SlideShare une entreprise Scribd logo

Using Terraform to Manage Oracle Cloud Infrastructure

Maris Elsins
Maris Elsins

Managing the Oracle Cloud Infrastructure by using just the Cloud Console can get out of hand very quickly due to the vast amount of resources and their interdependencies that need to be controlled. It leads to weakened security, reduced availability or human mistakes in infrastructure management. Terraform – an open-source infrastructure as code software – allows solving many of these issues. This presentation will explain the basics of working with Terraform and will provide hints and examples for using it with OCI.

Technologie
1  sur  29
Télécharger pour lire hors ligne
1© Pythian Services Inc., 2020 by Māris Elsiņš TO MANAGE ORACLE CLOUD INFRASTRUCTURE USING TERRAFORM
2© Pythian Services Inc., 2020 Māris Elsiņš Lead Database Consultant ✓ Oracle Databases ✓ Oracle e-Business Suite ✓ OCI ✓ AWS ✓ GCP @MarisDBA elsins@pythian.com
3© Pythian Services Inc., 2020 WHAT’S DIFFERENT IN THIS TERRAFORM TALK?
4© Pythian Services Inc., 2020 • Basics in 3 minutes + demo • Terraform and OCI + demo • A Few suggestions before you dive in!
5© Pythian Services Inc., 2020 BASICS IN 3 MINUTES
6© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • HashiCorp • Open Source • A Simple binary executable • Manages Infrastructure as Code • The cool stuff it provides
7© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • Configuration files describe the infrastructure • Terraform language syntax (Declarative Language) • Version controlled repeatable infrastructure • The cool stuff it provides
8© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • The cool stuff it provides • Resource Graph - determine dependencies and parallelize execution • Execution Plans - verify the change before implementing it • Change Automation - adjust the configuration files, and terraform will figure out how to implement it • DevOpsification
9© Pythian Services Inc., 2020 WHAT IS TERRAFORM IMPORTANT CONCEPTS • Providers - https://www.terraform.io/docs/providers/index.html • Variables – provide parameters of the configuration • Outputs – externalize the information • Resources – describe what needs to be created • Data Sources – Extract environment properties that are not maintained by Terraform • State files – The local metadata of the existing infrastructure • Interpolation Syntax – refencing attributes from another resource • Modules – reusability of existing code d1 d2
10© Pythian Services Inc., 2020 TERRAFORM + OCI
11© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Getting Started with the Terraform Provider https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/terraformgetstarted.htm • Required Keys and OCIDs https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm • Separation of impact areas in OCI provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
12© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Separation of impact areas in OCI • Dedicated compartment(s) for all infra managed by Terraform Policy: allow group OCITerra-Admins to manage all-resources in compartment OCITerra • The rest is manually managed • Object Storage bucket for terraform state? • Administrative users, policies, etc…. provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
13© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Compartment • VCN • Security List • Routing Table • Internet Gateway • Subnet • Instance running nginx • Requirements • Used features
14© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Requirements • Repeatable infrastructure • Use the same code • Different configurations • NW • Resource naming • PROD protection • Used features
15© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL d3 • What we’re building? • Requirements • Used features • Terraform Workspaces • A wrapper script
16© Pythian Services Inc., 2020 IMPORTING RESOURCES
17© Pythian Services Inc., 2020 IMPORTING RESOURCES ADDING A MANUALLY CREATED RESOURCE • Retrieve the OCID from OCI • Create the placeholder resource in terraform configuration • Import the resource metadata into the state file terraform import placeholder_resource.name {ocid} • Show the contents of the state file terraform state show placeholder_resource.name • Adjust the placeholder resource to add required attributes • use the interpolation syntax to retrieve the attributes from other resources • Check the terraform plan terraform plan d4
18© Pythian Services Inc., 2020 USING TERRAFORM IRL
19© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Use an iterative approach • Expand gradually • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD != OK
20© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Manual adjustments cause state issues • Everyone needs to be familiar with the workflow, otherwise it will cause manual actions (trouble) • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK
21© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • Utilize variables to make it possible to change aspects of the environment • Variables simplify conversion into modules, thus improves reusability • One large configuration defining DEV, UAT and PROD is NOT OK
22© Pythian Services Inc., 2020 USING TERRAFORM IRL A FEW SUGGESTIONS BEFORE YOU DIVE IN • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK • Reduced separation • Inability to test the changes • Decreased reliability and manageability of the configuration • Break down the system in logical segments that are managed in separate TF configurations! • i.e. Core network, shared services • References between different TF states are possible
23© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation • Possible, but error-prone in a team configuration… • State needs to be shared (limitations of remote state with OCI) • Does everyone have the right configuration files (did you forget to git pull?) • A Deployment server
24© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation? • A Deployment server • A single shared server, where terraform is executed from • Additional infrastructure / backups, management • More control over the configuration of terraform runs • The “local” state supports locking and workspaces natively • Editing should not be allowed on the deployment server (to avoid conflicts) • Easier to integrate with other tools (Jenkins, Ansible, etc)
25© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Corrupt/missing state can have severe impact • State files can store sensitive information • OCI’s support for remote state is weak at the moment • Can use a file in an Object Storage Bucket • Does not support several important features (workspaces, prefixes, limited locking) • Alternative state storage options? • Store state files on another cloud (AWS S3 Bucket)? • Use a “deployment instance”and a “local” protected / encrypted / backed up state on Block Storage or File Storage services. • Plan code promotions carefully • Protecting the PROD
26© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Different versions of the same TF configuration code in different environments • Modules vs. wrapper scripts that pulls the correct version • Different architectures, but utilize the same terraform modules (different versions) • Isolate the environments (ability to run destroy without affecting others) to reduce the potential impact • terraform workspaces • Completely separated terraform configuration files (+use of modules) • Protecting the PROD
27© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Protecting the PROD • accidents happen • ‘terraform apply’ in the wrong environment can be very costly • Build fail-safes (i.e. a wrapper *.sh to implement extra checks for PROD executions) • Additional benefits possible, i.e. checking out the correct code version from the repository, posting tags back to git, etc.
28© Pythian Services Inc., 2020 SUMMARY • You will require an IaC solution when moving to Cloud • Terraform is one good option • Especially on OCI • Planning is critical • Protecting and sharing the state • Critical resources • All team effort • All in or Fail • It’s fun! • At least for dinosaur DBAs like me
29© Pythian Services Inc., 2020 ? @MarisDBA elsins@pythian.com

