The document discusses using Terraform to automate deployment of resources in Oracle Cloud Infrastructure (OCI). It begins with an introduction to Terraform and its components like providers, modules, and backends. It then covers initial steps for setting up Terraform for OCI including installing Terraform, configuring the OCI provider, and running basic commands. The document outlines next steps like using Terraform to build small OCI infrastructures and combining configurations. It introduces using modules to define reusable infrastructure components. Finally, it provides an example of a Trivadis module for deploying a training lab environment on OCI.
Ensuring Technical Readiness For Copilot in Microsoft 365
Oracle Cloud deployment with Terraform
1. BASEL | BERN | BRUGG | BUKAREST | DÜSSELDORF | FRANKFURT A.M. | FREIBURG I.BR. | GENF
HAMBURG | KOPENHAGEN | LAUSANNE | MANNHEIM | MÜNCHEN | STUTTGART | WIEN | ZÜRICH
www.oradba.ch@stefanoehrli
Oracle Cloud deployment with Terraform
How to automate deployment of OCI resources
Stefan Oehrli
2. BASEL | BERN | BRUGG | BUKAREST | DÜSSELDORF | FRANKFURT A.M. | FREIBURG I.BR. | GENF
HAMBURG | KOPENHAGEN | LAUSANNE | MANNHEIM | MÜNCHEN | STUTTGART | WIEN | ZÜRICH
Stefan Oehrli
Platform Architect, Trainer and Partner at Trivadis
• Since 1997 active in various IT areas
• Since 2008 with Trivadis AG
• More than 20 years of experience in Oracle databases
Focus: Protecting data and operating databases securely
• Security assessments and reviews
• Database security concepts and their implementation
• Oracle Backup & Recovery concepts and troubleshooting
• Oracle Enterprise User Security, Advanced Security, Database Vault, …
• Oracle Directory Services
Co-author of the book The Oracle DBA (Hanser, 2016/07)
@stefanoehrli www.oradba.ch
5. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform5
6. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform6
7. Introduction
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform7
• Different methods to provision resources in clouds
• First introduction usually OCI Console
• Browser based UI e.g.
https://console.eu-zurich-1.oraclecloud.com
• No automation
• Further methods provided by Oracle
• Oracle Cloud Command Line Interface oci-cli
• Oracle Cloud Infrastructure REST APIs
• Several OCI SDKs for common languages e.g. Phyton, Java, …
• Oracle Cloud Infrastructure Cloud (OCI) Shell
• None to moderate automation
8. Introduction
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform8
• The SDK and REST API based approaches usually requires programming
• Time consuming
• Imperative vs. declarative
• Everything must be specified explicitly
• I once built an OCI based training environment with oci-cli
• oci-cli and bash at its best…
• The key word is infrastructure as code (IaC)
• Management of infrastructure in a descriptive model
• same source code generates the same environment
• key DevOps practice
• Several popular IaC Tools available
• Chef, Puppet, Ansible, SaltStack, CloudFormation, Terraform, …
• Whereby the fields of application more or less differ
9. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform9
10. Terraform in a Nutshell
Source: Universe Today The Definitive Guide To Terraforming (February 2016)
11. Terraform History
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform11
• Terraform for Generation X
• dictionary.com: To alter the environment of (a celestial body)
in order to make capable of supporting
terrestrial life forms
• Pure science fiction J …
• … frequently a topic in SF books, films, TV series, etc. (Star Trek vs Star Wars)
• Terraform for Millennials
• Open Source Software by HashiCorp
• Initial release mid 2014, current stable release 0.13.4
• Infrastructure as code software tool
• Declarative configuration language
• Written in go (see https://github.com/hashicorp/terraform)
• Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently
12. One ring to rule them all…
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform12
• Almost any infrastructure can be represented as a resource in Terraform
• Terraform uses a declarative and not procedural language
• It generates an execution plan…
• … executes it to build the described infrastructure
• Terraform and its declarative configuration language is not generic
• Configurations cannot simply be deployed on any cloud
• Usually they have to be rewritten for other cloud providers
• Terraform is cloud-agnostic
• Each configuration is bound to a cloud provider
• The current state of an Infrastructure has to be maintained by terraform
