Friday, March 14, 2025

 

OCI - Shielded compute instance creation through Terraform


We all know about the features of Oracle cloud infrastructure (OCI). It has big portfolio to manage any real time environments. One the common requirement is making automation of infrastructure provisioning. At real time environments it’s not easy to perform the provisioning of each resource by clicks via GUI. It will take lot of time. To solve that “Infrastructure as a code” has been innovated. Most commonly used automation tool is Terraform.

In this article we are going to discuss how terraform can be used to create an instance in OCI.  This terraform code uses terraform module approach. In module approach we segregate the business logic from required instance specific variables. Business logic is called as module here. The module will have the code to create instance and it will accept the instance specifications as variables. By doing this way we can reuse the module for instance creations. 

 

Module for Instance

-----------------------------------

resource "oci_core_instance" "this" {

  availability_domain = var.availability_domain

  compartment_id      = var.compartment_id

  display_name        = var.display_name

  shape               = var.shape

  is_pv_encryption_in_transit_enabled = true

  create_vnic_details {

  subnet_id           = var.subnet_id

 nsg_ids =  var.nsg_ids != null ? var.nsg_ids : []

  }

 

  shape_config {

    memory_in_gbs = 4

    ocpus = 1

  }

 

  source_details{

  source_id            = var.image_id

  source_type =   "image"

  boot_volume_size_in_gbs = 50

  kms_key_id = "<kms_id>"

}

  # Shielded instance-specific setting

 # shielded = true

platform_config {

    type = "AMD_VM"

    is_measured_boot_enabled = true

    is_secure_boot_enabled = true

    is_symmetric_multi_threading_enabled = true

    is_trusted_platform_module_enabled  = true

}

  metadata = {

    ssh_authorized_keys = var.ssh_public_key

  }

 extended_metadata = var.extended_metadata

}

 

This above module code expects variables availability domain name, compartment OCID, Instance display name, Instance shape, Instance image id, SSH key, subnet ocid, nsg ocids.

Few parameters are mandatory to create the instance and few are optional. Environments might require different parameters based on their requirement. For example, instance might or might not require NSG (Network security group). Instance might not require to be shielded. In such cases modules should written to handle all such requirements. It needs to check the parameter values and based on that it should perform the provisioning. The unneeded feature can be set to null. For example in the below terraform,tfvars file we pass values for 2 instances. All 2 instance values will go through module for creation. Unneeded parameters can be set to null as we see nsg_ids below.

Terraform.tfvars

Terraform.tfvars carries the variables and values to pass to the module.

For example, for the above module we could design terraform.tfvars as below.

instance_var = {

    "MyShieldedInstance1" = {

availability_domain = "MvNG:PHX-AD-2"

compartment_id      = "ocid1.compartment.oc1..aaaaaaaamgamfabcedgwu42gozmpp4snfgzfzmqb4equ5yq"

display_name        = "MyShieldedInstance1"

shape               = "VM.Standard.E3.Flex"

image_id            = "ocid1.image.oc1.phx.aaaaaaaahgrs3zcwrvutjtni557ttrt62uggseijsmqxacr7dym423uaokcq"

ssh_public_key      = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhqXpiwufmWCWjfP3r44hKOXeQut7sj7yRDbJW+ /6eJqtk6qWhHHj == rsa-key-20170125."

subnet_id           = "ocid1.subnet.oc1.phx.aaaaaaaabyfqmurw7q46ox4s6fx64far4a"

nsg_ids = ["ocid1.networksecuritygroup.oc1.phx.aaaaaaaaafp2n2gkhb77ohyyvzssat2hjkbfa","ocid1.networksecuritygroup.oc1.phx.aaaaaaaa7i5ybjbbx3l2nv2ie4yynq"]

extended_metadata   = {

  project = "ShieldedInstanceProject"

}

},

    "MyShieldedInstance2" = {

availability_domain = "MvNG:PHX-AD-3"

compartment_id      = "ocid1.compartment.oc1..aaaaaaaamgamf64s7adosddcdfdfdpp4snfgzfzmqb4equ5yq"

display_name        = "MyShieldedInstance2"

shape               = "VM.Standard.E3.Flex"

image_id            = "ocid1.image.oc1.phx.aaaaaaaahgrs3zcwrvutjtni557ttrt62uggseijsmqxacr7dym423uaokcq"

ssh_public_key      = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhqXpiwufmWCWjfP3r44hKOXeQut7sj7yRDbJW+ /6eJqtk6qWhHHj3yZVUv/jKtfs2eTU+HsgsxBGKhiebzo598T8w== rsa-key-20170125."