Recommandé

An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLMaris Elsins
 
Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Maris Elsins
 
Migrating and Running DBs on Amazon RDS for Oracle
Migrating and Running DBs on Amazon RDS for OracleMigrating and Running DBs on Amazon RDS for Oracle
Migrating and Running DBs on Amazon RDS for OracleMaris Elsins
 
Mining AWR V2 - Trend Analysis
Mining AWR V2 - Trend AnalysisMining AWR V2 - Trend Analysis
Mining AWR V2 - Trend AnalysisMaris Elsins
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerMaris Elsins
 
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...Maris Elsins
 
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...Maris Elsins
 
Database as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformDatabase as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformMaris Elsins
 

Recommandé

An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLMaris Elsins
 
Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Maris Elsins
 
Migrating and Running DBs on Amazon RDS for Oracle
Migrating and Running DBs on Amazon RDS for OracleMigrating and Running DBs on Amazon RDS for Oracle
Migrating and Running DBs on Amazon RDS for OracleMaris Elsins
 
Mining AWR V2 - Trend Analysis
Mining AWR V2 - Trend AnalysisMining AWR V2 - Trend Analysis
Mining AWR V2 - Trend AnalysisMaris Elsins
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerMaris Elsins
 
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...
C15LV: Ins and Outs of Concurrent Processing Configuration in Oracle e-Busine...Maris Elsins
 
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...
Mining the AWR: Alternative Methods for Identification of the Top SQLs (inclu...Maris Elsins
 
Database as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformDatabase as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformMaris Elsins
 
LVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan InstabilityLVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan InstabilityMaris Elsins
 
OUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance TestingOUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance TestingMaris Elsins
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gMaris Elsins
 
Surviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource ManagerSurviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource ManagerMaris Elsins
 
Concurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAsConcurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAsMaris Elsins
 
Simplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12cSimplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12cMaris Elsins
 
10 ways to improve your rman script
10 ways to improve your rman script10 ways to improve your rman script
10 ways to improve your rman scriptMaris Elsins
 
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...Maris Elsins
 
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...Maris Elsins
 
Running E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database ApplianceRunning E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database ApplianceMaris Elsins
 
Internals of concurent managers
Internals of concurent managersInternals of concurent managers
Internals of concurent managersMaris Elsins
 
Using SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance TestingUsing SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance TestingMaris Elsins
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Contenu connexe

Plus de Maris Elsins

LVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan InstabilityLVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan InstabilityMaris Elsins
 
OUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance TestingOUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance TestingMaris Elsins
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gMaris Elsins
 
Surviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource ManagerSurviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource ManagerMaris Elsins
 
Concurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAsConcurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAsMaris Elsins
 
Simplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12cSimplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12cMaris Elsins
 
10 ways to improve your rman script
10 ways to improve your rman script10 ways to improve your rman script
10 ways to improve your rman scriptMaris Elsins
 