• Kept in a state file terraform.tfstate
• Used to plan and apply changes to an infrastructure
13. Terraform Components
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform13
• Configuration Language
• A language describing an intended goal rather than the steps to reach that goal
• Providers - are responsible for understanding API interactions and exposing resources
• They tell Terraform how to build and manage one or many resource types
• Available via Terraform Registry or GitHub (https://github.com/terraform-providers)
• Modules – are containers for multiple resources that are used together
• Can be used to create abstraction
• Modules itself can use other modules
• Available via Terraform Registry, local path or source control (github, bucket,…)
• Backends - determines how state is loaded and how an operation such as apply is executed
15. Terraform Provider
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform15
• Providers are supplied by …
• … Hashicorp
• … a resource provider
• … 3rd party/community
• The providers are either be
• Integrated downloaded by Terraform when needed
• Non-integrated own or 3rd party provider manually installed
• There are three Oracle Provider available
• Oracle Cloud Infrastructure (OCI) provider see
https://registry.terraform.io/providers/hashicorp/oci/latest
• Oracle Platform Cloud provider see
https://registry.terraform.io/providers/hashicorp/oraclepaas/latest
• Oracle Cloud Infrastructure Classic provider see
https://registry.terraform.io/providers/hashicorp/opc/latest
16. Terraform OCI Provider
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform16
• OCI Provider in Terraform Registry https://registry.terraform.io/providers/hashicorp/oci/latest
• Link to source including examples
• Link to documentation
17. Terraform and other IaC Tools
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform17
• Terraform is used to …
• … create immutable infrastructures
• … describe an infrastructure rather than define the procedure to how to provision it
• … is declarative
• … focus on provisioning e.g. it is not a configuration management tool
• … does deploy version x of IaC to … e.g. does not “upgrade” a infrastructure
• Alternatives to Terraform are available
• Tools like Ansible, Puppet and Chef
• Do build mutable infrastructure
• Are rather a configuration management
• In most cases procedural
18. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform18
19. brew install terraform
user@gaia:~/ [ic19300] terraform -version
Terraform v0.13.5
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform19
First Steps - Installation
• Available for common OS e.g. Linux, MacOS, Windows, Solaris etc.
https://www.terraform.io/downloads.html
• Recommended to use the latest stable release
• Terraform 0.13.4 introduced a couple of features like loop/count support for modules
• Installation on MacOS is straight forward using brew
20. • Copy the public key to your user account
• Go to User Settings
• Click API Keys
• Click Add Public Key
•
mkdir $HOME/.oci
openssl genrsa -out $HOME/.oci/oci_user.pem 2048
chmod 600 $HOME/.oci/oci_user.pem
openssl rsa -pubout -in $HOME/.oci/oci_user.pem
-out $HOME/.oci/ oci_user_public.pem
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform20
First Steps - Configure
• OCI Terraform Provider requires configuration to be able to access OCI resources
• Create RSA keys to authenticate against OCI
• Configure Terraform Provider
• An example
21. First Steps - Configure
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform21
• Gather Required Information from OCI Console
• Tenancy OCID: <tenancy-ocid>
• From your user avatar, go to Tenancy:<your-tenancy> and copy OCID
• User OCID: <user-ocid>
• From your user avatar, go to User Settings and copy OCID.
• Fingerprint: <fingerprint>
• From your user avatar, go to User Settings and click API Keys
• Copy the fingerprint associated with the RSA public key you made before
• Region: <region-identifier>
• From the top navigation bar, find your region
22. provider "oci" {
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaxuk4je4tqv3nz64s4dmq…"
user_ocid = "ocid1.user.oc1..aaaadwaaqddbuc3sws4ad4kezkmq…"
fingerprint = "4d:e7:ff:8b:35:a9:c9:c7:3e:c9:1f:2a:c7:34:54:00"
private_key_path = ".oci/oci_user.pem"
region = "eu-zurich-1"
}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform22
First Steps - Configure
• Create a folder for your Terraform configuration e.g. test
• Create a simple file provider.tf with the information collected above.
