Platform Provisioning Automation for Oracle Cloud

Infrastructure, Platform, Everything as Code:
Provisioning Automation for the Oracle Cloud
Nikitas Xenakis, Co-op
Simon Haslam, eProseed

About Us
Nikitas Xenakis
Platform Specialist / Architect, The Co-op
• 17+ years as Enterprise DBA (v7-12cR2/19c)
• CAB/Beta Member: Oracle Database, Oracle
RAC, Data Integration (Goldengate)
• Global Leaders Transaction Processing
@Nikitas_Xenakis
https://www.linkedin.com/in/nikitasxenakis

Copyright © 2018, eProseed and its affiliates. All rights reserved.
ABOUT ME
Simon Haslam
• Platform / Infrastructure
Architect
• Focus includes HA, DR,
security, automation
Relevant to this session
• Building SOA & DB CS since
May 2016
• Designed & built SOA CS
integration platform for
global use since Oct 2017
• On team migrating eProseed
Lux data centres to OCI –
using Terraform for OCI
network configuration
@simon_haslam

Agenda
• Introduction
• Business Context, Technology Drivers
• Challenges, Direction
• Modern Platform Architecture
• Infrastructure and Platform as Code (IaC, PaC)
• Terraform and Oracle Cloud Infrastructure (OCI)
• Demo
• Summary
4

Co-op HQ, Manchester UK - One of the most sustainable large buildings in the world
▪ Annual Revenue: £9.5B
▪ 2800+ Owned Stores
▪ Retail, Wholesale, Franchise,
Ecommerce
▪ 14 Distribution Centres
▪ Logistics Network servicing
7500+ Stores
Leading UK Convenience Retailer

Business & Technology Drivers
Business Context
• Technology as an enabler and transformer for business growth
• Acquisitions increasing diversity and scaling of technology landscape
• Modern Business demands High-Velocity in delivery
• Fuel for Growth, efficiencies re-invested to the business
• New Markets/Channels: Retail, Wholesale, Franchising, E-commerce
• Zero lost productive hours from preventable issues, protect service
Technology Drivers
• Simplification and standardisation of Database & Middleware platforms
• Continuous Delivery, Continuous Integration (CI/CD)
• Strategic alignment of technology to business strategy, Cloud capability
• Exiting Data Centres where appropriate
6

Business & IT Context
Co-op
Stores
Distribution
Centres
Independent
Co-op Stores
Co-op
Data Centre
B
Support
Centre
Co-op
Data Centre
A
Cloud
2800 2500
141
70,000 colleagues
4000 users
7
6,100,000 members
CSG
Stores
2200

On-Premises Platforms
9
On-Premises Platforms are architected and implemented in a Waterfall
manner (Design, Cost, Procure, Deploy, Configure)
• Pros
• Established
• Fit for Purpose for Waterfall
• Predictable (Cost, Performance)
• Cons
• Slow to provision from Design to Delivery
• Diverse, Complex
• Limitations in Capacity, Automation, Elasticity, Capacity On Demand

Modern Business Demands
10
Modern business expectations and demands:
• Agility
• High-Velocity
• Trial ideas without significant investment
• Technology on demand not hindering
• Security (By Design) as high-priority
• Cost Sensitive
• Scalability, Capacity on Demand

Next Generation of (Cloud) Platforms
12
Modern Platforms should be architected and engineered based on
Infrastructure & Platform as Code (IaC, PaC) with the following in
mind:
• Simple
• Repeatable
• Scalable, Elastic
• Secure
• Self-Healing
• Versionable

Cloud Platforms
13
Gen -1 Cloud Platforms are provisioned in a variety of ways
• Oracle Cloud Infrastructure (OCI) – Cloud Portal
• Azure – Azure Portal, ARM
• AWS – AWS Portal, CloudFormation

Infrastructure & Platform As Code (IaC, PaC)

Infrastructure, Platform As Code (IaC, PaC)
15
• The process and ability to define,
provision and manage IaaS, PaaS
resources and services in a declarative
manner using a simple language rather
than physical hardware installation,
configuration

Infrastructure, Platform As Code (IaC - PaC)
16
• The key pattern is to use IaC and PaC for
creating platforms that are highly automated,
Self-healing through automation in a
declarative way
• Automation supports DevOps and
Continuous Delivery and Continuous
Integration (CI/CD)

