terraform and oracle cloud - aioug.org of terraform with... · title: how to use the powerpoint...

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Terraform and Oracle Cloud

Umesh TannaPrincipal Technology Sales ConsultantSales Consulting Centers(SCC)-Solution ServicesOracle India Pvt Ltd, Bangalore

Infrastructure-as-Code

https://twitter.com/umesh_tanna

https://www.linkedin.com/in/umesh-tanna-4311427

https://twitter.com/umesh_tanna

https://www.linkedin.com/in/umesh-tanna-4311427


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2


Infrastructure as Code (IaC)

Infrastructure as code (IaC) refers to the process of provisioning and managing (provisioning, updating and destroying) data centers through machine-readable definition files, as opposed to interactive configuration tools, or even physical hardware configuration


Infrastructure as Code (IaC)

•Agile

•Consistent

•Repeatable

•Extensible

•Standardization

•Scale

•Version control

•Peer review

•Automated testing

•Release management

•Documentation


TerraformOCI and OCI(Classic), Example is OCI

5


Terraform – built by HashiCorp


Terraform – What it is?

• A tool for building, changing, and versioning infrastructure

• Manage major cloud service providers.

• Configuration files are used to describe resources to Terraform.

• Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build it

• As the configuration changes, Terraform is able to determine what changed and create incremental execution plans


Terraform for Oracle Cloud Platform and Infrastructure


Terraform For Oracle Cloud Infrastructure Classic – Built-in

The Identity Domain name (for Traditional accounts)

Service Instance ID (for IDCS accounts) of the env


Terraform For Oracle Cloud Platform(PaaS) – Built-in

The Identity Domain name (for Traditional accounts)

Identity Service ID (for IDCS accounts) of the env


Terraform For Oracle Cloud Infrastructure – Plug-in

https://github.com/oracle/terraform-provider-oci/


Terraform For Oracle Public Cloud – Also available as RPM

http://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64/index.html


Getting Started with Terraform (OCI)• Download

– binary, apt, yum, choco, brew

• Create a .tf file in a workspace

• hw.tf

• output "hw" {

• value = "test” }

• $ terraform apply

• Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

• Outputs:

• hw = test

• Providers… ->

./├── terraform├── terraform-provider-atlas├── terraform-provider-aws├── terraform-provider-azure├── terraform-provider-azurerm├── terraform-provider-chef├── terraform-provider-cloudflare├── terraform-provider-cloudstack├── terraform-provider-consul├── terraform-provider-digitalocean

├── terraform-provider-OCI

alicloud archive arukas atlas aws azure azurerm bitbucket chef circonus clc cloudflare cloudstack cobbler consul datadog digitalocean dme dns dnsimple docker dyn external fastly github gitlab google grafana heroku http icinga2 ignition influxdb kubernetes librato local logentries mailgun mysql newrelic nomad ns1 oneandone opc openstackopsgenie packet pagerduty postgresql powerdns profitbricks rabbitmq rancher random rundeck scaleway softlayerspotinst statuscake template terraform tls triton ultradns vault vcd vsphere


HCL – Basic Terraform .tf Format.

Terraform configuration is written into files named .tf files.

It is based on the HashiCorp Configuration Language (HCL) https://github.com/hashicorp/hcl

JSON is supported for code generation purposes.

Most of the configuration takes the form:

keyword1 "some_name" {key = "value"nested {

key = "value' }

}

https://github.com/hashicorp/hcl


Terraform – Providers.

First thing to do is to use a provider

Providers abstract the APIs from any given third party in order to create infrastructure. Example:

The OCI provider enables Terraform to create, manage and destroy resources in your tenancy on OCI.

Tenancy is the OCID of the tenant. User OCID is the users identifier. Fingerprint is the md5 fingerprint of the private key being used to access the API, and private key path is where the API PEM private key is stored.


Terraform – ResourcesResourcesOnce a provider is configured we can start using that providers resources.

