Accessing Oracle Integration Cloud (OIC) via VPN Tunnel in OCI : A Secure approach

Introduction

The OIC (Oracle Integration Cloud) in OCI is a public endpoint and has a public IP, so it can be accessible over the internet. To make the private connection from on-premises environment to the OIC keep the data privacy and integration secure and also its the customer requirement most of the time.

To achieve the private connection,  We can make use of the VPN tunnel, which provides encrypted connectivity between on-premises systems and OCI. In this blog, we will explore how to establish secure access to OIC using a VPN tunnel, while also incorporating key OCI components for optimal performance.

                                                                   Architecture

OCI Components to be Used:

1. IPSec Tunnel:- Encrypted link between your on-premises network and OCI. It uses IPSec (Internet Protocol Security) to ensure that data transmitted over public networks remains private and secure. This component is critical for safeguarding data in transit between the on-premises environment and OIC.
2. Dynamic Routing Gateway v2 (DRGv2):- The DRGv2 acts as a virtual router that facilitates private connectivity between your VCN and external networks, such as on-premises systems. It routes traffic efficiently between the VCN and on-premises network over the VPN, playing a pivotal role in complex networking topologies.
3. Virtual Cloud Network (VCN):- A VCN is a customizable network within OCI that serves as the foundational structure for deploying cloud resources. It provides a secure environment where cloud resources can communicate with each other and with on-premises systems over a VPN tunnel.
4. Service Gateway (SGW):- The Service Gateway allows private resources within a VCN to access Oracle services without needing to route traffic over the public internet. This ensures that data flows securely and directly within Oracle's network, minimizing latency and enhancing security.

What we need for the setup:

• OCI Tenancy with VCN, service gateway and security rule configured.
• Already configured OIC instance
• IPSec tunnel setup

Solution:- 

To enable on-premises access to OIC via a VPN tunnel, the following steps should be followed to configure routing and ensure secure connectivity:

1. As we already have working IPSec tunnel, Need to create a route table within the VCN that directs traffic to the Service Gateway (SGW), allowing access to all regional Oracle services. This will accept the incoming traffic coming from on-premise to the OCI and send it to the OSN where OIC resides.

VCN ---> Route table -> Create Route table -> add below entry to the table.

   2. Attach the newly above created route table to the DRG VCN attachment as VCN route table. When you go to to the VCN and then click on VCN attachment, so attach the route table to the VCN attachment.

In highlighted yellow color, attach the created route table.

     3. Now need to Create a New VCN Routing Table for On-Premises Traffic. This route table will send the OSN traffic to the on-premise network.

The destination would be on-premise CIDR range and target should be the Dynamic routing gateway.

    4. Attach the above create routing table to the service gateway. So all the traffic coming from OSN will go to the on-premise via DRG.

     5.  In OIC, control the OIC network access. We need to only allow network access to OIC from on-premises. So need to enable network access for on-premises CPE and CIDR range.

     6. Verify the connectivity. All the integrations with the on-premises applications via OIC agent and OIC URL, now should go via IPSec tunnel connectivity without directly going over the internet.

Conclusion

By following these detailed steps, you can establish secure access from your on-premises network to Oracle Integration Cloud over a VPN tunnel. This setup leverages OCI’s networking capabilities, including the VPN tunnel, DRG, SGW, and VCN, to create a robust, secure connection that supports data privacy and integration efficiency.

OCI Terraform Part 6: Advanced Terraform Topics, Practice, and Final Thoughts for OCI

 As we wrap up this Terraform series, it's time to look ahead and explore advanced concepts that will deepen your Terraform expertise, especially for Oracle Cloud Infrastructure (OCI). After mastering the fundamentals—such as variables, loops, modules, and state management—you're now equipped to take on more complex challenges.

In this post, we will guide you through the next steps in your Terraform journey, including advanced topics, practical exercises, and final thoughts. Whether you're working with OCI or other cloud platforms, these concepts will help you architect scalable and efficient infrastructure.

Advanced Terraform Topics for OCI

While we’ve covered the basics, it's essential to explore more advanced Terraform functionalities. Below are some advanced topics you should focus on:

Terraform Workspaces for OCI 

Workspaces allow you to manage multiple environments (e.g., development, testing, production) within a single configuration. In OCI, workspaces can help you streamline infrastructure management across different tenancy or regions. Using Terraform workspaces, you can easily switch between configurations without duplicating your codebase.

• How to Set Up Workspaces: Learn how to use the terraform workspace command to create and manage multiple environments.

Advanced Module Design in OCI

Modules help you create reusable pieces of infrastructure, but advanced module design takes it further by focusing on modularity and composability. In OCI, you can break down your infrastructure into smaller, reusable modules for networking, compute, and storage. This approach ensures that each module is responsible for a specific task, making your code more maintainable.

• Best Practices: Define inputs and outputs clearly, avoid hardcoded values, and manage dependencies using module blocks effectively.

Security Best Practices in OCI

Managing sensitive data like API keys and passwords is crucial. Use OCI Vault or Oracle Cloud Key Management to securely store and manage secrets, and avoid hardcoding sensitive data in your Terraform configurations. Terraform’s sensitive attribute helps you mark variables as sensitive to prevent them from being displayed in the output.

• How to Implement Secrets: Use OCI Vault with Terraform to securely manage secrets like compartment OCIDs, tenancy OCIDs, or authentication keys.

Practical Exercises to Deepen Your Terraform Skills

The best way to master these concepts is through practice. Here are a few exercises you can try:

1. Multi-Environment Infrastructure with Workspaces

Set up separate environments (development, staging, and production) using Terraform workspaces in OCI. Each environment should have its own VCN (Virtual Cloud Network), compute instances, and block storage.

2. Building a Multi-Tier Architecture in OCI

Create a multi-tier architecture using OCI services like load balancers, compute instances, and Oracle Autonomous Databases. Break the architecture into reusable modules—one for networking, one for compute, and another for databases.

