ORACLE.md

Oracle Cloud Provisioning Automation for Tanzu Application Platform

Warning Github Actions workflows have not yet been implemented. Terraform module implementation is also incomplete. Some links may be broken.

Table of Contents

• Benefits
• What does it do?
• Prerequisites
  • Fork this repository
  • Increase Oracle Cloud Quotas
  • (Optional) Setup an Oracle Cloud service principal
  • Upload Public key
  • Setup a Github SSH key-pair
  • Setup a Personal Access Token in Github
  • Configure Github Secrets
  • Create KMS Key
  • Create Remote Backend Support
  • Create Toolset Image
• How do I use this?
  • Fast path
  • Slow path
    • Modules
• Vending credentials
• Cleaning up everything

Benefits

This repository provides provisioning automation targeting Oracle Cloud.

What does it do?

It provisions the minimum set of cloud resources needed to begin installing Tanzu Application Platform on Oracle Cloud.

Prerequisites

Fork this repository

You will want to fork this GitHub repository and enable the GitHub Actions it contains.

Increase Oracle Cloud Quotas

There are a few Oracle Cloud default quotas that may need to be adjusted.

1. VM instances

Choose the region and set the limit to >= 30 in your request.

Note: The above quotas will be enough to deploy the infrastructure needed for installing TAP. Individual mileage may vary depending on existing resources.

(Optional) Setup an Oracle Cloud service principal

First, authenticate to Oracle Cloud.

Do this only if you are planning on running Terraform scripts locally with an IAM user

oci setup config

You will be prompted for

• User OCID
  • to be found under Profile > User Settings
• Tenancy OCID
  • to be found under Profile > Tenancy: {account_name}
• Key file directory
  • just accept the default location
• Region
  • you will be prompted with several options

You will need to upload a public key.

Upload Public key

From the hamburger menu in the upper left-hand corner, visit Identity & Security > Users. Then click on a user. Then click on Resources > API Keys. Finally, click on the Add API Key button and follow the prompts to complete uploading your public key (.pem) file.

See How to Upload the Public Key

Setup a Github SSH key-pair

You will need to create a new public/private SSH key-pair in order to work with (i.e., pull from/push to) private git repositories (e.g., Github, Gitlab, Azure Devops).

Here's how to set up such a key-pair for named repo providers:

• Github
• Gitlab
• Azure Devops

We're interested mainly in setting up a key-pair for your Github repo hosting this project.

Also see Git Authentication.

Setup a Personal Access Token in Github

A PAT is required so that workflows can add secrets to the repository in order to be used in downstream jobs. Documentation can be found here.

We are using this personal access token to create secrets for the oracle backend for Terraform

Configure Github Secrets

Setup some Github secrets with the SP credentials. Documentation can be found here. You might also consider using gh secret set command to set these individually.

# This is a personal access token that was created in an above step that allows for the workflows to write secrets
export PA_TOKEN= 
# A valid Oracle region
export ORACLE_REGION= 
# The tenancy identifier for an Oracle Cloud account
export ORACLE_TENANCY_ID= 
# The user identifier for an Oracle Cloud account
export ORACLE_USER_ID= 
# Fingerprint, typically found in $HOME/.oci/config
export ORACLE_FINGERPRINT= 
# Base64-encoded key file contents, e.g., $(cat $HOME/.oci/oci_api_key.pem | base64 -w 0)
export ORACLE_KEY_FILE_CONTENTS= 
# A pre-existing Oracle Cloud compartment identifier#
export ORACLE_COMPARTMENT_ID= 

Create KMS Key

Under Github Actions, manually trigger oracle-dispatch-key-management-service.

Create Remote Backend Support

Under Github Actions, manually trigger oracle-dispatch-remote-backend-for-terraform-state.

Create Toolset Image

Under Github Actions, manually trigger oracle-build-toolset-image.

Alternatively, you could create the image by executing the oci CLI and Packer script by following these guides:

• Build
• Test

How do I use this?

Fast path

Take this path when you want to get up-and-running as quickly as possible with the least amount of fuss.

Under Github Actions, manually trigger oracle-create-workshop-environment

• The DNS Zone name must be a domain you control and can configure nameservers for

Slow path

Administer resources one at a time. Take this path when you want to take a closer look at the GitHub Actions and Terraform modules.

There are two types of actions defined, those that can be manually triggered (i.e., dispatched), and those that can only be called by another action. All actions are located here and can be run by providing the required parameters. Go here to inspect the source for each action.

Note that for most dispatch actions, you have the option to either create or destroy the resources.

Modules

Module	Github Action	Terraform
KMS	❌	❌
Remote backend	❌	❌
VPC	❌	✅
DNS Zone for base domain	❌	✅
DNS Zone for sub domain	❌	✅
OKE Cluster	❌	✅
Container registry	❌	✅
Harbor	❌	✅
Bastion	❌	✅
Secrets Manager	❌	❌
Secrets	❌	❌

Vending credentials

All Credentials are stored in Oracle Cloud Secrets Manager.

First, configure Oracle Cloud using the service account credentials you created earlier

Go visit the Secret Manager Secrets Terraform module's README for how to retrieve secrets.

Cleaning up everything

In order to destroy all of the resources created you can use the Github action oracle-destroy-workshop-environment. This action should be run with the same inputs used to create an environment.

You'll want also want to destroy the remote backend support and KMS key by executing the following jobs:

• oracle-dispatch-remote-backend-for-terraform-state
• oracle-dispatch-key-management-service

Don't forget to choose destroy before clicking on the Run workflow button.