With the OCI provider, we can start creating instances, block and object storage, networks, etc.

The following example starts an instance:


Terraform – Planning Phase

Terraform Init

Terraform plan

Terraform apply

Terraform plan

destroy

Terraform destroy

For Initial Setup Only

Initialize a working directory- For ex. plugin search/install

• On Windows, in the sub-path terraform.d/plugins beneath your user's "Application Data" directory.• On all other systems, in the sub-path .terraform.d/plugins in your user's home directory

Demo/PoC/Trial/Learning may use this frequently. Production setup may not use that frequently.


Terraform – Planning Phase

Once we have put together a configuration to try we can dry-run test this with the planning phase.

"terraform plan" will take the configuration and give a detailed report on which resources will be created, deleted or modified plus identify what dependent resources are effected by these changes.

terraform plan -out=plan1

Saving the plan is useful to ensure that all the steps in the plan were actually applied.


Terraform – Apply

Once the plan looks good we can go and apply the configuration.

$ terraform apply

There is also an option to use saved plans for an apply operation.

$ terraform apply plan1

Plan and apply can also target particular resource(s) using the -target flag.

Plans that are too old will be detected, they are created against a given version of the terraform.tfstate file.


Terraform - Destroy When infrastructure needs to be retired, destroying it and all of its dependencies is straightforward with

$ terraform destroy

Terraform destroy will ask for permission , requiring an explicit “yes” as input.

$ terraform plan -destroyShows what will be destroyed without actually doing it.


Terraform – Resource Graph - Visualization• Terraform builds dependency graphs for

planning state management and more.

• $ terraform graph | dot -Tpng > tgraph1.png

Online Tool to make graphhttp://webgraphviz.com/

Linux would requiredgraphviz packages


Terraform – Local and Remote Exec

Templates files Rendered files

Machine running terraform and where terraform configurations files are

Machine provisioned by terraform

InterpolationAnd other terraform construct


Provisioners

Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc.

Provisioners are added directly to any resource

For provisioners other than local execution, you must specify connection settings so Terraform knows how to communicate with the resource.

– Remote Exec

• The remote-exec provisioner invokes a script on a remote resource after it is created

– File

• The file provisioner is used to copy files or directories from the machine executing Terraform to the newly created resource

– Null resource

• The null_resource is a resource that allows you to configure provisioners that are not directly associated with a single existing resource

https://www.terraform.io/docs/provisioners/index.html

https://www.terraform.io/docs/provisioners/index.html


Data Sources

Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to build on information defined outside of Terraform, or defined by another separate Terraform configuration.

Providers(Oracle in our case) are responsible in Terraform for defining and implementing data sources.

Whereas a resource causes Terraform to create and manage a new infrastructure component, data sources present read-only views into pre-existing data, or they compute new values on the fly within Terraform itself.

Go to https://github.com/oracle/terraform-provider-oci

Then navigate to Docs -> Core -> instance.md -> Scroll all the way down ->Observe last section

oci_core_instances ->Instance DataSource

Another ex.

https://github.com/oracle/terraform-provider-oci/blob/master/docs/identity/availability_domains.md

https://www.terraform.io/docs/configuration/data-sources.html

https://github.com/oracle/terraform-provider-oci

https://github.com/oracle/terraform-provider-oci/blob/master/docs/identity/availability_domains.md

https://www.terraform.io/docs/configuration/data-sources.html


Template Files

The template provider exposes data sources to use templates to generate strings for other Terraform resources or outputs.

– template_file• Renders a template from a file.

– template_dir• Renders a directory containing templates into a separate directory of corresponding rendered files.

https://www.terraform.io/docs/providers/template/d/file.html

https://www.terraform.io/docs/providers/template/d/file.html


Interpolation

Embedded within strings in Terraform, whether you're using the Terraform syntax or JSON syntax, you can interpolate other values. These interpolations are wrapped in ${}, such as ${var.foo}.

The interpolation syntax is powerful and allows you to reference variables, attributes of resources, call functions, etc.