• For testing this might be ok
• But if you store the config in version control, you would store your credential information
• It is higly recommended to define variables and store information outside of your config
• E.g. environment variables
23. • Dedicated Variable file e.g. variables.tf
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region
}
variable "user_ocid" {
description = "user OCID used to access OCI"
type = string
}
variable "fingerprint" {}
variable "private_key_path" {}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform23
First Steps - Configure
• Same provider.tf file with variables
24. • Or as environment variable with the prefix TF_VAR
# provider identity parameters ------------------------------------
region = "eu-zurich-1"
export TF_VAR_fingerprint="d4:d7:af:8b:c1:f9:c9:b7:3e:c9:1f:2a:c7:3b:54:00"
export TF_VAR_user_ocid="ocid1.user.oc1..aaaadwaaqddbuc3sws4ad4kezkmq…"
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform24
First Steps - Configure
• The values can then either be defined in a terraform.tfvars file
• Keep the authentication information separate from your terraform configuration
• Can be reused for other configurations
25. • Validate your terraform configuration
terraform init
terraform validate
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform25
First Steps – Init, Plan, Apply
• Initialize the terraform configuration
• this will create the .terraform folder and download required providers / modules
• Plan the terraform provisioning
terraform plan –out=test.tfplan
• Apply the plan
terraform apply test.tfplan
26. • Results will be shown by the output
data "oci_core_images" "oracle_images" {
compartment_id = var.compartment_id
operating_system = var.ux_host_os
sort_by = "TIMECREATED"
}
output "oracle_images" {
description = "List of available Oracle Images."
value = data.oci_core_images.oracle_images
}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform26
First Steps – What's inside
• A simple data source to ”query” information in OCI
27. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform27
28. Next Steps
• Example was rather simple
• OCI Provider does provide a couple of resources and data sources, see
https://registry.terraform.io/providers/hashicorp/oci/latest/docs
• Comprehensive provider documentation with examples
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform28
29. Next Steps
• Start to build small infrastructure configuration
• Combine them if necessary e.g.
• Configuration for a Network / VCN setup
• Configuation for an Autonomouse Database
• Avoid to create a huge infrastructur configuration
• Here again “One ring to rule them all,…” does not make sense
• It gets cumbersome
• Source for failure does increase
• Start to consider using Modules
• Define reusable Infrastructure components
• Container for multiple resources that are used together
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform29
30. Modules
• Modules generally define at least the following configuration:
• Input variables to accept values from the calling module
• Output values to return results to the calling module
• Resources to define one or more infrastructure objects that the module will manage
• Terraform recommend to follow a standard structure for the module incl. files and folder
• Root module
• README file documenting the module
• Configuration files main.tf, variables.tf, outputs.tf
• Example how to use the module
• Nested modules
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform30
31. module "lab_compartment" {
source = "../modules/lab_compartment"
lab_compartment_name = var.tag_tvd_training
base_compartment_ocid = var.training_compartment_ocid
}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform31
Module Sources
• Modules are eiterh local or in a remote location
• Specified by the source argument in the module blocke
• Remote locations for Modules are…
• … Terraform Registry, which are usually also in a GitHub repository
• … GitHuB, Bitbucket or a generic git repository
• … http URLs and buckets like S3 or GCS
• Terraform will download / copy modules in use to the local .terraform folder
32. module "tvdlab-vcn" {
source = "Trivadis/tvdlab-vcn/oci”
version = "1.1.3"
# insert the 2 required variables here
}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform32
Terraform Registry
• Directly integrated into Terraform
• Terraform will download required providers or module during terraform init
• Location for integrations (providers) and configuration packages (modules)
• developed by HashiCorp
• Third party vendors
• Terraform community
• Does provide basic documentation depending on source
• Readme, input/output values, dependencies and resource
34. Trivadis OCI Module - tvdlab-base
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform34
• Combinded Module in Terraform Repository
• Depends on
• tvdlab-bastion to build a bastion host
• tvdlab-db to build a db host
• tvdlab-vcn to build a VCN
• Based on Oracle Module with similar use cases
• But do support count to create n-number of similar instances
• Base Module to build training / lab environments
• VCN setup with a public and private network
• Accessible via bastion host
• Access via SSH or HTTP guacamole
36. Trivadis LAB
• Trivadis Training start using OCI for there Oracle Based Trainings
• Setup and Configure Infrastructure using Terraform
• Define reusable components e.g. Modules
• Module for VCN with private and public subnet
• Module for Bastion host with dedicated bootstrap script
• Module for compute instance
• Module for other resources
• Provision the number of environments based on trainis
• Simply specify TF_VAR_tvd_participants to add n-numbers of environments
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform36
40. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform40
41. terraform {
required_version = ">= 0.13.0"
backend "http" {
update_method = "PUT"
address = "https://objectstorage.eu-zurich-1.../terraform.tfstate"
}
}
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform41
Good Practice
• Use Terraform relatively early in your OCI journey
• Use a version control system preferable git
• Create separate repository for configuration, modules etc
• Store the *.tfstate file centrally e.g. in OCI object storage
• Alternatively other backends are supported
42. Good Practice
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform42
• Use the latest version of Terraform at least 0.13.x
• Support for count/loop etc in modules
• In particular if you start from scratch any way
• Keep your TF configuration simple
• Create multiple files
• Separate by compartments etc.
