https://qiita.com/ponsuke0531/items/4721ac64f82a8e191580
https://qiita.com/S-T/items/18af2bfcc4e5a72202da
https://webmasters-journal.com/application/winscp-ssh-tunnel/
https://docs.oracle.com/ja/learn/generate_ssh_keys/index.html#use-putty
前提:
subnet01,vm01,sl01,rt01,パブリックサブネット
subnet02,vm02,sl02,rt02,プライベートサブネット,サービス・ゲートウェイのみ
subnet01~subnet02間の全通信許可
-- 1. 環境準備 (OCIを使用する)
cat <<-'EOF' > variables.tf
locals {
tenancy_ocid = "ocid1.tenancy.oc1..111111111111111111111111111111111111111111111111111111111111"
# MYIP
myip = "192.0.2.1/32"
}
variable "compartment_name" {
description = "compartment_name"
type = string
default = "cmp01"
}
EOF
cat <<-'EOF' > main.tf
terraform {
required_version = ">= 1.0.0, < 2.0.0"
required_providers {
oci = {
source = "hashicorp/oci"
version = "= 5.23.0"
}
}
}
provider "oci" {
tenancy_ocid = local.tenancy_ocid
user_ocid = "ocid1.user.oc1..111111111111111111111111111111111111111111111111111111111111"
private_key_path = "~/.oci/oci_api_key.pem"
fingerprint = "45:ed:22:e6:cc:fd:63:97:12:9d:62:7a:90:12:65:7a"
region = "us-ashburn-1"
}
resource "oci_identity_compartment" "cmp01" {
# Required
compartment_id = local.tenancy_ocid
description = var.compartment_name
name = var.compartment_name
enable_delete = true
}
resource "oci_core_vcn" "vcn01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
#Optional
cidr_block = "10.0.0.0/16"
display_name = "vcn01"
dns_label = "vcn01"
}
resource "oci_core_internet_gateway" "igw01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
enabled = true
display_name = "igw01"
}
resource "oci_core_route_table" "rt01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "rt01"
route_rules {
#Required
network_entity_id = oci_core_internet_gateway.igw01.id
#Optional
destination = "0.0.0.0/0"
}
}
resource "oci_core_route_table" "rt02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "rt02"
}
resource "oci_core_security_list" "sl01" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "sl01"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}
ingress_security_rules {
protocol = "6"
source = local.myip
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
protocol = "all"
source = "10.0.2.0/24"
stateless = false
}
}
resource "oci_core_security_list" "sl02" {
#Required
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "sl02"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
stateless = false
}
ingress_security_rules {
protocol = "all"
source = "10.0.1.0/24"
stateless = false
}
}
resource "oci_core_subnet" "subnet01" {
#Required
cidr_block = "10.0.1.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "subnet01"
dns_label = "subnet01"
route_table_id = oci_core_route_table.rt01.id
security_list_ids = [oci_core_security_list.sl01.id]
}
resource "oci_core_subnet" "subnet02" {
#Required
cidr_block = "10.0.2.0/24"
compartment_id = oci_identity_compartment.cmp01.id
vcn_id = oci_core_vcn.vcn01.id
#Optional
display_name = "subnet02"
dns_label = "subnet02"
route_table_id = oci_core_route_table.rt02.id
security_list_ids = [oci_core_security_list.sl02.id]
}
EOF
# インスタンス(always free)
# Canonical-Ubuntu-22.04-aarch64-2023.10.13-0
# VM.Standard.A1.Flex
cat <<-'EOF' > instance.tf
resource "oci_core_instance" "vm01" {
#Required
availability_domain = "OEIw:US-ASHBURN-AD-1"
compartment_id = oci_identity_compartment.cmp01.id
shape = "VM.Standard.A1.Flex"
shape_config {
memory_in_gbs = 6
ocpus = 1
}
#Optional
create_vnic_details {
#Optional
assign_public_ip = true
