To automate our day to day administrative tasks, so far we have been acquainted with Shell scripts, python etc. But with the advent of Cloud, not only mundane manual tasks are getting automated, infact , a whole bunch of infrastructure are getting built. Here comes a infrastructure as a code from Hashicorp known as "Terraform". Now lets come down to my point on how to use terraform in Oracle Cloud.
We should have the following information ready:
tenancy ID
user ID--This should be for the non federated user.
compartment ID
API SSL Key:-
You will need an SSL key pair to enable Terraform to connect to the OCI API under your identity. Start by generating a key
user@computer$ openssl genrsa -out oci_api_key.pem 2048
set file access to owner only read and write
user@computer$ chmod 600 oci_api_key.pem
generate the public half of the key pair
openssl rsa -pubout -in oci_api_key.pem -out oci_api_key_public.pem
[opc@cloud .oci]$ ls -lrt
total 16
-rw-------. 1 opc opc 299 Dec 16 10:12 config
-rw-------. 1 opc opc 48 Dec 17 16:41 oci_api_key_fingerprint
-rw-------. 1 opc opc 1679 Dec 19 10:56 oci_api_key.pem
-rw-------. 1 opc opc 451 Dec 19 10:57 oci_api_key_public.pem
The public key needs to be added to your user account in the OCI console. Open the account page for your user and select the "Add Public Key" button. Copy and paste the contents of the oci_api_key_public.pem file in the box of the "Add Public Key" dialog as shown below.
Terraform Executable
The Terraform executable is available at terraform.io Available for Linux, Mac Windows etc. pick the binary that matches your PC. The download contains a single executable file. Unzip it to a directory that is on your PATH for example /home/me/bin. In order to update the executable when a new version is released simply download the new version, unzip and replace the executable.
Check the terraform version:-
terraform -version
Terraform v0.12.17
Your version of Terraform is out of date! The latest version
is 0.12.19. You can update by downloading from https://www.terraform.io/downloads.html
[opc@cloud ~]$
Create two files now
env-vars and provider.tf
[opc@cloud terraformfinal]$ cat env-vars
export TF_VAR_tenancy_ocid=ocid1.XXXXXXXXXXXXXXXXXXXXXXXX
export TF_VAR_user_ocid=ocid1.XXXXXXXXXXXXXXXX
export TF_VAR_fingerprint=$(cat ~/.oci/oci_api_key_fingerprint)
export TF_VAR_private_key_path=~/.oci/oci_api_key.pem
export TF_VAR_ssh_public_key=$(cat ~/.ssh/id_rsa.pub)
export TF_VAR_ssh_private_key=$(cat ~/.ssh/id_rsa)
export TF_VAR_region=ap-XXXXXXXXXXX
[opc@cloud terraformfinal]$ cat provider.tf
variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "private_key_path" {}
variable "ssh_public_key" {}
variable "region" {}
provider "oci" {
tenancy_ocid = "${var.tenancy_ocid}"
user_ocid = "${var.user_ocid}"
fingerprint = "${var.fingerprint}"
private_key_path = "${var.private_key_path}"
region = "${var.region}"
disable_auto_retries = "true"
}
resource "oci_identity_compartment" "CreateCompartment" {
compartment_id = "ocid1.XXXXXXXXXXXXXXXXXX"
description = "var.compartment_description"
name = "var.compartment_name"
}
[opc@cloud terraformfinal]$
Now source the env-vars file
source env-vars
At this moment, we are now ready to run the terraform commands.
[opc@cloud terraformfinal]$ terraform init
Initializing the backend...
Initializing provider plugins...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.oci: version = "~> 3.51"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[opc@cloud terraformfinal]$
[opc@cloud terraformfinal]$ terraform plan
Warning: Interpolation-only expressions are deprecated
on provider.tf line 9, in provider "oci":
9: tenancy_ocid = "${var.tenancy_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 10, in provider "oci":
10: user_ocid = "${var.user_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 3 more similar warnings elsewhere)
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
oci_identity_compartment.CreateCompartment: Refreshing state... [id=ocid1XXXXXXXXXXXXXXXXXXXXXfngjhqchro7j4u76hwudxqfpsaohkqrro6ffrnkyzjny3fyysq]
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_identity_compartment.CreateCompartment will be created
+ resource "oci_identity_compartment" "CreateCompartment" {
+ compartment_id = "ocid1.XXXXXXXXXXXXXXXaaa566jmy5ox5j7o7w64v44kjpnjkkmredbjrirdc7bfecxavf2wu7q"
+ defined_tags = (known after apply)
+ description = "var.compartment_description"
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ inactive_state = (known after apply)
+ is_accessible = (known after apply)
+ name = "var.compartment_name"
+ state = (known after apply)
+ time_created = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 9, in provider "oci":
9: tenancy_ocid = "${var.tenancy_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 10, in provider "oci":
10: user_ocid = "${var.user_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 3 more similar warnings elsewhere)
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
[opc@cloud terraformfinal]$
[opc@cloud terraformfinal]$ terraform apply
Warning: Interpolation-only expressions are deprecated
on provider.tf line 9, in provider "oci":
9: tenancy_ocid = "${var.tenancy_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 10, in provider "oci":
10: user_ocid = "${var.user_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 3 more similar warnings elsewhere)
oci_identity_compartment.CreateCompartment: Refreshing state... [id=ocid1.compartment.oc1..aaaaaaaacnfngjhqchro7j4u76hwudxqfpsaohkqrro6ffrnkyzjny3fyysq]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_identity_compartment.CreateCompartment will be created
+ resource "oci_identity_compartment" "CreateCompartment" {
+ compartment_id = "ocid1.XXXXXXXXXXXXXXXXXX7w64v44kjpnjkkmredbjrirdc7bfecxavf2wu7q"
+ defined_tags = (known after apply)
+ description = "var.compartment_description"
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ inactive_state = (known after apply)
+ is_accessible = (known after apply)
+ name = "var.compartment_name"
+ state = (known after apply)
+ time_created = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 9, in provider "oci":
9: tenancy_ocid = "${var.tenancy_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on provider.tf line 10, in provider "oci":
10: user_ocid = "${var.user_ocid}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 3 more similar warnings elsewhere)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_identity_compartment.CreateCompartment: Creating...
oci_identity_compartment.CreateCompartment: Creation complete after 0s [id=ocid1.XXXXXXXXXXXXX.7naistwkyvrh6q4bzbht567n2f4xy53jatszucuhdek355zwfkq]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
[opc@cloud terraformfinal]$
Now login to the console and verify.
The resource can be destroyed by
terraform destroy
Hope, this will help someone. Happy learning.