diff --git a/.gitignore b/.gitignore index 4e16e08..9c6a4d4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,21 @@ # General .DS_Store +**/.DS_Store .AppleDouble .LSOverride +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* +*.zip* +*.tfvars + +# terraform lock file +**/.terraform.lock.hcl + # Icon must end with two \r Icon diff --git a/LICENSE b/LICENSE index fe41e72..93fda4e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,35 +1,27 @@ -Copyright (c) 2021 Oracle and/or its affiliates. +Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. The Universal Permissive License (UPL), Version 1.0 -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both (a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md index 9440b52..68894e3 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,160 @@ -# terraform-oci-arch-jboss-wildfly-atp +# terraform-oci-arch-jboss-wildfly-atp -[![License: UPL](https://img.shields.io/badge/license-UPL-green)](https://img.shields.io/badge/license-UPL-green) [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=oracle-devrel_terraform-oci-arch-jboss-wildfly-atp)](https://sonarcloud.io/dashboard?id=oracle-devrel_terraform-oci-arch-jboss-wildfly-atp) +## Introduction -## THIS IS A NEW, BLANK REPO THAT IS NOT READY FOR USE YET. PLEASE CHECK BACK SOON! +WildFly supports the latest standards for REST-based data access, including JAX-RS 2, and JSON-P. Building on Jakarta EE provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden. -## Introduction -MISSING +## Reference Archirecture + +For details of the architecture, see [_Deploy WildFly connected to an autonomous database_](https://docs.oracle.com/en/solutions/wildfly-oci/index.html) + +## Architecture Diagram +![](./images/architecture-wildfly-oci.png) + +## Prerequisites + +- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `route-tables`, `network-security-groups`, `subnets`, `autonomous-database-family`, and `instances`. + +- Quota to create the following resources: 1 VCN, 3 subnets, 1 Internet Gateway, 1 NAT Gateway, 2 route rules, 1 Load Balancer, 1 ATP instance, and 3 compute instances (bastion host + 2 JBoss servers). + +If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). + +## Deploy Using Oracle Resource Manager + +1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-devrel/terraform-arch-oci-jboss-wildfly-atp/releases/latest/download/terraform-oci-arch-jboss-wildfly-atp.zip) + + If you aren't already signed in, when prompted, enter the tenancy and user credentials. + +2. Review and accept the terms and conditions. + +3. Select the region where you want to deploy the stack. + +4. Follow the on-screen prompts and instructions to create the stack. + +5. After creating the stack, click **Terraform Actions**, and select **Plan**. + +6. Wait for the job to be completed, and review the plan. + + To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. + +7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. + +## Deploy Using the Terraform CLI + +Now, you'll want a local copy of this repo. You can make that with the commands: + +``` + git clone https://github.com/oracle-devrel/terraform-arch-oci-jboss-wildfly-atp.git + cd terraform-arch-oci-jboss-wildfly-atp + ls +``` + +## Prerequisites +First off, you'll need to do some pre-deploy setup. That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites). + +Create a `terraform.tfvars` file, and specify the following variables: + +``` +# Authentication +tenancy_ocid = "" +user_ocid = "" +fingerprint = "" +private_key_path = "" + +# Region +region = "" + +# Compartment +compartment_ocid = "" + +# ATP +atp_password = "" -## Getting Started -MISSING +# JBoss Config +jboss_admin_password = "" -### Prerequisites -MISSING +```` -## Notes/Issues -MISSING +## Create the Resources +Run the following commands: -## URLs -* Nothing at this time + terraform init + terraform plan + terraform apply + + +## Testing deployment + +### Access the Admin Console + +There is no application deployed, but once deployed applications will be available at + +http:/// + +To access the admin console, you have 2 options: + +### Access the console through a SOCKSv5 proxy + +Create a SOCKSv5 proxy through the public IP of the bastion host. + +For example SOCKS v5 proxy on port 1088 + +```bash +ssh -C -D 1088 opc@150.136.41.148 +``` + +Then configure your browser to use a manual SOCK5 proxy, (On Firefox, click **Preferences**, then search for **PROXY**, and click **Settings**). Select Manual Proxy, and SOCKSv5 option. Pass it 'localhost' as the host and 1088 as the port. + +You can then connect through the browser using the Private IP of the server. + +For example: http://10.1.2.2:9990/ to reach the WildFly console. + +### Access the console through SSH tunnel + +You can tunnel to the jboss instance through the bastion host with + +```bash +export BASTION_IP= +export JBOSS_HOST= + +# tunnel +ssh -M -S socket -fnNT -L 9990:${JBOSS_HOST}:9990 opc@${BASTION_IP} cat - +ssh -S socket -O check opc@${BASTION_IP} +``` + +Then the admin console will be available on localhost at: http://localhost:9990/ + +### SSH to a Jboss instance + +You can SSH to the JBoss instance using: + +```bash +ssh -J opc@${BASTION_IP} opc@${HOST} +``` + +or if you need to pass a private key identity, use: + +```bash +ssh -o ProxyCommand="ssh -W %h:%p -i opc@${BASTION_IP}" -i opc@${HOST} +``` + +### SCP files to a JBoss instance + +To SCP files to the JBoss instance (i.e. to deploy applications) + +```bash +scp -o ProxyCommand="ssh -W %h:%p opc@${BASTION_IP}" opc@${HOST}:~/ +``` ## Contributing This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community. +### Attribution & Credits +Initially, this project was created and distributed in [GitHub Oracle QuickStart space](https://github.com/oracle-quickstart/oci-jboss-wildfly-atp). For that reason, we would like to thank all the involved contributors enlisted below: +- Emmanuel Leroy (https://github.com/streamnsight) +- Lukasz Feldman (https://github.com/lfeldman) + + ## License Copyright (c) 2022 Oracle and/or its affiliates. @@ -29,4 +162,3 @@ Licensed under the Universal Permissive License (UPL), Version 1.0. See [LICENSE](LICENSE) for more details. -ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. \ No newline at end of file diff --git a/bastion.tf b/bastion.tf new file mode 100644 index 0000000..98fffad --- /dev/null +++ b/bastion.tf @@ -0,0 +1,83 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +resource "oci_bastion_bastion" "bastion-service" { + count = var.use_bastion_service ? 1 : 0 + bastion_type = "STANDARD" + compartment_id = var.compartment_ocid + target_subnet_id = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_jboss[0].id : var.compute_subnet_id + client_cidr_block_allow_list = ["0.0.0.0/0"] + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } + name = "BastionService" + max_session_ttl_in_seconds = 1800 +} + +resource "oci_bastion_session" "ssh_via_bastion_service" { + depends_on = [oci_core_instance.jboss_server, + oci_core_nat_gateway.vcn01_nat_gateway, + oci_core_route_table_attachment.vcn01_subnet_jboss_route_table_attachment, + oci_core_route_table.vnc01_nat_route_table, + oci_core_network_security_group.SSHSecurityGroup, + oci_core_network_security_group_security_rule.SSHSecurityEgressGroupRule, + oci_core_network_security_group_security_rule.SSHSecurityIngressGroupRules + ] + + count = var.use_bastion_service ? var.numberOfNodes : 0 + bastion_id = oci_bastion_bastion.bastion-service[0].id + + key_details { + public_key_content = tls_private_key.public_private_key_pair.public_key_openssh + } + target_resource_details { + session_type = "MANAGED_SSH" + target_resource_id = oci_core_instance.jboss_server[count.index].id + + #Optional + target_resource_operating_system_user_name = "opc" + target_resource_port = 22 + target_resource_private_ip_address = oci_core_instance.jboss_server[count.index].private_ip + } + + display_name = "ssh_via_bastion_service" + key_type = "PUB" + session_ttl_in_seconds = 1800 +} + + +resource "oci_core_instance" "bastion_instance" { + count = var.use_bastion_service ? 