Install Terraform and generate the required keys to create the infrastructure resources in Oracle Cloud.
Terraform is a third-party tool that you can use to efficiently provision and manage resources in Oracle Cloud Infrastructure.
Install Terraform version 0.12.16+ on a local computer.
- Go to https://releases.hashicorp.com/terraform/.
- Click the required version, and download the appropriate package depending on your operating system.
- Extract the package to the path
/usr/local/bin/.You can extract Terraform to any other directory on your local host. Ensure that the directory is included in the
PATHvariable.Terraform is installed and ready to use.
- Verify the installation.
The Terraform version is displayed.
Generate an API Signing Key
To enable Terraform to authenticate with Oracle Cloud Infrastructure, you must provide an RSA key in the privacy-enhanced mail (PEM) format. This key is not the same as the SSH key that you use to access your compute instances.
- Create a hidden subdirectory in your home directory, to store the PEM key.
- Generate a private key (size: 2048 bits or higher).
openssl genrsa -out ~/.oci/oci_api_key.pem 2048
- Change the permissions of the private key file to ensure that only you can read the key.
chmod go-rwx ~/.oci/oci_api_key.pem
- Generate the public key for the private key.
openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
Make a note of the location.
Upload the API Signing Key
After you generate an API signing key, upload the public key for the appropriate user in Oracle Cloud Infrastructure.
- Sign in to the Oracle Cloud Infrastructure web console.
- From the services menu, select Identity, and then select Users.
- On the Users page, click the user that you plan to specify in the Terraform configuration.
- On the user details page, click Add Public Key.
- Copy the public key value from the
oci_api_key_public.pemfile that you created earlier, and paste it in the PUBLIC KEY field.
- Click Add.The key is uploaded, and its fingerprint is displayed.
- Copy the fingerprint. You need it later.
Generate an SSH Key Pair for the Bastion Host
An SSH key pair is used to enable secure access to instances. You generate an key pair on your local host. The Terraform modules then add the public key to the bastion host. When you connect to the bastion host, you provide the private key to authenticate access.
- Use the
ssh-keygenutility and generate an SSH key pair. Don’t set a passphrase for the key pair.
ssh-keygen -t rsa -N "" -b 2048 -C "key_name" -f path/root_name
-t rsa: Specifies that the key pair should be generated using the RSA algorithm
-N "": Specifies the passphrase that you want to associate with this key pair. Don’t enter anything between the quotation marks. Create the key pair without a passphrase.
-b 2048: Specifies that you want to generate a 2048-bit key. This value is the default (and the minimum recommended) value.
-C "key_name": Specifies the name of the key pair.
-f path/root_name: Specifies the directory where the key pair is saved and the root name for the public and private key. The public key has
.pubappended to the root name.