diff --git a/README.md b/README.md index bc7369c..45bb40a 100644 --- a/README.md +++ b/README.md @@ -19,14 +19,15 @@ To use the Terraform modules and templates in your environment, you must install - [Terraform](https://developer.hashicorp.com/terraform/install) - Alternate [OpenTofu](https://opentofu.org/docs/intro/) -- [Python 3.x](https://www.python.org/?downloads) (min version 3.4) with packages - - [pip](https://pypi.org/project/pip/) - - [venv](https://docs.python.org/3/library/venv.html) - - (venv) virtual env is recommended (not mandatory) to install python packages for [oci-identity-provider/scripts/requirements.txt](modules/oci-identity/oci-identity-provider/scripts/requirements.txt) - Azure CLI - [How to install the Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) - OCI CLI - [Quickstart](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) - Setup OCI-CLI to [authenticate to your tenancy](https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.43.1/oci_cli_docs/cmdref/session/authenticate.html) - Create a token auth profile in your oci config with `` +requirements.txt) +- [Python 3.x](https://www.python.org/?downloads) (min version 3.4) with packages + - [pip](https://pypi.org/project/pip/) + - [venv](https://docs.python.org/3/library/venv.html) + - (venv) virtual env is recommended (not mandatory) to install python packages for [oci-identity-provider/scripts/requirements.txt](modules/oci-identity/oci-identity-provider/scripts/ Dependent which cloud resources a module manages, it will use some subset of the terraform cloud providers: @@ -39,6 +40,14 @@ Dependent which cloud resources a module manages, it will use some subset of the These module automates the provisioning of components for running Oracle Database@Azure. Each template can run independently and default input values are configured which can be overridden per customer's preferences. +### Exadata +- `templates/azurerm-oci-exadata-quickstart`: Quickstart OracleDB@Azure (Exadata) with OCI LZ modules (AzureRM) +- `templates/avm-oci-exadata-quickstart`: Quickstart OracleDB@Azure (Exadata) with Azure Verified Modules (AzAPI) and OCI LZ Modules + +### Autonomous Database +- `templates/azurerm-oci-adbs-quickstart`: Quickstart OracleDB@Azure (Autonomous Database) with OCI LZ modules (AzureRM) + +### Identity - `templates/az-oci-sso-federation`: Configures Single Sign-on (SSO) Between OCI and Microsoft Azure with identity federation. - `templates/az-oci-rbac-n-sso-fed`: Configures SSO Between OCI and Microsoft Azure with identity federation And role, groups required for Oracle Database@Azure. - `templates/az-odb-rbac`: Creates Roles and Groups required for for Oracle Database@Azure. @@ -49,29 +58,38 @@ These module automates the provisioning of components for running Oracle Databas ## Authentication ### OCI Authentication - -You must [authenticate to your oci tenancy](https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.43.1/oci_cli_docs/cmdref/session/authenticate.html) with config auth profile as ``. All available OCI regions are defined in [Regions and Availability Domains](https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#top). +The OCI Terraform provider supports [multiple authentication methods](https://docs.oracle.com/en-us/iaas/Content/terraform/configuring.htm). We recommend to configure OCI Terraform Provider using API Key Authentication as illustrated below. Please refer to the [documentation](https://docs.oracle.com/en-us/iaas/Content/terraform/configuring.htm#api-key-auth) for details. ``` shell -oci session authenticate --region= --profile-name= +export TF_VAR_oci_tenancy_ocid="OCID of the OCI tenancy" +export TF_VAR_oci_user_ocid="" +export TF_VAR_oci_private_key_path="" +export TF_VAR_oci_fingerprint="" ``` -Example: - +You can verify the configuration using OCI CLI as illustrated below. ``` shell -oci session authenticate --region=us-ashburn-1 --profile-name=ONBOARDING +export OCI_CLI_TENANCY=$TF_VAR_oci_tenancy_ocid +export OCI_CLI_USER=$TF_VAR_oci_user_ocid +export OCI_CLI_FINGERPRINT=$TF_VAR_oci_fingerprint +export OCI_CLI_KEY_FILE=$TF_VAR_oci_private_key_path +oci iam tenancy get --tenancy-id $TF_VAR_oci_tenancy_ocid --output table --query "data.{Name:name, OCID:id}" --auth api_key ``` ### AZ Authentication +You can authenticate to Azure with [service principal](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure-with-service-principle?tabs=bash) and verify it with Azure CLI as illustrated below. Please refer to the offical [Azure documentation](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure?tabs=bash#2-authenticate-terraform-to-azure) for details. -Official Microsoft documentation to [authenticate to Azure using Azure CLI](https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli) ``` shell -az login --tenant +export ARM_CLIENT_ID="" +export ARM_CLIENT_SECRET="" +export ARM_TENANT_ID="" +export ARM_SUBSCRIPTION_ID="" +az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET -t $ARM_TENANT_ID +az account show -o table ``` ## Execution - Navigate into the `templates` directory. **Note:** The Terraform state file writes to the directory from where you execute plans. You should keep this file in case you want to use Terraform to modify the environment configuration later. Refer to the Terraform documentation for more persistent and shareable ways to save state. @@ -81,7 +99,6 @@ Navigate into the `templates` directory. Input variable can be set in the [Variable Definitions file](https://developer.hashicorp.com/terraform/language/values/variables#variable-definitions-tfvars-files) (e.g. `terraform.tfvars`) or through the command line or environment variables: ``` terraform -config_file_profile="" compartment_ocid="" region="" ``` @@ -89,13 +106,12 @@ region="" or via [Command Line](https://developer.hashicorp.com/terraform/language/values/variables#variables-on-the-command-line) ``` shell -terraform plan -var="config_file_profile=" -var="compartment_ocid=" -var="region=" +terraform plan -var="compartment_ocid=" -var="region=" ``` or via [Environment Variables](https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_var_name) ``` shell -export TF_VAR_config_file_profile="" export TF_VAR_compartment_ocid="" export TF_VAR_region="" ``` @@ -167,7 +183,7 @@ tofu destroy ### Terraform Provider - [Oracle Cloud Infrastructure Provider](https://registry.terraform.io/providers/oracle/oci/latest/docs) - [Azure Active Directory Provider](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs) -- [Azure Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) +- [AzureRm Provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) - [AzAPI Provider](https://registry.terraform.io/providers/Azure/azapi/latest/docs) ### Terraform Modules diff --git a/env.sh b/env.sh new file mode 100644 index 0000000..3bf3a41 --- /dev/null +++ b/env.sh @@ -0,0 +1,25 @@ +# for Azure Terraform & CLI +# https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure-with-service-principle +export ARM_CLIENT_ID="" +export ARM_CLIENT_SECRET="" +export ARM_TENANT_ID="" +export ARM_SUBSCRIPTION_ID="" + +az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET -t $ARM_TENANT_ID +az account show -o table + +# for OCI Terraform +# https://docs.oracle.com/en-us/iaas/Content/terraform/configuring.htm#api-key-auth +export TF_VAR_oci_tenancy_ocid="OCID of the OCI tenancy" +export TF_VAR_oci_user_ocid="" +export TF_VAR_oci_private_key_path="" +export TF_VAR_oci_fingerprint="" + +# for OCI CLI +# https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm +export OCI_CLI_TENANCY=$TF_VAR_oci_tenancy_ocid +export OCI_CLI_USER=$TF_VAR_oci_user_ocid +export OCI_CLI_FINGERPRINT=$TF_VAR_oci_fingerprint +export OCI_CLI_KEY_FILE=$TF_VAR_oci_private_key_path +oci iam tenancy get --tenancy-id $TF_VAR_oci_tenancy_ocid --output table --query "data.