Automating IT Operations With Oracle Functions
Join the DZone community and get the full member experience.Join For Free
Oracle Functions is a fully managed, multi-tenant, highly scalable, functions-as-a-service platform. It's built on enterprise-grade Oracle Cloud Infrastructure components and powered by the open source Fn Project serverless platform. Along with Oracle Events, Oracle Functions can deliver powerful capabilities for infrastructure and application automation. Together, they enable services to act automatically based on state changes in infrastructure resources, a common use case for enterprise IT environments.
This post walks through an example of a function that verifies whether a compute instance is tagged correctly when it's provisioned. If the instance isn't tagged properly, the function acts to stop the instance. This practice is common in infrastructure automation; it allows resources to be audited for compliance with internal governance policies as they are created, rather than after.
This function is triggered by the Instance - Launch End event, which the Compute service generates at the completion of instance provisioning, based on whether the instance succeeds or fails.
This example uses Oracle Cloud Infrastructure Search to search for Compute resources with a tag key of costcenter and tag value of 1234.
Set up the Fn CLI with Oracle Functions.
To use and retrieve information about other Oracle Cloud Infrastructure services, include the function in a dynamic group. The following example rule allows functions in a specific compartment to be included in a dynamic group:Plain Text
For more information, see To create a dynamic group.
Create or update policies to grant dynamic group access to resources.
After your dynamic group is created, create a policy that allows the dynamic group to use the instances in the compartment. Your policy should look something like this:Plain Text
For example:Plain Text
For more information, see Policy Syntax.
Create an Application
Use the Oracle Cloud Infrastructure Console to create an application in Oracle Functions.
From the navigation menu, select Developer Services, and then select Functions.
Click Create Application and then enter values in the New Application dialog box. If you have previously created VCNs, they are listed, and you can select the appropriate subnet.
Open a terminal and create the Python function:
In the requirements.txt file, add the following entries:Shell
When the Compute service emits the Instance - Launch End event, the JSON looks as follows:
The resourceId is the instance identifier (OCID).
Following are some snippets of code from the func.py file:
- From the JSON body, get the instance ID:
- Use a signer to authenticate to Oracle Cloud Infrastructure services:
- Use Oracle Cloud Infrastructure Search to verify whether the Compute instance is properly tagged:
- If the search finds that the instance was not tagged properly, then stop the instance:
- Deploy the function:
Create an Events Rule
In the navigation menu of the Console, select Application Integration, and then select Events Service.
Click Create Rule and enter values in the Edit Rule dialog box.
In this example, the service name is Compute, the event type is Instance - Launch End, and the action to take is to call the stop-untagged-instance function in the control-instance-app function application.
Test the Function
Launch a Compute instance with no tags.
After a few minutes, you should see that the instance has stopped for you to take further action.
This post shows an example of how to implement IT compliance rules by using Cloud Events and Functions in Oracle Cloud Infrastructure.
Published at DZone with permission of Raghavendra Prasad. See the original article here.
Opinions expressed by DZone contributors are their own.