22_Object_Storage_To_Instance_Through_API connectivity - Nirvan-Pandey/OCI_DOC GitHub Wiki

22_1: Overview

The purpose of API connectivity between Object Storage and a Compute instance in Oracle Cloud Infrastructure (OCI) is to demonstrate how to securely and efficiently interact with Object Storage from a Compute instance using APIs. This typically covers:

Key Objectives:

  • Understanding API Connectivity: Learn how to set up and use API keys for secure authentication and authorization.

  • Installing and Configuring OCI CLI: Install the OCI CLI on a Compute instance and configure it with the necessary credentials.

  • Interacting with Object Storage: Use the OCI CLI or SDKs to perform operations such as uploading, downloading, and managing objects in Object Storage.

  • Automating Tasks: Automate common tasks like data backup, retrieval, and management using scripts and API calls.

  • Example Use Cases:

  1. Data Backup: Automate the process of backing up data from a Compute instance to Object Storage.
  2. Data Retrieval: Retrieve and process data stored in Object Storage from a Compute instance.
  3. Integration: Integrate Object Storage with applications running on Compute instances for scalable storage solutions.

22_2: Prerequisites for Operations

  • Create a New User and Group:

Avoid using the root user for regular operations. Creating a new user and group follows the principle of least privilege, reducing the risk of accidental or malicious changes.

This allows you to grant specific permissions and manage access more effectively.

Separating duties between users and groups helps maintain a secure and organized environment.

Please note as of now, we are using the tenancy user.

  • OCI CLI Installation:

Install the OCI CLI on your Compute instance.

22_2: Create a New User and Group

Step1: Navigation

Navigate to BurgerMenu-->Identity & Security-->Domains-->Default Domains-->Groups-->Click Create

image image image

Step2: Create a group.

image image

Step3: Assign the user to this group. User is added to this group.

image image

22_3: OCI CLI Installation

The Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) is a tool that allows you to interact with OCI services from the command line, enabling automation and efficient management of cloud resources.

Step1: Login to the instance

Step2: Execute command

sudo dnf install python36-oci-cli

image

Step3: Write y to begin the installation.

image

Step4: The OCI cli package has been successfully downloaded.

image

Step5: Run below command to check version of installed OCI cli package.

oci cli -v

image

22_4: Setting up data

The Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) allows you to automate the process of pushing data to OCI services. By scripting OCI CLI commands, you can set up workflows that automatically handle tasks such as uploading data to Object Storage or provisioning resources. We will push data through the CLI, and the CLI will automatically guide the steps to complete the tasks.

Step1: Creating a test file.

We will create a test file in /tmp folder and will upload this file to OCI.

cd /tmp

touch sample.txt

ls -lrth

image

Step2: Executing the upload command

Generic Command

oci os object put -bn bucket_name --file file_name

Edited Command

oci os object put -bn Test_Bucket --file sample.txt

Step3: Write y to continue.

It failed to find config file,so asking to create new.

image image

Step4: Say no to creating through browser.

We will create through CLI.

image

Step5: Keep the location intact.

It is asking a location for config file. We will not fill this as standard practice is to keep the file at default location i.e. /root/.oci/config

image

Step6: Fill the OCI ID.

image

We will copy the OCI ID of the Backup User and paste here.

image

Step7: Fill the tenancy id.

The tenancy id of the user created.

image image

Step8: Enter the region.

image

Step9: Fingerprint is gerenated

I choose passphrase N/A.

image

Step10: Use the cat command to view the API public key and copy it into Notepad for later use.

cat /root/.oci/config

image

Step11: Again we will try to upload.

oci os object put -bn Test_Bucket --file sample.txt

Error occurred.

image

Error: Unable to retrieve namespace internally. Please provide the namespace using the option "--['namespace']".

Step12: Troubleshooting the Error.

Reason Suspected: API Key not attached to the user.

We will upload the API key by pasting the public key which we copied.

Navigate to the user

Identity->Domains-->DefaultDomain-->User-->API Key-->Add ApI Key

image image image

The bucket is now successfully linked to the instance, allowing us to transfer the backup from the instance to the bucket. Run below command again to transfer file to bucket

oci os object put -bn Test_Bucket --file sample.txt

image Error: Unable to retrieve namespace internally. Please provide the namespace using the option "--['namespace']".

Step13: Troubleshooting the Error Again.

Reason Suspected: Policy not assigned.

image image

Step14: Fresh error occurred,

image

Troubleshoot the policy again and edit the policy

image

Since my user was administrator, thats why policy and instances were not able to communicate. Allowing the administrator group to manage object in Compute in the policy.

Allow group Administrators to manage object-family in compartment NP_Compute

image

Again pushed the command to the object and it was successful.

image image