3. Automating Infrastructure with CI/CD

Integrate Terraform with CI/CD pipelines for OCI. Set up a pipeline that automatically provisions infrastructure when new changes are pushed to a version control system like GitHub.

Final Thoughts and Next Steps

As we conclude this series, here are a few parting thoughts and next steps to consider in your Terraform journey:

Keep Practicing

Build real-world infrastructure projects using OCI and other cloud platforms.

Set up CI/CD pipelines to automate your Terraform deployments.

Experiment with multi-cloud architectures and integrations.

Learn from the Community:

• Join the HashiCorp Discuss forum to engage with other Terraform users.
• Follow the OCI developer community for tips and best practices.

Additional Learning Resources

1. HashiCorp Terraform Documentation: Official Terraform docs to stay updated on features and best practices. Terraform Docs
2. Oracle Cloud Infrastructure (OCI) Documentation: Learn more about OCI services and how to integrate them with Terraform. OCI Documentation
3. E-books:- There are multiple terraform books available for different cloud providers.

Conclusion

Mastering Terraform is a continuous journey, and with OCI, you have an extensive platform to explore. This final post provides a road map to help you dive into advanced topics and improve your skills through hands-on practice. Whether you're using Terraform for OCI or other cloud providers, the key is to stay curious, keep learning, and never stop building.

Happy Terraforming!!!

👽And remember, just like Terraform, your learning process is always evolving—so don't plan on "destroying" it anytime soon! See you in the next blog, where we’ll continue breaking down more cloud mysteries. 💦

OCI Terraform Part 5 - Understanding Inline and Dynamic Blocks in Terraform

Understanding Inline and Dynamic Blocks in Terraform

In this blog, we will see more details around inline and dynamic blocks in Terraform. Managing configurations efficiently is crucial for large-scale projects. Inline blocks and dynamic blocks allow you to simplify and optimize your Terraform code, improving readability and reducing repetition.

What are Inline Blocks in Terraform?

Inline blocks are nested blocks defined within a resource or module. They are used to configure multiple related settings in a single resource without duplicating the resource itself. This makes code more concise and easier to manage.

Benefits of using inline blocks:

• Simplifies configuration by avoiding the need to create multiple resources.
• Improves code readability.
• Helps manage logically related configurations (e.g., multiple security rules, tags, etc.) within a single resource.

What are Dynamic Blocks in Terraform?

Dynamic blocks allow you to dynamically generate multiple nested blocks based on external data like lists or maps. This feature helps avoid repetitive code when defining multiple similar configurations.

Benefits of using dynamic blocks:

• Reduces redundancy by allowing loops within resource definitions.
• Useful for scenarios where the number of blocks depends on dynamic inputs, such as multiple route rules in a route table.
• Makes Terraform code flexible and scalable for complex infrastructure.
• When to Use Inline and Dynamic Blocks
• Inline blocks should be used when there are multiple related configurations (like security rules or tags) that are logically grouped under a single resource.
• Dynamic blocks are ideal when the number or type of nested blocks depends on variables or dynamic input data (e.g., dynamically creating route rules or firewall rules based on external data).

Example 1: Inline Blocks for Multiple Security Rules in a Security List

In Oracle Cloud Infrastructure (OCI), managing security lists involves adding multiple security rules. Instead of creating multiple resources, you can use inline blocks to define security rules directly within a single oci_core_security_list resource.

resource "oci_core_security_list" "cms_security_list" {

    compartment_id = var.compartment_id
    vcn_id         = var.vcn_id
    display_name   = "cms-security-list"

    # Ingress security rules
    ingress_security_rules {
        protocol = "6"
        source   = "0.0.0.0/0"
        tcp_options {
            max = 22
            min = 22
        }
        stateless = false
    }

    ingress_security_rules {
        protocol = "6"
        source   = "0.0.0.0/0"
        tcp_options {
            max = 80
            min = 80
        }
        stateless = false
    }

    # Egress security rule
    egress_security_rules {
        protocol  = "all"
        destination = "0.0.0.0/0"
        stateless = false
    }
}

In this example, two ingress rules are defined directly inside the oci_core_security_list resource as inline blocks, making the configuration concise.

Example 2: Inline Block for Defining Multiple Subnets in a VCN

Here’s another example where you can use inline blocks to define multiple subnets within a single VCN (Virtual Cloud Network):

resource "oci_core_vcn" "cms_vcn" {

    compartment_id = var.compartment_id
    cidr_block     = "10.0.0.0/16"
    display_name   = "cms-vcn"

    # Inline block to define multiple subnets
    subnet {
        cidr_block     = "10.0.1.0/24"
        display_name   = "subnet-1"
        availability_domain = "1"
    }

    subnet {
        cidr_block     = "10.0.2.0/24"
        display_name   = "subnet-2"
        availability_domain = "2"
    }
}

In this case, two subnets are defined within the same VCN resource.

Example 3: Dynamic Block for Route Rules in a Route Table

When defining route rules for an OCI route table, it’s common to have multiple route rules with similar configurations. Using a dynamic block, you can loop over a list of route details and create route rules dynamically.

variable "route_rules" {

    type = list(object({
        cidr_block   = string
        destination  = string
        route_target  = string
    }))
}

resource "oci_core_route_table" "cms_route_table" {
    compartment_id = var.compartment_id
    vcn_id        = var.vcn_id
    display_name   = "example-route-table"

    dynamic "route_rules" {
        for_each = var.route_rules
        content {
            cidr_block         = route_rules.value.cidr_block
            destination        = route_rules.value.destination
            network_entity_id  = route_rules.value.route_target
        }
    }
}

Here, the dynamic block loops over the route_rules variable to generate multiple route rules based on a list of objects, making the route table configuration much more flexible and scalable.

