un-modularize

oracle-quickstart · Apr 9, 2020 · 795c219 · 795c219
1 parent e3e4351
commit 795c219
Show file tree

Hide file tree

Showing 8 changed files with 255 additions and 90 deletions.
diff --git a/compute.tf b/compute.tf
@@ -0,0 +1,39 @@
+locals {
+  # If ad_number is non-negative use it for AD lookup, else use ad_name.
+  # Allows for use of ad_number in TF deploys, and ad_name in ORM.
+  # Use of max() prevents out of index lookup call.
+  ad = var.availability_domain_number >= 0 ? data.oci_identity_availability_domains.availability_domains.availability_domains[max(0, var.availability_domain_number)]["name"] : var.availability_domain_name
+
+  # Platform OL7 image regarless of region
+  platform_image = data.oci_core_images.ol7.images[0].id
+
+  # Logic to choose platform or mkpl image based on
+  # var.enabled
+  image          = var.enabled ? var.mp_listing_resource_id : local.platform_image
+
+  # local.use_existing_network defined in network.tf and referenced here
+}
+
+resource "oci_core_instance" "simple-vm" {
+  availability_domain = local.ad
+  compartment_id      = var.compartment_ocid
+  display_name        = var.vm_display_name
+  shape               = var.vm_compute_shape
+
+  create_vnic_details {
+    subnet_id        = local.use_existing_network ? var.subnet_id : oci_core_subnet.public_subnet[0].id
+    display_name     = var.vm_display_name
+    assign_public_ip = true
+    hostname_label = "simple-vm"
+  }
+
+  source_details {
+    source_type = "image"
+    source_id   = local.image
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_public_key
+  }
+
+}
diff --git a/data_sources.tf b/data_sources.tf
@@ -0,0 +1,25 @@
+data "oci_core_images" "ol7" {
+  compartment_id      = "${var.compartment_ocid}"
+  operating_system    = "Oracle Linux"
+  sort_by             = "TIMECREATED"
+  sort_order          = "DESC"
+  state               = "AVAILABLE"
+
+  # filter restricts to pegged version regardless of region
+  filter {
+    name = "display_name"
+    values = ["Oracle-Linux-7.7-2020.03.23-0"]
+    regex = false
+  }
+
+  # filter restricts to OL 7
+  filter {
+    name = "operating_system_version"
+    values = ["7\\.[0-9]"]
+    regex = true
+  }
+}
+
+data "oci_identity_availability_domains" "availability_domains" {
+  compartment_id = var.compartment_ocid
+}
diff --git a/image_subscription.tf b/image_subscription.tf
@@ -0,0 +1,46 @@
+#Local variables pointing to the Marketplace catalog resource
+#Eg. Modify accordingly to your Application/Listing
+locals {
+  enabled                  = var.enabled ? 1 : 0
+  listing_id               = var.mp_listing_id
+  listing_resource_id      = var.mp_listing_resource_id
+  listing_resource_version = var.mp_listing_resource_version
+}
+
+#Get Image Agreement
+resource "oci_core_app_catalog_listing_resource_version_agreement" "mp_image_agreement" {
+  count = local.enabled
+
+  listing_id               = local.listing_id
+  listing_resource_version = local.listing_resource_version
+}
+
+#Accept Terms and Subscribe to the image, placing the image in a particular compartment
+resource "oci_core_app_catalog_subscription" "mp_image_subscription" {
+  count = local.enabled
+
+  compartment_id           = var.compartment_ocid
+  eula_link                = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].eula_link
+  listing_id               = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].listing_id
+  listing_resource_version = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].listing_resource_version
+  oracle_terms_of_use_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].oracle_terms_of_use_link
+  signature                = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].signature
+  time_retrieved           = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement[0].time_retrieved
+
+  timeouts {
+    create = "20m"
+  }
+}
+
+# Gets the partner image subscription
+data "oci_core_app_catalog_subscriptions" "mp_image_subscription" {
+  count = local.enabled
+
+  compartment_id = var.compartment_ocid
+  listing_id     = local.listing_id
+
+  filter {
+    name   = "listing_resource_version"
+    values = [local.listing_resource_version]
+  }
+}
diff --git a/main.tf b/main.tf
diff --git a/network.tf b/network.tf
@@ -0,0 +1,89 @@
+
+locals {
+  use_existing_network = var.network_strategy == "Use Existing VCN and Subnet" ? true : false
+}
+
+# VCN comes with default route table, security list and DHCP options
+
+resource "oci_core_vcn" "vcn" {
+  count          = local.use_existing_network ? 0:1
+  cidr_block     = var.vcn_cidr_block
+  dns_label      = var.vcn_dns_label
+  compartment_id = var.compartment_ocid
+  display_name   = var.vcn_display_name
+}
+
+resource "oci_core_internet_gateway" "igw" {
+  count          = local.use_existing_network ? 0:1
+  compartment_id = var.compartment_ocid
+  display_name   = "internet_gateway"
+  vcn_id         = oci_core_vcn.vcn[count.index].id
+}
+
+resource "oci_core_default_route_table" "default_route_table" {
+  count          = local.use_existing_network ? 0:1
+  manage_default_resource_id = oci_core_vcn.vcn[count.index].default_route_table_id
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.igw[count.index].id
+  }
+}
+
+
+resource "oci_core_subnet" "public_subnet" {
+  count          = local.use_existing_network ? 0:1
+  compartment_id             = var.compartment_ocid
+  vcn_id                     = oci_core_vcn.vcn[count.index].id
+  cidr_block                 = var.subnet_cidr_block
+  display_name               = var.subnet_display_name
+  route_table_id             = oci_core_vcn.vcn[count.index].default_route_table_id
+  dns_label                  = var.subnet_dns_label
+  prohibit_public_ip_on_vnic = "false"
+}
+
+resource "oci_core_network_security_group" "nsg" {
+  #Required
+  compartment_id = var.compartment_ocid
+  vcn_id         = local.use_existing_network ? var.vcn_id : oci_core_vcn.vcn[0].id
+
+  #Optional
+  display_name = var.nsg_display_name
+}
+
+resource "oci_core_network_security_group_security_rule" "rule_egress_all" {
+  network_security_group_id = oci_core_network_security_group.nsg.id
+
+  direction   = "EGRESS"
+  protocol    = "all"
+  destination = "0.0.0.0/0"
+}
+
+resource "oci_core_network_security_group_security_rule" "rule_ingress_tcp443" {
+  network_security_group_id = oci_core_network_security_group.nsg.id
+  protocol                  = "6"
+  direction                 = "INGRESS"
+  source                    = var.nsg_whitelist_ip != "" ? var.nsg_whitelist_ip : "0.0.0.0/0"
+  stateless                 = false
+
+  tcp_options {
+    destination_port_range {
+      min = 443
+      max = 443
+    }
+  }
+}
+
+resource "oci_core_network_security_group_security_rule" "rule_ingress_all_icmp_type3_code4" {
+  network_security_group_id = oci_core_network_security_group.nsg.id
+  protocol                  = 1
+  direction                 = "INGRESS"
+  source                    = var.nsg_whitelist_ip != "" ? var.nsg_whitelist_ip : "0.0.0.0/0"
+  stateless                 = true
+
+  icmp_options {
+    type = 3
+    code = 4
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,43 @@
+###
+# compute.tf outputs
+###
+
+output "instance_public_ip" {
+  value = oci_core_instance.simple-vm.public_ip
+}
+
+output "instance_private_ip" {
+  value = oci_core_instance.simple-vm.private_ip
+}
+
+output "instance_https_url" {
+  value = "https://${oci_core_instance.simple-vm.public_ip}"
+}
+
+###
+# network.tf outputs
+###
+
+output "vcn_id" {
+  value = !local.use_existing_network ? join("", oci_core_vcn.vcn.*.id) : var.vcn_id
+}
+
+output "subnet_id" {
+  value = !local.use_existing_network ? join("", oci_core_subnet.public_subnet.*.id) : var.subnet_id
+}
+
+output "vcn_cidr_block" {
+  value = !local.use_existing_network ? join("", oci_core_vcn.vcn.*.cidr_block) : var.vcn_cidr_block
+}
+
+output "nsg_id" {
+  value = join("", oci_core_network_security_group.nsg.*.id)
+}
+
+###
+# image_subscription.tf outputs
+###
+
+output "subscription" {
+  value = data.oci_core_app_catalog_subscriptions.mp_image_subscription.*.app_catalog_subscriptions
+}
diff --git a/scripts/example.sh b/scripts/example.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+touch ~opc/hello_world
diff --git a/variables.tf b/variables.tf
@@ -13,21 +13,26 @@ variable "region" {
 #  Marketplace Image      #
 ############################
 
