This blog is a follow up to our earlier Terraform and Oracle Bare Metal Cloud Services blog post focusing on how you can get started with Terraform. In the subsequent post, we will showcase how you can automate the steps involved in creating a virtual cloud network (VCN) within the Bare Metal Cloud and then creating a compute instance (either a Bare Metal Server or a Virtual Machine) attached with a block volume via Terraform.
If you have used Terraform before and you are looking to quickly get started, then here is a our Getting Started Readme
Pre-requisites
-
You will need to be able to create public key and private key certificates. There are multiple ways to achieve this. This blog post primarily relies on the open source openssl client program. If you are using Linux/Mac based platforms, then you either have this already installed or install via your software repository. If you are using Windows, then you can get this when you install Git Bash for Windows.
-
Create a folder ‘oraclebaremetalcloud’ in your HOME directory. We will use this folder as a top-level folder to keep our certificate files, terraform binaries as well as our automation configuration files.
On Linux/Mac: mkdir –p $HOME/oraclebaremetalcloudmkdir -p $HOME/oraclebaremetalcloud/bin On Windows:mkdir %HOME%\oraclebaremetalcloud mkdir %HOME%\oraclebaremetalcloud\bin
- You will need to download Terraform binary and copy to your $HOME/bin or %HOME%\bin folder
Setup the Bare Metal Cloud provider Plug-in in your computer
Download the Oracle Bare Metal Cloud provider from our Oracle GitHub releases page. Here, you will need to download your platform specific binaries and then depending on your operating system copy either the 32-bit or 64-bit version of the ‘terraform-provider-baremetal’ binary to your oraclebaremetalcloud folder.
Now create the .terraformrc file within your $HOME or %HOME% directory to contain the following content:
$ cat ~/.terraformrc
providers {
baremetal = "/Users/sriram/oraclebaremetalcloud/bin/terraform-provider-baremetal"
}
Enable your Bare Metal Cloud user account to manage it via Terraform
The next step is enable API based management within your Bare Metal Cloud user account. The steps to do this is well captured within our Bare Metal Cloud documentation. I am including this here for completeness sake.
Create a Private Key with a Passphrase
Let us create a directory such as .certs within the oraclebaremetalcloud folder. We will use this folder to create our public certificate and private key.
On Linux/Mac:
Our baremetal Terraform provider plugin currently accepts private keys only with the passphrase. So, remember to create a passphrase when you create your private key. You will be using this private key and the passphrase as an environment variable in the later steps.
On Linux/Mac:
Note: remember to provide a passphrase in the above prompt
On Windows:
Note: you may need to insert -passout stdin to be prompted for a passphrase. The prompt will just be the blinking cursor, with no text. You will need to type a passphrase in this blinking text
Ensure that only you can read the private key file:
Note: You are responsible for the security of this private key file. This private key file and its contents should never leave your computer. You should never copy the contents of this file within the terraform configuration file as well
Create a Public Key to use within your Bare Metal Cloud User Account
We will now create a public key certificate using the above created private key certificate and upload this public key certificate to your Oracle Bare Metal Cloud User account. This step allows us to manage our Bare Metal Cloud infrastructure via APIs.
You use the below openssl command to generate the corresponding public key certificate from your private key certificate file.
Now, login to your Oracle Bare Metal Cloud console. Under the top right, click on your login information and then click on the User Settings.
Now, click on API Keys and Add a API Key. You can now see a window to upload the contents of your previously created public key.
You can either open the public key certificate (that we just created) in a text editor and copy the contents or use any clipboard copy utilities (such as 'pbcopy' on Mac) to copy the contents of this file to the clipboard and then simply paste it within the above window. The console will now display the fingerprint of this public certificate
Once you completed this step, then you are now ready to sign all your API requests with your private key (within your 'oraclebaremetalcloud/.certs' folder) and the Oracle Bare Metal Cloud platform will use the above uploaded public key certificate to verify the authenticity of the request.
Configure Terraform to work with the Terraform-baremetal-provider
This is the last step to manage your Bare Metal Cloud resources via the Terraform. This step is summarized within our Terraform Bare Metal README file. In nutshell, here are the few things you will need to provide
1. Your Bare Metal Cloud tenancy unique Identifier (Tenancy OCID). You can find this information within the Bare Metal Cloud console main page:
2. Your Bare Metal Cloud user unique Identifier (User OCID). You can find this information within the Bare Metal Cloud console User Settings page
3. Your Bare Metal Cloud User API Fingerprint. You can get this information from the same User Settings page (under the API Keys).
Now, you can save all this information within a separate file - away from your oraclebaremetalcloud folder so that you do not accidentally share this key/critical information to anyone else.
Example:
On Linux/Mac environment, you can add the following to your $HOME/.bash_profile
export TF_VAR_tenancy_ocid= <your Tenancy OCID information>
export TF_VAR_user_ocid=<your User OCID information>
export TF_VAR_fingerprint=<your public key certificate API Fingerprint that you successfully uploaded>
export TF_VAR_private_key_path=<fully qualified path of your private key file. You should not share this file with anyone else>
export TF_VAR_private_key_password=<your passphrase for the private key>
Note: You are responsible for safely securing and protecting this above information.
Similarly, on Windows, you can save these contents within a file such as terraform-startup.bat flle and configure your cmd.exe to automatically run this file.
setx TF_VAR_tenancy_ocid <value>
setx TF_VAR_user_ocid <value>
setx TF_VAR_fingerprint <value>
setx TF_VAR_private_key_path <value>
setx TF_VAR_private_key_password <value>
z