From 731b9970b9e94eec4f7c41419b3aa3b38900ae3b Mon Sep 17 00:00:00 2001 From: ionelpanaitescu Date: Thu, 7 Aug 2025 12:07:03 +0200 Subject: [PATCH 1/2] Upgrading the atp deployment solution --- .../solutions/ATP Deployment/.gitignore | 2 +- .../solutions/ATP Deployment/CONTRIBUTING.md | 32 + .../solutions/ATP Deployment/LICENSE | 27 + .../solutions/ATP Deployment/README.md | 638 ++++++++++++++++++ .../solutions/ATP Deployment/locals.tf | 477 ++++++++++++- .../solutions/ATP Deployment/main.tf | 533 ++------------- .../modules/provisioner/provisioner.tf | 26 +- .../modules/provisioner/variables.tf | 6 + .../solutions/ATP Deployment/outputs.tf | 63 +- .../solutions/ATP Deployment/provider.tf | 35 +- .../solutions/ATP Deployment/terraform.tfvars | 8 - .../solutions/ATP Deployment/variables.tf | 197 +++++- 12 files changed, 1534 insertions(+), 510 deletions(-) create mode 100644 cloud-foundation/solutions/ATP Deployment/CONTRIBUTING.md create mode 100644 cloud-foundation/solutions/ATP Deployment/LICENSE create mode 100644 cloud-foundation/solutions/ATP Deployment/README.md delete mode 100644 cloud-foundation/solutions/ATP Deployment/terraform.tfvars diff --git a/cloud-foundation/solutions/ATP Deployment/.gitignore b/cloud-foundation/solutions/ATP Deployment/.gitignore index 43d7d39..0453bc9 100644 --- a/cloud-foundation/solutions/ATP Deployment/.gitignore +++ b/cloud-foundation/solutions/ATP Deployment/.gitignore @@ -1,4 +1,4 @@ -# Copyright © 2022, Oracle and/or its affiliates. +# Copyright © 2025, Oracle and/or its affiliates. # All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. .terraform diff --git a/cloud-foundation/solutions/ATP Deployment/CONTRIBUTING.md b/cloud-foundation/solutions/ATP Deployment/CONTRIBUTING.md new file mode 100644 index 0000000..f945a04 --- /dev/null +++ b/cloud-foundation/solutions/ATP Deployment/CONTRIBUTING.md @@ -0,0 +1,32 @@ + +# Contributing to Oracle Cloud Foundation Terraform Framework + +## Contributing to Oracle Cloud Foundation Terraform Framework + +Oracle welcomes contributions to this repository from anyone. + +If you want to submit a pull request to fix a bug or enhance an existing +feature, please first open an issue and link to that issue when you +submit your pull request. + +If you have any questions about a possible submission, feel free to open +an issue too. + +## Pull request process + +1. Fork this repository +1. Create a branch in your fork to implement the changes. We recommend using +the issue number as part of your branch name, e.g. `1234-fixes` +1. Ensure that there is at least one test that would fail without the fix and +passes post fix +1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly +what your changes are meant to do and provide simple steps on how to validate +your changes, ideally referencing the test. Ensure that you reference the issue +you created as well. We will assign the pull request to 1-2 people for review +before it is submitted internally and the PR is closed. \ No newline at end of file diff --git a/cloud-foundation/solutions/ATP Deployment/LICENSE b/cloud-foundation/solutions/ATP Deployment/LICENSE new file mode 100644 index 0000000..b46e87e --- /dev/null +++ b/cloud-foundation/solutions/ATP Deployment/LICENSE @@ -0,0 +1,27 @@ +Copyright © 2024 Oracle and/or its affiliates. All rights reserved. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. \ No newline at end of file diff --git a/cloud-foundation/solutions/ATP Deployment/README.md b/cloud-foundation/solutions/ATP Deployment/README.md new file mode 100644 index 0000000..fd9bd6f --- /dev/null +++ b/cloud-foundation/solutions/ATP Deployment/README.md @@ -0,0 +1,638 @@ +# Oracle Cloud Foundation Terraform Solution - Deploy a secure production-ready Oracle Autonomous Database and Oracle APEX application + +## Table of Contents +1. [Overview](#overview) +1. [Deliverables](#deliverables) +1. [Architecture](#Architecture-Diagram) +1. [Executing Instructions](#instructions) + 1. [Deploy Using the Terraform CLI](#Deploy-Using-the-Terraform-CLI) + 1. [What to do after the Deployment via Terraform CLI](#After-Deployment-via-Terraform-CLI) +1. [Documentation](#documentation) +1. [The Team](#team) +1. [Feedback](#feedback) +1. [Known Issues](#known-issues) +1. [Contribute](#CONTRIBUTING.md) + + +## Overview +---------------- + +Use Oracle APEX to build scalable, secure enterprise applications, with world-class features, that you can deploy anywhere. Oracle APEX is a low-code development platform. Once the application is up and running, you can use Terraform to automate deployment into an Oracle Cloud Infrastructure environment. + + +## Deliverables +---------------- + + This repository encloses one deliverable: + +- A reference implementation written in Terraform HCL (Hashicorp Language) that provisions fully functional resources in an OCI tenancy. + +## Architecture-Diagram +---------------- + +This architecture leverages the load balancer to isolate an Oracle Autonomous Transaction Processing database in a separate private subnet. The Oracle Cloud Infrastructure (OCI) landing zone automated by Terraform provides a secure infrastructure for running the Oracle APEX application on top of the shared Oracle Autonomous Database exposed by the private endpoint. + +The following diagram illustrates this reference architecture. + + +![](https://docs.oracle.com/en/solutions/deploy-autonomous-database-and-app/img/apex-app-adb.png) + + +## Executing Instructions +---------------- + +## Prerequisites + +- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `nat-gateways`, `route-tables`, `subnets`, `service-gateways`, `security-lists`, `autonomous database`, `Load Balancer` and `compute instances`. +- Quota to create the following resources: 1 ADW database instance inside OCI, 1 Load Balancer and 1 bastion server. +If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). + + +# Deploy Using the Terraform CLI + + +## Clone the Module +Now, you'll want a local copy of this repo. You can make that with the commands: + + git clone https://github.com/oracle-devrel/terraform-oci-oracle-cloud-foundation.git + cd terraform-oci-oracle-cloud-foundation/cloud-foundation/solutions/ATP Deployment + ls + +## Deployment + +- Follow the instructions from Prerequisites links in order to install terraform. +- Download the terraform version suitable for your operating system. +- Unzip the archive. +- Add the executable to the PATH. +- You will have to generate an API signing key (public/private keys) and the public key should be uploaded in the OCI console, for the iam user that will be used to create the resources. Also, you should make sure that this user has enough permissions to create resources in OCI. In order to generate the API Signing key, follow the steps from: https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#How + The API signing key will generate a fingerprint in the OCI console, and that fingerprint will be used in a terraform file described below. +- You will also need to generate an OpenSSH public key pair. Please store those keys in a place accessible like your user home .ssh directory. + +## Prerequisites + +- Install Terraform v0.15 or greater: https://www.terraform.io/downloads.html +- Install sqlcl on your operating system: https://docs.oracle.com/en/database/oracle/apex/22.1/aeadm/downloading-and-installing-sqlcl.html +- Install Python 3.6: https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-centos-7 +- Generate an OCI API Key +- Create your config under \$home*directory/.oci/config (run \_oci setup config* and follow the steps) +- Gather Tenancy related variables (tenancy_id, user_id, local path to the oci_api_key private key, fingerprint of the oci_api_key_public key, and region) + +### Installing Terraform + +Go to [terraform.io](https://www.terraform.io/downloads.html) and download the proper package for your operating system and architecture. Terraform is distributed as a single binary. +Install Terraform by unzipping it and moving it to a directory included in your system's PATH. You will need the latest version available. + +### Prepare Terraform Provider Values + +**variables.tf** is located in the root directory. This file is used in order to be able to make API calls in OCI, hence it will be needed by all terraform automations. + +In order to populate the **variables.tf** file, you will need the following: + +- Tenancy OCID +- User OCID +- Local Path to your private oci api key +- Fingerprint of your public oci api key +- Region + + +#### **Getting the Tenancy and User OCIDs** + +You will have to login to the [console](https://console.us-ashburn-1.oraclecloud.com) using your credentials (tenancy name, user name and password). If you do not know those, you will have to contact a tenancy administrator. + +In order to obtain the tenancy ocid, after logging in, from the menu, select Administration -> Tenancy Details. The tenancy OCID, will be found under Tenancy information and it will be similar to **ocid1.tenancy.oc1..aaa…** + +In order to get the user ocid, after logging in, from the menu, select Identity -> Users. Find your user and click on it (you will need to have this page open for uploading