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...Maris Elsins
 
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...Maris Elsins
 
Running E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database ApplianceRunning E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database ApplianceMaris Elsins
 
Internals of concurent managers
Internals of concurent managersInternals of concurent managers
Internals of concurent managersMaris Elsins
 
Using SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance TestingUsing SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance TestingMaris Elsins
 

Plus de Maris Elsins (12)

LVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan InstabilityLVOUG meetup #2 - Forcing SQL Execution Plan Instability
LVOUG meetup #2 - Forcing SQL Execution Plan Instability
 
OUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance TestingOUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
OUG Harmony 2012 - Using SQL Plan Baselines for Performance Testing
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11g
 
Surviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource ManagerSurviving the Crisis With the Help of Oracle Database Resource Manager
Surviving the Crisis With the Help of Oracle Database Resource Manager
 
Concurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAsConcurrent Processing Performance Analysis for Apps DBAs
Concurrent Processing Performance Analysis for Apps DBAs
 
Simplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12cSimplify Consolidation with Oracle Database 12c
Simplify Consolidation with Oracle Database 12c
 
10 ways to improve your rman script
10 ways to improve your rman script10 ways to improve your rman script
10 ways to improve your rman script
 
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
Wildcard13 - warmup slides for the "Roundtable discussion with Oracle Profess...
 
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
Whitepaper: Running Oracle e-Business Suite Database on Oracle Database Appli...
 
Running E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database ApplianceRunning E-Business Suite Database on Oracle Database Appliance
Running E-Business Suite Database on Oracle Database Appliance
 
Internals of concurent managers
Internals of concurent managersInternals of concurent managers
Internals of concurent managers
 
Using SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance TestingUsing SQL Plan Management for Performance Testing
Using SQL Plan Management for Performance Testing
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 

Dernier (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Using Terraform to Manage Oracle Cloud Infrastructure

