Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Connect Terraform Code from a GitLab Repository to an OCI Tenancy using a CI/CD Pipeline

Introduction

While working in Oracle Cloud Infrastructure (OCI) or any other cloud, we need clear directions on automation in every place, and one of the most important automation required is for infrastructure provisioning.

Users want to provision their cloud infrastructure using Terraform, and when there is some code involved, they want to manage it using Agile development practices on a code repository, and manage it in a complete DevOps way. Once the repository is set up with the initial code, any developer can submit a new code, and deploy the new infrastructure triggered from a continuous integration and continuous delivery/deployment (CI/CD) pipeline.

In this tutorial, we will understand all the steps needed to configure Terraform automation managed infrastructure pipeline in an agile way of development and use GitLab as our repository provider. The same process applies for other providers like GitHub and Azure DevOps.

Objectives

• Configure Terraform automation managed infrastructure pipeline using Agile development practices.

• Set up API keys for the user based on which the GitLab agent will connect to OCI tenancy.

• Set up a GitLab repository where all the Terraform code will be pushed, and initial Terraform code to get OCI tenancy details.

• Set up a YAML based CI/CD pipeline which will trigger Terraform actions as soon as new code is pushed and approved in the repository.

Prerequisites

• Required access to OCI and policies allowed in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). The user should have access to corresponding resources which they want to create or update using Terraform code.

• Access to GitLab to create a repository, subsequent pipeline and code push.

• Basic understanding of agile methodology of software development.

Task 1: Set up the API Keys

1. Log in to your OCI tenancy with the service account or the admin user and go to User settings.

   

   Or

   You can go to the user from the OCI IAM console as well. Just make sure this user has all the required access for creating or updating infrastructure on OCI.

2. Go to the Resources section for the user, click API Keys and Add API Key. Here, you can opt for either downloading the new public and private keys, upload your public key or paste your public key.

   

3. Once you select any one of the options, save the keys at a convenient location, and save the configuration file as shown in the following image. You will need this configuration file and private key when connecting to your tenancy using Terraform.

   

Task 2: Set up the GitLab Repository with Terraform Code

1. Create a repository on GitLab, we will use this repository to push the Terraform code.

   

2. Develop the Terraform code required to connect to the tenancy. In this tutorial, we will use the Terraform code to connect to the tenancy and get the details of availability domains.

   • provider.tf.

     provider "oci" {
               tenancy_ocid     = var.tenancy_ocid
               user_ocid        = var.user_ocid
               fingerprint      = var.fingerprint
               private_key_path = var.private_key_path
               region           = var.region
     }
     
     terraform {
       required_providers {
         oci = {
           version = ">= 3.0.0"
         }
       }
     }
     

   • variables.tf.

     variable "tenancy_ocid" {
             type = string
             default = "ocid1.tenancy.oc1..aaaaaaaacko"
     }
     variable "user_ocid" {
             type = string
             default = "ocid1.user.oc1..aaaaaaaafelq"
     }
     variable "fingerprint" {
             type = string
             default = "72:d4:6c:f8:89"
     }
     variable "private_key_path" {
             type = string
             default =  "oracleidentitycloudservice_user_key.pem"
     }
     variable "region" {
             type = string
             default = "us-ashburn-1"
     }
     

   • oracleidentitycloudservice_user_key.pem.

     content of your private key
     

   • availability-domains.tf.

     data "oci_identity_availability_domains" "ads" {
         #Required
         compartment_id = var.tenancy_ocid
     }
     

   • outputs.tf.

     # The "name" of the availability domain to be used for the compute instance.
     output "name-of-first-availability-domains" {
       value = data.oci_identity_availability_domains.ads.availability_domains[0].name
     }
     

   Note: Use the values from the saved configuration file to enter the parameter values in the variables.tf file.

Task 3: Set up a YAML Based CI/CD Pipeline and Trigger Based on Code Merge

1. Once your Terraform code is pushed to the GitLab repository, let’s create the pipeline and configure it using a yaml file.

   

2. Create a .gitlab-ci.yml file in the repository and add the following code.

   build-job:
     stage: build
     script:
       - echo "Hello Gitlab"
       - uname -r
       - yum install -y yum-utils
       - yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
       - sed -i 's/$releasever/7/g' /etc/yum.repos.d/hashicorp.repo
       - yum -y install terraform
       - pwd
       - ls -ltra
       - terraform init
       - terraform plan
       - terraform apply -auto-approve
   
   
   test-job1:
     stage: test
     script:
       - echo "This job tests something"
   
   test-job2:
     stage: test
     script:
       - echo "This job tests something, but takes more time than test-job1."
       - echo "After the echo commands complete, it runs the sleep command for 20 seconds"
       - echo "which simulates a test that runs 20 seconds longer than test-job1"
       - sleep 5
   
   deploy-prod:
     stage: deploy
     script:
       - echo "This job deploys something from the main branch."
     environment: dev
   

   Note:

   • All the Terraform commands init, plan and apply are executed in the build stage, but you can use them accordingly in the stage you need.
   • This demo yml file is based on GitLab agents running Oracle Linux 7. Check availability of Terraform modules based on your agent OS and network availability.

Related Links

• Oracle Cloud Infrastructure User API Keys

• Oracle Cloud Infrastructure Terraform Provider

• GitLab CI/CD pipelines

Acknowledgments

• Author - Lovelesh Saxena (Principal Software Engineering Architect)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Connect Terraform Code from a GitLab Repository to an OCI Tenancy using a CI/CD Pipeline

F94435-01

March 2024

Copyright © 2024, Oracle and/or its affiliates.