Mastering Terraform and the Provider for OCI
1 like346 views
The document outlines a workshop on mastering Terraform with the OCI provider, covering topics such as Terraform fundamentals, coding practices, and a resource overview for OCI. It emphasizes the importance of self-service operations, state management, dynamic groups, and best practices for managing infrastructure through code. The summary concludes that Terraform is easy to learn and efficient, making it a valuable tool for leveraging OCI infrastructure.
![dynamicgroups and OCI_CLI_AUTH (06-demo)
● Deploy a dynamic group and its policy
● Access the remote instance from SSH
● Use the metadata API to figure out the compartment
● Use the OCI CLI without any credentials
Checkout 06-dynamicgroups.md
export OCI_CLI_AUTH=instance_principal
oci os bucket list --compartment-id=$COMPARTMENT
--query='data[].{bucket: name}' --output=table](https://image.slidesharecdn.com/masteringterraformandtheproviderforoci-180722080815/85/Mastering-Terraform-and-the-Provider-for-OCI-23-320.jpg)
![Use other providers (07-demo)
● There are a lot of useful providers, including random, null,
http, external, template or terraform_remote, for instance:
● You can use many more: kubernetes, consul, vault...
Checkout 07-other-providers.md
data "external" "version" {
program = ["${path.module}/version.sh"]
query = {
workspace = "${terraform.workspace}"
}
}
output "oci-workshop" {
value = "${lookup(data.external.version.result, "oci-workshop")}"
}
#OracleCode AND @gregoryguillou](https://image.slidesharecdn.com/masteringterraformandtheproviderforoci-180722080815/85/Mastering-Terraform-and-the-Provider-for-OCI-24-320.jpg)
Mastering Terraform and the Provider for OCI
- 1. Mastering Terraform and the OCI provider #OracleCode AND @gregoryguillou
- 2. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 3. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 4. @gregoryguillou gregoryguillou Ops with an angle #OracleCode AND @gregoryguillou
- 6. ● Self-service and Chatops ● Elasticity: Training, dev, test ● International deployment ● Ability to invest to add value ● Time to Market ● Impact on all our teams ● Number of environments ● Mission critical “Ops”
- 7. Why Ops also live for the code? ● We need monitoring, CI/CD, AB testing, DRP ● We need to move faster and faster ● People should not need us! ● Let’s stop building from the ground ● Focus on products and businesses, not infrastructure ● Ops are deadly alive! #OracleCode AND @gregoryguillou
- 8. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 10. Terraform Key concepts - https://terraform.io ● Infrastructure as Code ● A go application ● HCL/JSON with an inference syntax ● Immutable Infrastructure ● State management ● Dozens of providers, including OCI ● GIT and Registry ● Open-source and enterprise versions
- 11. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 13. Should I explain OCI ?
- 14. Installing Terraform for OCI (master) ● Download the software from terraform.io ● Install terraform OCI provider ● Install the OCI Command Line Interface ● Create a RSA key and register it in your API Keys ● Defines your OCI CLI configuration ● Create a provider.tf file and set the associated variables ● Initialize the project with the `init` command ● Define resources and `apply` them
- 15. OCI Terraform resource overview ● Core: Images, Instances, Volumes, VCN, Security List, Subnets... ● Database ● DNS: Records, Zones ● File Storage ● Identity: Keys, Groups, Policies, Users ● Load Balancer ● Object Storage Checkout the documentation
- 16. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 17. A few coding good practices ● Create a specific compartment (master) ● Manage your state on a bucket (02-demo) ● Variables, inferences and dependencies (03-demo) ● Modules (04-demo) ● Packer (05-demo) ● dynamicgroups and OCI_CLI_AUTH (06-demo) ● Use other providers (07-demo) ● An easy (and bad) way to manage secrets (08-demo)
