Oracle Cloud Infrstructure Visualization Tool
Overview
OCI Visualizer is a tool to visualize an OCI tenancy primarily from a network perspective. The tool was created mainly for the purpose of better understanding the OCI network model. As a great believer in API first and visualization, I thought that the best way to learn a product is to combine the two and build a visualization tool. I was inspired by Duo Security CloudMapper. a visualization tool for AWS.
How it works?
-
First oci-visualizer extracts the network data for all VCNs and other cloud resources in an OCI compartment and generates a json data structure . This is done using a Python script leveraging the OCI Python SDK and exposed as a flask REST service.
-
Visualize the data generated in step 1 using a small web app, leveraging cystoscape.js , an open source graph visualization framework.
Both the extraction script and the web app run on top of python Flask
installation
-
Install OCI Python SDK as described here
$ yum install oci-cli $ yum install oci
-
Install flask and flask-cors
$ pip install flask
$ pip install flask-cors
-
Update your OCI configuration file with your tenancy details
Edit your ~/.oci/config file and setup your tenancy details
-
configure the machine firewall If you’re installing on an OCI Oracle linux instance
$ sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent $ sudo firewall-cmd --reload
-
Install the OCI Visualizer tool
$ tar -xvf ociviz-0.1.tar.gz
This will create a directory named "ociviz-0.1".
$ cd ociviz-0.1 $ python setup.py develop
-
Launch the flask web server
$ export FLASK_APP=ocivizserver.py $ flask run --port 8000
-
Launch the oci-visualizer UI
-
Point your browser to http://localhost:8000/static/ociviz.html .
-
You can use http request parameters to control how oci-visualizer is launched. the following parameters are available:
-
'proxy' - if you're behind a firewall and need to use a proxy:
-
'profile' - By default, oci-visualizer will use the DEFAULT profile on your config file. If you want to use a different profile then provide a profile parameter in the request url.
-
'mode' -
'REST': this is thhe default mode. in this mode the netwrok data is retrieved in real time by calling the Python SDK.
'OFFLINE' : Sometimes a user may not have access the OCI APIs. In such case the tool can be launched with mode=OFFLINE and will visualize the content of the file 'network.json' in the static directory.
'FILE' : to generate a file that can be viewed OFFLINE. The network file will be generated in the static folder with name "network_.json"
-
'compartment' - When oci-visualizer is launched, it will retrieve all compartments in the tenancy defined by your profile. if you want to visualize a spcific compartment then use the compartment request parameter.
-
-
example 1:
will launch oci-visualizer using a proxy at myproxy.com:80 and visualize compartment mycompartment. access to the OCI will be done the myprofile section in the config file at ~/.oci/config
example 2:
http://localhost:8000/static/ociviz.html
will launch oci-visualizer without a proxy, will use the DEFAULT profile in the OCI config file and will display a list of compartments for that profile.
example 3:
http://localhost:8000/static/ociviz.html?mode=OFFLINE
will launch oci-visualizer in OFFLINE mode. oci-visualizer expects to find a file called "network.json" in static folder and will visualize its contents
example 4:
http://localhost:8000/static/ociviz.html?mode=FILE
will launch oci-visualizer and will write a file named "network_mycompartment.json' in the static folder, whenever I visualize a compartment
-
What do I see on the diagram ?
- You can visualize one VCN at a time or select 'All' in the VCNs dropdown to display all VCNs in the compartment.
- Subnets may be drawn with a gree or red border - Red is for Private subnet while green is for Public subnets
- Blue edges repesent routes from a subnet to other subnet/DRG/Local Peering ...
- Green edges represent ingress security rules for the subnet. Note that egress are not yet implemented
- Load balancers will have edges pointing to the instances defined in the backend sets. For public load balancer they will appear in both public subnets , but only one will have edges pointing to the backend set.
-
- Click on a node or edge to display a node or edge properties -
- Check/unckeck the Routes to show/hide route table based edges
- Check/unckeck the SecRules to show/hide edges based on Security rules
- Check/Unchek the Instances to show/hide instances on the diagram
- Right click a subnet and dispaly the route table or security rules for that subnet
- Right click an Instance and display the Attached VNICs or Attached Block Volumes