Prepare to Provision the Infrastructure Resources

Install Terraform and generate the required keys to create the infrastructure resources in Oracle Cloud.

Install Terraform

Terraform is a third-party tool that you can use to efficiently provision and manage resources in Oracle Cloud Infrastructure.

On UNIX-like or Linux systems, including Oracle Linux, you can install Terraform by downloading and extracting the Terraform package for your operating system.

1. Go to https://releases.hashicorp.com/terraform/.
2. Locate the highest version of Terraform 0.13.x, and click it.
3. Locate and download the appropriate package depending on your operating system.
4. Extract the package to the path /usr/local/bin/.
   You can extract Terraform to any other directory on your local host. Ensure that the directory is included in the PATH variable.
   Terraform is installed and ready to use.
5. Verify the installation.

   terraform -v

   The Terraform version is displayed.

Generate an API Signing Key

To enable Terraform to authenticate with Oracle Cloud Infrastructure, you must provide an RSA key in the privacy-enhanced mail (PEM) format. This key is not the same as the SSH key that you use to access your compute instances.

1. Create a hidden subdirectory in your home directory, to store the PEM key.

   mkdir ~/.oci

2. Generate a private key (size: 2048 bits or higher).

   openssl genrsa -out ~/.oci/oci_api_key.pem 2048

3. Change the permissions of the private key file to ensure that only you can read the key.

   chmod go-rwx ~/.oci/oci_api_key.pem

4. Generate the public key for the private key.

   openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

You can store the keys in any directory of your choice.

Make a note of the location.

Upload the API Signing Key

After you generate an API signing key, upload the public key for the appropriate user in Oracle Cloud Infrastructure.

1. Sign in to the Oracle Cloud Infrastructure web console.
2. From the services menu, select Identity, and then select Users.
3. On the Users page, click the user that you plan to specify in the Terraform configuration.
4. On the user details page, click Add Public Key.
5. Copy the public key value from the oci_api_key_public.pem file that you created earlier, and paste it in the PUBLIC KEY field.
6. Click Add.
   The key is uploaded, and its fingerprint is displayed.
7. Copy the fingerprint. You need it later.

Generate SSH Keys on UNIX-Like Systems

Use SSH keys to enable secure access to your compute instances. Use separate key pairs for the bastion host and for any other hosts in the topology.

Generate the required key pairs on your local host. The Terraform modules then add the public keys to the compute instances. When you connect to a compute instance, you provide the appropriate private key to authenticate access.

On UNIX-like systems, use ssh-keygen to generate the required SSH key pairs.

ssh-keygen -t rsa -N "" -b 2048 -C "key_name" -f path/root_name

• -t rsa: Specifies that the key pair should be generated using the RSA algorithm

• -N "": Specifies the key pair should be generated without a passphrase.

• -b 2048: Specifies that you want to generate a 2048-bit key. This value is the default (and the minimum recommended) value.

• -C "key_name": The name of the key pair.

• -f path/root_name: The directory where the key pair is saved and the root name for the public and private keys.

  The public key has .pub appended to the root name.

The SSH key pair is generated and saved in the directory that you specified.

Make a note of the full path and name of the key files.

Generate SSH Keys on Windows

Use PuTTYgen to generate the required SSH key pairs.

1. Start PuTTYgen.
2. Accept the default key type of SSH-2 RSA, and set the Number of bits in a generated key to 2048 if it isn't already set.
3. Click Generate, and then move your mouse around the blank area to generate randomness.
   The key is generated, and its value appears under Public key for pasting into OpenSSH authorized_keys file.
4. Click Save private key.
   You're prompted to confirm that you want to save the key without a passphrase.

   Click Yes.

   You can store the key in any location. But for simplicity, store it in the same folder where your Terraform modules are located.
5. Next, to save the public key, select all of the generated key that appears in the Public key for pasting into OpenSSH authorized_keys file field, copy it, and paste it into a text file.
   Save this file in the same location as the private key. Don't use the Save public key button, because it doesn't save the key in the OpenSSH format.

Make a note of the full path and name of the key files.