Oracle Cloud Infrastructure(OCI)のリソースを作る方法は、Web管理コンソール経由、Terraform、Ansibleといろいろありますが、ちょっとしたリソースであればcliで作るのが簡単で便利です。
# この記事で作成するようなリソース群を、毎度毎度cli打って作るようなことはおすすめしません
# cliでリソース作成する際のリファレンスとして、お使いいただければ幸いです
やりたいこと
以下の環境をoci cliで作る
- ネットワーク
- VCN (192.168.100.0/24)
- Internet Gateway
- Security List
- Route table
- subnet (192.168.100.0/27, 192.168.100.32/27)
- インスタンス
- Webサーバー想定のComputeインスタンス
- DBサーバー想定のDbaaSインスタンス
前提
- OCI CLIはインストール済み、各種設定も完了済み
- compartment_idはconfigファイルに記載済み
- Windows環境からcliコマンドを発行しています
- oci cliのバージョンは2.4.41
ネットワーク関連リソースを作る
VCN
構文
> oci network vcn create [OPTIONS]
※必須オプションはcidrブロックと、コンパートメント
※DBaaS作成のため、DNS有効化も実行例
> oci network vcn create --cidr-block 192.168.100.0/24 --display-name Qiita-VCN --dns-label QiitaVCN
{
"data": {
"cidr-block": "192.168.100.0/24",
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxxxx",
"default-dhcp-options-id": "ocid1.dhcpoptions.oc1.phx.xxxxxxxxxxx",
"default-route-table-id": "ocid1.routetable.oc1.phx.xxxxxxxxxxx",
"default-security-list-id": "ocid1.securitylist.oc1.phx.xxxxxxxxxxx",
"defined-tags": {},
"display-name": "Qiita-VCN",
"dns-label": "qiitavcn", # <--★DbaaSインスタンス作成にDNS有効化が必要
"freeform-tags": {},
"id": "ocid1.vcn.oc1.phx.xxxxxxxxxxx",
"lifecycle-state": "AVAILABLE",
"time-created": "2019-01-29T13:57:49.720000+00:00",
"vcn-domain-name": "qiitavcn.oraclevcn.com"
},
"etag": "d75fa854"
}
Internet Gateway
構文
> oci network internet-gateway create [OPTIONS]
※必須オプションはvcn-idと有効化オプションと、コンパートメント実行例
> oci network internet-gateway create --is-enabled true --vcn-id ocid1.vcn.oc1.phx.xxxxxxxxxxx --display-name QiitaIGW
{
"data": {
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxxxx",
"defined-tags": {},
"display-name": "QiitaIGW",
"freeform-tags": {},
"id": "ocid1.internetgateway.oc1.phx.xxxxxxxxxxx",
"is-enabled": true,
"lifecycle-state": "AVAILABLE",
"time-created": "2019-01-29T14:05:17+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxxxxxx"
},
"etag": "ebf7fea3"
}
Security Lists
構文
> oci network security-list create [OPTIONS]
※必須オプションはvcnのocid、ingress/egressのルール、コンパートメントID
※サブネット作成時に指定できるよう先にセキュリティリストとルートテーブルを作っておいています
※プロトコルの番号を指定する場合はProtocol Numberで確認(tcpは6)
※ルール指定する際に使うjsonの書き方は「Oracle Cloud(OCI)のcliのinput/outputで使うjsonに慣れる」を参照実行例
Web-subnet用のセキュリティリスト
> oci network security-list create `
>> --vcn-id ocid1.vcn.oc1.phx.xxxxxxxx `
>> --ingress-security-rules `
>> "[{\`"source\`": \`"x.x.x.x/32\`", \`"protocol\`": \`"6\`", `
>> \`"isStateless\`": false, `
>> \`"tcpOptions\`": {\`"destinationPortRange\`": {\`"max\`": 22, \`"min\`": 22}, `
>> \`"sourcePortRange\`": null }}]" `
>> --egress-security-rules `
>> "[{\`"destination\`": \`"192.168.100.0/24\`", \`"protocol\`": \`"6\`", `
>> \`"isStateless\`":false }]" `
>> --display-name "Qiita_SC_Web"
{
"data": {
"compartment-id": "ocid1.compartment.oc1..xxxxxxxx ",
"defined-tags": {},
"display-name": "Qiita_SC_Web",
