diff --git a/terraform_plans/backup.tf b/terraform_plans/backup.tf new file mode 100644 index 0000000..7b015b7 --- /dev/null +++ b/terraform_plans/backup.tf @@ -0,0 +1,30 @@ +#resource "oci_core_volume_swap_backup_policy" "tf-playground_volume_backup_policy" { +# compartment_id = oci_identity_compartment.tf-playground.id +# display_name = "tf-playground" +# freeform_tags = var.tags +# +# schedules { +# backup_type = "INCREMENTAL" +# day_of_month = 1 +# day_of_week = "FRIDAY" +# hour_of_day = 3 +# month = "JANUARY" +# offset_seconds = 0 +# offset_type = "STRUCTURED" +# period = "ONE_WEEK" +# retention_seconds = 3024000 # 5 weeks +# time_zone = "REGIONAL_DATA_CENTER_TIME" +# } +#} +# +#resource "oci_core_volume_swap_backup_policy_assignment" "tf-playground_boot_volume_backup_policy_assignment" { +# count = 3 +# asset_id = data.oci_core_boot_volumes.tf-playground_boot_volumes.boot_volumes[count.index].id +# policy_id = oci_core_volume_swap_backup_policy.tf-playground_volume_backup_policy.id +# +# depends_on = [ +# oci_core_instance.vm_instance_x86_64, +# oci_core_instance.vm_instance_ampere, +# oci_core_volume_swap.vm_instance_tf-playground_core_volume_swap +# ] +#} diff --git a/terraform_plans/compartment.tf b/terraform_plans/compartment.tf new file mode 100644 index 0000000..3422033 --- /dev/null +++ b/terraform_plans/compartment.tf @@ -0,0 +1,7 @@ +resource "oci_identity_compartment" "tf-playground" { + compartment_id = var.tenancy_ocid + description = "Compartment for tf-playground resources." + name = var.compartment_name + freeform_tags = var.tags + enable_delete = true +} diff --git a/terraform_plans/compute-ampere.tf b/terraform_plans/compute-ampere.tf new file mode 100644 index 0000000..4cd7124 --- /dev/null +++ b/terraform_plans/compute-ampere.tf @@ -0,0 +1,41 @@ +#resource "oci_core_instance" "vm_instance_ampere" { +# availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name +# compartment_id = oci_identity_compartment.tf-playground.id +# shape = "VM.Standard.A1.Flex" +# display_name = join("", [var.vm_name, "10"]) +# preserve_boot_volume = false +# is_pv_encryption_in_transit_enabled = true +# freeform_tags = var.tags +# +# # lifecycle { +# # prevent_destroy = true +# # } +# +# shape_config { +# memory_in_gbs = 24 +# ocpus = 4 +# } +# +# metadata = { +# ssh_authorized_keys = var.ssh_public_key +# } +# +# source_details { +# source_id = var.vm_image_ocid_ampere +# source_type = "image" +# } +# +# availability_config { +# is_live_migration_preferred = true +# } +# +# create_vnic_details { +# assign_public_ip = true +# subnet_id = oci_core_subnet.vcn-public-subnet.id +# assign_private_dns_record = true +# hostname_label = join("", [var.vm_name, "10"]) +# private_ip = join(".", ["10", "0", "0", 110]) +# nsg_ids = [oci_core_network_security_group.tf-playground-network-security-group.id] +# freeform_tags = var.tags +# } +#} diff --git a/terraform_plans/compute-x86_64.tf b/terraform_plans/compute-x86_64.tf new file mode 100644 index 0000000..c07dc3c --- /dev/null +++ b/terraform_plans/compute-x86_64.tf @@ -0,0 +1,39 @@ +resource "oci_core_instance" "vm_instance_x86_64" { + count = 1 + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[1].name + compartment_id = oci_identity_compartment.tf-playground.id + shape = "VM.Standard.E2.1.Micro" + display_name = join("", [var.vm_name, "0", count.index + 1]) + preserve_boot_volume = false + is_pv_encryption_in_transit_enabled = true + freeform_tags = var.tags + + # lifecycle { + # prevent_destroy = true + # } + + metadata = { + ssh_authorized_keys = var.ssh_public_key + } + + source_details { + #source_id = var.vm_image_ocid_x86_64 + source_id = data.oci_core_images.ubuntu-compute-image.images[0].id + source_type = "image" + boot_volume_size_in_gbs = 50 + } + + availability_config { + is_live_migration_preferred = true + } + + create_vnic_details { + assign_public_ip = true + subnet_id = oci_core_subnet.vcn-public-subnet.id + assign_private_dns_record = true + hostname_label = join("", [var.vm_name, "0", count.index + 1]) + private_ip = join(".", ["10", "0", "0", count.index + 4]) + nsg_ids = [oci_core_network_security_group.tf-playground-network-security-group.id] + freeform_tags = var.tags + } +} diff --git a/terraform_plans/data.tf b/terraform_plans/data.tf new file mode 100644 index 0000000..5ec4e4c --- /dev/null +++ b/terraform_plans/data.tf @@ -0,0 +1,15 @@ +data "oci_identity_availability_domains" "ads" { + compartment_id = var.tenancy_ocid +} + +data "oci_core_images" "ubuntu-compute-image" { + compartment_id = oci_identity_compartment.tf-playground.compartment_id + operating_system = "Canonical Ubuntu" + operating_system_version = "22.04 Minimal" + sort_by = "TIMECREATED" +} + +data "oci_core_boot_volumes" "tf-playground_boot_volumes" { + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name + compartment_id = oci_identity_compartment.tf-playground.id +} diff --git a/terraform_plans/main.tf b/terraform_plans/main.tf new file mode 100644 index 0000000..127e141 --- /dev/null +++ b/terraform_plans/main.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.4.0" + + backend "local" { + path = "terraform.tfstate" + } + + required_providers { + oci = { + version = ">= 4.110.0 " + source = "oracle/oci" + } + } +} + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + private_key_path = var.private_key_path + fingerprint = var.fingerprint + region = var.region +} diff --git a/terraform_plans/network-dhcp.tf b/terraform_plans/network-dhcp.tf new file mode 100644 index 0000000..46acb0b --- /dev/null +++ b/terraform_plans/network-dhcp.tf @@ -0,0 +1,19 @@ +# Source from https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_dhcp_options + +resource "oci_core_dhcp_options" "dhcp-options" { + compartment_id = oci_identity_compartment.tf-playground.id + vcn_id = module.vcn.vcn_id + display_name = "tf-playground-dhcp-options" + freeform_tags = var.tags + + options { + type = "DomainNameServer" + server_type = "VcnLocalPlusInternet" + } + + options { + type = "SearchDomain" + search_domain_names = ["tf-playground.oraclevcn.com"] + } + +} diff --git a/terraform_plans/network-subnet-public.tf b/terraform_plans/network-subnet-public.tf new file mode 100644 index 0000000..cf8294d --- /dev/null +++ b/terraform_plans/network-subnet-public.tf @@ -0,0 +1,158 @@ +resource "oci_core_subnet" "vcn-public-subnet" { + compartment_id = oci_identity_compartment.tf-playground.id + vcn_id = module.vcn.vcn_id + cidr_block = "10.0.0.0/28" + freeform_tags = var.tags + + route_table_id = module.vcn.ig_route_id + security_list_ids = [ + oci_core_security_list.public-security-list.id, + ] + + display_name = "public-subnet" + dhcp_options_id = oci_core_dhcp_options.dhcp-options.id + dns_label = "publicsubnet" +} + +resource "oci_core_security_list" "public-security-list" { + compartment_id = oci_identity_compartment.tf-playground.id + vcn_id = module.vcn.vcn_id + display_name = "security-list-public" + freeform_tags = var.tags + + egress_security_rules { + stateless = false + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + protocol = "all" + } + + ingress_security_rules { + stateless = false + source = var.ssh_allow_range + source_type = "CIDR_BLOCK" + protocol = "6" + description = "SSH traffic" + + tcp_options { + min = 22 + max = 22 + } + } + + ## If you wish to open further network ports to the internet, + ## add your firewall ACLs as the following: + + ingress_security_rules { + stateless = false + source = var.ssh_allow_range + source_type = "CIDR_BLOCK" + protocol = "6" + description = "HTTP traffic" + + tcp_options { + min = 443 + max = 443 + } + } + + ingress_security_rules { + stateless = false + source = var.ssh_allow_range + source_type = "CIDR_BLOCK" + protocol = "6" + description = "HTTPs traffic" + + tcp_options { + min = 80 + max = 80 + } + } + + + # ingress_security_rules { + # stateless = false + # source = "0.0.0.0/0" + # source_type = "CIDR_BLOCK" + # protocol = "6" + # description = "HTTPS traffic" + + # tcp_options { + # min = 443 + # max = 443 + # } + + # ingress_security_rules { + # stateless = false + # source = "0.0.0.0/0" + # source_type = "CIDR_BLOCK" + # protocol = "1" + # description = "ICMP Port Unreachable" + # + # icmp_options { + # type = 3 + # code = 4 + # } + # } + # + # ingress_security_rules { + # stateless = false + # source = "10.0.0.0/16" + # source_type = "CIDR_BLOCK" + # protocol = "1" + # description = "ICMP Destination Unreachable" + # + # icmp_options { + # type = 3 + # } + # } + # + # ingress_security_rules { + # stateless = false + # source = "10.0.0.0/16" + # source_type = "CIDR_BLOCK" + # protocol = "1" + # description = "ICMP Echo Reply" + # + # icmp_options { + # type = 0 + # } + # } + # + # ingress_security_rules { + # stateless = false + # source = "10.0.0.0/16" + # source_type = "CIDR_BLOCK" + # protocol = "1" + # description = "ICMP Echo" + # + # icmp_options { + # type = 8 + # } + # } +} + +resource "oci_core_network_security_group" "tf-playground-network-security-group" { + compartment_id = oci_identity_compartment.tf-playground.id + vcn_id = module.vcn.vcn_id + display_name = "network-security-group-tf-playground" + freeform_tags = var.tags +} + +resource "oci_core_network_security_group_security_rule" "tf-playground-network-security-group-list-ingress" { + network_security_group_id = oci_core_network_security_group.tf-playground-network-security-group.id + direction = "INGRESS" + source = oci_core_network_security_group.tf-playground-network-security-group.id + source_type = "NETWORK_SECURITY_GROUP" + protocol = "all" + stateless = true +} + +resource "oci_core_network_security_group_security_rule" "tf-playground-network-security-group-list-egress" { + network_security_group_id = oci_core_network_security_group.tf-playground-network-security-group.id + direction = "EGRESS" + destination = oci_core_network_security_group.tf-playground-network-security-group.id + destination_type = "NETWORK_SECURITY_GROUP" + protocol = "all" + stateless = true +} diff --git a/terraform_plans/network-vcn.tf b/terraform_plans/network-vcn.tf new file mode 100644 index 0000000..a01c4b7 --- /dev/null +++ b/terraform_plans/network-vcn.tf @@ -0,0 +1,17 @@ +module "vcn" { + source = "oracle-terraform-modules/vcn/oci" + #version = "2.2.0" + + compartment_id = oci_identity_compartment.tf-playground.id + region = var.region + vcn_name = var.compartment_name + vcn_dns_label = "tfdemoproject" + + # internet_gateway_enabled = true + # service_gateway_enabled = false + # nat_gateway_enabled = false + create_internet_gateway = true + create_nat_gateway = false + create_service_gateway = false + vcn_cidrs = ["10.0.0.0/28"] +} diff --git a/terraform_plans/outputs.tf b/terraform_plans/outputs.tf new file mode 100644 index 0000000..feadc9f --- /dev/null +++ b/terraform_plans/outputs.tf @@ -0,0 +1,23 @@ +# Output the "list" of all availability domains. +output "all-availability-domains-in-your-tenancy" { + value = data.oci_identity_availability_domains.ads.availability_domains[*].name +} + +output "compartment-name" { + value = oci_identity_compartment.tf-playground.name +} + +output "public-ip-x86_64-instances" { + value = oci_core_instance.vm_instance_x86_64.