Creating Cloud Objects for Archive-to-Cloud

This task creates the OCI objects Cloud_Key and Cloud_User for use with archive-to-cloud.

  1. Add a Cloud_Key. This object is specific for OCI Cloud Archive support.
    [root@myComputeNodeX ~]# racli add cloud_key --key_name=example_key

Thu Sep  1 18:11:23 2022: Using log file
/opt/oracle.RecoveryAppliance/log/racli.log
Thu Sep  1 18:11:23 2022: Start: Add Cloud Key example_key
Thu Sep  1 18:11:25 2022: Start: Creating New Keys
Thu Sep  1 18:11:25 2022: Oracle Database Cloud Backup Module Install Tool,
build 19.9.0.0.0DBBKPCSBP_2022-05-02
Thu Sep  1 18:11:25 2022: OCI API signing keys are created:
Thu Sep  1 18:11:25 2022:   PRIVATE KEY -->
/raacfs/raadmin/cloud/key/example_key/oci_pvt
Thu Sep  1 18:11:25 2022:   PUBLIC  KEY -->
/raacfs/raadmin/cloud/key/example_key/oci_pub
Thu Sep  1 18:11:25 2022: Please upload the public key in the OCI console.
Thu Sep  1 18:11:25 2022: End: Creating New Keys
Thu Sep  1 18:11:26 2022: End: Add Cloud Key example_key

    For details on the command options, refer to "racli add cloud_key".

  2. Open the OCI console, and sign in. The console is located at https://console.<region>.oraclecloud.com. If you don't have a login and password for the Console, contact an administrator.
  3. From the OCI console, acquire the key's fingerprint.

    1. View the details for the user who will be calling the API with the key pair.

      • If you're signed in as this user, click your username in the top-right corner of the Console, and then click User Settings.
      • If you're an administrator doing this for another user, instead click Identity, click Users, and then select the user from the list.

    2. Click Add Public Key.

    3. Paste the contents of the PEM public key in the dialog box and click Add.

    4. Important: Copy the key's fingerprint, because it is needed in later steps.

    The key's fingerprint is displayed (for example, 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef).

  4. (Optional) After you've uploaded your first public key, you can upload additional keys. You can have up to three API key pairs per user. In an API request, you specify the key's fingerprint to indicate which key you're using to sign the request.
  5. Modify Cloud_Key by adding the fingerprint.
    [root@myComputeNodeX ~]# racli alter cloud_key 
--key_name=example_key
--fingerprint=12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef

Tue Jul  2 05:40:06 2019:   Start: Alter Cloud Key example_key
Tue Jul  2 05:40:08 2019:   End: Alter Cloud Key example_key
  6. Add Cloud_User object.
    [root@myComputeNodeX ~]# racli add cloud_user 
--user_name=sample_user
--key_name=example_key
--user_ocid=ocid1.user.oc1..abcedfghijklmnopqrstuvwxyz0124567901
--tenancy_ocid=ocid1.tenancy.oc1..abcedfghijklmnopqrstuvwxyz0124567902
--compartment_ocid=ocid1.compartment.oc1..abcedfghijklmnopqrstuvwxyz0124567903

Tue Jun 18 13:28:45 2019: Using log file /opt/oracle.RecoveryAppliance/log/racli.log
Tue Jun 18 13:28:45 2019: Start: Add Cloud User sample_user
Tue Jun 18 13:28:46 2019: End: Add Cloud User sample_user
    --user_name

    The name to be associated with this particular cloud user. This is a logical name for the Recovery Appliance; it will be used in the Recovery Appliance cloud_location. It does not have to match the actual ZFS user name

    --key_name

    The specific cloud key to be associated with this cloud user. This is the cloud_key object created in step #1.

    --tenancy_ocid

    The tenancy OCID for the Oracle Bare Metal Cloud account. This is the value to be used and does not change.

    --user_ocid

    The user OCID for the Oracle Bare Metal Cloud account. This is the OCID for the object storage user on the ZFS. It is always in the form ocid1.user.oc1..<zfs_username>.

    --compartment_ocid

    The compartment OCID within the tenancy of the Oracle Bare Metal Cloud Account. The compartment OCID is always the ZFS share name.

    For details on the command options, refer to "racli add cloud_user".

  7. Verify Cloud_User was created by listing it.
    [root@myComputeNodeX ~]# racli list cloud_user --user_name=sample_user

Tue Jul  2 06:45:13 2019: Using log file /opt/oracle.RecoveryAppliance/log/racli.log
Tue Jul  2 06:45:13 2019: Start: List Cloud User
              Cloud User:  sample_user
               User Name: sample_user
                 User ID: 3
               User OCID: ocid1.user.oc1..abcedfghijklmnopqrstuvwxyz0124567901
            Tenancy OCID: ocid1.tenancy.oc1..abcedfghijklmnopqrstuvwxyz0124567902
        Compartment OCID: ocid1.compartment.oc1..abcedfghijklmnopqrstuvwxyz0124567903
          Cloud Key Name: hk_key_1

Tue Jul  2 06:45:14 2019: End: List Cloud User