OKit is a tremendous tool for the visual design and development for your Oracle Cloud environment. Visualizing your networks, positioning of service gateways and so on makes it a lot easier than filling in web forms or writing Terraform files as you can see the relationships between the different parts far more easily. For the same reason really that a lot of people use Visio and other tools for this work. The real beauty is that OKit can generate the Terraform and Ansible scripting that can then be used to deliver the implementation.
The tool isn’t currently an official Oracle product, but something built by the Oracle A-Team (a small team of gurus who have a role blending developer advocacy, architect supporting customers for the special edge cases and providing thought leadership). But we can hope that someone brings it into the fold and perhaps even incorporates it securely into the cloud dashboard. In the mean time, the code in its entirety is available on GitHub.
As a solution Okit has been built largely using Python and makes use of gunicorn, which unfortunately is a Linux specific Web Server Gateway Interface (WSGI) for getting web calls to Python code. To simplify this, OKit has been packaged up as a Docker image.
Linux Docker images until Windows 10 and the development of the Windows Subsystem for Linux (WSL) and more so with WSL2 and Docker for Windows has proven to be a bit of a headache (install and setup Virtual Box, create Linux VM in Virtual Box, to then run the Docker runtime etc). So in theory, the combination of WSL2 and Docker for Windows will allow you to run the Docker build commands and then run the docker image, which can be done successfully just as the OKit installation instructions describe. But, when you try to run the resultant docker image, things go side ways and you can see the error:
standard_init_linux.go:211: exec user process caused “no such file or directory”
Digging around, this can be caused by several things, including the difference between Linux and Windows line termination – ironic that such a simple ting can still fox us. Solution to the problem is to leverage WSL. Getting a Linux OS running on Windows is very painless – to the point selecting your preferred Linux flavour can be done within the Microsoft Store (I’ve opted for Ubuntu). With the Linux OS installed, we can run a Linux shell and rerun the Docker commands and you’ll see the Docker image build and registered with Docker for Windows. Now you can launch the image from the Docker Windows UI or from the Linux shell. This time no sign of the error. Just point your browser at
To Link to OCI tenancy or not?
When you read about OKit, there are references to the possibility of working in a offline state. Which may sound odd when we’re talking about public cloud, but in some more stringent organizations your may have the authority to design the cloud solution, but not have the permissions to execute the Terraform/Ansible etc so being able to design even if you’re not granted sufficient privileges is important. Depending on your organization you may have the issue of being also restricted as to getting Docker and WSL running on your laptop/desktop, although most architects and developers do get a fair degree of latitude in setting up and installing things on their laptop/desktop.
If you don’t need such privileges then the steps for setting up the private and public keys can be skipped in the installation instructions. For those with more freedom, you could of course run OKit in your tenancy, but …
if you run OKit in your Oracle tenancy DON’T connect the OKit to the tenancy.
The documentation says this nicely, but OKit is not a secure solution but at the same time it has a lot of privilege within your tenancy so exposing your cloud to a lot of risk.
Not connecting OKit to your tenancy isn’t the end of the world as the tool is capable of generating Terraform and Ansible scripts for you that can then be run through the CLI to make change to the environment, or as the case maybe pass onto the SMEs with the authority to make change.
The only downside today with OKit is that it doesn’t provide all the IaaS and PaaS services available. The GitHub pages include the steps to add new products into the OKit code base (here). The process doesn’t look to painful, I’m not a Python developer, but looking through the code aspects such as the Properties fields are JSON driven. The Python development represents handling the descriptive data structures and the process of marshalling an unmarshalling the content. The Ansible and Terraform scripts are created through the use of Jinja2 templating. The more challenging task will be understanding the Terraform to ensure that the content is provided in the correct manner, and the relationships are correctly populated.
From feature complete to crazy cool
This is that wild what if moment. Software needs a level of documentation to make it easy to traverse the code and understand how the code hangs together. To this end there has been the aspiration to generate as much of the documentation directly from our code as possible, from the pragmatic with JavaDoc (or your preferred language flavour) to generating complete UML models or going the other way with model driven development, where we generate all the code through incorporating code fragments into UML etc. It isn’t too big a leap to go from using OKit to design your Infrastructure as Code (IaC) and then incorporate OKit into a CI/CD pipeline such that:
- it generated documentation (images plus annotation from the OKit file) and pushed to a wiki – the simplest thing here would probably to use markdown, as it is pretty universal now,
- generated the Terraform or Ansible scripts required,
- Executed the Terraform/Ansible so that the environment is built/amended.
Far fetched, not really, the framework for OKit would need to support a bit more documentation, text fragments rather than short titles/ 1 line descriptions. A CLI or REST API to allow operations to be invoked e.g. load the right configuration file, generate the image(s), markdown, Terraform etc. The rest can be done with a CI/CD tool without difficulty.
Pingback: Latest on book and APIs | Phil (aka MP3Monster)'s Blog