Functions QuickStart on Local Host
Find out how to get set up and running quickly on a local host using this OCI Functions QuickStart.
A. Set up your tenancy
If suitable users and groups don't exist already:
- Sign in to the Console as a tenancy administrator.
- Open the navigation menu and select Identity & Security. Under Identity, select Domains.
- Create a new group by selecting Groups and then Create Group.
- Create a new user by selecting Users and then Create User.
- Add a user to a group by selecting Groups, then the name of the group, and then Add User to Group.
See Configuration Notes for more information.
If a suitable compartment in which to create network resources and OCI Functions resources doesn't exist already:
- Sign in to the Console as a tenancy administrator.
- Open the navigation menu and select Identity & Security. Under Identity, select Compartments.
- Select Create Compartment.
See Configuration Notes for more information.
If a suitable VCN in which to create network resources doesn't exist already:
- Sign in to the Console as a tenancy administrator.
- Open the navigation menu , select Networking, and then select Virtual cloud networks.
- Select Start VCN Wizard to create a new VCN.
- In the Start VCN Wizard dialog box, select VCN with Internet Connectivity and select Start VCN Wizard.
- Enter a name for the new VCN, select Next, and then select Create to create the VCN along with the related network resources.
See Configuration Notes for more information.
If one or more OCI Functions users is not a tenancy administrator:
- Sign in to the Console as a tenancy administrator.
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
-
Select Create Policy, specify a name and description for the new policy, and select the tenancy's root compartment.
-
Use the Policy Builder to create the policy. Select Functions from the list of Policy use cases, and base the policy on the policy template Let users create, deploy, and manage functions and applications.
The policy template includes the following policy statements:
Allow group <group-name> to use cloud-shell in tenancyAllow group <group-name> to manage repos in tenancyAllow group <group-name> to read objectstorage-namespaces in tenancyAllow group <group-name> to manage logging-family in tenancyAllow group <group-name> to read metrics in tenancyAllow group <group-name> to manage functions-family in tenancyAllow group <group-name> to use virtual-network-family in tenancyAllow group <group-name> to use apm-domains in tenancyAllow group <group-name> to read vaults in tenancyAllow group <group-name> to use keys in tenancyAllow service faas to use apm-domains in tenancyAllow service faas to read repos in tenancy where request.operation='ListContainerImageSignatures'Allow service faas to {KEY_READ} in tenancy where request.operation='GetKeyVersion'Allow service faas to {KEY_VERIFY} in tenancy where request.operation='Verify'
If necessary, you can restrict these policy statements by compartment.
See Configuration Notes for more information.
B. Create application
- Sign in to the Console as a functions developer.
- Open the navigation menu and select Developer Services. Under Functions, select Applications.
- Select the region you're using with OCI Functions.
- Select Create Application.
- Specify:
- helloworld-app as the name for the new application. You'll deploy your first function in this application, and specify this application when invoking the function.
- The VCN and subnet in which to run the function. Note that a public subnet requires an internet gateway in the VCN, and a private subnet requires a service gateway in the VCN.
- Select Create.
See detailed instructions for more information.
C. Set up your local host dev environment
In a terminal window in your development environment:
- Confirm that Docker is installed by entering:
docker versionIf you see an error message indicating that Docker is not installed, you have to install Docker before proceeding. See the Docker documentation for your platform (for Oracle Linux, see here).
Assuming Docker is installed, go to the Prerequisites section of the Fn Project home page on GitHub and confirm that the installed version of Docker is at least the minimum version specified there. If not, re-install Docker before proceeding.
- Launch the standard hello-world Docker image as a container to confirm that Docker is running by entering:
docker run hello-worldIf you see an error message indicating that Docker is not running, you have to start the Docker daemon before proceeding. See the Docker documentation.
See Configuration Notes for more information.
- Sign in to the Console as a functions developer.
- In the navigation bar, select the Profile menu and then select User settings or My profile, depending on the option that you see.
- Under Resources, select API Keys, and then select Add API Key.
- Select Generate API Key Pair in the Add API Key dialog.
- Select Download Private Key and save the private key file (as a .pem file) in the
~/.ocidirectory. (If the~/.ocidirectory doesn't already exist, create it now). - Select Add to add the new API signing key to your user settings.
The Configuration File Preview dialog is displayed, containing a configuration file snippet with basic authentication information for a profile named
DEFAULT(including the fingerprint of the API signing key you just created).
- Copy the configuration file snippet shown in the text box, and close the Configuration File Preview dialog.
- In a text editor, open the
~/.oci/configfile and paste the snippet into the file. (If the~/.oci/configfile doesn't already exist, create it now). - In the text editor, change the profile in the snippet you've just pasted, as follows:
- Change the name of the profile from
[DEFAULT]to a name of your choosing (for example,[functions-developer-profile]). Note that the~/.oci/configfile cannot contain two profiles with the same name. - Change the value of the
key_fileparameter of the profile to specify the path of the private key file (the .pem file) you downloaded earlier.
- Change the name of the profile from
- In the text editor, save the changes you've made to the
~/.oci/configfile, and close the text editor. - In a terminal window, change permissions on the private key file (the .pem file) to ensure that only you can read it, by entering:
chmod go-rwx ~/.oci/<private-key-file-name>.pem
See Configuration Notes for more information about setting up an API signing key and creating a profile.
