Merge branch 'master' of github.com:oracle/terraform-provider-baremetal

Author: mikejihbe

data_source_obmcs_identity_user_group_membership_test.go

@@ -47,7 +47,7 @@ func (s *ResourceIdentityUserGroupMembershipsTestSuite) SetupTest() {
 	description = "group desc"
     }
     resource "baremetal_identity_user_group_membership" "ug_membership" {
-    	compartment_id = "cid"
+	compartment_id = "cid"
 	user_id = "${baremetal_identity_user.u.id}"
 	group_id = "${baremetal_identity_group.g.id}"
     }

docs/examples/storage/nfs/README.md

@@ -0,0 +1,43 @@
+    #     ___  ____     _    ____ _     _____
+    #    / _ \|  _ \   / \  / ___| |   | ____|
+    #   | | | | |_) | / _ \| |   | |   |  _|
+    #   | |_| |  _ < / ___ | |___| |___| |___
+    #    \___/|_| \_/_/   \_\____|_____|_____|
+***
+## Start a NFS server
+This example launches an instance into an existing subnet, creates and attaches a 2TB LUN, installs and starts a NFS server, and outputs the public and private IP address of the instance.
+
+### Using this example
+* Update env-var with the required information. Most examples use the same set of environment variables so you only need to do this once.
+* Source env-var
+  * `$ . env-var`
+* Update `variables.tf` with your instance options.
+
+### Files in the configuration
+
+#### `env-vars`
+Is used to export the environmental variables used in the configuration. These are usually authentication related, be sure to exclude this file from your version control system. It's typical to keep this file outside of the configuration.
+
+Before you plan, apply, or destroy the configuration source the file -  
+`$ . env-vars`
+
+#### `compute.tf`
+Defines the compute resource
+
+#### `./userdata/nfs-bootstrap`
+The user-data script that gets injected into the instance on launch to install and configure NFS. More information on user-data scripts can be [found at the cloud-init project.](https://cloudinit.readthedocs.io/en/latest/topics/format.html)
+
+#### `variables.tf`
+Defines the variables used in the configuration
+
+#### `datasources.tf`
+Defines the datasources used in the configuration
+
+#### `outputs.tf`
+Defines the outputs of the configuration
+
+#### `provider.tf`
+Specifies and passes authentication details to the OBMCS TF provider
+
+#### `iscsiattach.sh`  
+Scans the iscsi bus for new LUNs

docs/examples/storage/nfs/block.tf

@@ -0,0 +1,14 @@
+resource "baremetal_core_volume" "TFBlock0" {
+  availability_domain = "${lookup(data.baremetal_identity_availability_domains.ADs.availability_domains[var.AD - 1],"name")}" 
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "2TB NFS"
+  size_in_mbs = "${var.2TB}"
+}
+
+resource "baremetal_core_volume_attachment" "TFBlock0Attach" {
+    attachment_type = "iscsi"
+    compartment_id = "${var.compartment_ocid}"
+    instance_id = "${baremetal_core_instance.TFInstance.id}" 
+    volume_id = "${baremetal_core_volume.TFBlock0.id}"
+}
+

docs/examples/storage/nfs/compute.tf

@@ -0,0 +1,17 @@
+resource "baremetal_core_instance" "TFInstance" {
+  availability_domain = "${lookup(data.baremetal_identity_availability_domains.ADs.availability_domains[var.AD - 1],"name")}" 
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "NFS server"
+  hostname_label = "NFSserver"
+  image = "${lookup(data.baremetal_core_images.OLImageOCID.images[0], "id")}"
+  shape = "${var.InstanceShape}"
+  subnet_id = "${var.SubnetOCID}"
+  metadata {
+    ssh_authorized_keys = "${var.ssh_public_key}"
+    user_data = "${base64encode(file(var.BootStrapFile))}"
+  }
+
+  timeouts {
+    create = "60m"
+  }
+}