0 : 1 + availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name + compartment_id = var.compartment_ocid + display_name = "BastionVM" + shape = var.InstanceShape + + dynamic "shape_config" { + for_each = local.is_flexible_node_shape ? [1] : [] + content { + memory_in_gbs = var.InstanceFlexShapeMemory + ocpus = var.InstanceFlexShapeOCPUS + } + } + + create_vnic_details { + subnet_id = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_bastion[0].id : var.bastion_subnet_id + display_name = "bastion" + assign_public_ip = true + nsg_ids = !var.use_existing_nsg ? [oci_core_network_security_group.SSHSecurityGroup[0].id] : var.bastion_nsg_ids + } + + source_details { + source_type = "image" + source_id = data.oci_core_images.InstanceImageOCID.images[0].id + boot_volume_size_in_gbs = "50" + } + + metadata = { + ssh_authorized_keys = var.ssh_public_key + user_data = data.template_cloudinit_config.cloud_init.rendered + } + + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + + diff --git a/compute.tf b/compute.tf new file mode 100644 index 0000000..d5f3800 --- /dev/null +++ b/compute.tf @@ -0,0 +1,96 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +data "template_file" "key_script" { + template = file("./scripts/sshkey.tpl") + vars = { + ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh + } +} + +data "template_cloudinit_config" "cloud_init" { + gzip = true + base64_encode = true + + part { + filename = "ainit.sh" + content_type = "text/x-shellscript" + content = data.template_file.key_script.rendered + } +} + +# Dictionary Locals +locals { + compute_flexible_shapes = [ + "VM.Standard.E3.Flex", + "VM.Standard.E4.Flex", + "VM.Standard.A1.Flex", + "VM.Optimized3.Flex" + ] +} + +# Checks if is using Flexible Compute Shapes +locals { + is_flexible_node_shape = contains(local.compute_flexible_shapes, var.InstanceShape) +} + +resource "oci_core_instance" "jboss_server" { + count = var.numberOfNodes + availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name + compartment_id = var.compartment_ocid + display_name = "${local.hostname_label}${count.index}" + shape = var.InstanceShape + + dynamic "shape_config" { + for_each = local.is_flexible_node_shape ? [1] : [] + content { + memory_in_gbs = var.InstanceFlexShapeMemory + ocpus = var.InstanceFlexShapeOCPUS + } + } + + fault_domain = "FAULT-DOMAIN-${(count.index % 3) + 1}" + + dynamic "agent_config" { + for_each = var.use_bastion_service ? [1] : [] + content { + are_all_plugins_disabled = false + is_management_disabled = false + is_monitoring_disabled = false + plugins_config { + desired_state = "ENABLED" + name = "Bastion" + } + } + } + + create_vnic_details { + subnet_id = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_jboss[0].id : var.compute_subnet_id + hostname_label = "${local.hostname_label}${count.index}" + assign_public_ip = false + nsg_ids = !var.use_existing_nsg ? [oci_core_network_security_group.SSHSecurityGroup[0].id, oci_core_network_security_group.JBossSecurityGroup[0].id] : var.compute_nsg_ids + } + + source_details { + source_type = "image" + source_id = lookup(data.oci_core_images.InstanceImageOCID.images[0], "id") + boot_volume_size_in_gbs = "50" + } + + metadata = { + ssh_authorized_keys = var.ssh_public_key + user_data = data.template_cloudinit_config.cloud_init.rendered + index = count.index + master = "${local.hostname_label}0" + nb_nodes = var.numberOfNodes + prefix = local.hostname_label + } + + provisioner "local-exec" { + command = "sleep 240" + } + + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } + +} + diff --git a/database.tf b/database.tf new file mode 100644 index 0000000..895b09e --- /dev/null +++ b/database.tf @@ -0,0 +1,26 @@ +## Copyright © 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +################ +# ATP database # +################ + +module "terraform-oci-adb" { + source = "github.com/oracle-devrel/terraform-oci-arch-adb" + adb_password = var.atp_admin_password + compartment_ocid = var.compartment_ocid + adb_database_cpu_core_count = var.atp_cpu_core_count + adb_database_data_storage_size_in_tbs = var.atp_storage_tbs + adb_database_db_name = var.atp_db_name + adb_database_display_name = var.atp_display_name + is_auto_scaling_enabled = var.atp_autoscaling + adb_database_db_workload = "OLTP" + use_existing_vcn = var.atp_private_endpoint + adb_private_endpoint = var.atp_private_endpoint + vcn_id = var.atp_private_endpoint ? local.vcn_id : null + adb_nsg_id = var.atp_private_endpoint ? local.atp_nsg_id : null + adb_private_endpoint_label = var.atp_private_endpoint ? var.atp_private_endpoint_label : null + adb_subnet_id = var.atp_private_endpoint ? local.atp_subnet_id : null + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + diff --git a/datasources.tf b/datasources.tf new file mode 100644 index 0000000..2c55b57 --- /dev/null +++ b/datasources.tf @@ -0,0 +1,43 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +# Get list of availability domains +data "oci_identity_availability_domains" "ADs" { + compartment_id = var.tenancy_ocid +} + +# Get the latest Oracle Linux image +data "oci_core_images" "InstanceImageOCID" { + compartment_id = var.compartment_ocid + operating_system = var.instance_os + operating_system_version = var.linux_os_version + shape = var.InstanceShape + + + filter { + name = "display_name" + values = ["^.*Oracle[^G]*$"] + regex = true + } +} + +data "oci_core_vnic_attachments" "jboss_server_primaryvnic_attach" { + count = var.numberOfNodes + availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] : var.availability_domain_name + compartment_id = var.compartment_ocid + instance_id = oci_core_instance.jboss_server[count.index].id +} + +data "oci_core_vnic" "jboss_server_primaryvnic" { + count = var.numberOfNodes + vnic_id = data.oci_core_vnic_attachments.jboss_server_primaryvnic_attach[count.index].vnic_attachments.0.vnic_id +} + +data "oci_identity_region_subscriptions" "home_region_subscriptions" { + tenancy_id = var.tenancy_ocid + + filter { + name = "is_home_region" + values = [true] + } +} diff --git a/images/architecture-wildfly-oci.png b/images/architecture-wildfly-oci.png new file mode 100644 index 0000000..9dda17b Binary files /dev/null and b/images/architecture-wildfly-oci.png differ diff --git a/loadbalancer.tf b/loadbalancer.tf new file mode 100644 index 0000000..48ff7c1 --- /dev/null +++ b/loadbalancer.tf @@ -0,0 +1,67 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +# Checks if is using Flexible LB Shapes +locals { + is_flexible_lb_shape = var.lb_shape == "flexible" ? true : false +} + +resource "oci_load_balancer" "lb_jboss" { + shape = var.lb_shape + + dynamic "shape_details" { + for_each = local.is_flexible_lb_shape ? [1] : [] + content { + minimum_bandwidth_in_mbps = var.flex_lb_min_shape + maximum_bandwidth_in_mbps = var.flex_lb_max_shape + } + } + + compartment_id = var.compartment_ocid + + subnet_ids = [ + !