Categories
- All Categories
- 117 Oracle Analytics News
- 21 Oracle Analytics Videos
- 14.4K Oracle Analytics Forums
- 5.4K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 48 Oracle Analytics Trainings
- 6 Oracle Analytics Data Visualizations Challenge
- 4 Oracle Analytics Career
- 6 Oracle Analytics Industry
- Find Partners
- For Partners
OAC: Automatically Take Snapshot Using Rest API and Store in OCI Bucket
Manage snapshots using Rest API has become more simpler than earlier.
All steps are similar as mentioned in above link , except "Understand OAuth 2.0 token authentication" .
Detailed steps : -
- Create a storage bucket and a folder inside storage bucket.
- Generate API Keys for your user, recommendation to have a service user.
Use Terminal in MacOS:
Use below commands in your local laptop Terminal/GitBash to generate Private Key, Public Key and base 64 encoded wrapped private key.
umask 0077; openssl genrsa -out ./file_name.pem 2048
openssl rsa -pubout -in ./file_name.pem -out ./file_name_pub.pem
openssl rsa -pubin -outform DER -in ./file_name_pub.pem | openssl md5 -c
cat file_name.pem| base64 -o file_name-wrapped-private-key.pem
Use GitBash in Windows
umask 0077; openssl genrsa -out ./file_name.pem 2048
openssl rsa -pubout -in ./file_name.pem -out ./file_name_pub.pem
openssl rsa -pubin -outform DER -in ./file_name_pub.pem | openssl md5 -c
Run the below command in any Linux Machine:
cat file_name.pem | base64 -w 0 > file_name-wrapped-private-key.pem
Under API Keys → Click Add API Key →
Click on radio button Paste Public Key → copy content of file_name_pub.pem → paste it in the box under Public Key → Click Add .
3. Instead of creating a confidential application, you can use the Analytics instance IDCS app to get client ID and client secret.
Click Additional Details tab of the OAC instane, Under Identity Provider click on the App:
From the above screenshot :
1: Access token expiration which is by default 100 seconds. If you need more time than it can be changed using edit OAuth Configuration button above this section in the same page.
2 & 3: Using Primary Audience and Scope construct the scope URL as below:
<Primary_Audience_Url><Scope>
Primary audience: https://xxxyyyzzz123.analytics.ocp.oraclecloud.com
Scope urn:opc:resource:consumer::all
Scope url: https://xxxyyyzzz123.analytics.ocp.oraclecloud.comurn:opc:resource:consumer::all
4&5 : Combine Client ID & Client Secret and convert it into Base64:
Client ID ukov3eqigzdi6375nutaksgzhyjohxha_APPID
Client Secret 98f20a4d-7829-4815-a505-5393778f3e04
Client ID:Client Secret - ukov3eqigzdi6375nutaksgzhyjohxha_APPID:98f20a4d-7829-4815-a505-5393778f3e04
echo -n ClientID:ClientSecret | base64
echo -n ukov3eqigzdi6375nutaksgzhyjohxha_APPID:98f20a4d-7829-4815-a505-5393778f3e04 | base64
dWtvdjNlcWlnemRpNjM3NW51dGFrc2d6aHlqb2h4aGFfQVBQSUQ6OThmMjBhNGQtNzgyOS00ODE1LWE1MDUtNTM5Mzc3OGYzZTA0
4. Generate Bearer Token:
curl --request POST \
--url https://<IDCS-instance>.identity.oraclecloud.com/oauth2/v1/token \
--header 'authorization: Basic <base64 encoded clientID:ClientSecret>' \
--header 'content-type: application/x-www-form-urlencoded;charset=UTF-8' \
-d 'grant_type=password&username=<username>&password=<password>&scope=<scope copied from resource section in IDCS confidential application>'
My curl command will look like:
curl --request POST \
--url https://<IDCS-instance>.identity.oraclecloud.com/oauth2/v1/token \
--header 'authorization: Basic dWtvdjNlcWlnemRpNjM3NW51dGFrc2d6aHlqb2h4aGFfQVBQSUQ6OThmMjBhNGQtNzgyOS00ODE1LWE1MDUtNTM5Mzc3OGYzZTA0' \
--header 'content-type: application/x-www-form-urlencoded;charset=UTF-8' \
-d 'grant_type=password&username=<username>&password=<password>&scope=https://xxxyyyzzz123.analytics.ocp.oraclecloud.comurn:opc:resource:consumer::all'
Output will look like this:
From the above the token is marked in between () in red.
create a JSON file called new_snapshot.json that looks like this:
{
"type": "CREATE",
"name": "myfirstsnapshot",
"storage": {
"type": "OCI_NATIVE",
"bucket": "mysnapshot-bucket",
"auth": {
"type": "OSS_AUTH_OCI_USER_ID",
"ociRegion": "us-ashburn-1",
"ociTenancyId": "ocid1.tenancy.oc1..aaaaa...",
"ociUserId": "ocid1.user.oc1..aaaaaaaayuvg...",
"ociKeyFingerprint": "ae:df:79:d2:...",
"ociPrivateKeyWrapped": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL..."
}
},
"bar": {
"uri": "file:///myfolder/myfirstsnapshot.bar",
"password": "snapshotPassword123"
}
}
Then run the cURL command calling the JSON:
curl -i \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --request POST 'https://<hostname>/api/20210901/snapshots' \ -d @new_snapshot.json
5. Automate Snapshot Backup:
Create a shell script for the token generate command constructed in Step 4 and name it as OAC_gen_token.sh
Update the below details in API_Snapshopt_backup_daily.sh
Run API_Snapshopt_backup_daily.sh
API_Snapshopt_backup_daily.sh can be scheduled in any server in OCI or that have connectivity to the OAC instance using crontab or any other scheduling tool.
Comments
-
Please find the script attached.
Save the script as API_Snapshopt_backup_daily.sh and replace the variables as per your requirement and run the script in crontab.You can utilize RDG server to schedule this script to run daily backups.
5 -
3
-
Hi Very useful post, I was able to automate the process and able to create snapshot backup's in oci buckets, which is very high ROI implementation for our team. thank you for all information.
2 -
Very well written! Thank you for sharing this wealth of information!
2 -
Subha_Tripathy-Oracle I guess this solution would work for the tenancies with identity domain, In identity domain tenancies, App under Identity Provider (Click Additional Details tab of the OAC instane) is not a hyper link. We need to to go to cloud services under domain to make those changes.
0 -
@Krishnamoorthy Rasappan-Oracle We have Identity Domain setup and the App under Identity Provider is a hyperlink and takes you to the right Cloud Service location under the Identity Domain.
1 -
@Krishnamoorthy Rasappan-Oracle - For the instance provisioned prior to IDCS domain migration, the app under Identity Provider is a hyperlink, but it takes you to IDCS domain home page.
In that case you need to search your App name under Oracle Cloud Services as below
Thanks
Subha1 -
Very detailed post , Thanks for detailed snaps @Subha_Tripathy-Oracle
1 -
Thank you @Soumit Roy
0
