Merge pull request #2 from oracle-devrel/flex-bastion

Injectable BastionVM/BastionService

Author: nugoncal

README.md

@@ -23,7 +23,8 @@ This Module has the following folder structure:
 * [examples](examples): This folder contains examples of how to use the module:
   - [Drupal single-node + custom network injected into module](examples/drupal-single-mds-use-existing-network): This is an example of how to use the oci-arch-drupal module to deploy Drupal (single-node) with MDS and network cloud infrastrucutre elements injected into the module.
   - [Drupal multi-node + custom network injected into module](examples/drupal-ha-mds-use-existing-network): This is an example of how to use the oci-arch-drupal module to deploy Drupal HA (multi-node) with MDS and network cloud infrastrucutre elements injected into the module.
-  
+  - [Drupal multi-node + custom network + Bastion Host injected into module](examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host): This is an example of how to use the oci-arch-drupal module to deploy Drupal HA (multi-node) with MDS and network cloud infrastrucutre elements + Bastion Host injected into the module.
+  - [Drupal multi-node + custom network + Bastion Service injected into module](examples/drupal-ha-mds-use-existing-network-and-injected-bastion-service): This is an example of how to use the oci-arch-wordpress module to deploy Drupal HA (multi-node) with MDS and network cloud infrastrucutre elements + Bastion Service injected into the module.  
 To deploy Drupal using this Module with minimal effort use this:
 
 ```hcl
@@ -70,6 +71,10 @@ flex_shape_memory | If shape is set to Flex shape then you can define Flex Shape
 lb_shape | If numberOfNodes set to 2 or more then you can define Load Balancer shape
 flex_lb_min_shape | If numberOfNodes set to 2 or more and lb_shape=flexible then you can define Load Balancer minimum shape.
 flex_lb_max_shape | If numberOfNodes set to 2 or more and lb_shape=flexible then you can define Load Balancer maximum shape.
+inject_bastion_service_id | Instead of counting on module to create Bastion Service you can pass Bastion Service OCID as input (set value to TRUE).
+bastion_service_id | If inject_bastion_service_id is set to TRUE then you can pass here Bastion Service OCID as input.
+inject_bastion_server_public_ip  | Instead of counting on module to create Bastion VM you can pass Bastion Host Public IP Address as input (set value to TRUE).
+bastion_server_public_ip | If inject_bastion_server_public_ip is set to TRUE then you can pass here Bastion Host Public IP Address.
 use_bastion_service | If you want to use OCI Bastion Service then you need to set the value to TRUE.
 bastion_service_region | If use_bastion_service is set to TRUE then you can define bastion service region. 
 bastion_image_id | If use_bastion_service is set to FALSE then you can define Bastion VM image id. 

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/LICENSE

@@ -0,0 +1,35 @@
+Copyright (c) 2022 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/README.md

@@ -0,0 +1,19 @@
+## Create Drupal multi-node + custom network & Bastion Host injected into module
+This is an example of how to use the oci-arch-drupal module to deploy Drupal HA (multi-node) with MDS and network cloud infrastructure elements + Bastion Host injected into the module.
+  
+### Using this example
+Update terraform.tfvars with the required information.
+
+### Deploy the Drupal
+Initialize Terraform:
+```
+$ terraform init
+```
+View what Terraform plans do before actually doing it:
+```
+$ terraform plan
+```
+Use Terraform to Provision resources:
+```
+$ terraform apply
+```

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/bastion_compute.tf

@@ -0,0 +1,33 @@
+## Copyright (c) 2022 Oracle and/or its affiliates.
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+resource "oci_core_instance" "bastion" {
+  availability_domain = local.availability_domain_name
+  compartment_id      = var.compartment_ocid
+  display_name        = "bastionvm"
+  shape               = var.bastion_shape
+
+  dynamic "shape_config" {
+    for_each = local.is_flexible_node_shape ? [1] : []
+    content {
+      memory_in_gbs = var.bastion_flex_shape_memory
+      ocpus         = var.bastion_flex_shape_ocpus
+    }
+  }
+
+  create_vnic_details {
+    subnet_id        = oci_core_subnet.bastion_subnet_public.id
+    assign_public_ip = true
+  }
+
+  source_details {
+    source_type = "image"
+    source_id   = data.oci_core_images.InstanceImageOCID2.images[0].id
+  }
+
+  metadata = {
+    ssh_authorized_keys = module.oci-arch-drupal.generated_ssh_public_key
+  }
+
+}
+

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/datasources.tf

@@ -0,0 +1,47 @@
+## Copyright (c) 2022 Oracle and/or its affiliates.
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+data "oci_core_images" "InstanceImageOCID" {
