{OCI コネクタ・ハブ} シナリオ: オブジェクト・ストレージへのログのアーカイブ

OCI

https://docs.oracle.com/ja-jp/iaas/Content/connector-hub/archivelogs.htm


前提: VCN、コンピュートインスタンス作成済

ログ → コネクタ → ストレージ


-- 1. バケット作成

oci os bucket create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--name bucket01 \
--auto-tiering Disabled \
--object-events-enabled false \
--public-access-type NoPublicAccess \
--storage-tier Standard \
--versioning Disabled

oci os bucket list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 

 


-- 2. サービス・コネクタ作成

 

oci sch service-connector create --generate-full-command-json-input 


oci sch service-connector create  \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name sc01 \
--description sc01 \
--source '{
      "kind": "logging",
      "log-sources": [
        {
          "compartment-id": "ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000",
          "log-group-id": "_Audit",
          "log-id": null
        }
      ]
    }' \
--target '{
      "batchRolloverSizeInMBs": 100,
      "batchRolloverTimeInMs": 60000,
      "bucketName": "bucket01",
      "kind": "objectStorage",
      "namespace": null,
      "objectNamePrefix": null
    }' 

 

oci sch service-connector list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.items.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


oci sch service-connector get \
--service-connector-id ocid1.serviceconnector.oc1.iad.000000000000000000000000000000000000000000000000000000000000 


-- 3. ポリシー作成

ルートコンパートメントに作成

 

 

cat <<-'EOF' > a.json
[
"allow any-user to manage objects in compartment id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 where all {request.principal.type='serviceconnector', target.bucket.name='bucket01', request.principal.compartment.id='ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000'}"
]
EOF

 

oci iam policy create \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--description policy01 \
--name policy01 \
--statements file://a.json 

 

oci iam policy list \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 

 

 


-- 4. 動作確認

oci os object list \
--bucket-name bucket01

 

 


-- 5. クリーンアップ

-- サービス・コネクタ削除

oci sch service-connector list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.items.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci sch service-connector delete \
--service-connector-id ocid1.serviceconnector.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force 

 


-- ポリシー削除

oci iam policy list \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"name":"name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


oci iam policy delete \
--policy-id ocid1.policy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force 

 

-- バケット削除

oci os bucket list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 


oci os bucket delete \
--name bucket01 \
--empty \
--force