diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc new file mode 100644 index 0000000..7db835d --- /dev/null +++ b/CHANGELOG.adoc @@ -0,0 +1,16 @@ += CHANGELOG +:idprefix: +:idseparator: * + +:uri-changelog: http://keepachangelog.com/ +All notable changes to this project are documented in this file. + +The format is based on {uri-changelog}[Keep a Changelog]. + +== v1.0.0 (May 21,2020) + +=== Changes +* First release after split from terraform-oci-base +* changed most variables to simple types +* internet gateway now optional +* updated docs diff --git a/CONTRIBUTING.adoc b/CONTRIBUTING.adoc new file mode 100644 index 0000000..fb6a92e --- /dev/null +++ b/CONTRIBUTING.adoc @@ -0,0 +1,47 @@ += CONTRIBUTING + +:uri-oracle-oca: https://www.oracle.com/technetwork/community/oca-486395.html + +Oracle welcomes contributions to this repository from anyone. + +If you want to submit a pull request to fix a bug or enhance an existing +feature, please first open an issue and link to that issue when you +submit your pull request. + +If you have any questions about a possible submission, feel free to open +an issue too. + +== Contributing to the terraform-oci-oke repository + +Pull requests can be made under +{uri-oracle-oca}[The Oracle Contributor Agreement](OCA). + +For pull requests to be accepted, the bottom of your commit message must have +the following line using your name and e-mail address as it appears in the +OCA Signatories list. + +---- +Signed-off-by: Your Name +---- + +This can be automatically added to pull requests by committing with: + +---- + git commit --signoff +---- + +Only pull requests from committers that can be verified as having +signed the OCA can be accepted. + +=== Pull request process + +. Fork this repository +. Create a branch in your fork to implement the changes. We recommend using +the issue number as part of your branch name, e.g. `1234-fixes` +. Ensure that any documentation is updated with the changes that are required +by your fix. +. Ensure that any samples are updated if the base image has been changed. +. Submit the pull request. *Do not leave the pull request blank*. Explain exactly +what your changes are meant to do and provide simple steps on how to validate +your changes. Ensure that you reference the issue you created as well. +We will assign the pull request to 2-3 people for review before it is merged. \ No newline at end of file diff --git a/CONTRIBUTORS.adoc b/CONTRIBUTORS.adoc new file mode 100644 index 0000000..da33c1b --- /dev/null +++ b/CONTRIBUTORS.adoc @@ -0,0 +1,10 @@ +== GitHub userids of contributors + +OWNERS # have admin access and can merge code to master: + +- @hyder +- @markxnelson + +CONTRIBUTORS + +- @karthicgit \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b629082 --- /dev/null +++ b/LICENSE @@ -0,0 +1,35 @@ +Copyright (c) 2019, 2020 Oracle and/or its affiliates. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any +person obtaining a copy of this software, associated documentation and/or data +(collectively the "Software"), free of charge and under any and all copyright +rights in the Software, and any and all patent rights owned or freely +licensable by each licensor hereunder covering either (i) the unmodified +Software as contributed to or provided by such licensor, or (ii) the Larger +Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if +one is included with the Software (each a "Larger Work" to which the Software +is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create +derivative works of, display, perform, and distribute the Software and make, +use, sell, offer for sale, import, export, have made, and have sold the +Software and the Larger Work(s), and to sublicense the foregoing rights on +either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at +a minimum a reference to the UPL must be included in all copies or +substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..62d6b68 --- /dev/null +++ b/README.adoc @@ -0,0 +1,81 @@ += Terraform VCN for Oracle Cloud Infrastructure + +:idprefix: +:idseparator: - + +:uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-vcn + +:uri-rel-file-base: link:{uri-repo}/blob/master +:uri-rel-tree-base: link:{uri-repo}/tree/master + +:uri-docs: {uri-rel-file-base}/docs + +:uri-changelog: {uri-rel-file-base}/CHANGELOG.adoc + +:uri-contribute: {uri-rel-file-base}/CONTRIBUTING.adoc +:uri-contributors: {uri-rel-file-base}/CONTRIBUTORS.adoc + +:uri-license: {uri-rel-file-base}/LICENSE +:uri-canonical-license: https://oss.oracle.com/licenses/upl/ +:uri-networks-subnets-cidr: https://erikberg.com/notes/networks.html +:uri-oci: https://cloud.oracle.com/cloud-infrastructure +:uri-oci-documentation: https://docs.cloud.oracle.com/iaas/Content/home.htm +:uri-oracle: https://www.oracle.com +:uri-prereqs: {uri-docs}/prerequisites.adoc +:uri-quickstart: {uri-docs}/quickstart.adoc +:uri-reuse-module: {uri-rel-tree-base}/examples/ +:uri-terraform: https://www.terraform.io +:uri-terraform-cidrsubnet-deconstructed: http://blog.itsjustcode.net/blog/2017/11/18/terraform-cidrsubnet-deconstructed/ +:uri-terraform-hashicorp-examples: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples +:uri-terraform-oci: https://www.terraform.io/docs/providers/oci/index.html +:uri-terraform-options: {uri-docs}/terraformoptions.adoc +:uri-terraform-oci-examples: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples + +The {uri-repo}[Terraform VCN] for {uri-oci}[Oracle Cloud Infrastructure] (OCI) provides a reusable Terraform module that provisions a minimal VCN on OCI. + +It creates the following resources: + +* A VCN with customizable CIDR block +* An optional internet gateway +* An optional NAT gateway +* An optional service gateway + +This module is primarily meant to be reusable to create more advanced infrastructure on {uri-oci}[OCI] either manually in the OCI Console or by extending the Terraform code. + +== {uri-docs}[Documentation] + +* {uri-prereqs}[Pre-requisites] + +* Instructions +** {uri-quickstart}[Quickstart] +** {uri-reuse-module}[Reusing as a Terraform module] +* {uri-terraform-options}[Terraform Options] + +== Related Documentation, Blog +* {uri-oci-documentation}[Oracle Cloud Infrastructure Documentation] +* {uri-terraform-oci}[Terraform OCI Provider Documentation] +* {uri-networks-subnets-cidr}[Erik Berg on Networks, Subnets and CIDR] +* {uri-terraform-cidrsubnet-deconstructed}[Lisa Hagemann on Terraform cidrsubnet Deconstructed] + +== Projects using this module + +== Changelog + +View the {uri-changelog}[CHANGELOG]. + +== Acknowledgement + +Code derived and adapted from {uri-terraform-oci-examples}[Terraform OCI Examples] and Hashicorp's {uri-terraform-hashicorp-examples}[Terraform 0.12 examples] + +== Contributors + +{uri-contributors}[Folks who contributed with explanations, code, feedback, ideas, testing etc.] + +Learn how to {uri-contribute}[contribute]. + +== License + +Copyright © 2019 Oracle and/or its associates. All rights reserved. + +Licensed under the {uri-license}[Universal Permissive License 1.0] as shown at +{uri-canonical-license}[https://oss.oracle.com/licenses/upl]. diff --git a/README.md b/README.md index cfd109f..c2344c4 100644 --- a/README.md +++ b/README.md @@ -1 +1,76 @@ -# terraform-oci-vcn +# Terraform VCN for Oracle Cloud Infrastructure + +[changelog]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/CHANGELOG.adoc +[contributing]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/CONTRIBUTING.adoc +[contributors]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/CONTRIBUTORS.adoc +[docs]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/tree/master/docs + +[license]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/LICENSE +[canonical_license]: https://oss.oracle.com/licenses/upl/ + +[oci]: https://cloud.oracle.com/cloud-infrastructure +[oci_documentation]: https://docs.cloud.oracle.com/iaas/Content/home.htm + +[oracle]: https://www.oracle.com +[prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/docs/prerequisites.adoc + +[quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/docs/quickstart.adoc +[repo]: https://github.com/oracle/terraform-oci-vcn +[reuse]: https://github.com/oracle/terraform-oci-vcn/examples/db +[subnets]: https://erikberg.com/notes/networks.html +[terraform]: https://www.terraform.io +[terraform_cidr_subnet]: http://blog.itsjustcode.net/blog/2017/11/18/terraform-cidrsubnet-deconstructed/ +[terraform_hashircorp_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples +[terraform_oci]: https://www.terraform.io/docs/providers/oci/index.html +[terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/master/docs/terraformoptions.adoc +[terraform_oci_examples]: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples +[terraform_oci_oke]: https://github.com/oracle-terraform-modules/terraform-oci-oke + +The [Terraform VCN][repo] for [Oracle Cloud Infrastructure][OCI] provides a reusable [Terraform][terraform] module that provisions a minimal VCN on OCI. + +It creates the following resources: + +* A VCN with customizable CIDR block +* An optional internet gateway +* An optional NAT gateway +* An optional service gateway + +This module is primarily meant to be reusable to create more advanced infrastructure on {uri-oci}[OCI] either manually in the OCI Console or by extending the Terraform code. + +## [Documentation][docs] + +### [Pre-requisites][prerequisites] + +#### Instructions +- [Quickstart][quickstart] +- [Reusing as a Terraform module][reuse] +- [Terraform Options][terraform_options] + +## Related Documentation, Blog +- [Oracle Cloud Infrastructure Documentation][oci_documentation] +- [Terraform OCI Provider Documentation][terraform_oci] +- [Erik Berg on Networks, Subnets and CIDR][subnets] +- [Lisa Hagemann on Terraform cidrsubnet Deconstructed][terraform_cidr_subnet] + +## Projects using this module + +## Changelog + +View the [CHANGELOG][changelog]. + +## Acknowledgement + +Code derived and adapted from [Terraform OCI Examples][terraform_oci_examples] and Hashicorp's [Terraform 0.12 examples][terraform_oci_examples] + +## Contributors + +[Folks who contributed with explanations, code, feedback, ideas, testing etc.][contributors] + +Learn how to [contribute][contributing]. + +## License + +Copyright (c) 2019, 2020 Oracle and/or its associates. All rights reserved. + +Licensed under the [Universal Permissive License 1.0][license] as shown at +[https://oss.oracle.com/licenses/upl][canonical_license]. \ No newline at end of file diff --git a/docs/prerequisites.adoc b/docs/prerequisites.adoc new file mode 100644 index 0000000..83c020e --- /dev/null +++ b/docs/prerequisites.adoc @@ -0,0 +1,127 @@ += Pre-requisites + +:idprefix: +:idseparator: - +:sectlinks: + +:uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-vcn + +:uri-rel-file-base: link:{uri-repo}/blob/master +:uri-rel-tree-base: link:{uri-repo}/tree/master + +:uri-docs: {uri-rel-file-base}/docs + +:uri-oci: https://cloud.oracle.com/cloud-infrastructure +:uri-oci-compartment: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#two +:uri-oci-ocids: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five +:uri-oci-documentation: https://docs.cloud.oracle.com/iaas/Content/home.htm +:uri-oci-keys: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two +:uri-quickstart: {uri-docs}/quickstart.adoc +:uri-terraform: https://www.terraform.io +:uri-terraform-download: https://www.terraform.io/downloads.html + +This section will guide you through the pre-requisites before you can use this project. + +You can proceed to the {uri-quickstart}[Quick Start guide] if you have already done these. + +. link:#install-terraform[Install Terraform] +.. link:#install-terraform-on-oracle-linux[Install Terraform on Oracle Linux] +.. link:#install-terraform-on-macos[Install Terraform on macOS] +.. link:#manual-installation[Manual Installation] +... link:#configure-path-on-linuxmacos[Configure path on Linux/macOS] +... link:#configure-path-on-windows[Configure path on Windows] +.. link:#testing-terraform-installation[Testing Terraform installation] +. link:#generate-and-upload-your-oci-api-keys[Generate and upload your OCI API keys] +. link:#create-an-oci-compartment[Create an OCI Compartment] +. link:#obtain-the-necessary-ocids[Obtain the necessary OCIDs] +. link:#identity-and-access-management-rights[Identity and Access Management Rights] +. link:#using-autonomous-linux[Using Autonomous Linux] + +=== Install Terraform + +Start by installing Terraform and configuring your path. + +==== Installing Terraform on Oracle Linux + +If you are using Oracle Linux, you can install Terraform as follows: + +[source,bash] +---- +yum -y install oraclelinux-developer-release-el7 && yum -y install terraform +---- + +==== Installing Terraform on macOS + +If you are using a Mac, you can install Terraform as follows: + +[source,bash] +---- +brew install terraform +---- + +==== Manual Installation + +If you prefer to install Terraform manually, you can follow these instructions: + +. Open your