Plan Your Deployment Strategy

Determine how you want to define and deploy your OCI resources and workloads. You can use the OCI Terraform provider to manage OCI resources wherever you use a Terraform distribution, including Terraform Cloud and OCI Resource Manager. On top of the OCI Terraform provider, you also have available the OCI Landing Zones Terraform modules, which simplify the deployment of OCI resources using classic .tfvars files or JSON configurations where no coding is needed.

For example, you can use OCI Landing Zones which enable repeatable, 1-click provisioning of a CIS-hardened tenancy and workload infrastructure, including essential cloud services like identity, security, networking, observability, and governance. Workload resources can then be deployed on top for specific applications.

Choose a Region Based on Your Customers and Data

Cloud Architect, Network Architect, Cloud Operations Manager

When choosing a region, be aware of who is going to be accessing your resources and from which region of the country or world. Take privacy and regulatory requirements into account when making your selection.

Adopt Infrastructure as Code

Cloud Architect, DevOps Architect, Cloud Operations Manager

When you adopt infrastructure as code in OCI, you can define your entire application infrastructure in the form of code. You can perform operational procedures as code and implement them in response to events-based notifications.

The following elements enable you to define and manage your infrastructure using code:

  • Oracle Cloud Infrastructure Landing Zones

    OCI Landing Zones provide you with a complete set of OCI blueprints, that include ready-to-use designs, configurations, and declarative IaC Terraform modules that can be used for any OCI architecture and deployment model.

  • Oracle Cloud Infrastructure Resource Manager

    Resource Manager automates the process of provisioning your OCI resources by using Terraform to help you install, configure, and manage resources through the infrastructure-as-code model.

  • Oracle Cloud Infrastructure Events

    Events automate the response to resource changes in your tenancy. OCI services emit event messages, which are structured messages that indicate changes in resources. You can create automation based on the state changes of resources throughout your tenancy and allow your development teams to automatically respond when a resource changes its state.

  • Oracle Cloud Infrastructure Functions

    Functions provide a highly scalable and fully managed serverless platform. After you deploy your code, you can use events to trigger operational procedures that are coded as functions.

Adopt Terraform to Implement Repeatable Workflows

DevOps Architect, Application Architect, Cloud Operations Manager

Terraform is an open source tool that allows you to programmatically manage, version, and persist infrastructure through the infrastructure-as-code model. Terraform configurations codify your infrastructure in declarative files that define your infrastructure and maintain its state.

You can share these files among team members, treat them as code, edit, review, and version them.

You can use the OCI Terraform provider to manage OCI resources wherever you use a Terraform distribution, including Terraform Cloud and Oracle Cloud Infrastructure Resource Manager. On top of the OCI Terraform provider, you can leverage OCI Landing Zones Terraform modules that provide a declarative configurable approach with classic .tfvars or JSON configuration files where no coding skills are needed.

When using Terraform with OCI, consider the following:

  • Terraform is code and should be treated as such using a control version system. OCI Resource Manager can leverage Git repositories to run the code.
  • Consider using Instance Principal as authentication for the OCI Provider if you're running on a VM Compute Instance in OCI.
  • Maintain Terraform state files in secure locations accessible by your Terraform stack and its runtime, with the correct level of granularity. Segregate and split your resources in Terraform stacks when you expand your OCI resources; because all resources in one stack will be in one single state file, which can take time to process, that can potentially block important updates on other resources. When using OCI Resource Manager, each stack will contain its own state file.
  • OCI Landing Zones blueprints are configurations built to run with OCI Landing Zones Terraform modules. You can use these blueprints out of the box as they implement many best practices, or modify them to support your unique use cases. If you use the declarative approach using JSON configurations no Terraform coding skills are needed to run your deployment.

Adopt the OCI Designer Toolkit (OKIT)

DevOps Architect, Infrastructure Architect, Cloud Operations Manager

The Oracle Cloud Infrastructure (OCI) Designer and visualization toolKIT (OKIT) is a browser-based tool that allows you to design, deploy and visualize (introspect/query) OCI environments through a graphical web-based interface.

The web-based interface enables architects and designers to build a visual representation of their infrastructure and then export this in a number of formats. Once completed, you can enhance the design to add key property information allowing you to export the designed infrastructure to a number of DevOps frameworks.

You can use OKIT to introspect existing OCI environments, through simple query functionality embedded within the web interface, to provide a portable generic JSON file. You can use the JSON file to visualize existing systems or generate a set of Terraform or Ansible scripts that you can use to build the designed OCI infrastructure as a zip file.

OKIT models supports the use of Cloud Init scripts to further automate compute resource deployments. OKIT is essentially a single user tool best suited to run locally, as it's using a user's personal keys to authenticate to a tenancy. Using Oracle Cloud Infrastructure Resource Manager allows you to share designs. You can export OKIT designs in JSON format, which you can version control.

Automate Simple and Repeatable Actions

DevOps Architect, Cloud Operations Manager

Consider using the OCI command-line interface (CLI) for scripting repeatable actions and to orchestrate several tasks. Working with the OCI CLI can allow for streamlined operations through automation.

The CLI provides the same core functionality as the Console, plus additional commands. Some of these, such as the ability to run scripts, extend the OCI Console functionality. The CLI supports Python versions 3.6 and later running on MacOS, Windows, or a supported Linux distribution. Additionally, you can configure it to leverage federated identities instead of relying on static credentials.

Adopt Configuration Management Tools

DevOps Architect, Infrastructure Architect, Cloud Operations Manager

Consider adopting management tools, such as Ansible Modules, to help you with provisioning, orchestration, and configuration management.

Ansible modules enable you to automate configuring and provisioning your cloud infrastructure, deploying and updating software assets, and orchestrating your complex operational processes to reduce risk and achieve agility with workloads deployment and configuration. Ansible playbooks automate configuration, deployment, and orchestration tasks.

OCI supports the use of Ansible modules to automate cloud infrastructure provisioning and configuration, orchestration of complex operational processes, and deployment and update of your software assets. The OCI Ansible collection supports Ansible Tower and AWX.

Adopt Build and Deployment Management Systems

DevOps Architect, Cloud Operations Manager

Improve efficiency by using build and deployment management systems, such as Ansible Tower or Jenkins. These systems reduce errors caused by manual processes and reduce the level of effort to deploy changes.

Test and Validate Changes

DevOps Architect, Cloud Operations Manager

To detect errors, always track, test, and validate changes.

You can use a version control system to track changes in your code. Consider using a deployment management system to automate your testing process.