Scribd
Upload
6K views

Mastering Terraform and The Provider

This document outlines an agenda for a workshop on mastering Terraform with the Oracle Cloud Infrastructure (OCI) provider. The agenda includes introductions to Terraform fundamentals and the OCI provider, as well as sections on coding practices when using Terraform with OCI. Key concepts that will be covered include infrastructure as code, immutable infrastructure, state management, providers and resources. The document also provides examples of coding best practices such as using modules, templates, dynamic groups and other providers.

Uploaded by

Speak Up Bro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6K views

Mastering Terraform and The Provider

This document outlines an agenda for a workshop on mastering Terraform with the Oracle Cloud Infrastructure (OCI) provider. The agenda includes introductions to Terraform fundamentals and the OCI provider, as well as sections on coding practices when using Terraform with OCI. Key concepts that will be covered include infrastructure as code, immutable infrastructure, state management, providers and resources. The document also provides examples of coding best practices such as using modules, templates, dynamic groups and other providers.

Uploaded by

Speak Up Bro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Mastering Terraform and

the OCI provider


#OracleCode AND @gregoryguillou
● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


Ops with an angle

@gregoryguillou
gregoryguillou

#OracleCode AND @gregoryguillou


● Time to Market
● Impact on all our teams
● Number of environments
● Mission critical “Ops”

● Self-service and Chatops


● Elasticity: Training, dev, test
● International deployment
● Ability to invest to add value
Why Ops also live for the code?
● We need monitoring, CI/CD, AB testing, DRP
● We need to move faster and faster
● People should not need us!
● Let’s stop building from the ground
● Focus on products and businesses, not infrastructure
● Ops are deadly alive!

#OracleCode AND @gregoryguillou


● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


Terraform Key concepts - https://terraform.io

● Infrastructure as Code
● A go application
● HCL/JSON with an inference syntax
● Immutable Infrastructure
● State management
● Dozens of providers, including OCI
● GIT and Registry
● Open-source and enterprise versions
● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


gregoryguillou/oci-workshop
Should I explain
OCI ?
Installing Terraform for OCI (master)
● Download the software from terraform.io
● Install terraform OCI provider
● Install the OCI Command Line Interface
● Create a RSA key and register it in your API Keys
● Defines your OCI CLI configuration
● Create a provider.tf file and set the associated variables
● Initialize the project with the `init` command
● Define resources and `apply` them
OCI Terraform resource overview
● Core: Images, Instances, Volumes, VCN, Security List,
Subnets...
● Database
● DNS: Records, Zones
● File Storage
● Identity: Keys, Groups, Policies, Users
● Load Balancer
● Object Storage Checkout the documentation
● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


A few coding good practices
● Create a specific compartment (master)
● Manage your state on a bucket (02-demo)
● Variables, inferences and dependencies (03-demo)
● Modules (04-demo)
● Packer (05-demo)
● dynamicgroups and OCI_CLI_AUTH (06-demo)
● Use other providers (07-demo)
● An easy (and bad) way to manage secrets (08-demo)
Create a specific compartment (master)
● Use OCI CLI to create a compartment
oci iam compartment create \
--compartment-id="${TF_VAR_tenancy}" \
--name="DevTeam" \
--description="A compartiment to be used by developers" \
--wait-for-state=ACTIVE \
--max-wait-seconds=300 \
--wait-interval-seconds 5

● Add it to the .env file and with variables Checkout 01-install.md


Manage your state on a bucket (02-demo)
● Create a bucket
● Upload the current state as an object in that bucket
● Create a pre-authenticated request for that object
● Test you can access the file from the request
● Add a backend.tf file that reference the preauth request
● Re-initialize terraform with the backend
● Verify you can access the remote state
Checkout 02-remote-state.md
Variables, inferences and dependencies (03-demo)
● Add access to the `compartment` variable
● Create a variable with a default value
● Infer variable value from another variable with `lookup`
● Create a VCN, DCHP Options and an Internet Gateway
● Create multiple resource and inferences with `count`

Checkout 03-inferences.md
Modules (04-demo)
● Create a directory to move the resource for your module
● Remove the resource from your original stack
● Create variable and output to encapsulate your logic
module "livecode" {
tenancy = "${var.tenancy}"
compartment = "${var.compartment}"
source = "github.com/gregoryguillou/oci-workshop?ref=04-demo//modules/public-network"
}

● Use `terraform init` to reference the new module


Checkout 04-modules.md
Packer (05-demo)
● Installing Packer
● Finding the latest Oracle Linux Image
● Subnet and Compartment
● Building an OCI image with Packer
packer build -var "subnet=$SUBNET" \
-var "compartment=$TF_VAR_compartment" \
template.json

Checkout 05-packer.md
dynamicgroups and OCI_CLI_AUTH (06-demo)
● Deploy a dynamic group and its policy
● Access the remote instance from SSH
● Use the metadata API to figure out the compartment
● Use the OCI CLI without any credentials
export OCI_CLI_AUTH=instance_principal
oci os bucket list --compartment-id=$COMPARTMENT \
--query='data[].{bucket: name}' --output=table

Checkout 06-dynamicgroups.md
Use other providers (07-demo)
● There are a lot of useful providers, including random, null,
http, external, template or terraform_remote, for instance:
data "external" "version" {
program = ["${path.module}/version.sh"]
query = {
workspace = "${terraform.workspace}"
}
}
output "oci-workshop" {
value = "${lookup(data.external.version.result, "oci-workshop")}"
}

● You can use many more: kubernetes, consul, vault...


#OracleCode AND @gregoryguillou Checkout 07-other-providers.md
An easy and bad way to manage secrets (08-demo)
● Rely on Hashicorp Vault for a best configuration:
○ Automatic password rotation
○ Access token expiration
○ Emergency process
● An easy way to manage secrets is to store them in a
bucket:
○ Easy to push/pull new values
○ Dynamic Groups make it easy to get back from an instance

Checkout 08-secrets.md
Destroy your stack (08-demo)

● Destroy the stack as part of the last part:


oci os object delete \
--bucket-name=ftclnpb3wrytejru.resetlogs.com \
--name=/configuration/secret/secret.json \
--force

terraform destroy

Checkout 08-secrets.md
Random thoughts
● KISS and DRY
○ Use as few external tools as possible
○ Avoid provisioners and null_resource
● Add +1 to tag support for Terraform OCI provider #400
● Add +1 to support the container registry and OKE
● Don’t use terraform for Windows
● Rely on LetsEncrypt/DNS to generate SSL certificates
● Use Kubernetes (OKE) and a CI/CD for your application
● Implement Chatops and self-service
● Introduction
● Terraform fundamentals
● Terraform OCI provider
● Coding and good practices

Agenda ● Summary

Mastering Terraform with OCI


Summary

● Terraform is easy to use, quick to learn and popular


● OCI is a powerful and fast infrastructure
● The terraform-provider-oci leverage both OCI and TF
● The workshop explores many aspects: configuration,
compartment, state, inference, modules, templates,
dynamic groups, providers…
● Try the oci-workshop, provide feedback and open issues
● OCI gets more advanced tools like DCS, OKE
Another demo: terraform from slack...

gregoryguillou/terraform-api
gregoryguillou/hubot-terraform
Thank you !!!

We are hiring...

You might also like