Terraform - small test
Once we have setup the Terraform, let's perform a few simple steps for creating an instance.
Prepare environment
1. Create a new folder for your Terraform project
root@deploymentmachine:/home# mkdir terra
root@deploymentmachine:/home# cd terra
root@deploymentmachine:/home/terra#2. Create the following files: main.tf, provider.tf, variables.tf
Your folder should be looking like this:
root@deploymentmachine:/home/terra# tree
.
├── main.tf
├── provider.tf
└── variables.tfContent of Terraform files
a) provider.tf - contains information about your provider (oci), tenancy OCID, user OCI, private key path, the fingerprint and the region:
root@deploymentmachine:/home/terra# more provider.tf
provider "oci" {
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaafaketenancyocidherehahaha342342"
user_ocid = "ocid1.user.oc1..aaaaaaaafakeuserocidherehahaha23423"
private_key_path = "/root/.oci/oci_api_private_key.pem"
fingerprint = "2x:x4:xx:x5:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
region = "eu-frankfurt-1"
}b) variables.tf - just passing some information that I do not want to find it hardcoded in the main.tf.
This instance will be created in the root compartment. For collecting the necessary details either use the OCI or simply run OCI CLI command:
Remember to setup your Compartment OCID (if not saved in .bashrc) and supress warnings:
root@deploymentmachine:/home/terra# export COMPARTMENT="addherethecompartmentwhereyouwanttocreatetheinstance"
root@deploymentmachine:/home/terra# export OCI_CLI_SUPPRESS_FILE_PERMISSIONS_WARNING=Truefor the instance shape
root@deploymentmachine:/home/terra# oci compute dedicated-vm-host instance-shape list \
--compartment-id $COMPARTMENT \
--output table
+--------------------------+------------------------+
| availability-domain | instance-shape-name |
+--------------------------+------------------------+
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.1 |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.2 |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.4 |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.8 |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.Standard.E2.1.Micro |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.DenseIO2.8 |
| Aodz:EU-FRANKFURT-1-AD-1 | VM.DenseIO2.16 |
|[.................skipping.........................]
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.1 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.2 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.4 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.8 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.Standard.E2.1.Micro |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.8 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.16 |
| Aodz:EU-FRANKFURT-1-AD-3 | VM.DenseIO2.24 |
+--------------------------+------------------------+for instance image
Oracle provides a really good source of information about the OS images you can deploy on your instances (in this example, for Linux):
for subnet OCID
Find the VCN OCID:
oci network subnet list -c $COMPARTMENT | grep vcn-id | \
awk {'print $2'} | \
sed s/[\",]//g
ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn1ahahahahahaa11111111111111111111111111111111
ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn2ahahahahahaa22222222222222222222222222222222
ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaafakevcn3ahahahahahaa33333333333333333333333333333333Suppose I want the 3rd VCN OCID:
VCN=$(oci network subnet list -c $COMPARTMENT | \
grep vcn-id | awk {'print $2'} | \
sed s/[\",]//g | \
awk 'FNR == 3 {print}')Now I can find my Subnet OCID
oci network subnet list -c $COMPARTMENT --vcn-id $VCN | \
grep -E '^\"id:\"|ocid1.subnet' | \
awk {'print $2'} | sed s/[\",]//gfor available domain (pick one of them)
root@deploymentmachine:/home/terra# oci iam availability-domain list \
--compartment-id $COMPARTMENT | \
grep name | \
sed s/[\",]//g | \
awk {'print $2'}
Aodz:EU-FRANKFURT-1-AD-1
Aodz:EU-FRANKFURT-1-AD-2
Aodz:EU-FRANKFURT-1-AD-3In the end, possible content for variables.tf in our case would be:
root@deploymentmachine:/home/terra# more variables.tf
variable "instance_shape" {
default = "VM.Standard.E2.1"
}
variable "compartment_ocid" {
default = "ocid1.tenancy.oc1..aaaaaaaafakeocidherehahaha23423423"
}
variable "instance_image" {
default = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa5w2lrmsn6wpjn7fbqv55curiarwsryqhoj4dw5hsixrl37hrinja"
variable "instance_name" {
default = "kekinstance"
}
variable "subnet_ocid" {
default = "ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaaaaaaaaaafakeocidherehahaha23423423"
}
variable "available_dom" {
default = "Aodz:EU-FRANKFURT-1-AD-1"
}
c) main.tf file - where I pass the variables and resources for creation of an instance ... do mind the ssh_authorized_keys
root@deploymentmachine:/home/terra# more main.tf
resource "oci_core_instance" "kek" {
availability_domain = var.available_dom
compartment_id = var.compartment_ocid
shape = var.instance_shape
source_details {
source_id = var.instance_image
source_type = "image"
}
display_name = var.instance_name
create_vnic_details {
assign_public_ip = true
subnet_id = var.subnet_ocid
}
metadata = {
ssh_authorized_keys = file("/root/.ssh/id_rsa.pub")
}
}Run terraform commands
The usual three commands:
terraform init to initialize the provider
root@deploymentmachine:/home/terra# terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v4.11.0...
