Blogs to getting started with Oracle Analytics & AI

Hi Benjamin, thanks for the compilation. Do you know if we have something similar, but from the operational side?, i.e: best practices for backups, manage users and permissions?

AlexMO · November 2024

Hi Benjamin,

Nice, good job!!

Saroj Kumar Behera · November 2024

Thanks @Benjamin Arnulf-Oracle for putting it in one place.

GayathriAnand-Oracle · November 2024

Hi Jose Espinoza-Oracle

Check to see if the following helps:

Community Post on Automating Backups using Snapshots APIs in OAC :

OAC: Automatically Take Snapshot Using Rest API and Store in OCI Bucket

Subha_Tripathy-Oracle

Apr 10, 2024

Manage snapshots using Rest API has become more simpler than earlier.
https://docs.oracle.com/en/cloud/paas/analytics-cloud/acabi/manage-snaphots-using-rest-apis.html
All steps are similar as mentioned in above link , except "Understand OAuth 2.0 token authentication" .
Detailed steps : -
Create a storage bucket and a folder inside storage bucket.
Generate API Keys for your user, recommendation to have a service user.
Use Terminal in MacOS:
Use below commands in your local laptop Terminal/GitBash to generate Private Key, Public Key and base 64 encoded wrapped private key.
umask 0077; openssl genrsa -out ./file_name.pem 2048
openssl rsa -pubout -in ./file_name.pem -out ./file_name_pub.pem
openssl rsa -pubin -outform DER -in ./file_name_pub.pem | openssl md5 -c
cat file_name.pem| base64 -o file_name-wrapped-private-key.pem
Use GitBash in Windows
umask 0077; openssl genrsa -out ./file_name.pem 2048
openssl rsa -pubout -in ./file_name.pem -out ./file_name_pub.pem
openssl rsa -pubin -outform DER -in ./file_name_pub.pem | openssl md5 -c
Run the below command in any Linux Machine:
cat file_name.pem | base64 -w 0 > file_name-wrapped-private-key.pem
Under API Keys → Click Add API Key →
https://us.v-cdn.net/6037859/uploads/U3R0CM3801VV/image.png
Click on radio button Paste Public Key → copy content of file_name_pub.pem → paste it in the box under Public Key → Click Add .
3. Instead of creating a confidential application, you can use the Analytics instance IDCS app to get client ID and client secret.
Click Additional Details tab of the OAC instane, Under Identity Provider click on the App:
https://us.v-cdn.net/6037859/uploads/RK2KDCHX0TTM/image.png
https://us.v-cdn.net/6037859/uploads/CW9TG2I78Q5S/image.png
From the above screenshot :
1: Access token expiration which is by default 100 seconds. If you need more time than it can be changed using edit OAuth Configuration button above this section in the same page.
2 & 3: Using Primary Audience and Scope construct the scope URL as below:
<Primary_Audience_Url><Scope>
Primary audience: https://xxxyyyzzz123.analytics.ocp.oraclecloud.com
Scope urn:opc:resource:consumer::all
Scope url: https://xxxyyyzzz123.analytics.ocp.oraclecloud.comurn:opc:resource:consumer::all
4&5 : Combine Client ID & Client Secret and convert it into Base64:
Client ID ukov3eqigzdi6375nutaksgzhyjohxha_APPID
Client Secret 98f20a4d-7829-4815-a505-5393778f3e04
Client ID:Client Secret - ukov3eqigzdi6375nutaksgzhyjohxha_APPID:98f20a4d-7829-4815-a505-5393778f3e04
echo -n ClientID:ClientSecret | base64
echo -n ukov3eqigzdi6375nutaksgzhyjohxha_APPID:98f20a4d-7829-4815-a505-5393778f3e04 | base64
dWtvdjNlcWlnemRpNjM3NW51dGFrc2d6aHlqb2h4aGFfQVBQSUQ6OThmMjBhNGQtNzgyOS00ODE1LWE1MDUtNTM5Mzc3OGYzZTA0
4. Generate Bearer Token:
curl --request POST \
--url https://<IDCS-instance>.identity.oraclecloud.com/oauth2/v1/token \
--header 'authorization: Basic <base64 encoded clientID:ClientSecret>' \
--header 'content-type: application/x-www-form-urlencoded;charset=UTF-8' \
-d 'grant_type=password&username=<username>&password=<password>&scope=<scope copied from resource section in IDCS confidential application>'
My curl command will look like:
curl --request POST \
--url https://<IDCS-instance>.identity.oraclecloud.com/oauth2/v1/token \
--header 'authorization: Basic dWtvdjNlcWlnemRpNjM3NW51dGFrc2d6aHlqb2h4aGFfQVBQSUQ6OThmMjBhNGQtNzgyOS00ODE1LWE1MDUtNTM5Mzc3OGYzZTA0' \
--header 'content-type: application/x-www-form-urlencoded;charset=UTF-8' \
-d 'grant_type=password&username=<username>&password=<password>&scope=https://xxxyyyzzz123.analytics.ocp.oraclecloud.comurn:opc:resource:consumer::all'
Output will look like this:
https://us.v-cdn.net/6037859/uploads/LB4I3EAS9Q72/image.png
From the above the token is marked in between () in red.
create a JSON file called
new_snapshot.json that looks like this:
{
    "type": "CREATE",
    "name": "myfirstsnapshot",
    "storage": {
        "type": "OCI_NATIVE",
        "bucket": "mysnapshot-bucket",
        "auth": {
            "type": "OSS_AUTH_OCI_USER_ID",
            "ociRegion": "us-ashburn-1",
            "ociTenancyId": "ocid1.tenancy.oc1..aaaaa...",
            "ociUserId": "ocid1.user.oc1..aaaaaaaayuvg...",
            "ociKeyFingerprint": "ae:df:79:d2:...",
            "ociPrivateKeyWrapped": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL..."
        }
    },
    "bar": {
        "uri": "file:///myfolder/myfirstsnapshot.bar",
        "password": "snapshotPassword123"
    }
}
Then run the cURL command calling the JSON:
curl -i \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --request POST 'https://<hostname>/api/20210901/snapshots' \
  -d @new_snapshot.json
5. Automate Snapshot Backup:
Create a shell script for the token generate command constructed in Step 4 and name it as OAC_gen_token.sh
Update the below details in API_Snapshopt_backup_daily.sh
https://us.v-cdn.net/6037859/uploads/FD31D96JC61X/image.png
Run API_Snapshopt_backup_daily.sh
https://us.v-cdn.net/6037859/uploads/3ZGFYVKJZCU6/image.png
API_Snapshopt_backup_daily.sh can be scheduled in any server in OCI or that have connectivity to the OAC instance using crontab or any other scheduling tool.