Using Terraform with OCI

terraform is a tool created by hashicorp that lets you define, provision, and manage cloud infrastructure using code instead of writing manual deployment steps, you define the desired end state of your infrastructure, and terraform determines how to build it terraform with oracle cloud infrastructure (oci) means using infrastructure as code to create and manage oracle cloud resources like vcns, subnets, compute instances, databases, iam, load balancers, and oke clusters while this guide focuses on oci, you can apply the same approach to any cloud provider terraform supports to learn more about terraform, see hashicorp's documentation automate infrastructure on any cloud https //developer hashicorp com/terraform content create a terraform enabled broadcaster cluster (optional) create a broadcaster placeholder complete prerequisites create oci objects customize terraform variables run terraform script create a terraform enabled broadcaster cluster first, use zen master to create a zixi broadcaster cluster that is enabled for terraform scripts the cluster id and name will be passed in the terraform script in a web browser, navigate to https //{youraccount} zen zixi com when you sign in, you should see the zixi zen master dashboard in the left navigation, select broadcasters click +add to create a new broadcaster cluster in the create new broadcaster cluster dialog, provide a cluster name and one or more tags for management type , select manual select the checkbox for terraform deployment support for broadcaster version , select the desired broadcaster version that you would like to run on your cloud service machines broadcaster versions available for your account can be viewed and modified on the customer portal select a broadcaster version that supports the type of processing that will be done on this cluster for activation key , enter your zixi broadcaster license activation key for ssh key , enter the ssh key pair used to establish a secure ssh tunnel and allow zen master to access and manage the broadcaster for api user , enter the username for zen master to access the broadcaster api for api password , enter the password for zen master to access the broadcaster api customize the other cluster fields as needed for details, see adding a broadcaster cluster – manual docid\ lugqitvwdm0yipl102 px (optional) create a broadcaster placeholder when using terraform, creating a broadcaster in zen master is optional if you want to set the broadcaster name and override some configuration fields, you can create a broadcaster placeholder in zen master that oci will use when oci creates broadcasters, it creates system generated broadcaster names return to zen master in the left navigation, select broadcasters in the broadcaster cluster list, click on your cluster name that is configured for terraform deployment support in the broadcaster cluster details screen, click + add broadcaster in the create new broadcaster dialog, provide a name for api user , enter the username for zen master to access the broadcaster api for api password , enter the password for zen master to access the broadcaster api for ssh key , enter the ssh key pair used to establish a secure ssh tunnel and allow zen master to access and manage the broadcaster customize the other broadcaster fields as needed for details, see adding a broadcaster to a manual cluster docid\ xyscyso498ly77zjqr 51 values that you set when creating a broadcaster placeholder will override the values from the cluster creating a placeholder allows you to specify a custom broadcaster name otherwise, the terraform script creates system generated broadcaster names complete prerequisites review the zixi public repo for using terraform with oci and install the system requirements in a browser, navigate to the zixi customer portal ( https //portal zixi com) https //portal zixi com and log in with your credentials in the left navigation, select documentation select by type and then zen master download the terraformocirepo zip file and unzip it in the oci broadcast cluster tf repo, open the readme md file review the prerequisites section and follow the steps install terraform cli on your computer create an oci api key upload the public key file (public pem) to the oci console copy the fingerprint shown after you upload the public key file create oci objects before running the terraform script, the following oci resources must exist return to the readme md file in the oci broadcast cluster tf repo review the oci prerequisites section to create oci objects in a browser, navigate to and log in to the oracle dashboard using the oracle dashboard, create the following objects compartment a fundamental logical container within oracle cloud infrastructure used to organize, isolate, and secure cloud resources vcn a virtual cloud network (vcn) with a public subnet and an internet gateway (igw) is the standard baseline setup for running public facing cloud infrastructure nsg network security groups (nsgs) allow you to apply granular firewall rules directly to specific virtual network cards (vnics) vault used to securely store your zm api key (or any other media orchestration credentials) in oci master encryption key before you can save a secret, oci requires a master key to encrypt the secret's contents secret now that the vault structure and encryption framework are ready, you can create the actual secret dynamic group this allows your compute instances to securely access cloud resources—like pulling that zm api key from the oci vault you just created—without hardcoding user credentials on the server iam policy because you want this policy to apply to the tenancy level rather than just a single sub compartment, the policy file itself must be attached to your root compartment customize terraform variables review and customize the terraform variables used by the script return to the oci broadcast cluster tf repo open the customer inputs md file use this as a reference that defines all the variables you will configure you will not update this file what you will edit terraform tfvars variable values what you will not edit terraform resource structure cloud init bootstrap logic duplicate the terraform tfvars example file and rename it terraform tfvars open the newly created terraform tfvars file this is the only file you will edit customize this file with your variable values run terraform script running a terraform script with oci follows the standard "init, plan, apply" workflow under the hood, it instructs oracle's cloud api to build, modify, or destroy oracle specific resources in a terminal window on your computer, navigate to the oci broadcast cluster tf repo folder first, run the init command (setup) this prepares your working directory and downloads plugins it reads your code, determines the cloud provider, and downloads the plugins needed to talk to those apis it sets up the backend with your state file terraform init next, run the plan command (preview) this lets you see what terraform intends to do before making any changes to your cloud environment it checks the current state of your cloud infrastructure it generates a list of what will be created, modified, or destroyed terraform plan then, run the apply command (execute) this takes your configuration and updates your cloud infrastructure it makes the api calls to your cloud provider to build, update, or delete resources once the resources are built, terraform records their ids and metadata into your state file terraform apply for more details about working with oci, see terraform's document get started oci https //developer hashicorp com/terraform/tutorials/oci get started notes the script sets up an oci vault and secret to securely store the zen master api key no credentials are stored on the instances the cloud init script makes calls to the zen master api cluster and broadcaster management is still done within zen master if you want another instance, modify the template, redeploy, and terraform takes care of it if you want custom images (amis), add them to the script