Prepare account

oracle/init/account.tf

@@ -0,0 +1,53 @@
+
+resource "oci_identity_compartment" "project" {
+  name           = var.project
+  description    = "Compartment created for ${var.project} project"
+  compartment_id = var.tenancy_ocid
+  enable_delete  = false
+}
+
+resource "oci_identity_group" "operator" {
+  name           = "operator"
+  description    = "group created by terraform for operators"
+  compartment_id = var.tenancy_ocid
+}
+
+resource "oci_identity_group" "terraform" {
+  name           = "terraform"
+  description    = "group created by terraform for terraform"
+  compartment_id = var.tenancy_ocid
+}
+
+resource "oci_identity_user" "terraform" {
+  name           = "terraform"
+  description    = "user created by terraform for terraform"
+  compartment_id = var.tenancy_ocid
+}
+
+resource "oci_identity_user_group_membership" "terraform" {
+  compartment_id = var.tenancy_ocid
+  user_id        = oci_identity_user.terraform.id
+  group_id       = oci_identity_group.terraform.id
+}
+
+resource "oci_identity_user_capabilities_management" "terraform" {
+  user_id                      = oci_identity_user.terraform.id
+  can_use_api_keys             = true
+  can_use_auth_tokens          = false
+  can_use_console_password     = false
+  can_use_customer_secret_keys = false
+  can_use_smtp_credentials     = false
+}
+
+resource "null_resource" "terraform_key" {
+  provisioner "local-exec" {
+    command = "openssl genrsa -out ~/.oci/oci_${var.project}_terraform.pem 2048 && openssl rsa -pubout -in ~/.oci/oci_${var.project}_terraform.pem -out ~/.oci/oci_${var.project}_terraform_public.pem"
+  }
+}
+
+resource "oci_identity_api_key" "terraform" {
+  user_id   = oci_identity_user.terraform.id
+  key_value = file(pathexpand("~/.oci/oci_${var.project}_terraform_public.pem"))
+
+  depends_on = [null_resource.terraform_key]
+}

oracle/init/auth.tf

@@ -0,0 +1,13 @@
+
+# openssl genrsa -out ~/.oci/oci_api_key.pem 2048
+# chmod go-rwx ~/.oci/oci_api_key.pem
+# openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = "~/.oci/oci_api_key.pem"
+
+  region = var.region
+}

oracle/init/output.tf

@@ -0,0 +1,15 @@
+
+output "compartment_ocid" {
+  description = "compartment id"
+  value       = oci_identity_compartment.project.compartment_id
+}
+
+output "user_ocid" {
+  description = "user id"
+  value       = oci_identity_user.terraform.id
+}
+
+output "key_file" {
+  description = "key_file"
+  value       = "~/.oci/oci_${var.project}_terraform.pem"
+}

oracle/init/policy.tf

@@ -0,0 +1,24 @@
+
+resource "oci_identity_policy" "terraform" {
+  name           = "terraform"
+  description    = "policy created by terraform for terraform"
+  compartment_id = oci_identity_compartment.project.id
+
+  statements = [
+    "Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}",
+    "Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}",
+    "Allow group ${oci_identity_group.terraform.name} to manage compute-management-family in compartment ${oci_identity_compartment.project.name}",
+    "Allow group ${oci_identity_group.terraform.name} to manage instance-family in compartment ${oci_identity_compartment.project.name}",
+    "Allow group ${oci_identity_group.terraform.name} to manage instance-images in compartment ${oci_identity_compartment.project.name}",
+  ]
+}
+
+resource "oci_identity_policy" "operator" {
+  name           = "operator"
+  description    = "policy created by terraform for operators"
+  compartment_id = oci_identity_compartment.project.id
+
+  statements = [
+    "Allow group ${oci_identity_group.operator.name} to use instance-pools in compartment ${oci_identity_compartment.project.name}",
+  ]
+}

oracle/init/variables.tf

@@ -0,0 +1,14 @@
+
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "region" {
+  description = "the OCI region where resources will be created"
+  type        = string
+  default     = null
+}
+
+variable "project" {
+  type    = string
+  default = "main"
+}

oracle/init/versions.tf

@@ -0,0 +1,9 @@
+
+terraform {
+  required_providers {
+    oci = {
+      source  = "hashicorp/oci"
+      version = "4.56.0"
+    }
+  }
+}

oracle/prepare/images.tf

@@ -7,6 +7,14 @@ resource "oci_objectstorage_object" "talos_amd64" {
   content_md5 = filemd5("oracle-amd64.qcow2")
 }
 
+resource "oci_objectstorage_object" "talos_arm64" {
+  bucket      = oci_objectstorage_bucket.images.name
+  namespace   = data.oci_objectstorage_namespace.ns.namespace
+  object      = "talos-arm64.qcow2"
+  source      = "oracle-arm64.qcow2"
+  content_md5 = filemd5("oracle-arm64.qcow2")
+}
+
 resource "oci_core_image" "talos_amd64" {
   compartment_id = var.tenancy_ocid
 
@@ -29,6 +37,28 @@ resource "oci_core_image" "talos_amd64" {
   }
 }
 
+resource "oci_core_image" "talos_arm64" {
+  compartment_id = var.tenancy_ocid
+
+  display_name = "Talos-arm64"
+  launch_mode  = "NATIVE"
+
+  image_source_details {
+    source_type    = "objectStorageTuple"
+    namespace_name = oci_objectstorage_bucket.images.namespace
+    bucket_name    = oci_objectstorage_bucket.images.name
+    object_name    = oci_objectstorage_object.talos_arm64.object
+
+    operating_system         = "Talos"
+    operating_system_version = "0.14.0"
+    source_image_type        = "QCOW2"
+  }
+
+  timeouts {
+    create = "30m"
+  }
+}
+
 # resource "oci_core_compute_image_capability_schema" "talos_amd64" {
 #   compartment_id = var.tenancy_ocid