Terraform Introduction

-
Terraform

Terraform

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently.

Terraform can manage following existing and popular service providers

  • IaaS (OCI, AWS, GCP, OpenStack)

  • PaaS (Heroku)

  • SaaS (Terraform Cloud)

OCI Provider

OCI provider used to interact with the many resources supported by the Oracle Cloud Infrastructure.

The provider needs to be configured with credentials for the Oracle Cloud Infrastructure account. We will discuss different authentication providers later.

Terraform Initialization

init.sh
tvajjala$ terraform init
Terraform initialized in an empty directory!

The directory has no Terraform configuration files. You may begin working
with Terraform immediately by creating Terraform configuration files.
since there are no .tf files, terraform will warn you with above message.

Configuration

  • Create provider.tf file

provider.tf
provider "oci" {
	tenancy_ocid = var.tenancy_ocid
	user_ocid = var.user_ocid
	fingerprint = var.fingerprint
	private_key_path = var.private_key_path
	region = var.region
}

  • Create variables.tf and prepare information from your OCI Account.

variables.tf
variable "tenancy_ocid" {
  default = "ocid1.tenancy.oc1..XXXXXX"
}
variable "user_ocid" {
  default = "ocid1.user.oc1..XXXXX"
}
variable "fingerprint" {
  default = "1c:d0:1a:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX"
}
variable "region" {
  default = "us-phoenix-1"
}
variable "private_key_path" {
  default = "~/.oci/oci_api_key.pem"
}
variable "ssh_public_key" {
  default = "~/.oci/oci_api_key_public.pem"
}

Generate Keys

Generate public , private keys and add it to oci console account.

keys.sh
# this is without passphrase
tvajjala$ openssl genrsa -out oci_api_key.pem  2048

# generate RSA with AES passphrase
tvajjala$ openssl genrsa -out oci_api_key.pem -aes128 2048

# change permissions
tvajjala$chmod go-rwx oci_api_key.pem

# generate public key
tvajjala$ openssl rsa -pubout -in oci_api_key.pem -out

# print fingerprint
tvajjala$ openssl rsa -pubout -outform DER -in oci_api_key.pem | openssl md5 -c

Scenario-1: Reading availability domains

Create .tf file with below content

availability_domains.tf
# Get a list of Availability Domains
data "oci_identity_availability_domains" "ads" {
  compartment_id = var.tenancy_ocid
}

# Output the result
output "show-ads" {
  value = data.oci_identity_availability_domains.ads.availability_domains
}

# format proper indentation

terraform fmt

Scenario-2: List OSS Buckets

list_objects_in_bucket.tf
# This will list objects in the bucket name called reporting

## object storage namespace
data "oci_objectstorage_namespace" "ns" {
  compartment_id = var.tenancy_ocid
}

output "storage-ns"{
  value ="${data.oci_objectstorage_namespace.ns}"
}

data "oci_objectstorage_bucket_summaries" "test_buckets" {
    #Required
    compartment_id = var.tenancy_ocid
    namespace = "${data.oci_objectstorage_namespace.ns.namespace}"
}

output "bucket_summaries"{
    value="${data.oci_objectstorage_bucket_summaries.test_buckets.bucket_summaries[0]}"
}

#https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/objectstorage_objects
data "oci_objectstorage_objects" "test_objects" {
  #Required
  bucket = "reporting"
  namespace = "${data.oci_objectstorage_namespace.ns.namespace}"
  #Optional
  prefix="tvajjala"
  #only / supported
}

output "list_objects"{
  value="${data.oci_objectstorage_objects.test_objects}"
}

Execution

Once required files created, run below command to apply changes to infrastructure.

terraform
├── availability_domains.tf
├── list_objects_in_bucket.tf
├── provider.tf
├── variables.tf
execute.sh
#Initialize
tvajjala$ terraform init (1)
provider.oci: version = "~> 4.23"
Terraform has been successfully initialized!

#Validate syntactical errors in .tf files.
tvajjala$ terraform validate (2)
Success! The configuration is valid.

#Print configured providers
tvajjala$ terraform providers (3)
.
└── provider.oci

#Apply Terraform changes
tvajjala$ terraform apply (4)
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:

Authentication Providers

The OCI provider supports below three types of authentication

  1. API Key based authentication

  2. Instance Principal based authentication

  3. Security Token authentication

API Key based authentication

Using .tf files

Using provider.tf and variables.tf files we can supply required authentication attributes.

provider.tf
provider "oci" {
	tenancy_ocid = var.tenancy_ocid
	user_ocid = var.user_ocid
	fingerprint = var.fingerprint
	private_key_path = var.private_key_path
	region = var.region
}

Using environment variables

In your ~/.bash_profile set these variables:

export TF_VAR_tenancy_ocid=<value> export TF_VAR_compartment_ocid=<value> export TF_VAR_user_ocid=<value> export TF_VAR_fingerprint=<value> export TF_VAR_private_key_path=<value>

Using the SDK and CLI Configuration File

It is possible to define the required provider values in the same ~/.oci/config file that the SDKs and CLI support. For details on setting up this configuration see SDK and CLI Configuration File.

