Begin your Journey with Terraform | Setting up terraform on OCI

This post covers the necessary steps to be followed for setting up terraform master server (where we are going to store and execute our scripts).




Step1: Provision the compute instance:

a. Provision the Bastion Server on OCI : Use Oracle Cloud Developer Image for provisioning

 

b. Please make sure the required security lists & route rules are in place.

c. Connect to the compute instance as opc

d. As we have chosen cloud developer image, terraform will get installed by default.

e. Now login to terraform admin user(i.e created the user: oracle which will be used  as terraform account)

Step 2:  Setting up API signing key  for invoking API calls from terraform:

 On compute :

• sudo su - oracle

• mkdir .oci;

• openssl genrsa -out ~/.oci/oci_api_key.pem 2048 --generate Private key

• openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem --generate public key based on private key

• openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c --get the Key's Fingerprint

on OCI Console:

• Open the Console, and sign in.

•    View the details for the user who will be calling the API with the key pair:

               If you're signed in as this user, click your username in the top-right corner of the Console, and then click User Settings.

               If you're an administrator doing this for another user, instead click Identity, click Users, and then select the user from the list.

• Click Add Public Key.

•       Paste the contents of the PEM public key(/home/oracle/.oci/oci_api_key_public.pem)  in the dialog box and click Add.

•           Check the fingerprint in OCI console with fingerprint we got from step c. It should be identical.

Step3: Retrieve the OCID’s required for API Key based authentication

Every Oracle Cloud Infrastructure resource has an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). You need your tenancy's OCID to use the API. You'll also need it when contacting support.

Calls to OCI using API Key authentication requires that you provide the following credentials.

1.       tenancy_ocid - OCID of your tenancy.  Click on profile àTennancy XYZàCopy OCID

2.       user_ocid - OCID of the user calling the API. (IdentityàusersàusernameàOCID)

3.       Fingerprint for the key pair being used .( Use the fingerprint value which got created earlier)

4.       Private key path: /home/oracle/.oci/oci_api_key.pem

5.       Regions Identifier: us-ashburn-1

Region Name	Region Identifier
Australia East (Sydney)	ap-sydney-1
Australia Southeast (Melbourne)	ap-melbourne-1
Brazil East (Sao Paulo)	sa-saopaulo-1
Canada Southeast (Toronto)	ca-toronto-1
Germany Central (Frankfurt)	eu-frankfurt-1
India West (Mumbai)	ap-mumbai-1
Japan Central (Osaka)	ap-osaka-1
Japan East (Tokyo)	ap-tokyo-1
Netherlands Northwest (Amsterdam)	eu-amsterdam-1
Saudi Arabia West (Jeddah)	me-jeddah-1
South Korea Central (Seoul)	ap-seoul-1
Switzerland North (Zurich)	eu-zurich-1
UK South (London)	uk-london-1
US East (Ashburn)	us-ashburn-1
US West (Phoenix)	us-phoenix-1

Add the below in .bash_profile (oracle user)  of bastion server .

export TF_VAR_tenancy_ocid= ocid1.tenancy.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

export TF_VAR_user_ocid= ocid1.user.oc1.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 export TF_VAR_fingerprint= 22:df:ef:b6:3f:f2:df:c7:72:e2:36:8b:30:34:7c:b5

export TF_VAR_private_key_path=/home/oracle/.oci/oci_api_key.pem

export TF_VAR_region=us-ashburn-1

Let us orchestrate the infrastructure in the upcoming weeks.  Stay Tuned  !