Skip to content

Other OCI Tools

CIS compliance checker script

The Automation toolkit provides an option to run the CIS compliance checker script against your tenancy.

In the setupoci Greenfield menu, select Other OCI Tools → CIS Compliance Check Script. Users can either choose to download the latest script or execute the script.

A folder named <prefix>_cis_report is created under /cd3user/tenancies/<prefix>/othertools_files, containing all the reports generated by the script.

As a best practice, the script should be executed after every deployment in the tenancy. The output report should be analyzed to minimize the reported anomalies according to the design requirements.

When using CLI, report can be copied to local system using -
scp -i <private_key> cd3user@<workVM IP>:/cd3user/mount_path/<prefix>/othertools_files/<prefix>_cis_report .
When using Jenkins, the report is available under Build Artifacts of the setUpOCI build


showOCI script

The Automation toolkit also provides an option to run the showoci script against your tenancy.

In the setupoci Greenfield menu, select Other OCI Tools → ShowOCI Report. Users can either choose to download the latest showoci script or execute the script.

After successful execution, the report can be found under /cd3user/tenancies/<prefix>/othertools_files/<prefix>_showoci_report folder.

When using CLI, report can be copied to local system using -
scp -i <private_key> cd3user@<workVM IP>:/cd3user/mount_path/<prefix>/othertools_files/<prefix>_showoci_report .
When using Jenkins, the report is available under Build Artifacts of the setUpOCI build.


OCI FSDR

CD3 enables users to export and update DR plans. Different DR plans can be exported into separate tabs of the Excel.

DR Plan's steps can be updated in Excel and then applied to the console using the toolkit.

Common Use cases:

  • Clone User-Defined Steps from one plan to another within the same region or across regions.
  • Manage User-Defined Steps in DR plans with Excel Spreadsheet.
  • As of today, if a member of an existing Disaster Recovery (DR) Protection group is updated in the OCI FSDR service, the Plan Steps are deleted (the product team is actively working on a fix for this issue). To handle this, export all user-defined steps to CD3 Excel and use this data to recreate the new DR plan after updating a member.

Features:

  • Easy to manage and update User-Defined Steps.
  • The order of DR Plan's steps is preserved in the Excel sheet, allowing Steps to be created in the same sequence as desired in the console.
  • Single Excel sheet can manage all DR Switchover and Failover plans.

IAM Policies to update DR plans in OCI:

    Allow group <group-name> to manage dr-protection-groups in compartment <compartment-name>
    Allow group <group-name> to manage instances in compartment <compartment-name>
    Allow group <group-name> to read buckets in compartment <compartment-name>

Steps to execute:

  1. In the setupoci menu for the create_resources workflow, select Other OCI Tools → OCI FSDR.

  2. Fill in the required details for excel file name, sheet name and DR Plan OCID.

  3. The Excel file is created at /cd3user/tenancies/<prefix>/othertools_files.

    • When using CLI, Excel can be copied to local system using -

      scp -i <private_key> cd3user@<workVM IP>:/cd3user/mount_path/<prefix>/othertools_files/<excel_file_name> .
      
    • When using Jenkins, the Excel file is available under Build Artifacts of the corresponding setupoci build.