Tuesday, February 11, 2020

Terraform:: OCI Provider Quickstart Guide

Following document will provide detailed steps to setup Terraform for OCI on Oracle Linux server and create a VCN in OCI compartment.

Terraform Installation:


You can setup using YUM or follow manual steps provided below.
  • Using YUM:

    sudo yum install -y terraform terraform-provider-oci

  • Manual Steps:
  1. Download terraform and terraform-provider-oci RPM’s from below URL’s.

  2. Run following commands to install RPM’s

    sudo rpm -ivh terraform-0.12.20-1.el7.x86_64.rpm
    sudo rpm -ivh terraform-provider-oci-3.61.0-1.el7.x86_64.rpm


In case of OL6, we need to follow manual steps to setup Terraform, and Terrform Provider for OCI.
  • Manual Steps:
  1. Setup Terraform:

    1. Login to your machine and switch to home directory:
      cd ~
    2. Download Terraform Binary
      wget https://releases.hashicorp.com/terraform/0.12.20/terraform_0.12.20_linux_amd64.zip
    3. Unzip Binary:
      unzip terraform_0.12.20_linux_amd64.zip
    4. Remove Binary:
      rm terraform_0.12.20_linux_amd64.zip
  2. Setup Terraform OCI Provider:

    1. Login to your machine and switch to home directory:
      cd ~
    2. Create directory for plugins:
      mkdir -p .terraform.d/plugins
    3. Switch to newly created directory:
      cd .terraform.d/plugins/
    4. Download Terraform OCI Provider Binary:
      wget https://releases.hashicorp.com/terraform-provider-oci/3.61.0/terraform-provider-oci_3.61.0_linux_amd64.zip
    5. Unzip Binary:
      unzip terraform-provider-oci_3.61.0_linux_amd64.zip
    6. Remove Binary:
      rm terraform-provider-oci_3.61.0_linux_amd64.zip

  3. Add Terraform home to Path

    export TF_HOME=~
    export PATH=$TF_HOME:$PATH

    Note: You can make it permanent by adding it to ~/.bashrc file and then source it.
  4. Run below command to test Terraform setup

    terraform version

OCI Console Setup:

  1. Setup API Signing Key:
    1. Login to host and run following commands to generate API signing key for OCI user.
    2. Go to home directory and create
      cd ~
    3. mkdir ~/.oci
      openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048
      Enter Passphrase:
    4. Secure private key:
      chmod go-rwx ~/.oci/oci_api_key.pem
      Get Finger print
    5. Generate Fingerprint:
      openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c
      This fingerprint value required for Terraform OCI provider.
    6. Generate Public key:
      openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
    7. Copy Public key:
      cat ~/.oci/oci_api_key_public.pem
  2. Add credentials to OCI console

    1. Login to the respective OCI Console: 
      1. Ashburn Console: https://console.us-ashburn-1.oraclecloud.com/
    2. Go to Governance and Administration --> Identity --> Users
    3. Click on your username (email id)
    4. Click on Add Public Key and paste your key from oci_api_key_public.pem. And add it.
    5. Please note the Fingerprint shown on the console.It should match the Fingerprint generated during API signing key generation.

Terraform OCI Provider Setup:

  1. Create Variable File:
    1. Login to host (where terraform & terraform OCI provider already installed) and create a directory for terraform scripts.
      mkdir –p ~/tfscripts
    2. Switch to newly created directory
      cd ~/tfscripts
    3. Create a file named terraform.tfvars and add below content.
      tenancy_ocid            = "ocid1.tenancy.oc1..aaaaaaaaqms4qy6kxsxsdoaocxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      user_ocid               = "ocid1.user.oc1..aaaaaaaag4jmbpa2pg5pzea4qsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      fingerprint             = "43:3f:3b:ce:d4:49:31:9c:3f:ef:2a:84:9f:eb:7b:3d"
      private_key_path        = "~/.oci/oci_api_key.pem"
      compartment_ocid        = "ocid1.tenancy.oc1..aaaaaaaaqms4qy6kxsxsdoaocxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      region                  = "us-ashburn-1"
      private_key_password    = "<password>"
    4. tenancy_ocid: 
      1. Login to OCI console and click on top right user icon and select Tenancy name to find tenancy OCID
    5. user_ocid:
      1. Login to OCI console and Go to Governance and Administration --> Identity --> Users. Click on your username to find user OCID
    6. compartment_ocid:
      1. Login to OCI console and Go to Governance and Administration --> Identity --> Compartments. Click on your username to find user OCID
    7. fingerprint:
      1. Copy the fingerprint generated during API signing key generation.
    8. private_key_path:
      1. location of Private Key
    9. private_key_password:
      1. Private Key passphrase

