Terraform examples for provisioning OCVS

Author: RichardORCL

cloud-infrastructure/vmware-solutions/oracle-cloud-vmware-solution/OCVS-Terraform-automation/MultiHost-DenseIO-SingleCluster-SDDC/AvailabilityDomains.tf

@@ -0,0 +1,3 @@
+data "oci_identity_availability_domains" "export_availability_domains" {
+    compartment_id = var.compartment_ocid
+}

cloud-infrastructure/vmware-solutions/oracle-cloud-vmware-solution/OCVS-Terraform-automation/MultiHost-DenseIO-SingleCluster-SDDC/Gateways.tf

@@ -0,0 +1,5 @@
+resource "oci_core_nat_gateway" "sddc_nat_gateway" {
+    compartment_id = var.compartment_ocid
+    vcn_id = oci_core_vcn.export_sddc_vcn.id
+    display_name = "SDDC-NAT-Gateway"
+}

cloud-infrastructure/vmware-solutions/oracle-cloud-vmware-solution/OCVS-Terraform-automation/MultiHost-DenseIO-SingleCluster-SDDC/NSGs.tf

@@ -0,0 +1,302 @@
+
+# --[ VLAN Edge Uplink 1 ]--------------------------------------------------
+resource oci_core_network_security_group export_UPLINK1_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for Uplink1"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-UPLINK1-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_UPLINK1_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-UPLINK1-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_UPLINK1_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN Edge Uplink 2 ]--------------------------------------------------
+# Uplink2 is unused by default, so no rules specified
+resource oci_core_network_security_group export_UPLINK2_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for Uplink2"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-UPLINK2-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_UPLINK2_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-UPLINK2-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_UPLINK2_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN EdgeVTEP ]--------------------------------------------------
+resource oci_core_network_security_group export_EdgeVTEP_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for Edge VTEP"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-EdgeVTEP-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_EdgeVTEP_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-EdgeVTEP-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_EdgeVTEP_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN VTEP ]--------------------------------------------------
+resource oci_core_network_security_group export_VTEP_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSX for VTEP"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-VTEP-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_VTEP_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-VTEP-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_VTEP_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN vMOTION ]--------------------------------------------------
+resource oci_core_network_security_group export_vMOTION_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for vMotion"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vMOTION-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vMOTION_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vMOTION-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vMOTION_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN vSAN ]--------------------------------------------------
+resource oci_core_network_security_group export_vSAN_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for vSAN"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vSAN-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vSAN_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vSAN-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vSAN_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN vSPHERE ]--------------------------------------------------
+resource oci_core_network_security_group export_vSPHERE_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for vSphere"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vSPHERE-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vSPHERE_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vSPHERE-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vSPHERE_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-vSPHERE-rule_3 {
+  description = "Allow traffic to Internet"
+  destination               = "0.0.0.0/0"
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_vSPHERE_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN HCX ]--------------------------------------------------
+resource oci_core_network_security_group export_HCX_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG for HCX"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-HCX-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_HCX_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-HCX-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_HCX_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN ReplicationNET ]--------------------------------------------------
+resource oci_core_network_security_group export_ReplicationNET_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSX for ReplicationNet"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-ReplicationNET-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_ReplicationNET_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-ReplicationNET-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_ReplicationNET_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}
+
+# --[ VLAN ProvisionNET ]--------------------------------------------------
+resource oci_core_network_security_group export_ProvisionNET_nsg {
+  compartment_id = var.compartment_ocid
+  display_name = "NSG ProvisionNet"
+  vcn_id = oci_core_vcn.export_sddc_vcn.id
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-ProvisionNET-rule_1 {
+  description = "Allow traffic from VCN"
+  destination_type          = ""
+  direction                 = "INGRESS"
+  network_security_group_id = oci_core_network_security_group.export_ProvisionNET_nsg.id
+  protocol                  = "all"
+  source                    = var.vcn_cidr
+  source_type               = "CIDR_BLOCK"
+  stateless                 = "false"
+}
+
+resource oci_core_network_security_group_security_rule export_NSG-ProvisionNET-rule_2 {
+  description = "Allow traffic to VCN"
+  destination               = var.vcn_cidr
+  destination_type          = "CIDR_BLOCK"
+  direction                 = "EGRESS"
+  network_security_group_id = oci_core_network_security_group.export_ProvisionNET_nsg.id
+  protocol                  = "all"
+  source_type               = ""
+  stateless                 = "false"
+}

cloud-infrastructure/vmware-solutions/oracle-cloud-vmware-solution/OCVS-Terraform-automation/MultiHost-DenseIO-SingleCluster-SDDC/README.md

@@ -0,0 +1,23 @@
+## Terraform - Provisioning Multi host SDDC with single cluster
+Create by: [email protected]
+Date: February 2024
+
+This is an example Terraform script to provision a multi host SDDC with a
+single cluster based on DenseIO shape, using VSAN for storage.
+
+The terraform creates:
+- a VCN for deploying SDDC into
+- Needed subnet for ESXi servers
+- Needed VLANS for the VMware stack
+
+The vSphere VLAN will be configured to allow egress traffic to internet via 
+NAT Gateway. This is needed for provisioning to succeed. As internet access
+is needed to license registration with VMware.
+
+more info:
+https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/ocvp_sddc
+
+# License
+Copyright (c) 2024 Oracle and/or its affiliates.
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.