subnet_id           = "ocid1.subnet.oc1.phx.aaaaaaadb4zlyx7q46ox4s6fx64far4a"

nsg_ids             = null

extended_metadata   = {

  project = "ShieldedInstanceProject"

}

},

}

 

In the above terraform.tfvars, we could see two instances with required specifications are passed. First instance MyShieldedInstance1 requires NSG to be set and MyShieldedInstance2 doesn’t require NSG settings. We can keep adding the instances as required in the terraform.tfvars. Modules need not to be modified at any point of time unless instance provisioning comes up with new features.

 The main.tf will be very simple. It just need to call the module and pass the terraform.tfvars to the module.

 module "shielded_instance" {

  source = "./modules/instance"  ===รจ Module location

 

  for_each          = var.instance_var

  availability_domain = each.value.availability_domain

  compartment_id      = each.value.compartment_id

  display_name        = each.value.display_name

  shape               = each.value.shape

  image_id            = each.value.image_id

  ssh_public_key      = each.value.ssh_public_key

  extended_metadata   = each.value.extended_metadata

  subnet_id           = each.value.subnet_id

  nsg_ids             = each.value.nsg_ids

}

 for_each sets the for loop and calls each instance values in terraform.tfvars.

We need to define variables in variable.tf for module and main file.

You can find more terraform codes in my github page.

https://github.com/kmkittu/Terraform


at No comments:

Sunday, March 9, 2025

   OCI - Vision

The very common use case seen today is image recognition and detecting objects within that image. The image could have document with texts or it could have any objects. Its important to not only detect the object and also perform analysis of the object. For example if it is an objects then its important to classify the object, if it is a document then classify it whether it is invoice or receipt and what language it is written.

OCI Vision is an AI powered service and it performs all of the above. It split between document AI for document-centric image and perform image analysis using machine learning capability for the objects. We will see how it performs in this article.

Prerequisites:

OCI account, it could be trail or paid account.
Account credentials to set the policy. The user should have privilege to use ai-service-vision-family.
Objects to analyse, it could be in the local storage or OCI object storage. If the location is OCI Object storage, then necessary privilege is granted to access the object storage files.


Login into OCI console.

Vision service is located under Analytics & AI -> AI services -> Vision.

Once we choose the Vision, it will open up Vision overview page.


We have five options to perform with this service.
Image classification:

It takes the image from Local storage or object storage and then analyse and classifies it into different types based on visual appearance, objects identified in the image. It also provides the confidence level through scores for each identified object. We could assume that object with high score have been identified correctly.

Lets discuss with an example.

Chosen an random image located in local storage.

The Results shows it has identified Dice in the image and its confidence score is 99.97% and it classifies the object into game, sports and also its Board game. Its not completely blue colour, hence the score for the colour is less.

Object Detection:

This feature detects all the objects located in an image. It provides confidence score for each object it has identified.

In the results we could see the objects identified. Similar objects are identified with different score. The object detection feature has identified only the objects in the image.

 

Face Detection:

This feature detects how many human faces detected in a picture.

The object here is an image with cat. We could the Empty results returned.

The image used in the object detection has been used here. We could see Face detection has said Empty results returned.

Text Detection:

 The image used here has text and face. Text analysis will identify the text in the image. The results will be categorized as Line and Words.

 

Video Analysis:

 Its one of the very useful use case. This feature will analyze the video and reports about the Labels, Objects, Text and Face.

 

 

 

 

 

 

at No comments:
Subscribe to: Posts (Atom)

 OCI IAM - OCI Command line - Uploading API Keys to User in Default and Custom Domain In our previous post, we explored how to create users ...

  • (no title)
      OCI Resource Manager OCI Resource manager is an automation tool for infrastructure. It can be considered as Infrastructure as a code too...
  • (no title)
    OCI IAM – OCI Command Line - User Creation (Default and Custom Domain) One of the major pillars of Oracle Cloud Infrastructure is Identity...
  • (no title)
        OCI - Vision The very common use case seen today is image recognition and detecting objects within that image. The image could have docu...