as the files are read using EXTERNAL DIRECTORIES. Let's start:

14.1. Create a Bucket and setup a user for ADB connection.

Follow the steps on Oracle ADB Page to create a tenancy API user which will be used by your ADB. After you follow the steps, keep a note of the following items:

• User OCID
• Tenancy OCID
• User Private Key
• Public Key Fingerprint
• Bucket URI address

14.2. Setup the DBMS_CREDENTIAL.

Now that the user credential was created, next step is creating a Database Credential for the user created on the step 5. The credential name is the only field you can choose a value. For all the others, copy from the step above.

SQL> conn oci360/xxx@oci360adb_medium
Connected.
SQL> BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL (
credential_name => 'OCI360_CRED',
user_ocid       => 'ocid1.user.oc1..xxx',
tenancy_ocid    => 'ocid1.tenancy.oc1..xxx',
private_key     => '-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
-----END RSA PRIVATE KEY-----',
fingerprint     => 'ba:a2:5d:10:e9:61:25:57:ab:85:8d:d6:2b:df:c3:80');
END;
/

PL/SQL procedure successfully completed.

14.3. Test the access to the bucket.

[OCI360]$ sqlplus /nolog
SQL> conn oci360/xxx@oci360adb_medium
Connected.
SQL> SELECT * from 
table(DBMS_CLOUD.LIST_OBJECTS (
 credential_name      => 'OCI360_CRED',
 location_uri         => 'https://objectstorage.us-ashburn-1.oraclecloud.com/n/{your_namespace}/b/{your_bucket}/o/')
);

no rows selected

If you don't receive any error, this means the credential is working and your bucket is simply empty. Otherwise, check the ORA message and fix the problem.

14.4. Add the Credential name and the Bucket info into oci360.cfg.

You will also need to add the following variables to the oci360.cfg file of OCI360 (adapt with the correct values):

[OCI360]$ cat >> ~/oci360_tool/scripts/oci360.cfg << 'EOF'
v_oci_bucket="oci360_bucket"
v_oci360_opts="
DEF oci360_adb_cred = 'OCI360_CRED'
DEF oci360_adb_uri  = 'https://objectstorage.us-ashburn-1.oraclecloud.com/n/{your_namespace}/b/{your_bucket}/o/'
"
EOF

14.5. Give permissions to oci-cli to access and upload files in the Bucket.

In step 12, where you've created an API credential to be used by oci-cli, you also need to give permissions to this credential to full access the bucket you've created for OCI360. Example, if using Instance Principal method:

• allow dynamic-group OCI360_DG to manage objects in tenancy where target.bucket.name='oci360_bucket'

15. Enable oci360 auto-execution

Before running it for the first time, create an auto-execution entry in you crontab. You may adjust how often it will execute (/6 = every 6 hours. /12 = every 12 hours):

[OCI360]$ crontab -l > mycron
no crontab for oci360
[OCI360]$ echo '00 */6 * * * /usr/bin/sh /u01/oci360/oci360_tool/scripts/oci360_run.sh' >> mycron
[OCI360]$ crontab mycron
[OCI360]$ rm -f mycron

Checking..

[OCI360]$ crontab -l
00 */6 * * * /usr/bin/sh /u01/oci360/oci360/scripts/oci360_run.sh

16. Run OCI360 manually and check logs

Let's do a trial run. We will simple run the crontab line in nohup mode:

[OCI360]$ nohup /usr/bin/sh ~/oci360_tool/scripts/oci360_run.sh &
[OCI360]$ tail -f ~/oci360_tool/log/run.*.log

After it completes, now you can test the output accessing your server at: http://YOURSERVER/oci360/

The output will also be in a zip format and available at ~/oci360_tool/out/processed/

Optional Steps

17. Add usage info in OCI360:

To add usage info in OCI360, the created account used by your oci-cli must also be granted privileges to access tenancy usage info. For more details about giving that privilege, check: https://docs.cloud.oracle.com/en-us/iaas/Content/Billing/Tasks/accessingusagereports.htm and https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Concepts/costs.htm.

18. Add billing info in OCI360:

OCI360 has also a full billing report. In order to enable it, you need some extra steps as billing info is taken with direct REST calls to your tenancy IDCS domain, not using oci-cli.

The most secure way to do it is to create a Trusted Application in the IDCS. Check this article to get the steps to create this account: https://www.dbarj.com.br/en/2019/06/creating-read-only-account-for-rest-billing-access-on-oracle-cloud/.

After application is created, create the oci360.cfg file in the scripts folder with the variables below. Fill them with the corresponding ones for your tenancy (copy and paste all the lines from cat until EOF):

[OCI360]$ cat << 'EOF' >> ~/oci360_tool/scripts/oci360.cfg
export CLIENT_ID="c18e050ae7c32a4994c26252b8adf703"
export CLIENT_SECRET="e7c32a49-219b-4fda-a404-252b8adf70302"
export CLIENT_DOMAIN="idcs-50ae7c32a4994c2625250ae7c32a4994"
EOF
[OCI360]$ chmod 600 ~/oci360_tool/scripts/oci360.cfg

To test if it's working:

[OCI360]$ . ~/oci360_tool/scripts/oci360.cfg
[OCI360]$ ~/oci360_tool/app/sh/oci_json_billing.sh serviceEntitlements