Skip to content

Instantly share code, notes, and snippets.

@lucassrg

lucassrg/main.tf

Created October 20, 2017 04:54
Show Gist options
  • Save lucassrg/9b97fb224cb4882d7db6b04a5b048ea8 to your computer and use it in GitHub Desktop.
Save lucassrg/9b97fb224cb4882d7db6b04a5b048ea8 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform template vcn
Raw
main.tf
variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "compartment_ocid" {}
variable "region" {}
variable "ssh_public_key_path" {}
variable "ssh_private_key_path" {}
variable "availability_domain" {}
variable "instance_shape" {}
variable "prefix" {
default = "test"
}
variable "vcn_cidr_block" {
default = "10.0.0.0/16"
}
variable "subnet_cidr_block" {
default = "10.0.0.0/24"
}
provider "oci" {
tenancy_ocid = "${var.tenancy_ocid}"
user_ocid = "${var.user_ocid}"
fingerprint = "${var.fingerprint}"
private_key_path = "${var.ssh_private_key_path}"
region = "${var.region}"
}
data "oci_identity_availability_domains" "ads" {
compartment_id = "${var.tenancy_ocid}"
}
resource "oci_core_virtual_network" "vcn" {
cidr_block = "${var.vcn_cidr_block}"
compartment_id = "${var.compartment_ocid}"
display_name = "vcn"
dns_label = "vcn"
}
resource "oci_core_internet_gateway" "ig" {
compartment_id = "${var.compartment_ocid}"
display_name = "${var.prefix}-ig"
vcn_id = "${oci_core_virtual_network.vcn.id}"
}
resource "oci_core_route_table" "rt" {
compartment_id = "${var.compartment_ocid}"
vcn_id = "${oci_core_virtual_network.vcn.id}"
display_name = "${var.prefix}-rt"
route_rules {
cidr_block = "0.0.0.0/0"
network_entity_id = "${oci_core_internet_gateway.ig.id}"
}
}
resource "oci_core_subnet" "subnet" {
availability_domain = "${lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain - 1],"name")}"
cidr_block = "${var.subnet_cidr_block}"
display_name = "subnet"
compartment_id = "${var.compartment_ocid}"
vcn_id = "${oci_core_virtual_network.vcn.id}"
route_table_id = "${oci_core_route_table.rt.id}"
security_list_ids = ["${oci_core_security_list.host-security_list.id}"]
dhcp_options_id = "${oci_core_virtual_network.vcn.default_dhcp_options_id}"
dns_label = "hostsubnet"
}
# Protocols are specified as protocol numbers.
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
resource "oci_core_security_list" "host-security_list" {
compartment_id = "${var.compartment_ocid}"
vcn_id = "${oci_core_virtual_network.vcn.id}"
display_name = "mgmt-security-list"
// allow outbound tcp traffic on all ports
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "6"
}
// allow inbound http (port 443) traffic
ingress_security_rules {
protocol = "6" // tcp
source = "0.0.0.0/0"
stateless = false
tcp_options {
"min" = 443
"max" = 443
}
}
// allow inbound traffic to port 5901 (vnc)
ingress_security_rules {
protocol = "6" // tcp
source = "0.0.0.0/0"
stateless = false
tcp_options {
"min" = 5901
"max" = 5901
}
}
// allow inbound ssh traffic
ingress_security_rules {
protocol = "6" // tcp
source = "0.0.0.0/0"
stateless = false
tcp_options {
"min" = 22
"max" = 22
}
}
// allow inbound icmp traffic of a specific type
ingress_security_rules {
protocol = 1
source = "0.0.0.0/0"
stateless = true
icmp_options {
"type" = 3
"code" = 4
}
}
}
Raw
terraform apply
$ terraform apply
data.oci_identity_availability_domains.ads: Refreshing state...
oci_core_virtual_network.vcn: Creating...
cidr_block: "" => "10.0.0.0/16"
compartment_id: "" => "ocid1.tenancy.oc1................."
default_dhcp_options_id: "" => "<computed>"
default_route_table_id: "" => "<computed>"
default_security_list_id: "" => "<computed>"
display_name: "" => "vcn"
dns_label: "" => "vcn"
state: "" => "<computed>"
time_created: "" => "<computed>"
oci_core_virtual_network.vcn: Creation complete after 2s (ID: ocid1.vcn.oc1.phx...........)
oci_core_internet_gateway.ig: Creating...
