OCI CLI(VPC) - HTN20190109の日記

-- コンパートメント
https://docs.oracle.com/ja-jp/iaas/Content/Identity/compartments/managingcompartments.htm

oci iam compartment list --include-root

compartment-idが親コンパートメントのID、ルートコンパートメントの場合null
idが当該コンパートメントのID

oci iam compartment create \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--description cmp01 \
--name cmp01

oci iam compartment list \
--query 'data[?"name"==`'cmp01'`].id | [0]' \
--raw-output

oci iam compartment delete \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force

削除されたことを確認する
最大2時間かかる場合があります

-- VCN
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingVCNs.htm

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network vcn create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--cidr-block 10.0.0.0/16 \
--display-name vcn01 \
--dns-label vcn01

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'vcn01'`].id | [0]' \
--raw-output

oci network vcn delete \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- リージョン一覧

oci iam region list --output table

-- 可用性ドメイン一覧

oci iam availability-domain list

-- フォルトドメイン一覧

oci iam fault-domain list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-1

oci iam fault-domain list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-2

-- サブネット

oci network subnet list \
--compartment-id ocid1.compartment.oc1..aaaaaaaatxkbejpurfiq6d6grbocbrddm7sa4wxqzm5olmgj4l5kidokehrq

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet01 \
--dns-label subnet01 \
--cidr-block 10.0.1.0/24

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet02 \
--dns-label subnet02 \
--cidr-block 10.0.2.0/24

oci network subnet list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network subnet delete \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- インターネット・ゲートウェイ
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingIGs.htm

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network internet-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--is-enabled true \
--display-name igw01

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'igw01'`].id | [0]' \
--raw-output

oci network internet-gateway delete \
--ig-id ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- ルート表
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingroutetables_topic-working.htm

必要に応じて、サブネットごとにカスタム・ルート表を作成できます。

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network route-table create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name rt01 \
--route-rules '[
{"cidrBlock":"0.0.0.0/0","networkEntityId":"ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000"},
]'

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network route-table delete \
--rt-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するVCNルート表の変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

★ルート表削除前にサブネットにアタッチしたルート表をデフォルトルート表に変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

-- セキュリティ・リスト
https://docs.oracle.com/ja-jp/iaas/Content/Network/Concepts/securitylists_working.htm

★デフォルトで作成されるセキュリティリストでSSHは許可されている

セキュリティ・リストを使用すると、サブネット全体のすべてのVNICに適用されるセキュリティ・ルールのセットを定義できます。
ネットワーク・セキュリティ・グループ(NSG)を使用すると、選択したVNICのグループに適用されるセキュリティ・ルールのセットを定義できます。

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network security-list create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--ingress-security-rules '[
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 22, "min": 22}, "sourcePortRange": null }},
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 1522, "min": 1522}, "sourcePortRange": null }}
]' \
--egress-security-rules '[
{"destination": "0.0.0.0/0", "protocol": "all", "isStateless": false, "tcpOptions": null }
]' \
--display-name sl01

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network security-list delete \
--security-list-id ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するセキュリティ・リストの変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

★セキュリティ・リスト削除前にサブネットにアタッチしたセキュリティ・リストをデフォルトセキュリティ・リストに変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

-- パブリックIPアドレス
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/managingpublicIPs.htm

oci network public-ip list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--scope REGION \
--all

oci network public-ip create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--lifetime RESERVED \
--display-name pip01

oci network public-ip list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--scope REGION \
--all \
--query 'data[?"display-name"==`'pip01'`].id | [0]' \
--raw-output

oci network public-ip delete \
--public-ip-id ocid1.publicip.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- NATゲートウェイ
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/manage-nat.htm

oci network nat-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \

oci network nat-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name ngw01

oci network nat-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'ngw01'`].id | [0]' \
--raw-output

oci network nat-gateway delete \
--nat-gateway-id ocid1.natgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- サービス・ゲートウェイ
https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/service-gateway_management.htm

oci network service-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network service list

oci network service-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name sgw01 \
--services '[
{
"service-id": "ocid1.service.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
}
]'

oci network service-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci network service-gateway delete \
--service-gateway-id ocid1.servicegateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force