附註:
- 此教學課程需要存取 Oracle Cloud。若要註冊免費帳戶,請參閱開始使用 Oracle Cloud Infrastructure Free Tier 。
- 它使用 Oracle Cloud Infrastructure 憑證、租用戶及區間的範例值。完成實驗室時,請以雲端環境特有的值取代這些值。
使用 Terraform 使用 PostgreSQL 服務部署 OCI 管理的資料庫
簡介
PostgreSQL 是一個廣受好評的開放原始碼物件關聯式資料庫,因其強大的架構和不周全的資料完整性而佔據著顯著位置,讓它成為企業環境的最佳選擇。它在 Oracle Cloud Infrastructure (OCI) 上的可用性引進了完全託管且高效能的資料庫服務,其智慧型大小、符合成本效益的調整和持久性。PostgreSQL 支援企業、中小型企業 (SMB),以及廣泛的開發環境,展現其適應性與穩定性。
在本教學課程中,我們將瞭解如何在 OCI 雲端租用戶中部署 OCI 管理的 PostgreSQL 資料庫系統的三個節點,並使用 Terraform 命令檔透過運算執行處理以私密方式連線。
目標
-
使用 PostgreSQL 部署 OCI 管理的資料庫和運算執行處理,以使用 Terraform 命令檔以私密方式連線資料庫服務。我們將使用 Terraform 程式碼在 OCI 中部署下列架構。
注意:如果選取的區域有單一可用性網域,則建立高可用性資料庫系統會將所有 PostgreSQL 執行處理分散到區域中的所有容錯域,不論 AD 特定子網路還是區域子網路。
必要條件
-
Oracle Cloud Infrastructure 租用戶。
-
具有建立使用者、新增使用者至使用者群組以及建立安全原則之權限的使用者帳戶。
-
使用者應具備 OCI IAM 權限。如需詳細資訊,請參閱 OCI 資料庫與 PostgreSQL 原則。
工作 1:在資料夾中建立 Terraform 命令檔檔案
-
建立
providers.tf命令檔。開始建立
providers.tf檔案。建立本地端資料夾,並在檔案中複製以下的代碼 。variables.tf檔案中將會取代 tenancy_id、user_id、區域等等的值,此檔案會在稍後的步驟中建立。若要取得 OCI 組態值,請存取使用者設定值以在 OCI 中產生 API 金鑰、建立 API 金鑰組、安全地下載私密金鑰,然後將它與 Terraform 程式碼中的使用者和租用戶 OCID 一起使用以部署 OCI 資源。如需詳細資訊,請參閱 Generate an API Signing Key 。terraform { required_providers { oci = { source = "oracle/oci" version = "5.22.0" } } } # Provider configuration for Tenancy provider "oci" { tenancy_ocid = var.tenancy_id user_ocid = var.user_id fingerprint = var.api_fingerprint private_key_path = var.api_private_key_path region = var.region } -
建立
vcn.tf命令檔。我們需要具有專用和公用子網路的 VCN 網路,才能部署及存取 OCI PostgreSQL 資料庫系統,請記住,PostgreSQL 資料庫只會部署在專用子網路上。使用下列程式碼建立名為
vcn.tf的檔案。此程式碼會確保只有 VCN CIDR 才能存取 PostgreSQL 的連接埠 5432,並且允許透過安全清單內連接埠 22 上的 SSH 存取運算執行處理。您不需要擔心在此處取代值,可以在variables.tf檔案中執行。resource oci_core_vcn psql_vcn_tf { #Required compartment_id = var.compartment_id #Optional cidr_block = var.vcn_cidr_block display_name = var.vcn_display_name } resource oci_core_subnet public_subnet { #Required cidr_block = var.public_subnet_cidr_block compartment_id = var.compartment_id vcn_id = oci_core_vcn.psql_vcn_tf.id #Optional display_name = var.public_subnet_display_name route_table_id = oci_core_route_table.tf_public_route_table.id } resource oci_core_subnet private_subnet { #Required cidr_block = var.private_subnet_cidr_block compartment_id = var.compartment_id vcn_id = oci_core_vcn.psql_vcn_tf.id display_name = var.private_subnet_display_name route_table_id = oci_core_route_table.tf_private_route_table.id prohibit_internet_ingress = true security_list_ids = [oci_core_security_list.tf_private_security_list.id] } resource oci_core_internet_gateway vcntf_igw { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = var.internet_gateway_name } resource oci_core_nat_gateway tf_nat_gateway { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = example-ngw # Add route tables to direct traffic through this NAT gateway } data oci_core_services test_services { } variable create_service_gateway { description = whether to create a service gateway. If set to true, creates a service gateway. default = true type = bool } data oci_core_services all_oci_services { filter { name = name values = [All .* Services In Oracle Services Network] regex = true } count = var.create_service_gateway == true ? 1 : 0 } resource oci_core_service_gateway service_gateway { compartment_id = var.compartment_id display_name = var.service_gateway_displayname services { service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], id) } vcn_id = oci_core_vcn.psql_vcn_tf.id count = var.create_service_gateway == true ? 