Getting to know the Oracle cloud with Puppet, part 1

Getting to know the Oracle cloud with Puppet, part 1 The Oracle Cloud or OCI is an extensive Cloud offering by Oracle. The possibilities are enormous. The Oracle Cloud provides you with a Web interface so you can create and manage cloud infrastructure. You can also you Terraform to automate the creation and destruction of Oracle cloud resources. Recently we have also added Puppet to the list of tools you can use to create and manage Oracle Cloud resources. This blog post we will use the new oci_config module to create and inspect Oracle Cloud Infrastructure.

Installing the oci_config Puppet module

Before we can use Puppet to create and introspect Oracle Cloud resources, we first need to install the enterprisemodules-oci Puppet module. Because the module is based on the Oracle Ruby OCI SDK gem, we first need to install this gem. Although the gem is available on the ruby gems repository, we prefer to use our own copy of this gem. We do this because Oracle is not very fast in adding new features to this gem. We will install this gem directly from the Enterprise Modules GitHub account.

The setup described in this blog post is targeted at learning OCI and learning about the oci_config module. We can also fully automate all of this, but that is the contents of an other blog post.

# Add the Puppet yum repo to your system
$ rpm -Uvh https://yum.puppet.com/puppet6/puppet6-release-el-7.noarch.rpm
# Make sure Puppet and git are installed
$ yum install gcc make puppet git which -y
# Install the required gems
$ /opt/puppetlabs/puppet/bin/gem install  specific_install --no-ri --no-rdoc
# Now install the sdk gem directly from GitHub
$ /opt/puppetlabs/puppet/bin/gem specific_install -l https://github.com/enterprisemodules/oci-ruby-sdk.git

All requirements are now satisfied, so we can install the Puppet module:

$ puppet module install enterprisemodules-oci_config

Loading the EM entitlement

The usage of this Puppet module is FREE. You do, however, need to request an entitlement and load it on your system. You can request your license [here][https://www.enterprisemodules.com/company/contact/]. When you have received the license, you’ll have to copy it to the correct location.

# Create the correct folder
$ mkdir /etc/puppetlabs/puppet/em_license
# Put the entitlement file in the correct location
$ cp /your_down_load_location/your_license.entitlements /etc/puppetlabs/puppet/em_license

Almost ready…

There is one more thing we need. We need to tell Puppet what credentials and to what tenancy in the Oracle Cloud it can connect to. Create a Puppet file with this content.

oci_tenant {'yourtenantname':
  tenancy_ocid => '<tenancy ocid>',
  user_ocid    => '<user oci>',
  fingerprint  => '<finger print>,
  region       => 'eu-frankfurt-1',
  private_key  => "
-----BEGIN RSA PRIVATE KEY-----
         <your key>
            .
            .
-----END RSA PRIVATE KEY-----"
  }

We can find the information Puppet needs in the OCI web console. First log in then:

tenancy OCID

Go the “Profile” menu on the left top side of the screen. Then select “Tenancy.”

This will show all the information there is about the tenant. We need the Tenant OCID. So press the copy link behind the OCID label.

Now paste the tenant OCID into your puppet file at the parameter tenancy_ocid.

user OCID

To get the user ocid we do something similar. Fo to the profile menu on the top right of the screen. Then select the current logged in user. This will show all the information there is about the current user. We need the user OCID. So press the copy link behind the OCID label.

Now paste the tenant OCID into your puppet file at the parameter user_ocid.

private key and finger print

Check here how you can create a correct private key and finger print. to access the Oracle Cloud. Copy the content of the private key file and the finger print into your Puppet file.

region

The last thiong we need is the region. You can find your home region at he the Tenant information page. Here you find the full name, but we need the region identifier. You can find the region identifier for your region here

And apply…

We now have all information needed to identify us as a OCI user. Let’s run Puppet:

$ puppet apply /software/tenant_setup.pp
Notice: Compiled catalog for oci in environment production in 0.09 seconds
Notice: /Stage[main]/Main/Oci_tenant[enterprisemodules]/fingerprint: defined 'fingerprint' as 'xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx'
Notice: /Stage[main]/Main/Oci_tenant[enterprisemodules]/private_key: created with specified value
Notice: /Stage[main]/Main/Oci_tenant[enterprisemodules]/region: defined 'region' as 'eu-frankfurt-1'
Notice: /Stage[main]/Main/Oci_tenant[enterprisemodules]/tenancy_ocid: defined 'tenancy_ocid' as 'ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Notice: /Stage[main]/Main/Oci_tenant[enterprisemodules]/user_ocid: defined 'user_ocid' as 'ocid1.user.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Notice: Applied catalog in 0.02 seconds

TADA… Now we can really access OCI.

First inspection

Not many people know this, but Puppet can not only be used to define configurations, but also be used to introspect configuration. The oaic_config module supports this function. Let’s use Puppet to see what compartments are available in your tenancny. Compartments are logical units (folders) in OCI that you can use to structure your infastructure. Look here to read more about compartments.

$ puppet resource oci_identity_compartment
bash-4.2# puppet resource oci_identity_compartment
*** ENTERPRISE MODULES Universal License INTERNAL USE ONLY ***
oci_identity_compartment { 'your_tenant (root)/ManagedCompartmentForPaaS':
  ensure          => 'present',
  compartment     => '/',
  compartment_id  => 'ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  description     => 'idcs-f7246e2bbacf4a11a7e231507e34fdec|22626923|user@domain.com-Enterprise Modules B.V.-838062',
  id              => 'ocid1.compartment.oc1..aaaaaaaai2wkrvdvyxfuekjbt3jnv7b4hrlkvwnklu6uryy2daqsq425tzaa',
  lifecycle_state => 'ACTIVE',
  provider        => 'sdk',
  time_created    => '2019-10-24T08:42:26+00:00',
}
oci_identity_compartment { 'your_tenant (root)/test_compartment_1':
  ensure          => 'present',
  compartment     => '/',
  compartment_id  => 'ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  description     => 'changed',
  id              => 'ocid1.compartment.oc1..aaaaaaaatfskqfckrl4sucabclbsss47uyttlmwwur6lsm7crl3lrz7glfta',
  lifecycle_state => 'ACTIVE',
  provider        => 'sdk',
  time_created    => '2020-01-23T15:42:35+00:00',
}

Here you see the all of the available compartments dumped in Puppet language. Lets take a look at some of the details.

What’s next?

That is it for now. In a next blog pos we will zoom in into other OCI resources and start not only to introspect current infastructure, but also create some new infrastructure.