This is the seconds post of OCI using terraform. In the previous post Oracle Cloud Infrastructure VNC and Subnet using Terraform we created the network that we are going to use in this post.

The terraform resource that creates the compute instance in OCI is oci_core_instance (review the terraform documentation). 

resource "oci_core_instance" "webserver1_instance" {
  availability_domain = data.oci_identity_availability_domain.myad.name
  compartment_id      = oci_identity_compartment.nikelinthecloud.id
  display_name        = "webserver1"
  shape               = "VM.Standard.E3.Flex"

  shape_config {
    ocpus = 1
  }

  create_vnic_details {
    subnet_id        = oci_core_subnet.nitc_public.id
    display_name     = "Primaryvnic"
    assign_public_ip = true
    hostname_label   = "webserver1"
  }

  source_details {
    source_type = "image"
    source_id   = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaavz6p7tyrczcwd5uvq6x2wqkbwcrjjbuohbjomtzv32k5bq24rsha"
  }

  metadata = {
    ssh_authorized_keys = var.ssh_public_key
  }

}

Note the availability_domain is using data. This is a kind of query and data.oci_identity_availability_domain.ad.name is using the result of that query (we are requesting the name of the availability domain named myad). Lest define it in data.tf:

data "oci_identity_availability_domain" "myad" {
  compartment_id = oci_identity_compartment.nikelinthecloud.id
  ad_number      = 1
}

In create_vnic_details we’ve defined in which subnet the vnic will be allocated, the hostname and whether this vnic will got a public ip or not.

In order to connect to the instance using the public key we use ssh_authorized_keys in the metadata.

ssh_authorized_keys use the ssh_authorized_keys variable, so let’s define this variable in a new file, vm_vars.tf.

variable ssh_public_key {}

This time the value wont be in terraform.tfvars but in TF_VAR environment variable (keep an eye the terraform documentation).

terraform will look in your environment all TF_VAR_* variables, so if we want use the ssh_public_key variable:

export TF_VAR_ssh_public_key=`cat /home/pmoreno/webserver1Key.pub`

If you want to check what “data.oci_identity_availability_domain.myad.name” contains, add this lines to data.ft and run terraform plan:

output "showMyAD" {
  value = data.oci_identity_availability_domain.myad.name
}

you’ll see something like this:

  + showMyAD = “mqxQ:EU-FRANKFURT-1-AD-1”

Once you execute terraform apply you can try to connect using the private key

ssh -i [YOUR_PRIVATE_KEY] opc@[PUBLIC_IP]

Let’s create the other compute instance, this time in a private subnet. vm_dbserver1.tf

resource "oci_core_instance" "dbserver1_instance" {
  availability_domain = data.oci_identity_availability_domain.myad.name
  compartment_id      = oci_identity_compartment.nikelinthecloud.id
  display_name        = "dbserver1"
  shape               = "VM.Standard.E3.Flex"

  shape_config {
    ocpus = 1
  }

  create_vnic_details {
    subnet_id        = oci_core_subnet.nitc_private.id
    display_name     = "Primaryvnic"
    assign_public_ip = false
    hostname_label   = "dbserver1"
  }

  source_details {
    source_type = "image"
    source_id   = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaavz6p7tyrczcwd5uvq6x2wqkbwcrjjbuohbjomtzv32k5bq24rsha"
  }

  metadata = {
    ssh_authorized_keys = var.ssh_public_key
  }

}

run terraform plan, review the output and if all is ok, terraform apply

Try to connect to the new instance using webserver1 as a “bastion host”.

In you linux client, run

eval `ssh-agent`
ssh-add $HOME/webserver1Key
ssh -i $HOME/webserver1Key -J opc@WEBSERVER1_PUBLIC_IP opc@DBSERVER1_PRIVATE_IP

In the next post we’ll install  and configure wordpress  as we did in this post, but this time, using Ansible.

Leave a comment

Your email address will not be published. Required fields are marked *