browser and navigate to the {uri-terraform-download}[Terraform download page]. You need version 0.12.24+. + +. Download the appropriate version for your operating system. + +. Extract the the contents of compressed file and copy the terraform binary to a location that is in your path (see next section below). + +. You will also need to configure your path. + +===== Configure path on Linux/macOS + +Open a terminal and type the following: + +[source,bash] +---- +sudo mv /path/to/terraform /usr/local/bin +---- + +===== Configure path on Windows +Follow the steps below to configure your path on Windows: + +. Click on 'Start', type 'Control Panel' and open it +. Select System > Advanced System Settings > Environment Variables +. Select System variables > PATH and click 'Edit' +. Click New and paste the location of the directory where you have extracted the terraform.exe +. Close all open windows by clicking 'OK' +. Open a new terminal and verify terraform has been properly installed + +==== Testing Terraform installation + +Open a terminal and test: + +[source,bash] +---- +terraform -v +Terraform v0.12.24 +---- + +=== Generate and upload your OCI API keys + +Follow the documentation for {uri-oci-keys}[generating and uploading your api keys]. + +Note the key fingerprint. + +=== Create an OCI compartment + +Follow the documentation for {uri-oci-compartment}[creating a compartment]. + +=== Obtain the necessary OCIDs + +The following OCIDs are required: + +. Compartment OCID +. Tenancy OCID +. User OCID + +Follow the documentation for {uri-oci-ocids}[obtaining the tenancy and user ocids]. + +To obtain the compartment OCID: + +1. Navigate to Identity > Compartments +2. Click on your Compartment +3. Locate OCID on the page and click on 'Copy' \ No newline at end of file diff --git a/docs/quickstart.adoc b/docs/quickstart.adoc new file mode 100644 index 0000000..ccfc582 --- /dev/null +++ b/docs/quickstart.adoc @@ -0,0 +1,100 @@ += Quickstart + +:idprefix: +:idseparator: - +:sectlinks: + + +:uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-vcn +:uri-rel-file-base: link:{uri-repo}/blob/master +:uri-rel-tree-base: link:{uri-repo}/tree/master +:uri-docs: {uri-rel-file-base}/docs +:uri-oci-keys: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm +:uri-oci-ocids: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five +:uri-terraform: https://www.terraform.io +:uri-terraform-oci: https://www.terraform.io/docs/providers/oci/index.html +:uri-terraform-options: {uri-docs}/terraformoptions.adoc +:uri-variables: {uri-rel-file-base}/variables.tf + +. link:#assumptions[Assumptions] +. link:#pre-requisites[Pre-requisites] +. link:#instructions[Instructions] +. link:#related-documentation[Related documentation] + +=== Assumptions + +1. You have setup the {uri-oci-keys}[required keys] +2. You know the {uri-oci-ocids}[required OCIDs] +3. You have the necessary permissions + +=== Pre-requisites + +1. git is installed +2. ssh client is installed +3. Terraform 0.12.24+ is installed + +=== Provisioning using this git repo + +. Clone the repo: + ++ +[source,bash] +---- +git clone https://github.com/oracle-terraform-modules/terraform-oci-vcn.git tfvcn + +cd tfvcn + +cp terraform.tfvars.example terraform.tfvars +---- + +. Create a provider.tf file and add the following: + ++ +[source,hcl] +---- +provider "oci" { + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region +} +---- + +. Set mandatory provider parameters: + +* `api_fingerprint` +* `api_private_key_path` +* `region` +* `tenancy_id` +* `user_id` + + + +. Override other parameters: + +* `compartment_id` +* `label_prefix` +* `vcn_dns_label` +* `vcn_name` + +. Optional parameters to override: + +* `internet_gateway_enabled` +* `nat_gateway_enabled` +* `service_gateway_enabled` +* `tags` + +. Run Terraform: + ++ +[source,bash] +---- +terraform init +terraform plan +terraform apply +---- + +=== Related documentation: + +* {uri-terraform-options}[All Terraform configuration options] for {uri-repo}[this project] diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc new file mode 100644 index 0000000..b515f45 --- /dev/null +++ b/docs/terraformoptions.adoc @@ -0,0 +1,132 @@ += Terraform Options +:idprefix: +:idseparator: - +:sectlinks: +:sectnums: +:uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-vcn + +:uri-rel-file-base: link:{uri-repo}/blob/master +:uri-rel-tree-base: link:{uri-repo}/tree/master + +:uri-docs: {uri-rel-file-base}/docs +:uri-oci-region: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm +:uri-terraform-cidrsubnet: https://www.terraform.io/docs/configuration/functions/cidrsubnet.html + +Configuration Terraform Options: + +. link:#provider-and-identity[Provider and Identity] +. link:#general-oci[General OCI] +. link:#oci-networking[VCN] + +Ensure you review the {uri-terraform-dependencies}[dependencies]. + +== Provider and Identity + +[stripes=odd,cols="1d,4d,3a,3a", options=header,width="100%"] +|=== +|Parameter +|Description +|Values +|Default + +|`api_fingerprint` +|ssl fingerprint of api public key. *Required when configuring provider*. +| +|None + +|`api_private_key_path` +|path to api private key. *Required when configuring provider*. +| +|None + +|`region` +|Region where to provision the OKE cluster. {uri-oci-region}[List of regions]. *Required when configuring provider*. +| +|None + +|`tenancy_id` +|Tenancy id of the user. *Required when configuring provider*. +| +|None + +|`user_id` +|User's id. *Required when configuring provider*. +| +|None + +|=== + +== General OCI + +[stripes=odd,cols="1d,4d,3a,3a", options=header,width="100%"] +|=== +|Parameter +|Description +|Values +|Default + +|`compartment_id` +|Compartment id where the VCN Cluster will be provisioned. *Required*. +| +|None + +|`label_prefix` +|a string to be prepended to the name of resources. *Required*. +| +|None + + +|=== + +== VCN + +[stripes=odd,cols="1d,4d,3a,3a", options=header,width="100%"] +|=== +|Parameter +|Description +|Values +|Default + +|`tags` +|simple key-value pairs to tag the resources created specified in the form of a map +| e.g. +[source] +---- +tags = { + environment = "dev" + lob = "finance" +} +---- +|None + +|`internet_gateway_enabled` +|Whether to create an internet gateway. +|true/false +|false + +|`nat_gateway_enabled` +|Whether to create a NAT gateway. +|true/false +|false + +|`service_gateway_enabled` +|Whether to create a Service Gateway to use Oracle Services. +|true/false +|false + +|`vcn_cidr` +|The VCN's CIDR block. The CIDR block specified for the VCN must not overlap with the CIDR block of another network. +| +|10.0.0.0/16 + +|`vcn_dns_label` +|The internal DNS domain for resources created and prepended to "oraclevcn.com" which is the VCN-internal domain name. *Required* +| +|None + +|`vcn_name` +|The name of the VCN that will be appended to the label_prefix. *Required* +| +|None + +|=== diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..8b141aa --- /dev/null +++ b/examples/README.md @@ -0,0 +1,216 @@ +[rootvariables]:https://github.com/oracle/terraform-oci-vcn/blob/master/examples/db/variables.tf +[rootlocals]:https://github.com/oracle/terraform-oci-vcn/blob/master/examples/db/locals.tf +[terraformoptions]:https://github.com/oracle/terraform-oci-vcn/blob/master/docs/terraformoptions.adoc + +Example reusing terraform-oci-vcn and extending to create other network resources. + +__Note: This is an example to demonstrate reusing this Terraform module to create additional network resources. Ensure you evaluate your own security needs when creating security lists, network security groups etc.__ + +## Create a new Terraform project + +As an example, we’ll be using terraform-oci-vcn to create +additional network resources in the VCN. The steps required are the following: + +1. Create a new directory for your project e.g. mynetwork + +2. Create the following files in root directory of your project: + +- `variables.tf` +- `locals.tf` +- `provider.tf` +- `main.tf` +- `terraform.tfvars` + +3. Define the oci provider + +``` +provider "oci" { + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region + disable_auto_retries = false +} +``` + +4. Create the modules directory + +``` +mkdir modules +cd modules +``` + +5. Add the terraform-oci-vcn module + +``` +git clone https://github.com/oracle/terraform-oci-vcn.git vcn +``` + +Note: Cloning will be required until the module is published in HashiCorp's registry. + +## Define project variables + +### Variables to reuse the vcn module + +1. Define the vcn parameters in the root `variables.tf`. +See [`variables.tf`][rootvariables] in this directory. + +2. Add additional variables if you need to. + +## Define your modules + +1. Define