SlideShare a Scribd company logo

Master Terraform and OCI in 40 steps

Gregory GUILLOU
Gregory GUILLOU

A presentation as well as a Github project that introduces and demonstrates some of the Oracle Cloud Infrastructure with Terraform.

Technology
1 of 31
Download to read offline
Mastering Terraform and the OCI provider #OracleCode AND @gregoryguillou
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
@gregoryguillou gregoryguillou Ops with an angle #OracleCode AND @gregoryguillou
● Self-service and Chatops ● Elasticity: Training, dev, test ● International deployment ● Ability to invest to add value ● Time to Market ● Impact on all our teams ● Number of environments ● Mission critical “Ops”
Why Ops also live for the code? ● We need monitoring, CI/CD, AB testing, DRP ● We need to move faster and faster ● People should not need us! ● Let’s stop building from the ground ● Focus on products and businesses, not infrastructure ● Ops are deadly alive! #OracleCode AND @gregoryguillou
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
Terraform Key concepts - https://terraform.io ● Infrastructure as Code ● A go application ● HCL/JSON with an inference syntax ● Immutable Infrastructure ● State management ● Dozens of providers, including OCI ● GIT and Registry ● Open-source and enterprise versions
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
gregoryguillou/oci-workshop
Should I explain OCI ?
Installing Terraform for OCI (master) ● Download the software from terraform.io ● Install terraform OCI provider ● Install the OCI Command Line Interface ● Create a RSA key and register it in your API Keys ● Defines your OCI CLI configuration ● Create a provider.tf file and set the associated variables ● Initialize the project with the `init` command ● Define resources and `apply` them
OCI Terraform resource overview ● Core: Images, Instances, Volumes, VCN, Security List, Subnets... ● Database ● DNS: Records, Zones ● File Storage ● Identity: Keys, Groups, Policies, Users ● Load Balancer ● Object Storage Checkout the documentation
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
A few coding good practices ● Create a specific compartment (master) ● Manage your state on a bucket (02-demo) ● Variables, inferences and dependencies (03-demo) ● Modules (04-demo) ● Packer (05-demo) ● dynamicgroups and OCI_CLI_AUTH (06-demo) ● Use other providers (07-demo) ● An easy (and bad) way to manage secrets (08-demo)
Create a specific compartment (master) ● Use OCI CLI to create a compartment ● Add it to the .env file and with variables Checkout 01-install.md oci iam compartment create --compartment-id="${TF_VAR_tenancy}" --name="DevTeam" --description="A compartiment to be used by developers" --wait-for-state=ACTIVE --max-wait-seconds=300 --wait-interval-seconds 5
Manage your state on a bucket (02-demo) ● Create a bucket ● Upload the current state as an object in that bucket ● Create a pre-authenticated request for that object ● Test you can access the file from the request ● Add a backend.tf file that reference the preauth request ● Re-initialize terraform with the backend ● Verify you can access the remote state Checkout 02-remote-state.md
Variables, inferences and dependencies (03-demo) ● Add access to the `compartment` variable ● Create a variable with a default value ● Infer variable value from another variable with `lookup` ● Create a VCN, DCHP Options and an Internet Gateway ● Create multiple resource and inferences with `count` Checkout 03-inferences.md
Modules (04-demo) ● Create a directory to move the resource for your module ● Remove the resource from your original stack ● Create variable and output to encapsulate your logic ● Use `terraform init` to reference the new module Checkout 04-modules.md module "livecode" { tenancy = "${var.tenancy}" compartment = "${var.compartment}" source = "github.com/gregoryguillou/oci-workshop?ref=04-demo//modules/public-network" }
Packer (05-demo) ● Installing Packer ● Finding the latest Oracle Linux Image ● Subnet and Compartment ● Building an OCI image with Packer Checkout 05-packer.md packer build -var "subnet=$SUBNET" -var "compartment=$TF_VAR_compartment" template.json
dynamicgroups and OCI_CLI_AUTH (06-demo) ● Deploy a dynamic group and its policy ● Access the remote instance from SSH ● Use the metadata API to figure out the compartment ● Use the OCI CLI without any credentials Checkout 06-dynamicgroups.md export OCI_CLI_AUTH=instance_principal oci os bucket list --compartment-id=$COMPARTMENT --query='data[].{bucket: name}' --output=table
Use other providers (07-demo) ● There are a lot of useful providers, including random, null, http, external, template or terraform_remote, for instance: ● You can use many more: kubernetes, consul, vault... Checkout 07-other-providers.md data "external" "version" { program = ["${path.module}/version.sh"] query = { workspace = "${terraform.workspace}" } } output "oci-workshop" { value = "${lookup(data.external.version.result, "oci-workshop")}" } #OracleCode AND @gregoryguillou
An easy and bad way to manage secrets (08-demo) ● Rely on Hashicorp Vault for a best configuration: ○ Automatic password rotation ○ Access token expiration ○ Emergency process ● An easy way to manage secrets is to store them in a bucket: ○ Easy to push/pull new values ○ Dynamic Groups make it easy to get back from an instance Checkout 08-secrets.md
Destroy your stack (08-demo) Checkout 08-secrets.md oci os object delete --bucket-name=ftclnpb3wrytejru.resetlogs.com --name=/configuration/secret/secret.json --force terraform destroy … ● Destroy the stack as part of the last part:
Random thoughts ● KISS and DRY ○ Use as few external tools as possible ○ Avoid provisioners and null_resource ● Add +1 to tag support for Terraform OCI provider #400 ● Add +1 to support the container registry and OKE ● Don’t use terraform for Windows ● Rely on LetsEncrypt/DNS to generate SSL certificates ● Use Kubernetes (OKE) and a CI/CD for your application ● Implement Chatops and self-service
Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
Summary ● Terraform is easy to use, quick to learn and popular ● OCI is a powerful and fast infrastructure ● The terraform-provider-oci leverage both OCI and TF ● The workshop explores many aspects: configuration, compartment, state, inference, modules, templates, dynamic groups, providers… ● Try the oci-workshop, provide feedback and open issues ● OCI gets more advanced tools like DCS, OKE
gregoryguillou/terraform-api gregoryguillou/hubot-terraform Another demo: terraform from slack...
Thank you !!! We are hiring...

