Thursday, December 22, 2016

Provisioning Compute in Oracle Public Cloud with Terraform

Terraform is probably the most popular Cloud orchestrator today. At least, this is the one I prefer! It is easy to use, fast, it provides a nice way to simulate the addition/deletion of resources and it can be extended nicely. It is the perfect tool to kick-off Infrastructure with most providers as I've already discussed.

For a few days now, I've started to use Oracle Cloud again. I'm really enjoying the Container Services, by the way. Beyond the Database, Oracle has definitely made some tremendous progress with its IaaS. It is very powerful. When discovered I could use Terraform with the Compute Service, I could not resist... It took me less than 15 minutes to install it and use Terraform Provider for Oracle Compute Cloud. It just works fine with Terraform 0.8... You will find a few notes about it right below
I'm running a Linux laptop. In fact I'm running Fedora! You might have to adapt the procedure if you are running Windows or OSX.

Building Terraform Provider for Oracle Compute Cloud

Building the provider requires Go. I like to use the latest version, so I download it from , uncompress it in /opt and set the GOROOT variable like below:
cd /opt
sudo tar -zxvf ~/distribs/go*.linux-amd64.tar.gz
sudo chown -R $(id -un):$(id -gn) /opt/go
export GOROOT=/opt/go
export PATH=/opt/go/bin:$PATH
go version
Once Go installed, you can simply download and build the provider as below:
cd ~
export GOPATH=/home/$(id -un)/terraform-provider
mkdir $GOPATH
go get -d
go build -o terraform-provider-opc
The provider is named terraform-provider-opc and you are ready to go. For more details about how to build it, refer to the project.

Using Terraform with Oracle Compute Cloud

Download and Install Terraform for your System. Once done, you should declare a resource file with the provider like below:
cat >~/.terraformrc <<EOF
providers {
    opc = "/home/gregory/terraform-provider-opc"
In order to use the provider, you should set OPC_ENDPOINT, OPC_USERNAME, OPC_PASSWORD and OPC_IDENTITY_DOMAIN. The endpoint can be found in the Overview pane of the service details:
The Identity Domain is the Id you can find from the "Identity Domain Administration" Pane: 
The username and password are the one associated with the identity domain, assuming it as the "Compute Cloud Operations" Role. Below is an example of such a setting :

export OPC_USERNAME=gregory
export OPC_PASSWORD=password
export OPC_IDENTITY_DOMAIN=a429864

Building resources

The project contains a file in src/ you can use to build a new configuration. If you want to make it useful, perform a few changes:
  • Create an SSH public/private key and upload it to Oracle Public Cloud as opc-key, assuming you've installed Oracle Compute CLI:
ssh-keygen -q -b 2048 -t rsa -N "" -f ~/.ssh/opc-key
oracle-compute -a $OPC_ENDPOINT -u /Compute-$OPC_IDENTITY_DOMAIN/$OPC_USERNAME add sshkey \
  /Compute-$OPC_IDENTITY_DOMAIN/$OPC_USERNAME/opc-key ~/.ssh/
  • Choose the imagelist you want to use, e.g. Oracle Linux 7.2:
oracle-compute -a $OPC_ENDPOINT -u /Compute-$OPC_IDENTITY_DOMAIN/$OPC_USERNAME list imagelist /oracle/public
oracle-compute -a $OPC_ENDPOINT -u /Compute-$OPC_IDENTITY_DOMAIN/$OPC_USERNAME -f json list imagelist /oracle/public/OL_7.2_UEKR3_x86_64
  • Create a new directory with a file that looks like below. Pay attention to the sshKeys as well as the output:
resource "opc_compute_instance" "oraclelinux72" {
 name = "ol72"
 label = "ol72"
 shape = "oc3"
        sshKeys = ["opc-key"]
 imageList = "/oracle/public/OL_7.2_UEKR3_x86_64"
 storage = [{
  index = 1
  volume = "${}"

resource "opc_compute_storage_volume" "system_volume" {
 size = "10g"
 description = "System Volume"
 name = "sysvol1"

resource "opc_compute_ip_reservation" "reservation1" {
        parentpool = "/oracle/public/ippool"
        permanent = true
 tags = []

resource "opc_compute_ip_association" "instance1_reservation1" {
 vcable = "${opc_compute_instance.oraclelinux72.vcable}"
 parentpool = "ipreservation:${}"

resource "opc_compute_security_list" "sec_list1" {
 name = "sec-list-1"
        policy = "PERMIT"
        outbound_cidr_policy = "PERMIT"

resource "opc_compute_security_association" "test_instance__sec_list_1" {
 vcable = "${opc_compute_instance.oraclelinux72.vcable}"
 seclist = "${}"

output "public_ip" {
   value = "${opc_compute_ip_reservation.reservation1.ip}"

  • You are ready to create an instance:
terraform apply
  • You should be able to connect to it with the output:
ssh -i ~/.ssh/opc-key opc@$(terraform output | awk '{print $3}')
sudo su -
  • And last but not least, you should be able to destroy it:
terraform destroy -force

To Continue...

As you can see, using Terraform with Oracle Compute Cloud is very easy. If you combine with opc-init and create your own images, you should soon be able to build advanced systems very easily. I wish you'll enjoy Oracle Cloud too...

No comments:

Post a Comment