Terraform and Oracle Cloud - aioug.org of Terraform with... · Title: How to Use the PowerPoint...
Transcript of Terraform and Oracle Cloud - aioug.org of Terraform with... · Title: How to Use the PowerPoint...
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform and Oracle Cloud
Umesh TannaPrincipal Technology Sales ConsultantSales Consulting Centers(SCC)-Solution ServicesOracle India Pvt Ltd, Bangalore
Infrastructure-as-Code
https://twitter.com/umesh_tanna
https://www.linkedin.com/in/umesh-tanna-4311427
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure as Code (IaC)
Infrastructure as code (IaC) refers to the process of provisioning and managing (provisioning, updating and destroying) data centers through machine-readable definition files, as opposed to interactive configuration tools, or even physical hardware configuration
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Infrastructure as Code (IaC)
•Agile
•Consistent
•Repeatable
•Extensible
•Standardization
•Scale
•Version control
•Peer review
•Automated testing
•Release management
•Documentation
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
TerraformOCI and OCI(Classic), Example is OCI
5
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – built by HashiCorp
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – What it is?
• A tool for building, changing, and versioning infrastructure
• Manage major cloud service providers.
• Configuration files are used to describe resources to Terraform.
• Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build it
• As the configuration changes, Terraform is able to determine what changed and create incremental execution plans
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform for Oracle Cloud Platform and Infrastructure
DATABASE | JAVA | APP CONTAINER+ | MYSQL+ | …
COMPUTE | NETWORK | STORAGE | CLOUD @ CUSTOMER
Oracle Cloud Platform ProviderOracle Cloud Infrastructure Classic | Oracle Cloud Infrastructure*
ORACLE PROVIDERS
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform for Oracle Cloud Platform and Infrastructure
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform For Oracle Cloud Infrastructure Classic – Built-in
The Identity Domain name (for Traditional accounts)
Service Instance ID (for IDCS accounts) of the env
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform For Oracle Cloud Platform(PaaS) – Built-in
The Identity Domain name (for Traditional accounts)
Identity Service ID (for IDCS accounts) of the env
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform For Oracle Cloud Infrastructure – Plug-in
https://github.com/oracle/terraform-provider-oci/
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform For Oracle Public Cloud – Also available as RPM
http://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Getting Started with Terraform (OCI)• Download
– binary, apt, yum, choco, brew
• Create a .tf file in a workspace
• hw.tf
• output "hw" {
• value = "test” }
• $ terraform apply
• Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
• Outputs:
• hw = test
• Providers… ->
./├── terraform├── terraform-provider-atlas├── terraform-provider-aws├── terraform-provider-azure├── terraform-provider-azurerm├── terraform-provider-chef├── terraform-provider-cloudflare├── terraform-provider-cloudstack├── terraform-provider-consul├── terraform-provider-digitalocean
├── terraform-provider-OCI
alicloud archive arukas atlas aws azure azurerm bitbucket chef circonus clc cloudflare cloudstack cobbler consul datadog digitalocean dme dns dnsimple docker dyn external fastly github gitlab google grafana heroku http icinga2 ignition influxdb kubernetes librato local logentries mailgun mysql newrelic nomad ns1 oneandone opc openstackopsgenie packet pagerduty postgresql powerdns profitbricks rabbitmq rancher random rundeck scaleway softlayerspotinst statuscake template terraform tls triton ultradns vault vcd vsphere
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
HCL – Basic Terraform .tf Format.
Terraform configuration is written into files named .tf files.
It is based on the HashiCorp Configuration Language (HCL) https://github.com/hashicorp/hcl
JSON is supported for code generation purposes.
Most of the configuration takes the form:
keyword1 "some_name" {key = "value"nested {
key = "value' }
}
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Providers.
First thing to do is to use a provider
Providers abstract the APIs from any given third party in order to create infrastructure. Example:
The OCI provider enables Terraform to create, manage and destroy resources in your tenancy on OCI.
Tenancy is the OCID of the tenant. User OCID is the users identifier. Fingerprint is the md5 fingerprint of the private key being used to access the API, and private key path is where the API PEM private key is stored.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – ResourcesResourcesOnce a provider is configured we can start using that providers resources.
With the OCI provider, we can start creating instances, block and object storage, networks, etc.
The following example starts an instance:
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Planning Phase
Terraform Init
Terraform plan
Terraform apply
Terraform plan
destroy
Terraform destroy
For Initial Setup Only
Initialize a working directory- For ex. plugin search/install
• On Windows, in the sub-path terraform.d/plugins beneath your user's "Application Data" directory.• On all other systems, in the sub-path .terraform.d/plugins in your user's home directory
Demo/PoC/Trial/Learning may use this frequently. Production setup may not use that frequently.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Planning Phase
Once we have put together a configuration to try we can dry-run test this with the planning phase.
"terraform plan" will take the configuration and give a detailed report on which resources will be created, deleted or modified plus identify what dependent resources are effected by these changes.
terraform plan -out=plan1
Saving the plan is useful to ensure that all the steps in the plan were actually applied.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Apply
Once the plan looks good we can go and apply the configuration.
$ terraform apply
There is also an option to use saved plans for an apply operation.
$ terraform apply plan1
Plan and apply can also target particular resource(s) using the -target flag.