compartment_id: "" => "ocid1.tenancy.oc1................."
display_name: "" => "test-ig"
enabled: "" => "true"
state: "" => "<computed>"
time_created: "" => "<computed>"
time_modified: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.phx............)"
oci_core_security_list.host-security_list: Creating...
compartment_id: "" => "ocid1.tenancy.oc1................."
display_name: "" => "mgmt-security-list"
egress_security_rules.#: "" => "1"
egress_security_rules.0.destination: "" => "0.0.0.0/0"
egress_security_rules.0.protocol: "" => "6"
egress_security_rules.0.stateless: "" => "false"
ingress_security_rules.#: "" => "4"
ingress_security_rules.0.protocol: "" => "6"
ingress_security_rules.0.source: "" => "0.0.0.0/0"
ingress_security_rules.0.stateless: "" => "false"
ingress_security_rules.0.tcp_options.#: "" => "1"
ingress_security_rules.0.tcp_options.0.max: "" => "443"
ingress_security_rules.0.tcp_options.0.min: "" => "443"
ingress_security_rules.1.protocol: "" => "6"
ingress_security_rules.1.source: "" => "0.0.0.0/0"
ingress_security_rules.1.stateless: "" => "false"
ingress_security_rules.1.tcp_options.#: "" => "1"
ingress_security_rules.1.tcp_options.0.max: "" => "5901"
ingress_security_rules.1.tcp_options.0.min: "" => "5901"
ingress_security_rules.2.protocol: "" => "6"
ingress_security_rules.2.source: "" => "0.0.0.0/0"
ingress_security_rules.2.stateless: "" => "false"
ingress_security_rules.2.tcp_options.#: "" => "1"
ingress_security_rules.2.tcp_options.0.max: "" => "22"
ingress_security_rules.2.tcp_options.0.min: "" => "22"
ingress_security_rules.3.icmp_options.#: "" => "1"
ingress_security_rules.3.icmp_options.0.code: "" => "4"
ingress_security_rules.3.icmp_options.0.type: "" => "3"
ingress_security_rules.3.protocol: "" => "1"
ingress_security_rules.3.source: "" => "0.0.0.0/0"
ingress_security_rules.3.stateless: "" => "true"
state: "" => "<computed>"
time_created: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.phx............)"
oci_core_internet_gateway.ig: Creation complete after 1s (ID: ocid1.internetgateway.oc1.phx.aaaaaaaaq..............))
oci_core_route_table.rt: Creating...
compartment_id: "" => "ocid1.tenancy.oc1.............)"
display_name: "" => "test-rt"
route_rules.#: "" => "1"
route_rules.0.cidr_block: "" => "0.0.0.0/0"
route_rules.0.network_entity_id: "" => "ocid1.internetgateway.oc1.phx............)"
state: "" => "<computed>"
time_created: "" => "<computed>"
time_modified: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.phx............)"
oci_core_security_list.host-security_list: Creation complete after 1s (ID: ocid1.securitylist.oc1.phx.aaaaaaaa73wh..............))
oci_core_route_table.rt: Still creating... (10s elapsed)
oci_core_route_table.rt: Creation complete after 17s (ID: ocid1.routetable.oc1.phx.aaaaaaaahhdh77..............))
oci_core_subnet.subnet: Creating...
availability_domain: "" => "floz:PHX-AD-1"
cidr_block: "" => "10.0.0.0/24"
compartment_id: "" => "ocid1.tenancy.oc1.............)"
dhcp_options_id: "" => "ocid1.dhcpoptions.oc1.phx............)"
display_name: "" => "subnet"
dns_label: "" => "hostsubnet"
prohibit_public_ip_on_vnic: "" => "false"
route_table_id: "" => "ocid1.routetable.oc1.phx............)"
security_list_ids.#: "" => "1"
security_list_ids.1167930526: "" => "ocid1.securitylist.oc1.phx............)"
state: "" => "<computed>"
time_created: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.phx............)"
virtual_router_ip: "" => "<computed>"
virtual_router_mac: "" => "<computed>"
oci_core_subnet.subnet: Still creating... (10s elapsed)
oci_core_subnet.subnet: Still creating... (20s elapsed)
oci_core_subnet.subnet: Creation complete after 28s (ID: ocid1.subnet.oc1.phx.aaaaaaaazlcpdyceje..............))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment