From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chandan Babu R <chandanbabu@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 27/31] terraform/OCI: Add a Kconfig switch to create a VCN on the fly
Date: Mon, 31 Mar 2025 20:59:56 -0400 [thread overview]
Message-ID: <20250401010000.764234-28-cel@kernel.org> (raw)
In-Reply-To: <20250401010000.764234-1-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
Make it simpler to use OCI: create a kdevops VCN if there isn't
already a persistent VCN to use.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
playbooks/roles/gen_tfvars/defaults/main.yml | 1 +
.../templates/oci/terraform.tfvars.j2 | 3 ++
terraform/oci/kconfigs/Kconfig.network | 19 +++++++++++
terraform/oci/main.tf | 32 +++++++++++++------
terraform/oci/vars.tf | 6 ++++
5 files changed, 51 insertions(+), 10 deletions(-)
diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml
index b6caadcb7e0c..24b932974f36 100644
--- a/playbooks/roles/gen_tfvars/defaults/main.yml
+++ b/playbooks/roles/gen_tfvars/defaults/main.yml
@@ -49,6 +49,7 @@ terraform_gce_image_name: "invalid"
terraform_gce_credentials: "invalid"
terraform_oci_assign_public_ip: false
+terraform_oci_use_existing_vcn: false
terraform_openstack_cloud_name: "invalid"
terraform_openstack_instance_prefix: "invalid"
diff --git a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
index 192d72ff32a9..56402d13630b 100644
--- a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
+++ b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
@@ -14,7 +14,10 @@ oci_instance_flex_memory_in_gbs = {{ terraform_oci_instance_flex_memory_in_gbs }
{% endif %}
oci_os_image_ocid = "{{ terraform_oci_os_image_ocid }}"
oci_assign_public_ip = {{ terraform_oci_assign_public_ip | lower }}
+oci_use_existing_vcn = {{ terraform_oci_use_existing_vcn | lower }}
+{% if terraform_oci_use_existing_vcn %}
oci_subnet_ocid = "{{ terraform_oci_subnet_ocid }}"
+{% endif %}
oci_volumes_per_instance = {{ terraform_oci_volumes_per_instance }}
oci_volumes_size = {{ terraform_oci_volumes_size }}
oci_data_volume_device_file_name = "{{ terraform_oci_data_volume_device_file_name }}"
diff --git a/terraform/oci/kconfigs/Kconfig.network b/terraform/oci/kconfigs/Kconfig.network
index 22d1e5ad3062..8130ca04de6d 100644
--- a/terraform/oci/kconfigs/Kconfig.network
+++ b/terraform/oci/kconfigs/Kconfig.network
@@ -7,6 +7,23 @@ config TERRAFORM_OCI_ASSIGN_PUBLIC_IP
assigned to each instance. Leave it unset to prevent your
instances from being accessible on the public internet.
+config TERRAFORM_OCI_USE_EXISTING_VCN
+ bool "Attach instances to an existing VCN"
+ output yaml
+ default y
+ help
+ If your tenancy administrator prefers to create and secure
+ the network resources used within a compartment, or your
+ tenancy has special networking requirements, enable this
+ option. Then enter the OCID of the existing subnet in the
+ TERRAFORM_OCI_SUBNET_OCID option below. kdevops will join
+ its compute instances to that subnet.
+
+ Disable this option if you'd like kdevops to create a
+ secure VPN and subnet automatically.
+
+if TERRAFORM_OCI_USE_EXISTING_VCN
+
config TERRAFORM_OCI_SUBNET_OCID
string "OCI Subnet OCID"
output yaml
@@ -18,3 +35,5 @@ config TERRAFORM_OCI_SUBNET_OCID
kdevops does not manage this resource. Before running
"make bringup", the subnet must already exist and your OCI
user must have permission to attach to it.
+
+endif # TERRAFORM_OCI_USE_EXISTING_VCN
diff --git a/terraform/oci/main.tf b/terraform/oci/main.tf
index 250c3b722537..20aa7c5a612b 100644
--- a/terraform/oci/main.tf
+++ b/terraform/oci/main.tf
@@ -30,7 +30,7 @@ resource "oci_core_instance" "kdevops_instance" {
create_vnic_details {
assign_public_ip = var.oci_assign_public_ip
- subnet_id = var.oci_subnet_ocid
+ subnet_id = var.oci_use_existing_vcn ? var.oci_subnet_ocid : one(oci_core_subnet.kdevops_subnet[*].id)
}
metadata = {
@@ -53,6 +53,8 @@ module "volumes" {
}
resource "oci_core_vcn" "kdevops_vcn" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
cidr_blocks = [
"10.0.0.0/16",
]
@@ -63,15 +65,19 @@ resource "oci_core_vcn" "kdevops_vcn" {
}
resource "oci_core_internet_gateway" "kdevops_internet_gateway" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops internet gateway"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
}
resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops dhcp options"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
options {
type = "DomainNameServer"
@@ -84,20 +90,24 @@ resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
}
resource "oci_core_route_table" "kdevops_route_table" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops route table"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
- network_entity_id = oci_core_internet_gateway.kdevops_internet_gateway.id
+ network_entity_id = one(oci_core_internet_gateway.kdevops_internet_gateway[*].id)
}
}
resource "oci_core_security_list" "kdevops_security_list" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops security list"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
