infrastructure as code with oracle linux & terraform running on … · 2019-03-08 · terraform...
TRANSCRIPT
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
InfrastructureasCodewithOracleLinux&TerraformRunningonOraclePublic&PrivateCloudUKOUGMidlandsSummitSimonHaylerTechnical ProductManager
28thFebruary 2019
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
SafeHarborStatementThefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.
2
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.| 3
OracleLinuxforOracleCloudInfrastructure
• AccesstofrequentandlatestOracleLinuximageupdates
• FasterdownloadsfrommirroredOracleContainerRegistryandOLyumserverwithinOCI
• Zero-downtimeOSkernelanduserspaceupdateswithKsplice pre-installedinOCI
• Comprehensivecontainersandcontainermanagementsupport
• OracleLinuxStorageApplianceoffersaneasywaytobuildNFSandSambasharedstorageinOCI
• OracleLinuxSupportisprovidedatnoadditionalcostonOCI
• Takeadvantageofits24x7best-in-classsupportservicesandtools
• NoneedtobudgetforOSsupportfeesonOCI
• UseOracleLinuxaspartofafullyandextensivelytestedcloudinfrastructurestack
EnhancedDeveloperPlatformCloud-Ready, Integrated CostEffective Compute
• OracleClouddevelopertoolssuchasTerraform,SDK's,andCLIaredeployedfasterandeasiervialocalyumserver
• EasyaccesstoLinuxdeveloperandpreviewsoftwarechannelsinlocalOLyumserver
• ThousandsofEPELpackagesbuiltandsignedbyOracleforsecurityandcompliance
• SoftwareCollectionLibrarysupportincludedtoinstallrecentversionsofPython,PHP,NodeJS,nginx,andmore
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
InfrastructureasCode(IAC)• IACis theprocess ofprovisioning andmanaging infrastructureusing declarative files– Insummary managing infrastructurewith software
• Terraform is awidely used open-sourcetool forIACbyHashicorp
• Terraform is compatiblewith many CloudprovidersorCloudsolutionsthrough providers:– Integratedproviders(70+)• Noninstallationneeded,automatically downloaded byTerraform when needed.• https://www.terraform.io/docs/providers• Examples:– oci :OracleCloudInfrastructure(OCI)– opc :OracleCloudInfrastucture Classic (OPC)– oraclepaas:OracleCloudPlatform(OraclePaaS with OCI)
– Non-integrated providers• Manual installationneeded
4
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Installing/upgrading Terraform• Terraform andintegrated providersavailable forallmajoroperatingenvironments:– Linux(x86&ARM)– FreeBSD(x86&ARM)– OpenBSD (x86)– Windows(x86)– MacOSX(x86)– Solaris(x86)
• Installation– Download theterraform binary foryour OS
– Integratedprovidersautomatically downloaded/installed when needed
– Non-integrated providers:manual download ofthebinary providerneeded
• Frequent updatesadvised (On19thFebruary 2019,thecurrent versionofTerraform is 0.11.11)
• Easy onOracleLinux7(ol7_developeronpublicyum,ol7_x86_64_developeronULN)– # yum install terraform (Installation)– # yum upgrade terraform (Upgrade)
5
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Getting started with Terraform• See https://www.terraform.io/intro/getting-started/build.html
• Foraspecific project,create oneormoreTerraform configurationfiles(.tf files)inthesame folder
• Options:– AtleastoneProvider: oci,opc,oraclepaas– Resources: Cloudobjects that you want toprovisionwith required /optional parameters
– Datasources:Toobtain parameters needed tocreate resources
– Variables: Forexample your credentials toavoid hardcoding them inyour configurationfiles
– Outputs:Optional,example:todisplaythepublicIPassigned byOCI
6
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform commands• terraform init– Before initialuseorafter upgrade
• terraform plan
• terraform apply
• terraform apply –-auto-approve
• terraform destroy
• terraform destroy -force
7
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
• Variablesmustbe defined ina.tf file
valuescan be assigned duringdefinition with « default= »
• Inputvariablesfrom commandline
• Inputvariablesfrom oneormorefiles– Defaultfilename is terraform.tfvars
– Ifnotdefaultname,just give thename(s)offile(s)
