Home » Articles » Misc » Here

EMCLI : Manage Credentials using Enterprise Manager Command Line Interface (Cloud Control)

The Enterprise Manager Command Line Interface (EMCLI) allows you to script your Cloud Control setup, rather than using the Cloud Control console. This article describes how to manage credentials in Cloud Control using EMCLI, rather than using the web interface.

We can add all our credentials before pushing out agents or discovering targets, but we can only set preferred credentials once the targets are discovered.

• Setup
• Add Host Credential
• Add Database Credential
• Remove Credential
• Set Host Preferred Credential
• Set Database Preferred Credential
• Help

For more information see:

• EMCLI : All Articles

Setup

You can perform these actions from anywhere with an EMCLI client, but for this example we're going to use the EMCLI client on the Cloud Control server. We use the following commands to connect to the OMS and sync the EMCLI client.

unset SSH_ASKPASS
export OMS_HOME=/u01/app/oracle/middleware
export AGENT_HOME=/u01/app/oracle/agent/agent_inst
alias emcli='${OMS_HOME}/bin/emcli'

emcli login -username=sysman
emcli sync

Add Host Credential

The create_named_credential verb allows you to create a named credential. The -auth_target_type and -cred_type properties determine what type of credential it is. The following example adds a named host credential (HostCreds).

HOST_CREDENTIAL_NAME="NC_HOST_MY_HOST"
HOST_USERNAME="oracle"
HOST_PASSWORD="MyPassword123"

emcli create_named_credential \
  -cred_name="${HOST_CREDENTIAL_NAME}" \
  -auth_target_type="host" \
  -cred_type="HostCreds" \
  -attributes="HostUserName:${HOST_USERNAME};HostPassword:${HOST_PASSWORD}"

Add Database Credential

The following examples use the create_named_credential verb to create database credentials (DBCreds). In addition to the username (DBUserName) and password (DBPassword), we must specify the role (DBRole). There are examples for non-CDB and CDB credentials.

DB_CREDENTIAL_NAME="NC_DB_NORMAL"
DB_USERNAME="MY_USER"
DB_PASSWORD="MyPassword123"
DB_ROLE="normal"

emcli create_named_credential \
  -cred_name="${DB_CREDENTIAL_NAME}" \
  -auth_target_type="oracle_database" \
  -cred_type="DBCreds" \
  -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}"

DB_CREDENTIAL_NAME="NC_DB_SYSDBA"
DB_USERNAME="MY_USER"
DB_PASSWORD="MyPassword123"
DB_ROLE="sysdba"

emcli create_named_credential \
  -cred_name="${DB_CREDENTIAL_NAME}" \
  -auth_target_type="oracle_database" \
  -cred_type="DBCreds" \
  -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}"

DB_CREDENTIAL_NAME="NC_DB_CDB_NORMAL"
DB_USERNAME="C##MY_USER"
DB_PASSWORD="MyPassword123"
DB_ROLE="normal"

emcli create_named_credential \
  -cred_name="${DB_CREDENTIAL_NAME}" \
  -auth_target_type="oracle_database" \
  -cred_type="DBCreds" \
  -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}"

DB_CREDENTIAL_NAME="NC_DB_CDB_SYSDBA"
DB_USERNAME="C##MY_USER"
DB_PASSWORD="MyPassword123"
DB_ROLE="sysdba"

emcli create_named_credential \
  -cred_name="${DB_CREDENTIAL_NAME}" \
  -auth_target_type="oracle_database" \
  -cred_type="DBCreds" \
  -attributes="DBUserName:${DB_USERNAME};DBPassword:${DB_PASSWORD};DBRole:${DB_ROLE}"

Remove Credential

The delete_named_credential verb can delete any named credential, host or database. The example below deletes a credential owned by the SYSMAN user.

CREDENTIAL_NAME="NC_HOST_MY_HOST"
CREDENTIAL_OWNER="SYSMAN"

emcli delete_named_credential \
  -cred_owner="${CREDENTIAL_OWNER}" \
  -cred_name="${CREDENTIAL_NAME}"

Set Host Preferred Credential

The set_preferred_credential verb allows you set a preferred credential. A host credential can be for a normal user (HostCredsNormal), or a privileged user (HostCredsPriv) that can perform sudo operations. The following examples show how to set each type of preferred credential.

HOST_NAME="my-host.localdomain"
HOST_CREDENTIAL="NC_HOST_MY_HOST"

emcli set_preferred_credential \
  -set_name="HostCredsNormal" \
  -target_type="host" \
  -credential_name="${HOST_CREDENTIAL}" \
  -target_name="${HOST_NAME}"

emcli set_preferred_credential \
  -set_name="HostCredsPriv" \
  -target_type="host" \
  -credential_name="${HOST_CREDENTIAL}" \
  -target_name="${HOST_NAME}"

Set Database Preferred Credential

An Oracle database has three distinct preferred credentials (DBCredsNormal, DBCredsSYSDBA and DBHostCreds). The following examples use the set_preferred_credential verb to set all of them.

DB_NAME="orcl"
DB_NORMAL_CREDENTIAL="NC_DB_NORMAL"
DB_SYSDBA_CREDENTIAL="NC_DB_SYSDBA"
DB_HOST_CREDENTIAL="NC_HOST_MY_HOST"

emcli set_preferred_credential \
  -set_name="DBCredsNormal" \
  -target_type="oracle_database" \
  -credential_name="${DB_NORMAL_CREDENTIAL}" \
  -target_name="${DB_NAME}"

emcli set_preferred_credential \
  -set_name="DBCredsSYSDBA" \
  -target_type="oracle_database" \
  -credential_name="${DB_SYSDBA_CREDENTIAL}" \
  -target_name="${DB_NAME}"

emcli set_preferred_credential \
  -set_name="DBHostCreds" \
  -target_type="oracle_database" \
  -credential_name="${DB_HOST_CREDENTIAL}" \
  -target_name="${DB_NAME}"

Help

The usage of the commands referenced in this article can displayed using the following commands.

emcli help create_named_credential
emcli help delete_named_credential
emcli help set_preferred_credential

You can also check out all the other credential verbs in the Help Command Output.

emcli help

For more information see:

• EMCLI : All Articles

Hope this helps. Regards Tim...

Back to the Top.

Created: 2019-06-09  Updated: 2019-06-13

Contact Us

Home | Articles | Scripts | Blog | Certification | Videos | Misc | About

About Tim Hall
Copyright & Disclaimer