Tuesday, February 11, 2020

Terraform:: OCI Provider Quickstart Guide

Following document will provide detailed steps to setup Terraform for OCI on Oracle Linux server and create a VCN in OCI compartment.

Terraform Installation:


You can setup using YUM or follow manual steps provided below.
  • Using YUM:

    sudo yum install -y terraform terraform-provider-oci

  • Manual Steps:
  1. Download terraform and terraform-provider-oci RPM’s from below URL’s.

  2. Run following commands to install RPM’s

    sudo rpm -ivh terraform-0.12.20-1.el7.x86_64.rpm
    sudo rpm -ivh terraform-provider-oci-3.61.0-1.el7.x86_64.rpm


In case of OL6, we need to follow manual steps to setup Terraform, and Terrform Provider for OCI.
  • Manual Steps:
  1. Setup Terraform:

    1. Login to your machine and switch to home directory:
      cd ~
    2. Download Terraform Binary
      wget https://releases.hashicorp.com/terraform/0.12.20/terraform_0.12.20_linux_amd64.zip
    3. Unzip Binary:
      unzip terraform_0.12.20_linux_amd64.zip
    4. Remove Binary:
      rm terraform_0.12.20_linux_amd64.zip
  2. Setup Terraform OCI Provider:

    1. Login to your machine and switch to home directory:
      cd ~
    2. Create directory for plugins:
      mkdir -p .terraform.d/plugins
    3. Switch to newly created directory:
      cd .terraform.d/plugins/
    4. Download Terraform OCI Provider Binary:
      wget https://releases.hashicorp.com/terraform-provider-oci/3.61.0/terraform-provider-oci_3.61.0_linux_amd64.zip
    5. Unzip Binary:
      unzip terraform-provider-oci_3.61.0_linux_amd64.zip
    6. Remove Binary:
      rm terraform-provider-oci_3.61.0_linux_amd64.zip

  3. Add Terraform home to Path

    export TF_HOME=~
    export PATH=$TF_HOME:$PATH

    Note: You can make it permanent by adding it to ~/.bashrc file and then source it.
  4. Run below command to test Terraform setup

    terraform version

OCI Console Setup:

  1. Setup API Signing Key:
    1. Login to host and run following commands to generate API signing key for OCI user.
    2. Go to home directory and create
      cd ~
    3. mkdir ~/.oci
      openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048
      Enter Passphrase:
    4. Secure private key:
      chmod go-rwx ~/.oci/oci_api_key.pem
      Get Finger print
    5. Generate Fingerprint:
      openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c
      This fingerprint value required for Terraform OCI provider.
    6. Generate Public key:
      openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
    7. Copy Public key:
      cat ~/.oci/oci_api_key_public.pem
  2. Add credentials to OCI console

    1. Login to the respective OCI Console: 
      1. Ashburn Console: https://console.us-ashburn-1.oraclecloud.com/
    2. Go to Governance and Administration --> Identity --> Users
    3. Click on your username (email id)
    4. Click on Add Public Key and paste your key from oci_api_key_public.pem. And add it.
    5. Please note the Fingerprint shown on the console.It should match the Fingerprint generated during API signing key generation.

Terraform OCI Provider Setup:

  1. Create Variable File:
    1. Login to host (where terraform & terraform OCI provider already installed) and create a directory for terraform scripts.
      mkdir –p ~/tfscripts
    2. Switch to newly created directory
      cd ~/tfscripts
    3. Create a file named terraform.tfvars and add below content.
      tenancy_ocid            = "ocid1.tenancy.oc1..aaaaaaaaqms4qy6kxsxsdoaocxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      user_ocid               = "ocid1.user.oc1..aaaaaaaag4jmbpa2pg5pzea4qsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      fingerprint             = "43:3f:3b:ce:d4:49:31:9c:3f:ef:2a:84:9f:eb:7b:3d"
      private_key_path        = "~/.oci/oci_api_key.pem"
      compartment_ocid        = "ocid1.tenancy.oc1..aaaaaaaaqms4qy6kxsxsdoaocxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      region                  = "us-ashburn-1"
      private_key_password    = "<password>"
    4. tenancy_ocid: 
      1. Login to OCI console and click on top right user icon and select Tenancy name to find tenancy OCID
    5. user_ocid:
      1. Login to OCI console and Go to Governance and Administration --> Identity --> Users. Click on your username to find user OCID
    6. compartment_ocid:
      1. Login to OCI console and Go to Governance and Administration --> Identity --> Compartments. Click on your username to find user OCID
    7. fingerprint:
      1. Copy the fingerprint generated during API signing key generation.
    8. private_key_path:
      1. location of Private Key
    9. private_key_password:
      1. Private Key passphrase

  2. Create Provider File:

    1. Create a file named provider.tf with below content.
      variable "tenancy_ocid" {
      variable "user_ocid" {
      variable "fingerprint" {
      variable "region" {
      variable "private_key_path" {
      variable "private_key_password" {
      variable "compartment_ocid" {
      provider "oci" {
        tenancy_ocid         = var.tenancy_ocid
        user_ocid            = var.user_ocid
        fingerprint          = var.fingerprint
        region               = var.region
        private_key_path     = var.private_key_path
        private_key_password = var.private_key_password

  3. Initialize Terraform

    1. Run below command to initialize Terraform and load OCI plugin
      terraform init

  4. Validate Terraform configuraiton

    1. Run below command to validate Terraform setup
      terraform validate

Create VCN in OCI:

Following steps will help you to create VCN in OCI using Terraform Provider.

  1. Switch to terraform scripts directory
    cd ~/tfscripts
  2. Create a file named vcn.tf and add below content
    resource "oci_core_vcn" "vcn1" {
      cidr_block     = ""
      dns_label      = "vcn1"
      compartment_id = var.compartment_ocid
      display_name   = "vcn1"
    output "vcn_id" {
      value = oci_core_vcn.vcn1.id
  3. Run below command to view the changes to OCI compartment
    terraform plan

  4. Apply changes and VCN will be created in OCI compartment.
    terraform apply

  5. Destroy to delete VCN from your compartment.
    terraform destroy

Additional References: