Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training
Table of Content
-
- Terraform setting up variables
- Creating a Compartment on OCI
- Creating an Instance with existing Network
- Creating an Instance with Network
- Create Non Federated User
- Create user, group, dynamic group, attach users to group and policies
- Create Highly Scalable Cluster on OCI
- Create Load Balancer on OCI
- Dockers on OCI
- Author : Madhusudhan Rao
In this session we will create a Ubuntu Compute Instance with existing Networking
first grab public subnet OCID of existing Network
In this case VNC is already created by name tf-vnc and also its public subnet , we will attach this a new Ubuntu VM that we are going to create
Here we would need 3 files in a folder they are listed below
- provider.tf
- compute.tf
- output.tf
provider.tf
You can get these variable values from our previous exercise
# Provider.tf Configure the Oracle Cloud Infrastructure provider with an API Key provider "oci" { tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaaXXXXd6ahdouq" user_ocid = "ocid1.user.oc1..aaaaaaaa7XXXXXs4mca" private_key_path = "/Users/madhusudhanrao/.oci/aishu_rsa_private_key.pem" fingerprint = "61:44:10:29:7a:XX:YY:ZZ:b2:03:81:8c" region = "us-ashburn-1" }
compute.tf
Get Image OCID from https://docs.cloud.oracle.com/en-us/iaas/images/image/957e74db-0375-4918-b897-a8ce93753ad9/
#Compute.tf https://registry.terraform.io/providers/hashicorp/oci/latest/docs # Get a list of Availability Domains data "oci_identity_availability_domains" "ads" { compartment_id = "ocid1.tenancy.oc1..aaaaaaaa6vXXXXXjqpsdd6ahdouq" } # Output the result output "show-ads" { value = data.oci_identity_availability_domains.ads.availability_domains } resource "oci_core_instance" "ubuntu_instance" { # Required availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name #Compartment-15Nov that we created in previous exercise compartment_id = "ocid1.compartment.oc1..aXXXXXxkqukwwbzx5nuauaa" shape = "VM.Standard.E2.1" source_details { source_id = "ocid1.image.oc1.iad.aaaaaaaaffttreqvrrvnn5yj57jdqdcl4dhxuin543fb3debmbmgk7n4bf2a" source_type = "image" } # Optional - Public Subnet of VNC that has already been created. display_name = "Ubuntu15Nov" create_vnic_details { assign_public_ip = true subnet_id = "ocid1.subnet.oc1.iad.aaaaaaaaXXXXlwdwqmf4gh62a" } metadata = { ssh_authorized_keys = file("/Users/madhusudhanrao/.oci/ssh-key-name.pub") } preserve_boot_volume = false }
output.tf
# Outputs.tf Output the "list" of all availability domains. output "all-availability-domains-for-your-compartment" { value = data.oci_identity_availability_domains.ads.availability_domains[0] } # Output the "name" of the availability domain that will be used. output "The-first-availability-domain-with-the-following-name-is-used-for-the-compute-instance" { value = data.oci_identity_availability_domains.ads.availability_domains[0].name } #Outputs for compute instance output "public-ip-for-compute-instance" { value = oci_core_instance.ubuntu_instance.public_ip } output "instance-name" { value = oci_core_instance.ubuntu_instance.display_name } output "instance-OCID" { value = oci_core_instance.ubuntu_instance.id } output "instance-region" { value = oci_core_instance.ubuntu_instance.region } output "instance-shape" { value = oci_core_instance.ubuntu_instance.shape } output "instance-state" { value = oci_core_instance.ubuntu_instance.state } output "instance-OCPUs" { value = oci_core_instance.ubuntu_instance.shape_config[0].ocpus } output "instance-memory-in-GBs" { value = oci_core_instance.ubuntu_instance.shape_config[0].memory_in_gbs } output "time-created" { value = oci_core_instance.ubuntu_instance.time_created }
terraform init
madhusudhanrao@MadhuMac mytf-compartment % terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/oci... - Installing hashicorp/oci v4.3.0... - Installed hashicorp/oci v4.3.0 (signed by HashiCorp) The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, we recommend adding version constraints in a required_providers block in your configuration, with the constraint strings suggested below. * hashicorp/oci: version = "~> 4.3.0" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
