How to install --> oci-cli

Microsoft Windows [Version 10.0.19045.6466]
(c) Microsoft Corporation. All rights reserved.

C:\Users\amit>cd C:\Users\amit\Desktop\Keys

C:\Users\amit\Desktop\Keys>
C:\Users\amit\Desktop\Keys>ssh -i am_openssh.key opc@130.61.175.208
Last login: Sun Jun  7 05:10:55 2026 from 150.129.159.205
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$ sudo dnf install python3-pip -y
Ksplice for Oracle Linux 9 (aarch64)                                                    155 kB/s | 3.5 kB     00:00
Oracle Linux 9 OCI Included Packages (aarch64)                                          127 kB/s | 3.5 kB     00:00
Oracle Linux 9 BaseOS Latest (aarch64)                                                  135 kB/s | 4.3 kB     00:00
Oracle Linux 9 BaseOS Latest (aarch64)                                                   49 MB/s | 146 MB     00:02
Oracle Linux 9 Application Stream Packages (aarch64)                                    211 kB/s | 4.5 kB     00:00
Oracle Linux 9 Application Stream Packages (aarch64)                                     58 MB/s |  48 MB     00:00
Oracle Linux 9 Addons (aarch64)                                                          15 kB/s | 3.5 kB     00:00
Oracle Linux 9 UEK Release 8 (aarch64)                                                  113 kB/s | 3.5 kB     00:00
Oracle Linux 9 UEK Release 8 (aarch64)                                                   59 MB/s |  69 MB     00:01
Dependencies resolved.
========================================================================================================================
 Package                     Architecture           Version                         Repository                     Size
========================================================================================================================
Installing:
 python3-pip                 noarch                 21.3.1-1.el9                    ol9_appstream                 3.0 M

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 3.0 M
Installed size: 8.8 M
Downloading Packages:
python3-pip-21.3.1-1.el9.noarch.rpm                                                     8.3 MB/s | 3.0 MB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   8.2 MB/s | 3.0 MB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : python3-pip-21.3.1-1.el9.noarch                                                                1/1
  Running scriptlet: python3-pip-21.3.1-1.el9.noarch                                                                1/1
  Verifying        : python3-pip-21.3.1-1.el9.noarch                                                                1/1

