Using Terraform to automate Enterprise Manager provisioning on Oracle Cloud Infrastructure (OCI)

June 2, 2022 | 6 minute read
Jayaprakash Subramanian
Product Management, Strategic Customer Program for OCI Observability & Management / Enterprise Manager
Text Size 100%:

Many businesses are focused on automating infrastructure provisioning by utilizing Infrastructure as a Code (IaaC). Terraform is one of the tools being used to build, change, and perform versioning and is used by developers, integrators, and technical people to automate the provisioning of cloud resources. Terraform configuration is idempotent when a second application results in zero changes. An idempotent configuration ensures that what you define in Terraform is exactly what is being deployed. That helps to apply the new changes or scale up / down resources without recreating the environment.

Oracle Enterprise Manager which is available from the Oracle Cloud Marketplace supports provisioning via Infrastructure as a Code (IaaC).

This blog explains how you can provision Enterprise Manager using the Terraform CLI and OCI providers.

Provision Enterprise Manager using Terraform Iaac

Follow the steps below to provision Enterprise Manager using Terraform IaaC.

  • Download the Terraform CLI from The currently supported version is 14.11
  • Copy Terraform to a Linux box (preferably your development machine) and unzip it
  • Create a symbolic link of the Terraform bin directory
  • On the home directory create a directory .oci

mkdir $HOME/.oci

  • Generate the API keys

openssl genrsa -out $HOME/.oci/<your-rsa-key-name>.pem 2048

  • Change the permissions of the key

chmod 600 $HOME/.oci/<your-rsa-key-name>.pem

  • Generate the Public Key

openssl rsa -pubout -in $HOME/.oci/<your-rsa-key-name>.pem -out $HOME/.oci/<your-rsa-key-name>_public.pem

  • Copy the Public Key

cat $HOME/.oci/<your-rsa-key-name>_public.pem

  • Add the Public Key to your user account.
    • From your user avatar, go to User Settings.
    • Click API Keys
    • Click Add Public Key
    • Select Paste Public Keys
    • Paste value from the previous step, including the lines with BEGIN PUBLIC KEY and END PUBLIC KEY
    • Click Add
  • After adding the Public Key, you create the config file that should be added on the $HOME/.oci/config
OCI Config file
Figure 1: OCI Configuration File
  • Once the configuration is completed, download the EM file from the resource manager stack. Create a stack on the OCI Resource Manager without applying the config.
Download the stack from OCI Resource Manager Stack Page
Figure 2: Download Stack ZIP From OCI Console
  • Unzip the zip you downloaded

mkdir -p $HOME/stack-13.5
cp $HOME/Downloads/ $HOME/stack-13.5
cd $HOME/stack-13.5

  • You should see files like these below
Stack Files List
Figure 3: Stack Files List
  • Copy the respective variable files (tfvars) using the file links below
Tab 1: Single OMS tfvars file
S.No VCN Type Configuration Type Same SSH Key for
Input tfvar file oci-cli-input file
1 New Public N.A NewVCNPublicSubnet.tfvars  File
2 New Private Yes NewVCNPrivateSubnetSameSSHKey.tfvars  File
3 New Private No NewVCNPrivateSubnetDiffSSHKey.tfvars  File
4 Existing Public N.A ExistingVCNPublicSubnet.tfvars  File
5 Existing Private Yes ExistingVCNPrivateSubnetSameSSHKey.tfvars  File
6 Existing Private No ExistingVCNPrivateSubnetDiffSSHKey.tfvars  File


Tab 2: Multi OMS tfvars files
S.No VCN Type Configuration Type Same SSH Key for
Input tfvar file oci-cli-input file
1 New Public-Private Yes NewVCNPublicLBPrivateEMDB.tfvars  File
2 New Private-Private Yes NewVCNPrivateLBPrivateEMDB.tfvars  File
3 Existing Public-Private Yes ExistingVCNPublicLBPrivateEMDB.tfvars  File
4 Existing Private-Private Yes ExistingVCNPrivateLBPrivateEMDB.tfvars  File


  • Download the appropriate config and add the required tenant/compartment/user/region details along with the desired configs
  • Then, run terraform init on the folder to initialize the providers

Sample output:

jp@jp-oci:~/stack-13.5$ terraform init

Initializing modules...

Initializing the backend...

Initializing provider plugins...

- Reusing the previous version of hashicorp/template from the dependency lock file

- Reusing the previous version of hashicorp/oci from the dependency lock file

- Reusing the previous version of hashicorp/tls from the dependency lock file

- Reusing the previous version of hashicorp/null from the dependency lock file

- Using previously-installed hashicorp/template v2.2.0

- Using previously-installed hashicorp/oci v4.27.0

- Using previously-installed hashicorp/tls v3.1.0

- Using previously-installed hashicorp/null v3.1.0

Terraform 0.11 and earlier required all non-constant expressions to be

provided via interpolation syntax, but this pattern is now deprecated. To

silence this warning, remove the "${ sequence from the start and the }"

sequence from the end of this expression, leaving just the inner expression.

Template interpolation syntax is still used to construct strings from

expressions when the template includes multiple interpolation sequences or a

mixture of literal strings and interpolations. This deprecation applies only

to templates that consist entirely of a single interpolation sequence.

(and 12 more similar warnings elsewhere)

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running the "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.


  • Run the terraform -plan command to check for any issues with the code and calculate the number of resources needed for the deployment.

terraform plan -var-file multi_node_pub_nodg_emstage.tfvars

  • Then run terraform apply to apply the config. Use the tmux or screen command for multi OMS deployment so that the execution continues in background in case if there is any disconnection happens.

nohup terraform apply -auto-approve -var-file multi_node_pub_nodg_emstage.tfvars -state multi_node_pub_nodg_emstage.tfstate -no-color 2>&1 > /tmp/apply-multi-emstage-2505.log &

  • Run the apply command on either screen or tmux in case you are connecting and deploying the stack remotely. Commonly used tmux commands are:

tmux new -s oci
tmux a  #
tmux a -t oci
tmux ls
tmux kill-session -t oci

  • Commonly used screen commands are:

screen -S <name>
screen -ls
screen -x
screen -r <name>
screen -dRR => The "ultimate attach"
screen -d <name>
Control+a d
Control+a D D => Detach and Logout

Oracle Enterprise Manager provisioning options

When you need to provision Oracle Enterprise Manager, you have several options. You can deploy EM using the OCI cloud console, or if another tool like Terraform is already in use to provision OCI deployments, that could be used as well. That further enables more Infrastructure as a Code (IaaC) options for your OCI deployments. Happy coding!


Oracle Cloud Infrastructure Documentation - Terraform Provider
Github Terraform Oracle Cloud Infrastructure provider
Download Terraform
Terrafrom registry on latest OCI Terraform Provider
Oracle Cloud Infrastructure Documentation - Required Keys and OCIDs
Oracle Cloud Infrastructure Documentation - Examples, Templates, and Solutions
Github Terraform Oracle Cloud Infrastructure provider - examples






Jayaprakash Subramanian

Product Management, Strategic Customer Program for OCI Observability & Management / Enterprise Manager

Previous Post

Oracle sessions & workshops you won’t want to miss at the Quest Blueprint 4D event

Steven Lemme | 2 min read

Next Post

Oracle Enterprise Manager 13c Release 5 Update 7 ( Is Now Available!

Daniela Hansell | 6 min read