Practice: Creating OCI Resources Using CLI

Try this hands-on lab with the Oracle Cloud Free Tier. If you do not have a free
account, click here to get one.

Overview
In this practice, you create a VCN with one public subnet using OCI CLI.

Tasks
1. Log in to the OCI free tier account
2. SSH to the Public IP address of your Terraform Server created in the previous practice
using Cloud Shell.
$ ssh opc@<Public_IP_of_Compute>

Or you can also use this to connect:

$ ssh –i <path-of-ssh-key> opc@<Public_IP_of_Compute>

3. Go to User Setting where you added the API Keys.

4. Click the three dots in front of the fingerprint.

5. Select View Configuration File and copy the contents of configuration file displayed.

Copyright © 2021, Oracle and/or its affiliates.

Oracle Cloud Infrastructure Operations Associate Workshop 1

6. Set up the config file and insert the copied content in the config file. Substitute your
private key path.
$ cd .oci
$ vi config
$ oci setup repair-file-permissions --file /home/opc/.oci/config
7. Using the compartment OCID recorded as part of the previous practice, list the VCNs:
$ oci network vcn list --compartment-id <your compartment id>
Note: It should return the details of the VCN you created at the start of this lab.
Tip: You can create an environment variable for your compartment ID to avoid having to
paste it each time.
$ export cid=<your compartment ocid>
$ oci network vcn list --compartment-id $cid
8. Create a new virtual cloud network with a unique CIDR block. You will need the OCID of
your compartment.
$ oci network vcn create --cidr-block 192.168.0.0/16 -c $cid --
display-name CLI-Demo-VCN --dns-label clidemovcn
Record the vcn ocid: of the resource after it is created. You will need it in the upcoming
steps.
9. Create a new security list. (Substitute the CLI Demo VCN ID in the command.)
$ oci network security-list create --display-name PubSub1 --vcn-id
<your VCN OCID> -c $cid --egress-security-rules '[{"destination":
"0.0.0.0/0", "destination-type": "CIDR_BLOCK", "protocol": "all",
"isStateless": false}]' --ingress-security-rules '[{"source":
"0.0.0.0/0", "source-type": "CIDR_BLOCK", "protocol": 6,
"isStateless": false, "tcp-options": {"destination-port-range":
{"max": 80, "min": 80}}}]'

Make a note of the security list ocid: for use in the next step.
10. Create a public subnet.
$ oci network subnet create --cidr-block 192.168.10.0/24 -c $cid -
-vcn-id <CLI Demo VCN OCID> --security-list-ids '["<security list
OCID from previous step>"]'

Record the subnet ocid after it is created. You will need it in an upcoming step.
11. Create an Internet Gateway. You will need the OCID of your VCN and Compartment.
$ oci network internet-gateway create -c $cid --is-enabled true --
vcn-id <CLI Demo VCN OCID> --display-name DemoIGW
Make a note of the id: for this resource after it has been created.

Copyright © 2021, Oracle and/or its affiliates.

2 Oracle Cloud Infrastructure Operations Associate Workshop

12. Next, we will update the default route table with a route to the Internet Gateway. First, you
will need to locate the OCID of the default route table.
$ oci network route-table list -c $cid --vcn-id <CLI Demo VCN
OCID>
Record the id: of the Default Route Table.
13. Update the route table with a route to the Internet Gateway.
$ oci network route-table update --rt-id <route table OCID> --
route-rules '[{"cidrBlock":"0.0.0.0/0","networkEntityId":"<your
Internet Gateway OCID>"}]'
Note: When updating route tables or security lists, you cannot insert a single rule. You
must update with the entire set of rules.

Copyright © 2021, Oracle and/or its affiliates.

Oracle Cloud Infrastructure Operations Associate Workshop 3

Practice: Use QUERY to Find Oracle Linux Image ID, and
Launch a Compute Instance

Overview
In this practice, you will retrieve the OCID for the latest Oracle Linux image, and then launch a
compute instance.

Tasks
1. Use the CLI query command to retrieve the OCID for the latest Oracle Linux image. Make a
note of the image ID for future use.
Important: Text in bold red font below is the Oracle Linux version you’re searching for. If
this search doesn’t return any result, please try searching for a higher version, such as the
default one that is displayed in the “Create Instance” form in the console.
$ oci compute image list --compartment-id $cid --query
'data[?contains("display-name",`Oracle-Linux-7.9-
20`)]|[0:1].["display-name",id]'
2. Launch a compute instance with the following command. We previously created a
regional subnet because our command did not include a specific availability domain. For
compute instances, we must specify an availability domain and a subnet.
You will need the following information:
 Availability domain name (the first command gives this)
 Subnet OCID
 Valid compute shape (that is, VM.Standard.E2.1.Micro)
 Your public SSH key
$ oci iam availability-domain list
$ oci compute instance launch --availability-domain <your AD
name> --display-name demo-instance --image-id <ID from previous
step> --subnet-id <previous practice subnet OCID> --shape
VM.Standard.E2.1.Micro --compartment-id $cid --assign-public-ip
true --metadata '{"ssh_authorized_keys": "<your public ssh key
here>"}'
Capture the id: of the compute instance launch output.
3. Check the status of the instances:
$ oci compute instance get --instance-id <the instance OCID> --
query 'data."lifecycle-state"'
Rerun the command every 30-60 seconds until the lifecycle state is RUNNING.

Copyright © 2021, Oracle and/or its affiliates.

4 Oracle Cloud Infrastructure Operations Associate Workshop