Installed:
  python3-pip-21.3.1-1.el9.noarch

Complete!
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$ oci --version
-bash: oci: command not found
[opc@private-instance-vm2 ~]$ pip3 install oci-cli
Defaulting to user installation because normal site-packages is not writeable
Collecting oci-cli
  Downloading oci_cli-3.86.0-py3-none-any.whl (27.0 MB)
     |████████████████████████████████| 27.0 MB 21.4 MB/s
Requirement already satisfied: pytz<=2026.2,>=2016.10 in /usr/lib/python3.9/site-packages (from oci-cli) (2021.1)
Collecting oci==2.178.0
  Downloading oci-2.178.0-py3-none-any.whl (35.7 MB)
     |████████████████████████████████| 35.7 MB 152 kB/s
Requirement already satisfied: six<2.0.0,>=1.15.0 in /usr/lib/python3.9/site-packages (from oci-cli) (1.15.0)
Collecting prompt-toolkit<=3.0.43,>=3.0.38
  Downloading prompt_toolkit-3.0.43-py3-none-any.whl (386 kB)
     |████████████████████████████████| 386 kB 29.3 MB/s
Collecting arrow<2.0.0,>=1.0.0
  Downloading arrow-1.4.0-py3-none-any.whl (68 kB)
     |████████████████████████████████| 68 kB 10.2 MB/s
Requirement already satisfied: cryptography<47.0.0,>=3.2.1 in /usr/lib64/python3.9/site-packages (from oci-cli) (36.0.1)
Requirement already satisfied: pyOpenSSL<27.0.0,>=17.5.0 in /usr/lib/python3.9/site-packages (from oci-cli) (19.0.0)
Collecting certifi<2026.0.0,>=2025.1.31
  Downloading certifi-2025.11.12-py3-none-any.whl (159 kB)
     |████████████████████████████████| 159 kB 34.9 MB/s
Requirement already satisfied: PyYAML<=6.0.2,>=5.4 in /usr/lib64/python3.9/site-packages (from oci-cli) (5.4.1)
Collecting jmespath<=1.0.1,>=0.10.0
  Downloading jmespath-1.0.1-py3-none-any.whl (20 kB)
Requirement already satisfied: python-dateutil<3.0.0,>=2.5.3 in /usr/lib/python3.9/site-packages (from oci-cli) (2.9.0.post0)
Collecting terminaltables==3.1.10
  Downloading terminaltables-3.1.10-py2.py3-none-any.whl (15 kB)
Collecting click<=8.1.2
  Downloading click-8.1.2-py3-none-any.whl (96 kB)
     |████████████████████████████████| 96 kB 11.2 MB/s
Collecting urllib3==1.26.20
  Downloading urllib3-1.26.20-py2.py3-none-any.whl (144 kB)
     |████████████████████████████████| 144 kB 40.8 MB/s
Collecting crc32c==2.7.1
  Downloading crc32c-2.7.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (53 kB)
     |████████████████████████████████| 53 kB 4.9 MB/s
Requirement already satisfied: circuitbreaker<3.0.0,>=1.3.1 in /usr/lib/python3.9/site-packages (from oci==2.178.0->oci-cli) (1.3.2)
Collecting tzdata
  Downloading tzdata-2026.2-py2.py3-none-any.whl (349 kB)
     |████████████████████████████████| 349 kB 29.8 MB/s
Requirement already satisfied: cffi>=1.12 in /usr/lib64/python3.9/site-packages (from cryptography<47.0.0,>=3.2.1->oci-cli) (1.14.5)
Collecting wcwidth
  Downloading wcwidth-0.8.1-py3-none-any.whl (323 kB)
     |████████████████████████████████| 323 kB 30.2 MB/s
Requirement already satisfied: pycparser in /usr/lib/python3.9/site-packages (from cffi>=1.12->cryptography<47.0.0,>=3.2.1->oci-cli) (2.20)
Requirement already satisfied: ply==3.11 in /usr/lib/python3.9/site-packages (from pycparser->cffi>=1.12->cryptography<47.0.0,>=3.2.1->oci-cli) (3.11)
Installing collected packages: wcwidth, urllib3, tzdata, crc32c, certifi, terminaltables, prompt-toolkit, oci, jmespath, click, arrow, oci-cli

Successfully installed arrow-1.4.0 certifi-2025.11.12 click-8.1.2 crc32c-2.7.1 jmespath-1.0.1 oci-2.178.0 oci-cli-3.86.0 prompt-toolkit-3.0.43 terminaltables-3.1.10 tzdata-2026.2 urllib3-1.26.20 wcwidth-0.8.1
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$ oci --version
3.86.0
[opc@private-instance-vm2 ~]$
[opc@private-instance-vm2 ~]$

Change the NAT gateway to Service Gateway

Edit as per below screenshot

Current Environment


VCN
AM_VCN2
192.168.0.0/16


Public VM
Public_Instance_VM2
Public IP : 130.61.175.208
Private IP: 192.168.10.57


Private VM
Private_Instance_VM2
Private IP: 192.168.20.80


Service Gateway:
Service_Gateway_2


Route Table:
Private_Route_Service_Gateway


Destination:
All FRA Services In Oracle Services Network

Step 1: Start Both VMs

OCI Console


Compute
  →
Instances

Start:


Public_Instance_VM2
Private_Instance_VM2

Wait until:


State = Running

Step 2: SSH to Public VM

From your laptop:


ssh -i private_key opc@130.61.175.208

Verify:


hostname

You are now inside:


Public_Instance_VM2
192.168.10.57

Step 3: SSH to Private VM

From Public VM:


ssh opc@192.168.20.80

Verify:


hostname
ip addr

Now you are inside:


Private_Instance_VM2
192.168.20.80

Step 4: Verify Private VM Has No Public IP

Run:


ip addr

You'll see:


192.168.20.80

Only private IP.

No public IP.

