A DevOps Engineer's Guide to OCI

Oracle Cloud Infrastructure (OCI) provides developers tools to build, manage, and automate cloud native applications. This guide gives an overview of those tools and their application within the DevOps life cycle.

The DevOps Life Cycle

DevOps is a way of working that encourages multiple teams, mainly Development and Operations, to collaborate and achieve continuous delivery in the software development life cycle. Different tools contribute to different steps in the life cycle.

An image depicting the DevOps life cycle.

On the Development side, you need tools to help you with the following steps:

  • Plan: Manage infrastructure in a way that supports speed, flexibility, and consistency
  • Code: Design software that's amenable to constant changes
  • Build: Create a workflow that can attain weekly release cycles
  • Test: Automate as much as possible

And on the Operations side you need tools to help you with the following steps:

  • Release: Compile and deliver to repositories and registries
  • Deploy: Push the application to target environments
  • Operate: Secure every step in the life cycle
  • Monitor: View infrastructure status and performance, log every change

Many of the tools that OCI provides for DevOps use are closely connected and address multiple steps in the life cycle. The sections in this guide group related steps and information accordingly.

The DevOps Approach

Configuration Management and Infrastructure-as-Code

Automation is used throughout the DevOps life cycle. It reduces the need for manual tasks and intervention and increases the frequency of deliveries. Configuration management and infrastructure-as-code make much of this automation possible.

Configuration management (CM) is the process of applying programmatic methods to ensure an application's implementation, function, and performance.

Infrastructure-as-code (IaC) uses human-readable code to define, provision, and manage infrastructure. IaC is a key component of the continuous delivery model.

In OCI, Ansible and Terraform are the most commonly used tools that help with CM and IaC. Ansible is primarily a CM tool used for infrastructure configuration, patching, and application deployment and maintenance. Terraform is an IaC tool used for infrastructure provisioning and decommissioning. They are frequently used together.

Configuration Management

The OCI DevOps service is designed to integrate seamlessly with two CM tools: Ansible and Chef.

Ansible

The OCI Ansible Collection automates infrastructure provisioning and configuring of OCI resources, such as compute, load balancing, and database services.

OCI Ansible modules are a set of interpreters that help Ansible make calls against OCI API endpoints. At a basic level, Ansible brings a server or a list of hosts to a known state by using the following concepts:

  • Inventory: Explains where to run; can be static or dynamic
  • Task: A call to an Ansible module
  • Plays: A series of Ansible tasks or roles mapped to a group of hosts in the inventory; run in order
  • Playbooks: A series of plays that explain what to run and use YAML
  • Role: A standard structure for specifying tasks and variable; enables modularity and reuse

Chef

Chef is an automation tool for CM that focuses on the delivery and management of entire IT stacks. With the OCI DevOps service, users can manage OCI resources by using the Chef Knife Plug-in.

Note

Puppet is another common CM tool used to design, deploy, configure, and manage servers. You can integrate Puppet with OCI, but it requires manual scripting because OCI does not have a direct plug-in.

Infrastructure-as-Code

OCI uses Terraform for IaC. Terraform has a declarative language that lets you codify infrastructure and an engine that uses those configurations to manage infrastructure.

You can use the OCI Terraform Provider and the Terraform CLI to draft and apply configurations from your local machine that manage OCI infrastructure, however, that approach has two problems:

  • Lack of version control: You need to track of various versions of the code if you need to roll back or branch.
  • Collaboration: You must centralize configurations and plans to ensure that everyone stays in sync.

Instead of using Terraform directly, use OCI Resource Manager, a cloud-based Terraform host for centralized source control, state management, and job queuing. Resource Manager makes it easy for DevOps personnel to manage infrastructure, or stacks, by hiding Terraform in templates.

Resource Manager also includes Terraform-based automation such as resource discovery and drift detection. Because it's not always realistic to draft Terraform configurations first and then provision infrastructure, you can create resources in the Console and then use Resource Manager Resource Discovery to generate the stack and configuration. Drift detection reports can determine if provisioned resources have different states than those defined in the stack's last-run configuration.

Application Design

Microservices let you design an application as a collection of loosely coupled services that use the "share-nothing" model and run as stateless processes. This approach makes it easier to scale and maintain the application.

In a microservices architecture, each microservice owns a simple task, and communicates with clients or other microservices by using lightweight communication mechanisms such as REST API requests. Applications that are designed as microservices have the following characteristics:

  • Easy to maintain and independently deployable
  • Easily scalable and highly available
  • Loosely coupled with other services
  • Developed using the programming language and framework that best suits the problem

Containerization is a common approach to microservice architecture. Containers use OS virtualization and hold only the application and its related binaries, which results in quick startup and increased security.

Containerization and Docker

Docker is an open source project and containerization platform that standardizes the packaging of applications and their dependencies into containers, which share the same host OS. Use Docker containers for fast, consistent delivery of your applications, responsive deployment and scaling, and portability.

A Docker image is a read-only template with instructions for creating a Docker container. A Docker image holds the application that you want Docker to run as a container, along with any dependencies. To create a Docker image, you first create a Dockerfile to describe that application, then build the Docker image from the Dockerfile.

Docker images can be stored in a registry such as OCI Container Registry. Without a registry, it's hard for development teams to maintain a consistent set of Docker images for their containerized applications. Without a managed registry, it's hard to enforce access rights and security policies for images.

Tip

For an introductory tutorial, see Pushing an Image to Oracle Cloud Infrastructure Registry.

Kubernetes

Deploying containerized applications creates a new problem: managing thousands of containers. Kubernetes is an open source tool that automatically orchestrates the container life cycle, distributing the containers across the hosting infrastructure. Kubernetes scales resources up or down, depending on demand. It provisions, schedules, deletes, and monitors the health of the containers.

Note

What is Kubernetes? covers some key Kubernetes concepts and history.

OCI Kubernetes Engine

OCI Kubernetes Engine (OKE) (sometimes referred to as OKE) is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud.

Although you don’t need to use a managed Kubernetes service, OCI Kubernetes Engine is an easy way to run highly available clusters with the control, security, and predictable performance of OCI that gives DevOps teams greater visibility and control.

Tip

Get started with developer tutorials.

Functions

Functions hosts applications while abstracting away from the actual servers. The serverless and elastic architecture of Functions means that there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Functions ensures your app is highly available, scalable, secure, and monitored. You can write code in Java, Python, Node, Go, Ruby, and C# (and for advanced use cases, bring your own Dockerfile, and Graal VM). You can then deploy your code, call it directly, or trigger it in response to events.

CI/CD

Continuous integration and continuous delivery or deployment—CI/CD—is a DevOps best practice.

Continuous integration is the practice of developers integrating all of their work together as soon as possible in the life cycle. Incremental, frequent code changes are built, tested, and revised as needed based on constant feedback. A change to the code should automatically trigger standardized build-and-test steps that ensure that the code changes being merged into the repository are error-free and work with the existing code.

Continuous delivery or deployment is the practice of quickly getting code changes from developers to users. After the code passes unit, integration, acceptance, and other tests, it's released to production in either an automated continuous deployment or a manual continuous delivery process.

OCI DevOps

The build and deployment pipelines are the heart of the DevOps CI/CD workflow.

The OCI DevOps service lets you visually script build and deployment pipelines that automate calls to more focused tools. DevOps has the flexibility to integrate with your existing CI/CD workflows.

Tip

To explore CI/CD in OCI, you can build a CD pipeline by using DevOps or