Skip to content

Latest commit

 

History

History
268 lines (205 loc) · 14.2 KB

README.md

File metadata and controls

268 lines (205 loc) · 14.2 KB

Infrastructure Deployment Using Terraform

Introduction

All of the resources needed to go through this hands-on lab (HOL) may be deployed and maanged via Terraform. This document gives a couple of techniques to quickly deploy the needed Oracle Cloud Infrastructure (OCI) resources using Terraform.

Notes

Local OCI groups are used, which can be mapped to a federated group (useful when federating with IDCS, etc.).

OCI Prerequisites

Required Permissions

You will need permission to manage the following types of resources in your OCI tenancy, or you may specify a specific compartment:

  • vcns
  • nat-gateways
  • route-tables
  • security-lists
  • subnets
  • instances
  • policies
  • oci_datascience_project
  • oci_datascience_notebook_session
  • oci_identity_tag_namespace
  • oci_identity_tag

Permissions for managing the following resource types is needed (at the tenancy level):

  • groups
  • dynamic-groups

If you don't have the required permissions, contact your tenancy administrator. See Policy Referencefor more information around IAM permissions.

Required Resource Limits/Quota

You'll need available resource quotas and permissions to create the following resources:

  • 1 x Group (or use an existing group)
  • 1 x Dynamic Group
  • 1 x IAM Policy
  • 1 x VCN
  • 1 x Subnet
  • 1 x NAT Gateway
  • 1 x Route Table
  • 1 x Security List
  • 1 x Compute instance (1 x VM 2.1 or whatever shape you select)
  • 1 x Functions Application
  • 1 x Data Science Project (and notebook session)
  • 1 x Tag namespace
  • 1 x Defined tag

If you don't have the required service limits/quota, contact your tenancy administrator. See Service Limits, Compartment Quotasfor more information on service limits and quotas.

Sign up for an Always-Free tier OCI account

  1. Visit the Oracle Cloud Free Tier page.

    Enter your account information and click Verify my email.

sign-up-page

  1. Click the link sent to your email and continue adding account details, including adding payment verification (you won't be charged unless you want to upgrade your Always-free tier account at a later date).

After reviewing the terms and services for your Oracle Cloud Services account, click Start my free trial.

startMyFreeTrial1

  1. Wait for your account to be provisioned. This should take approximately two minutes.

waitForSetUp

  1. After your account is ready, the Get Started tab of your account displays.

successSignUp

Deploy Using Oracle Resource Manager

  1. Click Deploy to Oracle Cloud

    If you aren't already signed in, when prompted, enter the tenancy and user credentials.

  2. Review and accept the terms and conditions.

  3. Select the region where you want to deploy the stack.

  4. Follow the on-screen prompts and instructions to create the stack.

  5. After creating the stack, click Terraform Actions, and select Plan.

  6. Wait for the job to be completed, and review the plan.

    To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again.

  7. If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply.

Deploy Using the OCI Cloud Shell

Clone the repo

From within your Cloud Shell session, clone the repo:

git clone https://github.com/oracle-devrel/redbull-analytics-hol
cd redbull-analytics-hol/terraform
ls

Prerequisites

First off, you'll need to do some pre-deploy setup. That's all detailed here.

Next, create a terraform.tfvars file (feel free to copy the terraform.tfvars.template as a starting point) and populate it with the information that's specific to your deployment. For Cloud Shell, the region, tenancy_ocid, compartment_ocid variables must be provided (at minimum). Feel free to provide additional variable values (overriding the defaults in variables.tf) as-needed for your deployment to customize resource names, behavior, etc. Here's a sample terraform.tfvars file for Cloud Shell:

region=""
tenancy_ocid=""
compartment_ocid=""

(make sure that you put values in)

Modify the provider.tf file, uncommenting the following attributes (in both provider definitions):

  ### BEGIN UNCOMMENT FOR OCI CLOUD SHELL
  # auth = "InstancePrincipal"
  ### END UNCOMMENT FOR OCI CLOUD SHELL

Create the Resources

Run the following commands from within the Cloud Shell session:

terraform init
terraform plan
terraform apply

Destroy the Deployment

When you no longer need the deployment, you can run this command to destroy the resources:

terraform destroy

Deploy Using the Terraform CLI

Clone the repo

You'll want a local copy of this repo. You can do this via SSH with the following:

git clone [email protected]:oracle-devrel/redbull-analytics-hol.git
cd redbull-analytics-hol/terraform
ls

Or you can use HTTPS (instead of SSH):

git clone https://github.com/oracle-devrel/redbull-analytics-hol
cd redbull-analytics-hol/terraform
ls

Prerequisites

First off, you'll need to do some pre-deploy setup. That's all detailed here.