subnet_id = oci_core_subnet.subnet01.id
}
display_name = "vm01"
metadata = {
ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
}
source_details {
#Required
source_id = "ocid1.image.oc1.iad.aaaaaaaamphrdqdgcjfdmo5fzql4m6ewcuxkbepjbobgky254svsk3ueppfa"
source_type = "image"
#Optional
boot_volume_size_in_gbs = 50
}
preserve_boot_volume = false
}
resource "oci_core_instance" "vm02" {
#Required
availability_domain = "OEIw:US-ASHBURN-AD-1"
compartment_id = oci_identity_compartment.cmp01.id
shape = "VM.Standard.A1.Flex"
shape_config {
memory_in_gbs = 6
ocpus = 1
}
#Optional
create_vnic_details {
#Optional
assign_public_ip = false
subnet_id = oci_core_subnet.subnet02.id
}
display_name = "vm02"
metadata = {
ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
}
source_details {
#Required
source_id = "ocid1.image.oc1.iad.aaaaaaaamphrdqdgcjfdmo5fzql4m6ewcuxkbepjbobgky254svsk3ueppfa"
source_type = "image"
#Optional
boot_volume_size_in_gbs = 50
}
preserve_boot_volume = false
}
EOF
cat <<-'EOF' > outputs.tf
output "cmp01_id" {
value = oci_identity_compartment.cmp01.id
description = "cmp01.id"
}
output "vcn01_id" {
value = oci_core_vcn.vcn01.id
description = "vcn01.id"
}
output "igw01_id" {
value = oci_core_internet_gateway.igw01.id
description = "igw01.id"
}
output "rt01_id" {
value = oci_core_route_table.rt01.id
description = "rt01.id"
}
output "rt02_id" {
value = oci_core_route_table.rt02.id
description = "rt02.id"
}
output "sl01_id" {
value = oci_core_security_list.sl01.id
description = "sl01.id"
}
output "sl02_id" {
value = oci_core_security_list.sl02.id
description = "sl02.id"
}
output "subnet01_id" {
value = oci_core_subnet.subnet01.id
description = "subnet01.id"
}
output "subnet02_id" {
value = oci_core_subnet.subnet02.id
description = "subnet02.id"
}
output "vm01_id" {
value = oci_core_instance.vm01.id
description = "vm01.id"
}
output "vm02_id" {
value = oci_core_instance.vm02.id
description = "vm02.id"
}
output "vm01_public_ip" {
value = oci_core_instance.vm01.public_ip
description = "vm01.public_ip"
}
output "vm01_private_ip" {
value = oci_core_instance.vm01.private_ip
description = "vm01.private_ip"
}
output "vm02_private_ip" {
value = oci_core_instance.vm02.private_ip
description = "vm02.private_ip"
}
EOF
terraform init
terraform fmt
terraform -version
terraform plan
terraform apply -auto-approve
# terraform destroy -auto-approve
-- 2. 動作確認
-- 2.1 多段接続する場合
scp -i {接続先鍵} -r -o ProxyCommand='ssh -i {踏み台鍵} {踏み台ユーザ}@{踏み台アドレス} -W %h:%p' {ローカルファイル} {接続先ユーザ}@{接続先アドレス}:{接続先パス}
ssh -i {接続先鍵} -o ProxyCommand='ssh -i {踏み台鍵} {踏み台ユーザ}@{踏み台アドレス} -W %h:%p' {接続先ユーザ}@{接続先アドレス}
scp -i $HOME/.ssh/id_rsa -r -o ProxyCommand='ssh -i $HOME/.ssh/id_rsa ubuntu@192.0.2.2 -W %h:%p' oci-cli-3.39.0-Oracle-Linux-9-Offline.zip ubuntu@10.0.2.89:/home/ubuntu
ssh -i $HOME/.ssh/id_rsa -o ProxyCommand='ssh -i $HOME/.ssh/id_rsa ubuntu@192.0.2.2 -W %h:%p' ubuntu@10.0.2.89
-- 2.2 順番に接続する場合
scp -i $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa ubuntu@192.0.2.2:/home/ubuntu
ssh -i $HOME/.ssh/id_rsa ubuntu@192.0.2.2
ssh -i $HOME/id_rsa ubuntu@10.0.2.89
WinSCPを使用する場合、ppkファイルを使用する必要がある
ノート: PuTTYは、OpenSSH互換形式でキーを保存しません。
したがって、OpenSSHを使用してPuTTYで作成された公開キー・ファイルをLinux/Unixシステムにアップロードすると、キーは正しく読み取られません。
ただし、PuTTYgenアプリケーションから直接コピーすると、キー情報自体は、貼り付けされたフィールドに対して正しく動作し、
その情報を使用して適切なOpenSSH互換キーを作成します。
たとえば、OCIでインスタンスを作成する場合は、PuTTYからSSHキーを貼り付け、正常に動作します。
https://docs.oracle.com/ja/learn/generate_ssh_keys/index.html#use-putty