In a terminal window in your development environment:
- Install the Fn Project CLI using the appropriate instructions below for your environment:
- Linux or MacOS: Enter:
curl -LSs https://raw.githubusercontent.com/fnproject/cli/master/install | sh - MacOS using Homebrew: Enter:
brew update && brew install fn - Windows: Follow the Install Fn Client instructions on GitHub.
- Linux, MacOS, or Windows: Download and run the binary from the Fn Project Releases page on GitHub.
- Linux or MacOS: Enter:
- Confirm that the Fn Project CLI has been installed by entering:
fn version
See Configuration Notes for more information.
In a terminal window in your development environment:
- Create a new Fn Project CLI context by entering:
fn create context <my-context> --provider oracleNote that you specify
--provider oracleto enable authentication and authorization using Oracle Cloud Infrastructure request signing, private keys, user groups, and policies that grant permissions to those user groups. - Specify that the Fn Project CLI is to use the new context by entering:
fn use context <my-context> - Configure the new Fn Project CLI context with the name of the OCI profile you've created for use with OCI Functions (for example,
[functions-developer-profile]), by entering:fn update context oracle.profile <profile-name>
See Configuration Notes for more information.
In a terminal window in your development environment:
- Configure the new Fn Project CLI context with the OCID of the compartment you want to own deployed functions
fn update context oracle.compartment-id <compartment-ocid> - Configure the new context with the api-url endpoint to use when calling the OCI API by entering:
fn update context api-url <api-endpoint>where
<api-endpoint>is one of the endpoints in the list of Functions endpoints in the Functions API, in the formathttps://functions.<region-identifier>.oci.oraclecloud.com. For example:fn update context api-url https://functions.us-phoenix-1.oci.oraclecloud.com -
Configure the Fn Project CLI context with the Oracle Cloud Infrastructure Registry address in the current region and tenancy that you want to use with OCI Functions:
fn update context registry <region-key>.ocir.io/<tenancy-namespace>/<repo-name-prefix>where
<repo-name-prefix>is a prefix of your choosing for the Oracle Cloud Infrastructure Registry repository in which to store images for the function. For example:fn update context registry phx.ocir.io/ansh81vru1zp/acme-repo -
Configure the Fn Project CLI context with the OCID of the compartment for repositories to and from which you want OCI Functions to push and pull function images, by entering:
fn update context oracle.image-compartment-id <compartment-ocid>For example:
fn update context oracle.image-compartment-id ocid1.compartment.oc1..aaaaaaaaquqe______z2qIf you do not specify a value for
oracle.image-compartment-id, OCI Functions pushes and pulls images to and from repositories in the root compartment.
See Configuration Notes for more information.
- Sign in to the Console as a functions developer.
- In the navigation bar, select the Profile menu and then select User settings or My profile, depending on the option that you see.
- On the Auth Tokens page, select Generate Token.
- Enter a meaningful description for the auth token in the Generate Token dialog, and select Generate Token. The new auth token is displayed.
- Copy the auth token immediately to a secure location from where you can retrieve it later, because you won't see the auth token again in the Console.
- Close the Generate Token dialog.
See Configuration Notes for more information.
On the Getting Started page in the Console:
-
Copy the following command:
docker login -u '<tenancy-namespace>/<user-name>' <region-key>.ocir.ioFor example:
docker login -u 'ansh81vru1zp/jdoe@acme.com' phx.ocir.ioIf your tenancy is federated with Oracle Identity Cloud Service, the format will be slightly different. For example:
docker login -u 'ansh81vru1zp/oracleidentitycloudservice/jdoe@acme.com' phx.ocir.io - In the terminal window, paste the command you just copied and run it.
-
When prompted for a password, enter the Oracle Cloud Infrastructure auth token that you created and copied earlier. For example,
6aN...6MqXYou're now ready to start creating, deploying, and invoking functions.
See Configuration Notes for more information.
D. Create, deploy, and invoke your function
In the terminal window:
-
Create a helloworld java function by entering:
fn init --runtime java hello-javaA directory called hello-java is created, containing:
- a function definition file called func.yaml
- a /src directory containing source files and directories for the helloworld function
- a Maven configuration file called pom.xml that specifies the dependencies required to compile the function
Java is just one of several supported languages.
See detailed instructions for more information.
In the terminal window:
- Change directory to the hello-java directory created in the previous step:
cd hello-java - Enter the following single Fn Project command to build the function and its dependencies as a Docker image called hello-java, push the image to the specified Docker registry, and deploy the function to OCI Functions in the helloworld-app application that you created earlier:
fn -v deploy --app helloworld-app - (Optional) Confirm that the function has been deployed to OCI Functions by selecting Functions (under Resources on the details page for the helloworld-app application) and noting that the hello-java function now appears.
See detailed instructions for more information.
In the terminal window:
-
Invoke the hello-java function by entering:
fn invoke helloworld-app hello-javaThe 'Hello world!' message is displayed.
-
Invoke the hello-java function with the parameter
'John'by entering:echo -n 'John' | fn invoke helloworld-app hello-javaThe 'Hello John!' message is displayed.
Congratulations! You've just created, deployed, and invoked your first function using OCI Functions!
See detailed instructions for more information.
Now that you've created, deployed, and invoked a function, learn how to:
- view function logs in the Oracle Cloud Infrastructure Logging service, or by configuring a syslog URL (see Storing and Viewing Function Logs
- explore OCI Functions using samples on GitHub (see Oracle Functions Samples)
- invoke a function using SDKs (see Using SDKs to Invoke Functions)
You're done!