• Be careful when re-run apply
• A new bootstrap script can cause the compute instance to be recreated
• Do not use -auto-approve or –force
• This means an apply makes changes without prompting
• Your resources can be gone faster than you would like
43. Good Practice
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform43
• Have a clear strategy when to use TF & when not
• Probably combination with HashiCorp Packer, Ansible etc
• Update your OCI provider regularly
• It can happen that you are forced to do this at the wrong moment
• Just quickly make a small change...
• Use a Tool like VS Code with TF plug-in
• Subscribe to the OCI and terraform-provider-oci issues
44. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform44
45. Graphs and Resource Discovery
• Visualisation with terraform graph
• Create a visual graph of Terraform resources
• .dot file create by terraform
• Helpful to diagnosing errors
• Can become rather complex
• Provider based resource discovery
• Functionality provided by the provider itself
• Used to identify gap between current state and plan
• Used to create terraform configuration of an existing environment
• Oracle does use this in OCI itself to define Stacks
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform45
46. echo "module.tvdlab-base.bastion_public_ip.0"| terraform console
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform46
Terraform Console
• interactive console for evaluating expressions
• Interacting with the current state of a terraform configuration
• Does work with local an remote state
• If state is empty used to experiment with the expression syntax
• Can also be use for scripting
• grab some information from a state e.g. IP addresses of a bastion host.
47. Further considerations
• OCI Resource manager
• Allows to define OCI Stacks using Terraform
• Based on existing Configuration or discovery
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform47
48. Where to Start
• Information from Terraform
• Terraform eLearnings
• Documentation and white papers
• Oracle examples
• Oracle Based resources like
• OCI Development Documentation
• Oracle OCI Provider github repository with examples
• Oracle Terraform Registry modules
• Blog posts and cummunity projects / repositories
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform48
49. Agenda
• Introduction
• Terraform in a Nutshell
• First Steps
• Next Steps and Use Cases
• Good Practice
• Further considerations
• Summary
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform49
50. Summary
• Terraform is a useful tool for implementing IaC with OCI
• a clear strategy is essential
• It can happen that you get lost by engineering the “one configuration to rule them all…”
• Consider to use Modules to combine configurations which are reused often
• Consider the good practice
• It is worth having a look at the different resource from Terraform and Oracle
• Get some Ideas
• Examples for the own infrastructure
• And if you wait until your 20 computing instances are deployed…
• … it might be time to watch one of the old SF movies / TV shows
29.10.2020 APACOUC - Oracle Cloud deployment with Terraform50
51.
52. References
• Oracle Terraform Examples https://github.com/oracle/terraform-examples
• Oracle learning Library https://github.com/oracle/learning-library
• Oracle OCI CLI https://github.com/oracle/oci-cli
• Oracle OCI Documentation:
• Terraform https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/terraform.htm
• SDK https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm
• REST API https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm
• Terraform OCI Provider with examples
• https://github.com/terraform-providers/terraform-provider-oci
• Terraform Documentation https://www.terraform.io/docs/index.html
• CLI, Provider and much more.