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_lb[0].id : var.lb_subnet_id, + ] + + display_name = "lb_jboss" + network_security_group_ids = !var.use_existing_nsg ? [oci_core_network_security_group.LBSecurityGroup[0].id] : var.lb_nsg_ids + + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +resource "oci_load_balancer_backend_set" "lb_backend_jboss" { + name = "lb_backend_jboss" + load_balancer_id = oci_load_balancer.lb_jboss.id + policy = "ROUND_ROBIN" + + health_checker { + port = "8080" + protocol = "HTTP" + response_body_regex = ".*" + url_path = "/" + interval_ms = "10000" + return_code = "200" + timeout_in_millis = "3000" + retries = "3" + } +} + +resource "oci_load_balancer_listener" "lb_listener_jboss" { + load_balancer_id = oci_load_balancer.lb_jboss.id + name = "lb_listener_http_80_jboss" + default_backend_set_name = oci_load_balancer_backend_set.lb_backend_jboss.name + port = 80 + protocol = "HTTP" +} + +resource "oci_load_balancer_backend" "lb_be_jboss_8080" { + count = var.numberOfNodes + load_balancer_id = oci_load_balancer.lb_jboss.id + backendset_name = oci_load_balancer_backend_set.lb_backend_jboss.name + ip_address = oci_core_instance.jboss_server[count.index].private_ip + port = 8080 + backup = false + drain = false + offline = false + weight = 1 +} diff --git a/network.tf b/network.tf new file mode 100644 index 0000000..8d4d1be --- /dev/null +++ b/network.tf @@ -0,0 +1,125 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +resource "oci_core_vcn" "vcn01" { + count = !var.use_existing_vcn ? 1 : 0 + cidr_block = var.vcn01_cidr_block + dns_label = var.vcn01_dns_label + compartment_id = var.compartment_ocid + display_name = var.vcn01_display_name + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +#IGW +resource "oci_core_internet_gateway" "vcn01_internet_gateway" { + count = !var.use_existing_vcn ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + enabled = "true" + display_name = "IGW_vcn01" + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +resource "oci_core_nat_gateway" "vcn01_nat_gateway" { + count = !var.use_existing_vcn ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = "NAT_GW_vcn01" + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +#Default route table vcn01 +resource "oci_core_default_route_table" "vcn01_default_route_table" { + count = !var.use_existing_vcn ? 1 : 0 + manage_default_resource_id = oci_core_vcn.vcn01[0].default_route_table_id + route_rules { + network_entity_id = oci_core_internet_gateway.vcn01_internet_gateway[0].id + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + } + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +#Default security list +resource "oci_core_default_security_list" "vcn01_default_security_list" { + count = !var.use_existing_vcn ? 1 : 0 + manage_default_resource_id = oci_core_vcn.vcn01[0].default_security_list_id + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "all" + } + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +resource "oci_core_route_table" "vnc01_nat_route_table" { + count = !var.use_existing_vcn ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = "NAT_RT" + route_rules { + network_entity_id = oci_core_nat_gateway.vcn01_nat_gateway[0].id + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + } + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + + +#vcn01 bastion subnet +resource "oci_core_subnet" "vcn01_subnet_bastion" { + count = !var.use_existing_vcn ? 1 : 0 + cidr_block = var.vcn01_subnet_bastion_cidr_block + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + dns_label = "bassub" + display_name = var.vcn01_subnet_bastion_display_name + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +#vcn01 loadbalancer subnet +resource "oci_core_subnet" "vcn01_subnet_lb" { + count = !var.use_existing_vcn ? 1 : 0 + cidr_block = var.vcn01_subnet_lb_cidr_block + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = var.vcn01_subnet_lb_display_name + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +#vcn01 jboss subnet +resource "oci_core_subnet" "vcn01_subnet_jboss" { + count = !var.use_existing_vcn ? 1 : 0 + cidr_block = var.vcn01_subnet_jboss_cidr_block + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + dns_label = "jbosub" + display_name = var.vcn01_subnet_jboss_display_name + prohibit_public_ip_on_vnic = true + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +resource "oci_core_route_table_attachment" "vcn01_subnet_jboss_route_table_attachment" { + count = !var.use_existing_vcn ? 1 : 0 + subnet_id = oci_core_subnet.vcn01_subnet_jboss[0].id + route_table_id = oci_core_route_table.vnc01_nat_route_table[0].id +} + + +#vcn01 db01 subnet +resource "oci_core_subnet" "vcn01_subnet_atp" { + count = !var.use_existing_vcn ? 1 : 0 + cidr_block = var.vcn01_subnet_atp_cidr_block + compartment_id = var.compartment_ocid + dns_label = "adbsub" + vcn_id = oci_core_vcn.vcn01[0].id + display_name = var.vcn01_subnet_atp_display_name + prohibit_public_ip_on_vnic = true + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +resource "oci_core_route_table_attachment" "vcn01_subnet_atp_route_table_attachment" { + count = !var.use_existing_vcn ? 1 : 0 + subnet_id = oci_core_subnet.vcn01_subnet_atp[0].id + route_table_id = oci_core_route_table.vnc01_nat_route_table[0].id +} + diff --git a/nsg.tf b/nsg.tf new file mode 100644 index 0000000..831e85b --- /dev/null +++ b/nsg.tf @@ -0,0 +1,242 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +# ATPSecurityGroup + +resource "oci_core_network_security_group" "ATPSecurityGroup" { + count = !var.use_existing_nsg ? 1 : 0 + compartment_id = var.compartment_ocid + display_name = "ATPSecurityGroup" + vcn_id = oci_core_vcn.vcn01[0].id + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +# Rules related to ATPSecurityGroup + +# EGRESS + +resource "oci_core_network_security_group_security_rule" "ATPSecurityEgressGroupRule" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.ATPSecurityGroup[0].id + direction = "EGRESS" + protocol = "6" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" +} + +# INGRESS + +resource "oci_core_network_security_group_security_rule" "ATPSecurityIngressGroupRules" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.ATPSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 1522 + min = 1522 + } + } +} + +# SSHSecurityGroup + +resource "oci_core_network_security_group" "SSHSecurityGroup" { + count = !var.use_existing_nsg ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = "Bastion_NSG" + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +# SSHSecurityGroup Rules - EGRESS + +resource "oci_core_network_security_group_security_rule" "SSHSecurityEgressGroupRule" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.SSHSecurityGroup[0].id + direction = "EGRESS" + protocol = "6" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" +} + +# SSHSecurityGroup Rules - INGRES + +resource "oci_core_network_security_group_security_rule" "SSHSecurityIngressGroupRules" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.SSHSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 22 + min = 22 + } + } +} + +# LBSecurityGroup + +resource "oci_core_network_security_group" "LBSecurityGroup" { + count = !var.use_existing_nsg ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = "LB_NSG" + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + + +# LBSecurityGroup Rules - EGRESS + +resource "oci_core_network_security_group_security_rule" "LBSecurityEgressInternetGroupRule" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.LBSecurityGroup[0].id + direction = "EGRESS" + protocol = "6" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" +} + +# LBSecurityGroup Rules - INGRESS + +resource "oci_core_network_security_group_security_rule" "LBSecurityIngressGroupRules_TCP80" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.LBSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 