Difficulty: beginner
Estimated Time: 30 minutes

This scenario introduces serverless Functions on Oracle Cloud Infrastructure. It was prepared for the Meetup Workshop Cloud Native application development on Oracle Cloud Infrastructure in January 2020, hosted by AMIS|Conclusion in Nieuwegein in collaboration with REAL (the Red Expert Alliance) and Link from Portugal. It was updated for the REAL OCI Handson Webinar Series that started in June 2020.

The functions are created through Project Fn - using a local CLI. A Function Application is created as a logical container for the functions. Before deployment to the Oracle Cloud Infrastructure, this Application is linked to a Subnet in the VCN (Virtual Cloud Network) to provide a network in which to run the function. The function is then deployed to OCI. Subsequently, you will invoke the function - in several ways:

  • using Fn CLI
  • using OCI CLI
  • using Postman

You can use the OCI Console to verify the creation of application and function and to monitor the calls to the function and inspect the resulting log entries.

The scenario uses an Ubuntu 19.04 environment with Docker, OCI CLI and Fn CLI. Before you can start the steps in the scenario, these two Command Line interfaces are downloaded and installed. This will take about one minute. You will need Postman as well, if you want to invoke the Function directly from your computer.

The scenario works with Node (JS) as runtime language for the function. You can experiment with Java, Go, Ruby, Python as runtimes just as easily.

Overview of Fn (local) and OCI Functions

Note: it is assumed that you prepared an OCI tenancy using the Katacoda scenario Preparation of Cloud Trial tenancy for REAL OCI scenarios. This preparation will have created the VCN you need for running functions in OCI as well as the lab-compartment in which the functions are created. Additionally, you should have created a key pair in this scenario and prepared the contents of the config and oci_api_key.pem files. If you have not gone through this OCI tenancy preparation, please do so before continuing with this scenario.


This completes your first adventure with Functions on Oracle Cloud Infrastructure. The next scenario you should check out introduces API Gateway and uses it to expose Functions on Oracle Cloud Infrastructure on Public Endpoints.

Background Resources

Tutorial Getting Started with Fn environment https://github.com/fnproject/tutorials/blob/master/install/README.md

Tutorial FN with Node https://github.com/fnproject/tutorials/blob/master/node/intro/README.md

Docs on Fn on OCI https://docs.cloud.oracle.com/iaas/Content/Functions/Tasks/functionscreatefncontext.htm

Todd Sharpe on Using Key Management To Encrypt And Decrypt Configuration Variables https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables

Todd Sharpe on Invoking Functions Automatically With Cloud Events https://blogs.oracle.com/developers/oracle-functions-invoking-functions-automatically-with-cloud-events

Todd Sharpe on Connecting To ATP With Node.JS https://blogs.oracle.com/developers/oracle-functions-connecting-to-atp-with-nodejs

Serverless Functions on Oracle Cloud Infrastructure

Step 1 of 5

Step 1 - Prepare Fn and OCI CLI

Wait for OCI CLI and Fn CLI to be installed

You need to provide details on the OCI tenancy you will work in and the OCI user you will work as. Please edit these two files:

  • ~/.oci/config
  • ~/.oci/oci_api_key.pem

Paste the contents that you prepared in the OCI Tenancy preparation scenario.

Do not continue until you see the file /root/allSetInBackground appear. If it appears, then the OCI CLI has been installed and you can continue.

Try out the following command to get a list of all namespaces you currently have access to - based on the OCI Configuration defined above.

oci os ns get

If you get a proper response, the OCI is configured correctly and you can proceed. If you run into an error, ask for help from your instructor.

You need to perform one more edit action on file ~/.oci/config. Open this file in the editor. Copy the entire contents and paste it below the current contents. Now change [DEFAULT] to [FN] in the duplicate block. The file will now look something like:


Now please set the Region environment variable using this command:

export REGION=$(oci iam region-subscription list | jq -r '.data[0]."region-name"')
export REGION_KEY=$(oci iam region-subscription list | jq -r '.data[0]."region-key"')
export USER_OCID=$(oci iam user list --all | jq -r  '.data |sort_by(."time-created")| .[0]."id"')

Fn Client and Context

Now Check the installed version of Fn CLI. Note: we do not need the Fn server at this stage.

fn version

Configure and set remote context

List the currently available Fn contexts

fn list contexts

Create an appropriate Fn context for working with OCI as provider (see OCI Docs on Functions).

fn create context lab-fn-context --provider oracle

fn use context lab-fn-context

Prepare a number of environment variables. Note: the assumptions here are a compartment called lab-compartment, a VCN called vcn-lab and a subnet in that VCN called Public Subnet-vcn-lab. We need to get references to these three resources in order to create Functions and Applications in the right place.

cs=$(oci iam compartment list)
export compartmentId=$(echo $cs | jq -r --arg display_name "lab-compartment" '.data | map(select(."name" == $display_name)) | .[0] | .id')

vcns=$(oci network vcn list -c $compartmentId)
vcnId=$(echo $vcns | jq -r --arg display_name "vcn-lab" '.data | map(select(."display-name" == $display_name)) | .[0] | .id')
subnets=$(oci network subnet list  -c $compartmentId --vcn-id $vcnId)
export subnetId=$(echo $subnets | jq -r --arg display_name "Public Subnet-vcn-lab" '.data | map(select(."display-name" == $display_name)) | .[0] | .id')
nss=$(oci os ns get)
export ns=$(echo $nss | jq -r '.data')

Update the fn context with the settings relevant for this workshop. Note: the compartment used here is the lab-compartment

fn update context oracle.compartment-id $compartmentId

fn update context api-url https://functions.$REGION.oci.oraclecloud.com

r=$(fn update context registry ${REGION_KEY,,}.ocir.io/$ns/cloudlab-repo)

fn update context oracle.profile FN

You can list the currently available Fn contexts again and see whether your changes had an effect (of course they did)

fn list contexts

Next and finally, login to the private Docker Registry that is prepared for you on OCI.

The username you have to provide is composed of <tenancy-namespace>/<username>.

NAMESPACE=$(oci os ns get| jq -r  '.data')
USER_USERNAME=$(oci iam user list --all | jq -r  '.data |sort_by(."time-created")| .[0]."name"')
echo "Username for logging in into Container Registry is $NAMESPACE/$USER_USERNAME"

The password is an Authentication Token generated for the specified user, in the OCI Tenancy preparation scenario. If you do not remember the authentication token, you can generate another one in the OCI Console: https://console.REGION.oraclecloud.com/identity/users//swift-credentials or using the instructions in the preparation scenario.

echo "Open the console at https://console.${REGION,,}.oraclecloud.com/identity/users/$USER_OCID/swift-credentials"

Now you can perform the login. Type the username and press enter, then type or paste the authentication token and press enter again.

docker login ${REGION_KEY,,}.ocir.io

And now we are finally ready to create functions and deploy them to the Oracle Cloud Infrastructure instead of to the locally running Fn Server.