the vcn module in root `main.tf` + +``` +module "vcn" { + source = "./modules/vcn" + + # general oci parameters + compartment_id = var.compartment_id + label_prefix = var.label_prefix + + # vcn parameters + internet_gateway_enabled = var.internet_gateway_enabled + nat_gateway_enabled = var.nat_gateway_enabled + service_gateway_enabled = var.service_gateway_enabled + tags = var.tags + vcn_cidr = var.vcn_cidr + vcn_dns_label = var.vcn_dns_label + vcn_name = var.vcn_name +} +``` + +2. Enter appropriate values for `terraform.tfvars`. Review [Terraform Options][terraformoptions] for reference + +## Add your own modules + +1. Create your own module e.g. subnets. In modules directory, create a subnets directory: + +``` +mkdir subnets +``` + +2. Define the additional variables(e.g. subnet masks) in the root and module variable file (`variables.tf`) e.g. + +``` +variable "netnum" { + description = "zero-based index of the subnet when the network is masked with the newbit. use as netnum parameter for cidrsubnet function" + default = { + bastion = 32 + web = 16 + } + type = map +} + +variable "newbits" { + description = "new mask for the subnet within the virtual network. use as newbits parameter for cidrsubnet function" + default = { + bastion = 13 + web = 11 + } + type = map +} +``` + +3. Create the security lists and subnets in `security.tf` and `subnets.tf` respectively in the subnets module: + +``` +resource "oci_core_security_list" "bastion" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-bastion" + + egress_security_rules { + protocol = "all" + destination = "0.0.0.0/0" + } + + ingress_security_rules { + # allow ssh + protocol = 6 + source = "0.0.0.0/0" + + tcp_options { + min = 22 + max = 22 + } + } + vcn_id = var.vcn_id +} + +resource "oci_core_security_list" "web" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-web" + + egress_security_rules { + protocol = "all" + destination = "all" + } + + ingress_security_rules { + # allow ssh + protocol = 6 + + source = "0.0.0.0" + + tcp_options { + min = 80 + max = 80 + } + } + vcn_id = var.vcn_id +} + +resource "oci_core_subnet" "bastion" { + cidr_block = cidrsubnet(var.vcn_cidr, var.newbits["bastion"], var.netnum["bastion]) + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-bastion" + dns_label = "bastion" + prohibit_public_ip_on_vnic = false + route_table_id = var.ig_route_id + security_list_ids = [oci_core_security_list.bastion.id] + vcn_id = var.vcn_id +} + +resource "oci_core_subnet" "web" { + cidr_block = cidrsubnet(var.vcn_cidr, var.newbits["web"], var.netnum["web]) + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-web" + dns_label = "web" + prohibit_public_ip_on_vnic = false + route_table_id = var.ig_route_id + security_list_ids = [oci_core_security_list.web.id] + vcn_id = var.vcn_id +} +``` +4. Add the subnets module in the `main.tf` + +``` +module "subnets" { + source = "./modules/subnets" + + netnum = var.netnum + newbits = var.newbits + + # other required variables + . + . + . +} +``` + +5. Update your terraform variable file and add the database parameters: + +``` +# subnets + +netnum = { + bastion = 32 + web = 16 +} + +newbits = { + bastion = 13 + web = 11 +} +``` diff --git a/examples/main.tf b/examples/main.tf new file mode 100644 index 0000000..a0faa74 --- /dev/null +++ b/examples/main.tf @@ -0,0 +1,32 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +module "vcn" { + source = "../" + + region = "us-phoenix-1" + + # general oci parameters + + compartment_id = "" + + label_prefix = "dev" + + # vcn parameters + internet_gateway_enabled = false + + nat_gateway_enabled = false + + service_gateway_enabled = false + + vcn_cidr = "10.0.0.0/16" + + vcn_dns_label = "vcn" + + vcn_name = "vcn" + + tags = { + environment = "dev" + lob = "finance" + } +} diff --git a/examples/terraform.tfvars.example b/examples/terraform.tfvars.example new file mode 100644 index 0000000..61aa4b4 --- /dev/null +++ b/examples/terraform.tfvars.example @@ -0,0 +1,38 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters + +api_fingerprint = "" + +api_private_key_path = "" + +region = "us-phoenix-1" + +tenancy_id = "" + +user_id = "" + +# general oci parameters + +compartment_id = "" + +label_prefix = "dev" + +# vcn parameters +internet_gateway_enabled = false + +nat_gateway_enabled = false + +service_gateway_enabled = false + +vcn_cidr = "10.0.0.0/16" + +vcn_dns_label = "vcn" + +vcn_name = "vcn" + +tags = { + environment = "dev" + lob = "finance" +} \ No newline at end of file diff --git a/examples/variables.tf b/examples/variables.tf new file mode 100644 index 0000000..0b02978 --- /dev/null +++ b/examples/variables.tf @@ -0,0 +1,84 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters +variable "api_fingerprint" { + description = "fingerprint of oci api private key" + type = string + default = "" +} + +variable "api_private_key_path" { + description = "path to oci api private key used" + type = string + default = "" +} + +variable "region" { + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions + description = "the oci region where resources will be created" + type = string +} + +variable "tenancy_id" { + description = "tenancy id where to create the sources" + type = string +} + +variable "user_id" { + description = "id of user that terraform will use to create the resources" + type = string +} + +# general oci parameters + +variable "compartment_id" { + description = "compartment id where to create all resources" + type = string +} + +variable "label_prefix" { + description = "a string that will be prepended to all resources" + type = string +} + +# vcn parameters + +variable "internet_gateway_enabled" { + description = "whether to create the internet gateway" + default = false + type = bool +} + +variable "nat_gateway_enabled" { + description = "whether to create a nat gateway in the vcn" + default = false + type = bool +} + +variable "service_gateway_enabled" { + description = "whether to create a service gateway" + default = false + type = bool +} + +variable "tags" { + description = "simple key-value pairs to tag the resources created" + type = map(any) +} + +variable "vcn_cidr" { + description = "cidr block of VCN" + default = "10.0.0.0/16" + type = string +} + +variable "vcn_dns_label" { + description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet" + type = string +} + +variable "vcn_name" { + description = "user-friendly name of to use for the vcn to be appended to the label_prefix" + type = string +} diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..b2c0ee2 --- /dev/null +++ b/locals.tf @@ -0,0 +1,6 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +locals { + anywhere = "0.0.0.0/0" +} \ No newline at end of file diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..601b700 --- /dev/null +++ b/main.tf @@ -0,0 +1,6 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +terraform { + required_version = ">= 0.12.24" +} \ No newline at end of file diff --git a/nat.tf b/nat.tf new file mode 100644 index 0000000..63ca73a --- /dev/null +++ b/nat.tf @@ -0,0 +1,40 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +resource "oci_core_nat_gateway" "nat_gateway" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-nat-gw" + + freeform_tags = var.tags + + vcn_id = oci_core_vcn.vcn.id + + count = var.nat_gateway_enabled == true ? 1 : 0 +} + +resource "oci_core_route_table" "nat" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-nat" + + freeform_tags = var.tags + + route_rules { + destination = local.anywhere + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_nat_gateway.nat_gateway[0].id + } + + dynamic "route_rules" { + for_each = var.service_gateway_enabled == true ? list(1) : [] + + content { + destination = lookup(data.oci_core_services.all_oci_services[0].services[0], "cidr_block") + destination_type = "SERVICE_CIDR_BLOCK" + network_entity_id = oci_core_service_gateway.service_gateway[0].id + } + } + + vcn_id = oci_core_vcn.vcn.id + + count = var.nat_gateway_enabled == true ? 1 : 0 +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..f48a473 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,22 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +output "vcn_id" { + description = "id of vcn that is created" + value = oci_core_vcn.vcn.id +} + +output "nat_gateway_id" { + description = "id of nat gateway if it is created" + value = join(",", oci_core_nat_gateway.nat_gateway.*.id) +} + +output "ig_route_id" { + description = "id of internet gateway route table" + value = join(",", oci_core_route_table.ig.*.id) +} + +output "nat_route_id" { + description = "id of VCN NAT gateway route table" + value = join(",", oci_core_route_table.nat.