*.public_ip +} + +output "compartment-OCID" { + value = oci_identity_compartment.tf-playground.id +} +output "latest-compute-image" { + value = data.oci_core_images.ubuntu-compute-image.images[0].display_name +} + +#output "public-ip-ampere-instance" { +# value = oci_core_instance.vm_instance_ampere.public_ip +#} diff --git a/terraform_plans/tfvars.skel b/terraform_plans/tfvars.skel new file mode 100644 index 0000000..bbd01fd --- /dev/null +++ b/terraform_plans/tfvars.skel @@ -0,0 +1,19 @@ +# Refer to the README.md file to fill these in +tenancy_ocid = +user_ocid = +fingerprint = +private_key_path = +region = + +# Choose your VM images here +# Images: https://docs.oracle.com/en-us/iaas/images/all/?search=ubuntu+22.04 +vm_image_ocid_x86_64 = +vm_image_ocid_ampere = + +# Add your SSH key here +ssh_public_key = +# Optional: Replace this with your preferred environment name +compartment_name = +vm_name = +tags = +ssh_allow_range = diff --git a/terraform_plans/variables.tf b/terraform_plans/variables.tf new file mode 100644 index 0000000..b091e88 --- /dev/null +++ b/terraform_plans/variables.tf @@ -0,0 +1,61 @@ +variable "compartment_name" { + description = "The name of the compartment." + type = string +} + +variable "tenancy_ocid" { + description = "The OCID of the tenancy." + type = string +} + +variable "user_ocid" { + description = "The OCID of the user." + type = string +} + +variable "vm_image_ocid_x86_64" { + description = "The OCID of the VM image to be deployed (x86_64)." + type = string +} + +variable "vm_image_ocid_ampere" { + description = "The OCID of the VM image to be deployed (ampere)." + type = string +} + +variable "vm_name" { + description = "Name of the tf-playground virtual machine." + type = string +} + +variable "region" { + description = "The name of the cloud region." + type = string + default = "eu-frankfurt-1" +} + +variable "fingerprint" { + description = "The fingerprint of the private key." + type = string +} + +variable "private_key_path" { + description = "The location of the private key." + type = string +} + +variable "ssh_public_key" { + description = "The fingerprint of your SSH public key." + type = string +} + +variable "ssh_allow_range" { + description = "A CIDR block that you trust. Only this address range may SSH to your instance(s)." + type = string + default = "10.0.0.0/24" +} + +variable "tags" { + description = "Freeform tags." + type = map(any) +} diff --git a/terraform_plans/volume.tf b/terraform_plans/volume.tf new file mode 100644 index 0000000..f9410de --- /dev/null +++ b/terraform_plans/volume.tf @@ -0,0 +1,38 @@ +resource "oci_core_volume" "vm_instance_tf-playground_core_volume_swap" { + compartment_id = oci_identity_compartment.tf-playground.id + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[1].name + display_name = join("-", [var.vm_name, "core", "volume", "swap"]) + freeform_tags = var.tags + size_in_gbs = 50 + is_auto_tune_enabled = true +} + +resource "oci_core_volume_attachment" "vm-instance-tf-playground_attachment" { + attachment_type = "paravirtualized" + instance_id = oci_core_instance.vm_instance_x86_64[0].id + volume_id = oci_core_volume.vm_instance_tf-playground_core_volume_swap.id + device = "/dev/oracleoci/oraclevdc" + display_name = "tf-playground-core-volume-attachment" + is_pv_encryption_in_transit_enabled = true + is_read_only = false +} + +#resource "oci_core_volume_backup_policy_assignment" "tf-playground_core_volume_backup_policy_assignment" { +# asset_id = oci_core_volume.vm_instance_tf-playground_core_volume_swap.id +# policy_id = oci_core_volume_backup_policy.tf-playground_volume_backup_policy.id +# +# depends_on = [ +# oci_core_instance.vm_instance_x86_64, +# oci_core_instance.vm_instance_ampere +# ] +#} + +#resource "oci_core_volume_attachment" "test_volume_attachment" { +# attachment_type = "paravirtualized" +# #instance_id = oci_core_instance.vm_instance_ampere.id +# volume_id = oci_core_volume.vm_instance_tf-playground_core_volume.id +# device = "/dev/oracleoci/oraclevdb" +# display_name = "tf-playground-core-volume-attachment" +# is_pv_encryption_in_transit_enabled = true +# is_read_only = false +#}