the oci_api_public_key). From this page, you can get the user OCID which will be similar to **ocid1.user.oc1..aaaa…** + +#### **Creating the OCI API Key Pair and Upload it to your user page** + +Create an oci_api_key pair in order to authenticate to oci as specified in the [documentation](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#How): + +Create the .oci directory in the home of the current user + +`$ mkdir ~/.oci` + +Generate the oci api private key + +`$ openssl genrsa -out ~/.oci/oci_api_key.pem 2048` + +Make sure only the current user can access this key + +`$ chmod go-rwx ~/.oci/oci_api_key.pem` + +Generate the oci api public key from the private key + +`$ openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem` + +You will have to upload the public key to the oci console for your user (go to your user page -> API Keys -> Add Public Key and paste the contents in there) in order to be able to do make API calls. + +After uploading the public key, you can see its fingerprint into the console. You will need that fingerprint for your variables.tf file. +You can also get the fingerprint from running the following command on your local workstation by using your newly generated oci api private key. + +`$ openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c` + +#### **Generating an SSH Key Pair on UNIX or UNIX-Like Systems Using ssh-keygen** + +- Run the ssh-keygen command. + +`ssh-keygen -b 2048 -t rsa` + +- The command prompts you to enter the path to the file in which you want to save the key. A default path and file name are suggested in parentheses. For example: /home/user_name/.ssh/id_rsa. To accept the default path and file name, press Enter. Otherwise, enter the required path and file name, and then press Enter. +- The command prompts you for a passphrase. Enter a passphrase, or press ENTER if you don't want to havea passphrase. + Note that the passphrase isn't displayed when you type it in. Remember the passphrase. If you forget the passphrase, you can't recover it. When prompted, enter the passphrase again to confirm it. +- The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_rsa, then the file name of the public key would be id_rsa.pub. + Make a note of the path where you've saved the SSH key pair. + When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding SSH private key and enter the passphrase when prompted. + +#### **Getting the Region** + +Even though, you may know your region name, you will needs its identifier for the variables.tf file (for example, US East Ashburn has us-ashburn-1 as its identifier). +In order to obtain your region identifier, you will need to Navigate in the OCI Console to Administration -> Region Management +Select the region you are interested in, and save the region identifier. + + +#### **Prepare the variables.tf file** + +You will have to modify the **variables.tf** file to reflect the values that you’ve captured. + +``` +variable "tenancy_ocid" { + type = string + default = "" (tenancy ocid, obtained from OCI console - Profile -> Tenancy) +} + +variable "region" { + type = string + default = "" (the region used for deploying the infrastructure - ex: eu-frankfurt-1) +} + +variable "compartment_id" { + type = string + default = "" (the compartment used for deploying the solution - ex: compartment1) +} + +variable "user_ocid" { + type = string + default = "" (user ocid, obtained from OCI console - Profile -> User Settings) +} + +variable "fingerprint" { + type = string + default = "" (fingerprint obtained after setting up the API public key in OCI console - Profile -> User Settings -> API Keys -> Add Public Key) +} + +variable "private_key_path" { + type = string + default = "" (the path of your local oci api key - ex: /root/.ssh/oci_api_key.pem) +} + +``` + +## Repository files + + +* **modules(folder)** - Contains folders with subsystems and modules for each section of the project: networking, autonomous database, load balancer etc ; Also in the modules folder there is a folder called provisioner - that will provision your full infrastructure with the data model. +* **CONTRIBUTING.md** - Contributing guidelines, also called Contribution guidelines, the CONTRIBUTING.md file, or software contribution guidelines, is a text file which project managers include in free and open-source software packages or other open media packages for the purpose of describing how others may contribute user-generated content to the project.The file explains how anyone can engage in activities such as formatting code for submission or submitting patches +* **LICENSE** - The Universal Permissive License (UPL), Version 1.0 +* **local.tf** - Local values can be helpful to avoid repeating the same values or expressions multiple times in a configuration, but if overused they can also make a configuration hard to read by future maintainers by hiding the actual values used.Here is the place where all the resources are defined. +* **main.tf** - Main Terraform script used for instantiating the Oracle Cloud Infrastructure provider and all subsystems modules +* **outputs.tf** - Defines project's outputs that you will see after the code runs successfuly +* **provider.tf** - The terraform provider that will be used (OCI) +* **README.md** - This file +* **variables.tf** - Project's global variables + +Secondly, populate the `terraform.tf` file with the disared configuration following the information: + + +# Autonomous Data Warehouse + +The ADW subsystem / module is able to create ADW/ATP databases. + +* Parameters: + * __db_name__ - The database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted. The database name must be unique in the tenancy. + * __db_password__ - The password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (") or the username "admin", regardless of casing. The password is mandatory if source value is "BACKUP_FROM_ID", "BACKUP_FROM_TIMESTAMP", "DATABASE" or "NONE". + * __db_compute_model__ - The compute model of the Autonomous Database. This is required if using the computeCount parameter. If using cpuCoreCount then it is an error to specify computeModel to a non-null value. + * __db_compute_count__ - The compute amount available to the database. Minimum and maximum values depend on the compute model and whether the database is on Shared or Dedicated infrastructure. For an Autonomous Database on Shared infrastructure, the 'ECPU' compute model requires values in multiples of two. Required when using the computeModel parameter. When using cpuCoreCount parameter, it is an error to specify computeCount to a non-null value. + * __db_size_in_tbs__ - The size, in gigabytes, of the data volume that will be created and attached to the database. This storage can later be scaled up if needed. The maximum storage value is determined by the infrastructure shape. See Characteristics of Infrastructure Shapes for shape details. + * __db_workload__ - The Autonomous Database workload type. The following values are valid: + - OLTP - indicates an Autonomous Transaction Processing database + - DW - indicates an Autonomous Data Warehouse database + - AJD - indicates an Autonomous JSON Database + - APEX - indicates an Autonomous Database with the Oracle APEX Application Development workload type. *Note: db_workload can only be updated from AJD to OLTP or from a free OLTP to AJD. + * __db_version__ - A valid Oracle Database version for Autonomous Database.db_workload AJD and APEX are only supported for db_version 19c and above. + * __db_enable_auto_scaling__ - Indicates if auto scaling is enabled for the Autonomous Database OCPU core count. The default value is FALSE. + * __db_is_free_tier__ - Indicates if this is an Always Free resource. The default value is false. Note that Always Free Autonomous Databases have 1 CPU and 20GB of memory. For Always Free databases, memory and CPU cannot be scaled. When db_workload is AJD or APEX it cannot be true. + * __db_license_model__ - The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle PaaS and IaaS services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Database service. Note that when provisioning an Autonomous Database on dedicated Exadata infrastructure, this attribute must be null because the attribute is already set at the Autonomous Exadata Infrastructure level. When using shared Exadata infrastructure, if a value is not specified, the system will supply the value of BRING_YOUR_OWN_LICENSE. It is a required field when db_workload is AJD and needs to be set to LICENSE_INCLUDED as AJD does not support default license_model value BRING_YOUR_OWN_LICENSE. + * __db_data_safe_status__ - (Updatable) Status of the Data Safe registration for this Autonomous Database. Could be REGISTERED or NOT_REGISTERED. + * __db_operations_insights_status__ - (Updatable) Status of Operations Insights for this Autonomous Database. Values supported are ENABLED and NOT_ENABLED + * __db_database_management_status__ - Status of Database Management for this Autonomous Database. Values supported are ENABLED and NOT_ENABLED + + +Below is an example: + +``` +variable "db_name" { + type = string + default = "deployAtp" +} + +variable "db_password" { + type = string + default = "V2xzQXRwRGIxMjM0Iw==" +} + +variable "db_compute_model" { + type = string + default = "ECPU" +} + +variable "db_compute_count" { + type = number + default = 4 +} + +variable "db_size_in_tbs" { + type = number + default = 1 +} + +variable "db_workload" { + type = string + default = "OLTP" +} + +variable "db_version" { + type = string + default = "19c" +} + +variable "db_enable_auto_scaling" { + type = bool + default = true +} + +variable "db_is_free_tier" { + type = bool + default = false +} + +variable "db_license_model" { + type = string + default = "BRING_YOUR_OWN_LICENSE" +} + +variable "db_data_safe_status" { + type = string + default = "NOT_REGISTERED" + # default = "REGISTERED" +} + +variable "db_operations_insights_status" { + type = string + default = "NOT_ENABLED" + # default = "ENABLED" +} + +variable "db_database_management_status" { + type = string + # default = "NOT_ENABLED" + # default = "ENABLED" + default = "ENABLED" +} + +``` + +# Compute VM + +The compute module will create one VM bastion that will be populated with all the necessary scripts, configuration and data inside the Autonomous Database. + +This VM is using the Oracle-Linux-Cloud-Developer-8.5-2022.05.22-0 image - that commes with all the neccesarry packages to deploy the solution. +After the solution it's deployed it will create a container using docker and run a the moviestream application on top of the VM that can be accessed via http. + +For the Bastion VM the shape and the display name needs to be provided. + +More information regarding shapes can be found here: +https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm + +* Parameters for the VM Bastion Compute Configuration + * __bastion_instance_image_ocid__ - (Required) It's a map of strings with each OCID for each region inside OCI of the image that will be deployed on the VM. + * __bastion_instance_display_name__ - The name of your bastion VM instance. + * __bastion_instance_shape__ - (Required) (Updatable) The shape of an instance. The shape determines the number of CPUs, amount of memory, and other resources allocated to the instance. + +Below is an example: +``` +# Bastion Instance Variables: +# More information on what Image OCIDs you need to use based on the region can be found here: +# https://docs.oracle.com/en-us/iaas/images/image/2e439f8e-e98f-489b-82a3-338360b46b82/ +# Oracle-Linux-Cloud-Developer-8.5-2022.05.22-0 image + +variable "bastion_instance_image_ocid" { + type = map(string) + default = { + eu-amsterdam-1 = "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaabcomraotpw6apg7xvmc3xxu2avkkqpx4yj7cbdx7ebcm4d52halq" + eu-stockholm-1 = "ocid1.image.oc1.eu-stockholm-1.aaaaaaaa52kiqhwcoprmwfiuwureucv7nehqjfofoicwptpixdphzvon2mua" + me-abudhabi-1 = "ocid1.image.oc1.me-abudhabi-1.aaaaaaaa7nqsxvp4vp25gvzcrvld6xaiyxaxmzepkb5gz6us5sfkgeeez2zq" + ap-mumbai-1 = "ocid1.image.oc1.ap-mumbai-1.aaaaaaaaham2gnbrst3s46jrwchlnl3uqo7yxij7f3pqdzwx7zybu657347q" + eu-paris-1 = "ocid1.image.oc1.eu-paris-1.aaaaaaaaab5yi4bbnabymexkvwcdjlcjiue26kf3vz6dvzm6dvpttqcpaj5q" + uk-cardiff-1 = "ocid1.image.oc1.uk-cardiff-1.aaaaaaaagvgnze6oq5il7b26onoq4daeaqrghp5hx4yp3q3rvtfpnbzq4zhq" + me-dubai-1 = "ocid1.image.oc1.me-dubai-1.aaaaaaaaid5v36623wk7lyoivnqwygyaxppqfbzyo35wifxs7hkqo5caxhqa" + eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa3mdtxzi5rx2ids2tb74wmm77zvsqdaxbjlgvjpr4ytzc5njtksjq" + sa-saopaulo-1 = "ocid1.image.oc1.sa-saopaulo-1.aaaaaaaa22wjczcl7udl7w7e347zkwig7mh5p3zfbcemzs46jiaeom5lznyq" + ap-hyderabad-1 = "ocid1.image.oc1.ap-hyderabad-1.aaaaaaaaaq6ggb4u6p4fgsdcj7o2p4akt5t7gmyjnvootiytrqc5joe5pmfq" + us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaas4cu36z32iraul5otar4gl3uy4s5jkupcc4m5shfqlatjiwaoftq" + ap-seoul-1 = "ocid1.image.oc1.ap-seoul-1.aaaaaaaakrtvc67c6thtmhrwphecd66omeytl7jmv3zd2bci74j56r4xodwq" + me-jeddah-1 = "ocid1.image.oc1.me-jeddah-1.aaaaaaaaghsie5mvgzb6fbfzujidzrg7jnrraqkh6qkyh2vw7rl6cdnbpe6a" + af-johannesburg-1 = "ocid1.image.oc1.af-johannesburg-1.aaaaaaaa2sj43nffpmyqlubrj4cikfgoij7qyqhymlnhw3bj7t26lh46euia" + ap-osaka-1 = "ocid1.image.oc1.ap-osaka-1.aaaaaaaao3swjyengmcc5rz3ynp2euqskvcscqwgouzs3smaarxofxbwstcq" + uk-london-1 = "ocid1.image.oc1.uk-london-1.aaaaaaaaetscnayepwj2lto7mpgiwtom4jwkqafr3axumt3pt32cgwczkexq" + eu-milan-1 = "ocid1.image.oc1.eu-milan-1.aaaaaaaavht3nwv7qsue7ljexbqqgofogwvrlgybvtrxylm52eg6b6xrgniq" + ap-melbourne-1 = "ocid1.image.oc1.ap-melbourne-1.aaaaaaaafavk2azn6cizxnugwi7izvxsumhiuzthw6g7k2o4vuhg4l3phi3a" + eu-marseille-1 = "ocid1.image.oc1.eu-marseille-1.aaaaaaaakpex24z6rmmyvdeop72nomfui5t54lztix7t5mblqii4l7v4iecq" + il-jerusalem-1 = "ocid1.image.oc1.il-jerusalem-1.aaaaaaaafgok5gj36cnrsqo6a3p72wqpg45s3q32oxkt45fq573obioliiga" + ap-tokyo-1 = "ocid1.image.oc1.ap-tokyo-1.aaaaaaaappsxkscys22g5tha37tksf6rlec3tm776dnq7dcquaofeqqb6rna" + us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaawmvmgfvthguywgry23pugqqv2plprni37sdr2jrtzq6i6tmwdjwa" + sa-santiago-1 = "ocid1.image.oc1.sa-santiago-1.aaaaaaaatqcxvjriek3gdndhk43fdss6hmmd47fw2vmuq7ldedr5f555vx5q" + ap-singapore-1 = "ocid1.image.oc1.ap-singapore-1.aaaaaaaaouprplh2bubqudrghr46tofi3bukvtrdgiuvckylpk4kvmxyhzda" + us-sanjose-1 = "ocid1.image.oc1.us-sanjose-1.aaaaaaaaqudryedi3l4danxy5kxbwqkz3nonewp3jwb5l3tdcikhftthmtga" + ap-sydney-1 = "ocid1.image.oc1.ap-sydney-1.aaaaaaaaogu4pvw4zw2p7kjabyynczopoqipecr2gozdaolh5kem2mkdrloa" + sa-vinhedo-1 = "ocid1.image.oc1.sa-vinhedo-1.aaaaaaaa57khlnd4ziajy6wwmud2d6k3wsqkm4yce3mlzbgxeggpbu3yqbpa" + ap-chuncheon-1 = "ocid1.image.oc1.ap-chuncheon-1.aaaaaaaanod2kc3bw5l3myyd5okw4c46kapdpsu2fqgyswf4lka2hrordlla" + ca-montreal-1 = "ocid1.image.oc1.ca-montreal-1.aaaaaaaaevwlof26wfzcoajtlmykpaev7q5ekqyvkpqo2sjo3gdwzygu7xta" + ca-toronto-1 = "ocid1.image.oc1.ca-toronto-1.aaaaaaaanajb7uklrra5eq2ewx35xfi2aulyohweb2ugik7kc6bdfz6swyha" + eu-zurich-1 = "ocid1.image.oc1.eu-zurich-1.aaaaaaaameaqzqjwp45epgv2zywkaw2cxutz6gdc6jxnrrbb4ciqpyrnkczq" + } +} + +variable "bastion_instance_display_name" { + type = string + default = "ATP Web Server" +} + +variable "bastion_instance_shape" { + type = string + default = "VM.Standard2.1" +} +``` + + +# Network +This resource provides the Vcn resource in Oracle Cloud Infrastructure Core service anso This resource provides the Subnet resource in Oracle Cloud Infrastructure Core service. +The solution will create 1 VCN in your compartment, 2 subnets ( one public and one private so the analytics cloud instance can be public or private ), 2 route tables for incomming and outoing traffic, 2 Network Security Groups for ingress and egress traffic, 1 internet gateway, 2 route tables for each subnet, dhcp service, NAT Gateway and a Service Gateway. + +* Parameters + * __vcn_cidr__ - The list of one or more IPv4 CIDR blocks for the VCN that meet the following criteria: + The CIDR blocks must be valid. + They must not overlap with each other or with the on-premises network CIDR block. + The number of CIDR blocks must not exceed the limit of CIDR blocks allowed per VCN. It is an error to set both cidrBlock and cidrBlocks. Note: cidr_blocks update must be restricted to one operation at a time (either add/remove or modify one single cidr_block) or the operation will be declined. + * __public_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the public subnet. + * __private_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the private subnet. + + +Below is an example: +``` +variable "vcn_cidr" { + default = "10.0.0.0/16" +} + +variable "public_subnet_cidr" { + default = "10.0.0.0/24" +} + +variable "private_subnet_cidr" { + default = "10.0.1.0/24" +} +``` + +# Load Balancer Configuration + +* Parameters for Load Balancer Configuration + * __load_balancer_shape__ - (Required) (Updatable) A template that determines the total pre-provisioned bandwidth (ingress plus egress). To get a list of available shapes, use the ListShapes operation. Example: flexible NOTE: Starting May 2023, Fixed shapes - 10Mbps, 100Mbps, 400Mbps, 8000Mbps would be deprecated and only shape allowed would be Flexible *Note: When updating shape for a load balancer, all existing connections to the load balancer will be reset during the update process. Also 10Mbps-Micro shape cannot be updated to any other shape nor can any other shape be updated to 10Mbps-Micro. + * __load_balancer_maximum_bandwidth_in_mbps__ - (Required) (Updatable) Bandwidth in Mbps that determines the maximum bandwidth (ingress plus egress) that the load balancer can achieve. This bandwidth cannot be always guaranteed. For a guaranteed bandwidth use the minimumBandwidthInMbps parameter. The values must be between minimumBandwidthInMbps and 8000 (8Gbps). Example: 1500 + * __load_balancer_minimum_bandwidth_in_mbps__ - (Required) (Updatable) Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 10 and the maximumBandwidthInMbps. Example: 150 + * __load_balancer_display_name__ - (Required) (Updatable) A user-friendly name. It does not have to be unique, and it is changeable. Avoid entering confidential information. Example: example_load_balancer + +Below is an example: + +``` +variable "load_balancer_shape" { + default = "flexible" +} + +variable "load_balancer_maximum_bandwidth_in_mbps" { + type = number + default = 400 +} + +variable "load_balancer_minimum_bandwidth_in_mbps" { + type = number + default = 10 +} + +variable "load_balancer_display_name" { + default = "lbatp" +} +``` + + +## Running the code + +``` +# Run init to get terraform modules +$ terraform init + +# Create the infrastructure +$ terraform apply --auto-approve + +# If you are done with this infrastructure, take it down +$ terraform destroy --auto-approve +``` + +## What to do after the Deployment via Terraform CLI +---------------- + +- After the solution was deployed successfully from Terraform CLI you will have some outputs on the screen. + +Example of output: + +``` + +Outputs: + +ADW_Database_db_connection = tolist([ + { + "all_connection_strings" = tomap({ + "HIGH" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_high.adb.oraclecloud.com" + "LOW" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_low.adb.oraclecloud.com" + "MEDIUM" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_medium.adb.oraclecloud.com" + "TP" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_tp.adb.oraclecloud.com" + "TPURGENT" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_tpurgent.adb.oraclecloud.com" + }) + "dedicated" = "" + "high" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_high.adb.oraclecloud.com" + "low" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_low.adb.oraclecloud.com" + "medium" = "adb.us-ashburn-1.oraclecloud.com:1522/rddainsuh6u1okc_deployatp_medium.adb.oraclecloud.com" + "profiles" = tolist([ + { + "consumer_group" = "HIGH" + "display_name" = "deployatp_high" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "SERVER" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_high.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "LOW" + "display_name" = "deployatp_low" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "SERVER" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_low.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "MEDIUM" + "display_name" = "deployatp_medium" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "SERVER" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_medium.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "TP" + "display_name" = "deployatp_tp" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "SERVER" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_tp.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "TPURGENT" + "display_name" = "deployatp_tpurgent" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "SERVER" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_tpurgent.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "HIGH" + "display_name" = "deployatp_high" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "MUTUAL" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_high.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "LOW" + "display_name" = "deployatp_low" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "MUTUAL" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_low.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "MEDIUM" + "display_name" = "deployatp_medium" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "MUTUAL" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_medium.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "TP" + "display_name" = "deployatp_tp" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "MUTUAL" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_tp.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + { + "consumer_group" = "TPURGENT" + "display_name" = "deployatp_tpurgent" + "host_format" = "FQDN" + "is_regional" = false + "protocol" = "TCPS" + "session_mode" = "DIRECT" + "syntax_format" = "LONG" + "tls_authentication" = "MUTUAL" + "value" = "(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=vezmsz1y.adb.us-ashburn-1.oraclecloud.com))(connect_data=(service_name=rddainsuh6u1okc_deployatp_tpurgent.adb.oraclecloud.com))(security=(ssl_server_dn_match=no)))" + }, + ]) + }, +]) +ADW_Database_ip = "10.0.1.40" +Database_Actions = [ + "https://vezmsz1y.adb.us-ashburn-1.oraclecloudapps.com/ords/sql-developer", +] +adb_admin_password = +adb_user_name = "USER_WORKSHOP" +adb_user_password = "AaBbCcDdEe123!" +adb_workshop_base = "WORKSHOP" +database_fully_qualified_name = "vezmsz1y.adb.us-ashburn-1.oraclecloudapps.com" +graph_studio_url = [ + "https://vezmsz1y.adb.us-ashburn-1.oraclecloudapps.com/graphstudio/", +] +load_balancer_IP = [ + tolist([ + "157.151.255.207", + ]), +] +load_balancer_url = "https://157.151.255.207" +machine_learning_user_management_url = [ + "https://vezmsz1y.adb.us-ashburn-1.oraclecloudapps.com/omlusers/", +] + +``` + +## Connect to Autonomous Database +Please use the public IP address listed on the load_balancer_url output to connect to the autonomous database application via a web-browser. + +A database user was created during the deployment. You can connect as that user using: + +* User: `USER_WORKSHOP`, Password: `AaBbCcDdEe123!` , WorkShop: `WORKSHOP` +* User: `ADMIN`, Password: `V2xzQXRwRGIxMjM0Iw==` + +Please change these passwords after deployment. + + +## Documentation + +[Autonomous Databases Overview](https://docs.oracle.com/en-us/iaas/Content/Database/Concepts/adboverview.htm) + +[Terraform Autonomous Databases Resource](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/database_autonomous_database) + + +## The Team +- **Owners**: [Corina Todea](https://github.com/ctodearo) , [Panaitescu Ionel](https://github.com/ionelpanaitescu) + +## Feedback +We welcome your feedback. To post feedback, submit feature ideas or report bugs, please use the Issues section on this repository. + +## Known Issues +**At the moment, there are no known issues for this solution** + + diff --git a/cloud-foundation/solutions/ATP Deployment/locals.tf b/cloud-foundation/solutions/ATP Deployment/locals.tf index 5c7590a..a15c841 100644 --- a/cloud-foundation/solutions/ATP Deployment/locals.tf +++ b/cloud-foundation/solutions/ATP Deployment/locals.tf @@ -1,11 +1,21 @@ +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + + data "oci_identity_availability_domains" "ADs" { compartment_id = var.tenancy_ocid } -data "oci_core_images" "linux_image" { - compartment_id = var.compartment_id - operating_system = "Oracle Linux" - shape = "VM.Standard2.1" +data "oci_identity_tenancy" "tenancy" { + tenancy_id = var.tenancy_ocid +} + +data oci_identity_regions regions { +} + +data "template_file" "ad_names" { + count = length(data.oci_identity_availability_domains.ADs.availability_domains) + template = lookup(data.oci_identity_availability_domains.ADs.availability_domains[count.index], "name") } data "oci_core_services" "sgw_services" { @@ -16,6 +26,459 @@ data "oci_core_services" "sgw_services" { } } -locals{ - oracle_linux = lookup(data.oci_core_images.linux_image.images[1],"id") -} \ No newline at end of file +data "oci_identity_region_subscriptions" "home_region_subscriptions" { + tenancy_id = var.tenancy_ocid + + filter { + name = "is_home_region" + values = [true] + } +} + + +locals { + + +# Create Autonomous Data Warehouse + adw_params = { + adw = { + compartment_id = var.compartment_id + compute_model = var.db_compute_model + compute_count = var.db_compute_count + size_in_tbs = var.db_size_in_tbs + db_name = var.db_name + db_workload = var.db_workload + db_version = var.db_version + enable_auto_scaling = var.db_enable_auto_scaling + is_free_tier = var.db_is_free_tier + license_model = var.db_license_model + create_local_wallet = true + database_admin_password = var.db_password + database_wallet_password = var.db_password + data_safe_status = var.db_data_safe_status + operations_insights_status = var.db_operations_insights_status + database_management_status = var.db_database_management_status + is_mtls_connection_required = false + subnet_id = lookup(module.network-subnets.subnets,"private-subnet").id + nsg_ids = [lookup(module.network-security-groups.nsgs, "private-nsgs-list").id] + defined_tags = {} + }, +} + +# Create Instance + instance_params = { + vnc-instance = { + availability_domain = 1 + compartment_id = var.compartment_id + display_name = var.bastion_instance_display_name + shape = var.bastion_instance_shape + defined_tags = {} + freeform_tags = {} + subnet_id = lookup(module.network-subnets.subnets,"public-subnet").id + vnic_display_name = "" + assign_public_ip = true + hostname_label = "" + nsg_ids = [lookup(module.network-security-groups.nsgs,"public-nsgs-list").id] + source_type = "image" + source_id = var.bastion_instance_image_ocid[var.region] + metadata = { + ssh_authorized_keys = module.keygen.OPCPrivateKey.public_key_openssh + } + fault_domain = "" + provisioning_timeout_mins = "30" + } +} + + +## Creates the VCN "vcn with the CIDR BLOCK 10.0.0.0/16" + vcns-lists = { + vcn = { + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = "vcn" + is_create_igw = true + is_attach_drg = false // put true if you want to have drg attached ! + block_nat_traffic = false + subnets = {} + defined_tags = {} + freeform_tags = {} + } +} + +#creates the subnet "public-subnet - 10.0.0.0/24 and private-subnet - 10.0.1.0/24" + subnet-lists = { + "" = { + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = "vcn" + is_create_igw = false + is_attach_drg = false + block_nat_traffic = false + + subnets = { + public-subnet = { + compartment_id=var.compartment_id, + vcn_id=lookup(module.network-vcn.vcns,"vcn").id, + availability_domain="" + cidr=var.public_subnet_cidr, + dns_label="public", + private=false, + dhcp_options_id="", + security_list_ids=[module.network-security-lists.security_lists["public_security_list"].id], + defined_tags = {} + freeform_tags = {} + } + private-subnet = { + compartment_id=var.compartment_id, + vcn_id=lookup(module.network-vcn.vcns,"vcn").id, + availability_domain="" + cidr=var.private_subnet_cidr, + dns_label="private", + private=true, + dhcp_options_id="", + security_list_ids=[module.network-security-lists.security_lists["private_security_list"].id], + defined_tags = {} + freeform_tags = {} + } + } + defined_tags = {} + freeform_tags = {} + } + } + +#create routing table attached to vcn and subnet to route traffic via IGW + subnets_route_tables = { + public_route_table-igw = { + compartment_id = var.compartment_id, + vcn_id=lookup(module.network-vcn.vcns,"vcn").id, + subnet_id = lookup(module.network-subnets.subnets,"public-subnet").id, + route_table_id = "", + route_rules = [{ + is_create = true, + destination = "0.0.0.0/0", + destination_type = "CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.internet_gateways, lookup(module.network-vcn.vcns,"vcn").id).id, + description = "" + }], + defined_tags = {} + }, + private_route_table-nat = { + compartment_id = var.compartment_id, + vcn_id=lookup(module.network-vcn.vcns,"vcn").id, + subnet_id = lookup(module.network-subnets.subnets,"private-subnet").id, + route_table_id = "", + route_rules = [{ + is_create = true, + destination = "0.0.0.0/0", + destination_type = "CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.nat_gateways, lookup(module.network-vcn.vcns,"vcn").id).id, + description = "" + }], + defined_tags = {} + } + } + +network-routing-attachment = { + "" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"vcn").id, + subnet_id = lookup(module.network-subnets.subnets,"public-subnet").id, + route_table_id = lookup(module.network-routing.subnets_route_tables,"public_route_table-igw").id, + route_rules = [], + defined_tags = {} + } +} + +#create security list - opening port 22 ssh and port 80 - http + security_lists = { + public_security_list = { + vcn_id = lookup(module.network-vcn.vcns,"vcn").id, + compartment_id = var.compartment_id, + defined_tags = {} + ingress_rules = concat([{ + stateless = false + protocol = "6" // tcp + src = "0.0.0.0/0" + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 22, max= 22}, + icmp_type = null, + icmp_code = null + }], + [{ + stateless = false + protocol = "6" // tcp + src = "0.0.0.0/0" + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 443, max=443}, + icmp_type = null, + icmp_code = null + }], + [{ + stateless = false + protocol = "6" // tcp + src = "0.0.0.0/0" + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 80, max=80}, + icmp_type = null, + icmp_code = null + }], + [{ + stateless = false + protocol = "all" + src = "0.0.0.0/0" + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }]), + egress_rules = [{ + stateless = false, + protocol = "all", + dst = "0.0.0.0/0", + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }], + } + private_security_list = { + vcn_id = lookup(module.network-vcn.vcns,"vcn").id, + compartment_id = var.compartment_id, + defined_tags = {} + ingress_rules = concat([{ + stateless = false + protocol = "all" + src = var.vcn_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }], + [{ + stateless = false + protocol = "6" + src = var.vcn_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 22, max=22}, + icmp_type = null, + icmp_code = null + }], + [{ + stateless = false + protocol = "17" + src = var.vcn_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 3306, max=3306}, + icmp_type = null, + icmp_code = null + }]), + egress_rules = [{ + stateless = false, + protocol = "all", + dst = "0.0.0.0/0", + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }] + } + } + +# Create Network Security lists - public and private + nsgs-lists = { + public-nsgs-list = { + vcn_id = lookup(module.network-vcn.vcns,"vcn").id, + compartment_id = var.compartment_id, + defined_tags = {} + ingress_rules = { + web_ingress = { + is_create = true, + description = "web security ingress rule", + protocol = "6", // tcp + stateless = false, + src = "0.0.0.0/0", + src_type = "CIDR_BLOCK", + src_port_min = null, + src_port_max = null, + dst_port_min = 80, + dst_port_max = 80, + icmp_type = null, + icmp_code = null + }, + all_ingress = { + is_create = true, + description = "all security ingress rule", + protocol = "all", + stateless = false, + src = "0.0.0.0/0", + src_type = "CIDR_BLOCK", + src_port_min = null, + src_port_max = null, + dst_port_min = null, + dst_port_max = null, + icmp_type = null, + icmp_code = null + } + }, + egress_rules = { + web_igw_egress = { + is_create = true, + description = "web internet security egress rule", + protocol = "all", // tcp + stateless = false, + dst = "0.0.0.0/0", + dst_type = "CIDR_BLOCK", + src_port_min = null, + src_port_max = null, + dst_port_min = null, + dst_port_max = null, + icmp_type = null, + icmp_code = null + }, + } + } + private-nsgs-list = { + vcn_id = lookup(module.network-vcn.vcns,"vcn").id, + compartment_id = var.compartment_id, + defined_tags = {} + ingress_rules = { ingress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + src = var.private_subnet_cidr, + src_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + egress_rules = { egress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + dst = "0.0.0.0/0", + dst_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }} + } + } + + + + +# Calling the Load Balancer module + + lb-params = { + lboac = { + shape = var.load_balancer_shape + compartment_id = var.compartment_id + subnet_ids = [lookup(module.network-subnets.subnets,"public-subnet").id] + network_security_group_ids = [lookup(module.network-security-groups.nsgs,"public-nsgs-list").id] + maximum_bandwidth_in_mbps = var.load_balancer_maximum_bandwidth_in_mbps + minimum_bandwidth_in_mbps = var.load_balancer_minimum_bandwidth_in_mbps + display_name = var.load_balancer_display_name + is_private = false + defined_tags = {} + freeform_tags = {} + } +} + + lb-backendset-params = { + lb-backendset = { + name = "lb-backendset" + load_balancer_id = module.lb.load_balancer_id + policy = "ROUND_ROBIN" + port = "443" + protocol = "HTTP" + response_body_regex = "" + url_path = "/" + return_code = "302" + certificate_ids = null + certificate_name = module.lb-demo_certificate.CertificateNames[0] + cipher_suite_name = "oci-default-ssl-cipher-suite-v1" + protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] + trusted_certificate_authority_ids = null + server_order_preference = null + verify_depth = null + verify_peer_certificate = false + } +} + + lb-listener-https-params = { + "lb-listener" = { + load_balancer_id = module.lb.load_balancer_id + name = "https" + default_backend_set_name = module.lb-backendset.BackendsetNames[0] + port = "443" + protocol = "HTTP" + rule_set_names = [module.SSL_headers.SSLHeadersNames[0]] + idle_timeout_in_seconds = "10" + certificate_name = module.lb-demo_certificate.CertificateNames[0] + verify_peer_certificate = false + } +} + + lb-backend-params = { + "lb-backend" = { + load_balancer_id = module.lb.load_balancer_id + backendset_name = module.lb-backendset.BackendsetNames[0] + ip_address = module.adb.private_endpoint_ip + port = "443" + backup = false + drain = false + offline = false + weight = "1" + } +} + + SSL_headers-params = { + lb-SSLHeaders = { + load_balancer_id = module.lb.load_balancer_id + name = "SSLHeaders" + SSLitems = [{item={ + action = "ADD_HTTP_REQUEST_HEADER" + header = "Proxy-SSL" + value = "true" + }}, + {item={ + action = "ADD_HTTP_REQUEST_HEADER" + header = "is_ssl" + value = "ssl" + }}] + countSSL = 2 + } +} + + demo_certificate-params = { + lb-certificate = { + certificate_name = "demo_cert" + load_balancer_id = module.lb.load_balancer_id + public_certificate = module.keygen.CertPem.cert_pem + private_key = module.keygen.SSPrivateKey.private_key_pem + ca_certificate = module.keygen.CertPem.cert_pem + passphrase = null + } +} + + + + +} diff --git a/cloud-foundation/solutions/ATP Deployment/main.tf b/cloud-foundation/solutions/ATP Deployment/main.tf index 5900858..f29c438 100644 --- a/cloud-foundation/solutions/ATP Deployment/main.tf +++ b/cloud-foundation/solutions/ATP Deployment/main.tf @@ -1,541 +1,122 @@ -module "network-vcn-subnets-gw" { +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. - source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" +# Create ADW Database with Endpoint in private subnet +module "adb" { + source = "../../../cloud-foundation/modules/cloud-foundation-library/database/adb" + adw_params = local.adw_params +} + + +# Networking +module "network-vcn" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" compartment_id = var.compartment_id service_label = "" service_gateway_cidr = lookup(data.oci_core_services.sgw_services.services[0], "cidr_block") + vcns = { + for k,v in local.vcns-lists : k => v if v.compartment_id != "" + } +} - vcns = { - - #Replace the key "deploy-vcn" with the name desired - deploy-vcn = { - - compartment_id = var.compartment_id - cidr = "10.0.0.0/16" - dns_label = "VCN" - is_create_igw = true - is_attach_drg = false - block_nat_traffic = false - - subnets = { - deploy-instance-subnet = { - compartment_id=var.compartment_id, - vcn_id="", - availability_domain=lookup(data.oci_identity_availability_domains.ADs.availability_domains[0], "name"), - cidr="10.0.1.0/24", - dns_label="sub1", - private=false, - dhcp_options_id="", - security_list_ids=[], - defined_tags={}, - freeform_tags={} - }, - deploy-atp-endpoint-subnet = { - compartment_id=var.compartment_id, - vcn_id="", - availability_domain=lookup(data.oci_identity_availability_domains.ADs.availability_domains[0], "name"), - cidr="10.0.2.0/24", - dns_label="sub2", - private=true, - dhcp_options_id = "", - prohibit_public_ip_on_vnic = true, - security_list_ids=[], - defined_tags={}, - freeform_tags={} - }, - deploy-lb-subnet = { - compartment_id=var.compartment_id, - vcn_id="", - availability_domain="", - cidr="10.0.3.0/24", - dns_label="sub3", - private=false, - dhcp_options_id="", - security_list_ids=[], - defined_tags={}, - freeform_tags={} - } - } - - defined_tags = {} - freeform_tags = {} - } +module "network-subnets" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" + compartment_id = var.compartment_id + service_label = "" + service_gateway_cidr = lookup(data.oci_core_services.sgw_services.services[0], "cidr_block") + vcns = { + for k,v in local.subnet-lists : k => v if v.compartment_id != "" } } -#Create routing table attached to vcn and subnets to route traffic via IGW/NAT module "network-routing" { - source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" - compartment_id = var.compartment_id - subnets_route_tables = { - - deploy-routetable-igw = { - - compartment_id = var.compartment_id, - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - subnet_id = lookup(module.network-vcn-subnets-gw.subnets,"deploy-instance-subnet").id, - route_table_id = "", - route_rules = [{ - is_create = true, - destination = "0.0.0.0/0", - destination_type = "CIDR_BLOCK", - network_entity_id = lookup(module.network-vcn-subnets-gw.internet_gateways, lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id).id, - description = "" - }], - defined_tags = {} - }, - deploy-routetable-nat = { - - compartment_id = var.compartment_id, - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - subnet_id = lookup(module.network-vcn-subnets-gw.subnets,"deploy-atp-endpoint-subnet").id, - route_table_id = "", - route_rules = [{ - is_create = true, - destination = "0.0.0.0/0", - destination_type = "CIDR_BLOCK", - network_entity_id = lookup(module.network-vcn-subnets-gw.nat_gateways, lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id).id, - description = "" - }], - defined_tags = {} - } - } + for k,v in local.subnets_route_tables : k => v if v.compartment_id != "" + } } -module "routing-attachment" { - +module "network-routing-attachment" { source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" - compartment_id = var.compartment_id - - subnets_route_tables = { - "" = { - compartment_id = var.compartment_id, - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - subnet_id = lookup(module.network-vcn-subnets-gw.subnets,"deploy-lb-subnet").id, - route_table_id = lookup(module.network-routing.subnets_route_tables,"deploy-routetable-igw").id, - route_rules = [], - defined_tags = {} - } - } + subnets_route_tables = local.network-routing-attachment } -#Create NSGs - opening port 22 ssh and port 80 - http -module "network-nsgs" { - +module "network-security-lists" { source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" compartment_id = var.compartment_id - ports_not_allowed_from_anywhere_cidr = [3390,4500] - - #nsgs lists map - nsgs = { - web-nsg = { - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - ingress_rules = { - web_ingress = { - is_create = true, - description = "web security ingress rule", - protocol = "6", // tcp - stateless = false, - src = "0.0.0.0/0", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = 80, - dst_port_max = 80, - icmp_type = null, - icmp_code = null - } - }, - egress_rules = { - web_igw_egress = { - is_create = true, - description = "web internet security egress rule", - protocol = "all", // tcp - stateless = false, - dst = "0.0.0.0/0", - dst_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - }, - web_atp_egress = { - is_create = true, - description = "web atp security egress rule", - protocol = "6", // tcp - stateless = false, - dst = "atp-nsg", - dst_type = "NSG_NAME", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - } - } - }, - ssh-nsg = { - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - ingress_rules = { - ssh_ingress = { - is_create = true, - description = "ssh security ingress rule", - protocol = "6", // tcp - stateless = false, - src = "0.0.0.0/0", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = 22, - dst_port_max = 22, - icmp_type = null, - icmp_code = null - } - }, - egress_rules = { - ssh_egress = { - is_create = true, - description = "ssh security egress rule", - protocol = "6", // tcp - stateless = false, - dst = "0.0.0.0/0", - dst_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - } - } - }, - atp-nsg = { - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - ingress_rules = { - atp_ingress = { - is_create = true, - description = "atp security ingress rule", - protocol = "ALL", // tcp - stateless = false, - src = "10.0.0.0/16", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = 1522, - dst_port_max = 1522, - icmp_type = null, - icmp_code = null - }, - atp_ingress_1521 = { - is_create = true, - description = "atp security ingress rule", - protocol = "ALL", // tcp - stateless = false, - src = "10.0.0.0/16", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = 1521, - dst_port_max = 1521, - icmp_type = null, - icmp_code = null - }, - atp_ingress_port = { - is_create = true, - description = "atp security ingress rule", - protocol = "ALL", // tcp - stateless = false, - src = "10.0.0.0/16", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = 443, - dst_port_max = 443, - icmp_type = null, - icmp_code = null - } - }, - egress_rules = { - web_egress = { - is_create = true, - description = "atp security egress rule", - protocol = "ALL", // tcp - stateless = false, - dst = "10.0.0.0/16", - dst_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - } - } - }, - lb-nsg = { - vcn_id = lookup(module.network-vcn-subnets-gw.vcns,"deploy-vcn").id, - ingress_rules = { - lb_igw_ingress = { - is_create = true, - description = "lb security ingress rule", - protocol = "all", - stateless = false, - src = "0.0.0.0/0", - src_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - } - }, - egress_rules = { - lb_igw_egress = { - is_create = true, - description = "lb internet security egress rule", - protocol = "all", // tcp - stateless = false, - dst = "0.0.0.0/0", - dst_type = "CIDR_BLOCK", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - }, - lb_atp_egress = { - is_create = true, - description = "lb atp security egress rule", - protocol = "6", // tcp - stateless = false, - dst = "atp-nsg", - dst_type = "NSG_NAME", - src_port_min = null, - src_port_max = null, - dst_port_min = null, - dst_port_max = null, - icmp_type = null, - icmp_code = null - } - } - } + ports_not_allowed_from_anywhere_cidr = [] + security_lists = { + for k,v in local.security_lists : k => v if v.compartment_id != "" } } -#Generate instance public/private key pair -module "keygen" { - source = "../../../cloud-foundation/modules/cloud-foundation-library/keygen" - display_name = "deploy-lb-subnet" - subnet_domain_name = lookup(module.network-vcn-subnets-gw.subnets,"deploy-lb-subnet").subnet_domain_name +module "network-security-groups" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + nsgs = local.nsgs-lists } -module "lb" { +# Calling the Load Balancer module +module "lb" { source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - lb-params = { - "lb-adb" = { - shape = "flexible" - compartment_id = var.compartment_id - subnet_ids = [lookup(module.network-vcn-subnets-gw.subnets,"deploy-lb-subnet").id] - network_security_group_ids = [lookup(module.network-nsgs.nsgs,"lb-nsg").id] - maximum_bandwidth_in_mbps = 400 - minimum_bandwidth_in_mbps = 10 - display_name = "atp-lb" - is_private = false - defined_tags = {} - freeform_tags = {} - } - } + lb-params = local.lb-params } module "lb-backendset" { - source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - lb-backendset-params = { - "lb-backendset" = { - name = "lb-backendset" - load_balancer_id = module.lb.load_balancer_id - policy = "ROUND_ROBIN" - port = "443" - protocol = "HTTP" - response_body_regex = "" - url_path = "/" - return_code = "302" - certificate_ids = null - certificate_name = module.lb-demo_certificate.CertificateNames[0] - cipher_suite_name = "oci-default-ssl-cipher-suite-v1" - protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] - trusted_certificate_authority_ids = null - server_order_preference = null - verify_depth = null - verify_peer_certificate = false - } - } + lb-backendset-params = local.lb-backendset-params } module "lb-listener-https" { source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - lb-listener-https-params = { - "lb-listener" = { - load_balancer_id = module.lb.load_balancer_id - name = "https" - default_backend_set_name = module.lb-backendset.BackendsetNames[0] - port = "443" - protocol = "HTTP" - rule_set_names = [module.SSL_headers.SSLHeadersNames[0]] - idle_timeout_in_seconds = "10" - certificate_name = module.lb-demo_certificate.CertificateNames[0] - verify_peer_certificate = false - } -} + lb-listener-https-params = local.lb-listener-https-params } module "lb-backend" { - source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - lb-backend-params = { - "lb-backend" = { - load_balancer_id = module.lb.load_balancer_id - backendset_name = module.lb-backendset.BackendsetNames[0] - ip_address = module.database-atp.private_endpoint_ip - port = "443" - backup = false - drain = false - offline = false - weight = "1" - - } -} + lb-backend-params = local.lb-backend-params } module "SSL_headers" { - source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - SSL_headers-params = { - "lb-SSLHeaders" = { - load_balancer_id = module.lb.load_balancer_id - name = "SSLHeaders" - SSLitems = [{item={ - action = "ADD_HTTP_REQUEST_HEADER" - header = "Proxy-SSL" - value = "true" - }}, - {item={ - action = "ADD_HTTP_REQUEST_HEADER" - header = "is_ssl" - value = "ssl" - }}] - countSSL = 2 - } -} + SSL_headers-params = local.SSL_headers-params } module "lb-demo_certificate" { - source = "../../../cloud-foundation/modules/cloud-foundation-library/lb" - - demo_certificate-params = { - - "lb-certificate" = { - - certificate_name = "demo_cert" - load_balancer_id = module.lb.load_balancer_id - - public_certificate = module.keygen.CertPem.cert_pem - private_key = module.keygen.SSPrivateKey.private_key_pem - ca_certificate = module.keygen.CertPem.cert_pem - passphrase = null - } -} + demo_certificate-params = local.demo_certificate-params } -#Create ATP Database with Endpoint in private subnet -module "database-atp" { - - source = "../../../cloud-foundation/modules/cloud-foundation-library/database/atp" - - tenancy_ocid = var.tenancy_ocid - compartment_ocid = var.compartment_id - - autonomous_database_cpu_core_count="2" - autonomous_database_db_name="deployAtp" - autonomous_database_admin_password="V2xzQXRwRGIxMjM0Iw==" - autonomous_database_data_storage_size_in_tbs="1" - - nsg_ids = [lookup(module.network-nsgs.nsgs,"atp-nsg").id] - subnet_id = lookup(module.network-vcn-subnets-gw.subnets,"deploy-atp-endpoint-subnet").id - is_mtls_connection_required = false +# Generate public and private keys +module "keygen" { + source = "../../../cloud-foundation/modules/cloud-foundation-library/keygen" } -#Create Web Server - compute instance -module "web-instance" { - - source = "../../../cloud-foundation/modules/cloud-foundation-library/instance" - - instance_params = { - - deploy-web-instance = { - - availability_domain = lookup(data.oci_identity_availability_domains.ADs.availability_domains[0], "name") - - compartment_id = var.compartment_id - display_name = "ATP Web Server" - shape = "VM.Standard2.1" - - defined_tags = {} - freeform_tags = {} - - subnet_id = lookup(module.network-vcn-subnets-gw.subnets,"deploy-instance-subnet").id - vnic_display_name = "" - assign_public_ip = true - hostname_label = "" - nsg_ids = [lookup(module.network-nsgs.nsgs,"web-nsg").id] - - ocpus = 1 - source_type = "image" - source_id = local.oracle_linux - - metadata = { - ssh_authorized_keys = module.keygen.OPCPrivateKey.public_key_openssh - } - - are_legacy_imds_endpoints_disabled = true - fault_domain = "" - - provisioning_timeout_mins = "30" - - } - } +# Create Web Server - compute instance +module "web-instance" { + source = "../../../cloud-foundation/modules/cloud-foundation-library/instance_with_out_flexible" + tenancy_ocid = var.tenancy_ocid + instance_params = local.instance_params } + #Connect to instance and execute provision of web server module "provisioner" { - source = "./modules/provisioner" - + depends_on = [module.adb, module.keygen, module.web-instance] host = module.web-instance.InstancePublicIPs[0] private_key = module.keygen.OPCPrivateKey["private_key_pem"] - atp_url = module.database-atp.url - db_password = base64decode("V2xzQXRwRGIxMjM0Iw==") - conn_db = module.database-atp.db_connection[0].profiles[1].value + atp_url = module.adb.adw_sql_dev_web_urls + db_password = var.db_password + db_name = var.db_name + conn_db = module.adb.db_connection[0].profiles[1].value } diff --git a/cloud-foundation/solutions/ATP Deployment/modules/provisioner/provisioner.tf b/cloud-foundation/solutions/ATP Deployment/modules/provisioner/provisioner.tf index c57f1d0..be0e925 100644 --- a/cloud-foundation/solutions/ATP Deployment/modules/provisioner/provisioner.tf +++ b/cloud-foundation/solutions/ATP Deployment/modules/provisioner/provisioner.tf @@ -1,5 +1,22 @@ +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + + resource "null_resource" "remote-exec" { + + provisioner "file" { + source = "wallet_${var.db_name}.zip" + destination = "/home/opc/wallet_${var.db_name}.zip" + connection { + agent = false + timeout = "30m" + host = var.host + user = "opc" + private_key = var.private_key + } + } + provisioner "file" { source = "./modules/provisioner/file_envs.sh" destination = "/tmp/file_envs.sh" @@ -63,15 +80,16 @@ resource "null_resource" "remote-exec" { "echo '

Accessing from Web Server pre-deployed REST services on the ATP database.

' >> /usr/share/nginx/html/index.html", "sudo /bin/yum install -y java-1.8.0-openjdk sqlcl", "sudo chmod 777 /tmp/file_envs.sh", + "sudo chmod 777 /home/opc/wallet_${var.db_name}.zip", "sudo chmod 777 /home/opc/script_provisioning.sql", "sudo chmod 777 /home/opc/f101.sql", "sh /tmp/file_envs.sh", "echo 'Getting connected'", - "sql ADMIN/${var.db_password}@'${var.conn_db}' @/home/opc/script_provisioning.sql", - "sql USER_WORKSHOP/AaBbCcDdEe123!@'${var.conn_db}' @/home/opc/f101.sql", + "sql -cloudconfig wallet_${var.db_name}.zip ADMIN/${var.db_password}@'${var.conn_db}' @/home/opc/script_provisioning.sql", + "sql -cloudconfig wallet_${var.db_name}.zip USER_WORKSHOP/AaBbCcDdEe123!@'${var.conn_db}' @/home/opc/f101.sql", "echo 'Connected'", - "echo ${var.atp_url}", - "curl -X GET -u 'USER_WORKSHOP:AaBbCcDdEe123!' -H 'Content-Type: application/json' '${var.atp_url}/r/workshop/hellouser' >> /usr/share/nginx/html/index.html", + "echo ${var.atp_url.adw}", + "curl -X GET -u 'USER_WORKSHOP:AaBbCcDdEe123!' -H 'Content-Type: application/json' '${var.atp_url.adw}/r/workshop/hellouser' >> /usr/share/nginx/html/index.html", ] } } diff --git a/cloud-foundation/solutions/ATP Deployment/modules/provisioner/variables.tf b/cloud-foundation/solutions/ATP Deployment/modules/provisioner/variables.tf index 0b84f89..a1d8479 100644 --- a/cloud-foundation/solutions/ATP Deployment/modules/provisioner/variables.tf +++ b/cloud-foundation/solutions/ATP Deployment/modules/provisioner/variables.tf @@ -1,3 +1,6 @@ +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + variable "host" {} variable "private_key" {} variable "atp_url" { @@ -12,3 +15,6 @@ variable "conn_db" { } +variable "db_name" { + default = "" +} \ No newline at end of file diff --git a/cloud-foundation/solutions/ATP Deployment/outputs.tf b/cloud-foundation/solutions/ATP Deployment/outputs.tf index 81874c7..b6d93af 100644 --- a/cloud-foundation/solutions/ATP Deployment/outputs.tf +++ b/cloud-foundation/solutions/ATP Deployment/outputs.tf @@ -1,4 +1,65 @@ +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + resource "local_file" "private_key" { content = module.keygen.OPCPrivateKey["private_key_pem"] filename = "private_key.pem" -} \ No newline at end of file +} + +# Autonomous Database Outputs: + +output "adb_admin_password" { + description = "ADB Admin password" + value = var.db_password + sensitive = true +} + +output "adb_workshop_base" { + description = "Workshop name" + value = "WORKSHOP" +} + +output "adb_user_name" { + description = "Workshop user name" + value = "USER_WORKSHOP" +} + +output "adb_user_password" { + description = "Workshop user initial password" + value = "AaBbCcDdEe123!" +} + + +output "ADW_Database_db_connection" { + value = module.adb.db_connection +} + +output "database_fully_qualified_name" { + value = module.adb.database_fully_qualified_name +} + +output "ADW_Database_ip" { + value = module.adb.private_endpoint_ip +} + +output "Database_Actions" { + value = module.adb.url +} + +output "graph_studio_url" { + value = module.adb.graph_studio_url +} + +output "machine_learning_user_management_url" { + value = module.adb.machine_learning_user_management_url +} + +# Load Balancer Outputs: + +output "load_balancer_IP" { + value = module.lb.load_balancer_IP +} + +output "load_balancer_url" { + value = "https://${tolist(module.lb.load_balancer_IP)[0][0]}" +} diff --git a/cloud-foundation/solutions/ATP Deployment/provider.tf b/cloud-foundation/solutions/ATP Deployment/provider.tf index d5b0038..b9074a8 100644 --- a/cloud-foundation/solutions/ATP Deployment/provider.tf +++ b/cloud-foundation/solutions/ATP Deployment/provider.tf @@ -1,10 +1,31 @@ -provider "oci" { - version = ">= 4.37.0" - tenancy_ocid = "${var.tenancy_ocid}" - user_ocid = "${var.user_ocid}" - fingerprint = "${var.fingerprint}" - private_key_path = "${var.private_key_path}" - region = "${var.region}" +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">= 5.30.0" + } + } + required_version = ">= 1.5.5" } +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region + disable_auto_retries = false +} + +provider "oci" { + alias = "homeregion" + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name + disable_auto_retries = false +} \ No newline at end of file diff --git a/cloud-foundation/solutions/ATP Deployment/terraform.tfvars b/cloud-foundation/solutions/ATP Deployment/terraform.tfvars deleted file mode 100644 index ea7bdde..0000000 --- a/cloud-foundation/solutions/ATP Deployment/terraform.