Senior Vice President – Head of Platforms & Development
When recently bringing one of our customers to Oracle Cloud Infrastructure (OCI) with their Oracle E-Business Suite Environment (in this case on Release 12.2.9) I quickly scrolled through the latest My Oracle Support Note 2434500.1, describing the procedure – mainly looking for changes. Instead of having to create all those Networks, Subnets, Routing Tables, Security Lists, Load Balancers and Compute Instances, I was looking for a better way than doing it manually over and over again.
Being a passionate developer, I decided to solve this challenge by defining all of these infrastructure as code – more precisely as Terraform definitions. Let’s take a closer look at this.
Terraform Stacks – Overview
Oracle Cloud Infrastructure has built-in native support for defining and configuring all available components using Terraform definitions. See https://www.terraform.io/docs/providers/oci/index.html for all the details on the available options. These Terraform scripts can then be bundled into a zip-file and uploaded into Oracle Cloud Infrastructure as a “Resource Stack” that then allows applying all the infrastructure definitions – be they compartments, users, groups, networks or compute instances – at the push of a button:
Let’s take a closer look at the individual parts of my Terraform Stack to configure my entire E-Business Suite Environment on OCI. To keep my Code cleaner, I divided it into several smaller components:
As you can see in the file size, the network configuration is the most complex part of this: It contains a lot of subnets for both Cloud Manager and the actual E-Business Suite networks, routing rules and security lists defining who can communicate with whom. But let’s start easy:
Compartments, users, groups and policies
First of all, I created Terraform scripts defining a new EBS_compartment under the root compartment. After that an ebscm.admin user was created, who acts as a user who trades through the Cloud Manager. Then I created groups for EBS DBAs, Network Admins and Cloud Manager Admins, and assigned them the appropriate IAM Policies to manage the compartment:
The most complex part is the definition of all the networking resources. But, this still goes a lot easier “in code” than by manually configuring all these subnets, routing rules, security lists, etc.:
Compute, Variables and Output
Finally, I subscribed to the Cloud Manager image from the Oracle marketplace (https://cloudmarketplace.oracle.com/marketplace/en_US/listing/49940494) and started a VM.Standard.E2.1 instance. Since a Site2Site IPSEC Tunnel was not yet configured – like at the beginning of most projects – I also started a small VM.Standard.E2.1.Micro instance in a public subnet, which acts as a bastion host to get into the Cloud Manager machine for further configurations.
To make the setup more flexible and reusable, I put all the variable parts – e.g. the different network subnets used, the SSH public key allowing to get into the instance, the region and the tenancy ID into variables. Further I’ve defined an output.tf that spooled out the most relevant IDs for further use during Cloud Manager configuration.
The above Scripts bring down the steps 1-4 of 2434500.1 and more important a “private network only” version as described in 2522175.1 for the actual E-Business Suite down to minutes over hours of “clicking”. After the initial stack has been provisioned, the configuration of Cloud Manager is just a bit of Copy-Pasting of OCIDs, as brought up by the Terraform Outputs. This enabled me to access a brand new E-Business Suite 12.2.9 Environment on a 19c database in hours, compared to weeks required with a traditional On-Premise or “Other Cloud Vendor” infrastructure.