Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Using Terraform to Manage Oracle Cloud Infrastructure

Managing the Oracle Cloud Infrastructure by using just the Cloud Console can get out of hand very quickly due to the vast amount of resources and their interdependencies that need to be controlled. It leads to weakened security, reduced availability or human mistakes in infrastructure management. Terraform – an open-source infrastructure as code software – allows solving many of these issues. This presentation will explain the basics of working with Terraform and will provide hints and examples for using it with OCI.

  • Als Erste(r) kommentieren

Using Terraform to Manage Oracle Cloud Infrastructure

  1. 1. 1© Pythian Services Inc., 2020 by Māris Elsiņš TO MANAGE ORACLE CLOUD INFRASTRUCTURE USING TERRAFORM
  2. 2. 2© Pythian Services Inc., 2020 Māris Elsiņš Lead Database Consultant ✓ Oracle Databases ✓ Oracle e-Business Suite ✓ OCI ✓ AWS ✓ GCP @MarisDBA elsins@pythian.com
  3. 3. 3© Pythian Services Inc., 2020 WHAT’S DIFFERENT IN THIS TERRAFORM TALK?
  4. 4. 4© Pythian Services Inc., 2020 • Basics in 3 minutes + demo • Terraform and OCI + demo • A Few suggestions before you dive in!
  5. 5. 5© Pythian Services Inc., 2020 BASICS IN 3 MINUTES
  6. 6. 6© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • HashiCorp • Open Source • A Simple binary executable • Manages Infrastructure as Code • The cool stuff it provides
  7. 7. 7© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • Configuration files describe the infrastructure • Terraform language syntax (Declarative Language) • Version controlled repeatable infrastructure • The cool stuff it provides
  8. 8. 8© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • The cool stuff it provides • Resource Graph - determine dependencies and parallelize execution • Execution Plans - verify the change before implementing it • Change Automation - adjust the configuration files, and terraform will figure out how to implement it • DevOpsification
  9. 9. 9© Pythian Services Inc., 2020 WHAT IS TERRAFORM IMPORTANT CONCEPTS • Providers - https://www.terraform.io/docs/providers/index.html • Variables – provide parameters of the configuration • Outputs – externalize the information • Resources – describe what needs to be created • Data Sources – Extract environment properties that are not maintained by Terraform • State files – The local metadata of the existing infrastructure • Interpolation Syntax – refencing attributes from another resource • Modules – reusability of existing code d1 d2
  10. 10. 10© Pythian Services Inc., 2020 TERRAFORM + OCI
  11. 11. 11© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Getting Started with the Terraform Provider https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/terraformgetstarted.htm • Required Keys and OCIDs https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm • Separation of impact areas in OCI provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
  12. 12. 12© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Separation of impact areas in OCI • Dedicated compartment(s) for all infra managed by Terraform Policy: allow group OCITerra-Admins to manage all-resources in compartment OCITerra • The rest is manually managed • Object Storage bucket for terraform state? • Administrative users, policies, etc…. provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
  13. 13. 13© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Compartment • VCN • Security List • Routing Table • Internet Gateway • Subnet • Instance running nginx • Requirements • Used features
  14. 14. 14© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Requirements • Repeatable infrastructure • Use the same code • Different configurations • NW • Resource naming • PROD protection • Used features
  15. 15. 15© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL d3 • What we’re building? • Requirements • Used features • Terraform Workspaces • A wrapper script
  16. 16. 16© Pythian Services Inc., 2020 IMPORTING RESOURCES
  17. 17. 17© Pythian Services Inc., 2020 IMPORTING RESOURCES ADDING A MANUALLY CREATED RESOURCE • Retrieve the OCID from OCI • Create the placeholder resource in terraform configuration • Import the resource metadata into the state file terraform import placeholder_resource.name {ocid} • Show the contents of the state file terraform state show placeholder_resource.name • Adjust the placeholder resource to add required attributes • use the interpolation syntax to retrieve the attributes from other resources • Check the terraform plan terraform plan d4
  18. 18. 18© Pythian Services Inc., 2020 USING TERRAFORM IRL
  19. 19. 19© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Use an iterative approach • Expand gradually • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD != OK
  20. 20. 20© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Manual adjustments cause state issues • Everyone needs to be familiar with the workflow, otherwise it will cause manual actions (trouble) • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK
  21. 21. 21© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • Utilize variables to make it possible to change aspects of the environment • Variables simplify conversion into modules, thus improves reusability • One large configuration defining DEV, UAT and PROD is NOT OK
  22. 22. 22© Pythian Services Inc., 2020 USING TERRAFORM IRL A FEW SUGGESTIONS BEFORE YOU DIVE IN • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK • Reduced separation • Inability to test the changes • Decreased reliability and manageability of the configuration • Break down the system in logical segments that are managed in separate TF configurations! • i.e. Core network, shared services • References between different TF states are possible
  23. 23. 23© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation • Possible, but error-prone in a team configuration… • State needs to be shared (limitations of remote state with OCI) • Does everyone have the right configuration files (did you forget to git pull?) • A Deployment server
  24. 24. 24© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation? • A Deployment server • A single shared server, where terraform is executed from • Additional infrastructure / backups, management • More control over the configuration of terraform runs • The “local” state supports locking and workspaces natively • Editing should not be allowed on the deployment server (to avoid conflicts) • Easier to integrate with other tools (Jenkins, Ansible, etc)
  25. 25. 25© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Corrupt/missing state can have severe impact • State files can store sensitive information • OCI’s support for remote state is weak at the moment • Can use a file in an Object Storage Bucket • Does not support several important features (workspaces, prefixes, limited locking) • Alternative state storage options? • Store state files on another cloud (AWS S3 Bucket)? • Use a “deployment instance”and a “local” protected / encrypted / backed up state on Block Storage or File Storage services. • Plan code promotions carefully • Protecting the PROD
  26. 26. 26© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Different versions of the same TF configuration code in different environments • Modules vs. wrapper scripts that pulls the correct version • Different architectures, but utilize the same terraform modules (different versions) • Isolate the environments (ability to run destroy without affecting others) to reduce the potential impact • terraform workspaces • Completely separated terraform configuration files (+use of modules) • Protecting the PROD
  27. 27. 27© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Protecting the PROD • accidents happen • ‘terraform apply’ in the wrong environment can be very costly • Build fail-safes (i.e. a wrapper *.sh to implement extra checks for PROD executions) • Additional benefits possible, i.e. checking out the correct code version from the repository, posting tags back to git, etc.
  28. 28. 28© Pythian Services Inc., 2020 SUMMARY • You will require an IaC solution when moving to Cloud • Terraform is one good option • Especially on OCI • Planning is critical • Protecting and sharing the state • Critical resources • All team effort • All in or Fail • It’s fun! • At least for dinosaur DBAs like me
  29. 29. 29© Pythian Services Inc., 2020 ? @MarisDBA elsins@pythian.com

×