80 + min = 80 + } + } +} + +resource "oci_core_network_security_group_security_rule" "LBSecurityIngressGroupRules_TCP443" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.LBSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 443 + min = 443 + } + } +} + +resource "oci_core_network_security_group_security_rule" "LBSecurityIngressGroupRules_TCP9990" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.LBSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 9990 + min = 9990 + } + } +} + +# JBossSecurityGroup + +resource "oci_core_network_security_group" "JBossSecurityGroup" { + count = !var.use_existing_nsg ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.vcn01[0].id + display_name = "APP_NSG" + defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } +} + +# EGRESS Rules - JBossSecurityGroup +resource "oci_core_network_security_group_security_rule" "JBossSecurityEgressATPGroupRule" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "EGRESS" + protocol = "6" + destination = oci_core_network_security_group.ATPSecurityGroup[0].id + destination_type = "NETWORK_SECURITY_GROUP" +} + +resource "oci_core_network_security_group_security_rule" "JBossSecurityEgressGroupRules" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "EGRESS" + protocol = "6" + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" +} + +# INGRESS Rules - JBossSecurityGroup + +resource "oci_core_network_security_group_security_rule" "JBossSecurityIngressGroupRules_TCP80" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 80 + min = 80 + } + } +} + +resource "oci_core_network_security_group_security_rule" "JBossSecurityIngressGroupRules_TCP443" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 443 + min = 443 + } + } +} + +resource "oci_core_network_security_group_security_rule" "JBossSecurityIngressGroupRules_TCP8080" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 8080 + min = 8080 + } + } +} + + +resource "oci_core_network_security_group_security_rule" "JBossSecurityIngressGroupRules_TCP9990" { + count = !var.use_existing_nsg ? 1 : 0 + network_security_group_id = oci_core_network_security_group.JBossSecurityGroup[0].id + direction = "INGRESS" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 9990 + min = 9990 + } + } +} + diff --git a/orm/provider.tf b/orm/provider.tf new file mode 100644 index 0000000..4f61354 --- /dev/null +++ b/orm/provider.tf @@ -0,0 +1,20 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + region = var.region +# fingerprint = var.fingerprint +# user_ocid = var.user_ocid +# private_key_path = var.private_key_path +} + +provider "oci" { + alias = "homeregion" + tenancy_ocid = var.tenancy_ocid +# user_ocid = var.user_ocid +# fingerprint = var.fingerprint +# private_key_path = var.private_key_path + region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name + disable_auto_retries = "true" +} diff --git a/orm/variables.tf b/orm/variables.tf new file mode 100644 index 0000000..2563df2 --- /dev/null +++ b/orm/variables.tf @@ -0,0 +1,266 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" {} +variable "region" {} +variable "compartment_ocid" {} +#variable "fingerprint" {} +#variable "user_ocid" {} +#variable "private_key_path" {} + +variable "release" { + description = "Reference Architecture Release (OCI Architecture Center)" + default = "1.2" +} + +variable "numberOfNodes" { + default = 2 +} + +variable "availability_domain_name" { + default = "" +} +variable "availability_domain_number" { + default = 0 +} + +variable "ssh_public_key" { + default = "" +} + +variable "use_existing_vcn" { + default = false +} + +variable "use_existing_nsg" { + default = false +} + +variable "vcn_id" { + default = "" +} + +variable "lb_shape" { + default = "flexible" +} + +variable "flex_lb_min_shape" { + default = "10" +} + +variable "flex_lb_max_shape" { + default = "100" +} + +variable "lb_subnet_id" { + default = "" +} + +variable "lb_nsg_ids" { + default = [] +} + +variable "compute_subnet_id" { + default = "" +} + +variable "compute_nsg_ids" { + default = [] +} + +variable "atp_subnet_id" { + default = "" +} + +variable "atp_nsg_id" { + default = "" +} + +variable "bastion_subnet_id" { + default = "" +} + +variable "bastion_nsg_ids" { + default = [] +} + +variable "use_bastion_service" { + default = false +} + +variable "igw_display_name" { + default = "internet-gateway" +} + +variable "InstanceShape" { + default = "VM.Standard.E4.Flex" +} + +variable "InstanceFlexShapeOCPUS" { + default = 1 +} + +variable "InstanceFlexShapeMemory" { + default = 10 +} + +variable "instance_os" { + description = "Operating system for compute instances" + default = "Oracle Linux" +} + +variable "linux_os_version" { + description = "Operating system version for all Linux instances" + default = "7.9" +} + +variable "prefix" { + default = "jboss" +} + +variable "jboss_admin_username" { + default = "admin" +} +variable "jboss_admin_password" { + type = string +} + +variable "jboss_display_name" { + default = "jboss" +} + +variable "create_ds" { + type = bool + default = true +} + +# Bastion +variable "bastion_vm_shape" { + default = "VM.Standard.E4.Flex" +} + +variable "bastion_vm_flex_shape_ocpu" { + default = 1 +} + +variable "bastion_vm_flex_shape_mem" { + default = 1 +} + +# ATP +variable "provision_atp" { + type = bool + default = true +} + +variable "atp_private_endpoint" { + default = true +} + +variable "atp_private_endpoint_label" { + default = "JBossATPPE" +} + +variable "atp_admin_password" { + type = string + default = "" +} + +variable "atp_display_name" { + type = string + default = "JBossATP" +} + +variable "atp_db_name" { + type = string + default = "JBossATP" +} + +variable "atp_cpu_core_count" { + type = number + default = 1 +} + +variable "atp_storage_tbs" { + type = number + default = 1 +} + +variable "atp_autoscaling" { + type = bool + default = false +} + +variable "atp_tde_wallet_zip_file" { + default = "tde_wallet_JBossATP.zip" +} + +variable "ds_name" { + type = string + default = "OracleDS" +} + +variable "atp_username" { + type = string + default = "" +} + +variable "atp_password" { + type = string + default = "" +} + +variable "domain_mode" { + type = bool + default = true +} + +variable "vcn01_cidr_block" { + default = "10.0.0.0/16" +} +variable "vcn01_dns_label" { + default = "vcn01" +} +variable "vcn01_display_name" { + default = "vcn01" +} + +variable "vcn01_subnet_lb_cidr_block" { + default = "10.0.1.0/24" +} + +variable "vcn01_subnet_lb_display_name" { + default = "vcn01_subnet_lb" +} + +variable "vcn01_subnet_bastion_cidr_block" { + default = "10.0.2.0/24" +} + +variable "vcn01_subnet_bastion_display_name" { + default = "vcn01_subnet_bastion" +} + +variable "vcn01_subnet_jboss_cidr_block" { + default = "10.0.10.0/24" +} + +variable "vcn01_subnet_jboss_display_name" { + default = "vcn01_subnet_jboss" +} + +variable "vcn01_subnet_atp_cidr_block" { + default = "10.0.20.0/24" +} + +variable "vcn01_subnet_atp_display_name" { + default = "vcn01_subnet_atp" +} + +# locals +locals { + hostname_label = replace(lower(var.jboss_display_name), " ", "") + atp_nsg_id = !var.use_existing_nsg ? oci_core_network_security_group.ATPSecurityGroup[0].id : var.atp_nsg_id + atp_subnet_id = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_atp[0].id : var.atp_subnet_id + vcn_id = !var.use_existing_vcn ? oci_core_vcn.vcn01[0].id : var.vcn_id +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..0dc9742 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,24 @@ +## Copyright (c) 2022 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +output "jboss_home" { + value = "http://${oci_load_balancer.lb_jboss.ip_addresses[0]}" +} + +output "bastion_public_ip" { + value = oci_core_instance.bastion_instance.