Oracle Cloud Infrastructure (OCI) Automatic Provisioning with User-Controlled Parameters

Terraform is a great tool to automate your cloud provisioning and Oracle Resource Manager (ORM) provides a nice UI for managing and executing your Terraform scripts for OCI. ORM is available -even in Always Free Tier accounts- by navigating in the "Developer Services" OCI menu to Resource Manager > Stacks.

When you provide a Terraform script to somebody else for execution a challenge you might come across is to give the executor of the script some control over the provisioning process while not bothering him with the rest of the possibly complex logic.

My simple use case was to automatically provision an OCI compute instance with ORM while allowing the user to specify his own public ssh key as a parameter (for accessing the instance with his private ssh key).

Terraform script to create OCI compute instance:

provider "oci" {}

variable ssh_key { default = "<replace with your ssh public key>" }

variable availability_domain { default = "JKGV:EU-FRANKFURT-1-AD-3" }

variable image_id { default = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaas2j2fs2ahfvqrydivnetpld3kymzd2hq24pagd3oqccftot4pl5q" }

variable compartment_ocid {}

resource "oci_core_instance" "generated_oci_core_instance" {
    agent_config {
        is_management_disabled = "false"
        is_monitoring_disabled = "false"
        plugins_config {
            desired_state = "DISABLED"
            name = "Vulnerability Scanning"
        }
        plugins_config {
            desired_state = "DISABLED"
            name = "Oracle Java Management Service"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "OS Management Service Agent"
        }
        plugins_config {
            desired_state = "DISABLED"
            name = "Management Agent"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "Custom Logs Monitoring"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "Compute Instance Run Command"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "Compute Instance Monitoring"
        }
        plugins_config {
            desired_state = "DISABLED"
            name = "Block Volume Management"
        }
        plugins_config {
            desired_state = "DISABLED"
            name = "Bastion"
        }
    }
    availability_config {
        recovery_action = "RESTORE_INSTANCE"
    }
    availability_domain = var.availability_domain
    compartment_id = var.compartment_ocid
    create_vnic_details {
        assign_private_dns_record = "true"
        assign_public_ip = "true"
        subnet_id = "${oci_core_subnet.generated_oci_core_subnet.id}"
    }
    display_name = "New-Compute-Instance"
    instance_options {
        are_legacy_imds_endpoints_disabled = "false"
    }
    is_pv_encryption_in_transit_enabled = "true"
    metadata = {
        "ssh_authorized_keys" = var.ssh_key
    }
    shape = "VM.Standard.E2.1.Micro"
    source_details {
        source_id = var.image_id
        source_type = "image"
    }
}

resource "oci_core_vcn" "generated_oci_core_vcn" {
    cidr_block = "10.0.0.0/16"
    compartment_id = var.compartment_ocid
    display_name = "New-VCN"
    dns_label = "vcn01"
}

resource "oci_core_subnet" "generated_oci_core_subnet" {
    cidr_block = "10.0.0.0/24"
    compartment_id = var.compartment_ocid
    display_name = "New-Subnet"
    dns_label = "subnet01"
    route_table_id = "${oci_core_vcn.generated_oci_core_vcn.default_route_table_id}"
    vcn_id = "${oci_core_vcn.generated_oci_core_vcn.id}"
}

resource "oci_core_internet_gateway" "generated_oci_core_internet_gateway" {
    compartment_id = var.compartment_ocid
    display_name = "Internet Gateway New-VCN"
    enabled = "true"
    vcn_id = "${oci_core_vcn.generated_oci_core_vcn.id}"
}

resource "oci_core_default_route_table" "generated_oci_core_default_route_table" {
    route_rules {
        destination = "0.0.0.0/0"
        destination_type = "CIDR_BLOCK"
        network_entity_id = "${oci_core_internet_gateway.generated_oci_core_internet_gateway.id}"
    }
    manage_default_resource_id = "${oci_core_vcn.generated_oci_core_vcn.default_route_table_id}"
}

(My OCI home region is Frankfurt. Yours might be different, so you might need a different value for the availability_domain and image_id variable.)

ORM allows you to package all necessary Terraform files into an easy-to-use zip file. So, all you typically need to do is to create an ORM Stack from this zip file and execute it by pressing the "Apply" button on the ORM stack page.

If you have created the script from one of Oracle's automatic ORM stack creation flows like pressing "Save as stack" on the OCI compute instance creation page typically all Terraform configuration values are static.

If you want to let the executor decide on some of the configuration values you can simply define them as variables -optionally with a default value- inside the Terraform script. In that case ORM will ask the creator of the ORM stack about overriding the value of those variables and will create the new values as stack variable resources.

You can change those values as many times as you like before executing the Terraform script by pressing the "Edit Variables" button in the "Resources > Variables" tab.

When you execute the Terraform script it will use those ORM variable values to override the default values in the Terraform script.

Summary

You have seen how Oracle Resource Manager can help to provide pre-built OCI provisioning scripts to others who are not Terraform experts but still need to control parts of the provisioning process.

max@ateam