Recommended

Terraform with OCI
Terraform with OCITerraform with OCI
Terraform with OCIJeSam Kim
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDKPhil Wilkins
 
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsCloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsAltoros
 
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...OpenShift Origin
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Mitchell Pronschinske
 
Extending TripleO for OpenStack Management
Extending TripleO for OpenStack ManagementExtending TripleO for OpenStack Management
Extending TripleO for OpenStack ManagementKeith Basil
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 
Terraform day 1
Terraform day 1Terraform day 1
Terraform day 1Kalkey
 

Recommended

Terraform with OCI
Terraform with OCITerraform with OCI
Terraform with OCIJeSam Kim
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDKPhil Wilkins
 
Cloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsCloud Foundry Deployment Tools: BOSH vs Juju Charms
Cloud Foundry Deployment Tools: BOSH vs Juju CharmsAltoros
 
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...OpenShift Origin
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Mitchell Pronschinske
 
Extending TripleO for OpenStack Management
Extending TripleO for OpenStack ManagementExtending TripleO for OpenStack Management
Extending TripleO for OpenStack ManagementKeith Basil
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 
Terraform day 1
Terraform day 1Terraform day 1
Terraform day 1Kalkey
 
Galera on kubernetes_no_video
Galera on kubernetes_no_videoGalera on kubernetes_no_video
Galera on kubernetes_no_videoPatrick Galbraith
 
Core os dna_oscon
Core os dna_osconCore os dna_oscon
Core os dna_osconPatrick Galbraith
 
CoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera ClusterCoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera ClusterYazz Atlas
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRobert Bohne
 
Fuel, Puppet and OpenStack
Fuel, Puppet and OpenStackFuel, Puppet and OpenStack
Fuel, Puppet and OpenStackaedocw
 
Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치OpenStack Korea Community
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Microsoft
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
Terraform 101
Terraform 101Terraform 101
Terraform 101Haggai Philip Zagury
 
Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021Nelson Calero
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
OpenStack Heat
OpenStack HeatOpenStack Heat
OpenStack Heatopenstackindia
 
Core os dna_automacon
Core os dna_automaconCore os dna_automacon
Core os dna_automaconPatrick Galbraith
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
 
Run your Java apps on Cloud Foundry
Run your Java apps on Cloud FoundryRun your Java apps on Cloud Foundry
Run your Java apps on Cloud FoundryAndy Piper
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetupragss
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersDeploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersSyah Dwi Prihatmoko
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Walid Shaari
 
Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On DemandBogdan Kyryliuk
 
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdfGetting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdfssuser348b1c
 

More Related Content

What's hot

Galera on kubernetes_no_video
Galera on kubernetes_no_videoGalera on kubernetes_no_video
Galera on kubernetes_no_videoPatrick Galbraith
 
CoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera ClusterCoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera ClusterYazz Atlas
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRobert Bohne
 
Fuel, Puppet and OpenStack
Fuel, Puppet and OpenStackFuel, Puppet and OpenStack
Fuel, Puppet and OpenStackaedocw
 
Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Haggai Philip Zagury
 
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치OpenStack Korea Community
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Microsoft
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021Nelson Calero
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
 
Run your Java apps on Cloud Foundry
Run your Java apps on Cloud FoundryRun your Java apps on Cloud Foundry
Run your Java apps on Cloud FoundryAndy Piper
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetupragss
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersDeploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersSyah Dwi Prihatmoko
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Walid Shaari
 

What's hot (20)

Galera on kubernetes_no_video
Galera on kubernetes_no_videoGalera on kubernetes_no_video
Galera on kubernetes_no_video
 
Core os dna_oscon
Core os dna_osconCore os dna_oscon
Core os dna_oscon
 
CoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera ClusterCoreOS automated MySQL Cluster Failover using Galera Cluster
CoreOS automated MySQL Cluster Failover using Galera Cluster
 
Red Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABCRed Hat OpenShift Operators - Operators ABC
Red Hat OpenShift Operators - Operators ABC
 
Fuel, Puppet and OpenStack
Fuel, Puppet and OpenStackFuel, Puppet and OpenStack
Fuel, Puppet and OpenStack
 
Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*Git ops & Continuous Infrastructure with terra*
Git ops & Continuous Infrastructure with terra*
 
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
[OpenStack Day in Korea 2015] Track 1 - Triple O를 이용한 빠르고 쉬운 OpenStack 설치
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
Terraform 101
Terraform 101Terraform 101
Terraform 101
 
Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021Oracle on kubernetes 101 - Dec/2021
Oracle on kubernetes 101 - Dec/2021
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
OpenStack Heat
OpenStack HeatOpenStack Heat
OpenStack Heat
 
Core os dna_automacon
Core os dna_automaconCore os dna_automacon
Core os dna_automacon
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
 
Run your Java apps on Cloud Foundry
Run your Java apps on Cloud FoundryRun your Java apps on Cloud Foundry
Run your Java apps on Cloud Foundry
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersDeploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 

Similar to Master Terraform and OCI in 40 steps

Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On DemandBogdan Kyryliuk
 
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdfGetting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdfssuser348b1c
 
Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016aspyker
 
Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Sharma Podila
 
Session 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramSession 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramFIWARE
 
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...Andrey Devyatkin
 
Montreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpMontreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpStacy Véronneau
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersAly Sivji
 
