Difficulty: intermediate
Estimated Time: 40 minutes

In this scenario you will create two Fn functions - with identical, fully generated implementation. You choose your runtime of choice - node, java, python, go, .... Both functions are deployed to an application. Both functions are exposed in an API Gateway API Deployment with separate routes. Finally, for both routes are Health Checks defined through OCI Monitoring; one health check will have a 5 min interval, the other a 15 minute interval. Inspecting the metrics collected by these healthchecks - we expect one function to remain hot and producing much faster responses than the second function that will not stay hot and needs to be reinitialized upon every health check request. The scenario uses an Ubuntu 20.04 environment with Docker, OCI CLI and Fn CLI as well Visual Studio Code IDE. Before you can start the steps in the scenario, the two Command Line interfaces are downloaded and installed. This will take about one minute.

The scenario expects a number of preparations:

  • an API Gateway already has been provided in compartment lab-compartment with permissions to access functions in this compartment; the API Gateway is associated with a public subnet (this is part of the OCI Tenancy Preparation Scenario)

Note: it is assumed that you prepared an OCI tenancy using the Katacoda scenario Preparation of Cloud Trial tenancy for REAL OCI scenarios. This preparation will have created the VCN you need for running functions in OCI as well as the lab-compartment in which the functions are created. Additionally, you should have created a key pair in this scenario and prepared the contents of the config and oci_api_key.pem files. If you have not gone through this OCI tenancy preparation, please do so before continuing with this scenario. You also need an Auth Token to login to the OCIR Container Registry; this too is created in the preparation scenario and used in the Function on OCI scenario.

The scenario was prepared in July 2020.

Summary

This completes this scenario.

You have:

  • created and deployed two functions - hello1 and hello2
  • created publicly accessible routes for the two functions in the API Gateway
  • created health checks for the two routes (and indirectly the two functions)
  • create alarms for the two health checks - to publish notifications when the function invocation time is slowish

Functions, Object Storage and API Gateway on Oracle Cloud Infrastructure

Step 1 of 5

Step 1 - Prepare Environment Settings, Fn and OCI CLI

Wait for OCI CLI and Fn CLI to be installed

Execute the following command to install the OCI CLI:

curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh > install-oci-cli.sh
chmod +777 install-oci-cli.sh
sudo ./install-oci-cli.sh --accept-all-defaults

# add this line to ~/.profile - to make oci a recognized shell command
echo 'oci() { /root/bin/oci "[email protected]"; }' >> ~/.profile
# reload ~/.profile
. /root/.profile
# now oci is recognized as a command

# get workshop resource into scenario

git clone https://github.com/AMIS-Services/oracle-cloud-native-meetup-20-january-2020

You need to provide details on the OCI tenancy you will work in and the OCI user you will work as. Please open the IDE tab and edit these two files:

  • ~/.oci/config
  • ~/.oci/oci_api_key.pem

Paste the contents that you prepared in the OCI Tenancy preparation scenario.

Set the environment variable LAB_ID to 1 - unless you are in a workshop with multiple participants and each uses their own number.

export LAB_ID=1

Do not continue until you see the file /root/allSetInBackground appear. If it appears, then the OCI CLI has been installed and you can continue.

Try out the following command to get a list of all namespaces you currently have access to - based on the OCI Configuration defined above.

oci os ns get

If you get a proper response, the OCI is configured correctly and you can proceed. If you run into an error, ask for help from your instructor.

You need to perform one more edit action on file ~/.oci/config. Open this file in the editor. Copy the entire contents and paste it below the current contents. Now change [DEFAULT] to [FN] in the duplicate block. The file will now look something like:

[DEFAULT]
user=ocid1.user.oc1..aaaaaaaazr7eselv5q
fingerprint=fd:db:13:bd:31
tenancy=ocid1.tenancy.oc1..aaaaaaaaggg6okq
region=us-ashburn-1
key_file=/root/.oci/oci_api_key.pem
[FN]
user=ocid1.user.oc1..aaaaaaaazr7eselv5q
fingerprint=fd:db:13:bd:31
tenancy=ocid1.tenancy.oc1..aaaaaaaaggg6okq
region=us-ashburn-1
key_file=/root/.oci/oci_api_key.pem

Environment Preparation

Check the installed version of Fn CLI. Note: we do not need the Fn server at this stage.

fn version

Configure and set remote context

List the currently available Fn contexts

fn list contexts

Create an appropriate Fn context for working with OCI as provider (see OCI Docs on Functions).

fn create context lab-fn-context --provider oracle

fn use context lab-fn-context

##Prepare a number of environment variables.