- 18. Create a specific compartment (master) ● Use OCI CLI to create a compartment ● Add it to the .env file and with variables Checkout 01-install.md oci iam compartment create --compartment-id="${TF_VAR_tenancy}" --name="DevTeam" --description="A compartiment to be used by developers" --wait-for-state=ACTIVE --max-wait-seconds=300 --wait-interval-seconds 5
- 19. Manage your state on a bucket (02-demo) ● Create a bucket ● Upload the current state as an object in that bucket ● Create a pre-authenticated request for that object ● Test you can access the file from the request ● Add a backend.tf file that reference the preauth request ● Re-initialize terraform with the backend ● Verify you can access the remote state Checkout 02-remote-state.md
- 20. Variables, inferences and dependencies (03-demo) ● Add access to the `compartment` variable ● Create a variable with a default value ● Infer variable value from another variable with `lookup` ● Create a VCN, DCHP Options and an Internet Gateway ● Create multiple resource and inferences with `count` Checkout 03-inferences.md
- 21. Modules (04-demo) ● Create a directory to move the resource for your module ● Remove the resource from your original stack ● Create variable and output to encapsulate your logic ● Use `terraform init` to reference the new module Checkout 04-modules.md module "livecode" { tenancy = "${var.tenancy}" compartment = "${var.compartment}" source = "github.com/gregoryguillou/oci-workshop?ref=04-demo//modules/public-network" }
- 22. Packer (05-demo) ● Installing Packer ● Finding the latest Oracle Linux Image ● Subnet and Compartment ● Building an OCI image with Packer Checkout 05-packer.md packer build -var "subnet=$SUBNET" -var "compartment=$TF_VAR_compartment" template.json
- 23. dynamicgroups and OCI_CLI_AUTH (06-demo) ● Deploy a dynamic group and its policy ● Access the remote instance from SSH ● Use the metadata API to figure out the compartment ● Use the OCI CLI without any credentials Checkout 06-dynamicgroups.md export OCI_CLI_AUTH=instance_principal oci os bucket list --compartment-id=$COMPARTMENT --query='data[].{bucket: name}' --output=table
- 24. Use other providers (07-demo) ● There are a lot of useful providers, including random, null, http, external, template or terraform_remote, for instance: ● You can use many more: kubernetes, consul, vault... Checkout 07-other-providers.md data "external" "version" { program = ["${path.module}/version.sh"] query = { workspace = "${terraform.workspace}" } } output "oci-workshop" { value = "${lookup(data.external.version.result, "oci-workshop")}" } #OracleCode AND @gregoryguillou
- 25. An easy and bad way to manage secrets (08-demo) ● Rely on Hashicorp Vault for a best configuration: ○ Automatic password rotation ○ Access token expiration ○ Emergency process ● An easy way to manage secrets is to store them in a bucket: ○ Easy to push/pull new values ○ Dynamic Groups make it easy to get back from an instance Checkout 08-secrets.md
- 26. Destroy your stack (08-demo) Checkout 08-secrets.md oci os object delete --bucket-name=ftclnpb3wrytejru.resetlogs.com --name=/configuration/secret/secret.json --force terraform destroy … ● Destroy the stack as part of the last part:
- 27. Random thoughts ● KISS and DRY ○ Use as few external tools as possible ○ Avoid provisioners and null_resource ● Add +1 to tag support for Terraform OCI provider #400 ● Add +1 to support the container registry and OKE ● Don’t use terraform for Windows ● Rely on LetsEncrypt/DNS to generate SSL certificates ● Use Kubernetes (OKE) and a CI/CD for your application ● Implement Chatops and self-service
- 28. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
- 29. Summary ● Terraform is easy to use, quick to learn and popular ● OCI is a powerful and fast infrastructure ● The terraform-provider-oci leverage both OCI and TF ● The workshop explores many aspects: configuration, compartment, state, inference, modules, templates, dynamic groups, providers… ● Try the oci-workshop, provide feedback and open issues ● OCI gets more advanced tools like DCS, OKE
- 30. gregoryguillou/terraform-api gregoryguillou/hubot-terraform Another demo: terraform from slack...
- 31. Thank you !!! We are hiring...