Deploying Users, Groups, and Policies in a 100% Automated Way Using Ansible and Cloud Shell in Oracle Cloud
Project Overview
In a real-world context, I assumed the role of a Cloud Specialist to set up Users, Groups, and Policies within Oracle Cloud Infrastructure (OCI). At first glance, one might think that achieving this via the OCI console would be a piece of cake; however, this is far from the truth when scaled up to large enterprise environments.
The Challenge: The Pitfalls of Manual Administration
Manually administering users, groups, and policies introduces various challenges, particularly in substantial corporate settings. For starters, the probability of making mistakes grows considerably. A single oversight could lead to security vulnerabilities, unauthorised access, or loss of vital data. Furthermore, manual procedures are time-intensive and inefficient, requiring ongoing attention and potentially causing delays in other crucial tasks.
The Solution: Ansible and Oracle Cloud CLI
Fortunately, a more efficient and less error-prone approach is available. I automated the entire procedure by utilising the capabilities of Ansible and Oracle’s exhaustive documentation. Adding a unique element to the project, I carried out the automation scripts within Oracle Cloud CLI — where Ansible is pre-installed. This enabled a smooth and efficient deployment process.
Pre-requisites: Setting Environmental Variables
Before embarking on running the Ansible playbooks, it’s essential to configure specific environmental variables. These variables determine the compartments in which the resources will be deployed. Below are the critical commands to execute:
export PARENT_COMPARTMENT_OCID=<TENANCY-ocid>
export NETWORKING_COMPARTMENT_OCID=<NETWORKING_COMPARTMENT-ocid>
export COMPUTE_COMPARTMENT_OCID=<COMPUTE_COMPARTMENT-ocid>
export DB_COMPARTMENT_OCID=<DB_COMPARTMENT-ocid>The Value of Ansible Playbooks
Indeed, crafting the Ansible Playbooks initially required more time and effort. However, the long-term benefits far outweigh the initial time investment. These Playbooks serve as reusable templates that streamline future work. Furthermore, the versatility of these Playbooks is another major asset; I’ve stored them in my GitHub repository, making it incredibly simple to adapt and deploy them for other projects or even different companies that utilise Oracle Cloud.
For instance, one of the Playbooks focuses specifically on user creation (see iam-creating-users.yaml below), and it’s just a single cog in a series of interconnected Playbooks that together form a comprehensive automation framework.
---
- name: Creating user
oci_identity_user:
name: "{{ item }}"
description: "Member of {{ group_name }}"
compartment_id: "{{ parent_compartment_ocid }}"
email: "{{ item }}{{ domain }}"
register: creatinguser
- set_fact:
user_ocid: "{{ creatinguser.user['id'] }}"
- debug:
msg: "User {{ item }} created"
when: creatinguser.changed
- name: Adding user to a group
oci_identity_user_group_membership:
user_id: "{{ user_ocid }}"
group_id: "{{ group_ocid }}"
compartment_id: "{{ parent_compartment_ocid }}"
register: result
- set_fact:
user_group_membership_ocid: "{{ result.user_group_membership['id'] }}"
- name: Creating user password
oci_identity_ui_password:
user_id: "{{ user_ocid }}"
register: result
when: creatinguser.changed
- set_fact:
user_password: "{{ result.ui_password['password'] }}"
when: creatinguser.changed
- debug:
msg: "Password of {{ item }} is {{ user_password }}"
when: creatinguser.changedThe reusability and adaptability of these Playbooks are invaluable, especially in a multi-cloud environment.
Conclusion: Client Feedback and Future Adaptability
Upon completion, my client was astonished by the simplicity and efficiency of the new system. They were particularly impressed with how straightforward it would be for them to add or remove users, alter groups, and modify policies in the future. The automated approach mitigates the risk of human error and paves the way for easy adaptability and scalability, crucial aspects in today’s ever-evolving cloud landscape.