1 : 0 } resource oci_core_security_list tf_public_security_list { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = var.public_subnet_security_list_display_name ingress_security_rules { protocol = 6 # TCP protocol for SSH source = 0.0.0.0/0 # Allow inbound traffic from all sources tcp_options { #Optional max = 22 min = 22 } description = Allow SSH from all sources } } resource oci_core_security_list tf_private_security_list { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = var.private_subnet_security_list_disply_name ingress_security_rules { protocol = 6 # TCP protocol to connect Postgress service from compute instance in public subnet source = oci_core_vcn.psql_vcn_tf.cidr_block # Allow inbound traffic from CIDR Block of VCN sources tcp_options { #Optional max = 5432 min = 5432 } description = Allow psql service connections from all ranges cidr vcn } } resource oci_core_route_table tf_public_route_table { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = var.public_subnet_route_table_display_name route_rules { // Define route rules for public subnet network_entity_id = oci_core_internet_gateway.vcntf_igw.id destination = 0.0.0.0/0 destination_type = CIDR_BLOCK } } resource oci_core_route_table tf_private_route_table { vcn_id = oci_core_vcn.psql_vcn_tf.id compartment_id = var.compartment_id display_name = var.private_subnet_route_table_display_name route_rules { // Define route rules for private subnet network_entity_id = oci_core_nat_gateway.tf_nat_gateway.id destination = 0.0.0.0/0 destination_type = CIDR_BLOCK } route_rules { network_entity_id = oci_core_service_gateway.service_gateway.0.id destination = all-iad-services-in-oracle-services-network destination_type = SERVICE_CIDR_BLOCK } } resource oci_core_route_table_attachment public_route_table_attachment { #Required subnet_id = oci_core_subnet.public_subnet.id route_table_id =oci_core_route_table.tf_public_route_table.id } resource oci_core_route_table_attachment private_route_table_attachment { #Required subnet_id = oci_core_subnet.private_subnet.id route_table_id =oci_core_route_table.tf_private_route_table.id depends_on = [oci_core_service_gateway.service_gateway] } -
建立
instance.tf命令檔。若要存取 PostgreSQL 資料庫,我們需要公用子網路中的運算執行處理。我們將連線至執行處理,然後存取 PostgreSQL,因為它只能透過專用子網路存取。若要這麼做,請使用下列程式碼建立名為
instance.tf的檔案。您可以稍後在variables.tf檔案中輕鬆更新運算變數值。# Resources data "oci_identity_availability_domains" "ads" { compartment_id = var.compartment_id } resource "oci_core_instance" "tf_compute" { # Required availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name compartment_id = var.compartment_id shape = var.compute_shape source_details { source_id = var.source_operating_system_image_id source_type = "image" } display_name = var.compute_instance_display_name shape_config { ocpus = var.compute_cpus memory_in_gbs = var.compute_memory_in_gbs } create_vnic_details { subnet_id = oci_core_subnet.public_subnet.id assign_public_ip = true } metadata = { ssh_authorized_keys = file(var.compute_ssh_authorized_keys) } preserve_boot_volume = false provisioner "remote-exec" { inline = [ "sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm", "sudo dnf -qy module disable postgresql", "sudo dnf install -y postgresql16-server", "sudo /usr/pgsql-16/bin/postgresql-16-setup initdb", "sudo systemctl enable postgresql-16", "sudo systemctl start postgresql-16" ] connection { type = "ssh" host = self.public_ip user = "opc" private_key = file(var.api_private_key_for_ssh) } } } # Outputs output "compute_id" { value = oci_core_instance.tf_compute.id } output "compute_state" { value = oci_core_instance.tf_compute.state } output "compute_public_ip" { value = oci_core_instance.tf_compute.public_ip } -
建立
postgresql.tf命令檔。讓我們透過將 Terraform 程式碼新增至名為