egress_security_rules {
description = "Allow all outbound traffic"
@@ -153,13 +163,15 @@ resource "oci_core_security_list" "kdevops_security_list" {
}
resource "oci_core_subnet" "kdevops_subnet" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
availability_domain = data.oci_identity_availability_domain.kdevops_av_domain.name
cidr_block = "10.0.0.0/24"
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
- dhcp_options_id = oci_core_dhcp_options.kdevops_dhcp_options.id
+ dhcp_options_id = one(oci_core_dhcp_options.kdevops_dhcp_options[*].id)
dns_label = "runners"
display_name = "kdevops subnet"
- route_table_id = oci_core_route_table.kdevops_route_table.id
- security_list_ids = ["${oci_core_security_list.kdevops_security_list.id}"]
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ route_table_id = one(oci_core_route_table.kdevops_route_table[*].id)
+ security_list_ids = ["${one(oci_core_security_list.kdevops_security_list[*].id)}"]
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
}
diff --git a/terraform/oci/vars.tf b/terraform/oci/vars.tf
index 7c19720bebc2..225ebdf51648 100644
--- a/terraform/oci/vars.tf
+++ b/terraform/oci/vars.tf
@@ -61,10 +61,16 @@ variable "oci_assign_public_ip" {
}
variable "oci_subnet_ocid" {
+ default = null
description = "Subnet OCID"
type = string
}
+variable "oci_use_existing_vcn" {
+ description = "Use a pre-existing VCN"
+ type = bool
+}
+
variable "oci_volumes_per_instance" {
description = "The count of additional block volumes per instance"
type = number
--
2.48.1
next prev parent reply other threads:[~2025-04-01 1:00 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 0:59 [RFC PATCH 00/31] Simplify OCI configuration menu cel
2025-04-01 0:59 ` [RFC PATCH 01/31] terraform/OCI: Remove terraform_oci_instance_display_name cel
2025-04-01 0:59 ` [RFC PATCH 02/31] terraform/OCI: One default value to rule them cel
2025-04-01 0:59 ` [RFC PATCH 03/31] terraform/OCI: Add an "Identity & Access" submenu cel
2025-04-01 0:59 ` [RFC PATCH 04/31] terraform/OCI: Add a "Resource location" submenu cel
2025-04-01 0:59 ` [RFC PATCH 05/31] terraform/OCI: Add a "Compute" Kconfig submenu cel
2025-04-01 0:59 ` [RFC PATCH 06/31] terraform/OCI: Add a "Storage" " cel
2025-04-01 0:59 ` [RFC PATCH 07/31] terraform/OCI: Add a "Networking" " cel
2025-04-01 0:59 ` [RFC PATCH 08/31] terraform/OCI: Use "output yaml" for the tenancy OCID cel
2025-04-01 0:59 ` [RFC PATCH 09/31] terraform/OCI: Use "output yaml" for the user OCID cel
2025-04-01 0:59 ` [RFC PATCH 10/31] terraform/OCI: Use "output yaml" for the signing key cel
2025-04-01 0:59 ` [RFC PATCH 11/31] terraform/OCI: Use "output yaml" for the fingerprint cel
2025-04-01 0:59 ` [RFC PATCH 12/31] terraform/OCI: Add a Region selector cel
2025-04-01 0:59 ` [RFC PATCH 13/31] terraform/OCI: Add an availability domain selector cel
2025-04-01 0:59 ` [RFC PATCH 14/31] terraform/OCI: Select your compartment by name instead of by OCID cel
2025-04-01 0:59 ` [RFC PATCH 15/31] terraform/OCI: Use "output yaml" for the instance shape setting cel
2025-04-01 0:59 ` [RFC PATCH 16/31] terraform/OCI: Add a shape selector for Flex shapes cel
2025-04-01 0:59 ` [RFC PATCH 17/31] terraform/OCI: Use "output yaml" for the OCPUs setting cel
2025-04-01 0:59 ` [RFC PATCH 18/31] terraform/OCI: Use "output yaml" for the memory_in_gbs setting cel
2025-04-01 0:59 ` [RFC PATCH 19/31] terraform/OCI: Add a shape family selector cel
2025-04-01 0:59 ` [RFC PATCH 20/31] terraform/OCI: Add a bare metal shape selector cel
2025-04-01 0:59 ` [RFC PATCH 21/31] terraform/OCI: Use "output yaml" for the source image setting cel
2025-04-01 0:59 ` [RFC PATCH 22/31] terraform/OCI: Simplify image selection cel
2025-04-01 0:59 ` [RFC PATCH 23/31] terraform/OCI: Remove TERRAFORM_OCI_VOLUMES_ENABLE_EXTRA cel
2025-04-01 0:59 ` [RFC PATCH 24/31] terraform/OCI: Use "output yaml" for the assign_public_ip" setting cel
2025-04-01 0:59 ` [RFC PATCH 25/31] terraform/OCI: Use "output yaml" for the subnet_ocid setting cel
2025-04-01 0:59 ` [RFC PATCH 26/31] terraform/OCI: Add a default VCN cel
2025-04-01 0:59 ` cel [this message]
2025-04-01 0:59 ` [RFC PATCH 28/31] terraform/OCI: Run "terraform fmt" on provider.tf cel
2025-04-01 0:59 ` [RFC PATCH 29/31] terraform/OCI: Run "terraform fmt" on main.tf cel
2025-04-01 0:59 ` [RFC PATCH 30/31] terraform/OCI: Nit: alphabetize vars.tf cel
2025-04-01 1:00 ` [RFC PATCH 31/31] terraform/OCI: Update the OCI section of docs/kdevops-terraform.md cel
2025-04-02 19:21 ` [RFC PATCH 00/31] Simplify OCI configuration menu Luis Chamberlain
2025-04-02 19:24 ` Luis Chamberlain
2025-04-02 19:38 ` Chuck Lever
2025-04-02 20:08 ` Luis Chamberlain
2025-04-08 12:42 ` Chandan Babu R
2025-04-08 13:20 ` Chuck Lever
2025-04-09 4:04 ` Chandan Babu R
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250401010000.764234-28-cel@kernel.org \
--to=cel@kernel.org \
--cc=chandanbabu@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.