wangdefa/oracle-openai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba7ec48c4f0e5834ae6c7e6efba15f6b1892d6cf
oracle-openai/script/setup-oci-genai-access.sh
Wang Defa 9098c61c6c
All checks were successful
Build and Push OCI GenAI Gateway Docker Image / docker-build-push (push) Successful in 31s
Details
新增 OCI 访问配置指南和自动化脚本
2025-12-09 15:16:18 +08:00

444 lines
18 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
################################################################################
# OCI Generative AI 访问配置脚本
#
# 功能:
# 1. 创建用于 Generative AI 的用户组
# 2. 创建并配置 IAM 策略
# 3. 创建新用户并添加到组
# 4. 提供 API Key 创建指引
#
# 使用方法:
# bash setup-oci-genai-access.sh
#
# 环境要求:
# - Oracle Cloud Shell 或已配置 OCI CLI 的环境
################################################################################
set -e # 遇到错误立即退出
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 打印带颜色的消息
print_info() {
echo -e "${BLUE} $1${NC}"
}
print_success() {
echo -e "${GREEN}$1${NC}"
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_error() {
echo -e "${RED}$1${NC}"
}
print_header() {
echo ""
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${BLUE} $1${NC}"
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo ""
}
################################################################################
# 检查 OCI CLI 是否可用
################################################################################
check_oci_cli() {
print_header "检查环境"
if ! command -v oci &> /dev/null; then
print_error "未找到 OCI CLI请确保您在 Oracle Cloud Shell 中运行此脚本"
exit 1
fi
print_success "OCI CLI 已安装"
# 检查 OCI CLI 配置
if ! oci iam region list &> /dev/null; then
print_error "OCI CLI 配置有误,请检查您的认证设置"
exit 1
fi
print_success "OCI CLI 配置正常"
}
################################################################################
# 获取租户信息
################################################################################
get_tenancy_info() {
print_header "获取租户信息"
TENANCY_OCID=$(oci iam availability-domain list --query 'data[0]."compartment-id"' --raw-output)
if [ -z "$TENANCY_OCID" ]; then
print_error "无法获取租户 OCID"
exit 1
fi
TENANCY_NAME=$(oci iam tenancy get --tenancy-id "$TENANCY_OCID" --query "data.name" --raw-output)
print_success "租户名称: $TENANCY_NAME"
print_info "租户 OCID: $TENANCY_OCID"
}
################################################################################
# 获取用户输入
################################################################################
get_user_input() {
print_header "配置信息"
# 默认值
DEFAULT_GROUP_NAME="GenAI-Users"
DEFAULT_USER_NAME="genai-api-user"
DEFAULT_POLICY_NAME="GenAI-Access-Policy"
echo ""
read -p "请输入用户组名称 (默认: $DEFAULT_GROUP_NAME): " GROUP_NAME
GROUP_NAME=${GROUP_NAME:-$DEFAULT_GROUP_NAME}
read -p "请输入用户名 (默认: $DEFAULT_USER_NAME): " USER_NAME
USER_NAME=${USER_NAME:-$DEFAULT_USER_NAME}
read -p "请输入策略名称 (默认: $DEFAULT_POLICY_NAME): " POLICY_NAME
POLICY_NAME=${POLICY_NAME:-$DEFAULT_POLICY_NAME}
echo ""
print_info "配置摘要:"
echo " • 用户组: $GROUP_NAME"
echo " • 用户名: $USER_NAME"
echo " • 策略名: $POLICY_NAME"
echo ""
read -p "确认继续? (y/N): " CONFIRM
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
print_warning "已取消操作"
exit 0
fi
}
################################################################################
# 创建用户组
################################################################################
create_group() {
print_header "创建用户组"
# 检查组是否已存在
EXISTING_GROUP=$(oci iam group list --all --query "data[?name=='$GROUP_NAME'].id | [0]" --raw-output 2>/dev/null || echo "")
if [ -n "$EXISTING_GROUP" ] && [ "$EXISTING_GROUP" != "null" ]; then
print_warning "用户组 '$GROUP_NAME' 已存在"
GROUP_OCID=$EXISTING_GROUP
print_info "使用现有用户组 OCID: $GROUP_OCID"
else
print_info "正在创建用户组 '$GROUP_NAME'..."