+variable "enabled" {
+  type = bool
+  default = false
+}
+
 variable "mp_listing_id" {
   // default = "ocid1.appcataloglisting.oc1.."
-  default     = "ocid1.appcataloglisting.oc1..aaaaaaaapram7bsdh37gly4oavh42iqih6faoqqqmotpddyz4a44c4wgk7ja"
+  default     = ""
   description = "Marketplace Listing OCID"
 }
 
 variable "mp_listing_resource_id" {
   // default = "ocid1.image.oc1.."
-  default     = "ocid1.image.oc1..aaaaaaaa2es7kqqgmmjyymzdaaeqmmehrprg6gdjxs4on5lpzwiv64przksa"
+  default     = ""
   description = "Marketplace Listing Image OCID"
 }
 
 variable "mp_listing_resource_version" {
   // default = "1.0"
-  default     = "Oracle_Cloud_Developer_Image_19.11"
+  default     = ""
   description = "Marketplace Listing Package/Resource Version"
 }
 
@@ -51,8 +56,8 @@ variable "availability_domain_name" {
 }
 
 variable "availability_domain_number" {
-  default     = 1
-  description = "OCI Availability Domains: 1,2,3  (subject to region availability)"
+  default     = 0
+  description = "OCI Availability Domains: 0,1,2  (subject to region availability)"
 }
 
 variable "ssh_public_key" {