infrastructure as code with oracle linux & terraform running on … · 2019-03-08 · terraform...

Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|

InfrastructureasCodewithOracleLinux&TerraformRunningonOraclePublic&PrivateCloudUKOUGMidlandsSummitSimonHaylerTechnical ProductManager

28thFebruary 2019


SafeHarborStatementThefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.

2

Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.| 3

OracleLinuxforOracleCloudInfrastructure

• AccesstofrequentandlatestOracleLinuximageupdates

• FasterdownloadsfrommirroredOracleContainerRegistryandOLyumserverwithinOCI

• Zero-downtimeOSkernelanduserspaceupdateswithKsplice pre-installedinOCI

• Comprehensivecontainersandcontainermanagementsupport

• OracleLinuxStorageApplianceoffersaneasywaytobuildNFSandSambasharedstorageinOCI

• OracleLinuxSupportisprovidedatnoadditionalcostonOCI

• Takeadvantageofits24x7best-in-classsupportservicesandtools

• NoneedtobudgetforOSsupportfeesonOCI

• UseOracleLinuxaspartofafullyandextensivelytestedcloudinfrastructurestack

EnhancedDeveloperPlatformCloud-Ready, Integrated CostEffective Compute

• OracleClouddevelopertoolssuchasTerraform,SDK's,andCLIaredeployedfasterandeasiervialocalyumserver

• EasyaccesstoLinuxdeveloperandpreviewsoftwarechannelsinlocalOLyumserver

• ThousandsofEPELpackagesbuiltandsignedbyOracleforsecurityandcompliance

• SoftwareCollectionLibrarysupportincludedtoinstallrecentversionsofPython,PHP,NodeJS,nginx,andmore


InfrastructureasCode(IAC)• IACis theprocess ofprovisioning andmanaging infrastructureusing declarative files– Insummary managing infrastructurewith software

• Terraform is awidely used open-sourcetool forIACbyHashicorp

• Terraform is compatiblewith many CloudprovidersorCloudsolutionsthrough providers:– Integratedproviders(70+)• Noninstallationneeded,automatically downloaded byTerraform when needed.• https://www.terraform.io/docs/providers• Examples:– oci :OracleCloudInfrastructure(OCI)– opc :OracleCloudInfrastucture Classic (OPC)– oraclepaas:OracleCloudPlatform(OraclePaaS with OCI)

– Non-integrated providers• Manual installationneeded

4


Installing/upgrading Terraform• Terraform andintegrated providersavailable forallmajoroperatingenvironments:– Linux(x86&ARM)– FreeBSD(x86&ARM)– OpenBSD (x86)– Windows(x86)– MacOSX(x86)– Solaris(x86)

• Installation– Download theterraform binary foryour OS

– Integratedprovidersautomatically downloaded/installed when needed

– Non-integrated providers:manual download ofthebinary providerneeded

• Frequent updatesadvised (On19thFebruary 2019,thecurrent versionofTerraform is 0.11.11)

• Easy onOracleLinux7(ol7_developeronpublicyum,ol7_x86_64_developeronULN)– # yum install terraform (Installation)– # yum upgrade terraform (Upgrade)

5


Getting started with Terraform• See https://www.terraform.io/intro/getting-started/build.html

• Foraspecific project,create oneormoreTerraform configurationfiles(.tf files)inthesame folder

• Options:– AtleastoneProvider: oci,opc,oraclepaas– Resources: Cloudobjects that you want toprovisionwith required /optional parameters

– Datasources:Toobtain parameters needed tocreate resources

– Variables: Forexample your credentials toavoid hardcoding them inyour configurationfiles

– Outputs:Optional,example:todisplaythepublicIPassigned byOCI

6


Terraform commands• terraform init– Before initialuseorafter upgrade

• terraform plan

• terraform apply

• terraform apply –-auto-approve

• terraform destroy

• terraform destroy -force

7


• Variablesmustbe defined ina.tf file

valuescan be assigned duringdefinition with « default= »

• Inputvariablesfrom commandline

• Inputvariablesfrom oneormorefiles– Defaultfilename is terraform.tfvars

– Ifnotdefaultname,just give thename(s)offile(s)