+  compartment_id           = var.compartment_ocid
+  operating_system         = var.instance_os
+  operating_system_version = var.linux_os_version
+  shape                    = var.node_shape
+
+  filter {
+    name   = "display_name"
+    values = ["^.*Oracle[^G]*$"]
+    regex  = true
+  }
+}
+
+data "oci_core_images" "InstanceImageOCID2" {
+  compartment_id           = var.compartment_ocid
+  operating_system         = var.instance_os
+  operating_system_version = var.linux_os_version
+  shape                    = var.bastion_shape
+
+  filter {
+    name   = "display_name"
+    values = ["^.*Oracle[^G]*$"]
+    regex  = true
+  }
+}
+
+data "oci_mysql_mysql_configurations" "shape" {
+  compartment_id = var.compartment_ocid
+  type           = ["DEFAULT"]
+  shape_name     = var.mysql_shape
+}
+
+data "oci_identity_region_subscriptions" "home_region_subscriptions" {
+  tenancy_id = var.tenancy_ocid
+
+  filter {
+    name   = "is_home_region"
+    values = [true]
+  }
+}
+
+data "oci_identity_availability_domains" "ADs" {
+  compartment_id = var.tenancy_ocid
+}

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/drupal.tf

@@ -0,0 +1,34 @@
+## Copyright (c) 2022, Oracle and/or its affiliates. 
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+module "oci-arch-drupal" {
+  source                          = "github.com/oracle-devrel/terraform-oci-arch-drupal"
+  tenancy_ocid                    = var.tenancy_ocid
+  vcn_id                          = oci_core_virtual_network.drupal_mds_vcn.id
+  numberOfNodes                   = 2
+  availability_domain_name        = var.availability_domain_name == "" ? lookup(data.oci_identity_availability_domains.ADs.availability_domains[0], "name") : var.availability_domain_name
+  compartment_ocid                = var.compartment_ocid
+  image_id                        = lookup(data.oci_core_images.InstanceImageOCID.images[0], "id")
+  shape                           = var.node_shape
+  ssh_authorized_keys             = var.ssh_public_key
+  mds_ip                          = module.mds-instance.mysql_db_system.ip_address
+  drupal_subnet_id                = oci_core_subnet.drupal_subnet.id
+  lb_subnet_id                    = oci_core_subnet.lb_subnet_public.id 
+  bastion_subnet_id               = oci_core_subnet.bastion_subnet_public.id 
+  fss_subnet_id                   = oci_core_subnet.fss_subnet_private.id 
+  admin_password                  = var.admin_password
+  admin_username                  = var.admin_username
+  drupal_schema                   = var.drupal_schema
+  drupal_name                     = var.drupal_name
+  drupal_password                 = var.drupal_password
+  display_name                    = var.drupal_name
+  lb_shape                        = var.lb_shape 
+  flex_lb_min_shape               = var.flex_lb_min_shape 
+  flex_lb_max_shape               = var.flex_lb_max_shape 
+  use_bastion_service             = false
+  inject_bastion_service_id       = false
+  inject_bastion_server_public_ip = true
+  bastion_server_public_ip        = oci_core_instance.bastion.public_ip
+  bastion_service_region          = var.region
+}
+

examples/drupal-ha-mds-use-existing-network-and-injected-bastion-host/mds.tf

@@ -0,0 +1,22 @@
+## Copyright (c) 2022, Oracle and/or its affiliates. 
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+module "mds-instance" {
+    source = "github.com/oracle-devrel/terraform-oci-cloudbricks-mysql-database?ref=v1.0.4.1"
+    tenancy_ocid                                    = var.tenancy_ocid
+    region                                          = var.region
+    mysql_instance_compartment_ocid                 = var.compartment_ocid
+    mysql_network_compartment_ocid                  = var.compartment_ocid
+    subnet_id                                       = oci_core_subnet.mds_subnet_private.id
+    mysql_db_system_admin_username                  = var.admin_username
+    mysql_db_system_admin_password                  = var.admin_password
+    mysql_db_system_availability_domain             = var.availability_domain_name == "" ? lookup(data.oci_identity_availability_domains.ADs.availability_domains[0], "name") : var.availability_domain_name
+    mysql_shape_name                                = var.mysql_shape
+    mysql_db_system_data_storage_size_in_gb         = var.mysql_db_system_data_storage_size_in_gb
+    mysql_db_system_description                     = var.mysql_db_system_description
+    mysql_db_system_display_name                    = var.mysql_db_system_display_name
+    mysql_db_system_fault_domain                    = var.mysql_db_system_fault_domain
+    mysql_db_system_hostname_label                  = var.mysql_db_system_hostname_label
+    mysql_db_system_is_highly_available             = var.mysql_is_highly_available
+    mysql_db_system_maintenance_window_start_time   = var.mysql_db_system_maintenance_window_start_time
+}