Meaning:


Internet cannot directly reach this VM.

Step 5: Verify NAT Gateway Works

Run:


curl ifconfig.me

Expected:


158.180.xx.xx

(or your NAT public IP)

Traffic flow:


Private VM
192.168.20.80
      |
NAT2
158.180.27.14
      |
Internet

This proves NAT Gateway is working.

Step 6: Understand What We Want To Test

We want:


Private VM
      |
Service Gateway
      |
Object Storage

instead of:


Private VM
      |
NAT Gateway
      |
Internet
      |
Object Storage

Step 7: Install OCI CLI

On Private VM:


sudo dnf install python3-pip -y


pip3 install oci-cli

Verify:


oci --version

Step 8: Create Object Storage Bucket

OCI Console

Navigate:


Storage
   →
Object Storage
   →
Buckets

Create bucket:


Name:
amit-test-bucket

Step 9: Create Test File

On Private VM:


echo "Hello Service Gateway" > test.txt

Verify:


ls -ltr

Step 10: Check Route Table

Verify:


Private_Subnet_2

is attached to:


Private_Route_Service_Gateway

Inside route table:


Destination:
All FRA Services In Oracle Services Network

Target:
Service_Gateway_2

This is the critical step.

Step 11: Upload File to Object Storage

Using OCI CLI:


oci os object put \
--bucket-name amit-test-bucket \
--file test.txt

What Happens Internally?

When you execute:


oci os object put

VM asks:


Where is Object Storage?

Route Table checks:


Destination?

Answer:


Object Storage

Route table finds:


All FRA Services In Oracle Services Network

Therefore:


Send traffic to Service_Gateway_2

Traffic path becomes:


Private VM
192.168.20.80
      |
Private_Subnet_2
      |
Private_Route_Service_Gateway
      |
Service_Gateway_2
      |
Oracle Backbone Network
      |
Object Storage

No Internet involved.

No NAT involved.

No IGW involved.

Step 12: Visualize Packet Journey

Imagine one packet leaves:


192.168.20.80

Packet asks:


Where should I go?

Route Table replies:


Destination is OCI Service

Packet goes:


Service_Gateway_2

instead of:


NAT2

Step 13: Prove Route Table Is Controlling Everything

Temporarily detach:


Private_Route_Service_Gateway

from:


Private_Subnet_2

Attach another route table without Service Gateway rule.

Now try:


oci os object put ...

Expected:


Failed

because VM no longer knows where OCI services are.

Reattach:


Private_Route_Service_Gateway

Retry:


oci os object put ...

Works again.

This proves:


Service Gateway itself is not enough.
Route Table directs the traffic.

The Exact Decision OCI Makes

When packet leaves 192.168.20.80:

Destination = Google


google.com

Match:


0.0.0.0/0

Route:


NAT2

Destination = Object Storage


objectstorage.eu-frankfurt-1.oraclecloud.com

Match:


All FRA Services In Oracle Services Network

Route:


Service_Gateway_2

One-Line Practical Understanding

In your environment:


Private_Instance_VM2
        |
        |--- Google ------> NAT2
        |
        |--- OCI Object Storage ---> Service_Gateway_2

The route table acts like a traffic police officer, deciding whether traffic should go to the NAT Gateway or the Service Gateway based on the destination.

Amit's Oracle DBA Blog

Disclaimer

Tuesday, 9 June 2026

Service Gateway Practical in OCI

Current Environment

Step 1: Start Both VMs

Step 2: SSH to Public VM

Step 3: SSH to Private VM

Step 4: Verify Private VM Has No Public IP

Step 5: Verify NAT Gateway Works

Step 6: Understand What We Want To Test

Step 7: Install OCI CLI

Step 8: Create Object Storage Bucket

Step 9: Create Test File

Step 10: Check Route Table

Step 11: Upload File to Object Storage

What Happens Internally?

Step 12: Visualize Packet Journey

Step 13: Prove Route Table Is Controlling Everything

The Exact Decision OCI Makes

Destination = Google

Destination = Object Storage

One-Line Practical Understanding

No comments:

Post a Comment

Peering in OCI

Labels