Stephen Cross scross01

## opc-sec-rule-ssh.tf
resource "opc_compute_security_list" "enable-ssh" {
  name                 = "Enable-SSH-access"
  policy               = "DENY"
  outbound_cidr_policy = "PERMIT"
}

resource "opc_compute_sec_rule" "allow-ssh" {
  name             = "Allow-ssh-access"
  source_list      = "seciplist:/oracle/public/public-internet"
  destination_list = "seclist:${opc_compute_security_list.enable-ssh.name}"

## config
Host my-private-host
Hostname <PRIVATE_IP>
User opc
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh -i ~/.ssh/id_rsa opc@<BASTION_IP> -W %h:%p %r

## config
Host *
    ServerAliveInterval 300
    ServerAliveCountMax 2

## opc-set-shared-network-resolver.sh
# get the IP address for eth0
private_ip=$(/sbin/ifconfig eth0 | grep 'inet ' | awk '{ print $2 }')
# shared network private IPs are in a /30 subnet, nameserver is IP address -1
nameserver=$(echo ${private_ip} | awk -F. '{ sub("."$4,"."$4-1) } 1')
# append to /etc/resolv.conf
sudo sed -i -e "\$anameserver ${nameserver}" /etc/resolv.conf
	resource "opc_compute_security_list" "enable-ssh" {
	name = "Enable-SSH-access"
	policy = "DENY"
	outbound_cidr_policy = "PERMIT"
	}

	resource "opc_compute_sec_rule" "allow-ssh" {
	name = "Allow-ssh-access"
	source_list = "seciplist:/oracle/public/public-internet"
	destination_list = "seclist:${opc_compute_security_list.enable-ssh.name}"
	Host my-private-host
	Hostname <PRIVATE_IP>
	User opc
	IdentityFile ~/.ssh/id_rsa
	ProxyCommand ssh -i ~/.ssh/id_rsa opc@<BASTION_IP> -W %h:%p %r
	# get the IP address for eth0
	private_ip=$(/sbin/ifconfig eth0 \| grep 'inet ' \| awk '{ print $2 }')
	# shared network private IPs are in a /30 subnet, nameserver is IP address -1
	nameserver=$(echo ${private_ip} \| awk -F. '{ sub("."$4,"."$4-1) } 1')
	# append to /etc/resolv.conf
	sudo sed -i -e "\$anameserver ${nameserver}" /etc/resolv.conf