Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training
Table of Content
- Terraform setting up variables
- Creating a Compartment on OCI
- Creating an Instance with existing Network
- Creating an Instance with Network
- Create Non Federated User
- Create user, group, dynamic group, attach users to group and policies
- Create Highly Scalable Cluster on OCI
- Create Load Balancer on OCI
- Dockers on OCI
- Author : Madhusudhan Rao
Introduction
Infrastructure as Code (IaC) is the management of infrastructure (networks, virtual machines, load balancers and connection topology) , Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.
Scope of this Blog: To run Terraform script on Oracle Cloud Infrastructure OCI and to create resources such as Compute, Network, Users , Groups, Dynamic Groups, Policies, Load Balancer, Cluster of Compute Instances , Managing Clusters, Deep Dive into Dockers etc more from a Practical hands-on approach.
Steps
- Install latest version of Terraform
- Generate Keys
- Get User’s Fingerprint Id
- Gather the required variables
- Terraform variable file
1. Install latest version of Terraform
You can check this article to have latest version of Terraform running on your desktop or laptop or even a virtual machine running on cloud environment.
madhusudhanrao@MadhuMac ~ % terraform -v Terraform v0.13.5
2. Generate Keys
Pubic and Private Keys Open SSL .pem format
Generate Public and Private Keys
madhusudhanrao@MadhuMac keys % openssl genrsa -out /Users/madhusudhanrao/tf/keys/myopensslkey.pem 2048 Generating RSA private key, 2048 bit long modulus .........................................................+++ ............................+++ e is 65537 (0x10001) madhusudhanrao@MadhuMac keys % chmod go-rwx /Users/madhusudhanrao/tf/keys/myopensslkey.pem madhusudhanrao@MadhuMac keys % openssl rsa -pubout -in /Users/madhusudhanrao/tf/keys/myopensslkey.pem -out /Users/madhusudhanrao/tf/keys/myopensslkey_public.pem writing RSA key
Generate an SSH Key Pair on UNIX and UNIX-Like Systems (id_rsa)
Refer this link
madhusudhanrao@MadhuMac keys % openssl genrsa -out /Users/madhusudhanrao/tf/keys/myopensslkey.pem 2048 madhusudhanrao@MadhuMac keys % ls aishu_rsa_private_key.pem id_rsa.pub llgb.pub myopensslkey.pem aishu_rsa_public_key.pem key_name_public.pem mykey myopensslkey_public.pem id_rsa llgb mykey.pub madhusudhanrao@MadhuMac keys % cat myopensslkey_public.pem | pbcopy
3. Get Users Fingerprint Id.
Refer this link
Upload the Public Key
You can upload the PEM public key in the Console, located at https://console.us-ashburn-1.oraclecloud.com. If you don’t have a login and password for the Console, contact an administrator.
- Open the Console, and sign in.
-
View the details for the user who will be calling the API with the key pair:
- If you’re signed in as the user:
Open the Profile menu and click User Settings.
- If you’re an administrator doing this for another user: Open the navigation menu. Under Governance and Administration, go to Identity and click Users. Select the user from the list.
- If you’re signed in as the user:
- Click Add Public Key.
- Paste the contents of the PEM public key in the dialog box and click Add.
The key’s fingerprint is displayed (for example, 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef).
Notice that after you’ve uploaded your first public key, you can also use the UploadApiKey API operation to upload additional keys. You can have up to three API key pairs per user. In an API request, you specify the key’s fingerprint to indicate which key you’re using to sign the request.
4. Gather required Terraform Variables
Login to cloud console https://console.us-ashburn-1.oraclecloud.com/tenancy
A) tenancy_ocid : Navigation Administrator > Tenancy Details
Copy the OCID Example :
ocid1.tenancy.oc1..XXXXXdd6ahdouq
B) Region : Region is taken browser url , for example if URL is https://console.us-ashburn-1.oraclecloud.com/tenancy , then region will be us-ashburn-1
C) user_ocid : Navigation Identity > Users
Select the Federated User and copy the OCID
Example User OCID:
ocid1.user.oc1..XXXXX7gajpkup6jjq
D) Fingerprint : Navigation Identity > Users > API Keys
fingerprint should have been copied in previous step itself , when you uploaded Public Key or if not you can take it from API Keys listed under the Federated User,
Most important the fingerprint should match the Public Key that you uploaded for this Terraform scripts and you cannot just use any other fingerprints under API Keys
Example Fingerprint
e6:65:1d:3f:8f:94:XX:YY:ZZ:9c:9b:45:a1
E) compartment_ocid : Navigation Identity > Compartments
Copy the compartment ocid under which we plan to create resources
Example Compartment id
ocid1.compartment.oc1..XXXXXXXXcktfgexwdddsn6j4paqphq
F) private_key_path
Keys were generated in previous steps so private key would be something like this
/Users/username/directory/keys/myopensslkey.pem
G) ssh_private_key
/Users/username/directory/keys/myopensslkey.pem
H) ssh_public_key
Public Key is something you would need to copy paste , so this would look something like this
cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAXXXXXLOs14kmtnCR6TihglaQ8QbXVi5nB5yauZw== [email protected]
5) Terraform variable file
We now have required variable information to create terraform variable file variables.tf
#*************************************
# TF Requirements
#*************************************
variable "tenancy_ocid" {
default = "ocid1.tenancy.oc1..XXXlwwvtqvzpfdp255vjqpsdd6ahdouq"
}
variable "region" {
default = "us-ashburn-1"
}
variable "user_ocid" {
default = "ocid1.user.oc1..XXXtvmjhudi3fcue4nbuxjsf3s4mca"
}
variable "private_key_path"{
default = "/Users/username/keys/myopensslkey.pem"
}
variable "fingerprint"{
default = "e6:65:XX:YY:ZZ:9c:9b:45:a1"
}
variable "compartment_ocid" {
#Compartment-12112020
default = "ocid1.compartment.oc1..XXXXx6rhcktfgexwdddsn6j4paqphq"
}
variable "ssh_public_key" {
# cat id_rsa.pub
default = "ssh-rsa AAAAB3NzaC1XXXXQ8QbXVi5nB5yauZw== [email protected]"
}
variable "ssh_private_key" {
default = "/Users/username/keys/myopensslkey.pem"
}
Disclaimer : All views expressed in my blogs are my own.