Search
Close this search box.

Credencial para o OCI (Oracle Cloud)

Documentação oficial:  https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm

Uma vez gerado a credencial, precisamos dos seguintes parâmetros:

– user: ex: ocid1.user.oc1……
– tenancy: ex: ocid1.tenancy.oc1…..
– region: Sao Paulo, Ausburn, etc
– pem: arquivo texto com chave, começa com “—–BEGIN RSA PRIVATE KEY—–“
– fingerprint: fingerprint da chave

Para o IAM: https://console.sa-saopaulo-1.oraclecloud.com/identity/policies

define tenancy usage-report as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
Allow group __meugroup__ to read all-resources in tenancy
endorse group __meugroup__ to read objects in tenancy usage-report

(para processar os custos é necessário manter o código do tenancy acima pois é da própria Oracle)

Permissões específicas para automações

Ligar/desligar/upgrade/downgrade de instâncias:

Allow group __meugroup__ to manage instance-family in tenancy where any {request.permission='INSTANCE_POWER_ACTIONS', request.permission='INSTANCE_UPDATE'}

Backup:

Allow group __meugroup__ to manage volume-family in tenancy where any {request.permission='VOLUME_BACKUP_CREATE', request.permission='VOLUME_WRITE', request.permission='VOLUME_UPDATE', request.permission='VOLUME_BACKUP_DELETE', request.permission='BOOT_VOLUME_BACKUP_CREATE', request.permission='BOOT_VOLUME_BACKUP_DELETE', request.permission='VOLUME_GROUP_BACKUP_CREATE', request.permission='VOLUME_GROUP_BACKUP_DELETE'}

MySQL – Ligar/desligar:

Allow group __meugroup__ to manage mysql-family in tenancy where any {request.permission='MYSQL_INSTANCE_USE', request.permission='MYSQL_BACKUP_CREATE', request.permission='MYSQL_BACKUP_DELETE'}

DbSystems – ligar/desligar:

Allow group __meugroup__ to manage database-family in tenancy where any {request.permission='DB_NODE_POWER_ACTIONS', request.permission='DB_BACKUP_DELETE', request.permission='DB_BACKUP_CREATE'}

Gerenciar Tags:

Allow group __meugroup__ to use tag-namespaces in tenancy

OKE Cluster – ligar/desligar NodePools: 

Allow group __meugroup__ to manage instance-family in tenancy
Allow group __meugroup__ to use subnets in tenancy
Allow group __meugroup__ to use vnics in tenancy

(nota: a permissao de ‘manage instance-family’ é necessária. Para evitar misturar com instâncias que não sejam Kubernetes, recomendamos usar ‘in compartment <compartment-name>’ no lugar do tenancy inteiro)

contato@cloud8.com.br | (11) 3280-7888

Facebook Twitter Linkedin

Disclaimer: AWS, images, and associated services are property of Amazon Web Services Inc. and its affiliates. Azure, images, and associated services are property of Microsoft Corporation. GCP, images, and associated services are property of Google Inc. Huawei, images, and associated services are property of Huawei Technologies Co Ltd. Oracle, images, and associated services are property of Oracle Corporation.

design by MadHat Haus