*.public_ip +} + +output "bastion_ssh_metadata" { + value = oci_bastion_session.ssh_via_bastion_service.*.ssh_metadata +} + +output "jboss-server_private_ips" { + value = data.oci_core_vnic.jboss_server_primaryvnic.*.private_ip_address +} + +output "generated_ssh_private_key" { + value = tls_private_key.public_private_key_pair.private_key_pem + sensitive = true +} + diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..2220d38 --- /dev/null +++ b/provider.tf @@ -0,0 +1,20 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +provider "oci" { + tenancy_ocid = var.tenancy_ocid + region = var.region + fingerprint = var.fingerprint + user_ocid = var.user_ocid + private_key_path = var.private_key_path +} + +provider "oci" { + alias = "homeregion" + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name + disable_auto_retries = "true" +} diff --git a/release_files.json b/release_files.json index 19a2bdd..50dcec1 100644 --- a/release_files.json +++ b/release_files.json @@ -1,3 +1,39 @@ // see https://github.com/oracle-devrel/action-release-zip-maker for docs [ + { + "action": "create_zip", + "file_name": "terraform-oci-arch-jboss-wildfly-atp-stack-latest.zip", + "files": [ + { + "src_pattern": "*.tf", + "dst_path": ".", + "exclude": [ + "provider.tf", + "variables.tf" + ] + }, + { + "src": "LICENSE" + }, + { + "src": "schema.yaml", + "dst": "schema.yaml" + }, + { + "src": "orm/variables.tf", + "dst": "variables.tf" + }, + { + "src": "orm/provider.tf", + "dst": "provider.tf" + }, + { + "src_pattern": "scripts/*" + } + ] + }, + { + "action": "upload_file", + "file_name": "terraform-oci-arch-jboss-wildfly-atp-stack-latest.zip" + } ] diff --git a/remote.tf b/remote.tf new file mode 100644 index 0000000..0334629 --- /dev/null +++ b/remote.tf @@ -0,0 +1,306 @@ +## Copyright (c) 2021 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +data "template_file" "jboss_configure_datasource" { + count = var.numberOfNodes + template = file("${path.module}/scripts/configure_datasource.sh") + + vars = { + password = var.atp_password + username = var.atp_username + atp_db_name = var.atp_db_name + jboss_username = var.jboss_admin_username + jboss_password = var.jboss_admin_password + ds_name = var.ds_name + domain_mode = var.domain_mode ? "domain" : "standalone" + index = count.index + nb_nodes = var.create_ds ? length(oci_core_instance.jboss_server[*].private_ip) : 0 + } +} + +data "template_file" "jboss_configure_driver" { + count = var.numberOfNodes + template = file("${path.module}/scripts/configure_driver.sh") + + vars = { + jboss_username = var.jboss_admin_username, + jboss_password = var.jboss_admin_password, + domain_mode = var.domain_mode ? "domain" : "standalone" + index = count.index + nb_nodes = length(oci_core_instance.jboss_server[*].private_ip) + } + +} + +resource "null_resource" "jboss_provisioning" { + depends_on = [oci_core_instance.jboss_server, module.terraform-oci-adb.adb_database] + count = var.numberOfNodes + + triggers = { + instance_ids = join(",", oci_core_instance.jboss_server[*].private_ip) + domain_mode = var.domain_mode + } + + provisioner "local-exec" { + command = "echo '${module.terraform-oci-adb.adb_database.adb_wallet_content}' >> ${var.atp_tde_wallet_zip_file}_encoded-${count.index}" + } + + provisioner "local-exec" { + command = "base64 --decode ${var.atp_tde_wallet_zip_file}_encoded-${count.index} > ${var.atp_tde_wallet_zip_file}-${count.index}" + } + + provisioner "local-exec" { + command = "rm -rf ${var.atp_tde_wallet_zip_file}_encoded-${count.index}" + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + source = "${var.atp_tde_wallet_zip_file}-${count.index}" + destination = "/tmp/${var.atp_tde_wallet_zip_file}" + } + + provisioner "local-exec" { + command = "rm -rf ${var.atp_tde_wallet_zip_file}-${count.index}" + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + content = file("${path.module}/scripts/module.xml") + destination = "/home/opc/module.xml" + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + content = file("${path.module}/scripts/setup_jboss.sh") + destination = "/home/opc/setup_jboss.sh" + } + + provisioner "remote-exec" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + inline = [ + "echo 'Starting JBoss setup... '", + "chmod +x /home/opc/setup_jboss.sh", + "sudo /home/opc/setup_jboss.sh", + "echo 'JBoss setup finished.'" + ] + } + + # Admin console login + provisioner "remote-exec" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + inline = [ + "echo 'Configure Admin console...'", + "sudo su - -c \"/opt/wildfly/bin/add-user.sh -u ${var.jboss_admin_username} -r ManagementRealm -p \"${var.jboss_admin_password}\"\"", + "echo 'Admin console ready.'", + ] + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + content = file("${path.module}/scripts/domain_controller.sh") + destination = "/home/opc/domain_controller.sh" + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + content = file("${path.module}/scripts/hostm.xml") + destination = "/home/opc/hostm.xml" + } + + provisioner "remote-exec" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + inline = [ + "${var.domain_mode} && echo 'Configure Domain controller'", + "while [ ! -f /opt/wildfly/bin/add-user.sh ]; do sleep 5; done", + "chmod +x /home/opc/domain_controller.sh", + "${var.domain_mode} && sudo su - -c '/home/opc/domain_controller.sh'", + "echo 'Domain controller ready.'" + ] + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + content = data.template_file.jboss_configure_driver[count.index].rendered + destination = "/home/opc/configure_driver.sh" + } + + provisioner "remote-exec" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + inline = [ + "echo 'Configuring JDBC driver'", + "sudo su - -c 'chmod +x /home/opc/configure_driver.sh'", + "sudo su - -c '/home/opc/configure_driver.sh'", + "echo 'JDBC driver configured.'", + ] + } + + provisioner "file" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + content = data.template_file.jboss_configure_datasource[count.index].rendered + destination = "/home/opc/configure_datasource.sh" + } + + provisioner "remote-exec" { + connection { + type = "ssh" + user = "opc" + host = data.oci_core_vnic.jboss_server_primaryvnic[count.index].private_ip_address + private_key = tls_private_key.public_private_key_pair.private_key_pem + script_path = "/home/opc/myssh.sh" + agent = false + timeout = "10m" + bastion_host = var.use_bastion_service ? "host.bastion.