terraform plan
madhusudhanrao@MadhuMac mytf-compute % terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. data.oci_identity_availability_domains.ads: Refreshing state... ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_core_instance.ubuntu_instance will be created + resource "oci_core_instance" "ubuntu_instance" { + availability_domain = "mKWN:US-ASHBURN-AD-1" + boot_volume_id = (known after apply) + compartment_id = "ocid1.compartment.oc1..aaaaaaaahbXXXXXkwwbzx5nuauaa" + dedicated_vm_host_id = (known after apply) + defined_tags = (known after apply) + display_name = "Ubuntu15Nov" + fault_domain = (known after apply) + freeform_tags = (known after apply) + hostname_label = (known after apply) + id = (known after apply) + image = (known after apply) + ipxe_script = (known after apply) + is_pv_encryption_in_transit_enabled = (known after apply) + launch_mode = (known after apply) + metadata = { + "ssh_authorized_keys" = <<~EOT ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAXXXXXA61QTtwT1SO2Cuxr /Users/madhusudhanrao/.oci/ssh-key-name EOT } + preserve_boot_volume = false + private_ip = (known after apply) + public_ip = (known after apply) + region = (known after apply) + shape = "VM.Standard.E2.1" + state = (known after apply) + subnet_id = (known after apply) + system_tags = (known after apply) + time_created = (known after apply) + time_maintenance_reboot_due = (known after apply) + agent_config { + is_management_disabled = (known after apply) + is_monitoring_disabled = (known after apply) } + availability_config { + recovery_action = (known after apply) } + create_vnic_details { + assign_public_ip = "true" + defined_tags = (known after apply) + display_name = (known after apply) + freeform_tags = (known after apply) + hostname_label = (known after apply) + private_ip = (known after apply) + skip_source_dest_check = (known after apply) + subnet_id = "ocid1.subnet.oc1.iad.aaaaaaaa5XXXXlwdwqmf4gh62a" + vlan_id = (known after apply) } + instance_options { + are_legacy_imds_endpoints_disabled = (known after apply) } + launch_options { + boot_volume_type = (known after apply) + firmware = (known after apply) + is_consistent_volume_naming_enabled = (known after apply) + is_pv_encryption_in_transit_enabled = (known after apply) + network_type = (known after apply) + remote_data_volume_type = (known after apply) } + shape_config { + gpu_description = (known after apply) + gpus = (known after apply) + local_disk_description = (known after apply) + local_disks = (known after apply) + local_disks_total_size_in_gbs = (known after apply) + max_vnic_attachments = (known after apply) + memory_in_gbs = (known after apply) + networking_bandwidth_in_gbps = (known after apply) + ocpus = (known after apply) + processor_description = (known after apply) } + source_details { + boot_volume_size_in_gbs = (known after apply) + kms_key_id = (known after apply) + source_id = "ocid1.image.oc1.iad.aaaaaaaaffttreqvrrvnn5yj57jdqdcl4dhxuin543fb3debmbmgk7n4bf2a" + source_type = "image" } } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
terraform apply
madhusudhanrao@MadhuMac mytf-compute % terraform apply data.oci_identity_availability_domains.ads: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # oci_core_instance.ubuntu_instance will be created + resource "oci_core_instance" "ubuntu_instance" { + availability_domain = "mKWN:US-ASHBURN-AD-1" + boot_volume_id = (known after apply) + compartment_id = "ocid1.compartment.oc1..aaaaaaXXXX5nuauaa" + dedicated_vm_host_id = (known after apply) + defined_tags = (known after apply) + display_name = "Ubuntu15Nov" + fault_domain = (known after apply) + freeform_tags = (known after apply) + hostname_label = (known after apply) + id = (known after apply) + image = (known after apply) + ipxe_script = (known after apply) + is_pv_encryption_in_transit_enabled = (known after apply) + launch_mode = (known