Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training
Table of Content
- Terraform setting up variables
- Creating a Compartment on OCI
- Creating an Instance with existing Network
- Creating an Instance with Network
- Create Non Federated User
- Create user, group, dynamic group, attach users to group and policies
- Create Highly Scalable Cluster on OCI
- Create Load Balancer on OCI
- Dockers on OCI
- Author : Madhusudhan Rao
Terraform on OCI create compartment
To create a Compartment on OCI , we would basically need 3 files in same folder (for example i am using mytf-compartment folder) and run the terraform script , they are
- provider.tf
- compartment.tf
- output.tf
provider.tf
You can get these variable values from our previous exercise
provider "oci" { tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa6XXXXXsdd6ahdouq" user_ocid = "ocid1.user.oc1..aaaaaaaa7XXXXXxjsf3s4mca" private_key_path = "/Users/madhusudhanrao/keys/myopensslkey.pem" fingerprint = "e6:65:1d:3f:XX:YY:9b:45:a1" region = "us-ashburn-1" }
compartment.tf
#compartment.tf resource "oci_identity_compartment" "tf-compartment" { # Required ( Parent compartment Id ) compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vfXXXX55vjqpsdd6ahdouq" description = "Compartment for Terraform resources." # New Compartment Name name = "Compartment-15Nov" }
output.tf
#Outputs for compartment output "compartment-name" { value = oci_identity_compartment.tf-compartment.name } output "compartment-OCID" { value = oci_identity_compartment.tf-compartment.id }
terraform init
madhusudhanrao@MadhuMac mytf-compartment % terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/oci... - Installing hashicorp/oci v4.3.0... - Installed hashicorp/oci v4.3.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/oci: version = "~> 4.3.0" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
terraform plan
madhusudhanrao@MadhuMac mytf-compartment % terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_identity_compartment.tf-compartment will be created + resource "oci_identity_compartment" "tf-compartment" { + compartment_id = "ocid1.tenancy.oc1..aaaaaaaaXXXXXdd6ahdouq" + defined_tags = (known after apply) + description = "Compartment for Terraform resources." + freeform_tags = (known after apply) + id = (known after apply) + inactive_state = (known after apply) + is_accessible = (known after apply) + name = "Compartment-15Nov" + state = (known after apply) + time_created = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
terraform apply
madhusudhanrao@MadhuMac mytf-compartment % terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_identity_compartment.tf-compartment will be created + resource "oci_identity_compartment" "tf-compartment" { + compartment_id = "ocid1.tenancy.oc1..aaaaaaaXXXXvjqpsdd6ahdouq" + defined_tags = (known after apply) + description = "Compartment for Terraform resources." + freeform_tags = (known after apply) + id = (known after apply) + inactive_state = (known after apply) + is_accessible = (known after apply) + name = "Compartment-15Nov" + state = (known after apply) + time_created = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + compartment-OCID = (known after apply) + compartment-name = "Compartment-15Nov" ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. madhusudhanrao@MadhuMac mytf-compartment % terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_identity_compartment.tf-compartment will be created + resource "oci_identity_compartment" "tf-compartment" { + compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vXXXXXqpsdd6ahdouq" + defined_tags = (known after apply) + description = "Compartment for Terraform resources." + freeform_tags = (known after apply) + id = (known after apply) + inactive_state = (known after apply) + is_accessible = (known after apply) + name = "Compartment-15Nov" + state = (known after apply) + time_created = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + compartment-OCID = (known after apply) + compartment-name = "Compartment-15Nov" Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes oci_identity_compartment.tf-compartment: Creating... oci_identity_compartment.tf-compartment: Creation complete after 6s [id=ocid1.compartment.oc1..aaaaaaaahb7sXXXXXkqukwwbzx5nuauaa] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: compartment-OCID = ocid1.compartment.oc1..aaaaaaaahb7s4w3laXXXXXzx5nuauaa compartment-name = Compartment-15Nov
Reality Check
login to cloud console https://console.us-ashburn-1.oraclecloud.com/ and you should be able to see your newly created compartment
terraform destroy
madhusudhanrao@MadhuMac mytf-compartment % terraform destroy oci_identity_compartment.tf-compartment: Refreshing state... [id=ocid1.compartment.oc1..aaaaaaaahbXXXXXkqukwwbzx5nuauaa] An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # oci_identity_compartment.tf-compartment will be destroyed - resource "oci_identity_compartment" "tf-compartment" { - compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vfq4yi7ogcXXXXXqpsdd6ahdouq" -> null - defined_tags = { - "Oracle-Tags.CreatedBy" = "[email protected]" - "Oracle-Tags.CreatedOn" = "2020-11-15T06:55:53.246Z" } -> null - description = "Compartment for Terraform resources." -> null - freeform_tags = {} -> null - id = "ocid1.compartment.oc1..XXXXqukwwbzx5nuauaa" -> null - is_accessible = true -> null - name = "Compartment-15Nov" -> null - state = "ACTIVE" -> null - time_created = "2020-11-15 06:55:53.939 +0000 UTC" -> null } Plan: 0 to add, 0 to change, 1 to destroy. Changes to Outputs: - compartment-OCID = "ocid1.compartment.oc1..aaaaaaaahb7XXXXXwbzx5nuauaa" -> null - compartment-name = "Compartment-15Nov" -> null Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes oci_identity_compartment.tf-compartment: Destroying... [id=ocid1.compartment.oc1..XXXXXexkqukwwbzx5nuauaa] oci_identity_compartment.tf-compartment: Destruction complete after 0s Destroy complete! Resources: 1 destroyed.
Possible Error Messages
madhusudhanrao@MadhuMac mytf-compartment % terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_identity_compartment.tf-compartment will be created + resource "oci_identity_compartment" "tf-compartment" { + compartment_id = "ocid1.tenancy.oc1..aaaaaaaaXXXahdouq" + defined_tags = (known after apply) + description = "Compartment for Terraform resources." + freeform_tags = (known after apply) + id = (known after apply) + inactive_state = (known after apply) + is_accessible = (known after apply) + name = "Compartment-15Nov" + state = (known after apply) + time_created = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes oci_identity_compartment.tf-compartment: Creating... Error: Service error:NotAuthenticated. The required information to complete authentication was not provided or was incorrect.. http status code: 401. Opc request id: 1b613bYYYYYYa05/06999FD219D209XXXXX848A4B3E58A2F, The service for this resource encountered an error. Please contact support for help with that service on compartment.tf line 2, in resource "oci_identity_compartment" "tf-compartment": 2: resource "oci_identity_compartment" "tf-compartment" {
Solution : Just check if the fingerprint and private key are matching to the one uploaded as public key in provider.tf