{Name:name, OCID:id}" --auth api_key + diff --git a/modules/azure-oracle-adbs/README.md b/modules/azure-oracle-adbs/README.md index 06896bd..2370ad2 100644 --- a/modules/azure-oracle-adbs/README.md +++ b/modules/azure-oracle-adbs/README.md @@ -4,57 +4,70 @@ Terraform module for **Oracle Autonomous Database Serverless (ADB-S)** , Creates a new Autonomous Database resource in Oracle Database @ Azure. +> [!NOTE] +> Since there are limited properties updatable from Azure at the moment (either Azure Portal or using AzAPI/AzureRM Terraform Provider), the reference implementation is making use of [ignore_changes in lifecycle block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes) to avoid having a force replacement plan when changes are made via other means (e.g. OCI Console) + ## Pre-requisites A virtual network with subnet delegated to `Oracle.Database/networkAttachment` present in targetted subscription. + + ## Providers -| Name | Version | -| --------- | ------------------------------------------------------------------------------------------------------------- | -| [azapi] | n/a | -| [azurerm] | [>=3.99.0](https://github.com/hashicorp/terraform-provider-azurerm/blob/main/CHANGELOG.md#3990-april-11-2024) | +| Name | Version | +|------|---------| +| [azapi](#provider\_azapi) | n/a | +| [azurerm](#provider\_azurerm) | n/a | +| [null](#provider\_null) | n/a | ## Resources -| Name | Type | -| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | -| [autonomousdatabases](https://learn.microsoft.com/en-us/javascript/api/@azure/arm-oracledatabase/autonomousdatabases?view=azure-node-preview) | azure-node-preview | -| [oci_database_autonomous_database](https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/6.2.0/docs/r/database_autonomous_database.html) | oci resource | +| Name | Type | +|------|------| +| [azapi_resource.autonomous_db](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) | resource | +| [null_resource.wait_until_available](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [azurerm_resource_group.resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_subnet.subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_virtual_network.virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | ## Inputs -| Name | Description | Type | Default | Required | -| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----------------- | :------: | -| `location` | Resource region | -| `nw_resource_group` | Virtual network resource group name | string | n/a | yes | -| `nw_vnet_name` | Virtual network name | string | n/a | yes | -| `nw_delegated_subnet_name` | Oracle delegate subnet name | string | n/a | yes | -| `db_resource_group` | ADBS resource group name | string | n/a | yes | -| `db_name` | Database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted | string | n/a | yes | -| `db_admin_password` | Password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (“) or the username “admin”, regardless of casing. | string | n/a | yes | -| `db_ecpu_count` | Number of CPU cores to be made available to the database | number | 2 | no | -| `db_storage_in_gb` | Size, in gigabytes, of the data volume that will be created and attached to the database | number | 20 | no | -| `db_version` | Oracle Database version for Autonomous Database | string | "19c" | | -| `db_license_model` | License model either LicenseIncluded or BringYourOwnLicense " | string | "LicenseIncluded" | | -| `db_workload` | Autonomous Database workload type | string | "DW" | | -| `db_auto_scale_enabled` | Auto scaling is enabled for the Autonomous Database CPU core count | bool | true | | -| `db_storage_auto_scale_enabled` | Auto scaling is enabled for the Autonomous Database storage. | bool | false | | -| `db_compute_model` | Compute model of the Autonomous Database | string | "ECPU" | | -| `db_permission_level` | Autonomous Database permission level. Restricted mode allows access only by admin users | string | "Restricted" | | -| `db_type` | Database type | string | "Regular" | | -| `db_character_set` | Character set for the Autonomous Database | string | "AL32UTF8" | | -| `db_n_character_set` | Character set for the Autonomous Database | string | "AL16UTF16" | | - -**NOTE:** Autonomous Database resource has lot of parameter combinations and input constraints , please refer to official Oracle docs - -- [CreateAutonomousDatabaseBase](https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/CreateAutonomousDatabaseBase) -- [database_autonomous_database](https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/6.2.0/docs/r/database_autonomous_database.html) +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [admin\_password](#input\_admin\_password) | The password must be between 12 and 30characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol or the username 'admin', regardless of casing. | `string` | n/a | yes | +| [auto\_scaling\_enabled](#input\_auto\_scaling\_enabled) | Indicates if auto scaling is enabled for the Autonomous Database CPU core count. The default value is true. | `bool` | `true` | no | +| [auto\_scaling\_for\_storage\_enabled](#input\_auto\_scaling\_for\_storage\_enabled) | Indicates if auto scaling is enabled for the Autonomous Database storage. The default value is false. | `bool` | `false` | no | +| [backup\_retention\_period\_in\_days](#input\_backup\_retention\_period\_in\_days) | Retention period, in days, for backups. | `number` | `60` | no | +| [character\_set](#input\_character\_set) | The character set for the autonomous database. The default is AL32UTF8 | `string` | `"AL32UTF8"` | no | +| [compute\_count](#input\_compute\_count) | The compute amount (CPUs) available to the database. Minimum and maximum values depend on the compute model and whether the database is an Autonomous Database Serverless instance or an Autonomous Database on Dedicated Exadata Infrastructure. For an Autonomous Database Serverless instance, the ECPU compute model requires a minimum value of one, for databases in the elastic resource pool and minimum value of two, otherwise. Required when using the computeModel parameter. When using cpuCoreCount parameter, it is an error to specify computeCount to a non-null value. Providing computeModel and computeCount is the preferred method for both OCPU and ECPU. | `number` | `2` | no | +| [compute\_model](#input\_compute\_model) | The compute model of the Autonomous Database. This is required if using the computeCount parameter. If using cpuCoreCount then it is an error to specify computeModel to a non-null value. ECPU compute model is the recommended model and OCPU compute model is legacy. | `string` | `"ECPU"` | no | +| [customer\_contacts](#input\_customer\_contacts) | The email address used by Oracle to send notifications regarding databases and infrastructure. Provide up to 10 unique maintenance contact email addresses. | 
list(object({
    email = string
  }))
