added mechanism to detect when instance_principal for admin host is ready (#47)

Signed-off-by: Ali Mukadam <[email protected]>

Author: hyder

CHANGELOG.adoc

@@ -7,6 +7,13 @@ All notable changes to this project are documented in this file.
 
 The format is based on {uri-changelog}[Keep a Changelog].
 
+== 1.1.3 (April 7, 2020)
+* Added a file (ip.finish) on admin host to allow solution stacks to detect when the instance_principal for admin host is ready (#46)
+
+== 1.1.2 (February 28, 2020)
+* Fixed broken links in README.md (#43)
+* Renamed examples/db to database and removed the submodule since it's not rendering properly on the registry page
+
 == 1.1.1 (February 28, 2020)
 * New release for hashicorp registry (#38, #40)
 * Fixed broken links in README.md (#43)

locals.tf

@@ -61,6 +61,7 @@ locals {
     admin_shape               = var.oci_base_admin.admin_shape
     admin_upgrade             = var.oci_base_admin.admin_upgrade
     enable_instance_principal = var.oci_base_admin.enable_instance_principal
+    ssh_private_key_path      = var.oci_base_admin.ssh_private_key_path
     ssh_public_key_path       = var.oci_base_admin.ssh_public_key_path
     timezone                  = var.oci_base_admin.timezone
   }
@@ -72,8 +73,13 @@ locals {
     notification_topic    = var.oci_base_admin.notification_topic
   }
 
+  oci_admin_bastion = {
+    bastion_ip           = module.bastion.bastion_public_ip
+    ssh_private_key_path = var.oci_base_bastion.ssh_private_key_path
+  }
+
   tagging = {
-     computetag           = var.tagging.computetag
-     networktag           = var.tagging.networktag
+    computetag = var.tagging.computetag
+    networktag = var.tagging.networktag
   }
 }

main.tf

@@ -24,5 +24,6 @@ module "admin" {
   oci_admin_network      = local.oci_admin_network
   oci_admin              = local.oci_admin
   oci_admin_notification = local.oci_admin_notification
+  oci_admin_bastion      = local.oci_admin_bastion
   tagging                = local.tagging
 }

modules/admin/instance_principal.tf

@@ -43,3 +43,27 @@ resource "oci_identity_policy" "admin_instance_principal" {
 
   count = var.oci_admin.admin_enabled == true && var.oci_admin.enable_instance_principal == true ? 1 : 0
 }
+
+resource null_resource "instance_principal_complete" {
+  connection {
+    host        = oci_core_instance.admin[0].private_ip
+    private_key = file(var.oci_admin.ssh_private_key_path)
+    timeout     = "40m"
+    type        = "ssh"
+    user        = "opc"
+
+    bastion_host        = var.oci_admin_bastion.bastion_ip
+    bastion_user        = "opc"
+    bastion_private_key = file(var.oci_admin_bastion.ssh_private_key_path)
+  }
+
+  depends_on = [oci_identity_dynamic_group.admin_instance_principal, oci_identity_policy.admin_instance_principal]
+
+  provisioner "remote-exec" {
+    inline = [
+      "touch $HOME/ip.finish",
+    ]
+  }
+
+  count = var.oci_admin.admin_enabled == true && var.oci_admin.enable_instance_principal == true ? 1 : 0
+}

modules/admin/variables.tf

@@ -32,6 +32,7 @@ variable "oci_admin" {
     admin_upgrade             = bool
     admin_enabled             = bool
     enable_instance_principal = bool
+    ssh_private_key_path      = string
     ssh_public_key_path       = string
     timezone                  = string
   })
@@ -64,8 +65,15 @@ variable "oci_admin_notification" {
 #tagging
 variable "tagging" {
   type = object({
-    computetag                = map(any)
-    networktag                = map(any)
-  }) 
+    computetag = map(any)
+    networktag = map(any)
+  })
 }
 
+# bastion
+variable "oci_admin_bastion" {
+  type = object({
+    bastion_ip           = string
+    ssh_private_key_path = string
+  })
+}