-
Notifications
You must be signed in to change notification settings - Fork 0
/
instances.tf
108 lines (98 loc) · 3.11 KB
/
instances.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# This configuration uses all available instances in the always free tier
locals {
server_configuration = {
"shape" = "VM.Standard.E2.1.Micro"
"cpu" = "1"
"ram" = "1"
}
client_configuration = {
"shape" = "VM.Standard.A1.Flex"
"cpu" = "2"
"ram" = "12"
}
instances = {
"0" = local.server_configuration
"1" = local.server_configuration
"2" = local.client_configuration
"3" = local.client_configuration
}
}
# Instances
resource "oci_core_instance" "instance" {
count = 4
# ===== Required for resource =====
# Availability domain - always free account has only one region and one availability domain
availability_domain = data.oci_identity_availability_domain.ad.name
# Compartment ID - where instance will be provisioned
compartment_id = var.compartment_ocid
# Shape - VM.Standard.E2.1.Micro and VM.Standard.A1.Flex are always free eligible
shape = lookup(local.instances, count.index).shape
# ===== Optional for resource =====
# Agent configuration
agent_config {
# Optional for agent config
is_management_disabled = "false"
is_monitoring_disabled = "false"
plugins_config {
# Required for plugin config
desired_state = "DISABLED"
name = "Vulnerability Scanning"
}
plugins_config {
# Required for plugin config
desired_state = "ENABLED"
name = "OS Management Service Agent"
}
plugins_config {
# Required for plugin config
desired_state = "ENABLED"
name = "Compute Instance Run Command"
}
plugins_config {
# Required for plugin config
desired_state = "ENABLED"
name = "Compute Instance Monitoring"
}
plugins_config {
# Required for plugin config
desired_state = "DISABLED"
name = "Block Volume Management"
}
plugins_config {
# Required for plugin config
desired_state = "DISABLED"
name = "Bastion"
}
}
# Availability configuration
availability_config {
recovery_action = "RESTORE_INSTANCE"
}
# Networking configuration
create_vnic_details {
assign_private_dns_record = "true"
assign_public_ip = "true"
hostname_label = var.instance_names[count.index]
private_ip = cidrhost(oci_core_subnet.public_subnet.cidr_block, 101 + count.index)
subnet_id = oci_core_subnet.public_subnet.id
}
# Instance name
display_name = var.instance_names[count.index]
# Enable in-transit encryption for the data volume's paravirtualized attachment
is_pv_encryption_in_transit_enabled = "true"
# Metadata - SSH authorized key or User data
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
# Instance shape - CPU and RAM
shape_config {
memory_in_gbs = lookup(local.instances, count.index).ram
ocpus = lookup(local.instances, count.index).cpu
}
# Boot volume - size and image
source_details {
boot_volume_size_in_gbs = "50"
source_id = var.images[lookup(local.instances, count.index).shape][var.region]
source_type = "image"
}
}