docs/examples/storage/nfs/datasources.tf

@@ -0,0 +1,23 @@
+# Gets a list of Availability Domains
+data "baremetal_identity_availability_domains" "ADs" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+
+# Gets the OCID of the OS image to use
+data "baremetal_core_images" "OLImageOCID" {
+    compartment_id = "${var.compartment_ocid}"
+    operating_system = "${var.InstanceOS}"
+    operating_system_version = "${var.InstanceOSVersion}"
+}
+
+# Gets a list of vNIC attachments on the instance
+data "baremetal_core_vnic_attachments" "InstanceVnics" { 
+compartment_id = "${var.compartment_ocid}" 
+availability_domain = "${lookup(data.baremetal_identity_availability_domains.ADs.availability_domains[var.AD - 1],"name")}" 
+instance_id = "${baremetal_core_instance.TFInstance.id}" 
+} 
+
+# Gets the OCID of the first (default) vNIC
+data "baremetal_core_vnic" "InstanceVnic" { 
+vnic_id = "${lookup(data.baremetal_core_vnic_attachments.InstanceVnics.vnic_attachments[0],"vnic_id")}" 
+}

docs/examples/storage/nfs/env-vars

@@ -0,0 +1,17 @@
+### Authentication details
+export TF_VAR_tenancy_ocid="<tenancy OCID"
+export TF_VAR_user_ocid="<user OCID>"
+export TF_VAR_fingerprint="<PEM key fingerprint>"
+export TF_VAR_private_key_path="<path to the private key that matches the fingerprint above>"
+
+### Compartment
+export TF_VAR_compartment_ocid="<compartment OCID>"
+
+### Public/private keys used on the instance
+export TF_VAR_ssh_public_key=$(cat <path to public key>)
+export TF_VAR_ssh_private_key=$(cat <path to private key>)
+
+## Specific to this example
+### Choose a subnet that exists in the AD and compartment you are launching the instance in
+export TF_VAR_SubnetOCID="<subnet>"
+

docs/examples/storage/nfs/outputs.tf

@@ -0,0 +1,10 @@
+# Output the private and public IPs of the instance
+
+output "InstancePrivateIP" {
+value = ["${data.baremetal_core_vnic.InstanceVnic.private_ip_address}"]
+}
+
+output "InstancePublicIP" {
+value = ["${data.baremetal_core_vnic.InstanceVnic.public_ip_address}"]
+}
+

docs/examples/storage/nfs/provider.tf

@@ -0,0 +1,6 @@
+provider "baremetal" {
+  tenancy_ocid = "${var.tenancy_ocid}"
+  user_ocid = "${var.user_ocid}"
+  fingerprint = "${var.fingerprint}"
+  private_key_path = "${var.private_key_path}"
+}

docs/examples/storage/nfs/userdata/iscsiattach.sh

@@ -0,0 +1,117 @@
+#!/bin/bash
+# iscsiattach.sh - Scan and automatically attach new iSCSI targets
+#
+# Author: Steven B. Nelson, Sr. Solutions Architect
+#       Oracle Bare Metal Cloud Services
+#
+# 20 April 2017
+# Copyright Oracle, Inc.  All rights reserved.
+
+# Make FIFO pipes for the two loops below
+mkfifo discpipe
+mkfifo sesspipe
+
+# Set the address ranges based on the Block Storage version
+V1ADDR="169.254.0.2"
+V2ADDR="169.254.2.0"
+
+# Set the block storage version
+BSV="v1"
+
+# If the BSV is v2, we need to scan all 254 addresses, otherwise,
+# we scan 1. :-(
+
+if [ ${BSV} = "v2" ]
+then
+	numAddrs=254
+	BASEADDR=${V2ADDR}
+else
+	numAddrs=3
+	BASEADDR=${V1ADDR}
+fi
+
+# Set a base address incrementor so we can loop through all the
+# addresses.
+addrCount=0
+
+echo "Scanning "${numAddrs}" for new targets.  Stand by."
+while [ ${addrCount} -le ${numAddrs} ]
+do
+	# Set the current address to attempt to attach.
+	if [ ${BSV} = "v2" ]
+	then
+		CURRADDR=`echo ${BASEADDR} | awk -F\. '{
+last=$4+'${addrCount}'
+print $1"."$2"."$3"."last
+}'`
+	else
+		CURRADDR=`echo ${BASEADDR} | awk -F\. '{
+last=$3+'${addrCount}'
+print $1"."$2"."last"."$4
+}'`
+	fi
+
+	# We use ping to see if the target is even there.
+	# Skip to the next address if we cant ping it.
+	ping -q -c 1 -W 1 ${CURRADDR} > /dev/null 2>&1
+	result=$?
+	if [ ${result} -ne 0 ]
+	then
+		(( addrCount = addrCount + 1 ))
+		continue
+	fi
+
+	echo "Connecting to "${CURRADDR}
+	# Find all the iSCSI Block Storage volumes attached to the instance but
+	# not configured for use on the instance.  Basically, get a list of the
+	# volumes that the instance can see, the loop through the ones it has,
+	# and add volumes not already configured on the instance.
+	#
+	# First get the list of volumes visible (attached) to the instance
+
+	iscsiadm -m discovery -t st -p ${CURRADDR}:3260 | grep -v uefi | awk '{print $2}' > discpipe 2> /dev/null &
+
+	# If the result is non-zero, that generally means that there are no targets available or
+	# that the portal is reachable but not active.  We make no distinction between the two
+	# and simply skip ahead.
+	result=$?
+	if [ ${result} -ne 0 ]
+	then
+		(( addrCount = addrCount + 1 ))
+		continue
+	fi
+
+	# Loop through the list (via the named FIFO pipe below)
+	while read target
+	do
+	    # Get the list of the currently attached Block Storage volumes
+	    iscsiadm -m session -P 0 | grep -v uefi | awk '{print $4}' > sesspipe 2> /dev/null &
+
+	    # Set a flag, and loop through the sessions (attached, but not configured)
+	    # and see if the volumes match.  If so, skip to the next until we get
+	    # through the list.  Session list is via the pipe.
+	    found="false"
+	    while read session
+	    do
+		if [ ${target} = ${session} ]
+		then
+		    found="true"
+		    break
+		fi
+	    done < sesspipe
+
+	    # If the volume is not found, configure it.  Get the resulting device file.
+	    if [ ${found} = "false" ]
+	    then
+		iscsiadm -m node -o new -T ${target} -p ${CURRADDR}:3260
+		iscsiadm -m node -o update -T ${target} -n node.startup -v automatic
+		iscsiadm -m node -T ${target} -p ${CURRADDR}:3260 -l
+		sleep 10
+	    fi
+	done < discpipe
+	(( addrCount = addrCount + 1 ))
+done
+echo "Scan Complete."
+
+# Remove the FIFOs
+find . -maxdepth 1 -type p -exec rm {} \;

docs/examples/storage/nfs/userdata/nfs-bootstrap

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+## Install and configure a NFS server to export a 2TB remote attached LUN.
+
+### Send stdout, stderr to /var/log/messages/
+exec 1> >(logger -s -t $(basename $0)) 2>&1
+
+### Storage setup
+wget -O /usr/local/bin/iscsiattach.sh https://raw.githubusercontent.com/oracle/terraform-provider-baremetal/master/docs/examples/storage/nfs/userdata/iscsiattach.sh 
+chmod +x /usr/local/bin/iscsiattach.sh
+/usr/local/bin/iscsiattach.sh
+mkfs.xfs /dev/sdb
+mkdir /mnt/2tb-nfs
+mount -t xfs /dev/sdb /mnt/2tb-nfs/
+sdb_uuid=`blkid /dev/sdb -s UUID -o value`
+echo "UUID=$sdb_uuid    /mnt/2tb-nfs    xfs    defaults,noatime,_netdev,nofail" >> /etc/fstab
+
+
+### NFS setup
+firewall-offline-cmd --zone=public --add-service=nfs
+yum -y install nfs-utils
+systemctl enable nfs-server.service
+systemctl start nfs-server.service
+chown nfsnobody:nfsnobody /mnt/2tb-nfs/
+chmod 777 /mnt/2tb-nfs/
+cidr=`ip addr show dev ens3 | grep "inet " | awk -F' ' '{print $2}'`
+echo "/mnt/2tb-nfs $cidr(rw,sync,no_subtree_check)" > /etc/exports
+exportfs -a
+
+### YUM update
+yum update -y
+
+### Firewall
+systemctl restart firewalld.service