OCI, Terraform & IaC: Creating Compartments for CIS Foundation Architecture
In this third blog post series, we will be creating four main compartments Security Compartment Network Compartment App/Dev Compartment Database ... Read More
OCI, Terraform & IaC: Coding Myself Out Of A Job
I haven’t written a blog in a while, and I have made a couple of mistakes lately that could have easily been avoided if I had done my tasks as IaC (Infrastructure as Code). So I will start a series of IaC and Terraform. I know many blogs about this, but I hope you find this helpful.
I will start with an Oracle Linux 8 VM that I created in OCI to work with. I won’t go into how I set that up, but I am using the always-free version.
[root@oracle-rene-cloud-ace ~]# cat /etc/redhat-release Red Hat Enterprise Linux release 8.9 (Ootpa)
I installed the following in the VM
- yum-utils
- Terraform
- oraclelinux-developer-release-el8
- python36-oci-cli
- oracle-database-preinstall-19c (only because I was lazy and I wanted the Oracle user in this VM)
[root@oracle-rene-cloud-ace ~]# yum update Last metadata expiration check: 0:05:35 ago on Tue 13 Feb 2024 01:55:37 PM GMT. ... [root@oracle-rene-cloud-ace ~]# yum install yum-utils -y Last metadata expiration check: 2:51:59 ago on Tue 13 Feb 2024 02:01:55 PM GMT. ... [root@oracle-rene-cloud-ace ~]# yum install terraform -y Last metadata expiration check: 1:08:28 ago on Tue 13 Feb 2024 03:55:37 PM GMT. ... [root@oracle-rene-cloud-ace ~]# dnf install -y oracle-database-preinstall-19c Last metadata expiration check: 0:11:39 ago on Tue 13 Feb 2024 05:51:03 PM GMT ... [root@oracle-rene-cloud-ace ~]$ dnf install -y python36-oci-cli Last metadata expiration check: 2:48:55 ago on Tue 13 Feb 2024 06:51:03 PM GMT. ...
Once I did this, I set up OCI CLI and my config file as per this blog post. After I configured everything, I tested my environment was working and queried the region and availability domain, as I needed that information for my terraform variables.
[opc@oracle-rene-cloud-ace ~]$ oci setup repair-file-permissions --file /home/opc/.oci/config [opc@oracle-rene-cloud-ace ~]$ oci iam region list --output table +-----+-------------------+ | key | name | +-----+-------------------+ | AMS | eu-amsterdam-1 | | ARN | eu-stockholm-1 | | AUH | me-abudhabi-1 | | BOG | sa-bogota-1 | | BOM | ap-mumbai-1 | ... | YYZ | ca-toronto-1 | | ZRH | eu-zurich-1 | +-----+-------------------+ [opc@oracle-rene-cloud-ace ~]$ oci iam availability-domain list --query "data[*].{Name:\"name\"}" --output table +------------------------+ | Name | +------------------------+ | LVfX:CA-TORONTO-1-AD-1 | +------------------------+
Terraform Primer
What it is
- Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently
- Manage Infrastructure — from physical and virtual servers to email and DNS providers
- Infrastructure as code
- Infrastructure is described using a high-level syntax
- Terraform is used on AWS/GCP/OCI to provision infrastructure like Databases/VPC, Subnets, Security Groups and Instances
How does it work?
- A .tf config file allows to describe the infrastructure in simple domain-specific language (DSL)
- Terraform CLI creates, changes, and destroys these resources accordingly
- Terraform is comprised of Terraform Core and Terraform Plugins
- A provider in Terraform is responsible for the lifecycle of a resource: create, read, update, delete
- Terraform is comprised of Terraform Core and Terraform Plugins
-
- Terraform Core reads the configuration and builds the resource dependency graph
- Terraform Plugins (providers and provisioners) bridge Terraform Core and their respective target APIs. Terraform provider plugins implement resources via basic CRUD (create, read, update, and delete) APIs to communicate with third-party services
- A provider in Terraform is responsible for the lifecycle of a resource: create, read, update, and delete
- Upon Terraform plan or Terraform application, Terraform Core asks the Terraform provider to act as an RPC (Remote Procedure Call) Interface
-
Resources
- Declare .tf file resources via HCL (HashiCorp Configuration Language)
- The most important thing you will configure with Terraform is resources
Example:
Working with variables
- Terraform loads all files ending in .tf in a directory
- If a default value is set, the variable is optional
- Otherwise, the variable is required so that Terraform will prompt you for the values for unset string variables during run time
- Terraform will also read environment variables in the form of TF_VAR_name
- Example:
- export TF_VAR_region=”ca-toronto-1″
- Example:
Basic CLI Usage
- Terraform init prepares the Terraform working directory by installing all the necessary provider plugins, downloading modules, and storing the state in the backend configuration.
- Terraform plan to view the execution plan
- Terraform applies to execute the plan
- Terraform to destroy infrastructure
tfstate
- Terraform saves the record of the infrastructure state in JSON format
- The current state lives in terraform.tfstate
- Sensitive data in tfstate
- backup of the previous state lives in terraform.tfstate.backup
Conclusion
We went over the basics of Terraform and how to initialize our environment so that we can start to work with Terraform and OCI. In the next blog posts, I will go into how to do basic IaC for an IAM Policy and a compartment, and we will grow it from there.
More from this Author
OCI, Terraform & IaC: Creating a Compartment
In my previous post, I talked about the setup of Terraform and a primer on what it is. In this blog post, I will create a simple resource in OCI. One ... Read More