Example 4: Dynamic Block for Creating Multiple Compute Instances

Let’s say you want to create multiple compute instances based on a list of instance details. Dynamic blocks can help generate these instances dynamically without hardcoding each one.

variable "instances" {

    type = list(object({
        display_name = string
        shape        = string
        image_id     = string
    }))
}

resource "oci_core_instance" "cms_instance" {
    for_each = var.instances

    compartment_id      = var.compartment_id
    availability_domain  = var.availability_domain
    display_name         = each.value.display_name
    shape                = each.value.shape

    source_details {
        source_type = "image"
        image_id    = each.value.image_id
    }
}

In this example, the dynamic block automatically generates multiple compute instances based on a list of instance configurations, avoiding the need to write individual resource blocks.

Conclusion

Both inline blocks and dynamic blocks in Terraform offer flexibility and scalability in managing infrastructure. Inline blocks are great for grouping logically related configurations, while dynamic blocks are perfect for reducing redundancy when dealing with multiple similar resources. By incorporating these features into your Terraform scripts, you can write more efficient and scalable infrastructure code, making it easier to manage even the most complex OCI environments.

OCI Terraform Part 4 - Terraform State File Management

 Terraform State File Management with OCI

State files are a critical component in Terraform as they track the resources created and allow Terraform to manage infrastructure consistently. Proper state file management is essential for smooth infrastructure operations. This blog explores various types of state management: local, centralized, and OCI bucket.

1. Local State File Management

Steps:

By default, Terraform stores the state file locally in the working directory. For instance, when you run terraform apply, a file named terraform.tfstate is created locally.

Advantages:

• Simple to set up; no extra configuration required.
• Ideal for small, personal projects.

Disadvantages:

• Not suitable for team environments—risk of conflicts.
• Lack of backup in case of accidental deletion.
• Manual handling required for versioning.

Code Example:

terraform {
  backend "local" {
    path = "terraform.tfstate"
  }
}

2. Centralized State Management

Steps:

Utilize a remote backend for centralized state management, such as Terraform Cloud or another supported remote backend. Ensure all users and CI/CD pipelines have access to the remote state.

Advantages:

• Collaborate across teams with the same source of truth.
• Automatically locks the state file during operations to avoid conflicts.
• Backup and recovery options are available.

Disadvantages:

• Additional setup complexity.
• May incur additional costs for hosted backends like Terraform Cloud.

Code Example:

terraform {
  backend "remote" {
    hostname    = "terraform-host"
    organization = "cms-org"
    
    workspaces {
      name = "Dev"
    }
  }
}

3. State Management in OCI Object Storage Bucket

Storing state in an OCI bucket is a good practice when managing larger infrastructures across multiple teams. You can leverage Object Storage for state file management and ensure collaboration, security, and disaster recovery.

Steps:

1. Create a dedicated bucket in OCI Object Storage.

2. Create a Pre-Authenticated Request for the bucket.

3. Upload Existing State:

   curl -X PUT -H "Content-Type: text/plain" --data-binary "@Path_to_the_state_file" https://<Object_storage_uri>
   
   

4. Configure the backend in Terraform to use OCI’s Object Storage.

5. Define the required variables such as compartment OCID, bucket name, and authentication details (profile, auth tokens, or instance principals).

Advantages:

• Automatically backed up in OCI.
• Multi-region availability and data redundancy.
• Suitable for OCI-specific infrastructure.

Disadvantages:

• Requires setting up bucket policies for access control.
• Slightly more complex than local state storage.

Code Example:

terraform {
  backend "http" {
    address = "<Object Storage uri>"
    update_method = "PUT"
  }
}

Once you complete all the pre-requisites, execute terraform init. It will successfully configure the "http" backend. After the init, you can run terraform apply - all the changes will be migrated and saved to the http backend.

Versioning: If versioning is enabled, changes to the .tfstate file will be backed up, providing an additional layer of protection against data loss.

Conclusion

Managing state files effectively is crucial, especially in team environments. Remote state management offers a more secure, scalable, and redundant solution. OCI integration provides a robust option for those leveraging OCI infrastructure. The choice of state management approach depends on your project's size, team collaboration needs, and infrastructure requirements.

Pune's Largest Gaming Zone - Now in Wagholi

    

OCI Terraform Part 3 - Terraform: Loops, Modules, and Infrastructure Automation

Mastering Terraform: Leveraging Loops and Modules for Efficient Infrastructure Management

Terraform is a declarative language that doesn't have typical for-loops for iterating over a list of objects or creating repetitive resources. However, Terraform offers meta-parameters like count, for_each, and for expressions that achieve similar functionality.

Methods to Store Values

There are three types of methods to store values:

• List → Ordered, indexed access, and allows duplicates.
• Map → Unordered, key-based access, and unique key values.
• Set → Unordered, no duplicates, easy to find the presence of the value.

Iterations: Loops

Count

The count parameter allows iteration over each resource provided in a list or module. The count.index helps in iterating over specific resources or looping through each resource.

Let's create three users with different names using a single resource block and count:

variable "usernames" {
  type = list(string)
  default = ["cms", "AM", "AC"]
}

resource "oci_identity_user" "user" {
  count = 3
  name = var.usernames[count.index]
  description = "OCI User"
}

output "username_name" {
  value = var.usernames[*]
}

This will create three users with the following output:

+ username_name = [
    + "cms",
    + "AM",
    + "AC",
]

for_each

The for_each loop allows iteration over lists and maps to create multiple copies of a resource or module. It supports only sets and maps on resources.

variable "usernames" {
  type = list(string)
  default = ["cms", "AM", "AC"]
}

resource "oci_identity_user" "user" {
  for_each = toset(var.usernames)
  name = each.value
  description = "OCI User"
}

output "username_name" {
  value = oci_identity_user.user
}

This code displays all the information related to the users created with the block of code. There are additional methods, such as conditional statements.

Using Modules to Create Infrastructure

Let's use the same concepts in modules to create our infrastructure. First, let's understand what Terraform modules are.