  • 1. 1© Pythian Services Inc., 2020 by Māris Elsiņš TO MANAGE ORACLE CLOUD INFRASTRUCTURE USING TERRAFORM
  • 2. 2© Pythian Services Inc., 2020 Māris Elsiņš Lead Database Consultant ✓ Oracle Databases ✓ Oracle e-Business Suite ✓ OCI ✓ AWS ✓ GCP @MarisDBA elsins@pythian.com
  • 3. 3© Pythian Services Inc., 2020 WHAT’S DIFFERENT IN THIS TERRAFORM TALK?
  • 4. 4© Pythian Services Inc., 2020 • Basics in 3 minutes + demo • Terraform and OCI + demo • A Few suggestions before you dive in!
  • 5. 5© Pythian Services Inc., 2020 BASICS IN 3 MINUTES
  • 6. 6© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • HashiCorp • Open Source • A Simple binary executable • Manages Infrastructure as Code • The cool stuff it provides
  • 7. 7© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • Configuration files describe the infrastructure • Terraform language syntax (Declarative Language) • Version controlled repeatable infrastructure • The cool stuff it provides
  • 8. 8© Pythian Services Inc., 2020 WHAT IS • A tool for building, changing, and versioning infrastructure • Manages Infrastructure as Code • The cool stuff it provides • Resource Graph - determine dependencies and parallelize execution • Execution Plans - verify the change before implementing it • Change Automation - adjust the configuration files, and terraform will figure out how to implement it • DevOpsification
  • 9. 9© Pythian Services Inc., 2020 WHAT IS TERRAFORM IMPORTANT CONCEPTS • Providers - https://www.terraform.io/docs/providers/index.html • Variables – provide parameters of the configuration • Outputs – externalize the information • Resources – describe what needs to be created • Data Sources – Extract environment properties that are not maintained by Terraform • State files – The local metadata of the existing infrastructure • Interpolation Syntax – refencing attributes from another resource • Modules – reusability of existing code d1 d2
  • 10. 10© Pythian Services Inc., 2020 TERRAFORM + OCI
  • 11. 11© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Getting Started with the Terraform Provider https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/terraformgetstarted.htm • Required Keys and OCIDs https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm • Separation of impact areas in OCI provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
  • 12. 12© Pythian Services Inc., 2020 STARTING WITH TERRAFORM + OCI GETTING CONNECTED TO OCI • Where to start? • Separation of impact areas in OCI • Dedicated compartment(s) for all infra managed by Terraform Policy: allow group OCITerra-Admins to manage all-resources in compartment OCITerra • The rest is manually managed • Object Storage bucket for terraform state? • Administrative users, policies, etc…. provider "oci" { tenancy_ocid = "${var.tenancy_ocid}" user_ocid = "${var.user_ocid}" fingerprint = "${var.fingerprint}" private_key_path = "${var.private_key_path}" region = "${var.region}" }
  • 13. 13© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Compartment • VCN • Security List • Routing Table • Internet Gateway • Subnet • Instance running nginx • Requirements • Used features
  • 14. 14© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL • What we’re building? • Requirements • Repeatable infrastructure • Use the same code • Different configurations • NW • Resource naming • PROD protection • Used features
  • 15. 15© Pythian Services Inc., 2020 BUILDING SOMETHING USEFUL LET’S CREATE SOMETHING REAL d3 • What we’re building? • Requirements • Used features • Terraform Workspaces • A wrapper script
  • 16. 16© Pythian Services Inc., 2020 IMPORTING RESOURCES
  • 17. 17© Pythian Services Inc., 2020 IMPORTING RESOURCES ADDING A MANUALLY CREATED RESOURCE • Retrieve the OCID from OCI • Create the placeholder resource in terraform configuration • Import the resource metadata into the state file terraform import placeholder_resource.name {ocid} • Show the contents of the state file terraform state show placeholder_resource.name • Adjust the placeholder resource to add required attributes • use the interpolation syntax to retrieve the attributes from other resources • Check the terraform plan terraform plan d4
  • 18. 18© Pythian Services Inc., 2020 USING TERRAFORM IRL
  • 19. 19© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Use an iterative approach • Expand gradually • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD != OK
  • 20. 20© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Manual adjustments cause state issues • Everyone needs to be familiar with the workflow, otherwise it will cause manual actions (trouble) • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK
  • 21. 21© Pythian Services Inc., 2020 USING TERRAFORM IRL HOW TO START USING TERRAFORM IN YOUR PROJECTS? • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • Utilize variables to make it possible to change aspects of the environment • Variables simplify conversion into modules, thus improves reusability • One large configuration defining DEV, UAT and PROD is NOT OK
  • 22. 22© Pythian Services Inc., 2020 USING TERRAFORM IRL A FEW SUGGESTIONS BEFORE YOU DIVE IN • Start small • Terraform-ing is a team effort • Don’t Hardcode values in configuration files • One large configuration defining DEV, UAT and PROD is NOT OK • Reduced separation • Inability to test the changes • Decreased reliability and manageability of the configuration • Break down the system in logical segments that are managed in separate TF configurations! • i.e. Core network, shared services • References between different TF states are possible
  • 23. 23© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation • Possible, but error-prone in a team configuration… • State needs to be shared (limitations of remote state with OCI) • Does everyone have the right configuration files (did you forget to git pull?) • A Deployment server
  • 24. 24© Pythian Services Inc., 2020 USING TERRAFORM IRL WHERE TO RUN THE TERRAFORM FROM? • Running it from your workstation? • A Deployment server • A single shared server, where terraform is executed from • Additional infrastructure / backups, management • More control over the configuration of terraform runs • The “local” state supports locking and workspaces natively • Editing should not be allowed on the deployment server (to avoid conflicts) • Easier to integrate with other tools (Jenkins, Ansible, etc)
  • 25. 25© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Corrupt/missing state can have severe impact • State files can store sensitive information • OCI’s support for remote state is weak at the moment • Can use a file in an Object Storage Bucket • Does not support several important features (workspaces, prefixes, limited locking) • Alternative state storage options? • Store state files on another cloud (AWS S3 Bucket)? • Use a “deployment instance”and a “local” protected / encrypted / backed up state on Block Storage or File Storage services. • Plan code promotions carefully • Protecting the PROD
  • 26. 26© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Different versions of the same TF configuration code in different environments • Modules vs. wrapper scripts that pulls the correct version • Different architectures, but utilize the same terraform modules (different versions) • Isolate the environments (ability to run destroy without affecting others) to reduce the potential impact • terraform workspaces • Completely separated terraform configuration files (+use of modules) • Protecting the PROD
  • 27. 27© Pythian Services Inc., 2020 USING TERRAFORM IRL PROTECT YOUR CRITICAL STUFF! • Protecting the state files • Plan code promotions carefully • Protecting the PROD • accidents happen • ‘terraform apply’ in the wrong environment can be very costly • Build fail-safes (i.e. a wrapper *.sh to implement extra checks for PROD executions) • Additional benefits possible, i.e. checking out the correct code version from the repository, posting tags back to git, etc.
  • 28. 28© Pythian Services Inc., 2020 SUMMARY • You will require an IaC solution when moving to Cloud • Terraform is one good option • Especially on OCI • Planning is critical • Protecting and sharing the state • Critical resources • All team effort • All in or Fail • It’s fun! • At least for dinosaur DBAs like me
  • 29. 29© Pythian Services Inc., 2020 ? @MarisDBA elsins@pythian.com