postgresql.tf的檔案來設定 OCI PostgreSQL 資料庫系統。此程式碼詳述系統的組態,包括資源配置、核心以及節點。若要進行最佳化設定,請考慮使用三節點資料庫系統:一個主要節點和兩個不同可用性區域的複本。首先,建立postgresql.tf檔案並插入提供的程式碼。您可以在variables.tf檔案中輕鬆新增 PostgreSQL 資料庫的變數值,以符合您的特定需求。resource "oci_psql_db_system" "test_db_system" { #Required compartment_id = var.compartment_id db_version = var.db_system_db_version display_name = var.db_system_display_name network_details { #Required subnet_id = oci_core_subnet.private_subnet.id } shape = var.db_system_shape storage_details { #Required is_regionally_durable = var.db_system_storage_details_is_regionally_durable system_type = var.db_system_storage_details_system_type #Optional # availability_domain = var.db_system_storage_details_availability_domain # iops = var.db_system_storage_details_iops } credentials { #Required password_details { #Required password_type = var.db_system_credentials_password_details_password_type #Optional password = var.db_system_credentials_password_details_password } username = var.db_system_credentials_username } instance_count = var.db_system_instance_count instance_memory_size_in_gbs = var.db_system_instance_memory_size_in_gbs instance_ocpu_count = var.db_system_instance_ocpu_count } -
建立
variables.tf命令檔。在此區段中,使用者必須調整並更新要在其 OCI 租用戶內建立之資源的值。建立
variables.tf檔案並新增下列程式碼。請記住,這是要在相同資料夾中建立的最終檔案。根據您的需求仔細檢閱和修改每個變數。某些值會在每個代碼的「值」區段中預先填入,而其他值則需要您輸入。在檔案中新增或修改所有值之後,請繼續執行階段。# Provider identity parameters - Replace these values from API Key Values from OCI User variable "api_fingerprint" { description = "Fingerprint of OCI API private key for Requestor Tenancy" type = string default = "" } variable "api_private_key_path" { description = "Path to OCI API private key used for Requestor Tenancy" type = string default = "" } variable "tenancy_id" { description = "Tenancy ID where to create resources for Requestor Tenancy" type = string default = "" } variable "user_id" { description = "User ID that Terraform will use to create resources for Requestor Tenancy" type = string default = "" } variable "region" { description = "OCI region where resources will be created for Requestor Tenancy" type = string default = "us-ashburn-1" # example value # check this document, if you want to use different region - https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#About } # compartment OCID - Replace these values variable "compartment_id" { description = "Compartment ID where to create resources for Requestor Tenancy" type = string default = "" } variable "db_system_db_version" { description = "Version" type = number default = 14 } variable "db_system_display_name" { description = "postgress db service name" type = string default = "psqlfromterraform" # example value } variable "db_system_shape" { description = "shape" type = string default = "PostgreSQL.VM.Standard.E4.Flex.4.64GB" # example value #change the shape value as per your requirements } variable "db_system_instance_count" { description = "instance count" type = number default = 3 # example value } variable "db_system_instance_memory_size_in_gbs" { description = "RAM" type = number default = 64 # example value } variable "db_system_instance_ocpu_count" { description = "OCPU count" type = number default = 4 # example value } variable "db_system_storage_details_is_regionally_durable" { description = "regional" type = bool default = true } variable "db_system_credentials_password_details_password_type" { description = "type" type = string default = "PLAIN_TEXT" } variable "db_system_credentials_password_details_password" { description = "password" type = string default = "" } variable "db_system_credentials_username" { description = "username" type = string default = "admin" # example value } variable "db_system_storage_details_system_type" { description = "type" type = string default = "OCI_OPTIMIZED_STORAGE" } # OCI VCN parameters - psql instance deployed on this variable "vcn_cidr_block" { description = "vcn cidr" type = string default = "172.16.0.0/16" # example