GROUP_OCID=$(oci iam group create \
--compartment-id "$TENANCY_OCID" \
--name "$GROUP_NAME" \
--description "OCI Generative AI Users Group" \
--query "data.id" \
--raw-output)
if [ -z "$GROUP_OCID" ]; then
print_error "创建用户组失败"
exit 1
fi
print_success "用户组创建成功"
print_info "用户组 OCID: $GROUP_OCID"
fi
}
################################################################################
# 创建策略
################################################################################
create_policy() {
print_header "创建 IAM 策略"
# 检查策略是否已存在
EXISTING_POLICY=$(oci iam policy list --compartment-id "$TENANCY_OCID" --all --query "data[?name=='$POLICY_NAME'].id | [0]" --raw-output 2>/dev/null || echo "")
if [ -n "$EXISTING_POLICY" ] && [ "$EXISTING_POLICY" != "null" ]; then
print_warning "策略 '$POLICY_NAME' 已存在"
POLICY_OCID=$EXISTING_POLICY
print_info "使用现有策略 OCID: $POLICY_OCID"
# 询问是否更新策略
read -p "是否更新现有策略? (y/N): " UPDATE_POLICY
if [[ $UPDATE_POLICY =~ ^[Yy]$ ]]; then
print_info "正在更新策略..."
oci iam policy update \
--policy-id "$POLICY_OCID" \
--statements "[\"ALLOW GROUP $GROUP_NAME to manage generative-ai-family IN TENANCY\"]" \
--force > /dev/null
print_success "策略更新成功"
fi
else
print_info "正在创建策略 '$POLICY_NAME'..."
POLICY_OCID=$(oci iam policy create \
--compartment-id "$TENANCY_OCID" \
--name "$POLICY_NAME" \
--description "Allow $GROUP_NAME group to manage Generative AI services" \
--statements "[\"ALLOW GROUP $GROUP_NAME to manage generative-ai-family IN TENANCY\"]" \
--query "data.id" \
--raw-output)
if [ -z "$POLICY_OCID" ]; then
print_error "创建策略失败"
exit 1
fi
print_success "策略创建成功"
print_info "策略 OCID: $POLICY_OCID"
fi
echo ""
print_info "策略语句:"
echo " ALLOW GROUP $GROUP_NAME to manage generative-ai-family IN TENANCY"
}
################################################################################
# 创建用户
################################################################################
create_user() {
print_header "创建用户"
# 检查用户是否已存在
EXISTING_USER=$(oci iam user list --all --query "data[?name=='$USER_NAME'].id | [0]" --raw-output 2>/dev/null || echo "")
if [ -n "$EXISTING_USER" ] && [ "$EXISTING_USER" != "null" ]; then
print_warning "用户 '$USER_NAME' 已存在"
USER_OCID=$EXISTING_USER
print_info "使用现有用户 OCID: $USER_OCID"
else
print_info "正在创建用户 '$USER_NAME'..."
USER_OCID=$(oci iam user create \
--compartment-id "$TENANCY_OCID" \
--name "$USER_NAME" \
--description "User for accessing OCI Generative AI services via API" \
--query "data.id" \
--raw-output)
if [ -z "$USER_OCID" ]; then
print_error "创建用户失败"
exit 1
fi
print_success "用户创建成功"
print_info "用户 OCID: $USER_OCID"
fi
}
################################################################################
# 将用户添加到组
################################################################################
add_user_to_group() {
print_header "添加用户到组"
# 检查用户是否已在组中
IS_MEMBER=$(oci iam group list-users --group-id "$GROUP_OCID" --query "data[?\"user-id\"=='$USER_OCID'].\"user-id\" | [0]" --raw-output 2>/dev/null || echo "")
if [ -n "$IS_MEMBER" ] && [ "$IS_MEMBER" != "null" ]; then
print_warning "用户 '$USER_NAME' 已在组 '$GROUP_NAME' 中"
else
print_info "正在将用户 '$USER_NAME' 添加到组 '$GROUP_NAME'..."