Cloud Native Practice
Cloud Native PracticeCloud Native Practice
Cloud Native PracticePhilip Zheng
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil FrameworkVeilFramework
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Automate the operation of your Oracle Cloud infrastructure v2.0
Automate the operation of your Oracle Cloud infrastructure v2.0Automate the operation of your Oracle Cloud infrastructure v2.0
Automate the operation of your Oracle Cloud infrastructure v2.0Nelson Calero
 
Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPSamuel Chow
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production 6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production Hung Lin
 

Similar to Master Terraform and OCI in 40 steps (20)

Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On Demand
 
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdfGetting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
Getting-Started-with-Containers-and-Kubernetes_-March-2020-CNCF-Webinar.pdf
 
Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016
 
Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016
 
Session 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramSession 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers Program
 
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
HashiCorp Vault configuration as code via HashiCorp Terraform- stories from t...
 
Montreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpMontreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUp
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 
Cloud Native Practice
Cloud Native PracticeCloud Native Practice
Cloud Native Practice
 
Revealing ALLSTOCKER
Revealing ALLSTOCKERRevealing ALLSTOCKER
Revealing ALLSTOCKER
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
 
Automate the operation of your Oracle Cloud infrastructure v2.0
Automate the operation of your Oracle Cloud infrastructure v2.0Automate the operation of your Oracle Cloud infrastructure v2.0
Automate the operation of your Oracle Cloud infrastructure v2.0
 
Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCP
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production 6 Months Sailing with Docker in Production
6 Months Sailing with Docker in Production
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