What Are Terraform Modules?

Terraform modules are essential building blocks that allow you to organize and reuse your infrastructure code. Instead of repeating the same code across different Terraform configurations, you can encapsulate it within a module and call that module wherever it's needed. This approach improves code maintainability, reduces errors, and enhances collaboration by creating standardized infrastructure components.

Modules help to keep your Terraform configurations DRY (Don't Repeat Yourself). For example, if you need to create multiple Virtual Cloud Networks (VCNs) or subnets with similar configurations, instead of duplicating the code, you can define the logic in a module and reuse it.

Why Are Modules Necessary?

• Reusability: Modules allow you to reuse the same configuration across different environments, such as development, staging, and production.
• Organization: By breaking down complex configurations into smaller, focused modules, you make your Terraform code easier to manage and understand.
• Consistency: Using modules ensures that your infrastructure components are created consistently, reducing the likelihood of errors.
• Scalability: As your infrastructure grows, modules help scale the management of resources by making it easier to add, modify, or remove components.

Example 1: Single VCN Creation Using a Module

Variable Definitions (variable.tf)

variable "compartment_id" {
  description = "Network compartment id"
  default = "<compartment-ocid>"
  type = string
}

variable "cidr_block" {
  description = "VCN CIDR block"
  type = list(string)
}

variable "display_name" {
  description = "Name of my VCN"
  type = list(string)
}

Explanation: In this block, we define variables that will be used in the VCN module. The compartment_id is the ID of the OCI compartment where the VCN will be created. The cidr_block variable is a list of CIDR blocks that the VCN will use, and the display_name is a list containing the name of the VCN.

Output Definitions (output.tf)

output "vcn_ids" {
  value = [for vcn in oci_core_vcn.vcn : vcn.id]
  description = "VCN ID of the VCN"
}

Explanation: This block outputs the ID of the VCN created by the module. The vcn_ids output is a list of IDs for all the VCNs created by this module.

Main Configuration (main.tf)

resource "oci_core_vcn" "vcn" {
  compartment_id = var.compartment_id
  for_each = {for idx, cidr in var.cidr_block : idx => cidr}
  cidr_block = each.value
  display_name = var.display_name[each.key]
}

Explanation: Here, we define the main logic for creating a VCN. The for_each loop iterates over the list of CIDR blocks, creating a VCN for each entry. The compartment_id is passed in from the variables, and the display_name is used to name the VCN.

Calling the Module in Main Configuration (vcn.tf)

module "vcn" {
  source = "../Dev/module_vcn"
  vcn_cidr = ["10.0.0.0/16"]
  display_name = ["cms_vcn1"]
}

Explanation: In this block, we call the VCN module from our main Terraform configuration. We specify the source of the module and provide the necessary inputs, such as the CIDR block and the display name. This call will create a single VCN based on the logic defined in the module.

Example 2: Creating Multiple Subnets in a Single VCN Using Modules

Variable Definitions (variable.tf)

variable "compartment_id" { 
 description = "subnet compartment id"
 default = "<compartment-ocid>"
 type = string
}

variable "cidr_block" {
  description = "Subnet CIDR block"
  type = list(string)
}

variable "vcn_ids" {
  description = "VCN ID of the subnet"
  type = list(string)
}

variable "display_name" {
  type = list(string)
  description = "Display name of the subnet"
}

variable "prohibit_public_ip_on_vnic" {
  description = "Whether VNICs in this subnet can have public IP addresses."
  type = bool
  default = false
}

Output Definitions (output.tf)

output "subnet_id" {
  value = [for subnet in oci_core_subnet.subnet : subnet.id]
  description = "Subnet ID of the Subnet"
}

Main Configuration (main.tf)

resource "oci_core_subnet" "subnet" {
  compartment_id = var.compartment_id
  for_each = {for idx, cidr in var.cidr_block : idx => cidr}
  vcn_id = var.vcn_ids[each.key]
  cidr_block = each.value
  prohibit_public_ip_on_vnic = var.prohibit_public_ip_on_vnic
  display_name = var.display_name[each.key]
}

Explanation: This block creates subnets within a VCN. The for_each parameter determines how many subnets to create based on the length of the cidr_block list. Each subnet is assigned a CIDR block, a VCN ID, a name, and a public/private designation based on the provided variables.

Calling the Module in Main Configuration (subnet.tf)

module "subnet" {
  source = "../module_subnet"
  vcn_ids = ["10.0.0.0/16"]
  display_name = ["cms_subnet1"]
  cidr_block = ["10.0.0.0/24"]
}

Explanation: In this block, we call the subnet module to create multiple subnets within a single VCN. The module uses the CIDR blocks, VCN IDs, display names, and public/private settings provided in the inputs to create each subnet.

Conclusion

Terraform's loops, if-statements, and modules offer powerful tools for managing cloud infrastructure efficiently. By mastering these concepts, one can create flexible, reusable configurations that scale with the needs.

OCI Terraform Part 2 - Terraform variables

Understanding and Using Variables in Terraform

Introduction to Variables and Why They're Important

In Terraform, variables play a crucial role in making your configuration flexible, reusable, and easy to manage. Without variables, every piece of information, like resource IDs or network configurations, would need to be hardcoded into your scripts, making them difficult to adapt to different environments or use cases. By using variables, you can separate the configuration from the code logic, allowing for easy changes without needing to modify the underlying code.