• Inputvariablesinteractively– Ifcertainvariablesareunspecifiedwithpreviouslymethods,
Terraformwillaskyoutoinputtheirvaluesinteractively
• Variablescan be used anywhere in.tf files
• Inputvariablesfrom environment variables(TF_VAR_name)
$ export TF_VAR_access_key="xxxxxxxx"
$ export TF_VAR_secret_key="xxxxxxxx"
Variables See https://www.terraform.io/intro/getting-started/variables.html
8
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
• Outputsareoptional butuseful todisplayrelevantinformation– publicIPrandomly assigned (AWS,OCI,OCI-C)
– Temporary password forWindowsinstancesinOCI
• Outputsaredisplayed attheendof« terraformapply »orwith « terraform output »
• Outputscan be used tofacilitate SSHtoLinuxinstances
Outputs See https://www.terraform.io/intro/getting-started/outputs.html
9
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
• Useful toautomatically get objects names orIDs thatareneeded tocreate resources– Alternativeis tohard-codenames/IDs
• Examples ofdatasourceswithin OCI
• Examples ofdatasourcesdefinitions inOCI– GetthelistofAvailabilityDomains(namedifferentineachtenant)
– Get theIDofthelatest imageforOracleLinux7• Filter used toexclude GPU
Datasources
10
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Post-provisioning actionsoncompute instances• Examples– Apply thelatest OSpatches(yum update -y onOracleLinux)
– Create users
– Install&configuresoftwareproducts
• Methods– Cloud-init– Remote exec with ssh– Using aconfigurationtool such asAnsible,Puppet orChef
• Recommended forcomplex post-install actions
11
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forOCI• Terraform is therecommended provisioning tool forOCI:– Asnewfeatures arefrequently added toOCI,Terraform provider
forOCIis frequently updated (On25thFebruary,2019versionis3.15)
• Before you can useTerraform with OCI,you need tocreate anAPIKey– Also true forOCICLIandOCISDKs.
– Create akeypair
– Upload thepublickeyinOCIWebConsoleforyour user– Usetheprivate keyinyour Terraform configurationfiles
• Usetherequired parameters intheprovidersectionina.tf file
12
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forOCI• AllOCIobjects can be created byTerraform(1)
– Identity &AccessManagement(IAM):Users,groups,Policies,Compartments– VirtualCloudNetwork(VCN)andrelated networkobjects• Subnets,RouteTables,Securitylists,InternetGW,DRG,IPsec connection,Load Balancers…
– Compute instancesandcustomimages– Blockvolumesandblockvolumebackups– ObjectStorage– FileSystemStorage– Database systems andrelated objects (instances)– Autonomous TransactionProcessing– Autonomous DataWarehouse
13
(1) Except maybe some very newOCIfeatures (need towait foranewversionofTerraform ProviderforOCI)
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forOCIexample• Simpleexample:
– Create aVirtualCloudNetwork(VCN)with asinglepublicsubnet
– Create anOracleLinux7.5compute instancefrom themost recent image
– Create ablockvolumeandattach it tothecompute instance
• Configurationfiles– terraform.tfvars :variablesvalues(tobe updated)
– 01_auth.tf :providerauthentication andvariabledefinitions
– 02_vcn.tf :VirtualCloudNetworkandrelated networkobjects
– 03_instance_ol7.tf :compute instance
– 04_block_volume.tf.DISABLED :blockvolume(initially disabled)
– userdata_bootstrap_ol7.sh :Cloud-initpostinstall shell script
• Execute Terraform commands– $ terraform init (Initialize Terraform,downloading OCIprovider)
– $ terraform plan (DisplaytheOCIobjects that will be created,modified ordestroyed)
– $ terraform apply (Create,Modify orDestroyOCIobjects)
14
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forOCIsimpleexample
15
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forOCImorecomplex example
16
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform forPrivate Cloudwith OracleOpenStack
17
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.|
Terraform with OracleLinuxandOracleOpenStackCommunity Documents
18
• https://community.oracle.com/docs/DOC-1019936• https://community.oracle.com/docs/DOC-1022601
Copyright©2019, Oracleand/oritsaffiliates.Allrightsreserved.| 19