• Inputvariablesinteractively– Ifcertainvariablesareunspecifiedwithpreviouslymethods,

Terraformwillaskyoutoinputtheirvaluesinteractively

• Variablescan be used anywhere in.tf files

• Inputvariablesfrom environment variables(TF_VAR_name)

$ export TF_VAR_access_key="xxxxxxxx"

$ export TF_VAR_secret_key="xxxxxxxx"

Variables See https://www.terraform.io/intro/getting-started/variables.html

8


• Outputsareoptional butuseful todisplayrelevantinformation– publicIPrandomly assigned (AWS,OCI,OCI-C)

– Temporary password forWindowsinstancesinOCI

• Outputsaredisplayed attheendof« terraformapply »orwith « terraform output »

• Outputscan be used tofacilitate SSHtoLinuxinstances

Outputs See https://www.terraform.io/intro/getting-started/outputs.html

9


• Useful toautomatically get objects names orIDs thatareneeded tocreate resources– Alternativeis tohard-codenames/IDs

• Examples ofdatasourceswithin OCI

• Examples ofdatasourcesdefinitions inOCI– GetthelistofAvailabilityDomains(namedifferentineachtenant)

– Get theIDofthelatest imageforOracleLinux7• Filter used toexclude GPU

Datasources

10


Post-provisioning actionsoncompute instances• Examples– Apply thelatest OSpatches(yum update -y onOracleLinux)

– Create users

– Install&configuresoftwareproducts

• Methods– Cloud-init– Remote exec with ssh– Using aconfigurationtool such asAnsible,Puppet orChef

• Recommended forcomplex post-install actions

11


Terraform forOCI• Terraform is therecommended provisioning tool forOCI:– Asnewfeatures arefrequently added toOCI,Terraform provider

forOCIis frequently updated (On25thFebruary,2019versionis3.15)

• Before you can useTerraform with OCI,you need tocreate anAPIKey– Also true forOCICLIandOCISDKs.

– Create akeypair

– Upload thepublickeyinOCIWebConsoleforyour user– Usetheprivate keyinyour Terraform configurationfiles

• Usetherequired parameters intheprovidersectionina.tf file

12


Terraform forOCI• AllOCIobjects can be created byTerraform(1)

– Identity &AccessManagement(IAM):Users,groups,Policies,Compartments– VirtualCloudNetwork(VCN)andrelated networkobjects• Subnets,RouteTables,Securitylists,InternetGW,DRG,IPsec connection,Load Balancers…

– Compute instancesandcustomimages– Blockvolumesandblockvolumebackups– ObjectStorage– FileSystemStorage– Database systems andrelated objects (instances)– Autonomous TransactionProcessing– Autonomous DataWarehouse

13

(1) Except maybe some very newOCIfeatures (need towait foranewversionofTerraform ProviderforOCI)


Terraform forOCIexample• Simpleexample:

– Create aVirtualCloudNetwork(VCN)with asinglepublicsubnet

– Create anOracleLinux7.5compute instancefrom themost recent image

– Create ablockvolumeandattach it tothecompute instance

• Configurationfiles– terraform.tfvars :variablesvalues(tobe updated)

– 01_auth.tf :providerauthentication andvariabledefinitions

– 02_vcn.tf :VirtualCloudNetworkandrelated networkobjects

– 03_instance_ol7.tf :compute instance

– 04_block_volume.tf.DISABLED :blockvolume(initially disabled)

– userdata_bootstrap_ol7.sh :Cloud-initpostinstall shell script

• Execute Terraform commands– $ terraform init (Initialize Terraform,downloading OCIprovider)

– $ terraform plan (DisplaytheOCIobjects that will be created,modified ordestroyed)

– $ terraform apply (Create,Modify orDestroyOCIobjects)

14


Terraform forOCIsimpleexample

15


Terraform forOCImorecomplex example

16


Terraform forPrivate Cloudwith OracleOpenStack

17


Terraform with OracleLinuxandOracleOpenStackCommunity Documents

18

• https://community.oracle.com/docs/DOC-1019936• https://community.oracle.com/docs/DOC-1022601