Oracle Cloud Infrastructure

In today’s dynamic IT landscape, platform engineers juggle a diverse array of cloud technologies to cater to specific client needs. Among these, Oracle Cloud Infrastructure (OCI) is rapidly gaining traction due to its competitive pricing for certain services. However, navigating the intricacies of each cloud can present a significant learning curve. This is where cloud-agnostic tools like Terraform and Packer shine. By abstracting away the underlying APIs and automating repetitive tasks, they empower us to leverage OCI’s potential without getting bogged down in vendor-specific complexities.

 

In this article I show you how to get started with Oracle Cloud by using Packer and Terraform for Windows servers, and this can be used for other Infrastructure as code tasks.

Oracle Cloud Infrastructure Configs

OCI Keys for API Use

Oracle OCI with Packer and Terraform config
Oracle OCI with Packer and Terraform config

Prerequisite: Before you generate a key pair, create the .oci directory in your home directory to store the credentials. See SDK and CLI Configuration File for more details.

  1. View the user’s details:
    • If you’re adding an API key for yourself:

      Open the Profile menu and click My profile.

    • If you’re an administrator adding an API key for another userOpen the navigation menu and click Identity & Security. Under Identity, click Users. Locate the user in the list, and then click the user’s name to view the details.
  2. In the Resources section at the bottom left, click API Keys
  3. Click Add API Key at the top left of the API Keys list. The Add API Key dialog displays.

  4. Click Download Private Key and save the key to your .oci directory. In most cases, you do not need to download the public key.

    Note: If your browser downloads the private key to a different directory, be sure to move it to your .oci directory.

  5. Click Add.

    The key is added and the Configuration File Preview is displayed. The file snippet includes required parameters and values you’ll need to create your configuration file. Copy and paste the configuration file snippet from the text box into your ~/.oci/config file. (If you have not yet created this file, see SDK and CLI Configuration File for details on how to create one.)

    After you paste the file contents, you’ll need to update the key_file parameter to the location where you saved your private key file.

    If your config file already has a DEFAULT profile, you’ll need to do one of the following:

    • Replace the existing profile and its contents.
    • Rename the existing profile.
    • Rename this profile to a different name after pasting it into the config file.
  6. Update the permissions on your downloaded private key file so that only you can view it:
    1. Go to the .oci directory where you placed the private key file.
    2. Use the command chmod go-rwx ~/.oci/<oci_api_keyfile>.pem to set the permissions on the fil

Network

Make sure to allow WinRM and RDP so that packer can configure the VM and make it into an image and so that you can RDP to the server after it’s created.

Allow WinRM in Oracle Cloud Infrastructure for WinRM

Packer Configuration & Requirements

Install the packer OCI plugin on the host running packer

$ packer plugins install github.com/hashicorp/oracle

Packer Config

  1. Configure your source
    1. Availability domain: oci iam availability-domain list
  2. Get your base image (Drivers Included)
    1. With the OCI cli: oci compute image list --compartment-id "ocid#.tenancy.XXXX" --operating-system "Windows" | grep -e 2019 -e ocid1
  3. Point to config file that has the OCI Profile we downloaded in the previous steps.
  4. WinRM Config
  5. User Data (Bootstrap)
    1. You must set the password to not be changed at next logon so that packer can connect:
    2. Code:#ps1_sysnative
      cmd /C 'wmic UserAccount where Name="opc" set PasswordExpires=False'
Packer config for Oracle Cloud Infrastructure

Automating Special Considerations from OCI

Images can be used to launch other instances. The instances launched from these images will include the customizations, configurations, and software installed when the image was created. For windows a we need to sysprep but OCI has specifics on doing so.

Creating a generalized image from an instance will render the instance non-functional, so you should first create a custom image from the instance, and then create a new instance from the custom image. Source below

We automated their instruction by:

  1. Extract the contents of oracle-cloud_windows-server_generalize_2022-08-24.SED.EXE to your packer scripts directory
  2. Copy all files to C:\Windows\Panther
  3. Use the windows-shell provisioner in packer to run Generalize.cmd
OCI Generalize Windows Steps
OCI Generalize Windows Steps

Terraform Config with Oracle Cloud

  1.  Configure the vars

    Oracle OCI Terraform Variables
    Oracle OCI Terraform Variables
  2. Pass the private key at runtime:
    terraform apply --var-file=oci.tfvars -var=private_key_path=~/.oci/user_2024-10-30T10_10_10.478Z.pem

Sources:

Sys-prepping in OCI is specific to their options here’s a link:

https://docs.oracle.com/en-us/iaas/Content/Compute/References/windowsimages.htm#Windows_Generalized_Image_Support_Files

Other Sources:

https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#apisigningkey_topic_How_to_Generate_an_API_Signing_Key_Console

https://github.com/hashicorp/packer/issues/7033

https://github.com/hashicorp/packer-plugin-oracle/tree/main/docs