CD3 Automation toolkit: Create and manage Terraform code

January 30, 2023 | 5 minute read
Lasya Vadavalli
Senior Cloud Engineer
Text Size 100%:

A major concern that engineers and customers face when provisioning enterprise infrastructure on Oracle Cloud Infrastructure (OCI) is the time needed to input each resource’s details and provision them individually. Terraform offers infrastructure automation, but the variable values must be filled in for each module.

The CD3 Automation toolkit provides the advantage of filling in the OCI resource details in the provided Excel templates and the code automatically converts them into modular Terraform files to provision OCI resources. Additionally, the toolkit also supports seamless resource management using OCI DevOps GIT service and Jenkins Pipelines.

 

What is CD3?

CD3 stands for Cloud Deployment Design Deliverable and is a structured design-level representation of the future-state configuration for the customer’s OCI environment. The CD3 Automation toolkit is a processor that converts the detailed OCI design spec in the form of an Excel sheet into an executable Terraform code or takes an export of customer tenancy objects and resources and converts it back into a design spec in Excel format. The generated Terraform files can be reused  at any time to build similar infrastructure.

 

A graphic depicting the CD3 Automation toolkit process

 

The customer OCI resource information obtained during discovery sessions is utilized to create the CD3 Excel sheet. This Excel sheet serves as input for the Automation Toolkit, responsible for producing Terraform files. Once created, these Terraform files can be utilized to provision the resources on Oracle Cloud Infrastructure (OCI).

Using CD3 with Jenkins, the generated terraform files are stored in OCI DevOps GIT Repo and the terraform state is stored in an object storage bucket for remote state management.

The toolkit can also extract the resource data from OCI tenancy and populate the CD3 Excel sheet and terraform files.

Manual method versus CD3 Automation

Provisioning a complete infrastructure on OCI using the manual method takes a few days to weeks, whereas using CD3 automation takes a few minutes to hours. Refer to the following image for a side-by-side comparison of the manual and CD3 Automation Toolkit processes.

A graphic depicting the differences between the manual method and the CD3 Automation toolkit.

Benefits of CD3

The key benefits of developing with the CD3 tool are time savings, faster infrastructure provisioning, scalability, and operational efficiency. The tool provides self-service visibility to anyone who wants to view the OCI resources set up in one place (Excel sheets). For example, if someone from the DevOps team wants to know how a production environment is configured, they can take a quick look at the filled excel sheets. CD3 also offers the following other benefits:

  • Secure architecture: CD3 toolkit helps customers deploy secure standardization across OCI tenancies by providing CIS-compliant Excel templates. It also enables native execution of the CIS Compliance Checker script against your tenancy.

  • DevOps-oriented: The toolkit facilitates integration of consistent output Terraform files in module format with any continuous integration and delivery (CI/CD) solution. The Terraform code can be reused to build similar workloads in different OCI regions and tenancies, which helps in quicker adoption of OCI.

  • Platform independent: CD3 is packaged as a container that can be hosted on any platform.

Supported OCI services

Currently, CD3 Automation Toolkit supports the following services for creation and export:

OCI services Details
Identity and Access Management Compartments, Groups, Dynamic Groups, Policies, Users, Network Sources
Governance Tags (Namespaces, Tag Keys, Defined Tags, Default Tags, Cost Tracking)
Network VCNs, Subnets, VLANs, DRGs, IGWs, NGWs, LPGs, Route Tables, DRG Route, Tables, Security Lists, Network Security Groups, Remote Peering Connections, Application Load Balancer, Network Load Balancers
Network Firewall OCI Network Firewall and Policy
DNS Management Private DNS - Views, Zones, rrsets/records and Resolvers
Compute Instances supporting Market Place Images, Remote Exec, Cloud-Init scripts, Dedicated VM Hosts
Storage FSS, Block and Boot Volumes, Backup Policies, Object Storage Buckets and logging for write events
Database Exa Infra, Exadata, Database systems VM and BM, Autonomous Transaction Processing, and Autonomous Datawarehouse
SDDCs Oracle Cloud VMWare Solutions
Monitoring Events, Notifications, Alarms, and Service Connector Hub
Logging services VCN Flow Logs, LBaaS access and error Logs, OSS Buckets write Logs
Developer services Resource Manager and Oracle Kubernetes Engine (OKE)
CIS landing zone compliance Download and run the CIS report script, VCN flow logs, Cloud Guard, Object Storage, Key Vault, and Budget services
Policy Enforcement

OPA - Open Policy Agent

 

Automation Toolkit workflows

CD3 Automation Tool Kit supports the following main workflows:

  • Create & Manage Resources in OCI (Greenfield Workflow): Use this workflow to provision new resources in an empty OCI tenancy or where there is no need to modify or use existing resources of the tenancy.

  • Export & Manage Resources in OCI (Non-Greenfield Workflow): Use this workflow to export the existing resources into CD3 Excel sheet, generate the required Terraform files, and sync the tfstate file. Then switch to the create_resources workflow to create new resources using the existing resources.

Excel templates

The toolkit provides prefilled CD3 Excel templates for a few common scenarios like CIS landing zone, virtual cloud network (VCN),  hub-spoke architecture, and CIS Management services. These templates can be used as-is by only changing the region to where the tenancy is subscribed or modify the Excel template data with the required values. This template is sent as an input to the toolkit.

Get started with the toolkit

Click here to learn how to setup the toolkit and start managing your OCI Infra !! 

Checkout the CD3 tutorial videos to watch and learn.

Pricing:

The CD3 toolkit itself incurs no cost. The resources provisioned on Oracle Cloud Infrastructure are charged based on the standard published OCI pricing.

Feedback: 

Share your feedback by raising an issue or through the Discussion topic in the Git repository

 

Lasya Vadavalli

Senior Cloud Engineer

Lasya is a Cloud Engineer with good experience on OCI. She has expertise in OCI Security, Monitoring and Logging, OCI Network architectures, connectivity to OCI using VPNs, Fastconnect, basics of terraform, Python sdk and OCI CLI. 


Previous Post

Proactive OKE cluster node scaling

Kalaiyarasan P | 5 min read

Next Post


RHEL runs on OCI supported by Oracle and Red Hat

Zeke Kaufman | 6 min read