8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23ai | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
EMCLI : Manage Credentials using Enterprise Manager Command Line Interface (Cloud Control)
The Enterprise Manager Command Line Interface (EMCLI) allows you to script your Cloud Control setup, rather than using the Cloud Control console. This article describes how to manage credentials in Cloud Control using EMCLI, rather than using the web interface.
We can add all our credentials before pushing out agents or discovering targets, but we can only set preferred credentials once the targets are discovered.
- Setup
- Add Host Credential
- Add Database Credential
- Remove Credential
- Set Host Preferred Credential
- Set Database Preferred Credential
- Help
For more information see:
Setup
You can perform these actions from anywhere with an EMCLI client, but for this example we're going to use the EMCLI client on the Cloud Control server. We use the following commands to connect to the OMS and sync the EMCLI client.
unset SSH_ASKPASS export OMS_HOME=/u01/app/oracle/middleware export AGENT_HOME=/u01/app/oracle/agent/agent_inst alias emcli='${OMS_HOME}/bin/emcli' emcli login -username=sysman emcli sync
Add Host Credential
The create_named_credential
verb allows you to create a named credential. The -auth_target_type
and -cred_type
properties determine what type of credential it is. The following example adds a named host credential (HostCreds).
HOST_CREDENTIAL_NAME="NC_HOST_MY_HOST" HOST_USERNAME="oracle" HOST_PASSWORD="MyPassword123" emcli create_named_credential \ -cred_name="${HOST_CREDENTIAL_NAME}" \ -auth_target_type="host" \ -cred_type="HostCreds" \ -attributes="HostUserName:${HOST_USERNAME};HostPassword:${HOST_PASSWORD}"
Add Database Credential
The following examples use the create_named_credential
verb to create database credentials (DBCreds). In addition to the username (DBUserName) and password (DBPassword), we must specify the role (DBRole). There are examples for non-CDB and CDB credentials.
DB_CREDENTIAL_NAME="NC_DB_NORMAL" DB_USERNAME="MY_USER" DB_PASSWORD="MyPassword123" DB_ROLE="normal" emcli create_named_credential \ -cred_name="${DB_CREDENTIAL_NAME}" \ -auth_target_type="oracle_database" \ -cred_type="DBCreds" \ -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}" DB_CREDENTIAL_NAME="NC_DB_SYSDBA" DB_USERNAME="MY_USER" DB_PASSWORD="MyPassword123" DB_ROLE="sysdba" emcli create_named_credential \ -cred_name="${DB_CREDENTIAL_NAME}" \ -auth_target_type="oracle_database" \ -cred_type="DBCreds" \ -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}" DB_CREDENTIAL_NAME="NC_DB_CDB_NORMAL" DB_USERNAME="C##MY_USER" DB_PASSWORD="MyPassword123" DB_ROLE="normal" emcli create_named_credential \ -cred_name="${DB_CREDENTIAL_NAME}" \ -auth_target_type="oracle_database" \ -cred_type="DBCreds" \ -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}" DB_CREDENTIAL_NAME="NC_DB_CDB_SYSDBA" DB_USERNAME="C##MY_USER" DB_PASSWORD="MyPassword123" DB_ROLE="sysdba" emcli create_named_credential \ -cred_name="${DB_CREDENTIAL_NAME}" \ -auth_target_type="oracle_database" \ -cred_type="DBCreds" \ -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}"
Remove Credential
The delete_named_credential
verb can delete any named credential, host or database. The example below deletes a credential owned by the SYSMAN user.
CREDENTIAL_NAME="NC_HOST_MY_HOST" CREDENTIAL_OWNER="SYSMAN" emcli delete_named_credential \ -cred_owner="${CREDENTIAL_OWNER}" \ -cred_name="${CREDENTIAL_NAME}"
Set Host Preferred Credential
The set_preferred_credential
verb allows you set a preferred credential. A host credential can be for a normal user (HostCredsNormal), or a privileged user (HostCredsPriv) that can perform sudo
operations. The following examples show how to set each type of preferred credential.
HOST_NAME="my-host.localdomain" HOST_CREDENTIAL="NC_HOST_MY_HOST" emcli set_preferred_credential \ -set_name="HostCredsNormal" \ -target_type="host" \ -credential_name="${HOST_CREDENTIAL}" \ -target_name="${HOST_NAME}" emcli set_preferred_credential \ -set_name="HostCredsPriv" \ -target_type="host" \ -credential_name="${HOST_CREDENTIAL}" \ -target_name="${HOST_NAME}"
Set Database Preferred Credential
An Oracle database has three distinct preferred credentials (DBCredsNormal, DBCredsSYSDBA and DBHostCreds). The following examples use the set_preferred_credential
verb to set all of them.
DB_NAME="orcl" DB_NORMAL_CREDENTIAL="NC_DB_NORMAL" DB_SYSDBA_CREDENTIAL="NC_DB_SYSDBA" DB_HOST_CREDENTIAL="NC_HOST_MY_HOST" emcli set_preferred_credential \ -set_name="DBCredsNormal" \ -target_type="oracle_database" \ -credential_name="${DB_NORMAL_CREDENTIAL}" \ -target_name="${DB_NAME}" emcli set_preferred_credential \ -set_name="DBCredsSYSDBA" \ -target_type="oracle_database" \ -credential_name="${DB_SYSDBA_CREDENTIAL}" \ -target_name="${DB_NAME}" emcli set_preferred_credential \ -set_name="DBHostCreds" \ -target_type="oracle_database" \ -credential_name="${DB_HOST_CREDENTIAL}" \ -target_name="${DB_NAME}"
Help
The usage of the commands referenced in this article can displayed using the following commands.
emcli help create_named_credential emcli help delete_named_credential emcli help set_preferred_credential
You can also check out all the other credential verbs in the Help Command Output.
emcli help
For more information see:
Hope this helps. Regards Tim...