You can perform simple math in interpolations, allowing you to write expressions such as ${count.index + 1}. And you can also use conditionals to determine a value based on some logic.

You can escape interpolation with double dollar signs: $${foo} will be rendered as a literal ${foo}.

– User string variables

– User map variables

– User list variables

– :

– :

https://www.terraform.io/docs/configuration/interpolation.html

https://www.terraform.io/docs/configuration/interpolation.html#math

https://www.terraform.io/docs/configuration/interpolation.html#conditionals

https://www.terraform.io/docs/configuration/interpolation.html


State

Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.

This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment.

Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure

https://medium.com/oracledevs/storing-terraform-remote-state-to-oracle-cloud-infrastructure-object-storage-b32fe7402781

https://www.terraform.io/docs/state/index.html

https://medium.com/oracledevs/storing-terraform-remote-state-to-oracle-cloud-infrastructure-object-storage-b32fe7402781

https://www.terraform.io/docs/state/index.html


Local-exec

The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.

https://www.terraform.io/docs/provisioners/local-exec.html

https://medium.com/@scrossoracle/using-terraform-with-oracle-paas-service-manager-psm-d21f2ddbae3f

https://www.terraform.io/docs/provisioners/local-exec.html

https://medium.com/@scrossoracle/using-terraform-with-oracle-paas-service-manager-psm-d21f2ddbae3f


Modules

Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group. Modules are used to create reusable components in Terraform as well as for basic code organization

Root module That is the current working directory when you run terraform apply or get, holding the Terraform configuration files. It is itself a valid module.

https://www.terraform.io/docs/modules/index.html

https://www.terraform.io/docs/modules/index.html


Meta Parameters

There are certain meta-parameters available to all resources:

For ex.

count (int) - The number of identical resources to create. This doesn't apply to all resources

https://www.terraform.io/docs/configuration/resources.html



Terraform In Oracle Developer Cloud Service




Terraform Refresh

Terraform refresh attempts to find any resources held in the state file and update with any drift that has happened in the provider outside of Terraform since it was last ran.

For example, lets say your state file contains 3 instances with instance ids of ocid1, ocid2, ocid3 and then you delete ocid2 outside of Terraform. After running terraform refresh, a plan would show that it needs to create the second instance while a destroy plan would show that it only needs to destroy the first and third instances (and not fail to destroy the missing second instance).

Terraform makes a very specific decision to not interfere with things that aren't being managed by Terraform. That means if the resource doesn't exist in its state file then it absolutely will not touch it in any way. This enables you to run Terraform alongside other tools as well as making manual changes in the AWS console. It also means that you can run Terraform in different contexts simply by providing a different state file to use, allowing you to split your infrastructure up into multiple state files and save yourself from catastrophic state file corruption.

https://www.terraform.io/docs/commands/refresh.html

https://www.terraform.io/docs/commands/refresh.html


Terraform Kubernetes InstallerOCI

34


Open Source Terraform Template For K8S In OCI

https://github.com/oracle/terraform-kubernetes-installer/

• Customizable• Highly Available

Deployment• OCI LB integration

(CCM)• OCI BV integration

(Flex Volume Driver)


Terraform Resources

36

https://www.terraform.iohttps://github.com/oracle/terraform-provider-ocihttp://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64/index.htmlhttps://github.com/oracle/terraform-exampleshttps://github.com/oracle/terraform-kubernetes-installerhttps://github.com/oracle/terraform-ceph-installerhttps://github.com/oracle/terraform-oci-cf-install

Terraform mailing list (Beehive)[email protected]



http://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64/index.html

https://github.com/oracle/terraform-examples

https://github.com/oracle/terraform-kubernetes-installer

https://github.com/oracle/terraform-ceph-installer

https://github.com/oracle/terraform-oci-cf-install

mailto:[email protected]

terraform and oracle cloud - aioug.org of terraform with... · title: how to use the powerpoint...

Documents