${var.region}.oci.oraclecloud.com" : oci_core_instance.bastion_instance[0].public_ip + bastion_port = "22" + bastion_user = var.use_bastion_service ? oci_bastion_session.ssh_via_bastion_service[count.index].id : "opc" + bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem + } + + inline = [ + "${var.create_ds} && echo 'Configuring Datasource'", + "sudo su - -c 'chmod +x /home/opc/configure_datasource.sh'", + "${var.create_ds} && sudo su - -c '/home/opc/configure_datasource.sh'", + "echo 'Datasource configured.'" + ] + } + +} + + diff --git a/schema.yaml b/schema.yaml new file mode 100644 index 0000000..962a103 --- /dev/null +++ b/schema.yaml @@ -0,0 +1,576 @@ +## Copyright © 2021, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +title: Deploy WildFly connected to an autonomous database +description: Deploy WildFly connected to an autonomous database +schemaVersion: 1.1.0 +version: "20200821" +variableGroups: + - title: General Configuration + visible: false + variables: + - tenancy_ocid + - region + - release + - public_subnet + - availability_domain_number + - use_existing_vcn + - use_existing_nsg + - vcn_id + - lb_subnet_id + - lb_nsg_ids + - compute_subnet_id + - compute_nsg_ids + - atp_subnet_id + - atp_nsg_id + - bastion_subnet_id + - bastion_nsg_ids + - atp_private_endpoint + - atp_private_endpoint_label + - prefix + - atp_tde_wallet_zip_file + - igw_display_name + + - title: Required Configuration + visible: true + variables: + - compartment_ocid + - availability_domain_name + - numberOfNodes + - jboss_admin_password + - provision_atp + - atp_admin_password + - show_advanced + + - title: Networking Optional Configuration + visible: + and: + - show_advanced + variables: + - vcn01_cidr_block + - vcn01_dns_label + - vcn01_display_name + - vcn01_subnet_lb_cidr_block + - vcn01_subnet_lb_display_name + - vcn01_subnet_bastion_cidr_block + - vcn01_subnet_bastion_display_name + - vcn01_subnet_jboss_cidr_block + - vcn01_subnet_jboss_display_name + - vcn01_subnet_atp_cidr_block + - vcn01_subnet_atp_display_name + + - title: Load Balancer Configuration + visible: + and: + - show_advanced + variables: + - lb_shape + - flex_lb_min_shape + - flex_lb_max_shape + + - title: Compute Optional Configuration + visible: + and: + - show_advanced + variables: + - ssh_public_key + - instance_os + - linux_os_version + - InstanceShape + - InstanceFlexShapeOCPUS + - InstanceFlexShapeMemory + + - title: JBoss/WildFly Deployment Mode + visible: + and: + - show_advanced + variables: + - jboss_display_name + - domain_mode + - jboss_admin_username + + - title: Bastion Optional Configuration + visible: + and: + - show_advanced + variables: + - use_bastion_service + - bastion_vm_shape + - bastion_vm_flex_shape_ocpu + - bastion_vm_flex_shape_mem + + - title: Autonomous Database (ATP) Optional Configuration + visible: + and: + - show_advanced + - provision_atp + variables: + - atp_display_name + - atp_db_name + - atp_cpu_core_count + - atp_storage_tbs + - atp_autoscaling + + - title: Create a JDBC Datasource Optional Configuration + visible: + and: + - show_advanced + - provision_atp + variables: + - create_ds + + - title: JDBC Connection Optional Configuration + visible: + and: + - show_advanced + - provision_atp + - create_ds + variables: + - ds_name + - atp_username + - atp_password + +variables: + # Hidden variables + tenancy_ocid: + type: string + title: "Tenancy ID" + description: "The Oracle Cloud Identifier (OCID) for your tenancy." + required: true + + region: + type: oci:identity:region:name + title: "Region" + description: "The region in which to create all resources." + required: true + + availability_domain_name: + type: oci:identity:availabilitydomain:name + required: true + visibile: true + title: "Availability Domain to be chosen" + description: "Availability Domain to be chosen" + dependsOn: + compartmentId: ${compartment_ocid} + + ssh_public_key: + type: oci:core:ssh:publickey + title: "SSH Public Key" + required: false + description: "Public SSH Key to access VM via SSH." + + show_advanced: + type: boolean + title: "Show advanced options?" + description: "Shows advanced options." + visible: true + default: false + + # Exposed variables + compartment_ocid: + type: oci:identity:compartment:id + title: "Network Compartment" + description: "The compartment where you want to create the network resources such as Virtual Cloud Network, security lists, route tables and gateways." + required: true + default: compartment_ocid + + vcn01_cidr_block: + type: string + title: "VCN CIDR block" + description: "The CIDR block for the VCN." + required: false + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + + vcn01_dns_label: + type: string + title: "VCN DNS Label" + description: "Choose VCN DNS Label." + required: false + + vcn01_display_name: + type: string + title: "VCN Display Name" + description: "Choose VCN Display Name." + required: false + + vcn01_subnet_lb_cidr_block: + type: string + title: "Load Balancer Subnet CIDR block" + description: "The CIDR block for Load Balancer Subnet." + required: false + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + + vcn01_subnet_lb_display_name: + type: string + title: "Load Balancer Subnet Display Name" + description: "Choose Load Balancer Subnet Display Name." + required: false + + vcn01_subnet_bastion_cidr_block: + type: string + title: "Bastion Subnet CIDR block" + description: "The CIDR block for Bastion Subnet." + required: false + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + + vcn01_subnet_bastion_display_name: + type: string + title: "Bastion Subnet Display Name" + description: "Choose Bastion Subnet Display Name." + required: false + + vcn01_subnet_jboss_cidr_block: + type: string + title: "JBoss Subnet CIDR block" + description: "The CIDR block for JBoss Subnet." + required: false + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + + vcn01_subnet_jboss_display_name: + type: string + title: "JBoss Subnet Display Name" + description: "Choose JBoss Subnet Display Name." + required: false + + vcn01_subnet_atp_cidr_block: + type: string + title: "ATP Subnet CIDR block" + description: "The CIDR block for ATP Subnet." + required: false + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + + vcn01_subnet_atp_display_name: + type: string + title: "ATP Subnet Display Name" + description: "Choose ATP Subnet Display Name." + required: false + + numberOfNodes: + title: "Number of WildFly Nodes" + description: "Choose the number of WildFly Nodes." + type: number + required: true + default: 2 + + lb_shape: + type: enum + title: "LoadBalancer Shape" + description: "Choose LoadBalancer Shape" + default: "flexible" + required: false + enum: + - "flexible" + - "100Mbps" + - "10Mbps" + - "10Mbps-Micro" + - "400Mbps" + - "8000Mbps" + + flex_lb_min_shape: + type: enum + required: false + default: "10" + title: "LB Flex Min Shape" + description: "Choose Minimum Shape for Flex Load Balancer." + enum: + - "10" + - "100" + - "1000" + - "400" + - "8000" + visible: + and: + - eq: + - lb_shape + - "flexible" + + flex_lb_max_shape: + type: enum + required: false + default: "100" + title: "LB Flex Max Shape" + description: "Choose Maximum Shape for Flex Load Balancer." + enum: + - "10" + - "100" + - "1000" + - "400" + - "8000" + visible: + and: + - eq: + - lb_shape + - "flexible" + + linux_os_version: + type: enum + required: false + visible: false + title: "Instance OS version" + description: "An Operating System version that determines the operating system version for WildFly host." + default: "8" + enum: + - "8" + + instance_os: + type: enum + required: false + visible: false + title: "Instance OS" + description: "An Operating System that determines the operating system for WildFly host." + default: "Oracle Linux" + enum: + - "Oracle Linux" + + InstanceShape: + type: oci:core:instanceshape:name + title: "JBoss/WildFly VM(s) Shape" + description: "The shape for the JBoss/WildFly instance(s)" + required: true + dependsOn: + compartmentId: ${compartment_ocid} + + InstanceFlexShapeOCPUS: + type: number + required: false + minimum: 1 + maximum: 128 + multipleOf: 1 + default: 1 + title: "Flex Shape OCPUs" + description: "Choose number of OCPUs for Flex Shape." + visible: + and: + - or: + - eq: + - InstanceShape + - "VM.Standard.E3.Flex" + - eq: + - InstanceShape + - "VM.Standard.E4.Flex" + - eq: + - InstanceShape + - "VM.Standard.A1.Flex" + - eq: + - InstanceShape + - "VM.Optimized3.Flex" + + InstanceFlexShapeMemory: + type: number + required: false + minimum: 1 + maximum: 128 + multipleOf: 1 + default: 10 + title: "Flex Shape Memory (GB)" + description: "Choose number GB for Flex Shape Memory." + visible: + and: + - or: + - eq: + - InstanceShape + - "VM.Standard.E3.Flex" + - eq: + - InstanceShape + - "VM.Standard.E4.Flex" + - eq: + - InstanceShape + - "VM.Standard.A1.Flex" + - eq: + - InstanceShape + - "VM.Optimized3.Flex" + + jboss_display_name: + type: string + title: "JBoss Display Name" + description: "Choose JBoss Display Name." + required: false + + jboss_admin_username: + type: string + title: "WildFly Administrator Username" + description: "The user name of the WildFly Admin user." + required: true + default: "admin" + pattern: "^[a-z]{4,16}$" + + jboss_admin_password: + type: password + title: "WildFly Administrator Password" + description: "The password for the WildFly Admin user." + required: true + + use_bastion_service: + type: boolean + title: "Use Bastion Service?" + description: "Check if you want to use OCI Bastion Service." + visible: true + default: false + + bastion_vm_shape: + type: oci:core:instanceshape:name + title: "Bastion Host VM Shape" + description: "The shape for the Bastion VM" + required: false + default: "VM.Standard.E4.Flex" + dependsOn: + compartmentId: ${compartment_ocid} + visible: + and: + - gt: + - numberOfNodes + - 1 + - eq: + - use_bastion_service + - false + + bastion_vm_flex_shape_ocpu: + type: number + required: false + minimum: 1 + maximum: 128 + multipleOf: 1 + default: 1 + title: "Flex Shape OCPUs" + description: "Choose number of OCPUs for Flex Shape." + visible: + and: + - gt: + - numberOfNodes + - 1 + - eq: + - use_bastion_service + - false + - or: + - eq: + - bastion_vm_shape + - "VM.Standard.E3.Flex" + - eq: + - bastion_vm_shape + - "VM.Standard.E4.Flex" + - eq: + - bastion_vm_shape + - "VM.Standard.A1.Flex" + - eq: + - bastion_vm_shape + - "VM.Optimized3.Flex" + + bastion_vm_flex_shape_mem: + type: number + required: false + minimum: 1 + maximum: 128 + multipleOf: 1 + default: 1 + title: "Flex Shape Memory (GB)" + description: "Choose number GB for Flex Shape Memory." + visible: + and: + - gt: + - numberOfNodes + - 1 + - eq: + - use_bastion_service + - false + - or: + - eq: + - bastion_vm_shape + - "VM.Standard.E3.Flex" + - eq: + - bastion_vm_shape + - "VM.Standard.E4.Flex" + - eq: + - bastion_vm_shape + - "VM.Standard.A1.Flex" + - eq: + - bastion_vm_shape + - "VM.Optimized3.Flex" + + provision_atp: + type: boolean + title: "Provision an ATP?" + description: "Check to provision an Autonomous Database for Transaction Processing." + required: true + default: true + + atp_admin_password: + visible: + and: + - provision_atp + type: password + title: "ATP DB Administrator Password" + description: "The password for the admin user (12 to 30 characters [a-zA-Z0-9_@#$!&%]$)" + required: + and: + - provision_atp + pattern: ^[A-Za-z][A-Za-z0-9_#\$]{11,29}$ + + atp_display_name: + type: string + title: "ATP Service Display Name" + description: "Name of the ATP service" + required: true + default: "JBossATP" + + atp_db_name: + type: string + title: "ATP Database Name" + description: "Name of the ATP Database." + required: true + default: "db" + + atp_cpu_core_count: + type: number + title: "ATP CPU Core Count" + description: "Number of CPU cores to use with ATP." + required: true + default: 1 + + atp_storage_tbs: + type: number + title: "ATP Storage (in TBs)" + description: "Number of TBs of storage to use with ATP." + required: true + default: 1 + + atp_autoscaling: + type: boolean + title: "Enable ATP Autoscaling" + description: "Enable ATP auto-scaling (not available on Free Tier)." + required: true + default: false + + create_ds: + type: boolean + title: "Create a JDBC Datasource" + description: "Create and configure a JDBC datasource for ATP in WildFly." + required: true + default: false + + ds_name: + type: string + title: "Datasource name" + description: "the name of the datasource as found in the JNDI path java:/jdbc/." + required: true + default: OracleDS + + atp_username: + type: string + title: "Autonomous DB JDBC Username" + description: "The User for the JDBC connection." + required: true + + atp_password: + type: password + title: "Autonomous DB JDBC User Password." + description: "The password for the JDBC connection user (12 to 30 characters [a-zA-Z0-9@#$!&%]$)." + required: true + pattern: "^[a-zA-Z0-9@#$!&%]{12,30}$" + + domain_mode: + type: boolean + title: "Domain Controller mode" + description: "Setup as in Domain Controller mode for administration of all servers through a central node." + required: true + default: true + diff --git a/scripts/configure_datasource.sh b/scripts/configure_datasource.sh new file mode 100644 index 0000000..7911ca8 --- /dev/null +++ b/scripts/configure_datasource.sh @@ -0,0 +1,30 @@ +## Copyright © 2021, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +if [[ "${domain_mode}" == "standalone" ]]; then + + # wait for node to be ready + while [[ "$STATUS" != "1" ]]; do + STATUS=$(/opt/wildfly/bin/jboss-cli.sh --connect -u=${jboss_username} -p="${jboss_password}" --command=":read-attribute(name=server-state)" | grep running | wc -l) + done + + /opt/wildfly/bin/jboss-cli.sh --connect -u=${jboss_username} -p="${jboss_password}" --command-timeout=300 <||g" /opt/wildfly/domain/configuration/host.xml +else + # SLAVE MODE + cp /opt/wildfly/domain/configuration/host-slave.xml /opt/wildfly/domain/configuration/host.xml + sed -i "s|||g" /opt/wildfly/domain/configuration/host.xml +fi +echo "jboss.domain.master.address=${PREFIX}0.${DOMAIN}" >> /opt/wildfly/jboss.properties +cat /opt/wildfly/jboss.properties +# Set slave user password based on hostname (base64 encoded) +PASSW=$(printf ${PREFIX}${INDEX}.${DOMAIN} | md5sum | tr -d ' ' | tr -d '-') +B64PWD=$(printf $PASSW | base64) +sed -i "s|||g" /opt/wildfly/domain/configuration/host.xml +# # Set slave name (= hostname) +# don't need name as hostname will be used +sed -i "s|||g" /opt/wildfly/domain/configuration/host.xml +# Set master instance IP +# update the systemd unit to start in domain mode + +sed -i 's|standalone|domain|g' /etc/wildfly/wildfly.conf + +systemctl daemon-reload +systemctl restart wildfly diff --git a/scripts/hostm.xml b/scripts/hostm.xml new file mode 100644 index 0000000..056c96d --- /dev/null +++ b/scripts/hostm.xml @@ -0,0 +1,181 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/scripts/module.xml b/scripts/module.xml new file mode 100644 index 0000000..e452d65 --- /dev/null +++ b/scripts/module.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/scripts/setup_jboss.sh b/scripts/setup_jboss.sh new file mode 100644 index 0000000..f2c615a --- /dev/null +++ b/scripts/setup_jboss.sh @@ -0,0 +1,68 @@ +## Copyright (c) 2021, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +set -x + +mkdir -p /tmp +touch /tmp/init.log + +sudo yum install -y java-11-openjdk-devel + +echo "Download Wildfly" >> /tmp/init.log +export JBOSS_VERSION=20.0.1.Final +wget https://download.jboss.org/wildfly/${JBOSS_VERSION}/wildfly-${JBOSS_VERSION}.tar.gz + +echo "Install Wildfly" >> /tmp/init.log +tar -xzvf wildfly-${JBOSS_VERSION}.tar.gz +mv wildfly-${JBOSS_VERSION} /opt/wildfly +rm wildfly-${JBOSS_VERSION}.tar.gz + +echo "Install JDBC driver for Oracle DB" >> /tmp/init.log +JDBC_VERSION=ojdbc8-full +ORACLE_JDBC_MODULE_DIR=/opt/wildfly/modules/system/layers/base/com/oracle/main/ +curl -LO -H 'Cookie: oraclelicense=accept-securebackup-cookie' -O https://download.oracle.com/otn-pub/otn_software/jdbc/1914/${JDBC_VERSION}.tar.gz + +mkdir -p ${ORACLE_JDBC_MODULE_DIR} +tar zxf ${JDBC_VERSION}.tar.gz --strip-components=1 -C ${ORACLE_JDBC_MODULE_DIR} +rm ${JDBC_VERSION}.tar.gz + +# echo "Move the module.xml file to the JDBC driver folder" >> /tmp/init.log +# Can't create a module in Domain mode, so creating with a file for all modes. +mv /home/opc/module.xml ${ORACLE_JDBC_MODULE_DIR} + +# open ports on firewall +firewall-offline-cmd --add-port=9990/tcp # admin console HTTP +firewall-offline-cmd --add-port=9993/tcp # admin console SSL +firewall-offline-cmd --add-port=8080/tcp # application server HTTP +firewall-offline-cmd --add-port=8443/tcp # application server SSL + +systemctl restart firewalld + +# setup Systemd for wildfly +groupadd --system wildfly +useradd -s /sbin/nologin --system -d /opt/wildfly -g wildfly wildfly +mkdir /etc/wildfly + +# copy templates +cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.conf /etc/wildfly/ +cp /opt/wildfly/docs/contrib/scripts/systemd/wildfly.service /etc/systemd/system/ +cp /opt/wildfly/docs/contrib/scripts/systemd/launch.sh /opt/wildfly/bin/ +chmod +x /opt/wildfly/bin/launch.sh + +# make sure admin console is bond to 0.0.0.0 so it can be accessed via bastion +echo "jboss.bind.address.management=0.0.0.0" > /opt/wildfly/jboss.properties + +sed -i 's|\$3|\$3 --properties=/opt/wildfly/jboss.properties|g' /opt/wildfly/bin/launch.sh + +chown -R wildfly:wildfly /opt/wildfly + +systemctl daemon-reload + +# Setup Selinux +semanage fcontext -a -t bin_t "/opt/wildfly/bin(/.*)?" +restorecon -Rv /opt/wildfly/bin/ + +systemctl start wildfly +systemctl enable wildfly +touch /initial_setup.marker + diff --git a/scripts/sshkey.tpl b/scripts/sshkey.tpl new file mode 100644 index 0000000..2555a46 --- /dev/null +++ b/scripts/sshkey.tpl @@ -0,0 +1,5 @@ +#!/bin/bash + +cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak +echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys +chown -R opc /home/opc/.ssh/authorized_keys diff --git a/tags.tf b/tags.tf new file mode 100644 index 0000000..bc31c4e --- /dev/null +++ b/tags.tf @@ -0,0 +1,34 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +resource "random_id" "tag" { + byte_length = 2 +} + +resource "oci_identity_tag_namespace" "ArchitectureCenterTagNamespace" { + provider = oci.homeregion + compartment_id = var.compartment_ocid + description = "ArchitectureCenterTagNamespace" + name = "ArchitectureCenter\\wildfly-oci-${random_id.tag.hex}" + + provisioner "local-exec" { + command = "sleep 10" + } + +} + +resource "oci_identity_tag" "ArchitectureCenterTag" { + provider = oci.homeregion + description = "ArchitectureCenterTag" + name = "release" + tag_namespace_id = oci_identity_tag_namespace.ArchitectureCenterTagNamespace.id + + validator { + validator_type = "ENUM" + values = ["release", "1.2"] + } + + provisioner "local-exec" { + command = "sleep 120" + } +} diff --git a/tls.tf b/tls.tf new file mode 100644 index 0000000..7e5fa6d --- /dev/null +++ b/tls.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2021 Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +resource "tls_private_key" "public_private_key_pair" { + algorithm = "RSA" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..21de75e --- /dev/null +++ b/variables.tf @@ -0,0 +1,266 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" {} +variable "region" {} +variable "compartment_ocid" {} +variable "fingerprint" {} +variable "user_ocid" {} +variable "private_key_path" {} + +variable "release" { + description = "Reference Architecture Release (OCI Architecture Center)" + default = "1.2" +} + +variable "numberOfNodes" { + default = 2 +} + +variable "availability_domain_name" { + default = "" +} +variable "availability_domain_number" { + default = 0 +} + +variable "ssh_public_key" { + default = "" +} + +variable "use_existing_vcn" { + default = false +} + +variable "use_existing_nsg" { + default = false +} + +variable "vcn_id" { + default = "" +} + +variable "lb_shape" { + default = "flexible" +} + +variable "flex_lb_min_shape" { + default = "10" +} + +variable "flex_lb_max_shape" { + default = "100" +} + +variable "lb_subnet_id" { + default = "" +} + +variable "lb_nsg_ids" { + default = [] +} + +variable "compute_subnet_id" { + default = "" +} + +variable "compute_nsg_ids" { + default = [] +} + +variable "atp_subnet_id" { + default = "" +} + +variable "atp_nsg_id" { + default = "" +} + +variable "bastion_subnet_id" { + default = "" +} + +variable "bastion_nsg_ids" { + default = [] +} + +variable "use_bastion_service" { + default = false +} + +variable "igw_display_name" { + default = "internet-gateway" +} + +variable "InstanceShape" { + default = "VM.Standard.E4.Flex" +} + +variable "InstanceFlexShapeOCPUS" { + default = 1 +} + +variable "InstanceFlexShapeMemory" { + default = 10 +} + +variable "instance_os" { + description = "Operating system for compute instances" + default = "Oracle Linux" +} + +variable "linux_os_version" { + description = "Operating system version for all Linux instances" + default = "7.9" +} + +variable "prefix" { + default = "jboss" +} + +variable "jboss_admin_username" { + default = "admin" +} +variable "jboss_admin_password" { + type = string +} + +variable "jboss_display_name" { + default = "jboss" +} + +variable "create_ds" { + type = bool + default = true +} + +# Bastion +variable "bastion_vm_shape" { + default = "VM.Standard.E4.Flex" +} + +variable "bastion_vm_flex_shape_ocpu" { + default = 1 +} + +variable "bastion_vm_flex_shape_mem" { + default = 1 +} + +# ATP +variable "provision_atp" { + type = bool + default = true +} + +variable "atp_private_endpoint" { + default = true +} + +variable "atp_private_endpoint_label" { + default = "JBossATPPE" +} + +variable "atp_admin_password" { + type = string + default = "" +} + +variable "atp_display_name" { + type = string + default = "JBossATP" +} + +variable "atp_db_name" { + type = string + default = "JBossATP" +} + +variable "atp_cpu_core_count" { + type = number + default = 1 +} + +variable "atp_storage_tbs" { + type = number + default = 1 +} + +variable "atp_autoscaling" { + type = bool + default = false +} + +variable "atp_tde_wallet_zip_file" { + default = "tde_wallet_JBossATP.zip" +} + +variable "ds_name" { + type = string + default = "OracleDS" +} + +variable "atp_username" { + type = string + default = "" +} + +variable "atp_password" { + type = string + default = "" +} + +variable "domain_mode" { + type = bool + default = true +} + +variable "vcn01_cidr_block" { + default = "10.0.0.0/16" +} +variable "vcn01_dns_label" { + default = "vcn01" +} +variable "vcn01_display_name" { + default = "vcn01" +} + +variable "vcn01_subnet_lb_cidr_block" { + default = "10.0.1.0/24" +} + +variable "vcn01_subnet_lb_display_name" { + default = "vcn01_subnet_lb" +} + +variable "vcn01_subnet_bastion_cidr_block" { + default = "10.0.2.0/24" +} + +variable "vcn01_subnet_bastion_display_name" { + default = "vcn01_subnet_bastion" +} + +variable "vcn01_subnet_jboss_cidr_block" { + default = "10.0.10.0/24" +} + +variable "vcn01_subnet_jboss_display_name" { + default = "vcn01_subnet_jboss" +} + +variable "vcn01_subnet_atp_cidr_block" { + default = "10.0.20.0/24" +} + +variable "vcn01_subnet_atp_display_name" { + default = "vcn01_subnet_atp" +} + +# locals +locals { + hostname_label = replace(lower(var.jboss_display_name), " ", "") + atp_nsg_id = !var.use_existing_nsg ? oci_core_network_security_group.ATPSecurityGroup[0].id : var.atp_nsg_id + atp_subnet_id = !var.use_existing_vcn ? oci_core_subnet.vcn01_subnet_atp[0].id : var.atp_subnet_id + vcn_id = !var.use_existing_vcn ? oci_core_vcn.vcn01[0].id : var.vcn_id +} diff --git a/version.tf b/version.tf new file mode 100644 index 0000000..f5bb223 --- /dev/null +++ b/version.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl + +terraform { + required_version = ">= 0.12" +} \ No newline at end of file