"egress-security-rules": [
{
"destination": "192.168.100.0/24",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"tcp-options": null,
"udp-options": null
}
],
"freeform-tags": {},
"id": "ocid1.securitylist.oc1.phx.xxxxxxxx ",
"ingress-security-rules": [
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "x.x.x.x/32",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 22,
"min": 22
},
"source-port-range": null
},
"udp-options": null
}
],
"lifecycle-state": "AVAILABLE",
"time-created": "2019-01-31T13:31:32.758000+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxxx "
},
"etag": "2457a9a2"
}
DB-subnet用セキュリティリスト
> oci network security-list create --vcn-id ocid1.vcn.oc1.phx.xxxxxxx `
>> --ingress-security-rules `
>> "[{\`"source\`": \`"192.168.100.0/24\`", \`"protocol\`": \`"6\`", `
>> \`"isStateless\`": false, `
>> \`"tcpOptions\`": {\`"destinationPortRange\`": {\`"max\`": 22, \`"min\`": 22}, `
>> \`"sourcePortRange\`": null }}, `
>> {\`"source\`": \`"192.168.100.0/24\`", \`"protocol\`": \`"6\`", `
>> \`"isStateless\`": false, `
>> \`"tcpOptions\`": {\`"destinationPortRange\`": {\`"max\`": 1521, \`"min\`": 1521}, `
>> \`"sourcePortRange\`": null }}]" `
>> --egress-security-rules `
>> "[{\`"destination\`": \`"192.168.100.0/24\`", \`"protocol\`": \`"6\`", `
>> \`"isStateless\`":false }]" `
>> --display-name "Qiita_SC_DB"
{
"data": {
"compartment-id": "ocid1.compartment.oc1..xxxxxxx ",
"defined-tags": {},
"display-name": "Qiita_SC_DB",
"egress-security-rules": [
{
"destination": "192.168.100.0/24",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"tcp-options": null,
"udp-options": null
}
],
"freeform-tags": {},
"id": "ocid1.securitylist.oc1.phx.xxxxxxx ",
"ingress-security-rules": [
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "192.168.100.0/24",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 22,
"min": 22
},
"source-port-range": null
},
"udp-options": null
},
{
"icmp-options": null,
"is-stateless": false,
"protocol": "6",
"source": "192.168.100.0/24",
"source-type": "CIDR_BLOCK",
"tcp-options": {
"destination-port-range": {
"max": 1521,
"min": 1521
},
"source-port-range": null
},
"udp-options": null
}
],
"lifecycle-state": "AVAILABLE",
"time-created": "2019-01-31T14:07:05.833000+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxx "
},
"etag": "b6833bab"
}
Route table
構文
> oci network route-table create [OPTIONS]
※必須オプションはルーティングルール、vcnのocid、コンパートメントID実行例
Web-subnetからinternetGatewayへ
> oci network route-table create `
>> --route-rules "[{\`"cidrBlock\`":\`"0.0.0.0/0\`",\`"networkEntityId\`":\`"ocid1.internetgateway.oc1.phx.xxxxxxxx\`"}]" `
>> --vcn-id ocid1.vcn.oc1.phx.xxxxxxxx`
>> --display-name "Qiita_RT_Web"
{
"data": {
"compartment-id": "ocid1.compartment.oc1..xxxxxxxx",
"defined-tags": {},
"display-name": "Qiita_RT_Web",
"freeform-tags": {},
"id": "ocid1.routetable.oc1.phx.xxxxxxxx",
"lifecycle-state": "AVAILABLE",
