Added oracle cloud article

content/blog/miscellaneous/getting_started_oci_free_tier.md

@@ -0,0 +1,201 @@
+---
+title: Getting started with Oracle Cloud Infrastructure
+description: Oracle Cloud Infrastructure's always free tier is very generous
+date: 2021-09-05
+tags:
+  - terraform
+---
+
+## Introduction
+
+Oracle Cloud Infrastructure provides quite a generous always free tier for you to use and test their cloud... or host some light services. But getting started was a little difficult with many pieces missing or incomplete in the examples, especially how to configure ipv6 on your instances.
+
+The documentation is very good and exhaustive but information was scattered : the following should help you get started right after you create your oracle cloud infrastructure's account.
+
+## Create your API access
+
+In order to terraform your infrastructure, you are going to need to generate an api access which is composed of a key and several other things :
+- Open the web console, click the top left menu and select `Identity & Security` then `Users`.
+- Click your account
+- Scroll to bottom left and select `API Keys`
+- click `Add an api key`
+- Select `Generic API Key Pair`, download the private key file then click `Add`
+- Copy the information displayed for the next phase
+
+## Terraform
+
+### Provider configuration
+
+Here is the relevant snippet from my `providers.tf` file :
+```hcl
+variable "oracle_tenancy_ocid" {}
+variable "oracle_user_ocid" {}
+variable "oracle_fingerprint" {}
+provider "oci" {
+  tenancy_ocid     = var.oracle_tenancy_ocid
+  user_ocid        = var.oracle_user_ocid
+  fingerprint      = var.oracle_fingerprint
+  private_key_path = "../tf-common/oracle_key.pem"
+  region           = "eu-amsterdam-1"
+}
+variable "oracle_amd64_instances_names" {}
+```
+
+This goes along with a `terraform.tfvars` file that you should fill with the api access information you saved up earlier :
+```hcl
+oracle_tenancy_ocid = "XXXXX"
+oracle_user_ocid    = "YYYYY"
+oracle_fingerprint  = "ZZZZZ"
+
+oracle_amd64_instances_names = ["dalinar", "kaladin"]
+```
+
+The last bit is how I name the two free instances I want to create, pick anything you like.
+
+### Networking
+
+Here is how to bootstrap a vcn and the associated objects for direct internet access. For simplicity I will leave the access lists opened, firewall rules really are a pain to write with terraform... I plan to keep on using iptables or shorewall on the hosts for now.
+```hcl
+resource "oci_core_vcn" "adyxax" {
+  compartment_id = var.oracle_tenancy_ocid
+  cidr_blocks    = ["10.0.0.0/16"]
+  display_name   = "adyxax"
+  dns_label      = "adyxax"
+  is_ipv6enabled = true
+}
+resource "oci_core_internet_gateway" "gw" {
+  compartment_id = var.oracle_tenancy_ocid
+  vcn_id         = oci_core_vcn.adyxax.id
+  enabled        = true
+  display_name   = "gw"
+}
+resource "oci_core_route_table" "default-via-gw" {
+  compartment_id = var.oracle_tenancy_ocid
+  vcn_id         = oci_core_vcn.adyxax.id
+  display_name   = "default-via-gw"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.gw.id
+  }
+  route_rules {
+    destination       = "::/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.gw.id
+  }
+}
+# protocol - Specify either all or an IPv4 protocol number : ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").·
+resource "oci_core_security_list" "allow-all" {
+  compartment_id = var.oracle_tenancy_ocid
+  vcn_id         = oci_core_vcn.adyxax.id
+  display_name   = "allow-all"
+
+  egress_security_rules {
+    protocol    = "all"
+    destination = "0.0.0.0/0"
+  }
+
+  ingress_security_rules {
+    protocol = "all"
+    source   = "0.0.0.0/0"
+  }
+
+  egress_security_rules {
+    protocol    = "all"
+    destination = "::/0"
+  }
+
+  ingress_security_rules {
+    protocol = "all"
+    source   = "::/0"
+  }
+}
+resource "oci_core_subnet" "adyxax-production" {
+  cidr_block     = cidrsubnet(oci_core_vcn.adyxax.cidr_blocks[0], 8, 0)
