What’s the point of moving a database to the Cloud if we can’t automatically deploy it. After blogging about web compute provisioning on AWS,OCI, Azure, & GCP using terraform. The least I could do as a (future-ex) DBA is to terraform database provisioning in Oracle Cloud. On top of that, I also wanted to include a bastion service session to connect to the DBCS instance in the private subnet .
Here’s a link to my GitHub repo linked to this lab: brokedba/terraform-provider-oci/database-system
Where do I find a good OCI Database deployment sample?
I explored the official Oracle Cloud GitHub repository, but I couldn’t find a simple stack with no frills. I mean, when you want to deploy a database for the first time, you don’t want to spin 10 other app components that have nothing to do with your DB. I then decided to gather the bare minimum using a function called terraform import that will retro-engineer the code from an existing database and carried on from there.
Overview & topology
The above illustration shows the different components involved in this OCI Terraform Database stack.
Database Cloud system 21c with 1 PDB
Bastion service + Bastion session using port forwarding SSH targeting the DB instance
DB Subnet: private / linked to default route table
App Subnet: public / linked to app route table
2x route tables
Default route table > routes to NAT Gateway &Service gateway
App route table > routes to internet gateway
2x security lists
db sec list ports : ingress 22/1521 from app subnet
App sec list ports ": ingress 22/80/443 , egress 1521
Linux : Download, unzip and move the binary to the local bin directory
II. Clone the repository
Pick an empty directory on your file system and issue the following command
You will find a sub-directory called database-system in the repository where the DBCS stack is located:
where our configuration resides
Run terraform init that will install OCI provider plugin automatically
III. terraform config content
Let's see what's in the
database-systemdirectory. Here, only
*.tffiles matter along with tf
Adjust the required authentication parameters in terraform.tfvars according to your tenancy and DB info
Terraform files OVERVIEW:
I will only show excerpts from database.tf /output.tf to have an idea but all *.tf files are accessible on my Repo.
As shown in the below declaration, highlighted in green are variables and the grey ones are data source based
All variables can of course be changed to your liking in the variables.tf
Here we just grab any relevant information related to the DBCS and the Bastion service like the ssh command