| `[]` | no | +| [data\_storage\_size\_in\_tbs](#input\_data\_storage\_size\_in\_tbs) | The maximum storage that can be allocated for the database, in terabytes. | `number` | `1` | no | +| [db\_resource\_group](#input\_db\_resource\_group) | Autonomous Database resource group name | `string` | n/a | yes | +| [db\_version](#input\_db\_version) | A valid Oracle Database version for Autonomous Database. | `string` | `"23ai"` | no | +| [db\_workload](#input\_db\_workload) | The Autonomous Database workload type. The following values are valid: OLTP, DW, AJD, APEX | `string` | `"DW"` | no | +| [display\_name](#input\_display\_name) | The user-friendly name for the Autonomous Database. The name does not have to be unique. | `string` | `""` | no | +| [license\_model](#input\_license\_model) | The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Oracle Database service. | `string` | `"BringYourOwnLicense"` | no | +| [local\_adg\_auto\_failover\_max\_data\_loss\_limit](#input\_local\_adg\_auto\_failover\_max\_data\_loss\_limit) | Parameter that allows users to select an acceptable maximum data loss limit in seconds, up to which Automatic Failover will be triggered when necessary for a Local Autonomous Data Guard | `number` | `0` | no | +| [local\_dataguard\_enabled](#input\_local\_dataguard\_enabled) | Indicates whether the Autonomous Database has local or called in-region Data Guard enabled. | `bool` | `false` | no | +| [location](#input\_location) | Resource region | `string` | n/a | yes | +| [mtls\_connection\_required](#input\_mtls\_connection\_required) | Specifies if the Autonomous Database requires mTLS connections. | `bool` | `false` | no | +| [name](#input\_name) | The name which should be used for this Autonomous Database. | `string` | n/a | yes | +| [national\_character\_set](#input\_national\_character\_set) | The national character set for the autonomous database. The default is AL16UTF16. Allowed values are: AL16UTF16 or UTF8. | `string` | `"AL16UTF16"` | no | +| [nw\_delegated\_subnet\_name](#input\_nw\_delegated\_subnet\_name) | Oracle delegate subnet name | `string` | n/a | yes | +| [nw\_resource\_group](#input\_nw\_resource\_group) | Virtual network resource group name | `string` | n/a | yes | +| [nw\_vnet\_name](#input\_nw\_vnet\_name) | Virtual network name | `string` | n/a | yes | +| [open\_mode](#input\_open\_mode) | Indicates the Autonomous Database mode. The database can be opened in READ\_ONLY or READ\_WRITE mode. | `string` | `"ReadWrite"` | no | +| [permission\_level](#input\_permission\_level) | The Autonomous Database permission level. Restricted mode allows access only by admin users. | `string` | `"Unrestricted"` | no | +| [tags](#input\_tags) | Tags of the resource. | `map(string)` | 
{
  "TF-MOD": "azure-oracle-adbs"
}
| no | +| [whitelisted\_ips](#input\_whitelisted\_ips) | The client IP access control list (ACL). This is an array of CIDR notations and/or IP addresses. Values should be separate strings, separated by commas. Example: ['1.1.1.1','1.1.1.0/24','1.1.2.25'] | `list(string)` | `[]` | no | ## Outputs -| Name | Description | -| ------------------------ | -------------------------- | -| autonomous_db_id | Azure id of created ADBS | -| autonomous_db_ocid | OCI id of created ADBS | -| autonomous_db_properties | Properties of created ADBS | +| Name | Description | +|------|-------------| +| [autonomous\_db\_id](#output\_autonomous\_db\_id) | n/a | +| [autonomous\_db\_ocid](#output\_autonomous\_db\_ocid) | n/a | +| [autonomous\_db\_properties](#output\_autonomous\_db\_properties) | n/a | + \ No newline at end of file diff --git a/modules/azure-oracle-adbs/main.adbs.tf b/modules/azure-oracle-adbs/main.adbs.tf new file mode 100644 index 0000000..eb7453d --- /dev/null +++ b/modules/azure-oracle-adbs/main.adbs.tf @@ -0,0 +1,138 @@ +# Autonomous Database (Properties are read-only after creation) +resource "azapi_resource" "autonomous_db" { + name = var.name + type = "Oracle.Database/autonomousDatabases@2024-06-01" + parent_id = data.azurerm_resource_group.resource_group.id + schema_validation_enabled = false + + timeouts { + create = "3h" + update = "2h" + delete = "1h" + } + + body = { + "location" : var.location, + "properties" : { + "adminPassword" : var.admin_password, + "dataBaseType" : "Regular", + "displayName" : var.display_name, + "dbVersion" : var.db_version, + "dbWorkload" : var.db_workload, + "licenseModel" : var.license_model, + "computeModel" : var.compute_model, + + # "cpuCoreCount" = var.cpu_core_count, + "computeCount" : var.compute_count, + "dataStorageSizeInTbs" : var.data_storage_size_in_tbs, + + "characterSet" : var.character_set, + "ncharacterSet" : var.national_character_set, + + "isAutoScalingEnabled" : var.auto_scaling_enabled, + "isAutoScalingForStorageEnabled" : var.auto_scaling_for_storage_enabled, + "isMtlsConnectionRequired" : var.mtls_connection_required + + "vnetId" : data.azurerm_virtual_network.virtual_network.id + "subnetId" : data.azurerm_subnet.subnet.id + "backupRetentionPeriodInDays" : var.backup_retention_period_in_days + + "openMode" : var.open_mode + "permissionLevel" : var.permission_level + "whitelistedIps" : var.whitelisted_ips + } + "tags" : var.tags + } + response_export_values = ["id", "properties.ocid", "properties"] + + lifecycle { + ignore_changes = all + } +} + +# Wait until ADB become available state +resource "null_resource" "wait_until_available" { + depends_on = [azapi_resource.autonomous_db] + + provisioner "local-exec" { + command = "az extension add --name oracle-database | az oracle-database autonomous-database wait --custom lifecycleState=='Available' --ids ${azapi_resource.autonomous_db.id}" + } +} + +## Uncomment for updating properties using azapi_resource_action with PATCH +# resource "azapi_resource_action" "resource_allocation"{ +# depends_on = [ azapi_resource.autonomous_db, null_resource.wait_until_available ] +# type = "Oracle.Database/autonomousDatabases@2024-06-01" +# resource_id = azapi_resource.autonomous_db.id +# method = "PATCH" +# body = { +# "properties" : { +# "backupRetentionPeriodInDays" : var.backup_retention_period_in_days +# "computeCount" = var.compute_count +# "dataStorageSizeInTbs" = var.data_storage_size_in_tbs +# "isAutoScalingEnabled" = var.auto_scaling_enabled +# "isAutoScalingForStorageEnabled" = var.auto_scaling_for_storage_enabled + +# ## Update is not supported from Azure at this time. Please use OCI Console / API. +# # "customerContacts" = var.customer_contacts +# # "displayName" : var.display_name +# # "cpuCoreCount" = var.cpu_core_count +# # "adminPassword" = var.admin_password, +# # "licenseModel" = var.license_model, +# # "isMtlsConnectionRequired"= var.mtls_connection_required +# # "openMode" = var.open_mode +# # "permissionLevel" = var.permission_level + +# ## Non-updatable properties +# # "dataBaseType" = "Regular", +# # "dbVersion" = var.db_version, +# # "dbWorkload" = var.db_workload, +# # "computeModel" = var.compute_model, +# # "characterSet" = var.character_set, +# # "ncharacterSet" = var.national_character_set, +# # "vnetId" = data.azurerm_virtual_network.virtual_network.id +# # "subnetId" = data.azurerm_subnet.subnet.id +# } +# } +# } + +## Uncomment for updating DR configurations +## (Seperate from other updates as cannot scale and update the database at the same time) +# resource "azapi_resource_action" "disaster_recovery"{ +# depends_on = [ azapi_resource_action.resource_allocation] +# type = "Oracle.Database/autonomousDatabases@2024-06-01" +# resource_id = azapi_resource.autonomous_db.id +# method = "PATCH" +# body = { +# "properties" : { +# "isLocalDataGuardEnabled" = var.local_dataguard_enabled +# "localAdgAutoFailoverMaxDataLossLimit" = var.local_adg_auto_failover_max_data_loss_limit +# } +# } +# } + +## Uncomment for updating Azure Tags +## (Seperate from other updates as cannot have updates for both Autonomous Database properties and Tags in the same request) +# resource "azapi_resource_action" "tags"{ +# depends_on = [ azapi_resource_action.disaster_recovery ] +# type = "Oracle.Database/autonomousDatabases@2024-06-01" +# resource_id = azapi_resource.autonomous_db.id +# method = "PATCH" +# body = { +# "tags" : var.tags +# } +# } + +## WhitelistedIps cannot be updated in parallel with any of the following: +## licenseModel, dbEdition, cpuCoreCount, computeCount, computeModel, adminPassword, isMTLSConnectionRequired, openMode, permissionLevel, dbWorkload, dbVersion, isRefreshable, dbName, scheduledOperations, dbToolsDetails, isLocalDataGuardEnabled, or isFreeTier. +# resource "azapi_resource_action" "whitelistedIps"{ +# depends_on = [ azapi_resource.autonomous_db ] +# type = "Oracle.Database/autonomousDatabases@2024-06-01" +# resource_id = azapi_resource.autonomous_db.id +# method = "PATCH" +# body = { +# "properties" : { +# "whitelistedIps" = var.whitelisted_ips +# } +# } +# } \ No newline at end of file diff --git a/modules/azure-oracle-adbs/main.data.tf b/modules/azure-oracle-adbs/main.data.tf new file mode 100644 index 0000000..50ffa60 --- /dev/null +++ b/modules/azure-oracle-adbs/main.data.tf @@ -0,0 +1,14 @@ +data "azurerm_virtual_network" "virtual_network" { + name = var.nw_vnet_name + resource_group_name = var.nw_resource_group +} + +data "azurerm_subnet" "subnet" { + name = var.nw_delegated_subnet_name + virtual_network_name = var.nw_vnet_name + resource_group_name = var.nw_resource_group +} + +data "azurerm_resource_group" "resource_group" { + name = var.db_resource_group +} diff --git a/modules/azure-oracle-adbs/main.tf b/modules/azure-oracle-adbs/main.tf deleted file mode 100644 index 03cbbae..0000000 --- a/modules/azure-oracle-adbs/main.tf +++ /dev/null @@ -1,77 +0,0 @@ -terraform { - required_providers { - azapi = { - source = "Azure/azapi" - } - azurerm = { - source = "hashicorp/azurerm" - } - } -} - -# uncomment for local module run -# provider "azurerm" { -# features {} -# } - -# provider "azapi" {} - - -data "azurerm_virtual_network" "virtual_network" { - name = var.nw_vnet_name - resource_group_name = var.nw_resource_group -} - -# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet -data "azurerm_subnet" "subnet" { - name = var.nw_delegated_subnet_name - virtual_network_name = var.nw_vnet_name - resource_group_name = var.nw_resource_group -} - - -## DB resources -data "azurerm_resource_group" "resource_group" { - name = var.db_resource_group -} - - -resource "azapi_resource" "autonomous_db" { - type = "Oracle.Database/autonomousDatabases@2023-09-01" - parent_id = data.azurerm_resource_group.resource_group.id - name = var.db_name - schema_validation_enabled = false - - timeouts { - create = "3h" - update = "2h" - delete = "1h" - } - - body = jsonencode({ - "location" : var.location, - "properties" : { - "displayName" : var.db_name, - "computeCount" : var.db_ecpu_count, - "dataStorageSizeInTbs" : var.db_storage_in_tbs, - "adminPassword" : var.db_admin_password, - "dbVersion" : var.db_version, - "licenseModel" : var.db_license_model, - "dataBaseType" : var.db_type, - "computeModel" : var.db_compute_model, - "dbWorkload" : var.db_workload, - "permissionLevel" : var.db_permission_level, - - "characterSet" : var.db_character_set, - "ncharacterSet" : var.db_n_character_set, - - "isAutoScalingEnabled" : var.db_auto_scale_enabled, - "isAutoScalingForStorageEnabled" : var.db_storage_auto_scale_enabled, - - "vnetId" : data.azurerm_virtual_network.virtual_network.id - "subnetId" : data.azurerm_subnet.subnet.id - } - }) - response_export_values = ["id", "properties.ocid", "properties"] -} - diff --git a/modules/azure-oracle-adbs/output.tf b/modules/azure-oracle-adbs/output.tf index 2a5fa34..004f6b6 100644 --- a/modules/azure-oracle-adbs/output.tf +++ b/modules/azure-oracle-adbs/output.tf @@ -1,11 +1,11 @@ output "autonomous_db_id" { - value = jsondecode(azapi_resource.autonomous_db.output).id + value = azapi_resource.autonomous_db.output.id } output "autonomous_db_ocid" { - value = jsondecode(azapi_resource.autonomous_db.output).properties.ocid + value = azapi_resource.autonomous_db.output.properties.ocid } output "autonomous_db_properties" { - value = jsondecode(azapi_resource.autonomous_db.output).properties + value = azapi_resource.autonomous_db.output.properties } diff --git a/modules/azure-oracle-adbs/terraform.tf b/modules/azure-oracle-adbs/terraform.tf new file mode 100644 index 0000000..0247a23 --- /dev/null +++ b/modules/azure-oracle-adbs/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + azurerm = { + source = "hashicorp/azurerm" + } + } +} \ No newline at end of file diff --git a/modules/azure-oracle-adbs/variables.tf b/modules/azure-oracle-adbs/variables.tf index 1935285..7b20f2c 100644 --- a/modules/azure-oracle-adbs/variables.tf +++ b/modules/azure-oracle-adbs/variables.tf @@ -19,82 +19,170 @@ variable "nw_delegated_subnet_name" { description = "Oracle delegate subnet name" } -## ADBS variables +## ADB-S variables #**NOTE:** Please refer to autonomous database official documentation. variable "db_resource_group" { - type = string - description = "ADBS resource group name" + type = string + description = "Autonomous Database resource group name" } -variable "db_name" { + +variable "name" { + description = "The name which should be used for this Autonomous Database." type = string - description = "Database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted " } -variable "db_admin_password" { + +variable "display_name" { + description = "The user-friendly name for the Autonomous Database. The name does not have to be unique." type = string - sensitive = true - description = "Password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (“) or the username “admin”, regardless of casing." + default = "" } -variable "db_compute_model" { +variable "db_workload" { + description = "The Autonomous Database workload type. The following values are valid: OLTP, DW, AJD, APEX" type = string - default = "ECPU" - description = "Compute model of the Autonomous Database" + default = "DW" } -variable "db_ecpu_count" { - type = number - description = "Number of CPU cores to be made available to the database" - default = 2 + +variable "mtls_connection_required" { + description = "Specifies if the Autonomous Database requires mTLS connections." + type = bool + default = false } -variable "db_storage_in_tbs" { +variable "backup_retention_period_in_days" { + description = "Retention period, in days, for backups." type = number - description = "Size, in terrabyte, of the data volume that will be created and attached to the database" - default = 1 + default = 60 } -variable "db_version" { + +variable "compute_model" { + description = "The compute model of the Autonomous Database. This is required if using the computeCount parameter. If using cpuCoreCount then it is an error to specify computeModel to a non-null value. ECPU compute model is the recommended model and OCPU compute model is legacy." type = string - default = "19c" - description = "Oracle Database version for Autonomous Database" + default = "ECPU" } -variable "db_license_model" { - type = string - default = "LicenseIncluded" - description = "License model either LicenseIncluded or BringYourOwnLicense" +variable "data_storage_size_in_tbs" { + description = "The maximum storage that can be allocated for the database, in terabytes." + type = number + default = 1 +} + +variable "auto_scaling_for_storage_enabled" { + description = "Indicates if auto scaling is enabled for the Autonomous Database storage. The default value is false." + type = bool + default = false } -variable "db_workload" { +variable "admin_password" { + description = "The password must be between 12 and 30characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol or the username 'admin', regardless of casing." type = string - default = "DW" - description = "Autonomous Database workload type" + sensitive = true } -variable "db_auto_scale_enabled" { + +variable "auto_scaling_enabled" { + description = " Indicates if auto scaling is enabled for the Autonomous Database CPU core count. The default value is true." type = bool default = true - description = "Auto scaling is enabled for the Autonomous Database CPU core count" -} -variable "db_storage_auto_scale_enabled" { - type = bool - default = false - description = "Auto scaling is enabled for the Autonomous Database storage." } -variable "db_permission_level" { +variable "character_set" { + description = "The character set for the autonomous database. The default is AL32UTF8" type = string - default = "Restricted" - description = "Autonomous Database permission level. Restricted mode allows access only by admin users" + default = "AL32UTF8" +} + +variable "compute_count" { + description = "The compute amount (CPUs) available to the database. Minimum and maximum values depend on the compute model and whether the database is an Autonomous Database Serverless instance or an Autonomous Database on Dedicated Exadata Infrastructure. For an Autonomous Database Serverless instance, the ECPU compute model requires a minimum value of one, for databases in the elastic resource pool and minimum value of two, otherwise. Required when using the computeModel parameter. When using cpuCoreCount parameter, it is an error to specify computeCount to a non-null value. Providing computeModel and computeCount is the preferred method for both OCPU and ECPU." + type = number + default = 2 } -variable "db_type" { + +variable "national_character_set" { + description = "The national character set for the autonomous database. The default is AL16UTF16. Allowed values are: AL16UTF16 or UTF8." type = string - default = "Regular" - description = "Database type" + default = "AL16UTF16" } -variable "db_character_set" { + +variable "license_model" { + description = "The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Oracle Database service." type = string - default = "AL32UTF8" - description = "Character set for the Autonomous Database" + default = "BringYourOwnLicense" + validation { + condition = contains(["LicenseIncluded", "BringYourOwnLicense"], var.license_model) + error_message = "The value of open_mode must be either BringYourOwnLicense or LicenseIncluded." + } } -variable "db_n_character_set" { + +variable "db_version" { + description = "A valid Oracle Database version for Autonomous Database." type = string - default = "AL16UTF16" - description = "Character set for the Autonomous Database" + default = "23ai" +} + +variable "customer_contacts" { + description = "The email address used by Oracle to send notifications regarding databases and infrastructure. Provide up to 10 unique maintenance contact email addresses." + type = list(object({ + email = string + })) + default = [] +} + +variable open_mode { + description = "Indicates the Autonomous Database mode. The database can be opened in READ_ONLY or READ_WRITE mode." + type = string + default = "ReadWrite" + validation { + condition = contains(["ReadWrite", "ReadOnly"], var.open_mode) + error_message = "The value of open_mode must be either ReadOnly or ReadWrite." + } +} + +variable "permission_level" { + description = "The Autonomous Database permission level. Restricted mode allows access only by admin users." + type = string + default = "Unrestricted" + validation { + condition = contains(["Unrestricted", "Restricted"], var.permission_level) + error_message = "The value of open_mode must be either Unrestricted or Restricted." + } +} + +variable "whitelisted_ips" { + description = "The client IP access control list (ACL). This is an array of CIDR notations and/or IP addresses. Values should be separate strings, separated by commas. Example: ['1.1.1.1','1.1.1.0/24','1.1.2.25']" + type = list(string) + default = [] +} + +variable "tags" { + description = "Tags of the resource." + type = map(string) + default = { + "TF-MOD" = "azure-oracle-adbs" + } +} + +# variable "cpu_core_count" { +# description = "The number of CPU cores to be made available to the database." +# type = number +# default = 2 +# } + +# variable "local_disaster_recovery_type" { +# type = string +# default = "BackupBased" +# validation { +# condition = contains(["BackupBased", "Adg"], var.permission_level) +# error_message = "The value of local_disaster_recovery_type must be either BackupBased or Adg." +# } +# } + +variable "local_dataguard_enabled" { + description = "Indicates whether the Autonomous Database has local or called in-region Data Guard enabled." + type = bool + default = false +} + +variable "local_adg_auto_failover_max_data_loss_limit" { + description = "Parameter that allows users to select an acceptable maximum data loss limit in seconds, up to which Automatic Failover will be triggered when necessary for a Local Autonomous Data Guard" + type = number + default = 0 } diff --git a/templates/az-oci-adbs/README.md b/templates/az-oci-adbs/README.md index b00959d..b6eb8eb 100644 --- a/templates/az-oci-adbs/README.md +++ b/templates/az-oci-adbs/README.md @@ -1,84 +1,79 @@ -# Terraform Template to create Oracle ADBS on Azure +# Quickstart OracleDB@Azure (Autonomous Database) with OCI LZ modules (AzAPI) -Terraform module for **Oracle Autonomous Database Service (ADBS)** , Createss a new Azure virtual network with oracle network attachment subnet and link it to new Autonomous Database resource in Oracle Database @ Azure . +## Summary +This is a Terraform Template for provisioning Oracle Database@Azure with the following resources using AzAPI Terraform provider -## Providers - -| Name | Version | -| -------------------------- | ------------------------------------------------------------------------------------------------------------- | -| [azapi](#provider_azapi) | n/a | -| [azurerm](#provider_azapi) | [>=3.99.0](https://github.com/hashicorp/terraform-provider-azurerm/blob/main/CHANGELOG.md#3990-april-11-2024) | - -## Modules - -| Name | -| --------------------------------------------------------------------------------------------------------------------------- | -| [avm-res-network-virtualnetwork](https://registry.terraform.io/modules/Azure/avm-res-network-virtualnetwork/azurerm/latest) | -| [azure-oracle-adbs](../../modules/azure-oracle-adbs) | - -## Inputs Variables - -| Name | Description | Type | Default | Required | -| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----------------- | :------: | -| `location` | Resource region | string | n/a | yes | -| `resource_group_name` | Resource group name | string | n/a | yes | -| `virtual_network_name` | The name of the virtual network | string | n/a | yes | -| `virtual_network_address_space` | The address space of the virtual network. e.g. 10.2.0.0/16 | string | n/a | yes | -| `delegated_subnet_name` | The name of the delegated subnet. | string | n/a | yes | -| `delegated_subnet_address_prefix` | The address prefix of the delegated subnet for Oracle Database @ Azure within the virtual network. e.g. 10.2.1.0/24 | string | n/a | yes | -| `db_name` | Database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted | string | n/a | yes | -| `db_admin_password` | Password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (“) or the username “admin”, regardless of casing. | string | n/a | yes | -| `db_ecpu_count` | Number of CPU cores to be made available to the database | number | 2 | no | -| `db_storage_in_gb` | Size, in gigabytes, of the data volume that will be created and attached to the database | number | 20 | no | -| `db_version` | Oracle Database version for Autonomous Database | string | "19c" | | -| `db_license_model` | License model either LicenseIncluded or BringYourOwnLicense " | string | "LicenseIncluded" | | -| `db_workload` | Autonomous Database workload type | string | "DW" | | -| `db_auto_scale_enabled` | Auto scaling is enabled for the Autonomous Database CPU core count | bool | true | | -| `db_storage_auto_scale_enabled` | Auto scaling is enabled for the Autonomous Database storage. | bool | false | | -| `db_compute_model` | Compute model of the Autonomous Database | string | "ECPU" | | -| `db_permission_level` | Autonomous Database permission level. Restricted mode allows access only by admin users | string | "Restricted" | | -| `db_type` | Database type | string | "Regular" | | -| `db_character_set` | Character set for the Autonomous Database | string | "AL32UTF8" | | -| `db_n_character_set` | Character set for the Autonomous Database | string | "AL16UTF16" | | - -**NOTE:** Autonomous Database resource has lot of parameter combinations and input constraints , please refer to official Oracle docs +- Azure Resource Group (AzureRM) - Optional +- Azure VNet with a delegated subnet for OracleDB@Azure (AzureRM/AVM) +- Oracle Autonomous Database (AzAPI) -- [CreateAutonomousDatabaseBase](https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/CreateAutonomousDatabaseBase) -- [database_autonomous_database](https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/6.2.0/docs/r/database_autonomous_database.html) +> [!NOTE] +> Since there are limited properties updatable from Azure at the moment (either Azure Portal or using AzAPI/AzureRM Terraform Provider), the reference implementation is making use of [ignore_changes in lifecycle block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes) to avoid having a force replacement plan when changes are made via other means (e.g. OCI Console) -## Execution + +## Requirements -### Authentication +| Name | Version | +|------|---------| +| [azurerm](#requirement\_azurerm) | >=3.99.0 | -``` -az login --tenant -``` - -### Application - -Run - -``` -terraform apply -``` - -while setting input values either in `terraform.tfvars` file in main.tf directory as - -``` -location = "germanywestcentral" -resource_group = "tfmrg" -virtual_network_name = "vnet" -... -``` - -Or passed as command line parameter +## Providers -``` -terraform apply -var="location=germanywestcentral" ... -``` +| Name | Version | +|------|---------| +| [random](#provider\_random) | 3.6.3 | -### Destruction +## Modules -``` -terraform destroy -``` +| Name | Source | Version | +|------|--------|---------| +| [avm\_network](#module\_avm\_network) | Azure/avm-res-network-virtualnetwork/azurerm | 0.2.4 | +| [azure-oracle-adbs](#module\_azure-oracle-adbs) | ../../modules/azure-oracle-adbs | n/a | +| [azure-resource-grp](#module\_azure-resource-grp) | ../../modules/azure-resource-grp | n/a | + +## Resources + +| Name | Type | +|------|------| +| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [admin\_password](#input\_admin\_password) | The password must be between 12 and 30characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol or the username 'admin', regardless of casing. | `string` | n/a | yes | +| [auto\_scaling\_enabled](#input\_auto\_scaling\_enabled) | Indicates if auto scaling is enabled for the Autonomous Database CPU core count. The default value is true. | `bool` | `true` | no | +| [auto\_scaling\_for\_storage\_enabled](#input\_auto\_scaling\_for\_storage\_enabled) | Indicates if auto scaling is enabled for the Autonomous Database storage. The default value is false. | `bool` | `false` | no | +| [avm\_enable\_telemetry](#input\_avm\_enable\_telemetry) | This variable controls whether or not telemetry is enabled for the Azure Verified Modules | `bool` | `true` | no | +| [az\_region](#input\_az\_region) | The location of the resources on Azure. e.g. useast | `string` | n/a | yes | +| [backup\_retention\_period\_in\_days](#input\_backup\_retention\_period\_in\_days) | Retention period, in days, for backups. | `number` | `60` | no | +| [character\_set](#input\_character\_set) | The character set for the autonomous database. The default is AL32UTF8 | `string` | `"AL32UTF8"` | no | +| [compute\_count](#input\_compute\_count) | The compute amount (CPUs) available to the database. Minimum and maximum values depend on the compute model and whether the database is an Autonomous Database Serverless instance or an Autonomous Database on Dedicated Exadata Infrastructure. For an Autonomous Database Serverless instance, the ECPU compute model requires a minimum value of one, for databases in the elastic resource pool and minimum value of two, otherwise. Required when using the computeModel parameter. When using cpuCoreCount parameter, it is an error to specify computeCount to a non-null value. Providing computeModel and computeCount is the preferred method for both OCPU and ECPU. | `number` | `2` | no | +| [compute\_model](#input\_compute\_model) | The compute model of the Autonomous Database. This is required if using the computeCount parameter. If using cpuCoreCount then it is an error to specify computeModel to a non-null value. ECPU compute model is the recommended model and OCPU compute model is legacy. | `string` | `"ECPU"` | no | +| [customer\_contacts](#input\_customer\_contacts) | The email address used by Oracle to send notifications regarding databases and infrastructure. Provide up to 10 unique maintenance contact email addresses. | 
list(object({
    email = string
  }))
| `[]` | no | +| [data\_storage\_size\_in\_tbs](#input\_data\_storage\_size\_in\_tbs) | The maximum storage that can be allocated for the database, in terabytes. | `number` | `1` | no | +| [db\_version](#input\_db\_version) | A valid Oracle Database version for Autonomous Database. | `string` | `"23ai"` | no | +| [db\_workload](#input\_db\_workload) | The Autonomous Database workload type. The following values are valid: OLTP, DW, AJD, APEX | `string` | `"DW"` | no | +| [delegated\_subnet\_address\_prefix](#input\_delegated\_subnet\_address\_prefix) | The address prefix of the delegated subnet for Oracle Database @ Azure within the virtual network. e.g. 10.2.1.0/24 | `string` | n/a | yes | +| [delegated\_subnet\_name](#input\_delegated\_subnet\_name) | The name of the delegated subnet. | `string` | n/a | yes | +| [display\_name](#input\_display\_name) | The user-friendly name for the Autonomous Database. The name does not have to be unique. | `string` | `null` | no | +| [license\_model](#input\_license\_model) | The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Oracle Database service. | `string` | `"BringYourOwnLicense"` | no | +| [local\_adg\_auto\_failover\_max\_data\_loss\_limit](#input\_local\_adg\_auto\_failover\_max\_data\_loss\_limit) | Parameter that allows users to select an acceptable maximum data loss limit in seconds, up to which Automatic Failover will be triggered when necessary for a Local Autonomous Data Guard | `number` | `0` | no | +| [local\_dataguard\_enabled](#input\_local\_dataguard\_enabled) | Indicates whether the Autonomous