oci iam group add-user \
--user-id "$USER_OCID" \
--group-id "$GROUP_OCID" > /dev/null
print_success "用户已成功添加到组"
fi
}
################################################################################
# 保存配置信息
################################################################################
save_config() {
CONFIG_FILE="oci-genai-setup-$(date +%Y%m%d-%H%M%S).txt"
cat > "$CONFIG_FILE" << EOF
═══════════════════════════════════════════════════════════════
OCI Generative AI 访问配置信息
═══════════════════════════════════════════════════════════════
创建时间: $(date '+%Y-%m-%d %H:%M:%S')
租户信息
──────────────────────────────────────────────────────────────
名称: $TENANCY_NAME
OCID: $TENANCY_OCID
用户组信息
──────────────────────────────────────────────────────────────
名称: $GROUP_NAME
OCID: $GROUP_OCID
策略信息
──────────────────────────────────────────────────────────────
名称: $POLICY_NAME
OCID: $POLICY_OCID
语句: ALLOW GROUP $GROUP_NAME to manage generative-ai-family IN TENANCY
用户信息
──────────────────────────────────────────────────────────────
名称: $USER_NAME
OCID: $USER_OCID
下一步操作
──────────────────────────────────────────────────────────────
1. 为用户创建 API Key:
- 登录 OCI 控制台
- 导航到: Identity & Security > Users > $USER_NAME
- 点击 "API Keys" > "Add API Key"
- 下载私钥文件并保存公钥指纹
2. 配置 OCI CLI:
- 创建或编辑 ~/.oci/config 文件
- 添加以下配置:
[DEFAULT]
user=$USER_OCID
fingerprint=<从控制台获取>
key_file=~/.oci/oci_api_key.pem
tenancy=$TENANCY_OCID
region=<您的区域,例如: us-chicago-1>
3. 测试配置:
oci iam region list
4. 使用 OCI GenAI Gateway:
- 克隆项目: git clone <repository-url>
- 配置环境变量 (参考 .env.example)
- 启动服务: cd src && python main.py
═══════════════════════════════════════════════════════════════
EOF
print_success "配置信息已保存到: $CONFIG_FILE"
}
################################################################################
# 显示后续步骤
################################################################################
show_next_steps() {
print_header "配置完成"
print_success "所有资源创建成功!"
echo ""
print_info "📋 后续步骤:"
echo ""
echo "1⃣ 创建 API Key"
echo " ┌─────────────────────────────────────────────────────────┐"
echo " │ • 登录 OCI 控制台: │"
echo " │ https://cloud.oracle.com │"
echo " │ │"
echo " │ • 导航到: │"
echo " │ Identity & Security > Users > $USER_NAME"
echo " │ │"
echo " │ • 点击左侧 \"API Keys\" │"
echo " │ │"
echo " │ • 点击 \"Add API Key\" 按钮 │"
echo " │ │"
echo " │ • 选择 \"Generate API Key Pair\" │"
echo " │ │"
echo " │ • 下载私钥文件 (oci_api_key.pem) │"
echo " │ │"
echo " │ • 复制并保存公钥指纹 (fingerprint) │"
echo " └─────────────────────────────────────────────────────────┘"
echo ""
echo "2⃣ 配置 OCI CLI"
echo " ┌─────────────────────────────────────────────────────────┐"
echo " │ 创建或编辑 ~/.oci/config 文件: │"
echo " │ │"
echo " │ [DEFAULT] │"
echo " │ user=$USER_OCID"
echo " │ fingerprint=<从控制台复制的指纹> │"
echo " │ key_file=~/.oci/oci_api_key.pem │"
echo " │ tenancy=$TENANCY_OCID"
echo " │ region=us-chicago-1 # 根据实际区域修改 │"
echo " │ │"
echo " │ 设置私钥文件权限: │"
echo " │ chmod 600 ~/.oci/oci_api_key.pem │"
echo " └─────────────────────────────────────────────────────────┘"
echo ""
echo "3⃣ 测试配置"
echo " ┌─────────────────────────────────────────────────────────┐"
echo " │ 运行以下命令验证配置: │"
echo " │ │"
echo " │ oci iam region list │"
echo " │ │"
echo " │ 如果配置正确,将显示可用区域列表 │"
echo " └─────────────────────────────────────────────────────────┘"
echo ""
echo "4⃣ 部署 OCI GenAI Gateway"
echo " ┌─────────────────────────────────────────────────────────┐"
echo " │ • 克隆项目仓库 │"
echo " │ • 配置 .env 文件 (参考 .env.example) │"
echo " │ • 启动服务: │"
echo " │ cd src && python main.py │"
echo " │ │"
echo " │ 或使用 Docker: │"
echo " │ docker-compose up │"
echo " └─────────────────────────────────────────────────────────┘"
echo ""
print_info "📄 详细配置信息已保存到文件中,请妥善保管"
echo ""
}
################################################################################
# 主函数
################################################################################
main() {
clear
cat << "EOF"
╔═══════════════════════════════════════════════════════════════════════╗
║ ║
║ 🚀 OCI Generative AI 访问配置自动化脚本 ║
║ ║
║ 此脚本将自动创建以下资源: ║
║ • IAM 用户组 (Group)
║ • IAM 策略 (Policy)
║ • IAM 用户 (User)
║ ║
╚═══════════════════════════════════════════════════════════════════════╝
EOF
echo ""
# 执行配置步骤
check_oci_cli
get_tenancy_info
get_user_input
create_group
create_policy
create_user
add_user_to_group
save_config
show_next_steps
print_success "脚本执行完成!"
echo ""
}
# 执行主函数
main
Reference in New Issue View Git Blame Copy Permalink