OCI,Terraform & IaC : Coding myself out of a job

13 Feb OCI,Terraform & IaC : Coding myself out of a job

I haven’t written a blog in a while, and I feel that I have made a couple of mistakes lately that could have easily been avoided if I had done my tasks as IaC ( Infrastructure as Code). So I will start a series of IaC and Terraform. I know there are many blogs about this, but hope you find this helpful.

I will start with an Oracle Linux 8 VM that I created in OCI to work with. I won’t go into how I set that up, but I am using the always free version.

[root@oracle-rene-cloud-ace ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.9 (Ootpa)

I installed the following in the VM 

• yum-utils
• terraform
• oraclelinux-developer-release-el8
• python36-oci-cli
• oracle-database-preinstall-19c (only because I was lazy and I wanted the Oracle user in this VM)

[root@oracle-rene-cloud-ace ~]# yum update
Last metadata expiration check: 0:05:35 ago on Tue 13 Feb 2024 01:55:37 PM GMT.
...
[root@oracle-rene-cloud-ace ~]# yum install yum-utils -y
Last metadata expiration check: 2:51:59 ago on Tue 13 Feb 2024 02:01:55 PM GMT.
...
[root@oracle-rene-cloud-ace ~]# yum install terraform -y
Last metadata expiration check: 1:08:28 ago on Tue 13 Feb 2024 03:55:37 PM GMT.
...
[root@oracle-rene-cloud-ace ~]# dnf install -y oracle-database-preinstall-19c
Last metadata expiration check: 0:11:39 ago on Tue 13 Feb 2024 05:51:03 PM GMT
...
[root@oracle-rene-cloud-ace ~]$ dnf install -y python36-oci-cli
Last metadata expiration check: 2:48:55 ago on Tue 13 Feb 2024 06:51:03 PM GMT.
...

Once I did this, I setup OCI CLI and my config file as per this blog post. After I configured everything, I tested my environment was working and queried the region and availability domain,as I needed that information for my terraform variables.

[opc@oracle-rene-cloud-ace ~]$ oci setup repair-file-permissions --file /home/opc/.oci/config
[opc@oracle-rene-cloud-ace ~]$ oci iam region list --output table
+-----+-------------------+
| key | name              |
+-----+-------------------+
| AMS | eu-amsterdam-1    |
| ARN | eu-stockholm-1    |
| AUH | me-abudhabi-1     |
| BOG | sa-bogota-1       |
| BOM | ap-mumbai-1       |
...
| YYZ | ca-toronto-1      |
| ZRH | eu-zurich-1       |
+-----+-------------------+

[opc@oracle-rene-cloud-ace ~]$ oci iam availability-domain list --query "data[*].{Name:\"name\"}" --output table
+------------------------+
| Name                   |
+------------------------+
| LVfX:CA-TORONTO-1-AD-1 |
+------------------------+

Terraform Primer

What it is

• Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently
  • Manage infrastructure — from physical and virtual servers to email and DNS providers
• Infrastructure as code
  • Infrastructure is described using a high-level syntax.
• Terraform is used on AWS/GCP/OCI to provision infrastructure like Databases/VPC, Subnets, Security Groups and Instances.

How does it work?

• A .tf config file allows to describe the infrastructure in simple domain-specific language (DSL)
• terraform CLI creates, changes, and destroys these resources accordingly
• Terraform is comprised of Terraform Core and Terraform Plugins.
  • A provider in Terraform is responsible for the lifecycle of a resource: create, read, update, delete
• Terraform is comprised of Terraform Core and Terraform Plugins.
  • • Terraform Core reads the configuration and builds the resource dependency graph.
    • Terraform Plugins (providers and provisioners) bridge Terraform Core and their respective target APIs. Terraform provider plugins implement resources via basic CRUD (create, read, update, and delete) APIs to communicate with third party services.
      • A provider in Terraform is responsible for the lifecycle of a resource: create, read, update, delete
      • Upon terraform plan or terraform apply, Terraform Core asks the Terraform provider to perform an action via a RPC (Remote Procedure Call) interface

Resources

• Declare .tf file resources via HCL (HashiCorp Configuration Language)
• The most important thing you will configure with Terraform are resources.
  e.g.

Working with variables

• Terraform loads all files ending in .tf in a directory
• If a default value is set, the variable is optional.
  • Otherwise, the variable is required, so Terraform will prompt you for the values for unset string variables during run time.
• Terraform will also read environment variables in the form of TF_VAR_name
  • e.g.
    • export TF_VAR_region=”ca-toronto-1″

Basic CLI usage

• terraform init prepares the Terraform working directory by installing all the necessary provider plugins, downloading modules and store state in backend configuration.
• terraform plan to view the execution plan
• terraform apply to execute the plan
• terraform destroy to destroy infrastructure

tfstate

• • Terraform saves record of infrastructure state in JSON format
  • current state lives in terraform.tfstate
    • sensitive data in tfstate
  • backup of previous state lives in terraform.tfstate.backup

Conclusion

We went over the basics of terraform and how to initialize our environment so that we can start to work with Terraform and OCI. In the next blog posts I will go into how to do basic IaC for an IAM Policy and a compartment, and we will grow it from there.