Note: the assumptions here are that you have a compartment called lab-compartment, as well as an API Gateway lab-apigw in that same compartment as well as an API Deployment called MY_API_DEPL# on the API Gateway. We need to get references to these resources in order to create new resources in the right place.**

export REGION=$(oci iam region-subscription list | jq -r '.data[0]."region-name"')
export REGION_KEY=$(oci iam region-subscription list | jq -r '.data[0]."region-key"')
export USER_OCID=$(oci iam user list --all | jq -r  '.data |sort_by(."time-created")| .[0]."id"')
export TENANCY_OCID=$(oci iam user list --all | jq -r  '.data[0]."compartment-id"') 
cs=$(oci iam compartment list)
export compartmentId=$(echo $cs | jq -r --arg display_name "lab-compartment" '.data | map(select(."name" == $display_name)) | .[0] | .id')

apigws=$(oci api-gateway gateway list -c $compartmentId)
export apiGatewayId=$(echo $apigws | jq -r --arg display_name "lab-apigw" '.data.items | map(select(."display-name" == $display_name)) | .[0] | .id')
depls=$(oci api-gateway deployment list -c $compartmentId)
deploymentEndpoint=$(echo $depls | jq -r --arg display_name "MY_API_DEPL_$LAB_ID" '.data.items | map(select(."display-name" == $display_name)) | .[0] | .endpoint')
apiDeploymentId=$(echo $depls | jq -r --arg display_name "MY_API_DEPL_$LAB_ID" '.data.items | map(select(."display-name" == $display_name)) | .[0] | .id')
vcns=$(oci network vcn list -c $compartmentId)
vcnId=$(echo $vcns | jq -r --arg display_name "vcn-lab" '.data | map(select(."display-name" == $display_name)) | .[0] | .id')
subnets=$(oci network subnet list  -c $compartmentId --vcn-id $vcnId)
export subnetId=$(echo $subnets | jq -r --arg display_name "Public Subnet-vcn-lab" '.data | map(select(."display-name" == $display_name)) | .[0] | .id')
# get namespace
nss=$(oci os ns get)
export ns=$(echo $nss | jq -r '.data')

Update the context with the settings relevant for this workshop.

fn update context oracle.compartment-id $compartmentId

fn update context api-url https://functions.$REGION.oci.oraclecloud.com

fn update context registry ${REGION_KEY,,}.ocir.io/$ns/cloudlab-repo

fn update context oracle.profile FN

You can list the currently available Fn contexts again and see whether your changes had an effect (of course they did)

fn list contexts

Login Docker to OCI Container Registry

Next and finally, login to the private Docker Registry that is prepared for you on OCI.

The username you have to provide is composed of <tenancy-namespace>/<username>.

NAMESPACE=$(oci os ns get| jq -r  '.data')
USER_USERNAME=$(oci iam user list --all | jq -r  '.data |sort_by(."time-created")| .[0]."name"')
echo "Username for logging in into Container Registry is $NAMESPACE/$USER_USERNAME"

The password is an Authentication Token generated for the specified user, in the OCI Tenancy preparation scenario. If you do not remember the authentication token, you can generate another one in the OCI Console: https://console.REGION.oraclecloud.com/identity/users//swift-credentials or using the instructions in the preparation scenario.

echo "Open the console at https://console.${REGION,,}.oraclecloud.com/identity/users/$USER_OCID/swift-credentials"

Now you can perform the login. Type the username and press enter, then type or paste the authentication token and press enter again.

docker login ${REGION_KEY,,}.ocir.io

And now we are finally ready to create Functions on Oracle Cloud Infrastructure and expose them through OCI API Gateway.