"route-rules": [
{
"cidr-block": "0.0.0.0/0",
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"network-entity-id": "ocid1.internetgateway.oc1.phx.xxxxxxxx"
}
],
"time-created": "2019-01-31T14:33:26.719000+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxxx"
},
"etag": "6b8e208d"
}
Subnet
構文
> oci network subnet create [OPTIONS]
※必須オプションはAD、cidr、vcnのocid、コンパートメントID
※作成済みのセキュリティリストとルーティングテーブルをここで指定(あとから変更も可)実行例
Web用のSubnet
> oci network subnet create `
>> --availability-domain "gype:PHX-AD-1" `
>> --cidr-block 192.168.100.32/27 `
>> --vcn-id ocid1.vcn.oc1.phx.xxxxxxxxxx`
>> --display-name "Qiita_Subnet_Web" `
>> --prohibit-public-ip-on-vnic false `
>> --security-list-ids "[\`"ocid1.securitylist.oc1.phx.xxxxxxxxxx\`"]" `
>> --route-table-id ocid1.routetable.oc1.phx.xxxxxxxxxx`
>> --dns-label qiitasubnetweb
{
"data": {
"availability-domain": "gype:PHX-AD-1",
"cidr-block": "192.168.100.32/27",
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxxx",
"defined-tags": {},
"dhcp-options-id": "ocid1.dhcpoptions.oc1.phx.aaaaaxxxxxxxxxx",
"display-name": "Qiita_Subnet_Web",
"dns-label": "qiitasubnetweb",
"freeform-tags": {},
"id": "ocid1.subnet.oc1.phx.xxxxxxxxxx",
"lifecycle-state": "AVAILABLE",
"prohibit-public-ip-on-vnic": false,
"route-table-id": "ocid1.routetable.oc1.phx.xxxxxxxxxx",
"security-list-ids": [
"ocid1.securitylist.oc1.phx.xxxxxxxxxx"
],
"subnet-domain-name": "qiitasubnetweb.qiitavcn.oraclevcn.com",
"time-created": "2019-01-31T15:50:40.551000+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxxxxx",
"virtual-router-ip": "192.168.100.33",
"virtual-router-mac": "00:00:17:CA:56:AE"
},
"etag": "973de11"
}
DB用のSubnet
> oci network subnet create `
>> --availability-domain "gype:PHX-AD-1" `
>> --cidr-block 192.168.100.0/27 `
>> --vcn-id ocid1.vcn.oc1.phx.xxxxxxxxxx`
>> --display-name "Qiita_Subnet_DB" `
>> --prohibit-public-ip-on-vnic true `
>> --security-list-ids "[\`"ocid1.securitylist.oc1.phx.xxxxxxxxxx\`"]" `
>> --dns-label qiitasubnetdb #<--★DbaaSインスタンス作成のため、dnsが有効化されている必要
{
"data": {
"availability-domain": "gype:PHX-AD-1",
"cidr-block": "192.168.100.0/27",
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxxx",
"defined-tags": {},
"dhcp-options-id": "ocid1.dhcpoptions.oc1.phx.xxxxxxxxxx",
"display-name": "Qiita_Subnet_DB",
"dns-label": "qiitasubnetdb",
"freeform-tags": {},
"id": "ocid1.subnet.oc1.phx.xxxxxxxxxx",
"lifecycle-state": "AVAILABLE",
"prohibit-public-ip-on-vnic": true,
"route-table-id": "ocid1.routetable.oc1.phx.xxxxxxxxxx",
"security-list-ids": [
"ocid1.securitylist.oc1.phx.xxxxxxxxxx"
],
"subnet-domain-name": "qiitasubnetdb.qiitavcn.oraclevcn.com",
"time-created": "2019-01-31T15:50:49.490000+00:00",
"vcn-id": "ocid1.vcn.oc1.phx.xxxxxxxxxx",
"virtual-router-ip": "192.168.100.1",
"virtual-router-mac": "00:00:17:CA:56:AE"
},
"etag": "cc101941"
}
Computeインスタンスを作る
構文
> oci compute instance launch [OPTIONS]
※必須オプションはAD、shape、コンパートメントID
※imageのocidはマニュアルのImagesから実行例
computeインスタンス作成
PS C:\Users\aktanaka> oci compute instance launch `
>> --availability-domain "gype:PHX-AD-1", `
>> --shape "VM.Standard2.1" `
>> --display-name "Qiita_Web_Compute" `
>> --image-id ocid1.image.oc1.phx.xxxxxxxxxx`
>> --subnet-id ocid1.subnet.oc1.phx.xxxxxxxxxx`
>> --assign-public-ip true
{
"data": {
"availability-domain": "gype:PHX-AD-1",
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxxx",
"defined-tags": {},
"display-name": "Qiita_Web_Compute",
"extended-metadata": {},
"fault-domain": "FAULT-DOMAIN-3",
"freeform-tags": {},
"id": "ocid1.instance.oc1.phx.xxxxxxxxxx",
"image-id": "ocid1.image.oc1.phx.xxxxxxxxxx",
"ipxe-script": null,
"launch-mode": "NATIVE",
"launch-options": {
"boot-volume-type": "PARAVIRTUALIZED",
"firmware": "UEFI_64",
"is-consistent-volume-naming-enabled": true,
"is-pv-encryption-in-transit-enabled": true,
"network-type": "VFIO",
"remote-data-volume-type": "PARAVIRTUALIZED"
},
"lifecycle-state": "PROVISIONING",
"metadata": {},
"region": "phx",
"shape": "VM.Standard2.1",
"source-details": {
"boot-volume-size-in-gbs": null,
"image-id": "ocid1.image.oc1.phx.xxxxxxxxxx",
"kms-key-id": null,
"source-type": "image"
},
"time-created": "2019-01-31T15:51:49.702000+00:00",
"time-maintenance-reboot-due": null
},
"etag": "xxxxxxxxxx"
}
DBaaSインスタンスを作る
構文
> oci db system launch [OPTIONS]実行例
DBインスタンス作成
> oci db system launch `
>> --availability-domain "gype:PHX-AD-1" `
>> --subnet-id ocid1.subnet.oc1.phx.xxxxxxxxx`
>> --shape "VM.Standard2.1" `
>> --initial-data-storage-size-in-gb 256 `
>> --database-edition "STANDARD_EDITION" `
>> --admin-password "xxxxxxxxx" `
>> --db-version 12.1.0.2 `
>> --hostname "test-db-instance" `
>> --cpu-core-count 1 `
>> --db-name "ORCL" `
>> --node-count 1 `
>> --ssh-authorized-keys-file id_rsa.pub
{
"data": {
"availability-domain": "gype:PHX-AD-1",
"backup-subnet-id": null,
"cluster-name": null,
"compartment-id": "ocid1.compartment.oc1..xxxxxxxxx",
"cpu-core-count": 1,
"data-storage-percentage": 80,
"data-storage-size-in-gbs": 256,
"database-edition": "STANDARD_EDITION",
"defined-tags": {},
"disk-redundancy": "HIGH",
"display-name": "dbsystem20190131160043",
"domain": "qiitasubnetdb.qiitavcn.oraclevcn.com",
"freeform-tags": {},
"hostname": "test-db-instance",
"id": "ocid1.dbsystem.oc1.phx.xxxxxxxxx",
"last-patch-history-entry-id": null,
"license-model": "LICENSE_INCLUDED",
"lifecycle-details": null,
"lifecycle-state": "PROVISIONING",
"listener-port": 1521,
"node-count": 1,
"reco-storage-size-in-gb": 256,
"scan-dns-record-id": null,
"scan-ip-ids": null,
"shape": "VM.Standard2.1",
"sparse-diskgroup": null,
"ssh-public-keys": [
"ssh-rsa xxxxxxxxx"
],
"subnet-id": "ocid1.subnet.oc1.phx.xxxxxxxxx",
"time-created": "2019-01-31T16:00:43.895000+00:00",
"version": null,
"vip-ids": null
},
"etag": "a94ca70f"
}
以上