Master Terraform and OCI in 40 steps

  • 1. Mastering Terraform and the OCI provider #OracleCode AND @gregoryguillou
  • 2. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 3. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 4. @gregoryguillou gregoryguillou Ops with an angle #OracleCode AND @gregoryguillou
  • 5.
  • 6. ● Self-service and Chatops ● Elasticity: Training, dev, test ● International deployment ● Ability to invest to add value ● Time to Market ● Impact on all our teams ● Number of environments ● Mission critical “Ops”
  • 7. Why Ops also live for the code? ● We need monitoring, CI/CD, AB testing, DRP ● We need to move faster and faster ● People should not need us! ● Let’s stop building from the ground ● Focus on products and businesses, not infrastructure ● Ops are deadly alive! #OracleCode AND @gregoryguillou
  • 8. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 9.
  • 10. Terraform Key concepts - https://terraform.io ● Infrastructure as Code ● A go application ● HCL/JSON with an inference syntax ● Immutable Infrastructure ● State management ● Dozens of providers, including OCI ● GIT and Registry ● Open-source and enterprise versions
  • 11. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 14. Installing Terraform for OCI (master) ● Download the software from terraform.io ● Install terraform OCI provider ● Install the OCI Command Line Interface ● Create a RSA key and register it in your API Keys ● Defines your OCI CLI configuration ● Create a provider.tf file and set the associated variables ● Initialize the project with the `init` command ● Define resources and `apply` them
  • 15. OCI Terraform resource overview ● Core: Images, Instances, Volumes, VCN, Security List, Subnets... ● Database ● DNS: Records, Zones ● File Storage ● Identity: Keys, Groups, Policies, Users ● Load Balancer ● Object Storage Checkout the documentation
  • 16. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 17. A few coding good practices ● Create a specific compartment (master) ● Manage your state on a bucket (02-demo) ● Variables, inferences and dependencies (03-demo) ● Modules (04-demo) ● Packer (05-demo) ● dynamicgroups and OCI_CLI_AUTH (06-demo) ● Use other providers (07-demo) ● An easy (and bad) way to manage secrets (08-demo)
  • 18. Create a specific compartment (master) ● Use OCI CLI to create a compartment ● Add it to the .env file and with variables Checkout 01-install.md oci iam compartment create --compartment-id="${TF_VAR_tenancy}" --name="DevTeam" --description="A compartiment to be used by developers" --wait-for-state=ACTIVE --max-wait-seconds=300 --wait-interval-seconds 5
  • 19. Manage your state on a bucket (02-demo) ● Create a bucket ● Upload the current state as an object in that bucket ● Create a pre-authenticated request for that object ● Test you can access the file from the request ● Add a backend.tf file that reference the preauth request ● Re-initialize terraform with the backend ● Verify you can access the remote state Checkout 02-remote-state.md
  • 20. Variables, inferences and dependencies (03-demo) ● Add access to the `compartment` variable ● Create a variable with a default value ● Infer variable value from another variable with `lookup` ● Create a VCN, DCHP Options and an Internet Gateway ● Create multiple resource and inferences with `count` Checkout 03-inferences.md
  • 21. Modules (04-demo) ● Create a directory to move the resource for your module ● Remove the resource from your original stack ● Create variable and output to encapsulate your logic ● Use `terraform init` to reference the new module Checkout 04-modules.md module "livecode" { tenancy = "${var.tenancy}" compartment = "${var.compartment}" source = "github.com/gregoryguillou/oci-workshop?ref=04-demo//modules/public-network" }
  • 22. Packer (05-demo) ● Installing Packer ● Finding the latest Oracle Linux Image ● Subnet and Compartment ● Building an OCI image with Packer Checkout 05-packer.md packer build -var "subnet=$SUBNET" -var "compartment=$TF_VAR_compartment" template.json
  • 23. dynamicgroups and OCI_CLI_AUTH (06-demo) ● Deploy a dynamic group and its policy ● Access the remote instance from SSH ● Use the metadata API to figure out the compartment ● Use the OCI CLI without any credentials Checkout 06-dynamicgroups.md export OCI_CLI_AUTH=instance_principal oci os bucket list --compartment-id=$COMPARTMENT --query='data[].{bucket: name}' --output=table
  • 24. Use other providers (07-demo) ● There are a lot of useful providers, including random, null, http, external, template or terraform_remote, for instance: ● You can use many more: kubernetes, consul, vault... Checkout 07-other-providers.md data "external" "version" { program = ["${path.module}/version.sh"] query = { workspace = "${terraform.workspace}" } } output "oci-workshop" { value = "${lookup(data.external.version.result, "oci-workshop")}" } #OracleCode AND @gregoryguillou
  • 25. An easy and bad way to manage secrets (08-demo) ● Rely on Hashicorp Vault for a best configuration: ○ Automatic password rotation ○ Access token expiration ○ Emergency process ● An easy way to manage secrets is to store them in a bucket: ○ Easy to push/pull new values ○ Dynamic Groups make it easy to get back from an instance Checkout 08-secrets.md
  • 26. Destroy your stack (08-demo) Checkout 08-secrets.md oci os object delete --bucket-name=ftclnpb3wrytejru.resetlogs.com --name=/configuration/secret/secret.json --force terraform destroy … ● Destroy the stack as part of the last part:
  • 27. Random thoughts ● KISS and DRY ○ Use as few external tools as possible ○ Avoid provisioners and null_resource ● Add +1 to tag support for Terraform OCI provider #400 ● Add +1 to support the container registry and OKE ● Don’t use terraform for Windows ● Rely on LetsEncrypt/DNS to generate SSL certificates ● Use Kubernetes (OKE) and a CI/CD for your application ● Implement Chatops and self-service
  • 28. Agenda Mastering Terraform with OCI ● Introduction ● Terraform fundamentals ● Terraform OCI provider ● Coding and good practices ● Summary
  • 29. Summary ● Terraform is easy to use, quick to learn and popular ● OCI is a powerful and fast infrastructure ● The terraform-provider-oci leverage both OCI and TF ● The workshop explores many aspects: configuration, compartment, state, inference, modules, templates, dynamic groups, providers… ● Try the oci-workshop, provide feedback and open issues ● OCI gets more advanced tools like DCS, OKE
  • 31. Thank you !!! We are hiring...