https://qiita.com/sugimount/items/6d060c03aa02837749c7
https://oracle-japan.github.io/ocitutorials/intermediates/using-load-balancer/
https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/load_balancer_load_balancer
https://docs.oracle.com/ja/learn/oci-attach-reserved-ip/index.html#task-2-understand-the-cloud-init-script
https://qiita.com/yamada-hakase/items/40fa2cbb5ed669aaa85b
★Cloud-initスクリプト
→ シェル形式ではエラーとなった。cloud-config形式で記述する必要がある模様
cat <<-'EOF' > a.yaml
#cloud-config
timezone: Asia/Tokyo
locale: ja_JP.utf8
package_update: true
packages:
- httpd
runcmd:
- setenforce 0
- sed -i -e 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl start httpd
- systemctl enable httpd
- echo $(hostname) > /var/www/html/index.html
EOF
cat <<-'EOF' > variables.tf
locals {
tenancy_ocid = "ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000"
}
variable "compartment_name" {
description = "compartment_name"
type = string
default = "cmp01"
}
variable "shape" {
description = "shape"
type = string
default = "VM.Standard.E2.1"
}
EOF
cat <<-'EOF' > main.tf
terraform {
required_version = ">= 1.0.0, < 2.0.0"
required_providers {
oci = {
source = "oracle/oci"
version = "= 5.23.0"
}
}
}
provider "oci" {
tenancy_ocid = local.tenancy_ocid
user_ocid = "ocid1.user.oc1..000000000000000000000000000000000000000000000000000000000000"
private_key_path = "~/.oci/oci_api_key.pem"
fingerprint = "45:ed:22:e6:cc:fd:63:97:12:9d:62:7a:90:12:65:7a"
region = "us-ashburn-1"
}
resource "oci_identity_compartment" "cmp01" {
# Required
compartment_id = local.tenancy_ocid
description = var.compartment_name
name = var.compartment_name
enable_delete = true
}
resource "oci_core_vcn" "vcn01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
#Optional
cidr_block = "10.0.0.0/16"
display_name = "vcn01"
dns_label = "vcn01"
}
resource "oci_core_internet_gateway" "igw01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
enabled = true
display_name = "igw01"
}
resource "oci_core_route_table" "rt01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "rt01"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
destination = "0.0.0.0/0"
}
}
resource "oci_core_route_table" "rt02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "rt02"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
destination = "0.0.0.0/0"
}
}
resource "oci_core_security_list" "sl01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "sl01"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}
ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 80
min = 80
}
}
}
resource "oci_core_security_list" "sl02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "sl02"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}
ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
protocol = "6"
source = "0.0.0.0/0"
stateless = false
tcp_options {
max = 80
min = 80
}
}
}
resource "oci_core_subnet" "subnet01" {
#Required
cidr_block = "10.0.1.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "subnet01"
dns_label = "subnet01"
route_table_id = oci_core_route_table.rt01.id
security_list_ids = [oci_core_security_list.sl01.id]
}
resource "oci_core_subnet" "subnet02" {
#Required
cidr_block = "10.0.2.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "subnet02"
dns_label = "subnet02"
route_table_id = oci_core_route_table.rt02.id
security_list_ids = [oci_core_security_list.sl02.id]
}
data "oci_core_images" "ol9_latest" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
#Optional
operating_system = "Oracle Linux"
operating_system_version = "9"
shape = var.shape
sort_by = "TIMECREATED"
sort_order = "DESC"
filter {
name = "display_name"
values = ["Oracle-Linux-9.2-2023.*"]
regex = true
}
}
resource "oci_core_instance" "vm01" {
#Required
availability_domain = "OEIw:US-ASHBURN-AD-1"
compartment_id = oci_identity_compartment.cmp01.id
shape = var.shape
agent_config {
plugins_config {
desired_state = "ENABLED"
name = "OS Management Service Agent"
}
plugins_config {
desired_state = "ENABLED"
name = "Compute Instance Run Command"
}
plugins_config {
desired_state = "ENABLED"
name = "Compute Instance Monitoring"
}
}
create_vnic_details {
#Optional
assign_public_ip = true
subnet_id = oci_core_subnet.subnet02.id
}
display_name = "vm01"
fault_domain = "FAULT-DOMAIN-1"
metadata = {
ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
user_data = "${base64encode(file("./a.yaml"))}"
}
source_details {
