Infrastructure As Code with Oracle Linux & Terraform Running On

Infrastructure as Code with Oracle Linux & Terraform Running on Oracle Public & Private Cloud UKOUG Midlands Summit Simon Hayler Technical Product Manager

28th February 2019

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Enhanced Developer Cloud-Ready, Integrated Cost Effective Compute Platform

• Access to frequent and latest Oracle • Oracle Cloud developer tools such as • Oracle Linux Support is provided at Linux image updates Terraform, SDK's, and CLI are no additional cost on OCI deployed faster and easier via local • • Faster downloads from mirrored yum server Take advantage of its 24 x7 best-in- Oracle Container Registry and OL class support services and tools yum server within OCI • Easy access to Linux developer and preview software channels in local • No need to budget for OS support • Zero-downtime OS kernel and user OL yum server fees on OCI space updates with Ksplice pre- • installed in OCI • Thousands of EPEL packages built Use Oracle Linux as part of a fully and signed by Oracle for security and and extensively tested cloud • Comprehensive containers and compliance infrastructure stack container management support • Software Collection Library support • Oracle Linux Storage Appliance included to install recent versions of offers an easy way to build NFS and Python, PHP, NodeJS, nginx, and Samba shared storage in OCI more

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3 Infrastructure as Code (IAC) • IAC is the process of provisioning and managing infrastructure using declarative files – In summary managing infrastructure with software • Terraform is a widely used open-source tool for IAC by Hashicorp • Terraform is compatible with many Cloud providers or Cloud solutions through providers: – Integrated providers (70+) • Non installation needed, automatically downloaded by Terraform when needed. • https://www.terraform.io/docs/providers • Examples: – oci : Oracle Cloud Infrastructure (OCI) – opc : Oracle Cloud Infrastucture Classic (OPC) – oraclepaas: Oracle Cloud Platform (Oracle PaaS with OCI) – Non-integrated providers • Manual installation needed

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 4 Installing/upgrading Terraform • Terraform and integrated providers available for all major operating environments: – Linux (x86 & ARM) – FreeBSD (x86 & ARM) – OpenBSD (x86) – Windows (x86) – Mac OS X (x86) – Solaris (x86) • Installation – Download the terraform binary for your OS – Integrated providers automatically downloaded/installed when needed – Non-integrated providers: manual download of the binary provider needed • Frequent updates advised (On 19th February 2019, the current version of Terraform is 0.11.11) • Easy on Oracle Linux 7 (ol7_developer on public yum, ol7_x86_64_developer on ULN) – # yum install terraform (Installation) – # yum upgrade terraform (Upgrade)

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 5 Getting started with Terraform • See https://www.terraform.io/intro/getting-started/build.html • For a specific project, create one or more Terraform configuration files (.tf files) in the same folder • Options: – At least one Provider: oci, opc, oraclepaas – Resources: Cloud objects that you want to provision with required / optional parameters – Data sources: To obtain parameters needed to create resources – Variables: For example your credentials to avoid hard coding them in your configuration files – Outputs: Optional, example: to display the public IP assigned by OCI

• terraform init – Before initial use or after upgrade • terraform plan • terraform apply • terraform apply –-auto-approve • terraform destroy • terraform destroy -force

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 7 Variables See https://www.terraform.io/intro/getting-started/variables.html • Variables must be defined in a .tf file • Input variables from command line

values can be assigned during definition with « default = »

• Input variables from one or more files • Variables can be used anywhere in .tf files – Default file name is terraform.tfvars

– If not default name, just give the name(s) of file(s)

• Input variables from environment variables (TF_VAR_name) $ export TF_VAR_access_key="xxxxxxxx" $ export TF_VAR_secret_key="xxxxxxxx" • Input variables interactively – If certain variables are unspecified with previously methods, Terraform will ask you to input their values interactively

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 8 Outputs See https://www.terraform.io/intro/getting-started/outputs.html • Outputs are optional but useful to display • Outputs are displayed at the end of « terraform relevant information apply » or with « terraform output » – public IP randomly assigned (AWS, OCI, OCI-C) – Temporary password for Windows instances in OCI

• Outputs can be used to facilitate SSH to Linux instances

• Useful to automatically get objects names or IDs that • Examples of data sources definitions in OCI are needed to create resources – Get the list of Availability Domains (name different in each tenant) – Alternative is to hard-code names/IDs • Examples of data sources within OCI – Get the ID of the latest image for Oracle Linux 7 • Filter used to exclude GPU

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 10 Post-provisioning actions on compute instances • Examples – Apply the latest OS patches (yum update -y on Oracle Linux) – Create users – Install & configure software products • Methods – Cloud-init – Remote exec with ssh – Using a configuration tool such as Ansible, Puppet or Chef • Recommended for complex post-install actions

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 11 Terraform for OCI • Terraform is the recommended provisioning tool for OCI: – As new features are frequently added to OCI, Terraform provider for OCI is frequently updated (On 25th February, 2019 version is 3.15) • Before you can use Terraform with OCI, you need to create an API Key – Also true for OCI CLI and OCI SDKs. – Create a key pair – Upload the public key in OCI Web Console for your user – Use the private key in your Terraform configuration files • Use the required parameters in the provider section in a .tf file

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 12 Terraform for OCI • All OCI objects can be created by Terraform(1) – Identity & Access Management (IAM): Users, groups, Policies, Compartments – Virtual Cloud Network (VCN) and related network objects • Subnets, Route Tables, Security lists, Internet GW, DRG, IPsec connection, Load Balancers… – Compute instances and custom images – Block volumes and block volume backups – Object Storage – File System Storage – Database systems and related objects (instances) – Autonomous Transaction Processing – Autonomous Data Warehouse

(1) Except maybe some very new OCI features (need to wait for a new version of Terraform Provider for OCI)

• Simple example: – Create a Virtual Cloud Network (VCN) with a single public subnet – Create an Oracle Linux 7.5 compute instance from the most recent image – Create a block volume and attach it to the compute instance • Configuration files – terraform.tfvars : variables values (to be updated) – 01_auth.tf : provider authentication and variable definitions – 02_vcn.tf :Virtual Cloud Network and related network objects – 03_instance_ol7.tf :compute instance – 04_block_volume.tf.DISABLED :block volume (initially disabled) – userdata_bootstrap_ol7.sh :Cloud-init post install shell script • Execute Terraform commands – $ terraform init (Initialize Terraform, downloading OCI provider) – $ terraform plan (Display the OCI objects that will be created, modified or destroyed) – $ terraform apply (Create, Modify or Destroy OCI objects)

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 17 Terraform with Oracle Linux and Oracle OpenStack Community Documents • https://community.oracle.com/docs/DOC-1019936 • https://community.oracle.com/docs/DOC-1022601