  2. Create Provider File:

    1. Create a file named provider.tf with below content.
      variable "tenancy_ocid" {
      variable "user_ocid" {
      variable "fingerprint" {
      variable "region" {
      variable "private_key_path" {
      variable "private_key_password" {
      variable "compartment_ocid" {
      provider "oci" {
        tenancy_ocid         = var.tenancy_ocid
        user_ocid            = var.user_ocid
        fingerprint          = var.fingerprint
        region               = var.region
        private_key_path     = var.private_key_path
        private_key_password = var.private_key_password

  3. Initialize Terraform

    1. Run below command to initialize Terraform and load OCI plugin
      terraform init

  4. Validate Terraform configuraiton

    1. Run below command to validate Terraform setup
      terraform validate

Create VCN in OCI:

Following steps will help you to create VCN in OCI using Terraform Provider.

  1. Switch to terraform scripts directory
    cd ~/tfscripts
  2. Create a file named vcn.tf and add below content
    resource "oci_core_vcn" "vcn1" {
      cidr_block     = ""
      dns_label      = "vcn1"
      compartment_id = var.compartment_ocid
      display_name   = "vcn1"
    output "vcn_id" {
      value = oci_core_vcn.vcn1.id
  3. Run below command to view the changes to OCI compartment
    terraform plan

  4. Apply changes and VCN will be created in OCI compartment.
    terraform apply

  5. Destroy to delete VCN from your compartment.
    terraform destroy

Additional References:

Saturday, January 11, 2020

Kubernetes:: Deploy the Web UI (Dashboard)

Recently I started exploring Kubernetes and tried to deploy the dashboard UI. Here is the list of steps followed to setup dashboard for my kubernetes cluster.

1. Refer to https://github.com/kubernetes/dashboard to get latest YAML file to setup dashboard. Run following command on your master node to deploy latest dashboard.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml

2. Run below command to view the deployed dashboard details

kubectl get services --all-namespaces -o wide
kubectl get deployments --all-namespaces -o wide
kubectl get pods --all-namespaces -o wide

kubectl -n kubernetes-dashboard describe pod kubernetes-dashboard
kubectl -n kubernetes-dashboard describe pod dashboard-metrics-scraper

3. Create a dashboard-admin-service-account.yaml file with below content.

apiVersion: v1
kind: ServiceAccount
  name: dashboard-user
  namespace: kubernetes-dashboard
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: dashboard-user
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
- kind: ServiceAccount
  name: dashboard-user
  namespace: kubernetes-dashboard

4. Run the dashboard-admin-service-account.yaml file to perform following actions.

  • Create Service Account with name dashboard-user in namespace kubernetes-dashboard first.
  • Create ClusterRoleBinding for ServiceAccount

kubectl apply -f dashboard-admin-service-account.yaml

5. Run below command to get token for the dashboard-user user. This is required to login to dashboard.

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-user | awk '{print $1}') | grep token:

6. Run below command to access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster

kubectl proxy

7. Setup SSH tunneling via Putty. This step is not required, if you are accessing browser on same host.

8. Open browser and access below URL.


9. Select Token and copy the token output from step#6 into Enter token field on login screen.. Click on Sign in button.

10. Dashboard will be displayed.