Last active
April 5, 2023 21:05
-
-
Save recursivecodes/9d4c3ae2e176933cb2a99dbbf25c34b4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# set variables | |
OCI_FN_TENANCY=<your tenancy name> | |
OCI_FN_HOME_REGION=us-ashburn-1 | |
OCI_FN_FN_REGION=us-phoenix-1 | |
OCI_FN_USER_NAME=faas-user | |
OCI_FN_GROUP_NAME=faas-group | |
OCI_FN_COMPARTMENT_NAME=faas-compartment | |
OCI_FN_POLICY_NAME=faas-demo-policy | |
OCI_FN_VCN_NAME=faas-demo-vcn | |
OCI_FN_VCN_CIDR_BLOCK=10.0.0.0/16 | |
OCI_FN_SUBNET_1_NAME=faas-subnet-1 | |
OCI_FN_SUBNET_2_NAME=faas-subnet-2 | |
OCI_FN_SUBNET_3_NAME=faas-subnet-3 | |
OCI_FN_SUBNET_1_AD=odti:PHX-AD-1 | |
OCI_FN_SUBNET_2_AD=odti:PHX-AD-2 | |
OCI_FN_SUBNET_3_AD=odti:PHX-AD-3 | |
OCI_FN_VCN_SUBNET_1_CIDR_BLOCK=10.0.1.0/24 | |
OCI_FN_VCN_SUBNET_2_CIDR_BLOCK=10.0.2.0/24 | |
OCI_FN_VCN_SUBNET_3_CIDR_BLOCK=10.0.3.0/24 | |
OCI_FN_INTERNET_GATEWAY_NAME=faas-internet-gateway | |
# create compartment: | |
OCI_FN_COMPARTMENT_ID=$(oci iam compartment create --name ${OCI_FN_COMPARTMENT_NAME} --description "A compartment to demo FaaS" --region ${OCI_FN_HOME_REGION} --query "data.id" --raw-output) | |
echo Created compartment ${OCI_FN_COMPARTMENT_NAME} with ID ${OCI_FN_COMPARTMENT_ID} | |
# create group | |
OCI_FN_GROUP_ID=$(oci iam group create --name ${OCI_FN_GROUP_NAME} --description "A group for FaaS users" --region ${OCI_FN_HOME_REGION} --query "data.id" --raw-output) | |
echo Created group ${OCI_FN_GROUP_NAME} with ID ${OCI_FN_GROUP_ID} | |
# create user: | |
OCI_FN_USER_ID=$(oci iam user create --name ${OCI_FN_USER_NAME} --description "A user for the FaaS service" --region ${OCI_FN_HOME_REGION} --query "data.id" --raw-output) | |
echo Created user ${OCI_FN_USER_NAME} with ID ${OCI_FN_USER_ID} | |
# create user auth token (for docker login): | |
OCI_FN_USER_AUTH_TOKEN=$(oci iam auth-token create --user-id ${OCI_FN_USER_ID} --description "auth token for ${OCI_FN_USER_NAME}" --region ${OCI_FN_HOME_REGION} --query "data.token" --raw-output) | |
echo Created Auth Token. Remember this token, it can not be retrieved in the future: "${OCI_FN_USER_AUTH_TOKEN}" | |
# add user to group: | |
OCI_FN_USER_GROUP_ID=$(oci iam group add-user --group-id ${OCI_FN_GROUP_ID} --user-id ${OCI_FN_USER_ID} --region ${OCI_FN_HOME_REGION} --raw-output --query "data.id") | |
echo Added user ${OCI_FN_USER_NAME} to group ${OCI_FN_GROUP_NAME} | |
# create group policy: | |
STATEMENTS="[\"Allow group "${OCI_FN_GROUP_NAME}" to manage repos in tenancy\", \"Allow service FaaS to read repos in tenancy\", \"Allow group "${OCI_FN_GROUP_NAME}" to manage functions-family in compartment "${OCI_FN_COMPARTMENT_NAME}"\", \"Allow group "${OCI_FN_GROUP_NAME}" to manage vnics in compartment "${OCI_FN_COMPARTMENT_NAME}"\", \"Allow group "${OCI_FN_GROUP_NAME}" to inspect subnets in compartment "${OCI_FN_COMPARTMENT_NAME}"\", \"Allow service FaaS to use virtual-network-family in compartment "${OCI_FN_COMPARTMENT_NAME}"\"]" | |
echo $STATEMENTS > statements.json | |
OCI_FN_POLICY_ID=$(oci iam policy create --name ${OCI_FN_POLICY_NAME} --description "A policy for the group ${OCI_FN_GROUP_NAME}" --statements file://`pwd`/statements.json --region ${OCI_FN_HOME_REGION} --raw-output --query "data.id" --wait-for-state ACTIVE --wait-interval-seconds 3) | |
echo Created policy ${OCI_FN_POLICY_NAME}. Use the command: \'oci iam policy get --policy-id "${OCI_FN_POLICY_ID}"\' if you want to view the policy. | |
# create VCN: | |
echo Creating VCN. This may take a few seconds... | |
n=0 | |
until [ $n -ge 6 ] | |
do | |
OCI_FN_VCN_ID=$(oci network vcn create --cidr-block ${OCI_FN_VCN_CIDR_BLOCK} --compartment-id ${OCI_FN_COMPARTMENT_ID} --display-name ${OCI_FN_VCN_NAME} --query "data.id" --raw-output) && break | |
n=$[$n+1] | |
echo [create failed, trying again in 10 seconds...] | |
sleep 10 | |
done | |
if [ $n -eq 6 ]; then | |
fail "Could not create VCN, exiting script!" | |
else | |
OCI_FN_VCN_ROUTE_TABLE_ID=$(oci network vcn get --vcn-id ${OCI_FN_VCN_ID} --query 'data."default-route-table-id"' --raw-output) | |
OCI_FN_VCN_SECURITY_LIST_ID=$(oci network vcn get --vcn-id ${OCI_FN_VCN_ID} --query 'data."default-security-list-id"' --raw-output) | |
echo Created VCN ${OCI_FN_VCN_NAME} with ID ${OCI_FN_VCN_ID} | |
fi | |
# create subnets: | |
OCI_SUBNET_1=$(oci network subnet create --display-name ${OCI_FN_SUBNET_1_NAME} --availability-domain ${OCI_FN_SUBNET_1_AD} --cidr-block "${OCI_FN_VCN_SUBNET_1_CIDR_BLOCK}" --compartment-id ${OCI_FN_COMPARTMENT_ID} --vcn-id ${OCI_FN_VCN_ID} --query 'data.id' --raw-output) | |
OCI_SUBNET_2=$(oci network subnet create --display-name ${OCI_FN_SUBNET_2_NAME} --availability-domain ${OCI_FN_SUBNET_2_AD} --cidr-block "${OCI_FN_VCN_SUBNET_2_CIDR_BLOCK}" --compartment-id ${OCI_FN_COMPARTMENT_ID} --vcn-id ${OCI_FN_VCN_ID} --query 'data.id' --raw-output) | |
OCI_SUBNET_3=$(oci network subnet create --display-name ${OCI_FN_SUBNET_3_NAME} --availability-domain ${OCI_FN_SUBNET_3_AD} --cidr-block "${OCI_FN_VCN_SUBNET_3_CIDR_BLOCK}" --compartment-id ${OCI_FN_COMPARTMENT_ID} --vcn-id ${OCI_FN_VCN_ID} --query 'data.id' --raw-output) | |
echo Created subnets: ${OCI_FN_SUBNET_1_NAME}, ${OCI_FN_SUBNET_2_NAME}, ${OCI_FN_SUBNET_3_NAME} | |
# create internet gateway: | |
OCI_FN_INTERNET_GATEWAY_ID=$(oci network internet-gateway create --display-name ${OCI_FN_INTERNET_GATEWAY_NAME} --is-enabled true --compartment-id ${OCI_FN_COMPARTMENT_ID} --vcn-id ${OCI_FN_VCN_ID} --query 'data.id' --raw-output) | |
echo Created internet gateway ${OCI_FN_INTERNET_GATEWAY_NAME} with ID ${OCI_FN_INTERNET_GATEWAY_ID} | |
# update default route table: (rule allows all internet traffic to hit the internet gateway we just created) | |
ROUTE_RULES="[{\"cidrBlock\":\"0.0.0.0/0\",\"networkEntityId\":\""${OCI_FN_INTERNET_GATEWAY_ID}"\"}]" | |
echo $ROUTE_RULES > route-rules.json | |
OCI_ROUTE_TABLE_UPDATE=$(oci network route-table update --rt-id ${OCI_FN_VCN_ROUTE_TABLE_ID} --route-rules file://`pwd`/route-rules.json --force) | |
echo Updated default route table for VCN to allow traffic to internet gateway | |
# update default security listOCI_SECURITY_LIST_UPDATE=$(oci network security-list update --security-list-id ${OCI_FN_VCN_SECURITY_LIST_ID} --ingress-security-rules '[{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 80, "min": 80}, "sourcePortRange": {"max": 80, "min": 80}}}]' --force) | |
echo Updated default security list to open port 80 for all subnets in VCN | |
printf "\nRemember to save the generated auth token:\n\n"${OCI_FN_USER_AUTH_TOKEN}"\n\nThis token is used for Docker login, with the username "${OCI_FN_TENANCY}"/"${OCI_FN_USER_NAME}"." | |
printf "\nYour new compartment ID is "${OCI_FN_COMPARTMENT_ID}"\n" | |
printf "Your subnet IDs are:\n\n"${OCI_FN_SUBNET_1_NAME}": "${OCI_SUBNET_1}"\n"${OCI_FN_SUBNET_2_NAME}": "${OCI_SUBNET_2}"\n"${OCI_FN_SUBNET_3_NAME}":"${OCI_SUBNET_3}"\n" | |
printf "\nUse these subnets for your Fn applications." | |
printf "\nYour user ID is: "${OCI_FN_USER_ID} | |
printf "\nYou can use the following profile section to modify your OCI CLI config for use with Fn (you'll need to generate a key and populate the necessary key related items):\n" | |
printf "[faas]\n" | |
printf "user="${OCI_FN_USER_ID}"\n" | |
printf "fingerprint=<public-key-fingerprint>\n" | |
printf "key_file=<private-key-pem-file>\n" | |
printf "tenancy="${OCI_FN_TENANCY}"\n" | |
printf "region="${OCI_FN_FN_REGION}"\n" | |
printf "pass_phrase=<passphrase>""\n" | |
printf "\nOCI Fn Config Complete. Your tenancy is now set up to use Fn." | |
rm statements.json >/dev/null 2>&1 | |
rm route-rules.json >/dev/null 2>&1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, Line 83 is missing a new line after "# update default security list"