Terraform CloudからOCIへ接続する方法を記述します。
接続方法はいろいろあるようですがAPIキーを使用する方法について説明します。
手順
- OCIユーザーのAPIキーを作成します
- TerraformのOCIプロバイダーに接続情報を記述します
- 機密情報をTerraform Cloudの
Variablesに設定します
OCIユーザーのAPIキーを作成します
OCIにログインし、右上のユーザーマーク > Myprofile > API keys
キーペアを新規作成します。秘密鍵をダウンロードし、Addをクリックします。
接続情報が表示されます。コピーしておきます。
TerraformのOCIプロバイダーに接続情報を記述します
provider.tf
terraform {
required_version = "1.9.2"
required_providers {
oci = {
source = "oracle/oci"
version = "6.3.0"
}
}
cloud {
organization = "Terraform Cloud 組織名"
workspaces {
name = "Terraform Cloud ワークスペース名"
}
}
}
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
region = "ap-tokyo-1"
private_key = var.private_key
}
variables.tf
variable "tenancy_ocid" {
type = string
sensitive = true
}
variable "user_ocid" {
type = string
sensitive = true
}
variable "private_key" {
type = string
sensitive = true
}
variable "fingerprint" {
type = string
sensitive = true
}
機密情報をTerraform CloudのVariablesに設定します
Terraform Cloudにvariable.tfで作成した変数の値を設定します。sensitiveにチェックを付けます。
private_keyには秘密鍵の「-----BEGIN PRIVATE KEY-----」~「-----END PRIVATE KEY-----」を設定します。「-----BEGIN PRIVATE KEY-----」「-----END PRIVATE KEY-----」の部分は含めます。
確認
initとplanを実行します。接続できました。
console
$ terraform init
Initializing HCP Terraform...
Initializing provider plugins...
- Finding oracle/oci versions matching "6.3.0"...
- Installing oracle/oci v6.3.0...
- Installed oracle/oci v6.3.0 (signed by a HashiCorp partner, key ID 1533A49284137CEB)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
HCP Terraform has been successfully initialized!
You may now begin working with HCP Terraform. Try running "terraform plan" to
see any changes that are required for your infrastructure.
If you ever set or change modules or Terraform Settings, run "terraform init"
again to reinitialize your working directory.
$ terraform plan
Running plan in HCP Terraform. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
To view this run in a browser, visit:
https://app.terraform.io/app/urushibata-org/oci/runs/run-4GdcqLWmbuQddeB3
Waiting for the plan to start...
Terraform v1.9.2
on linux_amd64
Initializing plugins and modules...
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
------------------------------------------------------------------------
Cost Estimation:
Resources: 0 of 0 estimated
$0.0/mo +$0.0
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.