はじめに
OCIのマニュアルのこちらを参考にTerraformの設定をします。
動作確認のため、Availability Domainsのリストを表示します。
Terraformを設定する対象はOracle LinuxのインスタンスでOCI CLIをインストール済みです。
$ cat /etc/oracle-release
Oracle Linux Server release 8.8
$ oci -v
3.23.2
Terraformのインストール
こちらのURLを参照し、Terraformの最新版を確認します。
今回は1.6.2を使用します。
アーカイブをダウンロードします。
$ wget https://releases.hashicorp.com/terraform/1.6.2/terraform_1.6.2_linux_amd64.zip
--2023-11-01 05:30:16-- https://releases.hashicorp.com/terraform/1.6.2/terraform_1.6.2_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 13.224.181.83, 13.224.181.111, 13.224.181.15, ...
Connecting to releases.hashicorp.com (releases.hashicorp.com)|13.224.181.83|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24738688 (24M) [application/zip]
Saving to: ‘terraform_1.6.2_linux_amd64.zip’
terraform_1.6.2_linux_amd64.zip 100%[==========================================================================================>] 23.59M --.-KB/s in 0.09s
2023-11-01 05:30:16 (277 MB/s) - ‘terraform_1.6.2_linux_amd64.zip’ saved [24738688/24738688]
解凍してパスの通っているディレクトリに移動させてバージョンを確認します。
$ unzip -q terraform_1.6.2_linux_amd64.zip
$ sudo mv terraform /usr/local/bin
$ terraform -v
Terraform v1.6.2
on linux_amd64
RSAキーの作成
OCI CLIのインストール後の設定で作成済みのため割愛。
$ ls -l ~/.oci
total 12
-rw-------. 1 opc opc 299 Nov 1 03:55 config
-rw-------. 1 opc opc 1703 Nov 1 03:57 oci_api_key.pem
-rw-rw-r--. 1 opc opc 451 Nov 1 03:56 oci_api_key_public.pem
設定ファイルの作成
認証の設定
ディレクトリを作成し、provider.tfファイルを作成します。
このファイルはインスタンスからOCIへの認証に使用します。
$ mkdir tf-provider
$ cd tf-provider
provider.tf
provider "oci" {
tenancy_ocid = "<tenancy-ocid>"
user_ocid = "<user-ocid>"
private_key_path = "<rsa-private-key-path>"
fingerprint = "<fingerprint>"
region = "<region-identifier>"
}
データソースの設定
Terraformで作成、取得するデータの設定ファイルです。
ここではprovider.tfで指定したリージョンのAvailability Domainsを表示します。
テナンシーレベルでの権限がないため、自身のコンパートメントOCIDを指定します。
availability-domains.tf
data "oci_identity_availability_domains" "ads" {
compartment_id = "<tenancy-ocid>"
}
出力の設定
取得したデータを出力する形式を設定します。
outputs.tf
# Output the "list" of all availability domains.
output "all-availability-domains-in-your-tenancy" {
value = data.oci_identity_availability_domains.ads.availability_domains
}
ここまで、三つの設定ファイルを作成しました。
$ ls -l
total 12
-rw-rw-r--. 1 opc opc 155 Nov 1 05:57 availability-domains.tf
-rw-rw-r--. 1 opc opc 176 Nov 1 05:59 outputs.tf
-rw-rw-r--. 1 opc opc 356 Nov 1 05:44 provider.tf
Terraformの実行
init
初期化します。
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v5.18.0...
- Installed hashicorp/oci v5.18.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
╷
│ Warning: Additional provider information from registry
│
│ The remote registry returned warnings for registry.terraform.io/hashicorp/oci:
│ - For users on Terraform 0.13 or greater, this provider has moved to oracle/oci. Please update your source in required_providers.
╵
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
成功しましたが、Warningが出ています。
プロバイダーは、Hashicorpのregistryではなく、Oracleが提供しているregistryに変えた方がいいということのようです。
provider.tfに追記して、再度initします。
provider.tf
provider "oci" {
tenancy_ocid = "<tenancy-ocid>"
user_ocid = "<user-ocid>"
private_key_path = "<rsa-private-key-path>"
fingerprint = "<fingerprint>"
region = "<region-identifier>"
}
## 追記
terraform {
required_providers {
oci = {
source = "oracle/oci"
}
}
}
## ここまで
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of oracle/oci...
- Installing oracle/oci v5.18.0...
- Installed oracle/oci v5.18.0 (signed by a HashiCorp partner, key ID 1533A49284137CEB)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
今度はWarningは出ていません。
ログを見てみると
Initializing provider plugins...
- Finding latest version of hashicorp/oci...
- Installing hashicorp/oci v5.18.0...
- Installed hashicorp/oci v5.18.0 (signed by HashiCorp)
が
Initializing provider plugins...
- Finding latest version of oracle/oci...
- Installing oracle/oci v5.18.0...
- Installed oracle/oci v5.18.0 (signed by a HashiCorp partner, key ID 1533A49284137CEB)
に変わっています。
Plan
実行計画を作成します。
$ terraform plan
data.oci_identity_availability_domains.ads: Reading...
data.oci_identity_availability_domains.ads: Read complete after 1s [id=IdentityAvailabilityDomainsDataSource-23752778]
Changes to Outputs:
+ all-availability-domains-in-your-tenancy = [
+ {
+ compartment_id = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
+ id = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
+ name = "TGjA:AP-SYDNEY-1-AD-1"
},
]
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
apply
実行します。
$ terraform apply
data.oci_identity_availability_domains.ads: Reading...
data.oci_identity_availability_domains.ads: Read complete after 0s [id=IdentityAvailabilityDomainsDataSource-23752778]
Changes to Outputs:
+ all-availability-domains-in-your-tenancy = [
+ {
+ compartment_id = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
+ id = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
+ name = "TGjA:AP-SYDNEY-1-AD-1"
},
]
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
all-availability-domains-in-your-tenancy = tolist([
{
"compartment_id" = "ocid1.compartment.oc1..aaaaaaaamyemvazvbgl42f5pi7gzlpgq5tcmxlipjm2uitoihfschylliy5a"
"id" = "ocid1.availabilitydomain.oc1..aaaaaaaalhnzffyixz4hyhp7gtcdskahy22cekpcgndvwdjffrdv6d5iqi5a"
"name" = "TGjA:AP-SYDNEY-1-AD-1"
},
])
表示するだけなので、 Resources: 0 added, 0 changed, 0 destroyed.となっています。