*.id) +} diff --git a/servicegateway.tf b/servicegateway.tf new file mode 100644 index 0000000..04174dc --- /dev/null +++ b/servicegateway.tf @@ -0,0 +1,25 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +data "oci_core_services" "all_oci_services" { + filter { + name = "name" + values = ["All .* Services In Oracle Services Network"] + regex = true + } + count = var.service_gateway_enabled == true ? 1 : 0 +} + +resource "oci_core_service_gateway" "service_gateway" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-sg-gw" + + freeform_tags = var.tags + services { + service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], "id") + } + + vcn_id = oci_core_vcn.vcn.id + + count = var.service_gateway_enabled == true ? 1 : 0 +} diff --git a/terraform.tfvars.example b/terraform.tfvars.example new file mode 100644 index 0000000..61aa4b4 --- /dev/null +++ b/terraform.tfvars.example @@ -0,0 +1,38 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters + +api_fingerprint = "" + +api_private_key_path = "" + +region = "us-phoenix-1" + +tenancy_id = "" + +user_id = "" + +# general oci parameters + +compartment_id = "" + +label_prefix = "dev" + +# vcn parameters +internet_gateway_enabled = false + +nat_gateway_enabled = false + +service_gateway_enabled = false + +vcn_cidr = "10.0.0.0/16" + +vcn_dns_label = "vcn" + +vcn_name = "vcn" + +tags = { + environment = "dev" + lob = "finance" +} \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..96c7175 --- /dev/null +++ b/variables.tf @@ -0,0 +1,87 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters +variable "api_fingerprint" { + description = "fingerprint of oci api private key" + type = string + default = "" +} + +variable "api_private_key_path" { + description = "path to oci api private key used" + type = string + default = "" +} + +variable "region" { + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions + description = "the oci region where resources will be created" + type = string +} + +variable "tenancy_id" { + description = "tenancy id where to create the sources" + type = string + default = "" +} + +variable "user_id" { + description = "id of user that terraform will use to create the resources" + type = string + default = "" +} + +# general oci parameters + +variable "compartment_id" { + description = "compartment id where to create all resources" + type = string +} + +variable "label_prefix" { + description = "a string that will be prepended to all resources" + type = string +} + +# vcn parameters + +variable "internet_gateway_enabled" { + description = "whether to create the internet gateway" + default = false + type = bool +} + +variable "nat_gateway_enabled" { + description = "whether to create a nat gateway in the vcn" + default = false + type = bool +} + +variable "service_gateway_enabled" { + description = "whether to create a service gateway" + default = false + type = bool +} + +variable "tags" { + description = "simple key-value pairs to tag the resources created" + type = map(any) + default = null +} + +variable "vcn_cidr" { + description = "cidr block of VCN" + default = "10.0.0.0/16" + type = string +} + +variable "vcn_dns_label" { + description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet" + type = string +} + +variable "vcn_name" { + description = "user-friendly name of to use for the vcn to be appended to the label_prefix" + type = string +} diff --git a/vcn.tf b/vcn.tf new file mode 100644 index 0000000..b7cc800 --- /dev/null +++ b/vcn.tf @@ -0,0 +1,38 @@ +# Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +resource "oci_core_vcn" "vcn" { + cidr_block = var.vcn_cidr + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-${var.vcn_name}" + dns_label = var.vcn_dns_label + + freeform_tags = var.tags +} + +resource "oci_core_internet_gateway" "ig" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-ig-gw" + + freeform_tags = var.tags + + vcn_id = oci_core_vcn.vcn.id + + count = var.internet_gateway_enabled == true ? 1 : 0 +} + +resource "oci_core_route_table" "ig" { + compartment_id = var.compartment_id + display_name = "${var.label_prefix}-ig" + + freeform_tags = var.tags + + route_rules { + destination = local.anywhere + network_entity_id = oci_core_internet_gateway.ig[0].id + } + + vcn_id = oci_core_vcn.vcn.id + + count = var.internet_gateway_enabled == true ? 1 : 0 +}