How to use Terraform and OCI – lesson 5

Yes, we are moving forward. Step by step. Our OCI infra with 2 webservers is already there under the Load Balancer umbrella (lesson 1, lesson 2 and lesson 3). In the last lesson 4 we have introduced the hidden public IP address of the webservers and infra has been split into 3 subnets. Until now Load Balancer was jumping between web nodes in a round-robin manner, serving different copies of index.html file. But in real-life scenarios, we would like to share pages and all web content from one location, right? So in this lesson, lesson 5, we will introduce a shared filesystem that will be mounted on each webserver. Our Terraform code for this lesson has been based on Oracle Cloud Infrastructure File Storage Service (OCI FSS) which is documented here. In this shared NFS filesystem, we will have only one copy of the webpages. So let’s roll… Video is available below…

Bon Appetit,

Martin, The Cook.

OCI’s OKE automatically with Terraform

Lastly, I have been exploring OKE a little bit. Mostly for testing purposes. I was planning to deploy some simple web containers there. You know me well, right? I am a real fan of Infrastructure as a code paradigm. So, as always, I was trying to encapsulate my deployment into the HCL code. Frankly speaking, my goal was simple – minimal usage of the Cloud Console and maximum usage of Terraform for automation.

The final effect of my work can be found in this Github repo. If you have ever tried to use OKE, you have probably noticed that policies need to be granted on the tenancy level. It has been documented here in the official documentation. I was sure I could encapsulate it in Terraform code as well with oci_indentity_policy resources. The code looked like this:

resource "oci_identity_policy" "FoggyKitchenOKEPolicy1" {
name = "FoggyKitchenOKEPolicy1"
description = "FoggyKitchenOKEPolicy1"
compartment_id = var.tenancy_ocid
statements = ["allow service OKE to manage all-resources in tenancy"]
}

But it was not working during the terraform plan phase. I have been hit by the error as follows:

OKE_error

Yes… I need to do it manually in OCI Console (in the repo resource has been hashed):

OKE_policy

Then everything went fine with terraform apply:

OKE_terraform_apply_success

Here is OCI Console OKE related information:

OKE_Provisioning

OKE_ready

That is all for today. Hope it will be useful for you.

Bon Appetit,

Martin, The Cook.

How to use Terraform and OCI – lesson 4

I am really happy you are here. It means you have found my course interesting enough and you are ready to wait for the next episodes from my crazy foggy kitchen. 🙂 Just to remind you, in the first lesson, we have created simple infra with one VM for a webserver. There was no redundancy, so in lesson 2 we have added second VM, second webserver. In lesson 3 we have added load balancer, just to load balance the web traffic. But there is a small problem with this setup. Public IPs of web servers are still visible. So in this lesson, lesson 4 we will hide them and my dish will be a little bit more complicated. Here you can find the latest video for lesson 4…

Bon Appetit,

Martin, The Cook.

How to use Terraform and OCI – lesson 3

If you are reading this, it means, I can say I am somehow successful in taking you on board and our adventure is getting more and more exciting… We are now in lesson 3 for the cooking mastery, right? Last time, in lesson 2,  we have added the second VM, second webserver to the OCI infra. It means we have two public endpoints and two pages terminated on each of them. It’s somehow unfortunate, as we expect to have just one URL, one endpoint to reach. That is why in lesson 3, I will introduce the public load balancer to our OCI infra setup. If you have forgotten, here you can find the repo for the training. If you like to listen and watch – keep your curiosity fresh and watch my video below.

Bon Appetit!

Martin, The Cook.

How to use Terraform and OCI – lesson 2

Frankly speaking, the second lesson from the training available in my GitHub repo is not very revolutionary. I have decided to start with just one webserver in lesson1, because it was important for me to move from the simplest into more complicated code gradually. Especially for newbies, it is crucial to start the journey with the really easy stuff, and then, step by step, develop their skills towards higher complexity. So in this lesson, we will just add the second webserver in another availability domain and next null_provider will deploy similar Apache server configuration. With one difference only – inside index.html we will have proof that the webpage has been deployed in a different machine. All details you can find in the video below. It is really straightforward.

Bon Appetit! 🙂

Martin, The Cook.

How to use Terraform and OCI – lesson 1

Something about one year ago I had my first try to record full-blown training for Terraform and OCI. It was very interesting to see if I would be able to do it. Everything, just to share my practical knowledge and hands-on with the people and let them understand how to do it step by step. From the simplest scenario up to highly complicated designs and architectures. Unfortunately in the cloud world, everything changes so quickly. One year has passed and my first training, my first try was absolutely outdated. OCI has changed a lot, for example, a new regional subnet concept has been introduced. On the other hand, we have an alternative to the Security List terminated on the subnet level. Now we can deploy Network Security Groups and they will be terminated on the VNIC level. That significant change in OCI architecture creates new flexibility and in my opinion, should be explained. On top of that systematic changes in OCI, you can add yet another big change – significant enhancements in Terraform’s HCL language, introduced in Terraform version 0.12. I am mostly speaking about the simplified syntax of interpolations and real flexibility in loops (for_each resources, dynamic blocks, etc). So to be honest… I have decided to re-write this training, taking all of those changes into consideration.

And now we have new stuff here: https://github.com/mlinxfeld/foggykitchen_tf_oci_course

Bon Appetit! 🙂

Martin, The Cook.

PS. And now I will try to record videos for each of the lessons. Here is a video blog for the first lesson about single webserver (source code is here):