Adding example of an instance mounting the NFS

Author: rohanbhattacharjee

docs/examples/storage/fss/README.md

@@ -13,6 +13,8 @@ We see that a single mount target can export paths from two (or more) file syste
 
 We also see how we need to specify certain stateful ingress rules in a security list for the file system to be operational.
 
+Finally, we set up a compute instance that mounts the NFS storage.
+
 ### Using this example
 * Update env-vars with the required information. Most examples use the same set of environment variables so you only need to do this once.
 * Source env-vars
@@ -39,14 +41,24 @@ Defines the exports - used to make the file systems accessible via the mount tar
 #### `snapshot.tf`
 Defines a snapshot for a file system
 
-#### `vcn.tf`
-Defines a virtual cloud network
+#### `network.tf`
+Defines a virtual cloud network, internet gateway, route table and a subnet.
 
-#### `subnet.tf`
-Defines a subnet in the vcn
+This basic setup is needed to enable SSH to our instance.
 
 #### `security_list.tf`
-Defines a security list setup to make our file system operational
+Defines a security list setup to make our file system operational.
+
+We keep this separate from our `network.tf` file since there are some interesting things to note here.
+
+In particular, some specific ports are being opened to allow the NFS communication to happen.
+
+### `instance.tf`
+Defines our compute instance.
+
+Note the remote action that we execute on our compute instance once it is launched.
+
+We install the nfs-utils and then mount the NFS storage on to our compute instance.
 
 #### `variables.tf`
 Defines the variables used in the configuration

docs/examples/storage/fss/data_sources.tf

@@ -60,4 +60,13 @@ data "oci_file_storage_export_sets" "export_sets" {
   #display_name = "${var.export_set_display_name}"
   #id = "${var.export_set_id}"
   #state = "${var.export_set_state}"
-}
+}
+
+data "oci_core_private_ips" ip_mount_target1 {
+  subnet_id = "${oci_file_storage_mount_target.my_mount_target_1.subnet_id}"
+
+  filter {
+    name = "id"
+    values = ["${oci_file_storage_mount_target.my_mount_target_1.private_ip_ids.0}"]
+  }
+}

docs/examples/storage/fss/instance.tf

@@ -0,0 +1,34 @@
+resource "oci_core_instance" "my_instance" {
+  availability_domain = "${var.availability_domain}"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "my instance with FSS access"
+  hostname_label = "myinstance"
+  image = "${var.instance_image_ocid[var.region]}"
+  shape = "${var.instance_shape}"
+  subnet_id = "${oci_core_subnet.my_subnet.id}"
+  metadata {
+    ssh_authorized_keys = "${file(var.ssh_public_key)}"
+  }
+  timeouts {
+    create = "60m"
+  }
+}
+
+resource "null_resource" "mount_fss_on_instance" {
+  depends_on = ["oci_core_instance.my_instance",
+                "oci_file_storage_export.my_export_fs1_mt1"]
+  provisioner "remote-exec" {
+    connection {
+      agent = false
+      timeout = "30m"
+      host = "${oci_core_instance.my_instance.public_ip}"
+      user = "opc"
+      private_key = "${file(var.ssh_private_key)}"
+    }
+    inline = [
+      "sudo yum -y install nfs-utils > nfs-utils-install.log",
+      "sudo mkdir -p /mnt/myfsspaths/fs1/path1",
+      "sudo mount ${local.mount_target_1_ip_address}:${var.export_path_fs1_mt1} /mnt${var.export_path_fs1_mt1}",
+    ]
+  }
+}

docs/examples/storage/fss/network.tf

@@ -0,0 +1,35 @@
+resource "oci_core_virtual_network" "my_vcn" {
+  cidr_block = "${var.my_vcn-cidr}"
+  dns_label = "myvcn"
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "myvcn"
+  dns_label = "myvcn"
+}
+
+resource "oci_core_internet_gateway" "my_internet_gateway" {
+  compartment_id = "${var.compartment_ocid}"
+  display_name = "my internet gateway"
+  vcn_id = "${oci_core_virtual_network.my_vcn.id}"
+}
+
+resource "oci_core_route_table" "my_route_table" {
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id = "${oci_core_virtual_network.my_vcn.id}"
+  display_name = "my route table"
+  route_rules {
+    cidr_block = "0.0.0.0/0"
+    network_entity_id = "${oci_core_internet_gateway.my_internet_gateway.id}"
+  }
+}
+
+resource "oci_core_subnet" "my_subnet" {
+  availability_domain = "${var.availability_domain}"
+  cidr_block = "${var.my_subnet_cidr}"
+  display_name = "mysubnet"
+  dns_label = "mysubnet"
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id = "${oci_core_virtual_network.my_vcn.id}"
+  security_list_ids = ["${oci_core_security_list.my_security_list.id}"]
+  route_table_id = "${oci_core_route_table.my_route_table.id}"
+}
+

docs/examples/storage/fss/security_list.tf

@@ -10,7 +10,7 @@ resource "oci_core_security_list" "my_security_list" {
   egress_security_rules = [
     {
       destination = "0.0.0.0/0"
-      protocol = "6"
+      protocol = "all"
     }]
 
   // See https://docs.us-phoenix-1.oraclecloud.com/Content/File/Tasks/creatingfilesystems.htm.
@@ -41,8 +41,38 @@ resource "oci_core_security_list" "my_security_list" {
       source = "${var.my_vcn-cidr}"
 
       tcp_options {
-        "max" = 111
         "min" = 111
+        "max" = 111
       }
-    }]
+    },
+    // Allowing inbound SSH traffic to instances in the subnet from any source
+    {
+      protocol = "6"
+      source = "0.0.0.0/0"
+
+      tcp_options {
+        "min" = 22
+        "max" = 22
+      }
+    },
+    // Allowing inbound ICMP traffic of a specific type and code from any source
+    {
+      protocol  = 1
+      source    = "0.0.0.0/0"
+
+      icmp_options {
+        "type" = 3
+        "code" = 4
+      }
+    },
+    // Allowing inbound ICMP traffic of a specific type from within our VCN
+    {
+      protocol  = 1
+      source    = "${var.my_vcn-cidr}"
+
+      icmp_options {
+        "type" = 3
+      }
+    }
+  ]
 }

docs/examples/storage/fss/subnet.tf

@@ -70,4 +70,23 @@ variable "max_byte" {
 
 variable "max_files" {
   default = 223442
+}
+
+variable "instance_image_ocid" {
+  type = "map"
+  default = {
+    // Oracle-provided image "Oracle-Linux-7.4-2017.12.18-0"
+    // See https://docs.us-phoenix-1.oraclecloud.com/Content/Resources/Assets/OracleProvidedImageOCIDs.pdf
+    us-phoenix-1 = "ocid1.image.oc1.phx.aaaaaaaasc56hnpnx7swoyd2fw5gyvbn3kcdmqc2guiiuvnztl2erth62xnq"
+    us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaaxrqeombwty6jyqgk3fraczdd63bv66xgfsqka4ktr7c57awr3p5a"
+    eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaayxmzu6n5hsntq4wlffpb4h6qh6z3uskpbm5v3v4egqlqvwicfbyq"
+  }
+}
+
+variable "instance_shape" {
+  default = "VM.Standard1.2"
+}
+
+locals {
+  mount_target_1_ip_address = "${lookup(data.oci_core_private_ips.ip_mount_target1.private_ips[0], "ip_address")}"
 }