Provision Oracle Data Science (ODS) Using Oracle Cloud Infrastructure Resource Manager and Terraform
This solution allows you to provision Oracle Data Science (ODS) and all its related artifacts using Terraform and Oracle Cloud Infrastructure Resource Manager.
Below is a list of all artifacts that will be provisioned:
Component | Default Name | Optional | Notes |
---|---|---|---|
Group | Oracle Cloud Infrastructure Users Group | False | All Policies are granted to this group, you can add users to this group to grant me access to ODS services. |
Dynamic Group | Oracle Cloud Infrastructure Dynamic Group | False | Dynamic Group for Data Science Resources. |
Policies (compartment) | Oracle Cloud Infrastructure Security Policies | False | A policy at the compartment level to grant access to ODS |
Vault Master Key | Oracle Cloud Infrastructure Vault Master Key | True | Oracle Cloud Infrastructure Vault Master Key can be used encrypt/decrypt credentials for secured access. |
- You need a user with an Administrator privileges to execute the ORM stack or Terraform scripts.
- Make sure your tenancy has service limits availabilities for the above components in the table.
-
clone repo
git clone [email protected]:oracle-quickstart/oci-ods-orm.git
-
Download
oci-ods-orm-v2.0.1.zip
file -
From Oracle Cloud Infrastructure Console/Resource Manager, create a new stack.
-
Make sure you select My Configurations and then upload the zip file downloaded in the previous step.
-
Set a name for the stack and click Next.
-
From the stack details page, Select Plan under Terraform Actions menu button and make sure it completes successfully.
-
From the stack details page, Select Apply under Terraform Actions menu button and make sure it completes successfully.
-
To destroy all created artifacts, from the stack details page, Select Destroy under Terraform Actions menu button and make sure it completes successfully.
-
IAM Groups/Policies change default names of Groups and Policies to be created.
-
If Enable Vault Support is selected, Oracle Cloud Infrastructure Vault along with all required IAM policies will be provisioned, you can change the default values if needed, otherwise Oracle Cloud Infrastructure Vault will not be provisioned.
-
Clone repo
git clone [email protected]:oracle-quickstart/oci-ods-orm.git cd oci-ods-orm/terraform
-
Create a copy of the file oci-ods-orm/terraform/terraform.tfvars.example in the same directory and name it terraform.tfvars.
-
Open the newly created oci-ods-orm/terraform/terraform.tfvars file and edit the following sections:
-
TF Requirements : Add your Oracle Cloud Infrastructure user and tenant details:
#************************************* # TF Requirements #************************************* // Oracle Cloud Infrastructure Region, user "Region Identifier" as documented here https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm region="" // The Compartment OCID to provision artificats within compartment_ocid="" // Oracle Cloud Infrastructure User OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five user_ocid="" // Oracle Cloud Infrastructure tenant OCID, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five tenancy_ocid="" // Path to private key used to create Oracle Cloud Infrastructure "API Key", more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two private_key_path="" // "API Key" fingerprint, more details can be found at https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/credentials.htm#two fingerprint=""
-
IAM Requirements: Check default values for IAM artifacts and change them if needed
#************************************* # IAM Specific #************************************* // ODS IAM Group Name (no spaces) ods_group_name= "DataScienceGroup" // ODS IAM Dynamic Group Name (no spaces) ods_dynamic_group_name= "DataScienceDynamicGroup" // ODS IAM Policy Name (no spaces) ods_policy_name= "DataSciencePolicies" // If enabled, the needed OCI policies to manage "OCI Vault service" will be created enable_vault_policies= true
-
Vault Specific: check default values for OCI Vault and change them if needed
#************************************* # Vault Specific #************************************* // If enabled, an Oracle Cloud Infrastructure Vault along with the needed policies to manage "Vault service" will be created enable_vault= true // ODS Vault Name ods_vault_name= "Data Science Vault" // ODS Vault Type, allowed values (VIRTUAL, DEFAULT) ods_vault_type = "DEFAULT" // If enabled, a Vault Master Key will be created. enable_create_vault_master_key = true // ODS Vault Master Key Name ods_vault_master_key_name = "DataScienceKey" // ODS Vault Master Key length, allowed values (16, 24, 32) ods_vault_master_key_length = 32
-
-
Open file oci-ods-orm/terraform/provider.tf and uncomment the (user_id , fingerprint, private_key_path) in the two providers (Default Provider and Home Provider)
// Default Provider provider "oci" { region = var.region tenancy_ocid = var.tenancy_ocid ###### Uncomment the below if running locally using terraform and not as Oracle Cloud Infrastructure Resource Manager stack ##### // user_ocid = var.user_ocid // fingerprint = var.fingerprint // private_key_path = var.private_key_path } // Home Provider provider "oci" { alias = "home" region = lookup(data.oci_identity_regions.home-region.regions[0], "name") tenancy_ocid = var.tenancy_ocid ###### Uncomment the below if running locally using terraform and not as Oracle Cloud Infrastructure Resource Manager stack ##### // user_ocid = var.user_ocid // fingerprint = var.fingerprint // private_key_path = var.private_key_path }
-
Initialize terraform provider
> terraform init
-
Plan terraform scripts
> terraform plan
-
Run terraform scripts
> terraform apply -auto-approve
-
To Destroy all created artifacts
> terraform destroy -auto-approve
oci-ods-orm
is an open source project. See CONTRIBUTING for details.
Oracle gratefully acknowledges the contributions to oci-ods-orm
that have been made by the community.