OCI FortiGate HA Cluster – Reference Architecture: Code Review and Fixes
Introduction OCI Quick Start repositories on GitHub are collections of Terraform scripts and configurations provided by Oracle. These repositories ... Read More
Découvrez pourquoi Eclipsys a été nommée 2023 Best Workplaces in Technology, Great Place to Work® Canada et Canada's Top 100 SME !
En savoir plus !Terraform brings a new paradigm where Infrastructure becomes a Code, and with Cloud becoming what it is today, everyone is invited at the (devops) table. Therefore, after provisioning with oci-cli in my previous BlogPost, I will explore the same task using terraform.To add more fun, we won’t just deploy an instance but also configure a website linked to its public IP.
Note This lab will also help you practice if you are preparing for OCI Operations Associate exam(1Z0-1067).
Topology
The following illustration shows the layers involved between your workstation an Oracle cloud infrastructure while running the terraform commands along with the instance attributes we will be provisioning.
Besides describing my GitHub repo before starting this tutorial, I’ll just briefly discuss some principles.
Component "Provider_Resource_type" "MyResource_Name" { Attribute1 = value ..
Attribute2 = value ..}
Where the hell do I find a good deployment sample?
The most important thing when learning a new program is accomplishing your first HelloWorld. Unfortunately, google can’t always make the cut as samples I used had errors. Luckily, OCI Resource Manager had some samples I managed to export and tweak which was a good starting point for this lab.
Terraform lab content: I have deliberately split this lab in 2 :
Since I’m on windows I tried the lab using both Gitbash and WSL(Linux) terminal clients but the same applies to MAC.
Windows: Download and run the installer from their website (32-bit ,64-bit)
Linux : Download, unzip and move the binary to the local bin directory
$ wget https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
$ unzip terraform_0.12.18_linux_amd64.zip
$ mv terraform /usr/local/bin/
Once installed run the version command to validate your installation
$ terraform --version
Terraform v0.12.24
OCI API Key based authentication
API Key authentication requires that you provide the following OCI credentials:
Tenancy_ocid, Compartment_ocid, user_ocid and the region
The private API key path and its fingerprint to authenticate with your tenancy account
The SSH key pair (Private/Public) required when launching the new compute instance
Assumptions
– Terraform shares most of the authentication parameters with oci-cli (located in ~/.oci/config
). Please refer to my Other post for details on how to setup oci-cli if it isn’t done yet.
– However, terraform also allows using environment variables to define these parameters. This is why I will be using a shell script that sets them before the deployment (I still needed oci-cli for API keys).
$ git clone https://github.com/brokedba/terraform-examples.git
Note: As explained earlier you will find 2 directories inside the repository which will make things easier:
terraform-provider-oci/create-vcn/
To grasp how we deploy a single VCN.terraform-provider-oci/launch-instance/
For the full instance deploy, once comfortable with terraform.1. INSTALL AND SETUP THE OCI PROVIDER
terraform-provider-oci/create-vcn
where our configuration resides (i.e vcn )$ cd /c/Users/brokedba/oci/terraform-examples/terraform-provider-oci/create-vcn
terraform init
.$ terraform init
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "oci" (hashicorp/oci) 3.83.1...
* provider.oci: version = "~> 3.83"
$ terraform --version
Terraform v0.12.24
+ provider.oci v3.83.1 ---> the privider is now installed
create-vcn
directory. Here, only *.tf
files matter along with env-vars
(click to see content)$ tree
.
|-- env-vars ---> TF_environment_variables needed to authenticate to OCI
|-- outputs.tf ---> displays the resources detail at the end of the deploy
|-- schema.yaml ---> Contains the stack (variables) description
|-- variables.tf ---> Resource variables needed for the deploy
`-- vcn.tf ---> Our vcn terraform declaration code (configuration)
env-vars
file according to your tenancy and key pairs (API/SSH)
.$ vi env-vars
export TF_VAR_tenancy_ocid="ocid1.tenancy.oc1..aaaaaaaa" # change me
export TF_VAR_user_ocid="ocid1.user.oc1..aaaaaaaa" # change me
export TF_VAR_compartment_ocid="ocid1.tenancy.oc1..aaaaaaaa" # change me
export TF_VAR_fingerprint=$(cat PATH_To_Fing/oci_api_key_fingerprint)# change me
export TF_VAR_private_key_path=PATH_To_APIKEY/oci_api_key.pem # change me
export TF_VAR_ssh_public_key=$(cat PATH_To_PublicSSH/id_rsa.pub) # change me
export TF_VAR_ssh_private_key=$(cat PATH_To_PrivateSSH/id_rsa) # change me
export TF_VAR_region="ca-toronto-1" # change me
$ . env-vars
DEPLOY A SIMPLE VCN
env-vars
values are set and sourced, we can run terraform plan
command to create an execution plan (quick dry run to check the desired state/actions )$ terraform plan
Refreshing Terraform state in-memory prior to plan...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Terraform will perform the following actions:
# oci_core_default_route_table.rt will be created
+ resource "oci_core_default_route_table" "rt"
{..}
# oci_core_internet_gateway.gtw will be created
+ resource "oci_core_internet_gateway" "gtw"
{..}
# oci_core_security_list.terra_sl will be created
+ resource "oci_core_security_list" "terra_sl" {
+ egress_security_rules {..}
+ ingress_security_rules {..
