Terraform Discovery of OCI Resources
Let’s start with brief & sparse introduction what OCI and Terraform is.
- Oracle Cloud Infrastructure (OCI), a.k.a. Oracle Cloud offers modern set of cloud resources — from networking and compute instances to Kubernetes and Hadoop cluster and even more.
- Terraform is a leading and trend-setting solution for Infrastructure as Code — it allows to define and provision cloud infrastructure via a high-level configuration language and it supports numerous cloud providers — among others AWS, GCP, Azure and of course, OCI.
So, how those two —OCI & Terraform — glue together? OCI provides number of ways how to interact with cloud products and resources:
- UI console
- REST API
- SDKs in various languages (Java, Python, Golang, Ruby)
- CLI client
- Terraform provider
Terraform Discovery
Terraform discovery is a relatively new feature which allows to discover OCI resources in particular compartment and creates related Terraform configuration files.
There is couple of use cases when this discovery feature comes handy, e.g.:
- you are migrating toward Infractructure as Code,
- particular resources have been created by different approach (console, SDK etc.) and you would like to have a repeatable solution based on an industrial standard,
- backup of complex infrastructure provisioning etc.
You can find Terraform documentation for discovery on the page: Discovering Terraform resources in an Oracle Cloud Infrastructure compartment.
Discovery of OCI resources
Let’s have following use case:
- There are some already created OCI resources.
- We need to document & persist current state of those OCI resources.
Existing OCI resources
For the sake of simplicity, we have 2 compute instances with following set up. Of course, there are other related resources like VCN, subnet, seclist etc. But you can imagine highly complex infrastructure of some real case.
Terraform set up
I won’t go into the full detail of how to install and set up Terraform, but just necessary configuration for being able to obtain a proper version of the OCI Terraform Provider. For authentication, you should be safe to follow the official documentation.
Because we start in an empty directory, we have to somehow say to Terraform that we want to work with a specific version of the provider. This can be done via following file:
Now, we just need to run the terraform init command and the right version of the provider will be downloaded.
The provider plugin is now located in the .terraform/plugins/<architecture> directory.
It would be handy to create a symbolic link for further usage:
ln -s .terraform/plugins/linux_amd64/terraform-provider-oci_v3.69.0_x4 terraform-provider-ociTerraform discovery
Once ready, the usage should be quite straightforward: let’s run following command:
The plugin now connects to OCI, processes discovery and writes the configuration files to the output directory:
If we check the core.tf file, we should see a familiar values of our compute instance:
Generating of Terraform state
One of the strong Terraform features is Terraform State — although Terraform treats resources as immutable, it internaly holds their state. 🤓 (This state can be local or remote, but that is a completely different story.)
Luckily, the OCI Terraform Provider not just generates the configuration files, but the (local) state file as well. We only need to use above mentioned export command with the -generate_state switch.
And voilà, the state is there (look for the terraform.tfstate file):
From now on, we can use Terraform as usual.
Which resource are discoverable?
Both, OCI and Terraform are quickly evolving, dynamic systems and new features are added on the fly. Discoverability is a relatively new feature and so, not all the OCI resources are supported by discovery.
You can obtain a list of currently discoverable resources by following command:
terraform-provider-oci -command=list_export_resourcesFot the time being, the plugin supports following resources and services:
- identity
- core (instances, network etc.)
- database
- load_balancer
- object_storage
- tagging
