terraform/OCI: Add a Kconfig switch to create a VCN on the fly

Make it simpler to use OCI: create a kdevops VCN if there isn't
already a persistent VCN to use.

Reviewed-by: Luis Chamberlain <[email protected]>
Reviewed-by: Chandan Babu R <[email protected]>
Signed-off-by: Chuck Lever <[email protected]>

Author: chucklever

playbooks/roles/gen_tfvars/defaults/main.yml

@@ -18,6 +18,7 @@ terraform_private_net_prefix: ""
 terraform_private_net_mask: 0
 
 terraform_oci_assign_public_ip: false
+terraform_oci_use_existing_vcn: false
 
 terraform_openstack_cloud_name: "invalid"
 terraform_openstack_instance_prefix: "invalid"

playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2

@@ -12,7 +12,10 @@ oci_instance_flex_memory_in_gbs = {{ terraform_oci_instance_flex_memory_in_gbs }
 {% endif %}
 oci_os_image_ocid = "{{ terraform_oci_os_image_ocid }}"
 oci_assign_public_ip = {{ terraform_oci_assign_public_ip | lower }}
+oci_use_existing_vcn = {{ terraform_oci_use_existing_vcn | lower }}
+{% if terraform_oci_use_existing_vcn %}
 oci_subnet_ocid = "{{ terraform_oci_subnet_ocid }}"
+{% endif %}
 oci_volumes_per_instance = {{ terraform_oci_volumes_per_instance }}
 oci_volumes_size = {{ terraform_oci_volumes_size }}
 oci_data_volume_device_file_name = "{{ terraform_oci_data_volume_device_file_name }}"

terraform/oci/kconfigs/Kconfig.network

@@ -7,6 +7,23 @@ config TERRAFORM_OCI_ASSIGN_PUBLIC_IP
 	  assigned to each instance. Leave it unset to prevent your
 	  instances from being accessible on the public internet.
 
+config TERRAFORM_OCI_USE_EXISTING_VCN
+	bool "Attach instances to an existing VCN"
+	output yaml
+	default y
+	help
+	  If your tenancy administrator prefers to create and secure
+	  the network resources used within a compartment, or your
+	  tenancy has special networking requirements, enable this
+	  option. Then enter the OCID of the existing subnet in the
+	  TERRAFORM_OCI_SUBNET_OCID option below. kdevops will join
+	  its compute instances to that subnet.
+
+	  Disable this option if you'd like kdevops to create a
+	  secure VPN and subnet automatically.
+
+if TERRAFORM_OCI_USE_EXISTING_VCN
+
 config TERRAFORM_OCI_SUBNET_OCID
 	string "OCI Subnet OCID"
 	output yaml
@@ -18,3 +35,5 @@ config TERRAFORM_OCI_SUBNET_OCID
 	  kdevops does not manage this resource. Before running
 	  "make bringup", the subnet must already exist and your OCI
 	  user must have permission to attach to it.
+
+endif # TERRAFORM_OCI_USE_EXISTING_VCN

terraform/oci/main.tf

@@ -30,7 +30,7 @@ resource "oci_core_instance" "kdevops_instance" {
 
   create_vnic_details {
     assign_public_ip = var.oci_assign_public_ip
-    subnet_id = var.oci_subnet_ocid
+    subnet_id        = var.oci_use_existing_vcn ? var.oci_subnet_ocid : one(oci_core_subnet.kdevops_subnet[*].id)
   }
 
   metadata = {
@@ -53,6 +53,8 @@ module "volumes" {
 }
 
 resource "oci_core_vcn" "kdevops_vcn" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   cidr_blocks = [
     "10.0.0.0/16",
   ]
@@ -63,15 +65,19 @@ resource "oci_core_vcn" "kdevops_vcn" {
 }
 
 resource "oci_core_internet_gateway" "kdevops_internet_gateway" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
   display_name   = "kdevops internet gateway"
-  vcn_id         = oci_core_vcn.kdevops_vcn.id
+  vcn_id         = one(oci_core_vcn.kdevops_vcn[*].id)
 }
 
 resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
   display_name   = "kdevops dhcp options"
-  vcn_id         = oci_core_vcn.kdevops_vcn.id
+  vcn_id         = one(oci_core_vcn.kdevops_vcn[*].id)
 
   options {
     type        = "DomainNameServer"
@@ -84,20 +90,24 @@ resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
 }
 
 resource "oci_core_route_table" "kdevops_route_table" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
   display_name   = "kdevops route table"
-  vcn_id         = oci_core_vcn.kdevops_vcn.id
+  vcn_id         = one(oci_core_vcn.kdevops_vcn[*].id)
   route_rules {
     destination       = "0.0.0.0/0"
     destination_type  = "CIDR_BLOCK"
-    network_entity_id = oci_core_internet_gateway.kdevops_internet_gateway.id
+    network_entity_id = one(oci_core_internet_gateway.kdevops_internet_gateway[*].id)
   }
 }
 
 resource "oci_core_security_list" "kdevops_security_list" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
   display_name   = "kdevops security list"
-  vcn_id         = oci_core_vcn.kdevops_vcn.id
+  vcn_id         = one(oci_core_vcn.kdevops_vcn[*].id)
 
   egress_security_rules {
     description      = "Allow all outbound traffic"
@@ -153,13 +163,15 @@ resource "oci_core_security_list" "kdevops_security_list" {
 }
 
 resource "oci_core_subnet" "kdevops_subnet" {
+  count = var.oci_use_existing_vcn ? 0 : 1
+
   availability_domain = data.oci_identity_availability_domain.kdevops_av_domain.name
   cidr_block          = "10.0.0.0/24"
   compartment_id      = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
-  dhcp_options_id     = oci_core_dhcp_options.kdevops_dhcp_options.id
+  dhcp_options_id     = one(oci_core_dhcp_options.kdevops_dhcp_options[*].id)
   dns_label           = "runners"
   display_name        = "kdevops subnet"
-  route_table_id      = oci_core_route_table.kdevops_route_table.id
-  security_list_ids   = ["${oci_core_security_list.kdevops_security_list.id}"]
-  vcn_id              = oci_core_vcn.kdevops_vcn.id
+  route_table_id      = one(oci_core_route_table.kdevops_route_table[*].id)
+  security_list_ids   = ["${one(oci_core_security_list.kdevops_security_list[*].id)}"]
+  vcn_id              = one(oci_core_vcn.kdevops_vcn[*].id)
 }

terraform/oci/vars.tf

@@ -51,10 +51,16 @@ variable "oci_assign_public_ip" {
 }
 
 variable "oci_subnet_ocid" {
+  default     = null
   description = "Subnet OCID"
   type        = string
 }
 
+variable "oci_use_existing_vcn" {
+  description = "Use a pre-existing VCN"
+  type        = bool
+}
+
 variable "oci_volumes_per_instance" {
   description = "The count of additional block volumes per instance"
   type        = number