Table of contents

  1. Terraform & Ansible & Oracle Cloud
  2. Planning
  3. Building
  4. OCI Resource Creation
  5. Ansible playbook
  6. Agent Install and setup
  7. Conclusion
  8. Next Steps
Terraform & Ansible & Oracle Cloud Terraform & Ansible & Oracle Cloud

Terraform & Ansible & Oracle Cloud

11/2/2025 / 5 minutes to read / Tags: learning, stories

The home media server has had a couple random issues, meaning I would lose access to the apps that had all my notes and info about the network. I decided it might be a good idea to shift some of those workloads to a cloud service or cloud VM.

Planning

The first move was Netbox, as they have a free tier in their cloud service that should be plenty for managing my home network. Once I had a majority of the data migrated, I shut down the Proxmox CT and used Cloudflare Page Rules to redirect the internal URL to the cloud.

For the other apps, I wanted to spin up a VM in whatever cloud service had the best always free tier for compute. I used Google Gemini to determine that Oracle Cloud would be the best option for this.

I have never worked with OCI before, so after setting up the free tier account I poked around and created my first VM and got it accessible. Once I had something to work with, I started looking into the Terraform Provider for OCI and learned it has a discover resources feature.

After dealing with some permission issues I was able to import the Terraform config files for everything I had created in the OCI Portal. I cleaned up the code and narrowed it down to just the resources I wanted to create, once it didn’t want to make changes I now had a baseline OCI environment. I manually added the agents for Cloudflare and Netdata, and immediately wanted to figure out a way to automate installation during resource creation.

I went back to Gemini and asked what the best option is for VM setup and software installation with Terraform and it confirmed using Ansible is a great option. It then started giving me the code needed to make the magic happen, so I started building.

Building

The key piece of information I was missing is that Terraform has the ability to do local or remote code execution during resource creation. I was only aware of the remote option and thought I needed to script out setting up ansible and then running it on the new VM. It turns out that TF can run an Ansible playbook from my machine during resource creation. I can do magic.

Gemini helped me build a first run setup playbook that adds new users and ssh keys, then installs Netdata and Cloudflared. One of the first hurdles I ran into was trying to use Windows Terraform with Ansible in WSL. This was causing conflicts so I migrated my Terraform Lab to WSL and fixed Paths. I was still having issues with Ansible, and ended up removing it with apt and reinstalling with pip to solve.

Now that the software was working locally, I set my sights on cleaning up the imported TF code for new resource creation.

OCI Resource Creation

This part was relatively easy since I “cheated” with the OCI resource discovery instead of manually learning each resource like I did for Azure. What was new to me was the code execution part and it did take a few circles of pasting outputs into gemini and following instructions to get it working.

I need my home public IP to add into the security rules for the new VM and wondered if TF could automate this too, Gemini says yes. It helped me set up a new function that grabs my public IP for me and uses it as needed.

Terraform can create resources and run Ansible, and Ansible can connect to the new VM.

Ansible playbook

Gemini had gotten a little mixed up on what I was asking for with the accounts, so I explained what I wanted again:

  • (Terraform) Generate a new ssh key
  • (Terraform) Use new Key for VM Creation
  • (Ansible) Use new key for one time setup
  • (Ansible) Add two new users and existing keys
  • (Terraform) Output ssh strings for connecting to the new VM

Getting this straight solved some other issues I was dealing with, and moving the keys to WSL solved other issues with file permissions.

Agent Install and setup

Netdata had no issues installing and started reporting metrics to the cloud properly, nice!

Cloudflared was more of a struggle, but a few more loops of Gemini Copypasta and this was finally resolved as well.

Conclusion

I now have fully functional code that:

  • Creates a Lab environment in Oracle Cloud
    • Sets up a VM with Ansible
      • Manages Users and keys
      • Installs and configs Agents

Next Steps

Set up ansible to be able to manage newly created hosts. I’d also like to learn how to do the same thing for Azure VMs and the Crowdstrike agent for use at work.

← Back to blog