-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
210 lines (184 loc) · 8.1 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# Copyright (c) 2018, 2021 Oracle Corporation and/or affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
terraform {
required_version = ">= 0.12" // terraform version below 0.12 is not tested/supported with this module
required_providers {
oci = {
version = ">= 3.27" // force downloading oci-provider compatible with terraform v0.12
}
}
}
// Get all the Availability Domains for the region and default backup policies
data "oci_identity_availability_domains" "ad" {
compartment_id = var.compartment_ocid
}
data "oci_core_volume_backup_policies" "default_backup_policies" {}
locals {
ADs = [
// Iterate through data.oci_identity_availability_domains.ad and create a list containing AD names
for i in data.oci_identity_availability_domains.ad.availability_domains : i.name
]
backup_policies = {
// Iterate through data.oci_core_volume_backup_policies.default_backup_policies and create a map containing name & ocid
// This is used to specify a backup policy id by name
for i in data.oci_core_volume_backup_policies.default_backup_policies.volume_backup_policies : i.display_name => i.id
}
}
####################
# Subnet Datasource
####################
data "oci_core_subnet" "instance_subnet" {
count = length(var.subnet_ocids)
subnet_id = element(var.subnet_ocids, count.index)
}
############
# Shapes
############
// Create a data source for compute shapes.
// Filter on current AD to remove duplicates and give all the shapes supported on the AD.
// This will not check quota and limits for AD requested at resource creation
data "oci_core_shapes" "current_ad" {
compartment_id = var.compartment_ocid
availability_domain = var.ad_number == null ? element(local.ADs, 0) : element(local.ADs, var.ad_number - 1)
}
locals {
shapes_config = {
// prepare data with default values for flex shapes. Used to populate shape_config block with default values
// Iterate through data.oci_core_shapes.current_ad.shapes (this exclude duplicate data in multi-ad regions) and create a map { name = { memory_in_gbs = "xx"; ocpus = "xx" } }
for i in data.oci_core_shapes.current_ad.shapes : i.name => {
"memory_in_gbs" = i.memory_in_gbs
"ocpus" = i.ocpus
}
}
shape_is_flex = length(regexall("^*.Flex", var.shape)) > 0 # evaluates to boolean true when var.shape contains .Flex
}
############
# Instance
############
resource "oci_core_instance" "instance" {
count = var.instance_count
// If no explicit AD number, spread instances on all ADs in round-robin. Looping to the first when last AD is reached
availability_domain = var.ad_number == null ? element(local.ADs, count.index) : element(local.ADs, var.ad_number - 1)
compartment_id = var.compartment_ocid
display_name = var.instance_display_name == "" ? "" : var.instance_count != 1 ? "${var.instance_display_name}_${count.index + 1}" : var.instance_display_name
extended_metadata = var.extended_metadata
ipxe_script = var.ipxe_script
preserve_boot_volume = var.preserve_boot_volume
state = var.instance_state
shape = var.shape
shape_config {
// If shape name contains ".Flex" and instance_flex inputs are not null, use instance_flex inputs values for shape_config block
// Else use values from data.oci_core_shapes.current_ad for var.shape
memory_in_gbs = local.shape_is_flex == true && var.instance_flex_memory_in_gbs != null ? var.instance_flex_memory_in_gbs : local.shapes_config[var.shape]["memory_in_gbs"]
ocpus = local.shape_is_flex == true && var.instance_flex_ocpus != null ? var.instance_flex_ocpus : local.shapes_config[var.shape]["ocpus"]
baseline_ocpu_utilization = var.baseline_ocpu_utilization
}
agent_config {
are_all_plugins_disabled = false
is_management_disabled = false
is_monitoring_disabled = false
# ! provider seems to have a bug with plugin_config stanzas below
// this configuration is applied at first resource creation
// subsequent updates are detected as changes by terraform but seems to be ignored by the provider ...
plugins_config {
desired_state = var.cloud_agent_plugins.autonomous_linux
name = "Oracle Autonomous Linux"
}
plugins_config {
desired_state = var.cloud_agent_plugins.bastion
name = "Bastion"
}
plugins_config {
desired_state = var.cloud_agent_plugins.block_volume_mgmt
name = "Block Volume Management"
}
plugins_config {
desired_state = var.cloud_agent_plugins.custom_logs
name = "Custom Logs Monitoring"
}
plugins_config {
desired_state = var.cloud_agent_plugins.management
name = "Management Agent"
}
plugins_config {
desired_state = var.cloud_agent_plugins.monitoring
name = "Compute Instance Monitoring"
}
plugins_config {
desired_state = var.cloud_agent_plugins.osms
name = "OS Management Service Agent"
}
plugins_config {
desired_state = var.cloud_agent_plugins.run_command
name = "Compute Instance Run Command"
}
plugins_config {
desired_state = var.cloud_agent_plugins.vulnerability_scanning
name = "Vulnerability Scanning"
}
}
create_vnic_details {
assign_public_ip = var.public_ip == "NONE" ? var.assign_public_ip : false
display_name = var.vnic_name == "" ? "" : var.instance_count != "1" ? "${var.vnic_name}_${count.index + 1}" : var.vnic_name
hostname_label = var.hostname_label == "" ? "" : var.instance_count != "1" ? "${var.hostname_label}-${count.index + 1}" : var.hostname_label
private_ip = element(
concat(var.private_ips, [""]),
length(var.private_ips) == 0 ? 0 : count.index,
)
skip_source_dest_check = var.skip_source_dest_check
// Current implementation requires providing a list of subnets when using ad-specific subnets
subnet_id = data.oci_core_subnet.instance_subnet[count.index % length(data.oci_core_subnet.instance_subnet.*.id)].id
nsg_ids = var.primary_vnic_nsg_ids
freeform_tags = local.merged_freeform_tags
defined_tags = var.defined_tags
}
metadata = {
ssh_authorized_keys = var.ssh_public_keys != null ? var.ssh_public_keys : file(var.ssh_authorized_keys)
user_data = var.user_data
}
source_details {
boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
source_id = var.source_ocid
source_type = var.source_type
}
freeform_tags = local.merged_freeform_tags
defined_tags = var.defined_tags
timeouts {
create = var.instance_timeout
}
}
##################################
# Instance Credentials Datasource
##################################
data "oci_core_instance_credentials" "credential" {
count = var.resource_platform != "linux" ? var.instance_count : 0
instance_id = oci_core_instance.instance[count.index].id
}
####################
# Networking
####################
data "oci_core_vnic_attachments" "vnic_attachment" {
count = var.instance_count
compartment_id = var.compartment_ocid
instance_id = oci_core_instance.instance[count.index].id
depends_on = [
oci_core_instance.instance
]
}
data "oci_core_private_ips" "private_ips" {
count = var.instance_count
vnic_id = data.oci_core_vnic_attachments.vnic_attachment[count.index].vnic_attachments[0].vnic_id
depends_on = [
oci_core_instance.instance
]
}
resource "oci_core_public_ip" "public_ip" {
count = var.public_ip == "NONE" ? 0 : var.instance_count
compartment_id = var.compartment_ocid
lifetime = var.public_ip
display_name = var.public_ip_display_name != null ? var.public_ip_display_name : oci_core_instance.instance[count.index].display_name
private_ip_id = data.oci_core_private_ips.private_ips[count.index].private_ips[0].id
# public_ip_pool_id = oci_core_public_ip_pool.test_public_ip_pool.id # * (BYOIP CIDR Blocks) are not supported yet by this module.
freeform_tags = local.merged_freeform_tags
defined_tags = var.defined_tags
}