Merge pull request #1 from oracle-devrel/develop

First commit in DevRel

.gitignore

@@ -1,8 +1,21 @@
 # General
 .DS_Store
+**/.DS_Store
 .AppleDouble
 .LSOverride
 
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+*.zip*
+*.tfvars
+
+# terraform lock file
+**/.terraform.lock.hcl
+
 # Icon must end with two \r
 Icon
 

LICENSE

@@ -1,35 +1,27 @@
-Copyright (c) 2021 Oracle and/or its affiliates.
+Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
 
 The Universal Permissive License (UPL), Version 1.0
 
-Subject to the condition set forth below, permission is hereby granted to any
-person obtaining a copy of this software, associated documentation and/or data
-(collectively the "Software"), free of charge and under any and all copyright
-rights in the Software, and any and all patent rights owned or freely
-licensable by each licensor hereunder covering either (i) the unmodified
-Software as contributed to or provided by such licensor, or (ii) the Larger
-Works (as defined below), to deal in both
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
 
 (a) the Software, and
-(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
-one is included with the Software (each a "Larger Work" to which the Software
-is contributed by such licensors),
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
 
-without restriction, including without limitation the rights to copy, create
-derivative works of, display, perform, and distribute the Software and make,
-use, sell, offer for sale, import, export, have made, and have sold the
-Software and the Larger Work(s), and to sublicense the foregoing rights on
-either these or other terms.
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
 
 This license is subject to the following condition:
-The above copyright notice and either this complete permission notice or at
-a minimum a reference to the UPL must be included in all copies or
-substantial portions of the Software.
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

README.md

@@ -1,32 +1,164 @@
-# terraform-oci-arch-jboss-wildfly-atp
+# terraform-oci-arch-jboss-wildfly-atp 
 
-[![License: UPL](https://img.shields.io/badge/license-UPL-green)](https://img.shields.io/badge/license-UPL-green) [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=oracle-devrel_terraform-oci-arch-jboss-wildfly-atp)](https://sonarcloud.io/dashboard?id=oracle-devrel_terraform-oci-arch-jboss-wildfly-atp)
+## Introduction
 
-## THIS IS A NEW, BLANK REPO THAT IS NOT READY FOR USE YET.  PLEASE CHECK BACK SOON!
+WildFly supports the latest standards for REST-based data access, including JAX-RS 2, and JSON-P. Building on Jakarta EE provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden.
 
-## Introduction
-MISSING
+## Reference Archirecture
+
+For details of the architecture, see [_Deploy WildFly connected to an autonomous database_](https://docs.oracle.com/en/solutions/wildfly-oci/index.html)
+
+## Architecture Diagram
+![](./images/architecture-wildfly-oci.png)
+
+## Prerequisites
+
+- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `route-tables`, `network-security-groups`, `subnets`, `autonomous-database-family`, and `instances`.
+
+- Quota to create the following resources: 1 VCN, 3 subnets, 1 Internet Gateway, 1 NAT Gateway, 2 route rules, 1 Load Balancer, 1 ATP instance, and 3 compute instances (bastion host + 2 JBoss servers).
+
+If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm).
+
+## Deploy Using Oracle Resource Manager
+
+1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-devrel/terraform-arch-oci-jboss-wildfly-atp/releases/latest/download/terraform-oci-arch-jboss-wildfly-atp.zip)
+
+    If you aren't already signed in, when prompted, enter the tenancy and user credentials.
+
+2. Review and accept the terms and conditions.
+
+3. Select the region where you want to deploy the stack.
+
+4. Follow the on-screen prompts and instructions to create the stack.
+
+5. After creating the stack, click **Terraform Actions**, and select **Plan**.
+
+6. Wait for the job to be completed, and review the plan.
+
+    To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.
+
+7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 
+
+## Deploy Using the Terraform CLI
+
+Now, you'll want a local copy of this repo. You can make that with the commands:
+
+```
+    git clone https://github.com/oracle-devrel/terraform-arch-oci-jboss-wildfly-atp.git
+    cd terraform-arch-oci-jboss-wildfly-atp
+    ls
+```
+
+## Prerequisites
+First off, you'll need to do some pre-deploy setup.  That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites).
+
+Create a `terraform.tfvars` file, and specify the following variables:
+
+```
+# Authentication
+tenancy_ocid         = "<tenancy_ocid>"
+user_ocid            = "<user_ocid>"
+fingerprint          = "<finger_print>"
+private_key_path     = "<pem_private_key_path>"
+
+# Region
+region               = "<oci_region>"
+
+# Compartment
+compartment_ocid     = "<compartment_ocid>"
+
+# ATP
+atp_password         = "<atp_password>"
 
-## Getting Started
-MISSING
+# JBoss Config
+jboss_admin_password = "<jboss_admin_password>"
 
-### Prerequisites
-MISSING
+````
 
-## Notes/Issues
-MISSING
+## Create the Resources
+Run the following commands:
 