Infrastructure As Code (IaC)
17
• Terraform
• Open Source Tool (written in Go) by Hashicorp
• Multi Cloud incl. OCI
• 80+ Providers including OCI
• Other Declarative Languages/Tools
• CloudFormation, ARM
• Oracle Stack Manager
• Puppet, Chef, Salt, etc

Terraform Available Platforms
18

How Co-op use IaC & Terraform today
19
In reality any enterprise will have a multi-cloud deployment footprint
• Co-op use Terraform to define/build a Retail Digital Platform in Azure
• Digital Management Layer (mostly Open Source Technologies)
• CI/CD Pipeline
• Platform is Hosting Responsive (Microservices based) Apps accessible to
Colleagues Own Devices
Terraform’s declarative nature and syntax allows the same patterns to
be deployed on OCI with re-factoring changes for specific APIs

Terraform - Co-op Best Practices
20
• Terraform Deployment Approach
• TF binaries co-located with Jenkins VM
• TF source code stored in Gitlab
• Platform Engineers use Git Client over SSH to develop/commit source
• QA Application environments re-built daily for regression and validation
• Avoid using TF on Laptop
• TF definition enough to re-build Platform in different Region (HA/DR)
• Gitlab and TF are key for Platform Re-build

Terraform and Oracle Cloud Infrastructure (OCI)

WE NEED A DIGRESSION… CLASSIC PAAS PROVISIONING
22

Copyright © 2018, eProseed and/or its affiliates. All rights reserved. | Confidential
OCI OR OCI CLASSIC?
23
Both use
IDCS
PSM
OCI Classic
aka OPC
Mature, around for 3-4 years
Simpler, lower tech
Blogs, discussions & docs mostly
about this
Legacy but not EOL
OCI
aka Next Gen IaaS
New, around for ~2 years
More sophisticated, esp. DR, better
meets enterprise needs
New services & all autonomous
are OCI
Additional OCI-native PaaS
Info harder to find, e.g. PaaS+OCI
Strategic
C L A S S I C Shiny!
In a state of transition (18Q4)

WE NEED A DIGRESSION… PAAS PROVISIONING
• PaaS originally:
– Accessed through My Services, each service has its own console
– PaaS Services Manager (PSM) does the provisioning
• Now also have “OCI native” PaaS
– My Services (non Classic) jumps through to a new OCI-native console
– PSM is not involved
24
Future…
All service components are
managed through REST APIs…
tools like the consoles or
Terraform sit on top of APIs

GENERAL GUIDE FOR MY SERVICES
If a cloud service has two consoles “Whizz” and “Whizz
Classic” then:
– “Whizz Classic” will provision/manage Whizz instances on
Classic only
– “Whizz” will provision/manage Simon instances on OCI only,
and jump out to OCI-native PaaS console
If a cloud service has one console “Whizz” then:
– “Whizz” may provision either Classic or OCI
– If provisioned on OCI then it is still be managed by same
console (not an OCI-native one)
Autonomous provisions to OCI but has single console
25
This is how it is Dec 18… navigation
could easily change again
Whizz
Whizz Classic
Whizz
Whizz
There is no real Whizz service! ☺

HOW MANY NATIVE-OCI PAAS SERVICES ARE THERE?
26
From Oracle
under Safe Harbour statement
Sept 18, i.e. pre-OOW
Ask Oracle for latest info!

TERRAFORM
27

TERRAFORM’S PURPOSE
“Terraform is a tool for building, changing and versioning
infrastructure safely and efficiently”
28
Cloud-agnostic
but not generic
(each cloud has own
providers)

TERRAFORM – KEY TERMS
• Resources: the artefacts that terraform manages
• Variables: as name, used in resource descriptions
• Data Sources: generated e.g. IDs for use elsewhere
• Execution plan: what Terraform will do to turn the
infrastructure in its current form to the desired state
• Apply: what you do to tell Terraform to change to the
desired state
• Resource graph: the plan Terraform uses to make the
changes to resources, parallelising as much a possible
• Providers: tells Terraform how to build and manage one
or many resource types
29