Types of Variables

Terraform supports various types of variables that you can use to parameterize your configurations. Here are the primary types:

String

variable "cms_string" {
  description = "A simple string variable"
  type        = string
  default     = "Hello, Terraform!"
}
    

Number

variable "cms_number" {
  description = "A simple number variable"
  type        = number
  default     = 42
}
    

Boolean

variable "cms_boolean" {
  description = "A simple boolean variable"
  type        = bool
  default     = true
}
    

List

variable "cms_list" {
  description = "A list of strings"
  type        = list(string)
  default     = ["value1", "value2", "value3"]
}
    

Map

variable "cms_map" {
  description = "A map of values"
  type        = map(string)
  default     = {
    key1 = "value1"
    key2 = "value2"
  }
}
    

How to Define, Use, and Override Variables

Scenario 1: Defining and Using Variables

Let's consider a scenario where you have variables defined in a variables.tf file, and you use these variables in your Terraform configuration:

variables.tf

variable "compartment_id" {
  description = "Root Compartment ID"
  type        = string
}

variable "network_compartment" {
  description = "Network compartment"
  type        = string
}

variable "cmsvcn" {
  description = "My VCN"
  type        = string
}
    

Usage in Configuration

resource "oci_identity_compartment" "compartment" {
  compartment_id = var.compartment_id
  name           = "cmsterraform"
  description    = "Compartment for compute"
}

resource "oci_core_vcn" "cmsvcn" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.0.0/16"
  display_name   = var.cmsvcn
}

resource "oci_core_subnet" "subnet1" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.1.0/24"
  vcn_id         = var.cmsvcn
}

resource "oci_core_subnet" "subnet2" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.2.0/24"
  vcn_id         = var.cmsvcn
  display_name   = "subnet2"
}
    

Scenario 2: Directly Referencing Resources

Sometimes, you may want to directly reference a resource’s attribute without defining a variable for it. Terraform automatically handles dependencies, so you can directly use resource attributes in your configuration:

resource "oci_core_vcn" "cmsvcn" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.0.0/16"
  display_name   = "cmsvcn"
}

resource "oci_core_subnet" "subnet1" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.1.0/24"
  vcn_id         = oci_core_vcn.cmsvcn.id
  display_name   = "subnet1"
}

resource "oci_core_subnet" "subnet2" {
  compartment_id = var.network_compartment
  cidr_block     = "10.0.2.0/24"
  vcn_id         = oci_core_vcn.cmsvcn.id
  display_name   = "subnet2"
}
    

Best Practices for Organizing Variables

Here are some best practices to consider when organizing your variables:

• Group Related Variables Together: Keep related variables together in the same file or section to make them easier to manage.
• Use Descriptive Names: Always use meaningful and descriptive names for your variables so that anyone reading the code can easily understand their purpose.
• Provide Descriptions: Include descriptions for all variables. This helps others (or your future self) understand the role of each variable without needing to guess.
• Set Defaults Where Possible: If a variable is likely to have the same value across multiple environments, consider setting a default value.
• Separate Sensitive Variables: Keep sensitive variables (like passwords or API keys) in a separate file and use Terraform’s sensitive attribute to prevent them from being exposed.

Conclusion

Understanding and effectively using variables in Terraform is crucial for writing scalable, reusable, and maintainable infrastructure-as-code. By leveraging variables, you can easily manage different environments, configurations, and resources without hardcoding values, making your code more adaptable and less prone to errors.

In this post, we've explored the various types of variables, how to define and use them, and best practices for organizing them in your Terraform projects. As you continue working with Terraform, incorporating these practices will enhance your ability to manage complex infrastructures efficiently.

In the next part of this series, we will delve into more advanced Terraform topics, further expanding your knowledge and capabilities. Stay tuned, and don't hesitate to share your thoughts or questions in the comments below!

Getting Started with Terraform in OCI - Part 1

Getting Started with Terraform in OCI

In today’s, cloud-driven world, managing infrastructure efficiently isn’t just a nice-to-have—it’s essential. As businesses scales, the complexity of managing infrastructure grows, making automation a critical part of any IT strategy. This is where Infrastructure as Code (IaC) comes in, and Terraform is at the forefront of this revolution.

Provisioning manual infrastructure can be a feel good factor only when there is a limited resources to provision. Imagine to provision 100's compute with same configuration, it will end with frustration resulting in improper configuration or some other mistakes.

If you’re working with Oracle Cloud Infrastructure (OCI), this blog series is your guide to mastering Terraform. In this first post, we’ll cover the key concepts you need to understand before diving into code, followed by practical examples that you can try out yourself.

No Deep Theories—Just Practical Learning

Our focus in this series is on practical implementation. We won’t go deep into theories, but instead, will highlight the essential concepts that you need to understand. This post is all about getting hands-on with Terraform, using hardcoded values to declare your infrastructure. In later parts of this series, we’ll revisit the same infrastructure using advanced topics, such as variables, outputs, and modules, to make it more dynamic and scalable.

Step 1: Setting Up Your Environment

Before we jump into writing Terraform code, let’s get your environment set up. Whether you’re new to Terraform or just need a refresher, here’s what you’ll need:

• Install Terraform: Follow the official installation guide to get it up and running on your machine.
• Install Visual Studio Code (VS Code): Download it here.
• Add the OCI Provider Plugin: To manage OCI resources, you’ll need to configure Terraform with the OCI provider.

Key Concepts in Terraform

Understanding Terraform’s core concepts is crucial to using it effectively. Let’s break down the most important ones, with practical insights along the way.

1. Providers

Providers are the link between Terraform and the services you want to manage. Think of them as plugins that extend Terraform’s capabilities. In our case, the OCI provider is what enables Terraform to create and manage resources in Oracle Cloud.

Practical Tip: Always ensure you’re using the latest version of the OCI provider to take advantage of new features and improvements.

2. Resources

Resources are the building blocks of your infrastructure. In Terraform, every cloud component, whether it’s a compute instance, a database, or a network, is defined as a resource. Each resource has attributes and properties that determine its configuration.

Practical Tip: When defining resources, start with hardcoded values to understand the basics. As you advance, you can use variables to make your code more dynamic and reusable.

3. State Management

Terraform keeps track of your infrastructure using state files. These files act as a snapshot of your managed resources, enabling Terraform to determine what changes need to be applied.

