{Terraform} EC2/OCI - HTN20190109の日記

https://registry.terraform.io/providers/oracle/oci/latest/docs
https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/terraform-manage-default-vcn-resources.htm
https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_images

Terraformの場合もVCNとともに下記が自動作成される
default route table
default security list
default set of DHCP options

アクセス制御をNSGで行うため、デフォルトセキュリティリストのルールを削除する

cat <<-'EOF' > variables.tf

locals {
tenancy_ocid = "ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000"

}

variable "compartment_name" {
description = "compartment_name"
type = string
default = "cmp01"
}

variable "shape" {
description = "shape"
type = string
default = "VM.Standard.E2.1"
}

EOF

cat <<-'EOF' > main.tf

terraform {
required_version = ">= 1.0.0, < 2.0.0"
required_providers {
oci = {
source = "hashicorp/oci"
version = "= 5.23.0"
}
}
}

provider "oci" {
tenancy_ocid = local.tenancy_ocid
user_ocid = "ocid1.user.oc1..000000000000000000000000000000000000000000000000000000000000"
private_key_path = "~/.oci/oci_api_key.pem"
fingerprint = "45:ed:22:e6:cc:fd:63:97:12:9d:62:7a:90:12:65:7a"
region = "us-ashburn-1"
}

data "oci_core_images" "ubu22_latest" {
#Required
compartment_id = oci_identity_compartment.cmp01.id

#Optional
operating_system = "Canonical Ubuntu"
operating_system_version = "22.04 Minimal"
shape = var.shape
sort_by = "TIMECREATED"
sort_order = "DESC"
}

resource "oci_identity_compartment" "cmp01" {
# Required
compartment_id = local.tenancy_ocid
description = var.compartment_name
name = var.compartment_name

enable_delete = true
}

resource "oci_core_vcn" "vcn01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id

#Optional
cidr_block = "10.0.0.0/16"
display_name = "vcn01"
dns_label = "vcn01"

}

resource "oci_core_internet_gateway" "igw01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
enabled = true
display_name = "igw01"
}

resource "oci_core_route_table" "rt01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "rt01"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
cidr_block = "0.0.0.0/0"
}

}

resource "oci_core_subnet" "subnet01" {
#Required
cidr_block = "10.0.1.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional

display_name = "subnet01"
dns_label = "subnet01"
route_table_id = oci_core_route_table.rt01.id
# security_list_ids = [oci_core_security_list.sl01.id]
}

# デフォルトセキュリティリストのルール削除

resource "oci_core_default_security_list" "dsl01" {
manage_default_resource_id = oci_core_vcn.vcn01.default_security_list_id
}

# NSG

resource "oci_core_network_security_group" "nsg01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id

#Optional
display_name = "nsg01"
}

resource "oci_core_network_security_group_security_rule" "nsg01r01" {
#Required
network_security_group_id = oci_core_network_security_group.nsg01.id
direction = "INGRESS"
protocol = "6"

#Optional
description = "nsg01r01"
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
stateless = false
tcp_options {
destination_port_range {
max = 22
min = 22
}
}
}

resource "oci_core_network_security_group_security_rule" "nsg01r02" {
#Required
network_security_group_id = oci_core_network_security_group.nsg01.id
direction = "EGRESS"
protocol = "all"

#Optional
description = "nsg01r02"
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
stateless = false
}

# インスタンス

resource "oci_core_instance" "vm01" {
#Required
availability_domain = "OEIw:US-ASHBURN-AD-1"
compartment_id = oci_identity_compartment.cmp01.id
shape = var.shape

#Optional

create_vnic_details {
#Optional
assign_public_ip = true
nsg_ids = [oci_core_network_security_group.nsg01.id]
subnet_id = oci_core_subnet.subnet01.id
}

display_name = "vm01"
fault_domain = "FAULT-DOMAIN-1"

metadata = {
ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
}

source_details {
#Required
source_id = data.oci_core_images.ubu22_latest.images[0].id
source_type = "image"

#Optional
boot_volume_size_in_gbs = 50
}
preserve_boot_volume = false
}

EOF

cat <<-'EOF' > outputs.tf

output "ubu22_latest_id" {
value = data.oci_core_images.ubu22_latest.images[0].id
description = "ubu22_latest.id"
}

output "cmp01_id" {
value = oci_identity_compartment.cmp01.id
description = "cmp01.id"
}

output "vcn01_id" {
value = oci_core_vcn.vcn01.id
description = "vcn01.id"
}

output "igw01_id" {
value = oci_core_internet_gateway.igw01.id
description = "igw01.id"
}

output "subnet01_id" {
value = oci_core_subnet.subnet01.id
description = "subnet01.id"
}

output "nsg01_id" {
value = oci_core_network_security_group.nsg01.id
description = "nsg01.id"
}

output "vm01_id" {
value = oci_core_instance.vm01.id
description = "vm01.id"
}

output "vm01_public_ip" {
value = oci_core_instance.vm01.public_ip
description = "vm01.public_ip"
}

EOF

terraform init
terraform fmt
terraform -version

terraform plan

export TF_VAR_compartment_name="cmp01"
export TF_VAR_shape="VM.Standard.E2.1"

terraform apply -auto-approve

terraform destroy -auto-approve

ssh -i $HOME/.ssh/id_rsa ubuntu@192.0.2.1

oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table