BOUNDARIES
30
resourcesPROVISIONING
This provisions resources
& optionally calls
“provisioner”
e.g.
network
VM instance
PaaS instance
VM images might be
Oracle supplied plain
ones, Oracle-supplied
PaaS ones, or your own
(e.g. from Packer),
Maintains state of infra
Optional
Provisioner
CONFIGURATION
MANAGEMENT
This configures
resources
e.g.
TLS certificates & identity
CM self-registration
Maintains internal state of
resources (instances)

TERRAFORM PROVIDERS
• A provider tells Terraform how to build and manage one or many resource types
• Providers are supplied by Hashicorp, a resource provider (like Oracle), or 3rd
party/community
31

MORE ABOUT TERRAFORM PROVIDERS
• Providers are either:
– Integrated: downloaded by Terraform when needed
– Non-integrated: install from 3rd party or write your own
• 3 Oracle-developed providers available:
32
oci oracle
paas opc
More about these in a minute..These 3 Oracle providers are all
now integrated

OCI TERMS (IAAS)
• Compartments
• Compute Instances
• Virtual Cloud Networks
• Gateways (Internet Gateway & Dynamic Routing Gateway)
33
There have been 3+ Terraform, and a few
OCI, sessions this week so we’ll assume
you’ve seen the basics already

BIG PICTURE EXAMPLE
34
DRG
Dynamic
Routing
Gateway
On-prem
Another
VCN
Another
cloud
admin

GETTING STARTED
• You need a host to run Terraform from
– could be your PC, a cloud instance, or build server
• Oracle Linux 7 example:
sudo yum install -y terraform
• Create/reuse .tf config files & set up .tfvars for your account/env
• The .tf files need to have one or more providers specified
35
terraform init
terraform plan
terraform apply
…terraform destroy

ORACLE EXAMPLES
• https://github.com/oracle/terraform-examples
Starting point for some cases – reasonable activity (91 commits)
• https://oracle.rainfocus.com/widget/oracle/oow18/catalogoow18?search=HOL6376
37
Start here!
Probably
takes 1-3h

HANDS-ON-LAB TIP
If you have a trial account you will not have sufficient compute resources to run the HOL.
=> Raise an SR to get this increased, e.g. to 10 for 2.1 shape (change shape in .tf config):
38 Paid for accounts have default limit of 40 per AD for small VMs
https://docs.cloud.oracle.com/iaas/Content/General/Concepts/servicelimits.htm

OCI PROVIDER
Infrastructure & OCI-native PaaS
https://www.terraform.io/docs/providers/oci/index.html
40
Lots of resources
- examples:

ORACLEPAAS PROVIDER
PaaS under PSM control
https://www.terraform.io/docs/providers/oraclepaas/index.html
41
almost
legacy

OPC PROVIDER
OCI Classic resources
https://www.terraform.io/docs/providers/opc/index.html
42
legacy

CURRENT RECOMMENDATIONS
• To provision PSM PaaS on Classic
– Use Cloud Stacks <= works well
– Use REST APIs with scripting tool, or CM tool like Chef, Puppet, Ansible
– Don’t use Terraform OPC Provider
• To provision PSM PaaS on OCI
– Use REST APIs with scripting tool, or CM tool like Chef, Puppet, Ansible
– Maybe consider Terraform with oraclepaas provider… it doesn’t look very strategic though
• To provision OCI-native PaaS
– Use Terraform with oci provider
43

TIP!
Extension available for
Microsoft VS Code editor
44

Summary
• Multi Cloud Enterprise Platforms and Automation is the reality
• Infrastructure, Platform as Code for standardisation and
simplification of Modern Platforms
• Terraform is the de-facto popular IaC-PaC tool but not fully cloud
independent
• Terraform patterns can help with platform portability
• Terraform & Oracle Cloud Infrastructure (OCI) fully supported
and now available with ATP/ADW
• Avoid a Data Centre in the cloud provisioning approach
46

Platform Provisioning Automation for Oracle Cloud

More Related Content

What's hot (20)

Similar to Platform Provisioning Automation for Oracle Cloud (20)

More from Simon Haslam (20)

Recently uploaded (20)

Platform Provisioning Automation for Oracle Cloud