Practical Tip: Store your state files in a remote backend (like OCI Object Storage) when working in teams. This prevents conflicts and ensures everyone is working with the latest state.

Practical Examples

Now, let’s put these concepts into practice. Below are simple, hardcoded Terraform configurations to get you started. As you progress, you can expand these examples to match your specific needs.

1. Creating a Compartment

resource "oci_identity_compartment" "chetan" {
  #Required
  compartment_id = ""
  description    = "New compartment"
  name           = "ChetanTerraform"
}
            

2. Setting Up a Virtual Cloud Network (VCN)

resource "oci_core_vcn" "cms_vcn" {
    compartment_id = <"compartment-id">
    cidr_block = "10.0.0.0/16"
    display_name = "terraform_vcn"
  }
            

3. Creating a Load Balancer

resource "oci_load_balancer_load_balancer" "example_load_balancer" {
  compartment_id       = <"compartment-id">
  display_name         = "cms-load-balancer"
  shape                = "flexible"  # Can be "flexible" or a fixed shape like "100Mbps"
  shape_details {
    maximum_bandwidth_in_mbps = "10"
    minimum_bandwidth_in_mbps = "10"
  }
  subnet_ids           = [<"subnet.ocid">]
  is_private           = false  # Set to true for a private load balancer
  #idle_timeout_in_seconds = 300
}
            

4. Provisioning a Compute Instance

resource "oci_core_instance" "cms01" {
  availability_domain = <"AD-name">
  compartment_id      = <"compartment-id">
  shape               = "VM.Standard.A1.Flex"
  shape_config {
    ocpus = "1"
    memory_in_gbs = "6"
  }

  source_details {
    source_id               = <"image-ocid">
    source_type             = "image"
    boot_volume_size_in_gbs = "50"
  }
  display_name = "cms01"
  metadata = {
    ssh_authorized_keys = file(<"Path to key file">)
    }
  create_vnic_details {
    subnet_id = <"subnet.ocid">
  }
  preserve_boot_volume = "false"
}
            

This blog post is your launchpad into the world of Terraform with OCI. We’ve covered the essential concepts—providers, resources, and state management—and provided practical examples to get you started.

In this part, we’ve focused on hardcoded values for simplicity. In future posts, we’ll implement the same infrastructure using advanced topics like variables, outputs, and more.

Check out the complete code on GitHub here: https://github.com/cmschetan/OCI--Terraform/tree/main/Part-1

Stay tuned for the next blog in the series!

Overview of Import Route Distribution in Oracle Cloud

Introduction

In Oracle Cloud Infrastructure (OCI), managing network traffic efficiently is crucial for optimizing performance and maintaining secure connectivity. One key feature that facilitates this is import route distribution. This blog provides an in-depth look at import route distribution, focusing on its configuration, use cases, and best practices.

Understanding Import Route Distribution

Import route distribution in OCI involves the sharing of routing information between various network entities, such as Dynamic Routing Gateways (DRGs), Virtual Cloud Networks (VCNs) in the same or remote region. This process ensures that routes are correctly distributed, optimizing network traffic and simplifying management.

Key Concepts:

• DRG Route Tables: Route tables attached to DRGs to manage traffic between VCNs, on-premises networks, and other connected entities.
• Import Distribution Lists: Lists that control which routes are imported into a DRG route table from attachments.

Configuring Import Route Distribution

To configure import route distribution, follow these steps:

1. Access the OCI Console: Log in to your Oracle Cloud account and navigate to the Networking section.
2. Create or Select a DRG: If you do not have a DRG, create one. Select an existing DRG to configure its route tables.
3. Create a Route Table for the DRG: Go to the DRG details page. Click on "Route Tables" and create a new route table.
4. Configure Import Distribution List: Within the DRG route table settings, configure the import distribution list. Specify the attachments from which routes will be imported (e.g., VCN attachments, on-premises connections).

Match Types in Import Route Distribution

When configuring import route distribution, OCI provides several match types that allow for precise control over which routes are imported into a DRG route table:

Attachment:

This match type specifies that routes from a particular attachment are to be imported. Attachments can include:

• VCN Attachment: Connects a VCN to a DRG.
• IPSec Tunnel Attachment: Connects an on-premises network to OCI via an IPSec VPN.
• Virtual Circuit Attachment: Connects a private network to OCI via Oracle FastConnect.
• Remote Peering Connection (RPC) Attachment: Connects VCNs across different regions.
• Cross Tenancy Attachment: Connects resources across different tenancies.

Attachment Type:

This match type allows the import of routes from all attachments of a specific type. Supported attachment types include:

• VCN Attachment: Imports routes from all VCN attachments.
• IPSec Tunnel Attachment: Imports routes from all IPSec tunnel attachments.
• Virtual Circuit Attachment: Imports routes from all virtual circuit attachments.
• Remote Peering Connection (RPC) Attachment: Imports routes from all RPC attachments.

Match All:

This match type imports all routes from all attachments.

Example: "A company with multiple VCNs can use the 'Attachment Type' match type to ensure that all routes from VCN attachments are imported into the DRG route table. This simplifies management and ensures consistent routing across the network."

Benefits of Using Import Route Distribution

• Optimized Network Traffic: Ensures the most efficient routes are used, reducing latency and improving performance.
• Simplified Network Management: Makes it easier to manage and update routing rules across your network.
• Enhanced Connectivity: Facilitates seamless communication between different network segments.
• Improved Security: Allows for strict control over which routes are imported, enhancing network security.

Use Cases and Best Practices

Common Use Cases:

• Multi-VCN Connectivity: Facilitates communication between multiple VCNs through a central DRG.
• Hybrid Cloud Deployments: Connects on-premises networks to OCI, ensuring smooth route import and management.
• High Availability Setups: Distributes routes for failover scenarios, ensuring continuous connectivity.

Common Issues:

• Route Conflicts: Ensure no overlapping or conflicting routes are imported.
• Misconfigurations: Double-check the configurations of route tables and import distribution lists for errors.