Database has local or called in-region Data Guard enabled. | `bool` | `false` | no | +| [mtls\_connection\_required](#input\_mtls\_connection\_required) | Specifies if the Autonomous Database requires mTLS connections. | `bool` | `false` | no | +| [name](#input\_name) | The name which should be used for this Autonomous Database. | `string` | n/a | yes | +| [national\_character\_set](#input\_national\_character\_set) | The national character set for the autonomous database. The default is AL16UTF16. Allowed values are: AL16UTF16 or UTF8. | `string` | `"AL16UTF16"` | no | +| [new\_rg](#input\_new\_rg) | Create new resource group or not | `bool` | `true` | no | +| [open\_mode](#input\_open\_mode) | Indicates the Autonomous Database mode. The database can be opened in READ\_ONLY or READ\_WRITE mode. | `string` | `"ReadWrite"` | no | +| [permission\_level](#input\_permission\_level) | The Autonomous Database permission level. Restricted mode allows access only by admin users. | `string` | `"Unrestricted"` | no | +| [random\_suffix\_length](#input\_random\_suffix\_length) | # Mandatory to randomise namaing for resource group, exadata infra and vmcluster | `number` | `3` | no | +| [resource\_group](#input\_resource\_group) | Resource Group Name | `string` | `"rg-oradb"` | no | +| [tags](#input\_tags) | resource tags | `map(string)` | 
{
  "createdby": "az-oci-adbs"
}
| no | +| [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | The address space of the virtual network. e.g. 10.2.0.0/16 | `string` | n/a | yes | +| [virtual\_network\_name](#input\_virtual\_network\_name) | The name of the virtual network | `string` | n/a | yes | +| [whitelisted\_ips](#input\_whitelisted\_ips) | The client IP access control list (ACL). This is an array of CIDR notations and/or IP addresses. Values should be separate strings, separated by commas. Example: ['1.1.1.1','1.1.1.0/24','1.1.2.25'] | `list(string)` | `[]` | no | + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/templates/az-oci-adbs/main.tf b/templates/az-oci-adbs/main.tf index 3e92a7c..39f6ac2 100644 --- a/templates/az-oci-adbs/main.tf +++ b/templates/az-oci-adbs/main.tf @@ -1,18 +1,36 @@ +locals { + az_region = var.az_region + adbs_name = "${var.name}${random_string.suffix.result}" + resource_group_name = module.azure-resource-grp.resource_group_name +} -resource "azurerm_resource_group" "resource_group" { - location = var.location - name = var.resource_group +resource "random_string" "suffix" { + length = var.random_suffix_length + special = false + upper = false + numeric = true } +# Azure Resource Group +module "azure-resource-grp" { + source = "../../modules/azure-resource-grp" + az_region = local.az_region + resource_group_name = var.resource_group + az_tags = var.tags + new_rg = var.new_rg +} -module "avm_odbas_network" { +# Azure VNet +module "avm_network" { source = "Azure/avm-res-network-virtualnetwork/azurerm" version = "0.2.4" - address_space = [var.virtual_network_address_space] - location = var.location - name = var.virtual_network_name - resource_group_name = azurerm_resource_group.resource_group.name + tags = var.tags + resource_group_name = local.resource_group_name + location = local.az_region + + name = var.virtual_network_name + address_space = [var.virtual_network_address_space] subnets = { delegated = { @@ -31,32 +49,39 @@ module "avm_odbas_network" { } } - -module "odbas_database" { +module "azure-oracle-adbs" { source = "../../modules/azure-oracle-adbs" providers = { azapi = azapi azurerm = azurerm } - depends_on = [module.avm_odbas_network] - - location = var.location - nw_resource_group = var.resource_group - nw_vnet_name = var.virtual_network_name - nw_delegated_subnet_name = var.delegated_subnet_name - db_resource_group = var.resource_group - db_name = var.db_name - db_admin_password = var.db_admin_password - db_compute_model = var.db_compute_model - db_ecpu_count = var.db_ecpu_count - db_storage_in_tbs = var.db_storage_in_tbs - db_version = var.db_version - db_license_model = var.db_license_model - db_workload = var.db_workload - db_auto_scale_enabled = var.db_auto_scale_enabled - db_storage_auto_scale_enabled = var.db_storage_auto_scale_enabled - db_permission_level = var.db_permission_level - db_type = var.db_type - db_character_set = var.db_character_set - db_n_character_set = var.db_n_character_set + depends_on = [module.avm_network] + + tags = var.tags + location = local.az_region + + nw_resource_group = local.resource_group_name + nw_vnet_name = var.virtual_network_name + nw_delegated_subnet_name = var.delegated_subnet_name + + db_resource_group = local.resource_group_name + name = local.adbs_name + display_name = var.display_name == null ? local.adbs_name : var.display_name + compute_count = var.compute_count + data_storage_size_in_tbs = var.data_storage_size_in_tbs + admin_password = var.admin_password + db_version = var.db_version + license_model = var.license_model + compute_model = var.compute_model + db_workload = var.db_workload + permission_level = var.permission_level + character_set = var.character_set + national_character_set = var.national_character_set + auto_scaling_enabled = var.auto_scaling_enabled + auto_scaling_for_storage_enabled = var.auto_scaling_for_storage_enabled + backup_retention_period_in_days = var.backup_retention_period_in_days + open_mode = var.open_mode + # cpu_core_count = var.cpu_core_count + local_dataguard_enabled = var.local_dataguard_enabled + local_adg_auto_failover_max_data_loss_limit = var.local_adg_auto_failover_max_data_loss_limit } \ No newline at end of file diff --git a/templates/az-oci-adbs/variables.tf b/templates/az-oci-adbs/variables.tf index cf4e7e3..3ff7835 100644 --- a/templates/az-oci-adbs/variables.tf +++ b/templates/az-oci-adbs/variables.tf @@ -1,12 +1,44 @@ -variable "location" { +# Common + +## Resource Tags +variable "tags" { + description = "resource tags" + type = map(string) + default = { + createdby = "az-oci-adbs" + } +} + +## Mandatory to randomise namaing for resource group, exadata infra and vmcluster +variable "random_suffix_length" { + type = number + default = 3 +} + +# Azure Verified Module (AVM) +variable "avm_enable_telemetry" { + description = "This variable controls whether or not telemetry is enabled for the Azure Verified Modules" + type = bool + default = true +} + +# Azure Resource Group (azure-resource-grp) +variable "az_region" { + description = "The location of the resources on Azure. e.g. useast" type = string - description = "Resource region" } + variable "resource_group" { type = string - description = "Resource group name" + description = "Resource Group Name" + default = "rg-oradb" } +variable "new_rg" { + type = bool + description = "Create new resource group or not" + default = true +} variable "virtual_network_name" { description = "The name of the virtual network" @@ -35,79 +67,157 @@ variable "delegated_subnet_address_prefix" { } } - -## ADBS variables -#**NOTE:** Please refer to autonomous database official documentation. -variable "db_name" { +## ADB-S variables +#**NOTE:** Please refer to autonomous database official documentation. +variable "name" { + description = "The name which should be used for this Autonomous Database." type = string - description = "Database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted " } -variable "db_admin_password" { + +variable "display_name" { + description = "The user-friendly name for the Autonomous Database. The name does not have to be unique." type = string - sensitive = true - description = "Password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (“) or the username “admin”, regardless of casing." + default = null } -variable "db_compute_model" { +variable "db_workload" { + description = "The Autonomous Database workload type. The following values are valid: OLTP, DW, AJD, APEX" type = string - default = "ECPU" - description = "Compute model of the Autonomous Database" + default = "DW" } -variable "db_ecpu_count" { - type = number - description = "Number of CPU cores to be made available to the database" - default = 2 + +variable "mtls_connection_required" { + description = "Specifies if the Autonomous Database requires mTLS connections." + type = bool + default = false } -variable "db_storage_in_tbs" { +variable "backup_retention_period_in_days" { + description = "Retention period, in days, for backups." type = number - description = "Size, in terrabytes, of the data volume that will be created and attached to the database" - default = 20 + default = 60 } -variable "db_version" { + +variable "compute_model" { + description = "The compute model of the Autonomous Database. This is required if using the computeCount parameter. If using cpuCoreCount then it is an error to specify computeModel to a non-null value. ECPU compute model is the recommended model and OCPU compute model is legacy." type = string - default = "19c" - description = "Oracle Database version for Autonomous Database" + default = "ECPU" } -variable "db_license_model" { - type = string - default = "LicenseIncluded" - description = "License model either LicenseIncluded or BringYourOwnLicense" +variable "data_storage_size_in_tbs" { + description = "The maximum storage that can be allocated for the database, in terabytes." + type = number + default = 1 } -variable "db_workload" { +variable "auto_scaling_for_storage_enabled" { + description = "Indicates if auto scaling is enabled for the Autonomous Database storage. The default value is false." + type = bool + default = false +} + +variable "admin_password" { + description = "The password must be between 12 and 30characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol or the username 'admin', regardless of casing." type = string - default = "DW" - description = "Autonomous Database workload type" + sensitive = true } -variable "db_auto_scale_enabled" { + +variable "auto_scaling_enabled" { + description = " Indicates if auto scaling is enabled for the Autonomous Database CPU core count. The default value is true." type = bool default = true - description = "Auto scaling is enabled for the Autonomous Database CPU core count" } -variable "db_storage_auto_scale_enabled" { - type = bool - default = false - description = "Auto scaling is enabled for the Autonomous Database storage." + +variable "character_set" { + description = "The character set for the autonomous database. The default is AL32UTF8" + type = string + default = "AL32UTF8" } -variable "db_permission_level" { +variable "compute_count" { + description = "The compute amount (CPUs) available to the database. Minimum and maximum values depend on the compute model and whether the database is an Autonomous Database Serverless instance or an Autonomous Database on Dedicated Exadata Infrastructure. For an Autonomous Database Serverless instance, the ECPU compute model requires a minimum value of one, for databases in the elastic resource pool and minimum value of two, otherwise. Required when using the computeModel parameter. When using cpuCoreCount parameter, it is an error to specify computeCount to a non-null value. Providing computeModel and computeCount is the preferred method for both OCPU and ECPU." + type = number + default = 2 +} + +variable "national_character_set" { + description = "The national character set for the autonomous database. The default is AL16UTF16. Allowed values are: AL16UTF16 or UTF8." type = string - default = "Restricted" - description = "Autonomous Database permission level. Restricted mode allows access only by admin users" + default = "AL16UTF16" } -variable "db_type" { + +variable "license_model" { + description = "The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Oracle Database service." type = string - default = "Regular" - description = "Database type" + default = "BringYourOwnLicense" + validation { + condition = contains(["LicenseIncluded", "BringYourOwnLicense"], var.license_model) + error_message = "The value of open_mode must be either BringYourOwnLicense or LicenseIncluded." + } } -variable "db_character_set" { + +variable "db_version" { + description = "A valid Oracle Database version for Autonomous Database." type = string - default = "AL32UTF8" - description = "Character set for the Autonomous Database" + default = "23ai" +} + +variable "customer_contacts" { + description = "The email address used by Oracle to send notifications regarding databases and infrastructure. Provide up to 10 unique maintenance contact email addresses." + type = list(object({ + email = string + })) + default = [] +} + +variable "open_mode" { + description = "Indicates the Autonomous Database mode. The database can be opened in READ_ONLY or READ_WRITE mode." + type = string + default = "ReadWrite" + validation { + condition = contains(["ReadWrite", "ReadOnly"], var.open_mode) + error_message = "The value of open_mode must be either ReadOnly or ReadWrite." + } } -variable "db_n_character_set" { + +variable "permission_level" { + description = "The Autonomous Database permission level. Restricted mode allows access only by admin users." type = string - default = "AL16UTF16" - description = "Character set for the Autonomous Database" + default = "Unrestricted" + validation { + condition = contains(["Unrestricted", "Restricted"], var.permission_level) + error_message = "The value of open_mode must be either Unrestricted or Restricted." + } +} + +variable "whitelisted_ips" { + description = "The client IP access control list (ACL). This is an array of CIDR notations and/or IP addresses. Values should be separate strings, separated by commas. Example: ['1.1.1.1','1.1.1.0/24','1.1.2.25']" + type = list(string) + default = [] +} + +# variable "cpu_core_count" { +# description = "The number of CPU cores to be made available to the database." +# type = number +# default = 2 +# } + +# variable "local_disaster_recovery_type" { +# type = string +# default = "BackupBased" +# validation { +# condition = contains(["BackupBased", "Adg"], var.permission_level) +# error_message = "The value of local_disaster_recovery_type must be either BackupBased or Adg." +# } +# } + +variable "local_dataguard_enabled" { + description = "Indicates whether the Autonomous Database has local or called in-region Data Guard enabled." + type = bool + default = false +} + +variable "local_adg_auto_failover_max_data_loss_limit" { + description = "Parameter that allows users to select an acceptable maximum data loss limit in seconds, up to which Automatic Failover will be triggered when necessary for a Local Autonomous Data Guard" + type = number + default = 0 } diff --git a/templates/azurerm-oci-adbs-quickstart/README.md b/templates/azurerm-oci-adbs-quickstart/README.md index 3cf1d8b..2919952 100644 --- a/templates/azurerm-oci-adbs-quickstart/README.md +++ b/templates/azurerm-oci-adbs-quickstart/README.md @@ -1,4 +1,4 @@ -# azurerm-oci-adbs-quickstart +# Quickstart OracleDB@Azure (Autonomous Database) with OCI LZ modules (AzureRM) ## Summary This is a Terraform Template for provisioning Oracle Database@Azure with the following resources using AzureRM and OCI Terraform provider