Terraform on OCI Series

Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training

Table of Content

Terraform on OCI create compartment

To create a Compartment on OCI , we would basically need 3 files in same folder (for example i am using mytf-compartment folder) and run the terraform script , they are

  1. provider.tf
  2. compartment.tf
  3. output.tf

provider.tf

You can get these variable values from our previous exercise

provider "oci" {
  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa6XXXXXsdd6ahdouq"
  user_ocid = "ocid1.user.oc1..aaaaaaaa7XXXXXxjsf3s4mca" 
  private_key_path = "/Users/madhusudhanrao/keys/myopensslkey.pem"
  fingerprint = "e6:65:1d:3f:XX:YY:9b:45:a1"
  region = "us-ashburn-1"
}

compartment.tf

#compartment.tf
resource "oci_identity_compartment" "tf-compartment" {
    # Required ( Parent compartment Id )
    compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vfXXXX55vjqpsdd6ahdouq"
    description = "Compartment for Terraform resources."
    # New Compartment Name
    name = "Compartment-15Nov"
}

output.tf

#Outputs for compartment 
output "compartment-name" {
  value = oci_identity_compartment.tf-compartment.name
} 
output "compartment-OCID" {
  value = oci_identity_compartment.tf-compartment.id
}

terraform init

[email protected] mytf-compartment % terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v4.3.0...
- Installed hashicorp/oci v4.3.0 (signed by HashiCorp)

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, we recommend adding version constraints in a required_providers block
in your configuration, with the constraint strings suggested below.

* hashicorp/oci: version = "~> 4.3.0"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

terraform plan

[email protected] mytf-compartment % terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_identity_compartment.tf-compartment will be created
  + resource "oci_identity_compartment" "tf-compartment" {
      + compartment_id = "ocid1.tenancy.oc1..aaaaaaaaXXXXXdd6ahdouq"
      + defined_tags   = (known after apply)
      + description    = "Compartment for Terraform resources."
      + freeform_tags  = (known after apply)
      + id             = (known after apply)
      + inactive_state = (known after apply)
      + is_accessible  = (known after apply)
      + name           = "Compartment-15Nov"
      + state          = (known after apply)
      + time_created   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

terraform apply

[email protected] mytf-compartment % terraform plan 
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_identity_compartment.tf-compartment will be created
  + resource "oci_identity_compartment" "tf-compartment" {
      + compartment_id = "ocid1.tenancy.oc1..aaaaaaaXXXXvjqpsdd6ahdouq"
      + defined_tags   = (known after apply)
      + description    = "Compartment for Terraform resources."
      + freeform_tags  = (known after apply)
      + id             = (known after apply)
      + inactive_state = (known after apply)
      + is_accessible  = (known after apply)
      + name           = "Compartment-15Nov"
      + state          = (known after apply)
      + time_created   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + compartment-OCID = (known after apply)
  + compartment-name = "Compartment-15Nov"

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

[email protected] mytf-compartment % terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_identity_compartment.tf-compartment will be created
  + resource "oci_identity_compartment" "tf-compartment" {
      + compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vXXXXXqpsdd6ahdouq"
      + defined_tags   = (known after apply)
      + description    = "Compartment for Terraform resources."
      + freeform_tags  = (known after apply)
      + id             = (known after apply)
      + inactive_state = (known after apply)
      + is_accessible  = (known after apply)
      + name           = "Compartment-15Nov"
      + state          = (known after apply)
      + time_created   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + compartment-OCID = (known after apply)
  + compartment-name = "Compartment-15Nov"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_identity_compartment.tf-compartment: Creating...
oci_identity_compartment.tf-compartment: Creation complete after 6s 
[id=ocid1.compartment.oc1..aaaaaaaahb7sXXXXXkqukwwbzx5nuauaa]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

compartment-OCID = ocid1.compartment.oc1..aaaaaaaahb7s4w3laXXXXXzx5nuauaa
compartment-name = Compartment-15Nov

Reality Check

login to cloud console https://console.us-ashburn-1.oraclecloud.com/ and you should be able to see your newly created compartment

terraform destroy

[email protected] mytf-compartment % terraform destroy
oci_identity_compartment.tf-compartment: Refreshing state... [id=ocid1.compartment.oc1..aaaaaaaahbXXXXXkqukwwbzx5nuauaa]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # oci_identity_compartment.tf-compartment will be destroyed
  - resource "oci_identity_compartment" "tf-compartment" {
      - compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vfq4yi7ogcXXXXXqpsdd6ahdouq" -> null
      - defined_tags   = {
          - "Oracle-Tags.CreatedBy" = "[email protected]"
          - "Oracle-Tags.CreatedOn" = "2020-11-15T06:55:53.246Z"
        } -> null
      - description    = "Compartment for Terraform resources." -> null
      - freeform_tags  = {} -> null
      - id             = "ocid1.compartment.oc1..XXXXqukwwbzx5nuauaa" -> null
      - is_accessible  = true -> null
      - name           = "Compartment-15Nov" -> null
      - state          = "ACTIVE" -> null
      - time_created   = "2020-11-15 06:55:53.939 +0000 UTC" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  - compartment-OCID = "ocid1.compartment.oc1..aaaaaaaahb7XXXXXwbzx5nuauaa" -> null
  - compartment-name = "Compartment-15Nov" -> null

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

oci_identity_compartment.tf-compartment: Destroying... [id=ocid1.compartment.oc1..XXXXXexkqukwwbzx5nuauaa]
oci_identity_compartment.tf-compartment: Destruction complete after 0s

Destroy complete! Resources: 1 destroyed.

Possible Error Messages

[email protected] mytf-compartment % terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_identity_compartment.tf-compartment will be created
  + resource "oci_identity_compartment" "tf-compartment" {
      + compartment_id = "ocid1.tenancy.oc1..aaaaaaaaXXXahdouq"
      + defined_tags   = (known after apply)
      + description    = "Compartment for Terraform resources."
      + freeform_tags  = (known after apply)
      + id             = (known after apply)
      + inactive_state = (known after apply)
      + is_accessible  = (known after apply)
      + name           = "Compartment-15Nov"
      + state          = (known after apply)
      + time_created   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_identity_compartment.tf-compartment: Creating...

Error: Service error:NotAuthenticated. The required information to complete authentication was not provided or was incorrect.. http status code: 401. 
Opc request id: 1b613bYYYYYYa05/06999FD219D209XXXXX848A4B3E58A2F, The service for this resource encountered an error. 
Please contact support for help with that service

  on compartment.tf line 2, in resource "oci_identity_compartment" "tf-compartment":
   2: resource "oci_identity_compartment" "tf-compartment" { 

Solution : Just check if the fingerprint and private key are matching to the one uploaded as public key in provider.tf