Next, create a terraform.tfvars file (feel free to copy the terraform.tfvars.template as a starting point) and populate it with the information that's specific to your deployment, particularly the region, user_ocid, tenancy_ocid, compartment_ocid, private_key_path (or paste the contents of your private key into the private_key variable) and fingerprint variables. Feel free to provide additional variable values (overriding the defaults in variables.tf) as-needed for your deployment to customize resource names, behavior, etc. Here's a sample terraform.tfvars file for Cloud Shell:

region=""
tenancy_ocid=""
compartment_ocid=""
user_ocid=""
private_key_path=""
#### USE ONE ^ OR THE OTHER v
private_key_password=""
fingerprint=""

(make sure that you put values in)

Modify the provider.tf file, uncommenting the following attributes (in both provider definitions):

  ### BEGIN UNCOMMENT FOR TERRAFORM CLI (running locally)
  # user_ocid = var.user_ocid
  # fingerprint = var.fingerprint
  # private_key = local.private_key
  #### USE ONE ^ OR THE OTHER v
  # private_key_path = var.private_key_path
  # private_key_password = var.private_key_password
  ### END UNCOMMENT FOR TERRAFORM CLI (running locally)

Note that only private_key or private_key_path is needed (no need to use both).

Create the Resources

Run the following commands:

terraform init
terraform plan
terraform apply

Destroy the Deployment

When you no longer need the deployment, you can run this command to destroy the resources:

terraform destroy

Requirements

Name Version
terraform >= 0.13.5

Providers

Name Version
oci 4.31.0
oci.home 4.31.0
random 3.1.0
time 0.7.2
tls 3.1.0

Modules

No modules.

Resources

Name Type
oci_core_default_dhcp_options.Default-DHCP-Options-for-redbullvcn resource
oci_core_default_route_table.Default-Route-Table-for-redbullvcn resource
oci_core_default_security_list.Default-Security-List-for-redbullvcn resource
oci_core_instance.redbull_lab1 resource
oci_core_internet_gateway.redbullig resource
oci_core_subnet.redbullsubnet resource
oci_core_vcn.redbullvcn resource
oci_identity_compartment.redbullhol resource
oci_identity_tag.release resource
oci_identity_tag_namespace.devrel resource
random_id.tag resource
time_sleep.wait_60_seconds resource
tls_private_key.this resource
oci_core_images.this data source
oci_identity_availability_domain.AD1 data source
oci_identity_compartment.current_compartment data source
oci_identity_region_subscriptions.home_region_subscriptions data source
oci_identity_regions.current_region data source
oci_identity_regions.home-region data source
oci_identity_tenancy.tenant_details data source

Inputs

Name Description Type Default Required
compartment_ocid The compartment OCID to deploy resources to string "" no
compute_image_name The name of the compute image to use for the compute instances. string "Oracle-Linux-7.9-2021.08.27-0" no
fingerprint 'API Key' fingerprint, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two string "" no
private_key The private key (provided as a string value) string "" no
private_key_password The password to use for the private key string "" no
private_key_path Path to private key used to create OCI 'API Key', more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two string "" no
redbull_compartment The name of the compartment created to hold all of the resources string "redbullhol" no
region OCI Region as documented at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm string n/a yes
ssh_public_key The public SSH key to use for the compute instance string "" no
ssh_public_key_path The path to the public SSH key to use for the compute instance string "" no
tenancy_ocid OCI tenant OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five string n/a yes
user_ocid OCI user OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five string "" no

Outputs

Name Description
get_jupyter_token n/a
instance_pub_ip n/a
jupyter_url n/a