Terraform - small test

Once we have setup the Terraform, let's perform a few simple steps for creating an instance.

Prepare environment

1. Create a new folder for your Terraform project

root@deploymentmachine:/home# mkdir terra
root@deploymentmachine:/home# cd terra
root@deploymentmachine:/home/terra#

2. Create the following files: main.tf, provider.tf, variables.tf

Your folder should be looking like this:

root@deploymentmachine:/home/terra# tree
.
├── main.tf
├── provider.tf
└── variables.tf

Content of Terraform files

a) provider.tf - contains information about your provider (oci), tenancy OCID, user OCI, private key path, the fingerprint and the region:

root@deploymentmachine:/home/terra# more provider.tf
provider "oci" {
  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaafaketenancyocidherehahaha342342"
  user_ocid = "ocid1.user.oc1..aaaaaaaafakeuserocidherehahaha23423"
  private_key_path = "/root/.oci/oci_api_private_key.pem"
  fingerprint = "2x:x4:xx:x5:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
  region = "eu-frankfurt-1"
}

b) variables.tf - just passing some information that I do not want to find it hardcoded in the main.tf.

This instance will be created in the root compartment. For collecting the necessary details either use the OCI or simply run OCI CLI command:

Remember to setup your Compartment OCID (if not saved in .bashrc) and supress warnings:

root@deploymentmachine:/home/terra# export COMPARTMENT="addherethecompartmentwhereyouwanttocreatetheinstance"
root@deploymentmachine:/home/terra# export OCI_CLI_SUPPRESS_FILE_PERMISSIONS_WARNING=True

for the instance shape

root@deploymentmachine:/home/terra# oci compute dedicated-vm-host instance-shape list  \
--compartment-id $COMPARTMENT \
--output table

+--------------------------+------------------------+
| availability-domain      | instance-shape-name    |
+--------------------------+------------------------+
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.1       |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.2       |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.4       |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.8       |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.1.Micro |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.DenseIO2.8          |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.DenseIO2.16         |
|[.................skipping.........................]
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.1       |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.2       |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.4       |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.8       |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.1.Micro |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.8          |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.16         |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.24         |
+--------------------------+------------------------+

for instance image

Oracle provides a really good source of information about the OS images you can deploy on your instances (in this example, for Linux):

(extended support) Oracle-Linux-7.9-2021.01.12-0docs.oracle.com

for subnet OCID

Find the VCN OCID:

oci network subnet list -c $COMPARTMENT  | grep vcn-id | \
awk {'print $2'} | \
sed s/[\",]//g

ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn1ahahahahahaa11111111111111111111111111111111
ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn2ahahahahahaa22222222222222222222222222222222
ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn3ahahahahahaa33333333333333333333333333333333

Suppose I want the 3rd VCN OCID:

VCN=$(oci network subnet list -c $COMPARTMENT  | \
grep vcn-id | awk {'print $2'} | \
sed s/[\",]//g | \
awk 'FNR == 3 {print}')

Now I can find my Subnet OCID

oci network subnet list -c $COMPARTMENT --vcn-id $VCN | \
grep -E '^\"id:\"|ocid1.subnet' | \
awk {'print $2'} | sed s/[\",]//g

for available domain (pick one of them)

root@deploymentmachine:/home/terra# oci iam availability-domain list \
--compartment-id $COMPARTMENT | \
grep name | \
sed s/[\",]//g | \
awk {'print $2'}

Aodz:EU-FRANKFURT-1-AD-1
Aodz:EU-FRANKFURT-1-AD-2
Aodz:EU-FRANKFURT-1-AD-3

In the end, possible content for variables.tf in our case would be:

root@deploymentmachine:/home/terra# more variables.tf
variable "instance_shape" {
  default = "VM.Standard.E2.1"
}

variable "compartment_ocid" {
  default = "ocid1.tenancy.oc1..aaaaaaaafakeocidherehahaha23423423"
}

variable "instance_image" {
  default =   "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa5w2lrmsn6wpjn7fbqv55curiarwsryqhoj4dw5hsixrl37hrinja"

variable "instance_name" {
  default = "kekinstance"
}

variable "subnet_ocid" {
  default = "ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaaaaaaaaaafakeocidherehahaha23423423"
}

variable "available_dom" {
  default = "Aodz:EU-FRANKFURT-1-AD-1"
}

c) main.tf file - where I pass the variables and resources for creation of an instance ... do mind the ssh_authorized_keys

root@deploymentmachine:/home/terra# more main.tf
resource "oci_core_instance" "kek" {

    availability_domain = var.available_dom
    compartment_id = var.compartment_ocid
    shape = var.instance_shape

    source_details {
        source_id = var.instance_image
        source_type = "image"
    }

    display_name = var.instance_name
    create_vnic_details {
        assign_public_ip = true
        subnet_id = var.subnet_ocid
    }

    metadata = {
        ssh_authorized_keys = file("/root/.ssh/id_rsa.pub")
    }

}

Run terraform commands

The usual three commands:

terraform init to initialize the provider

root@deploymentmachine:/home/terra# terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v4.11.0...
- Installed hashicorp/oci v4.11.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

terraform plan to indicate what changes will be implemented:

root@deploymentmachine:/home/terra# terraform plan

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_core_instance.test_instance will be created
  + resource "oci_core_instance" "kek" {
      + availability_domain                 = "Aodz:EU-FRANKFURT-1-AD-1"
      + boot_volume_id                      = (known after apply)
      + compartment_id                      = "ocid1.tenancy.oc1..aaaaaaaafakeocidhere2342352345"
      + dedicated_vm_host_id                = (known after apply)
      + defined_tags                        = (known after apply)
      + display_name                        = "kek"
      + fault_domain                        = (known after apply)
      + freeform_tags                       = (known after apply)
      + hostname_label                      = (known after apply)
      + id                                  = (known after apply)
      + image                               = (known after apply)
      + ipxe_script                         = (known after apply)
      + is_pv_encryption_in_transit_enabled = (known after apply)
      + launch_mode                         = (known after apply)
      + metadata                            = {
          + "ssh_authorized_keys" = <<-EOT
                ssh-rsa AAAAB234sererfakesshkeyshereerwerwfcse13423423fakefakefakefake2343535443534= root@deploymentmachine
            EOT
        }
      + private_ip                          = (known after apply)
      + public_ip                           = (known after apply)
      + region                              = (known after apply)
      + shape                               = "VM.Standard.E2.1.Micro"
      + state                               = (known after apply)
      + subnet_id                           = (known after apply)
      + system_tags                         = (known after apply)
      + time_created                        = (known after apply)
      + time_maintenance_reboot_due         = (known after apply)

      + agent_config {
          + is_management_disabled = (known after apply)
          + is_monitoring_disabled = (known after apply)
        }

      + availability_config {
          + recovery_action = (known after apply)
        }

      + create_vnic_details {
          + assign_public_ip       = "true"
          + defined_tags           = (known after apply)
          + display_name           = (known after apply)
          + freeform_tags          = (known after apply)
          + hostname_label         = (known after apply)
          + private_ip             = (known after apply)
          + skip_source_dest_check = (known after apply)
          + subnet_id              = "ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaafakeocidherehahaha1233434"
          + vlan_id                = (known after apply)
        }

      + instance_options {
          + are_legacy_imds_endpoints_disabled = (known after apply)
        }

      + launch_options {
          + boot_volume_type                    = (known after apply)
          + firmware                            = (known after apply)
          + is_consistent_volume_naming_enabled = (known after apply)
          + is_pv_encryption_in_transit_enabled = (known after apply)
          + network_type                        = (known after apply)
          + remote_data_volume_type             = (known after apply)
        }

      + shape_config {
          + gpu_description               = (known after apply)
          + gpus                          = (known after apply)
          + local_disk_description        = (known after apply)
          + local_disks                   = (known after apply)
          + local_disks_total_size_in_gbs = (known after apply)
          + max_vnic_attachments          = (known after apply)
          + memory_in_gbs                 = (known after apply)
          + networking_bandwidth_in_gbps  = (known after apply)
          + ocpus                         = (known after apply)
          + processor_description         = (known after apply)
        }

      + source_details {
          + boot_volume_size_in_gbs = (known after apply)
          + kms_key_id              = (known after apply)
          + source_id               = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa5w2lrmsn6wpjn7fbqv55curiarwsryqhoj4dw5hsixrl37hrinja"
          + source_type             = "image"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

root@deploymentmachine:/home/terra#

And apply changes, by running terraform apply

root@deploymentmachine:/home/terra# terraform apply
[...skipping...]

 Enter a value: yes
 
oci_core_instance.kek: Creating...
oci_core_instance.kek: Still creating... [10s elapsed]
oci_core_instance.kek: Still creating... [20s elapsed]
oci_core_instance.kek: Still creating... [30s elapsed]
oci_core_instance.kek: Still creating... [40s elapsed]
oci_core_instance.kek: Still creating... [50s elapsed]
oci_core_instance.kek: Still creating... [1m0s elapsed]
oci_core_instance.kek: Still creating... [1m10s elapsed]
oci_core_instance.kek: Still creating... [1m20s elapsed]
oci_core_instance.kek: Creation complete after 1m23s [id=ocid1.instance.oc1.eu-frankfurt-1.somerandomstuffthatisfakeherehaha]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
root@deploymentmachine:/home/terra#

You can check in the OCI UI if the deployment is successfull or not, since the provisioning of the instance is almost immediate:

Test the ssh keys, by logging in to your new host (I can show the public IP, since I will be destroying this in a minute or two...)

root@deploymentmachine:/home/terra# ssh opc@130.61.120.88
[opc@kekinstance ~]$
[opc@kekinstance ~]$
[opc@kekinstance ~]$ uptime
 20:29:39 up 2 min,  1 user,  load average: 0.30, 0.34, 0.15
[opc@kekinstance ~]$

Terminate the instance by running command terraform destroy

root@deploymentmachine:/home/terra# terraform destroy

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # oci_core_instance.kek will be destroyed
  
  [ ... skipping ... ]
  Enter a value: yes

oci_core_instance.kek: Destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.antheljt34qs2dycpdlshwvtr2japauj3rs3behdszqepuedbtuvczhd65la]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65ladszqepuedbtuvczhdgrd5la, 10s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laszqepuedbtuvczhddd6g5la, 20s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65lazqepuedbtuvcddzhssd65la, 30s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laszqepuedbtuvczhdddd65la, 40s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuvczd65la, 50s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laehdszqepuedbvczhdfd65la, 1m0s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuhddfg5la, 1m10s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuvczhd5la, 1m20s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laehdszqepuedbtuvcdsd65la, 1m30s elapsed]
oci_core_instance.kek: Destruction complete after 1m34s

Destroy complete! Resources: 1 destroyed.

Now the instance "deploymentmachine" is ready to start automating the creation of OCI services/arhitectures with the help of Terraform

PreviousInstall and configure Terraform Next2. OCI Networking &Terraform

Last updated 4 years ago