Conclusion

Import route distribution is a powerful feature in Oracle Cloud Infrastructure that enhances network connectivity and performance. By properly configuring DRG route tables and import distribution lists, you can optimize your cloud network's efficiency and security. Regularly review configurations and utilize OCI’s monitoring tools to maintain a robust network infrastructure.

Want to migrate to OCI ????

Oracle Cloud Migration Architect Professional Course

Oracle Cloud Gaining Popularity: A Strategic Move for Businesses

Oracle Cloud Infrastructure (OCI) is emerging as a leading choice for enterprises looking to leverage the cloud for its robust performance, security, and cost-efficiency. With its comprehensive suite of services, OCI is gaining popularity among businesses aiming to optimize their IT infrastructure.

Assess and Migrate Workloads Seamlessly to OCI

One of the critical challenges businesses face is the migration of their existing workloads to the cloud. This is where Oracle Cloud Infrastructure shines. OCI supports a wide range of workloads, including enterprise applications, databases, and even entire data centers. Whether it's a lift-and-shift migration or a more complex re-architecture, OCI provides the tools and capabilities to ensure a smooth transition.

Key Takeaways from the Course

Migration Strategies and Planning

The course offered a deep dive into various migration strategies, helping me understand the nuances of lift-and-shift, re-platforming, and re-architecting. I learned how to assess the existing IT landscape to identify suitable workloads for migration and develop a detailed migration plan. This planning phase is crucial for ensuring a smooth and successful migration.

Hands-On Experience with OCI Services

One of the most beneficial aspects was the hands-on experience with OCI services. I gained practical knowledge of OCI's compute, storage, networking, and database offerings. The course provided extensive exercises that allowed me to apply what I learned in real-world scenarios, boosting my confidence in using these services effectively.

Utilizing Migration Tools

The introduction to migration tools like Oracle Cloud Infrastructure Migration and Oracle Zero Downtime Migration (ZDM) was a game-changer. These tools are essential for reducing downtime and ensuring data integrity during the migration process. The course taught me how to leverage these tools to streamline the migration workflow.

Security and Compliance

Ensuring data security and compliance is paramount during cloud migration. The course covered best practices for securing workloads in OCI and maintaining compliance with industry standards. This knowledge is critical for protecting sensitive data and meeting regulatory requirements.

Optimization and Post-Migration Management

Beyond the migration itself, the course emphasized the importance of post-migration management. I learned how to monitor and optimize performance and costs in OCI, ensuring that the migrated workloads continue to deliver value. This continuous improvement approach is vital for long-term success in the cloud.

I have prepared some notes from the course which will give some idea about what the course is all about and provide some approach to where to start for your OCI cloud migration....!!!

Conclusion

As businesses continue to embrace the cloud for its transformative potential, the demand for skilled professionals who can seamlessly migrate workloads to OCI is on the rise. The Oracle Cloud Migration Architect Professional course is your gateway to mastering the art of cloud migration and propelling your career in the cloud computing domain.

For more detailed information and to enroll in the course, visit the Oracle Cloud Migration Architect Professional course page.

Turning Pages, Gaining Insights: The Benefits of Reading

Its all about the books and the Habit to form

Hey there, cloud enthusiasts! I usually dive deep into cloud technology topics, but today, let's take a little detour and talk about something equally enriching – reading books. Trust me, it's worth the detour!

Why Is Everyone on LinkedIn and YouTube Recommending Books?

Have you noticed how many influencers and thought leaders on LinkedIn and YouTube keep recommending books? Ever wondered why that is? Well, there's a good reason behind it.

Books are an unparalleled source of knowledge. They offer in-depth insights into a myriad of topics, ranging from history and science to philosophy and personal development. Unlike the quick snippets of information we often get online, books provide a comprehensive understanding and context that can deeply enrich your mind.

What Are the Benefits of Reading Books?

When you immerse yourself in a book, you embark on a journey of cognitive enhancement. Reading stimulates your brain, boosting functions like concentration, critical thinking, and analytical skills. It's like a workout for your mind! Not to mention, it can even improve your memory and slow down cognitive decline as you age.

Moreover, books are fantastic for expanding your vocabulary and improving your language skills. Imagine being able to articulate your thoughts more clearly and effectively, whether you're writing a blog post or presenting a new idea at work. That's the power of reading.

Now, let's talk about stress. We all know how overwhelming life can get, especially in the fast-paced world of technology. Here's where books come to the rescue. Immersing yourself in a good book can be a wonderful way to relax and de-stress. It provides a mental escape, calming your mind and reducing anxiety.

Have you ever found it challenging to focus or stay disciplined? Reading can help with that too. It requires patience and concentration, qualities that are often undermined by our instant gratification culture. Developing a reading habit can enhance your ability to focus and build discipline – both incredibly valuable traits in personal and professional life.

But that's not all. Reading fiction, in particular, can improve your empathy and emotional intelligence. By experiencing the lives and emotions of characters, you gain a better understanding of human nature and social relationships. This can enhance your interpersonal skills and make you a more empathetic person.

Why Do Influencers Encourage Reading?

Many successful individuals attribute their achievements to their reading habits. Books offer timeless wisdom and strategies that have been proven to work. By reading what successful people read, you can gain insights into their mindset and practices.

In our rapidly changing world, continual learning is crucial. Books provide a structured way to stay updated and acquire new skills. Influencers understand this and promote reading as a means to stay ahead in one's field.

Reading a wide range of books also allows you to develop a broad perspective and become a thought leader in your domain. Sharing insights from your reading can position you as a knowledgeable and credible authority on platforms like LinkedIn and YouTube.

What Will Happen Once You Start Reading Books?

Once you start reading regularly, you'll notice a remarkable transformation in your life. You'll become more knowledgeable, articulate, and confident. Your ability to focus and think critically will improve, and you'll develop a greater sense of empathy and emotional intelligence. Reading can also open up new opportunities, inspire creativity, and provide a sense of fulfillment and purpose.

