Merge pull request #15 from hyder/image_id

added option to switch from Autonomous Linux to Oracle Linux platform…

Author: hyder

docs/terraformoptions.adoc

@@ -141,11 +141,21 @@ Configuration Terraform Options:
 |XXX.XXX.XXX.XXX/YY
 |ANYWHERE
 
+|bastion_image_id
+|Custom image id for the bastion host
+|image id or NONE. If the value is set to NONE, an Oracle Platform image will be used instead. Set use_autonomous to _false_ if you want to use your own image.
+|NONE
+
 |bastion_shape
 |The shape of bastion instance.
 |
 |VM.Standard.E2.1
 
+|bastion_upgrade
+|Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development so the bastion is provisioned faster.
+|true/false
+|true
+
 |create_bastion
 |Whether to create the bastion host.
 |true/false
@@ -216,4 +226,9 @@ Configuration Terraform Options:
 |
 |
 
+|use_autonomous
+|Whether to use Autonomous Linux or an Oracle Linux Platform image or custom image. Set to false if you want to use your own image id or Oracle Linux Platform image.
+|true/false
+|false
+
 |===

locals.tf

@@ -30,11 +30,14 @@ locals {
 
   oci_bastion = {
     bastion_access            = var.oci_base_bastion.bastion_access
+    bastion_image_id          = var.oci_base_bastion.bastion_image_id
     bastion_shape             = var.oci_base_bastion.bastion_shape
+    bastion_upgrade           = var.oci_base_bastion.bastion_upgrade    
     create_bastion            = var.oci_base_bastion.create_bastion
     enable_instance_principal = var.oci_base_bastion.enable_instance_principal
     ssh_public_key_path       = var.oci_base_bastion.ssh_public_key_path
     timezone                  = var.oci_base_bastion.timezone
+    use_autonomous            = var.oci_base_bastion.use_autonomous
   }
 
   oci_bastion_notification = {

…/bastion/cloudinit/bastion.template.yaml …stion/cloudinit/autonomous.template.yamlmodules/bastion/cloudinit/bastion.template.yaml renamed to modules/bastion/cloudinit/autonomous.template.yaml modules/bastion/cloudinit/bastion.template.yaml renamed to modules/bastion/cloudinit/autonomous.template.yaml

@@ -0,0 +1,23 @@
+# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+#cloud-config
+bastion_package_upgrade: ${bastion_package_upgrade}
+packages:
+  - ntp 
+  - python-pip
+timezone: ${timezone}
+
+write_files:
+# setup script
+  - path: "/root/bastion/bastion.sh"
+    permissions: "0700"
+    encoding: "gzip+base64"
+    content: |
+      ${bastion_sh_content}
+runcmd:
+ - echo "Configuring bastion..." | tee /root/bastion/bastion.txt
+ - bash /root/bastion/bastion.sh
+ - pip install oci-cli --upgrade pip
+ - echo "export OCI_CLI_AUTH=instance_principal" >>  /home/opc/.bashrc
+ - touch /home/opc/bastion.finish

modules/bastion/cloudinit/oracle.template.yaml

@@ -6,9 +6,10 @@ resource "oci_core_instance" "bastion" {
   compartment_id      = var.oci_base_identity.compartment_id
 
   create_vnic_details {
-    subnet_id      = oci_core_subnet.bastion[0].id
-    display_name   = "${var.oci_bastion_general.label_prefix}-bastion-vnic"
-    hostname_label = "bastion"
+    assign_public_ip = true
+    subnet_id        = oci_core_subnet.bastion[0].id
+    display_name     = "${var.oci_bastion_general.label_prefix}-bastion-vnic"
+    hostname_label   = "bastion"
   }
 
   display_name = "${var.oci_bastion_general.label_prefix}-bastion"
@@ -23,12 +24,12 @@ resource "oci_core_instance" "bastion" {
 
   source_details {
     source_type = "image"
-    source_id   = lookup(data.oci_core_app_catalog_subscriptions.autonomous_linux.app_catalog_subscriptions[0], "listing_resource_id")
+    source_id   = local.bastion_image_id
   }
 
   timeouts {
     create = "60m"
   }
 
   count = var.oci_bastion.create_bastion == true ? 1 : 0
-}
+}

modules/bastion/compute.tf

@@ -3,11 +3,13 @@
 
 data "oci_core_app_catalog_listings" "autonomous_linux" {
   display_name = "Oracle Autonomous Linux"
+  count        = var.oci_bastion.use_autonomous == true ? 1 : 0
 }
 
 data "oci_core_app_catalog_listing_resource_versions" "autonomous_linux" {
   #Required
-  listing_id = lookup(data.oci_core_app_catalog_listings.autonomous_linux.app_catalog_listings[0], "listing_id")
+  listing_id = lookup(data.oci_core_app_catalog_listings.autonomous_linux[0].app_catalog_listings[0], "listing_id")
+  count      = var.oci_bastion.use_autonomous == true ? 1 : 0
 }
 
 # Gets the Autonomous Linux image id
@@ -16,27 +18,53 @@ data "oci_core_app_catalog_subscriptions" "autonomous_linux" {
   compartment_id = var.oci_base_identity.compartment_id
 
   #Optional
-  listing_id = lookup(data.oci_core_app_catalog_listing_resource_versions.autonomous_linux.app_catalog_listing_resource_versions[0], "listing_id")
+  listing_id = lookup(data.oci_core_app_catalog_listing_resource_versions.autonomous_linux[0].app_catalog_listing_resource_versions[0], "listing_id")
+  count      = var.oci_bastion.use_autonomous == true ? 1 : 0
 }
 