-## URLs
-* Nothing at this time
+    terraform init
+    terraform plan
+    terraform apply
+
+
+## Testing deployment 
+
+### Access the Admin Console
+
+There is no application deployed, but once deployed applications will be available at
+
+http://<LOAD_BALANCER_IP>/
+
+To access the admin console, you have 2 options:
+
+### Access the console through a SOCKSv5 proxy
+
+Create a SOCKSv5 proxy through the public IP of the bastion host.
+
+For example SOCKS v5 proxy on port 1088
+
+```bash
+ssh -C -D 1088 [email protected]
+```
+
+Then configure your browser to use a manual SOCK5 proxy, (On Firefox, click **Preferences**, then search for **PROXY**, and click **Settings**). Select Manual Proxy, and SOCKSv5 option. Pass it 'localhost' as the host and 1088 as the port.
+
+You can then connect through the browser using the Private IP of the server.
+
+For example: http://10.1.2.2:9990/ to reach the WildFly console.
+
+### Access the console through SSH tunnel
+
+You can tunnel to the jboss instance through the bastion host with 
+
+```bash
+export BASTION_IP=<bastion-ip>
+export JBOSS_HOST=<jboss-host-private-ip>
+
+# tunnel
+ssh -M -S socket -fnNT -L 9990:${JBOSS_HOST}:9990 opc@${BASTION_IP} cat -
+ssh -S socket -O check opc@${BASTION_IP}
+```
+
+Then the admin console will be available on localhost at: http://localhost:9990/
+
+### SSH to a Jboss instance
+
+You can SSH to the JBoss instance using:
+
+```bash
+ssh -J opc@${BASTION_IP} opc@${HOST}
+```
+
+or if you need to pass a private key identity, use:
+
+```bash
+ssh -o ProxyCommand="ssh -W %h:%p -i <private_key> opc@${BASTION_IP}" -i <private_key> opc@${HOST}
+```
+
+### SCP files to a JBoss instance
+
+To SCP files to the JBoss instance (i.e. to deploy applications)
+
+```bash
+scp -o ProxyCommand="ssh -W %h:%p opc@${BASTION_IP}" <file-to-transfer.ext> opc@${HOST}:~/
+```
 
 ## Contributing
 This project is open source.  Please submit your contributions by forking this repository and submitting a pull request!  Oracle appreciates any contributions that are made by the open source community.
 
+### Attribution & Credits
+Initially, this project was created and distributed in [GitHub Oracle QuickStart space](https://github.com/oracle-quickstart/oci-jboss-wildfly-atp). For that reason, we would like to thank all the involved contributors enlisted below:
+- Emmanuel Leroy (https://github.com/streamnsight) 
+- Lukasz Feldman (https://github.com/lfeldman)
+
+
 ## License
 Copyright (c) 2022 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 
 See [LICENSE](LICENSE) for more details.
 
-ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.  FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. 

bastion.tf

@@ -0,0 +1,83 @@
+## Copyright (c) 2022 Oracle and/or its affiliates.
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+resource "oci_bastion_bastion" "bastion-service" {
+  count                        = var.use_bastion_service ? 1 : 0
+  bastion_type                 = "STANDARD"
+  compartment_id               = var.compartment_ocid
+  target_subnet_id             = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_jboss[0].id : var.compute_subnet_id
+  client_cidr_block_allow_list = ["0.0.0.0/0"]
+  defined_tags                 = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  name                         = "BastionService"
+  max_session_ttl_in_seconds   = 1800
+}
+
+resource "oci_bastion_session" "ssh_via_bastion_service" {
+  depends_on = [oci_core_instance.jboss_server,
+    oci_core_nat_gateway.vcn01_nat_gateway,
+    oci_core_route_table_attachment.vcn01_subnet_jboss_route_table_attachment,
+    oci_core_route_table.vnc01_nat_route_table,
+    oci_core_network_security_group.SSHSecurityGroup,
+    oci_core_network_security_group_security_rule.SSHSecurityEgressGroupRule,
+    oci_core_network_security_group_security_rule.SSHSecurityIngressGroupRules
+  ]
+
+  count      = var.use_bastion_service ? var.numberOfNodes : 0
+  bastion_id = oci_bastion_bastion.bastion-service[0].id
+
+  key_details {
+    public_key_content = tls_private_key.public_private_key_pair.public_key_openssh
+  }
+  target_resource_details {
+    session_type       = "MANAGED_SSH"
+    target_resource_id = oci_core_instance.jboss_server[count.index].id
+
+    #Optional
+    target_resource_operating_system_user_name = "opc"
+    target_resource_port                       = 22
+    target_resource_private_ip_address         = oci_core_instance.jboss_server[count.index].private_ip
+  }
+
+  display_name           = "ssh_via_bastion_service"
+  key_type               = "PUB"
+  session_ttl_in_seconds = 1800
+}
+
+
+resource "oci_core_instance" "bastion_instance" {
+  count               = var.use_bastion_service ? 0 : 1
+  availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name
+  compartment_id      = var.compartment_ocid
+  display_name        = "BastionVM"
+  shape               = var.InstanceShape
+
+  dynamic "shape_config" {
+    for_each = local.is_flexible_node_shape ? [1] : []
+    content {
+      memory_in_gbs = var.InstanceFlexShapeMemory
+      ocpus         = var.InstanceFlexShapeOCPUS
+    }
+  }
+
+  create_vnic_details {
+    subnet_id        = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_bastion[0].id : var.bastion_subnet_id
+    display_name     = "bastion"
+    assign_public_ip = true
+    nsg_ids          = !var.use_existing_nsg ? [oci_core_network_security_group.SSHSecurityGroup[0].id] : var.bastion_nsg_ids
+  }
+
+  source_details {
+    source_type             = "image"
+    source_id               = data.oci_core_images.InstanceImageOCID.images[0].id
+    boot_volume_size_in_gbs = "50"
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_public_key
+    user_data           = data.template_cloudinit_config.cloud_init.rendered
+  }
+
+  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
+
+