value } variable "vcn_display_name" { description = "vcn name" type = string default = "vcn-from-tf-psql" # example value } variable "public_subnet_cidr_block" { description = "subnet cidr range" type = string default = "172.16.1.0/24" # example value } variable "private_subnet_cidr_block" { description = "subnet cidr range" type = string default = "172.16.2.0/24" # example value } variable "public_subnet_display_name" { description = "public subnet name" type = string default = "public-subnet" # example value } variable "private_subnet_display_name" { description = "public subnet name" type = string default = "private-subnet" # example value } variable "internet_gateway_name" { description = "internet gateway name" type = string default = "internetgateway" # example value } variable "service_gateway_displayname" { description = "Service Gateway Display Name" type = string default = "servicegateway" # example value } variable "public_subnet_security_list_display_name" { description = "Public Subnet Security List Display Name" type = string default = "public_subnet_security_list" # example value } variable "private_subnet_security_list_display_name" { description = "Public Subnet Security List Display Name" type = string default = "public_subnet_security_list" # example value } variable "public_subnet_route_table_display_name" { description = "Public Subnet Route table Display Name" type = string default = "public_subnet_route_table" # example value } variable "private_subnet_route_table_display_name" { description = "Public Subnet Route table Display Name" type = string default = "private_subnet_route_table" # example value } # OCI Compute Instance parameters - We will use this instance to connect postgreSQL db instance variable "compute_shape" { type = string default = "VM.Standard.E4.Flex" # example value } variable "compute_cpus" { type = string default = "1" # example value } variable "compute_memory_in_gbs" { type = string default = "1" # example value } variable "compute_ssh_authorized_keys" { type = string default = "" } variable "api_private_key_for_ssh" { type = string default = "" } variable "source_operating_system_image_id" { description = "Oracle Linux 8 image ocid" type = string default = "ocid1.image.oc1.iad.aaaaaaaaszr5wpipg6qskiol3fhbitm56qdmumpbcpv6irzxuofi2nfmlhma" # example value # if you change the region , then change the default value from the region you have selected from this document -https://docs.oracle.com/en-us/iaas/images/image/998f1273-d4fd-4e16-8673-dd2517ddd724/ } variable "compute_instance_display_name" { description = "display name of the compute name" type = string default = "" }建立必要檔案並以必要的值調整
variables.tf檔案之後,您的資料夾結構將會反映下列螢幕擷取畫面中顯示的設定。
工作 2:執行 Terraform 命令檔
使用您的終端機或命令提示,執行下列命令以起始 Terraform 並在您的 OCI 租用戶內建立資源。這些命令將起始 Terraform,並在您的 OCI 租用戶中部署指定的資源。
terraform init
terraform plan
terraform apply
作業 3:連線至 OCI PostgreSQL 資料庫
完成後,請瀏覽至 OCI 主控台以尋找 OCI PostgreSQL,以及使用 psql 從屬端預先載入的運算執行處理。使用運算執行處理的公用 IP 透過 SSH 存取運算執行處理,然後執行提供的命令來建立與 OCI PostgreSQL 資料庫系統的連線 (透過 vcn.tf 命令檔自動建立 SSH 連接埠 22 和資料庫連接埠 5432;連接埠管理不需要採取任何動作)。更新可從 OCI PostgreSQL 資料庫主控台取得的專用端點 IP,以及您在 variable.tf 檔案中指定的使用者名稱和密碼。執行命令之後,會提示您輸入密碼以連線。
psql --version
psql -h endpoint_ip -U admin_username -d postgres
執行上述命令之後,使用者應該能夠見到與受管理 PostgreSQL 資料庫建立的連線。
使用者已順利部署三個 OCI 管理的 PostgreSQL 資料庫節點,並使用運算執行處理以私密方式連線。
相關連結
認可
- 作者 - Akarsha I K (雲端架構師)
其他學習資源
瀏覽 docs.oracle.com/learn 的其他實驗室,或前往 Oracle Learning YouTube 頻道存取更多免費學習內容。此外,請造訪 education.oracle.com/learning-explorer 以成為 Oracle Learning Explorer。
如需產品文件,請造訪 Oracle Help Center 。
Deploy OCI Managed Database with PostgreSQL Service using Terraform
F91015-01
January 2024
Copyright © 2024, Oracle and/or its affiliates.