1. Set up infrastructure components for deploying Agile PLM
  2. About Configuring Terraform on UNIX-Like Systems

About Configuring Terraform on UNIX-Like Systems

To use Terraform to create Oracle Cloud Infrastructure components, you must download and install Terraform. You’ll also download the Terraform modules that create the configuration files that you’ll use create the required infrastructure components.

The system where you install Terraform and store the Teraform modules can be either on premises or in the cloud. For convenience, we’ll refer to this as your local system or your local host.

Before you run Terraform:

  • Generate an SSH key pair used to allow you to access your Compute instances

  • Generate an API signing key used to authenticate API calls made by Terraform

  • Set environment variables used by Terraform to authenticate access and execute its plans

After completing these steps, you’re ready to apply the Terraform configuration files to create your infrastructure components on Oracle Cloud Infrastructure.

Install Terraform

On UNIX-like or Linux systems, including Oracle Linux, you can install Terraform by downloading and extracting the Terraform package for your operating system.

  1. Go to https://www.terraform.io/downloads.html.
  2. Download the appropriate package depending on your operating system.
  3. Extract the package to the path /usr/local/bin/.
    You can extract Terraform to any other directory on your local host. Ensure that the directory is included in the PATH variable.
    Terraform is installed and ready to use.
  4. Verify the installation.
    terraform -v

    The Terraform version is displayed, as shown in this example:

    Terraform v0.12.18

Generate an SSH Key Pair to Access the Bastion Hosts

You can use SSH to access compute instances in Oracle Cloud securely. Generate an SSH key pair on your local host. Add the SSH public key to the bastion hosts while creating them. When you connect to a bastion host using SSH, provide the private key to authenticate access.

Use the ssh-keygen utility to generate an SSH key pair. Don’t set a passphrase for your SSH key.

  • In a terminal window, enter the following command:
    ssh-keygen -t rsa -N "" -b 2048 -C "key_name" -f path/root_name

    • -t rsa specifies that the key should be generated using the RSA algorithm

    • -N "" specifies the passphrase that you want to associate with this key. Don’t enter anything between the quotes. The key is created without a passphrase.

    • -b 2048 specifies that you want to generate a 2048–bit key. This value is the default value and is also the minimum recommended value.

    • -C "key_name" specifies the name for this key pair.

    • -f path/root_name specifies the location where the key is saved and the root name for the public key and private key. The public key has .pub appended to the root name.

The SSH key pair is generated and saved in the location that you specified.

Make a note of the location.

Generate an SSH Key Pair to Access Private Instances

You can use bastion hosts to create SSH connections to compute instances that don’t have public IP addresses and don’t allow access over the public internet. As a security best practice, generate separate SSH key pairs for the bastion hosts and the private instances.

Use ssh-keygen on your local host to generate an SSH key pair.

Make a note of the location where you save the SSH keys.

Generate an API Signing Key

You must provide an RSA key pair in the privacy-enhanced mail (PEM) format to enable Terraform to authenticate with Oracle Cloud Infrastructure. Note that this API signing key is not the same as the SSH key pair that you use to access your instances. You can use OpenSSL to generate the API signing key.

  1. Create a hidden subdirectory in your home directory to store the PEM key.
    mkdir ~/.oci
  2. Generate a private key (size: 2048 bits or higher).
    openssl genrsa -out ~/.oci/key_name.pem 2048
  3. Change the permissions on the private key file, to ensure that only you can read the key.
    chmod go-rwx ~/.oci/key_name.pem
  4. Generate the public key for the private key.
    openssl rsa -pubout -in ~/.oci/key_name.pem -out ~/.oci/key_name_public.pem
You can store the keys in any directory of your choice.

Make a note of the location.

Upload the API Signing Key Using the Console

After you generate an API signing key, you must upload the public key for the associated user in Oracle Cloud Infrastructure. The first time you upload an API signing key, you must use the web console. Subsequently, you can also use the API to upload an API key.

  1. Sign in to the Oracle Cloud Infrastructure Console.
  2. From the services menu, select Identity, and then select Users.
  3. On the Users page, click the user you want to upload the key for.
  4. On the user details page, click Add Public Key.
  5. Copy the public key value from the ~/.oci/key_name_public.pem file, and paste it in the PUBLIC KEY field.
  6. Click Add.
    The key is uploaded, and its fingerprint is displayed.
  7. Copy the fingerprint. You'll need it later.