+ tcp_options {+ max = 22 + min = 22}}
+ ingress_security_rules {..
+ tcp_options { + max = 80 + min = 80}}
}
# oci_core_subnet.terrasub[0] will be created
+ resource "oci_core_subnet" "terrasub" {
+ availability_domain = "BahF:CA-TORONTO-1-AD-1"
+ cidr_block = "192.168.78.0/24"
...}
# oci_core_vcn.vcnterra will be created
+ resource "oci_core_vcn" "vcnterra" {
+ cidr_block = "192.168.64.0/20"
...}
Plan: 5 to add, 0 to change, 0 to destroy.
terraform deploy
to apply the changes required to create our VCN ( listed in the plan )$ terraform apply -auto-approve
oci_core_vcn.vcnterra: Creating...
...
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
Outputs:
default_dhcp_options_id = ocid1.dhcpoptions.oc1.ca-toronto-1.aaaaaaaaasxxxx
default_route_table_id = ocid1.routetable.oc1.ca-toronto-1.aaaaaaaaaxxx
default_security_list_id = ocid1.securitylist.oc1.ca-toronto-1.aaaaaaaaxx
internet_gateway_id = ocid1.internetgateway.oc1.ca-toronto-1.aaaaaaaaxxxx
subnet_ids = ["ocid1.subnet.oc1.ca-toronto-1.aaaaaaaaxxx,]
vcn_id = ocid1.vcn.oc1.ca-toronto-1.amaaaaaaaxxx
Observations :
– The deploy started by loading the resources variables in variables.tf which allowed the execution of vcn.tf
– Finally terraform fetched the variables (ocids) of the resources listed in outputs.tf (lookup)
Note : In order to continue the lab we will need to destroy the vcn as the full instance launch will recreate it.
$ terraform destroy -auto-approve
Destroy complete! Resources: 5 destroyed.
1. OVERVIEW
terraform-provider-oci/launch-instance/
$ tree ./terraform-provider-oci/launch-instance
.
|-- cloud-init ---> SubFolder
| `--> vm.cloud-config ---> script to install a web server & add a Webpage at startup
|-- compute.tf ---> Instance related terraform configuration
|-- env-vars ---> authentication envirment variables
|-- outputs.tf ---> displays the resources detail at the end of the deploy
|-- schema.yaml ---> Containes the stack (variables)
|-- variables.tf ---> Resource variables needed for the deploy
|-- vcn.tf ---> same vcn terraform declaration
Note: As you can see we have 2 additional files and one Subfolder.
compute.tf is where the compute instance and all its attributes are declared. All the other tf files come from my vcn example with some additions for variables.tf and output.tf
$ vi compute.tf
resource "oci_core_instance" "terra_inst" {
...
metadata = {
ssh_authorized_keys = file("../../.ssh/id_rsa.pub") ---> Upload sshkey
user_data = base64encode(file("./cloud-init/vm.cloud-config")) ---> Run tasks
}
...
2. LAUNCH THE INSTANCE
launch-instance
directory make sure you copied the adjusted env-vars
file and sourced it (see III. Provider setup
). You can then run the plan command (output is truncated for more visibility)$ terraform plan
Refreshing Terraform state in-memory prior to plan...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Terraform will perform the following actions:
... # VCN declaration
# oci_core_instance.terra_inst will be created
+ resource "oci_core_instance" " terra_inst" {
+ ...
+ defined_tags = (known after apply)
+ display_name = "TerraCompute"
+ metadata = {
+ "ssh_authorized_keys" =...
+ "user_data" = " ...
+ shape = "VM.Standard.E2.1.Micro"
+ ...
+ create_vnic_details {
+ hostname_label = "terrahost"
+ private_ip = "192.168.78.51"
..}
+ source_details {
+ boot_volume_size_in_gbs = "50"
+ source_type = "image"
..}
# oci_core_volume.terra_vol will be created
+ resource "oci_core_volume" "terra_vol" {..}
# oci_core_volume_attachment.terra_attach will be created
+ resource "oci_core_volume_attachment" "terra_attach" {..}
...
Plan: 8 to add, 0 to change, 0 to destroy.
$ terraform apply -auto-approve
...
oci_core_instance.terra_inst: Creation complete after 1m46s
oci_core_volume.terra_vol: Creation complete after 14s
oci_core_volume_attachment.terra_attach: Creation complete after 33s
...
Apply complete! Resources: 8 added, 0 changed, 0 destroyed.
Outputs:
...
private_ip = [ "192.168.78.51",]
public_ip = [ "132.145.108.51",]
3. CONNECTION TO YOUR INSTANCE WEB PAGE
variables.tf
file.Introduction OCI Quick Start repositories on GitHub are collections of Terraform scripts and configurations provided by Oracle. These repositories ... Read More
Introduction So far, I have used Oracle AutoUpgrade, many times in 3 different OS’. Yet the more you think you’ve seen it all and reached the ... Read More