-data "template_file" "bastion_template" {
-  template = file("${path.module}/scripts/bastion.template.sh")
+data "template_file" "autonomous_template" {
+  template = file("${path.module}/scripts/notification.template.sh")
 
   vars = {
     notification_enabled = var.oci_bastion_notification.enable_notification
-    topic_id = var.oci_bastion_notification.enable_notification == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
+    topic_id             = var.oci_bastion_notification.enable_notification == true ? oci_ons_notification_topic.bastion_notification[0].topic_id : "null"
   }
-  count = var.oci_bastion.create_bastion == true ? 1 : 0
+  count = var.oci_bastion.create_bastion == true && var.oci_bastion.use_autonomous == true ? 1 : 0
 }
 
-data "template_file" "bastion_cloud_init_file" {
-  template = file("${path.module}/cloudinit/bastion.template.yaml")
+data "template_file" "autonomous_cloud_init_file" {
+  template = file("${path.module}/cloudinit/autonomous.template.yaml")
 
   vars = {
-    notification_sh_content = base64gzip(data.template_file.bastion_template[0].rendered)
+    notification_sh_content = base64gzip(data.template_file.autonomous_template[0].rendered)
     timezone                = var.oci_bastion.timezone
   }
-  count = var.oci_bastion.create_bastion == true ? 1 : 0
+  count = var.oci_bastion.create_bastion == true && var.oci_bastion.use_autonomous == true ? 1 : 0
+}
+
+data "oci_core_images" "oracle_images" {
+  compartment_id           = var.oci_base_identity.compartment_id
+  operating_system         = "Oracle Linux"
+  operating_system_version = "7.7"
+  shape                    = var.oci_bastion.bastion_shape
+  sort_by                  = "TIMECREATED"
+  count                    = var.oci_bastion.create_bastion == true && var.oci_bastion.use_autonomous == false ? 1 : 0
+}
+
+data "template_file" "oracle_template" {
+  template = file("${path.module}/scripts/oracle.template.sh")
+  count    = var.oci_bastion.create_bastion == true && var.oci_bastion.use_autonomous == false ? 1 : 0
+}
+
+data "template_file" "oracle_cloud_init_file" {
+  template = file("${path.module}/cloudinit/oracle.template.yaml")
+
+  vars = {
+    bastion_sh_content      = base64gzip(data.template_file.oracle_template[0].rendered)
+    bastion_package_upgrade = var.oci_bastion.bastion_upgrade
+    timezone                = var.oci_bastion.timezone
+  }
+  count = var.oci_bastion.create_bastion == true && var.oci_bastion.use_autonomous == false ? 1 : 0
 }
 
 # cloud init for bastion
@@ -47,7 +75,7 @@ data "template_cloudinit_config" "bastion" {
   part {
     filename     = "bastion.yaml"
     content_type = "text/cloud-config"
-    content      = data.template_file.bastion_cloud_init_file[0].rendered
+    content      = var.oci_bastion.use_autonomous == true ? data.template_file.autonomous_cloud_init_file[0].rendered : data.template_file.oracle_cloud_init_file[0].rendered
   }
   count = var.oci_bastion.create_bastion == true ? 1 : 0
 }
@@ -62,14 +90,13 @@ data "oci_core_vnic_attachments" "bastion_vnics_attachments" {
 }
 
 # Gets the OCID of the first (default) VNIC on the bastion instance
-data "oci_core_vnic" "bastion_vnic" {
+data "oci_core_vnic" "bastion_vnic_1" {
   vnic_id    = lookup(data.oci_core_vnic_attachments.bastion_vnics_attachments[0].vnic_attachments[0], "vnic_id")
   depends_on = ["oci_core_instance.bastion"]
   count      = var.oci_bastion.create_bastion == true ? 1 : 0
 }
 
 data "oci_core_instance" "bastion" {
-  #Required
   instance_id = oci_core_instance.bastion[0].id
   depends_on  = ["oci_core_instance.bastion"]
   count       = var.oci_bastion.create_bastion == true ? 1 : 0

modules/bastion/datasources.tf

@@ -5,8 +5,11 @@
 # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 
 locals {
-  all_protocols = "all"
-  anywhere      = "0.0.0.0/0"
-  ssh_port      = 22
-  tcp_protocol  = 6
+  all_protocols       = "all"
+  anywhere            = "0.0.0.0/0"
+  ssh_port            = 22
+  tcp_protocol        = 6
+  autonomous_image_id = lookup(data.oci_core_app_catalog_subscriptions.autonomous_linux[0].app_catalog_subscriptions[0], "listing_resource_id")
+  oracle_image_id     = data.oci_core_images.oracle_images[0].images.0.id
+  bastion_image_id    = var.oci_bastion.use_autonomous == true ? local.autonomous_image_id : (var.oci_bastion.bastion_image_id == "NONE" ? local.oracle_image_id : var.oci_bastion.bastion_image_id)
 }

modules/bastion/locals.tf

@@ -3,7 +3,7 @@
 
 output "bastion_public_ip" {
   description = "public IP address of bastion host"
-  value       = join(",", data.oci_core_vnic.bastion_vnic.*.public_ip_address)
+  value       = join(",", data.oci_core_vnic.bastion_vnic_1.*.public_ip_address)
 }
 
 output "bastion_instance_principal_group_name" {

modules/bastion/outputs.tf

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+yum update --security
+
+sed -i -e "s/autoinstall\s=\sno/autoinstall = yes/g" /etc/uptrack/uptrack.conf
+
+uptrack-upgrade