Infrastructure as Code

The Oracle AI Optimizer and Toolkit (the AI Optimizer) can easily be deployed in Oracle Cloud Infrastructure (OCI) using Infrastructure as Code (IaC) provided in the source opentofu directory.

Choose between deploying a light-weight Virtual Machine or robust Oracle Kubernetes Engine (OKE) along with the Oracle Autonomous Database for a fully configured AI Optimizer environment, ready to use.

While the IaC can be run from a command-line with prior experience, the steps outlined here use Oracle Cloud Resource Manager to simplify the process. To get started:

Deploy to Oracle Cloud

Virtual Machine

The Virtual Machine (VM) deployment provisions both the AI Optimizer API Server and GUI Client together in an “All-in-One” configuration for experimentation and development. As part of the deployment, one local Large Language Model and one Embedding Model is made available out-of-the-box. However, as these models will be running on a CPU VM, their performance will be very poor.

Configure Variables

After clicking the “Deploy to Oracle Cloud” button and authenticating to your tenancy; you will be presented with the AI Optimizer stack information.

  1. Review the Terms, tick the box to accept (if you do), and click “Next” to Configure Variables

    Stack Information Stack Information

  2. Change the Infrastructure to “VM”

    Stack - AI Optimizer Stack - AI Optimizer

Access Control

Most of the other configuration options are self-explanatory, but let’s highlight those important for the Security of your deployment.

  • The AI Optimizer is often configured with authentication details for your OCI Tenancy, Autonomous Database, and API Keys for AI Models. Since these details are accessible via the Application GUI, access must be restricted to a limited set of CIDR blocks.

  • The AI Optimizer REST endpoints require API token authentication, providing some protection. However, you should still restrict access to a limited set of CIDR blocks where possible for added security.

  • The Oracle Autonomous Database requires mTLS authentication with a wallet, providing strong initial protection. However, it’s recommended to further restrict access to a limited set of CIDR blocks.

Stack - Access Control Stack - Access Control

To restrict access, provide a comma-separated list of CIDR blocks, for example: 192.168.1.0/24,10.0.0.0/16,203.0.113.42/32

In this example:

  • 192.168.1.0/24 โ€“ Allows access from all IPs in the range 192.168.1.0 to 192.168.1.255 (a typical subnet).
  • 10.0.0.0/16 โ€“ Allows access from 10.0.0.0 to 10.0.255.255 (a broader range).
  • 203.0.113.42/32 โ€“ Allows access from a single public IP address only. The /32 denotes a single host.

Review and Apply

After configuring the variables, click “Next” to review and apply the stack.

Stack - Review and Apply Stack - Review and Apply

Tick the Apply box and click “Create”.

Job Details

The next screen will show the progress of the Apply job. Once the job has Succeeded, the AI Optimizer has been deployed!

The Application Information tab will provide the URL’s to access the AI Optimizer GUI and API Server. In the “All-in-One” deployment on the VM, the API Server will only become accessible after visiting the GUI at least once.

Stack - VM Application Information Stack - VM Application Information

502 Bad Gateway: Communication Breakdown!

Although the infrastructure is deployed, the AI Optimizer may still be initializing, which can result in a 502 Bad Gateway error when accessing the URLs. Please allow up to 10 minutes for the configuration to complete.

To get a better understanding of how the API Server works and to obtain the API Key for making REST calls, review the API Server documentation.

Cleanup

To destroy the AI Optimizer infrastructure, in OCI navigate to Developer Services -> Stacks. Choose the Compartment the AI Optimizer was deployed into and select the stack Name. Click on the “Destroy” button.

Oracle Kubernetes Engine

Documentation is Hard!

More information coming soon… 11-June-2025