#Required
source_id = data.oci_core_images.ol9_latest.images[0].id
source_type = "image"
#Optional
boot_volume_size_in_gbs = 50
}
preserve_boot_volume = false
}
resource "oci_core_instance" "vm02" {
#Required
availability_domain = "OEIw:US-ASHBURN-AD-2"
compartment_id = oci_identity_compartment.cmp01.id
shape = var.shape
agent_config {
plugins_config {
desired_state = "ENABLED"
name = "OS Management Service Agent"
}
plugins_config {
desired_state = "ENABLED"
name = "Compute Instance Run Command"
}
plugins_config {
desired_state = "ENABLED"
name = "Compute Instance Monitoring"
}
}
create_vnic_details {
#Optional
assign_public_ip = true
subnet_id = oci_core_subnet.subnet02.id
}
display_name = "vm02"
fault_domain = "FAULT-DOMAIN-2"
metadata = {
ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
user_data = "${base64encode(file("./a.yaml"))}"
}
source_details {
#Required
source_id = data.oci_core_images.ol9_latest.images[0].id
source_type = "image"
#Optional
boot_volume_size_in_gbs = 50
}
preserve_boot_volume = false
}
resource "oci_load_balancer_load_balancer" "lb01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
display_name = "lb01"
shape = "flexible"
subnet_ids = [oci_core_subnet.subnet01.id]
#Optional
ip_mode = "IPV4"
is_private = false
shape_details {
#Required
maximum_bandwidth_in_mbps = 10
minimum_bandwidth_in_mbps = 10
}
}
resource "oci_load_balancer_backend_set" "bs01" {
#Required
health_checker {
#Required
protocol = "HTTP"
interval_ms = 100000
port = 80
retries =3
return_code = 200
timeout_in_millis = 3000
url_path = "/"
}
load_balancer_id = oci_load_balancer_load_balancer.lb01.id
name = "bs01"
policy = "ROUND_ROBIN"
}
resource "oci_load_balancer_backend" "be01" {
backendset_name = oci_load_balancer_backend_set.bs01.name
ip_address = oci_core_instance.vm01.private_ip
load_balancer_id = oci_load_balancer_load_balancer.lb01.id
port = 80
backup = false
drain = false
offline = false
weight = 1
}
resource "oci_load_balancer_backend" "be02" {
backendset_name = oci_load_balancer_backend_set.bs01.name
ip_address = oci_core_instance.vm02.private_ip
load_balancer_id = oci_load_balancer_load_balancer.lb01.id
port = 80
backup = false
drain = false
offline = false
weight = 1
}
resource "oci_load_balancer_listener" "lis01" {
#Required
default_backend_set_name = oci_load_balancer_backend_set.bs01.name
load_balancer_id = oci_load_balancer_load_balancer.lb01.id
name = "lis01"
port = 80
protocol = "HTTP"
}
EOF
cat <<-'EOF' > outputs.tf
output "cmp01_id" {
value = oci_identity_compartment.cmp01.id
description = "cmp01.id"
}
output "vcn01_id" {
value = oci_core_vcn.vcn01.id
description = "vcn01.id"
}
output "igw01_id" {
value = oci_core_internet_gateway.igw01.id
description = "igw01.id"
}
output "rt01_id" {
value = oci_core_route_table.rt01.id
description = "rt01.id"
}
output "rt02_id" {
value = oci_core_route_table.rt02.id
description = "rt02.id"
}
output "sl01_id" {
value = oci_core_security_list.sl01.id
description = "sl01.id"
}
output "sl02_id" {
value = oci_core_security_list.sl02.id
description = "sl02.id"
}
output "subnet01_id" {
value = oci_core_subnet.subnet01.id
description = "subnet01.id"
}
output "subnet02_id" {
value = oci_core_subnet.subnet02.id
description = "subnet02.id"
}
output "ol9_latest_id" {
value = data.oci_core_images.ol9_latest.images[0].id
description = "ol9_latest.id"
}
output "vm01_id" {
value = oci_core_instance.vm01.id
description = "vm01.id"
}
output "vm01_public_ip" {
value = oci_core_instance.vm01.public_ip
description = "vm01.public_ip"
}
output "vm01_private_ip" {
value = oci_core_instance.vm01.private_ip
description = "vm01.private_ip"
}
output "vm02_id" {
value = oci_core_instance.vm02.id
description = "vm02.id"
}
output "vm02_public_ip" {
value = oci_core_instance.vm02.public_ip
description = "vm02.public_ip"
}
output "vm02_private_ip" {
value = oci_core_instance.vm02.private_ip
description = "vm02.private_ip"
}
output "lb01_id" {
value = oci_load_balancer_load_balancer.lb01.id
description = "lb01.id"
}
output "lb01_ip_address" {
value = oci_load_balancer_load_balancer.lb01.ip_address_details[0].ip_address
description = "lb01.ip_address"
}
EOF
terraform init
terraform fmt
terraform -version
export TF_VAR_compartment_name=cmp01
terraform plan
terraform apply -auto-approve
while true; do
curl http://192.0.2.1;
sleep 1;
done
terraform destroy -auto-approve