Plans that are too old will be detected, they are created against a given version of the terraform.tfstate file.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform - Destroy When infrastructure needs to be retired, destroying it and all of its dependencies is straightforward with
$ terraform destroy
Terraform destroy will ask for permission , requiring an explicit “yes” as input.
$ terraform plan -destroyShows what will be destroyed without actually doing it.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Resource Graph - Visualization• Terraform builds dependency graphs for
planning state management and more.
• $ terraform graph | dot -Tpng > tgraph1.png
Online Tool to make graphhttp://webgraphviz.com/
Linux would requiredgraphviz packages
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform – Local and Remote Exec
Templates files Rendered files
Machine running terraform and where terraform configurations files are
Machine provisioned by terraform
InterpolationAnd other terraform construct
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Provisioners
Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc.
Provisioners are added directly to any resource
For provisioners other than local execution, you must specify connection settings so Terraform knows how to communicate with the resource.
– Remote Exec
• The remote-exec provisioner invokes a script on a remote resource after it is created
– File
• The file provisioner is used to copy files or directories from the machine executing Terraform to the newly created resource
– Null resource
• The null_resource is a resource that allows you to configure provisioners that are not directly associated with a single existing resource
https://www.terraform.io/docs/provisioners/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Data Sources
Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. Use of data sources allows a Terraform configuration to build on information defined outside of Terraform, or defined by another separate Terraform configuration.
Providers(Oracle in our case) are responsible in Terraform for defining and implementing data sources.
Whereas a resource causes Terraform to create and manage a new infrastructure component, data sources present read-only views into pre-existing data, or they compute new values on the fly within Terraform itself.
Go to https://github.com/oracle/terraform-provider-oci
Then navigate to Docs -> Core -> instance.md -> Scroll all the way down ->Observe last section
oci_core_instances ->Instance DataSource
Another ex.
https://github.com/oracle/terraform-provider-oci/blob/master/docs/identity/availability_domains.md
https://www.terraform.io/docs/configuration/data-sources.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Template Files
The template provider exposes data sources to use templates to generate strings for other Terraform resources or outputs.
– template_file• Renders a template from a file.
– template_dir• Renders a directory containing templates into a separate directory of corresponding rendered files.
https://www.terraform.io/docs/providers/template/d/file.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Interpolation
Embedded within strings in Terraform, whether you're using the Terraform syntax or JSON syntax, you can interpolate other values. These interpolations are wrapped in ${}, such as ${var.foo}.
The interpolation syntax is powerful and allows you to reference variables, attributes of resources, call functions, etc.
You can perform simple math in interpolations, allowing you to write expressions such as ${count.index + 1}. And you can also use conditionals to determine a value based on some logic.
You can escape interpolation with double dollar signs: $${foo} will be rendered as a literal ${foo}.
– User string variables
– User map variables
– User list variables
– :
– :
https://www.terraform.io/docs/configuration/interpolation.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
State
Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.
This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment.
Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure
https://medium.com/oracledevs/storing-terraform-remote-state-to-oracle-cloud-infrastructure-object-storage-b32fe7402781
https://www.terraform.io/docs/state/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Local-exec
The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.
https://www.terraform.io/docs/provisioners/local-exec.html
https://medium.com/@scrossoracle/using-terraform-with-oracle-paas-service-manager-psm-d21f2ddbae3f
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Modules
Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group. Modules are used to create reusable components in Terraform as well as for basic code organization
Root module That is the current working directory when you run terraform apply or get, holding the Terraform configuration files. It is itself a valid module.
https://www.terraform.io/docs/modules/index.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Meta Parameters
There are certain meta-parameters available to all resources:
For ex.
count (int) - The number of identical resources to create. This doesn't apply to all resources
https://www.terraform.io/docs/configuration/resources.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform In Oracle Developer Cloud Service
https://www.terraform.io/docs/configuration/resources.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform Refresh
Terraform refresh attempts to find any resources held in the state file and update with any drift that has happened in the provider outside of Terraform since it was last ran.
For example, lets say your state file contains 3 instances with instance ids of ocid1, ocid2, ocid3 and then you delete ocid2 outside of Terraform. After running terraform refresh, a plan would show that it needs to create the second instance while a destroy plan would show that it only needs to destroy the first and third instances (and not fail to destroy the missing second instance).
Terraform makes a very specific decision to not interfere with things that aren't being managed by Terraform. That means if the resource doesn't exist in its state file then it absolutely will not touch it in any way. This enables you to run Terraform alongside other tools as well as making manual changes in the AWS console. It also means that you can run Terraform in different contexts simply by providing a different state file to use, allowing you to split your infrastructure up into multiple state files and save yourself from catastrophic state file corruption.
https://www.terraform.io/docs/commands/refresh.html
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform Kubernetes InstallerOCI
34
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Open Source Terraform Template For K8S In OCI
https://github.com/oracle/terraform-kubernetes-installer/
• Customizable• Highly Available
Deployment• OCI LB integration
(CCM)• OCI BV integration
(Flex Volume Driver)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Terraform Resources
36
https://www.terraform.iohttps://github.com/oracle/terraform-provider-ocihttp://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64/index.htmlhttps://github.com/oracle/terraform-exampleshttps://github.com/oracle/terraform-kubernetes-installerhttps://github.com/oracle/terraform-ceph-installerhttps://github.com/oracle/terraform-oci-cf-install
Terraform mailing list (Beehive)[email protected]
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 37