How to Get Started?

If you're new to reading, start small. Try buying your first book on a topic that piques your interest. This initial step can make you a reader or at least help you form the habit. Remember, integrating reading into your daily routine can unlock your potential and enrich your life in ways you never imagined.

So, while I usually write about the latest trends in cloud technology, I thought it was important to share this with you. I'll try to write more about books along with technology in the future. Pick up a book today and start your journey towards personal and professional growth. Happy reading!

Passing the "Oracle Cloud Infrastructure 2024 Generative AI Professional" Exam

How I Cleared the "Oracle Cloud Infrastructure 2024 Generative AI Professional" Exam

I have cleared the "Oracle Cloud Infrastructure 2024 Generative AI Professional" certification and want to share my experience on how the exam is and what to expect.

Exam Details

• Exam Code: 1Z0-1127-24
• Passing Score: 65%
• Number of Questions: 40

Preparation Strategy

The Oracle University course covers all the required details needed to pass the exam. Each topic has a demo associated with it, which helps to understand the concept. It is essential to complete the course before appearing for the exam.

Key Topics to Focus On

The exam mostly tests your knowledge on the following points:

• Encoder, Decoder: Understanding the mechanisms that process input data (encoder) and generate output data (decoder) in AI models.
• Prompting: Techniques for generating desired outputs from language models by providing specific input prompts. K -shot prompting can increase the accuracy and relevancy of the output.
• Prompt Engineering and Issues with Prompting: The art of crafting effective prompts and addressing common issues such as ambiguity and misinterpretation.The LLM can create hallucination output as well if trained with limited data.
• Hallucination: When AI models generate plausible but incorrect or nonsensical information, understanding its causes and mitigation strategies.
• LLM Applications: Practical applications of large language models in various industries and use cases.
• OCI Generative AI Service and Foundational Models: Utilizing Oracle Cloud Infrastructure’s Generative AI services and understanding the foundational models they offer. OCI AI cluster - Fine-tuning and Hosting cluster
• RAG (Retrieval Augmented Generation): Combining retrieval mechanisms with generative models to improve information accuracy and relevance.
• RAG Techniques and Pipeline: Implementing and optimizing RAG techniques in AI workflows.
• LangChain: A library that simplifies the development of applications using language models, supporting chaining multiple prompts together.
• OCI Generative AI Service Pricing: Understanding the cost structure of OCI Generative AI services to manage and optimize expenses effectively. Fine-tuning requires 2 and hosting needs 1 CPU cluster.

Handwritten Notes

While going through the Oracle University AI professional course, I have prepared handwritten notes which may help you to revise for the exam. I am attaching them below:

Conclusion

Clearing the "Oracle Cloud Infrastructure 2024 Generative AI Professional" exam requires a thorough understanding of the topics mentioned above. The Oracle University course is a comprehensive resource that, when completed, prepares you well for the exam. Good luck with your preparation!

Happy studying!

All about DNS - OCI DNS - Part 3

OCI DNS Part 3: Setting Up Listener and Forwarder

Welcome to the third part of our series on Oracle Cloud Infrastructure (OCI) DNS. In the previous parts, we covered the basics of DNS, creating a private zone, and associating it with a Virtual Cloud Network (VCN). In this part, we will focus on setting up a DNS Listener and Forwarder to manage DNS queries between your on-premises network and OCI.

Understanding DNS Listener and Forwarder

The DNS Listener and Forwarder setup in OCI allows you to route DNS queries between your on-premises network and OCI. This configuration helps in maintaining a unified DNS resolution strategy across hybrid environments, ensuring seamless connectivity and name resolution.

Components Involved

• DNS Listener: Listens for DNS queries from your on-premises network or other sources.
• DNS Forwarder: Forwards DNS queries to the appropriate DNS server (either in OCI or on-premises) based on the query type and domain.

Step-by-Step Guide to Set Up DNS Listener and Forwarder

1. Setting Up DNS Listener

1. Navigate to the DNS Management Console
   • Log in to your OCI account.
   • From the OCI console, go to the "Networking" section and select "DNS Management".
2. Create a DNS Listener
   • Click on the "Create Listener" button.
   • Fill in the necessary details:
     • Name: Enter a name for your DNS listener.
     • VCN: Select the VCN where the listener will be set up.
     • Subnet: Select the subnet for the listener.
   • Click "Create Listener".

2. Setting Up DNS Forwarder

1. Navigate to the DNS Management Console
   • In the DNS Management section, go to the "Forwarders" tab.
2. Create a DNS Forwarder
   • Click on the "Create Forwarder" button.
   • Fill in the necessary details:
     • Name: Enter a name for your DNS forwarder.
     • Target DNS Servers: Add the IP addresses of the target DNS servers (both on-premises and in OCI).
   • Click "Create Forwarder".

Illustrating the Traffic Flow

The following diagram illustrates how traffic is handled by the DNS Listener and Forwarder, showing the flow of DNS queries between on-premises and OCI environments.

Testing the Configuration

After setting up the DNS Listener and Forwarder, it's important to test the configuration to ensure that DNS queries are correctly routed.

Steps to Test the Configuration

1. Launch an Instance
   • Create or use an existing instance in the VCN associated with the DNS listener.
2. Configure DNS Resolver
   • Ensure the instance is configured to use the DNS listener for DNS resolution.
3. Perform DNS Queries
   • Use the nslookup or dig command to test DNS resolution.
   • Verify that DNS queries for domains hosted in OCI and on-premises are resolved correctly.

Conclusion

In this blog, we covered the steps to set up a DNS Listener and Forwarder in OCI, ensuring efficient DNS query management across on-premises and cloud environments. This setup helps maintain a consistent and unified DNS resolution strategy, enhancing the connectivity between hybrid infrastructures.

This ends our OCI DNS series....!!!