Note: the parameter names are slightly different. Provider block from terraform config can be completely removed if all API Key based authentication required values are provided as environment variables, in a *.tfvars file or ~/.oci/config. When using empty provider block, private_key_password if required should to be set in ~/.oci/config.

If the parameters have multiple sources, the priority is going to be: 1 environment value, 2 non-default profile if provided, 3 DEFAULT profile

TO used non-default profile, you can set it through environment value like: export TF_VAR_config_file_profile=<value> or set it in a provider block like:

provider "oci" { tenancy_ocid = var.tenancy_ocid config_file_profile= var.config_file_profile }

Instance Principal Authentication

Instance Principal authentication allows you to run Terraform from an OCI Instance within your Tenancy. To enable Instance Principal authentication, set the auth attribute to “InstancePrincipal” in the provider definition as below:

within_oci_instance.tf
# Configure the Oracle Cloud Infrastructure provider to use Instance Principal based authentication
provider "oci" {
  auth = "InstancePrincipal"
  region = var.region
}

Security Token Authentication

Security Token authentication allows you to run Terraform using a token generated with Token-based Authentication for the CLI. To enable Security Token authentication, set the auth attribute to “SecurityToken” and provide a value for config_file_profile in the provider definition. For example:

SecurityToken.sh
# Configure the Oracle Cloud Infrastructure provider to use Security Token authentication
provider "oci" {
  auth                = "SecurityToken"
  config_file_profile = "PROFILE"
}
This token expires after 1 hour. Avoid using this authentication when provisioning of resources takes longer than 1 hour. To refresh the security token, see this document

Reference

https://registry.terraform.io/providers/hashicorp/oci/latest/docs

Comments

Post a Comment

Popular posts from this blog

IBM Datapower GatewayScript

-
Introduction IBM API Assembly Language Introduction GatewayScript is a new transformation technology for API, Web, and Mobile and is available in DataPower. GatewayScript is based on the JavaScript programming language. More precisely, it supports the ECMAScript 5.1 version of the specification. On the DataPower appliance, JavaScript runs in ‘strict’ mode only. The strict mode provides a more consistent and more disciplined behavior. For example, if a script attempts to write a property of a DataPower API object and that object is frozen, an immediate exception is thrown. The ‘strict’ mode behavior supports stronger error checking and handling and increases security. DataPower Playground (GatewayScript Fiddle) IBM DataPower Playground is an interactive website that lets you write GatewayScript code and execute it on a cloud-hosted DataPower Gateway for learning purposes. Available at : https://datapower-playground.mybluemix.net/ GatewayScript provides
Read more

Spring boot Kafka Integration

-
Image
Introduction Introduction K afka is an open source streaming platform which scales very well in a horizontal way without compromising speed and efficiency. The Kafka core is written in Scala , and Kafka Streams and KSQL are written in Java . Features Kafka is a service bus To connect heterogeneous applications, we need to implement a message publication mechanism to send and receive messages among them. A message router is known as message broker . Kafka is a message broker , a solution to deal with routing messages among clients in a quick way. Kafka architecture has two directives The first is to not block the producers (to deal with back pressure). The second is to isolate producers and consumers . The producers should not know who their consumers are, hence the kafka follows the dumb broker and smart clients model. Tip Back pressure is to make applications robust against data surges. when producer generates data higher rate tha
Read more

Spring boot SOAP Web Service Performance

-
Image
Consumng This tutorial walks you through the process of consuming a SOAP-based web service with Spring. It elucidates following items Making parallel calls with RxJava (or WebFlux ) Sending large SOAP message payloads using AXIOM( AXis Object Model) AxiomSoapMessageFactory .(which improves performance) Marshalling( is the process of transforming the memory representation of an object to a data format suitable for storage or transmission) Marshalling (XML Serialization) done with O/X Mappers, different types of mappers out there and choose appropriate one for your need. Castor XML mapping is an open source XML binding framework. It allows you to transform the data contained in a java object model into/from an XML document. By default, it does not require any further configuration, though a mapping file can be used to have more control over the behavior of Castor. The Spring integration classes reside in the org.springframework.oxm.castor pa
Read more