From 37cea512d32d672e8f9611d356259b9bb15b9deb Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Sun, 19 Dec 2021 11:25:03 +0200 Subject: [PATCH] Images capability --- oracle/Makefile | 3 +- oracle/init/output.tf | 2 +- oracle/init/policy.tf | 6 ++- oracle/prepare/auth.tf | 5 +- oracle/prepare/bucket.tf | 2 +- oracle/prepare/common.tf | 10 ++-- oracle/prepare/images.tf | 97 ++++++++++++------------------------- oracle/prepare/network.tf | 3 +- oracle/prepare/variables.tf | 3 ++ 9 files changed, 52 insertions(+), 79 deletions(-) diff --git a/oracle/Makefile b/oracle/Makefile index a7b06a0..ef60d66 100644 --- a/oracle/Makefile +++ b/oracle/Makefile @@ -5,7 +5,8 @@ help: @awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) create-network: ## Create networks - cd prepare && terraform init && terraform apply -auto-approve + cd prepare && terraform init && terraform apply -target=oci_core_vcn.main -auto-approve + cd prepare && terraform apply -auto-approve create-lb: ## Create loadbalancer terraform init diff --git a/oracle/init/output.tf b/oracle/init/output.tf index 1e5cce6..4859261 100644 --- a/oracle/init/output.tf +++ b/oracle/init/output.tf @@ -1,7 +1,7 @@ output "compartment_ocid" { description = "compartment id" - value = oci_identity_compartment.project.compartment_id + value = oci_identity_compartment.project.id } output "user_ocid" { diff --git a/oracle/init/policy.tf b/oracle/init/policy.tf index 7d7e550..def0056 100644 --- a/oracle/init/policy.tf +++ b/oracle/init/policy.tf @@ -8,8 +8,12 @@ resource "oci_identity_policy" "terraform" { "Allow group ${oci_identity_group.terraform.name} to manage virtual-network-family in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage load-balancers in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage compute-management-family in compartment ${oci_identity_compartment.project.name}", + "Allow group ${oci_identity_group.terraform.name} to manage instances in compartment ${oci_identity_compartment.project.name}", "Allow group ${oci_identity_group.terraform.name} to manage instance-family in compartment ${oci_identity_compartment.project.name}", - "Allow group ${oci_identity_group.terraform.name} to manage instance-images in compartment ${oci_identity_compartment.project.name}", + "Allow group ${oci_identity_group.terraform.name} to manage compute-image-capability-schema in compartment ${oci_identity_compartment.project.name}", + "Allow group ${oci_identity_group.terraform.name} to read objectstorage-namespaces in compartment ${oci_identity_compartment.project.name}", + "Allow group ${oci_identity_group.terraform.name} to manage buckets in compartment ${oci_identity_compartment.project.name}", + "Allow group ${oci_identity_group.terraform.name} to manage objects in compartment ${oci_identity_compartment.project.name}", ] } diff --git a/oracle/prepare/auth.tf b/oracle/prepare/auth.tf index d5e913b..1f2262d 100644 --- a/oracle/prepare/auth.tf +++ b/oracle/prepare/auth.tf @@ -7,7 +7,6 @@ provider "oci" { tenancy_ocid = var.tenancy_ocid user_ocid = var.user_ocid fingerprint = var.fingerprint - private_key_path = "~/.oci/oci_api_key.pem" - - region = var.region + private_key_path = var.key_file + region = var.region } diff --git a/oracle/prepare/bucket.tf b/oracle/prepare/bucket.tf index 0fa737e..b973376 100644 --- a/oracle/prepare/bucket.tf +++ b/oracle/prepare/bucket.tf @@ -4,7 +4,7 @@ resource "random_id" "backet" { } resource "oci_objectstorage_bucket" "images" { - compartment_id = var.tenancy_ocid + compartment_id = var.compartment_ocid namespace = data.oci_objectstorage_namespace.ns.namespace name = "${var.project}-images-${random_id.backet.hex}" access_type = "NoPublicAccess" diff --git a/oracle/prepare/common.tf b/oracle/prepare/common.tf index 7efc3b7..6124aad 100644 --- a/oracle/prepare/common.tf +++ b/oracle/prepare/common.tf @@ -1,6 +1,10 @@ data "oci_identity_availability_domains" "main" { - compartment_id = var.tenancy_ocid + compartment_id = var.compartment_ocid +} + +data "oci_objectstorage_namespace" "ns" { + compartment_id = var.compartment_ocid } locals { @@ -14,7 +18,3 @@ data "oci_core_services" "object_store" { regex = true } } - -data "oci_objectstorage_namespace" "ns" { - compartment_id = var.tenancy_ocid -} diff --git a/oracle/prepare/images.tf b/oracle/prepare/images.tf index 70e6104..c20f9ba 100644 --- a/oracle/prepare/images.tf +++ b/oracle/prepare/images.tf @@ -16,10 +16,10 @@ resource "oci_objectstorage_object" "talos_arm64" { } resource "oci_core_image" "talos_amd64" { - compartment_id = var.tenancy_ocid + compartment_id = var.compartment_ocid display_name = "Talos-amd64" - launch_mode = "NATIVE" + launch_mode = "PARAVIRTUALIZED" image_source_details { source_type = "objectStorageTuple" @@ -38,10 +38,10 @@ resource "oci_core_image" "talos_amd64" { } resource "oci_core_image" "talos_arm64" { - compartment_id = var.tenancy_ocid + compartment_id = var.compartment_ocid display_name = "Talos-arm64" - launch_mode = "NATIVE" + launch_mode = "PARAVIRTUALIZED" image_source_details { source_type = "objectStorageTuple" @@ -59,69 +59,36 @@ resource "oci_core_image" "talos_arm64" { } } -# resource "oci_core_compute_image_capability_schema" "talos_amd64" { -# compartment_id = var.tenancy_ocid +data "oci_core_compute_global_image_capability_schemas" "default" {} +data "oci_core_compute_global_image_capability_schemas_version" "default" { + compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schemas.default.compute_global_image_capability_schemas[0].id + compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas.default.compute_global_image_capability_schemas[0].current_version_name +} -# compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas_version.default.name +resource "oci_core_compute_image_capability_schema" "talos_amd64" { + compartment_id = var.compartment_ocid + compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas.default.compute_global_image_capability_schemas[0].current_version_name -# display_name = "Talos-amd64" -# image_id = oci_core_image.talos_amd64.id + display_name = "Talos-amd64" + image_id = oci_core_image.talos_amd64.id + schema_data = { + "Storage.BootVolumeType" = "{\"descriptorType\":\"enumstring\",\"values\":[\"SCSI\",\"IDE\",\"PARAVIRTUALIZED\"],\"defaultValue\":\"PARAVIRTUALIZED\",\"source\":\"IMAGE\"}", + } +} -# schema_data = { -# "Storage.BootVolumeType" = "{\"descriptorType\":\"enumstring\",\"values\":[\"SCSI\",\"IDE\",\"PARAVIRTUALIZED\"],\"defaultValue\":\"PARAVIRTUALIZED\",\"source\":\"GLOBAL\"}", -# } -# } +resource "oci_core_compute_image_capability_schema" "talos_arm64" { + compartment_id = var.compartment_ocid + compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas.default.compute_global_image_capability_schemas[0].current_version_name -# data "oci_core_compute_image_capability_schemas" "talos_amd64" { -# compartment_id = var.tenancy_ocid -# image_id = oci_core_image.talos_amd64.id -# } + display_name = "Talos-arm64" + image_id = oci_core_image.talos_arm64.id + schema_data = { + "Storage.BootVolumeType" = "{\"descriptorType\":\"enumstring\",\"values\":[\"SCSI\",\"IDE\",\"PARAVIRTUALIZED\"],\"defaultValue\":\"PARAVIRTUALIZED\",\"source\":\"IMAGE\"}", + } +} -# data "oci_core_compute_global_image_capability_schemas_versions" "default" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schema.default.id -# } - -# data "oci_core_compute_global_image_capability_schemas" "default" { -# display_name = "OCI.ComputeGlobalImageCapabilitySchema" -# } - -# data "oci_core_compute_global_image_capability_schema" "default" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schemas.default.compute_global_image_capability_schemas[0].id -# } - -# data "oci_core_compute_global_image_capability_schemas_version" "default" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schema.default.id -# compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas_versions.default.compute_global_image_capability_schema_versions[0].name -# } - -# data "oci_core_compute_image_capability_schema" "test_compute_image_capability_schema" { -# compute_image_capability_schema_id = oci_core_compute_image_capability_schema.test_compute_image_capability_schema.id -# is_merge_enabled = "true" -# } - -# resource "oci_core_compute_image_capability_schema" "test_compute_image_capability_schema" { -# compartment_id = var.tenancy_ocid -# compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas_versions.test_compute_global_image_capability_schemas_versions_datasource.compute_global_image_capability_schema_versions[0].name -# display_name = "displayName" -# image_id = oci_core_image.talos_amd64.id - -# schema_data = { -# "Storage.BootVolumeType" = "{\"descriptorType\":\"enumstring\",\"values\":[\"SCSI\",\"IDE\",\"PARAVIRTUALIZED\"],\"defaultValue\":\"PARAVIRTUALIZED\",\"source\":\"GLOBAL\"}", -# } -# } - -# data "oci_core_compute_global_image_capability_schemas_version" "test_compute_global_image_capability_schemas_version_datasource" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schema.test_compute_global_image_capability_schema_datasource.id -# compute_global_image_capability_schema_version_name = data.oci_core_compute_global_image_capability_schemas_versions.test_compute_global_image_capability_schemas_versions_datasource.compute_global_image_capability_schema_versions[0].name -# } - -# data "oci_core_compute_global_image_capability_schemas_versions" "test_compute_global_image_capability_schemas_versions_datasource" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schema.test_compute_global_image_capability_schema_datasource.id -# } - -# data "oci_core_compute_global_image_capability_schema" "test_compute_global_image_capability_schema_datasource" { -# compute_global_image_capability_schema_id = data.oci_core_compute_global_image_capability_schemas.test_compute_global_image_capability_schemas_datasource.compute_global_image_capability_schemas[0].id -# } - -# data "oci_core_compute_global_image_capability_schemas" "test_compute_global_image_capability_schemas_datasource" { -# } +resource "oci_core_shape_management" "talos_arm64" { + compartment_id = var.compartment_ocid + image_id = oci_core_image.talos_arm64.id + shape_name = "VM.Standard.A1.Flex" +} diff --git a/oracle/prepare/network.tf b/oracle/prepare/network.tf index 7049627..9751758 100644 --- a/oracle/prepare/network.tf +++ b/oracle/prepare/network.tf @@ -1,7 +1,6 @@ resource "oci_core_vcn" "main" { - compartment_id = var.tenancy_ocid - + compartment_id = var.compartment_ocid display_name = var.project cidr_blocks = [var.vpc_main_cidr] is_ipv6enabled = true diff --git a/oracle/prepare/variables.tf b/oracle/prepare/variables.tf index 6707f2d..7aa2276 100644 --- a/oracle/prepare/variables.tf +++ b/oracle/prepare/variables.tf @@ -3,6 +3,9 @@ variable "compartment_ocid" {} variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} +variable "key_file" { + default = "~/.oci/oci_public.pem" +} variable "project" { type = string