- Installed hashicorp/oci v4.11.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.terraform plan to indicate what changes will be implemented:
root@deploymentmachine:/home/terra# terraform plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_core_instance.test_instance will be created
+ resource "oci_core_instance" "kek" {
+ availability_domain = "Aodz:EU-FRANKFURT-1-AD-1"
+ boot_volume_id = (known after apply)
+ compartment_id = "ocid1.tenancy.oc1..aaaaaaaafakeocidhere2342352345"
+ dedicated_vm_host_id = (known after apply)
+ defined_tags = (known after apply)
+ display_name = "kek"
+ fault_domain = (known after apply)
+ freeform_tags = (known after apply)
+ hostname_label = (known after apply)
+ id = (known after apply)
+ image = (known after apply)
+ ipxe_script = (known after apply)
+ is_pv_encryption_in_transit_enabled = (known after apply)
+ launch_mode = (known after apply)
+ metadata = {
+ "ssh_authorized_keys" = <<-EOT
ssh-rsa AAAAB234sererfakesshkeyshereerwerwfcse13423423fakefakefakefake2343535443534= root@deploymentmachine
EOT
}
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ region = (known after apply)
+ shape = "VM.Standard.E2.1.Micro"
+ state = (known after apply)
+ subnet_id = (known after apply)
+ system_tags = (known after apply)
+ time_created = (known after apply)
+ time_maintenance_reboot_due = (known after apply)
+ agent_config {
+ is_management_disabled = (known after apply)
+ is_monitoring_disabled = (known after apply)
}
+ availability_config {
+ recovery_action = (known after apply)
}
+ create_vnic_details {
+ assign_public_ip = "true"
+ defined_tags = (known after apply)
+ display_name = (known after apply)
+ freeform_tags = (known after apply)
+ hostname_label = (known after apply)
+ private_ip = (known after apply)
+ skip_source_dest_check = (known after apply)
+ subnet_id = "ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaafakeocidherehahaha1233434"
+ vlan_id = (known after apply)
}
+ instance_options {
+ are_legacy_imds_endpoints_disabled = (known after apply)
}
+ launch_options {
+ boot_volume_type = (known after apply)
+ firmware = (known after apply)
+ is_consistent_volume_naming_enabled = (known after apply)
+ is_pv_encryption_in_transit_enabled = (known after apply)
+ network_type = (known after apply)
+ remote_data_volume_type = (known after apply)
}
+ shape_config {
+ gpu_description = (known after apply)
+ gpus = (known after apply)
+ local_disk_description = (known after apply)
+ local_disks = (known after apply)
+ local_disks_total_size_in_gbs = (known after apply)
+ max_vnic_attachments = (known after apply)
+ memory_in_gbs = (known after apply)
+ networking_bandwidth_in_gbps = (known after apply)
+ ocpus = (known after apply)
+ processor_description = (known after apply)
}
+ source_details {
+ boot_volume_size_in_gbs = (known after apply)
+ kms_key_id = (known after apply)
+ source_id = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa5w2lrmsn6wpjn7fbqv55curiarwsryqhoj4dw5hsixrl37hrinja"
+ source_type = "image"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
root@deploymentmachine:/home/terra#
And apply changes, by running terraform apply
root@deploymentmachine:/home/terra# terraform apply
[...skipping...]
Enter a value: yes
oci_core_instance.kek: Creating...
oci_core_instance.kek: Still creating... [10s elapsed]
oci_core_instance.kek: Still creating... [20s elapsed]
oci_core_instance.kek: Still creating... [30s elapsed]
oci_core_instance.kek: Still creating... [40s elapsed]
oci_core_instance.kek: Still creating... [50s elapsed]
oci_core_instance.kek: Still creating... [1m0s elapsed]
oci_core_instance.kek: Still creating... [1m10s elapsed]
oci_core_instance.kek: Still creating... [1m20s elapsed]
oci_core_instance.kek: Creation complete after 1m23s [id=ocid1.instance.oc1.eu-frankfurt-1.somerandomstuffthatisfakeherehaha]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
root@deploymentmachine:/home/terra#
You can check in the OCI UI if the deployment is successfull or not, since the provisioning of the instance is almost immediate:
Test the ssh keys, by logging in to your new host (I can show the public IP, since I will be destroying this in a minute or two...)
root@deploymentmachine:/home/terra# ssh opc@130.61.120.88
[opc@kekinstance ~]$
[opc@kekinstance ~]$
[opc@kekinstance ~]$ uptime
20:29:39 up 2 min, 1 user, load average: 0.30, 0.34, 0.15
[opc@kekinstance ~]$Terminate the instance by running command terraform destroy
root@deploymentmachine:/home/terra# terraform destroy
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# oci_core_instance.kek will be destroyed
[ ... skipping ... ]
Enter a value: yes
oci_core_instance.kek: Destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.antheljt34qs2dycpdlshwvtr2japauj3rs3behdszqepuedbtuvczhd65la]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65ladszqepuedbtuvczhdgrd5la, 10s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laszqepuedbtuvczhddd6g5la, 20s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65lazqepuedbtuvcddzhssd65la, 30s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laszqepuedbtuvczhdddd65la, 40s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuvczd65la, 50s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laehdszqepuedbvczhdfd65la, 1m0s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuhddfg5la, 1m10s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65labehdszqepuedbtuvczhd5la, 1m20s elapsed]
oci_core_instance.kek: Still destroying... [id=ocid1.instance.oc1.eu-frankfurt-1.anthe...epuedbtuvczhd65laehdszqepuedbtuvcdsd65la, 1m30s elapsed]
oci_core_instance.kek: Destruction complete after 1m34s
Destroy complete! Resources: 1 destroyed.Now the instance "deploymentmachine" is ready to start automating the creation of OCI services/arhitectures with the help of Terraform
Last updated