after apply) + metadata = { + "ssh_authorized_keys" = <<~EOT ssh-rsa AAAAB3NzaC1yc2EXXXX1QTtwT1SO2Cuxr /Users/madhusudhanrao/.oci/ssh-key-name EOT } + preserve_boot_volume = false + private_ip = (known after apply) + public_ip = (known after apply) + region = (known after apply) + shape = "VM.Standard.E2.1" + state = (known after apply) + subnet_id = (known after apply) + system_tags = (known after apply) + time_created = (known after apply) + time_maintenance_reboot_due = (known after apply) + agent_config { + is_management_disabled = (known after apply) + is_monitoring_disabled = (known after apply) } + availability_config { + recovery_action = (known after apply) } + create_vnic_details { + assign_public_ip = "true" + defined_tags = (known after apply) + display_name = (known after apply) + freeform_tags = (known after apply) + hostname_label = (known after apply) + private_ip = (known after apply) + skip_source_dest_check = (known after apply) + subnet_id = "ocid1.subnet.oc1.iad.aaaaaaaaXXXXXdwqmf4gh62a" + vlan_id = (known after apply) } + instance_options { + are_legacy_imds_endpoints_disabled = (known after apply) } + launch_options { + boot_volume_type = (known after apply) + firmware = (known after apply) + is_consistent_volume_naming_enabled = (known after apply) + is_pv_encryption_in_transit_enabled = (known after apply) + network_type = (known after apply) + remote_data_volume_type = (known after apply) } + shape_config { + gpu_description = (known after apply) + gpus = (known after apply) + local_disk_description = (known after apply) + local_disks = (known after apply) + local_disks_total_size_in_gbs = (known after apply) + max_vnic_attachments = (known after apply) + memory_in_gbs = (known after apply) + networking_bandwidth_in_gbps = (known after apply) + ocpus = (known after apply) + processor_description = (known after apply) } + source_details { + boot_volume_size_in_gbs = (known after apply) + kms_key_id = (known after apply) + source_id = "ocid1.image.oc1.iad.aaaaaaaaffttreqvrrvnn5yj57jdqdcl4dhxuin543fb3debmbmgk7n4bf2a" + source_type = "image" } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes oci_core_instance.ubuntu_instance: Creating... oci_core_instance.ubuntu_instance: Still creating... [10s elapsed] oci_core_instance.ubuntu_instance: Still creating... [20s elapsed] oci_core_instance.ubuntu_instance: Still creating... [30s elapsed] oci_core_instance.ubuntu_instance: Still creating... [40s elapsed] oci_core_instance.ubuntu_instance: Still creating... [50s elapsed] oci_core_instance.ubuntu_instance: Creation complete after 52s [id=ocid1.instance.oc1.iad.anuwcljtfvlXXXz74v53b5fakncdta] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: The-first-availability-domain-with-the-following-name-is-used-for-the-compute-instance = mKWN:US-ASHBURN-AD-1 all-availability-domains-for-your-compartment = { "compartment_id" = "ocid1.tenancy.oc1..aaaaaaaa6vfq4XXXpsdd6ahdouq" "id" = "ocid1.availabilitydomain.oc1..aaaaaaaatrXXXXXfhcb7mxsfdq" "name" = "mKWN:US-ASHBURN-AD-1" } instance-OCID = ocid1.instance.oc1.iad.anuwcljtfvlXXXXXfakncdta instance-OCPUs = 1 instance-memory-in-GBs = 8 instance-name = Ubuntu15Nov instance-region = iad instance-shape = VM.Standard.E2.1 instance-state = RUNNING public-ip-for-compute-instance = 150.136.83.135 show-ads = [ { "compartment_id" = "ocid1.tenancy.oc1..aaaaaaaa6vfq4yi7ogXXXXd6ahdouq" "id" = "ocid1.availabilitydomain.oc1..aaaaaaaatrwxaoYYYYYfhcb7mxsfdq" "name" = "mKWN:US-ASHBURN-AD-1" }, { "compartment_id" = "ocid1.tenancy.oc1..aaaaaaaa6vfq4yXXXdd6ahdouq" "id" = "ocid1.availabilitydomain.oc1..aaaaaaaaztuYYYxjjl2n3a" "name" = "mKWN:US-ASHBURN-AD-2" }, { "compartment_id" = "ocid1.tenancy.oc1..aaaaaaaa6XXXX5vjqpsdd6ahdouq" "id" = "ocid1.availabilitydomain.oc1..aaaaaaaauvXXXXXohta" "name" = "mKWN:US-ASHBURN-AD-3" }, ] time-created = 2020-11-15 07:34:19.457 +0000 UTC
Reality Check
login to cloud console https://console.us-ashburn-1.oraclecloud.com/ and you should be able to see your newly created Ubuntu Instance attached with existing VNC