+  compartment_id = var.oracle_tenancy_ocid
+  vcn_id         = oci_core_vcn.adyxax.id
+
+  display_name      = "production"
+  dns_label         = "production"
+  ipv6cidr_block    = cidrsubnet(oci_core_vcn.adyxax.ipv6cidr_blocks[0], 8, 0)
+  security_list_ids = [oci_core_security_list.allow-all.id]
+  route_table_id    = oci_core_route_table.default-via-gw.id
+}
+```
+
+### Instances
+
+Here is how to create the two always free tier instances. The tricky part was to understand how ipv6 addresses are like second class citizens on oracle cloud :
+```hcl
+data "oci_identity_availability_domains" "ads" {
+  compartment_id = var.oracle_tenancy_ocid
+}
+data "oci_identity_fault_domains" "fd" {
+  compartment_id      = var.oracle_tenancy_ocid
+  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
+}
+# taken from https://docs.oracle.com/en-us/iaas/images/all/?search=Oracle-Linux-8.4
+data "oci_core_image" "ol8" {
+  image_id = "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaaj46eslsa6ivgneyneypomtvzb6dmg22gtewy6opwiniuwgsdv7uq"
+}
+
+resource "oci_core_instance" "amd64-vms" {
+  count                = length(var.oracle_amd64_instances_names)
+  compartment_id       = var.oracle_tenancy_ocid
+  availability_domain  = data.oci_identity_availability_domains.ads.availability_domains[0].name
+  fault_domain         = data.oci_identity_fault_domains.fd.fault_domains[count.index % length(data.oci_identity_fault_domains.fd.fault_domains)].name
+  display_name         = var.oracle_amd64_instances_names[count.index % length(var.oracle_amd64_instances_names)]
+  shape                = "VM.Standard.E2.1.Micro"
+  preserve_boot_volume = true
+  create_vnic_details {
+    subnet_id      = oci_core_subnet.adyxax-production.id
+    hostname_label = var.oracle_amd64_instances_names[count.index]
+    display_name   = var.oracle_amd64_instances_names[count.index]
+  }
+  source_details {
+    boot_volume_size_in_gbs = 50
+    source_type             = "image"
+    source_id               = data.oci_core_image.ol8.id
+  }
+  metadata = {
+    "ssh_authorized_keys" : "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco"
+  }
+}
+data "oci_core_vnic_attachments" "amd64-vms-vnics" {
+  count          = length(var.oracle_amd64_instances_names)
+  compartment_id = var.oracle_tenancy_ocid
+  instance_id    = oci_core_instance.amd64-vms[count.index].id
+}
+resource "oci_core_ipv6" "amd64-vms-ipv6s" {
+  count        = length(var.oracle_amd64_instances_names)
+  vnic_id      = data.oci_core_vnic_attachments.amd64-vms-vnics[count.index].vnic_attachments[0].vnic_id
+  display_name = var.oracle_amd64_instances_names[count.index]
+}
+```
+
+### Bonus : Provisionning cloudflare's dns
+
+If like me you are managing your dns with cloudflare, here is how to provision the relevant records :
+```hcl
+resource "cloudflare_record" "adyxax-org-oracle-amd64-vms-ipv4" {
+  count   = length(var.oracle_amd64_instances_names)
+  zone_id = lookup(data.cloudflare_zones.adyxax-org.zones[0], "id")
+  name    = var.oracle_amd64_instances_names[count.index]
+  value   = oci_core_instance.amd64-vms[count.index].public_ip
+  type    = "A"
+  proxied = false
+}
+resource "cloudflare_record" "adyxax-org-oracle-amd64-vms-ipv6" {
+  count   = length(var.oracle_amd64_instances_names)
+  zone_id = lookup(data.cloudflare_zones.adyxax-org.zones[0], "id")
+  name    = var.oracle_amd64_instances_names[count.index]
+  value   = oci_core_ipv6.amd64-vms-ipv6s[count.index].ip_address
+  type    = "AAAA"
+  proxied = false
+}
+```
+
+## Conclusion
+
+Putting all of this together was an interesting experience, and I am satisfied that it works well. In the future I plan to add my own oci image based on alpine linux which is not available natively. I tried oracle linux and it is fine, but consumes way too much ram for my taste. For now I installed alpine linux using the instance's cloud console and [my procedure for that]({{< ref "docs/alpine/remote_install_iso" >}}).