{"id":704,"date":"2024-03-24T16:13:00","date_gmt":"2024-03-24T15:13:00","guid":{"rendered":"https:\/\/ilmarkerm.eu\/blog\/?p=704"},"modified":"2024-03-24T16:13:00","modified_gmt":"2024-03-24T15:13:00","slug":"building-oracle-cloud-infrastructure-with-terraform-basics","status":"publish","type":"post","link":"https:\/\/ilmarkerm.eu\/blog\/2024\/03\/building-oracle-cloud-infrastructure-with-terraform-basics\/","title":{"rendered":"Building Oracle Cloud infrastructure with Terraform – Basics"},"content":{"rendered":"\n

I thought I’ll start exploring Oracle Cloud offerings a little and try building something with Terraform.<\/p>\n\n\n\n

The execution environment<\/h2>\n\n\n\n

OCI Could Console offers Cloud Shell and Code Editor right from the browser. Cloud Shell is a small Oracle Linux container with shell access, that has the most popular cloud tools and OCI SDKs already deployed. Most importantly, however, all Oracle Cloud API commands you execute from there, they run silently as yourself, no additional setup required. Including setting up terraform. Pretty awesome idea I would say – no need to set up any admin computer first.<\/p>\n\n\n\n

Since I would mainly write code, I’m going to use only only Code Editor (which is actually VS Code in your browser) and VS Code also has a built in terminal for executing commands.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Read about executing and using Cloud Shell here.<\/a><\/p>\n\n\n\n

Setting up Terraform provider<\/h2>\n\n\n\n

When executing from Cloud Shell \/ Code Editor, then setting up the terraform provider is very simple.<\/p>\n\n\n\n

# versions.tf\n\nprovider \"oci\" {\n   region = \"eu-stockholm-1\"\n}<\/code><\/pre>\n\n\n\n
It is very good practice to also place terraform state file in the shared object store. OCI also provides an object store and to set it up first create a Bucket in Object Storage.<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
This also requires setting up Customer Secret Keys, for accessing the bucket using S3 protocol. I’m going to save my access key and secret access key in a file named bucket.credentials.<\/p>\n\n\n\n
# bucket.credentials\n\n[default]\naws_access_key_id=here is your access key\naws_secret_access_key=here is your secret access key\n\n\n# remote_state.tf\n\nterraform {\n    backend \"s3\" {\n        bucket = \"oci-terraform-bucket\"\n        key    = \"oci-terraform.tfstate\"\n        region = \"eu-stockholm-1\"\n        # ax9u97qgbo5h is the namespace of the bucket, it is shown in the Bucket Details page\n        endpoint = \"https:\/\/ax9u97qgbo5h.compat.objectstorage.eu-stockholm-1.oraclecloud.com\"\n        shared_credentials_file     = \"bucket.credentials\"\n        skip_region_validation      = true\n        skip_credentials_validation = true\n        skip_metadata_api_check     = true\n        force_path_style            = true\n    }\n}<\/code><\/pre>\n\n\n\n
Creating compartment and basic networking<\/h2>\n\n\n\n
Compartment is just a handy hierarchical logical container which helps to organise your Oracle Cloud resources better. It can also be used to set common tags for all resources created under it.<\/p>\n\n\n\n
# main.tf\n\nlocals {\n    tenancy_id = \"ocid1.tenancy.oc1..aaaaaaaawf2fv3ipfdp564ffiqpfqr6u6n3uofydgtihq3wget5357lq5i6a\"\n    environment = \"dev\"\n}\n\n# Information about current tenancy, for example home region\ndata \"oci_identity_tenancy\" \"tenancy\" {\n    tenancy_id = local.tenancy_id\n}\n\n# Get the parent compartment as a terraform object\ndata \"oci_identity_compartment\" \"parent_compartment\" {\n    # Top get list of existing compartments execute:\n    # oci iam compartment list\n    id = data.oci_identity_tenancy.tenancy.id\n}\n\n# Create compartment\nresource \"oci_identity_compartment\" \"compartment\" {\n    # Compartment_id must be the parent compartment ID and it is required\n    compartment_id = data.oci_identity_compartment.parent_compartment.id\n    description = \"oci-terraform experiments\"\n    name = \"oci-terraform-experiments\"\n    # Define some default tags that are added to all resources created under this compartment\n    freeform_tags = {\n        \"deployed_by\" = \"terraform\"\n        \"environment\" = local.environment\n    }\n}<\/code><\/pre>\n\n\n\n
To set up networking, first you need VCN Virtual Cloud Network and under it subnets.<\/p>\n\n\n\n
# network.tf\n\nresource \"oci_core_vcn\" \"main\" {\n    compartment_id = oci_identity_compartment.compartment.id\n    display_name = \"VCN for oci-terraform test\"\n    dns_label = \"ocitf\"\n    cidr_blocks = [\"10.1.2.0\/24\"]\n    is_ipv6enabled = false\n}\n\nresource \"oci_core_subnet\" \"subnet\" {\n    cidr_block = \"10.1.2.0\/25\"\n    compartment_id = oci_identity_compartment.compartment.id\n    vcn_id = oci_core_vcn.main.id\n\n    # List availability domains\n    # oci iam availability-domain list\n    # Documentation recommends creating regional subnets instead, without specifying availability_domain\n    #availability_domain = \"MpAX:EU-STOCKHOLM-1-AD-1\"\n    display_name = \"Subdomain #1\"\n    prohibit_internet_ingress = false\n    prohibit_public_ip_on_vnic = false\n}\n<\/code><\/pre>\n\n\n\n
To be continued<\/h2>\n\n\n\n
I don’t really know where this post series is going. I’ve done quite a bit of Terraforming in AWS, so here I’m just exporing what Oracle Cloud has to offer and instead of using the dreaded ClickOps, I’ll try to be proper with Terraform.<\/p>\n\n\n\n
At the end of the post I have these resources created.<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"
I thought I’ll start exploring Oracle Cloud offerings a little and try building something with Terraform. The execution environment OCI Could Console offers Cloud Shell and Code Editor right from the browser. Cloud Shell is a small Oracle Linux container with shell access, that has the most popular cloud tools and OCI SDKs already deployed. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[68,67],"class_list":["post-704","post","type-post","status-publish","format-standard","hentry","category-blog-entry","tag-oci","tag-terraform"],"_links":{"self":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/comments?post=704"}],"version-history":[{"count":5,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions"}],"predecessor-version":[{"id":712,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions\/712"}],"wp:attachment":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/media?parent=704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/categories?post=704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/tags?post=704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}