{OCI 仮想クラウド・ネットワーク}IPレンジ拡張

OCI



https://qiita.com/kenwatan/items/bce7419c5dd14c722813

 


-- 1. VPC、サブネット、コンピュートインスタンス作成

 

cat <<-'EOF' > variables.tf

locals {
  tenancy_ocid = "ocid1.tenancy.oc1..111111111111111111111111111111111111111111111111111111111111"

}

variable "compartment_name" {
  description = "compartment_name"
  type = string
  default = "cmp01"
}

EOF

 

cat <<-'EOF' > main.tf

terraform {
  required_version = ">= 1.0.0, < 2.0.0"
  required_providers {
    oci = {
       source  = "hashicorp/oci"
       version = "= 5.23.0"
    }
  }
}

provider "oci" {
  tenancy_ocid = local.tenancy_ocid
  user_ocid = "ocid1.user.oc1..111111111111111111111111111111111111111111111111111111111111" 
  private_key_path = "~/.oci/oci_api_key.pem"
  fingerprint = "45:ed:22:e6:cc:fd:63:97:12:9d:62:7a:90:12:65:7a"
  region = "us-ashburn-1"
}


resource "oci_identity_compartment" "cmp01" {
    # Required
    compartment_id = local.tenancy_ocid
    description = var.compartment_name
    name = var.compartment_name
    
    enable_delete = true
}

resource "oci_core_vcn" "vcn01" {
    #Required
    compartment_id = oci_identity_compartment.cmp01.id

    #Optional
    cidr_block = "10.0.0.0/16"
    display_name = "vcn01"
    dns_label = "vcn01"

}


resource "oci_core_internet_gateway" "igw01" {
    #Required
    compartment_id = oci_identity_compartment.cmp01.id
    vcn_id = oci_core_vcn.vcn01.id

    #Optional
    enabled = true
    display_name = "igw01"
}

resource "oci_core_route_table" "rt01" {
    #Required
    compartment_id = oci_identity_compartment.cmp01.id
    vcn_id = oci_core_vcn.vcn01.id

    #Optional
    display_name = "rt01"
    route_rules {
        network_entity_id = oci_core_internet_gateway.igw01.id
        destination = "0.0.0.0/0"
    }
    
}


resource "oci_core_security_list" "sl01" {
    #Required
    compartment_id = oci_identity_compartment.cmp01.id
    vcn_id = oci_core_vcn.vcn01.id

    #Optional
    display_name = "sl01"
    
    egress_security_rules {
        protocol = "all"
        destination = "0.0.0.0/0"
        stateless = false
    }
    
    ingress_security_rules {
        protocol = "6"
        source = "0.0.0.0/0"
        stateless = false
        tcp_options {
            max = 22
            min = 22
        }
    }
    ingress_security_rules {
        protocol = "all"
        source = "10.1.0.0/24"
        stateless = false
    }

}

 

resource "oci_core_subnet" "subnet01" {
    #Required
    cidr_block = "10.0.0.0/24"
    compartment_id = oci_identity_compartment.cmp01.id
    vcn_id = oci_core_vcn.vcn01.id

    #Optional

    display_name = "subnet01"
    dns_label = "subnet01"
    route_table_id = oci_core_route_table.rt01.id
    security_list_ids = [oci_core_security_list.sl01.id]
}


data "oci_core_images" "ol9_latest" {
    #Required
    compartment_id = oci_identity_compartment.cmp01.id
    
    #Optional
    operating_system = "Oracle Linux"
    operating_system_version = "9"
    shape = "VM.Standard.E2.1"
    sort_by = "TIMECREATED"
    sort_order = "DESC"

    filter {
        name   = "display_name"
        values = ["Oracle-Linux-9*"]
        regex  = true
    }

}


resource "oci_core_instance" "vm01" {
    #Required
    availability_domain = "OEIw:US-ASHBURN-AD-1"
    compartment_id = oci_identity_compartment.cmp01.id
    shape = "VM.Standard.E2.1"

    agent_config {
        plugins_config {
            desired_state = "ENABLED"
            name = "OS Management Service Agent"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "Compute Instance Run Command"
        }
        plugins_config {
            desired_state = "ENABLED"
            name = "Compute Instance Monitoring"
        }

    }
    
    create_vnic_details {
        #Optional
        assign_public_ip = true
        subnet_id = oci_core_subnet.subnet01.id
    }

    display_name = "vm01"
    fault_domain = "FAULT-DOMAIN-1"

    metadata = {
        ssh_authorized_keys = file("~/.ssh/id_rsa.pub")
    } 


    source_details {
        #Required
         source_id = data.oci_core_images.ol9_latest.images[0].id
         source_type = "image"

        #Optional
        boot_volume_size_in_gbs = 50
    }
    preserve_boot_volume = false
    preemptible_instance_config {
        preemption_action {
            type = "TERMINATE"
            preserve_boot_volume = false
        }
    }
}

EOF

 

cat <<-'EOF' > outputs.tf

output "cmp01_id" {
  value = oci_identity_compartment.cmp01.id
  description = "cmp01.id"
}

output "vcn01_id" {
  value = oci_core_vcn.vcn01.id
  description = "vcn01.id"
}

output "igw01_id" {
  value = oci_core_internet_gateway.igw01.id
  description = "igw01.id"
}
output "rt01_id" {
  value = oci_core_route_table.rt01.id
  description = "rt01.id"
}

output "sl01_id" {
  value = oci_core_security_list.sl01.id
  description = "sl01.id"
}

output "subnet01_id" {
  value = oci_core_subnet.subnet01.id
  description = "subnet01.id"
}


EOF

 


terraform init
terraform fmt
terraform -version

export TF_VAR_compartment_name=cmp01


terraform plan

 

terraform apply -auto-approve


# terraform destroy -auto-approve

 

 


-- 2. アドレス範囲を追加


oci network vcn list \
--compartment-id ocid1.compartment.oc1..111111111111111111111111111111111111111111111111111111111111


oci network vcn add-vcn-cidr \
--cidr-block 10.1.0.0/16 \
--vcn-id ocid1.vcn.oc1.iad.111111111111111111111111111111111111111111111111111111111111