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -# OCI authentication - -tenancy_ocid= -user_ocid= -fingerprint= -private_key_path= -region= -compartment_id= diff --git a/cloud-foundation/solutions/ATP Deployment/variables.tf b/cloud-foundation/solutions/ATP Deployment/variables.tf index a83f999..f680925 100644 --- a/cloud-foundation/solutions/ATP Deployment/variables.tf +++ b/cloud-foundation/solutions/ATP Deployment/variables.tf @@ -1,6 +1,191 @@ -variable "tenancy_ocid" {} -variable "region" {} -variable "user_ocid" {} -variable "fingerprint" {} -variable "private_key_path" {} -variable "compartment_id" {} \ No newline at end of file +# Copyright © 2025, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "tenancy_ocid" { + type = string + default = "ocid1.tenancy.oc1..aaaaaaaaj4ccqe763dizkrcdbs5x7ufvmmojd24mb6utvkymyo4xwxyv3gfa" +} + +variable "region" { + type = string + default = "us-ashburn-1" +} + +variable "compartment_id" { + type = string + default = "ocid1.compartment.oc1..aaaaaaaaza2vwcluoxu5dropj4o5p6aypze6o6ivnq63ijazn44gliiwzjaa" +} + +variable "user_ocid" { + type = string + default = "ocid1.user.oc1..aaaaaaaamiof2bnbi4jamsag4lhp6en2wfxiicby4vzecj7xnt3dnwro7xwq" +} + +variable "fingerprint" { + type = string + default = "12:1d:7d:18:6d:a7:e3:fc:17:4c:30:a9:44:65:7d:00" +} + +variable "private_key_path" { + type = string + default = "/Users/iopanait/.oci/oci_api_key.pem" +} + + +# Autonomous Database Configuration Variables + +variable "db_name" { + type = string + default = "deployAtp" +} + +variable "db_password" { + type = string + default = "V2xzQXRwRGIxMjM0Iw==" +} + +variable "db_compute_model" { + type = string + default = "ECPU" +} + +variable "db_compute_count" { + type = number + default = 4 +} + +variable "db_size_in_tbs" { + type = number + default = 1 +} + +variable "db_workload" { + type = string + default = "OLTP" +} + +variable "db_version" { + type = string + default = "19c" +} + +variable "db_enable_auto_scaling" { + type = bool + default = true +} + +variable "db_is_free_tier" { + type = bool + default = false +} + +variable "db_license_model" { + type = string + default = "BRING_YOUR_OWN_LICENSE" +} + +variable "db_data_safe_status" { + type = string + default = "NOT_REGISTERED" + # default = "REGISTERED" +} + +variable "db_operations_insights_status" { + type = string + default = "NOT_ENABLED" + # default = "ENABLED" +} + +variable "db_database_management_status" { + type = string + # default = "NOT_ENABLED" + # default = "ENABLED" + default = "ENABLED" +} + + +# Bastion Instance Variables: +# More information on what Image OCIDs you need to use based on the region can be found here: +# https://docs.oracle.com/en-us/iaas/images/image/2e439f8e-e98f-489b-82a3-338360b46b82/ +# Oracle-Linux-Cloud-Developer-8.5-2022.05.22-0 image + +variable "bastion_instance_image_ocid" { + type = map(string) + default = { + eu-amsterdam-1 = "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaabcomraotpw6apg7xvmc3xxu2avkkqpx4yj7cbdx7ebcm4d52halq" + eu-stockholm-1 = "ocid1.image.oc1.eu-stockholm-1.aaaaaaaa52kiqhwcoprmwfiuwureucv7nehqjfofoicwptpixdphzvon2mua" + me-abudhabi-1 = "ocid1.image.oc1.me-abudhabi-1.aaaaaaaa7nqsxvp4vp25gvzcrvld6xaiyxaxmzepkb5gz6us5sfkgeeez2zq" + ap-mumbai-1 = "ocid1.image.oc1.ap-mumbai-1.aaaaaaaaham2gnbrst3s46jrwchlnl3uqo7yxij7f3pqdzwx7zybu657347q" + eu-paris-1 = "ocid1.image.oc1.eu-paris-1.aaaaaaaaab5yi4bbnabymexkvwcdjlcjiue26kf3vz6dvzm6dvpttqcpaj5q" + uk-cardiff-1 = "ocid1.image.oc1.uk-cardiff-1.aaaaaaaagvgnze6oq5il7b26onoq4daeaqrghp5hx4yp3q3rvtfpnbzq4zhq" + me-dubai-1 = "ocid1.image.oc1.me-dubai-1.aaaaaaaaid5v36623wk7lyoivnqwygyaxppqfbzyo35wifxs7hkqo5caxhqa" + eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaa3mdtxzi5rx2ids2tb74wmm77zvsqdaxbjlgvjpr4ytzc5njtksjq" + sa-saopaulo-1 = "ocid1.image.oc1.sa-saopaulo-1.aaaaaaaa22wjczcl7udl7w7e347zkwig7mh5p3zfbcemzs46jiaeom5lznyq" + ap-hyderabad-1 = "ocid1.image.oc1.ap-hyderabad-1.aaaaaaaaaq6ggb4u6p4fgsdcj7o2p4akt5t7gmyjnvootiytrqc5joe5pmfq" + us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaas4cu36z32iraul5otar4gl3uy4s5jkupcc4m5shfqlatjiwaoftq" + ap-seoul-1 = "ocid1.image.oc1.ap-seoul-1.aaaaaaaakrtvc67c6thtmhrwphecd66omeytl7jmv3zd2bci74j56r4xodwq" + me-jeddah-1 = "ocid1.image.oc1.me-jeddah-1.aaaaaaaaghsie5mvgzb6fbfzujidzrg7jnrraqkh6qkyh2vw7rl6cdnbpe6a" + af-johannesburg-1 = "ocid1.image.oc1.af-johannesburg-1.aaaaaaaa2sj43nffpmyqlubrj4cikfgoij7qyqhymlnhw3bj7t26lh46euia" + ap-osaka-1 = "ocid1.image.oc1.ap-osaka-1.aaaaaaaao3swjyengmcc5rz3ynp2euqskvcscqwgouzs3smaarxofxbwstcq" + uk-london-1 = "ocid1.image.oc1.uk-london-1.aaaaaaaaetscnayepwj2lto7mpgiwtom4jwkqafr3axumt3pt32cgwczkexq" + eu-milan-1 = "ocid1.image.oc1.eu-milan-1.aaaaaaaavht3nwv7qsue7ljexbqqgofogwvrlgybvtrxylm52eg6b6xrgniq" + ap-melbourne-1 = "ocid1.image.oc1.ap-melbourne-1.aaaaaaaafavk2azn6cizxnugwi7izvxsumhiuzthw6g7k2o4vuhg4l3phi3a" + eu-marseille-1 = "ocid1.image.oc1.eu-marseille-1.aaaaaaaakpex24z6rmmyvdeop72nomfui5t54lztix7t5mblqii4l7v4iecq" + il-jerusalem-1 = "ocid1.image.oc1.il-jerusalem-1.aaaaaaaafgok5gj36cnrsqo6a3p72wqpg45s3q32oxkt45fq573obioliiga" + ap-tokyo-1 = "ocid1.image.oc1.ap-tokyo-1.aaaaaaaappsxkscys22g5tha37tksf6rlec3tm776dnq7dcquaofeqqb6rna" + us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaawmvmgfvthguywgry23pugqqv2plprni37sdr2jrtzq6i6tmwdjwa" + sa-santiago-1 = "ocid1.image.oc1.sa-santiago-1.aaaaaaaatqcxvjriek3gdndhk43fdss6hmmd47fw2vmuq7ldedr5f555vx5q" + ap-singapore-1 = "ocid1.image.oc1.ap-singapore-1.aaaaaaaaouprplh2bubqudrghr46tofi3bukvtrdgiuvckylpk4kvmxyhzda" + us-sanjose-1 = "ocid1.image.oc1.us-sanjose-1.aaaaaaaaqudryedi3l4danxy5kxbwqkz3nonewp3jwb5l3tdcikhftthmtga" + ap-sydney-1 = "ocid1.image.oc1.ap-sydney-1.aaaaaaaaogu4pvw4zw2p7kjabyynczopoqipecr2gozdaolh5kem2mkdrloa" + sa-vinhedo-1 = "ocid1.image.oc1.sa-vinhedo-1.aaaaaaaa57khlnd4ziajy6wwmud2d6k3wsqkm4yce3mlzbgxeggpbu3yqbpa" + ap-chuncheon-1 = "ocid1.image.oc1.ap-chuncheon-1.aaaaaaaanod2kc3bw5l3myyd5okw4c46kapdpsu2fqgyswf4lka2hrordlla" + ca-montreal-1 = "ocid1.image.oc1.ca-montreal-1.aaaaaaaaevwlof26wfzcoajtlmykpaev7q5ekqyvkpqo2sjo3gdwzygu7xta" + ca-toronto-1 = "ocid1.image.oc1.ca-toronto-1.aaaaaaaanajb7uklrra5eq2ewx35xfi2aulyohweb2ugik7kc6bdfz6swyha" + eu-zurich-1 = "ocid1.image.oc1.eu-zurich-1.aaaaaaaameaqzqjwp45epgv2zywkaw2cxutz6gdc6jxnrrbb4ciqpyrnkczq" + } +} + +variable "bastion_instance_display_name" { + type = string + default = "ATP Web Server" +} + +variable "bastion_instance_shape" { + type = string + default = "VM.Standard2.1" +} + +# VCN and subnet Variables + +variable "vcn_cidr" { + default = "10.0.0.0/16" +} + +variable "public_subnet_cidr" { + default = "10.0.0.0/24" +} + +variable "private_subnet_cidr" { + default = "10.0.1.0/24" +} + +# Load Balancer Variables: + +variable "load_balancer_shape" { + default = "flexible" +} + +variable "load_balancer_maximum_bandwidth_in_mbps" { + type = number + default = 400 +} + +variable "load_balancer_minimum_bandwidth_in_mbps" { + type = number + default = 10 +} + +variable "load_balancer_display_name" { + default = "lbatp" +} \ No newline at end of file From 39f7682470a75489d85d03c4a9df54be63fb7db6 Mon Sep 17 00:00:00 2001 From: ionelpanaitescu Date: Thu, 7 Aug 2025 12:10:44 +0200 Subject: [PATCH 2/2] Upgrading the atp deployment solution --- .../solutions/ATP Deployment/variables.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cloud-foundation/solutions/ATP Deployment/variables.tf b/cloud-foundation/solutions/ATP Deployment/variables.tf index f680925..e083201 100644 --- a/cloud-foundation/solutions/ATP Deployment/variables.tf +++ b/cloud-foundation/solutions/ATP Deployment/variables.tf @@ -3,32 +3,32 @@ variable "tenancy_ocid" { type = string - default = "ocid1.tenancy.oc1..aaaaaaaaj4ccqe763dizkrcdbs5x7ufvmmojd24mb6utvkymyo4xwxyv3gfa" + default = "" } variable "region" { type = string - default = "us-ashburn-1" + default = "" } variable "compartment_id" { type = string - default = "ocid1.compartment.oc1..aaaaaaaaza2vwcluoxu5dropj4o5p6aypze6o6ivnq63ijazn44gliiwzjaa" + default = "" } variable "user_ocid" { type = string - default = "ocid1.user.oc1..aaaaaaaamiof2bnbi4jamsag4lhp6en2wfxiicby4vzecj7xnt3dnwro7xwq" + default = "" } variable "fingerprint" { type = string - default = "12:1d:7d:18:6d:a7:e3:fc:17:4c:30:a9:44:65:7d:00" + default = "" } variable "private_key_path" { type = string - default = "/Users/iopanait/.oci/oci_api_key.pem" + default = "" }