From: cel@kernel.org
To: <kdevops@lists.linux.dev>
Cc: Chandan Babu R <chandanbabu@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH 27/31] terraform/OCI: Add a Kconfig switch to create a VCN on the fly
Date: Mon, 31 Mar 2025 20:59:56 -0400 [thread overview]
Message-ID: <20250401010000.764234-28-cel@kernel.org> (raw)
In-Reply-To: <20250401010000.764234-1-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
Make it simpler to use OCI: create a kdevops VCN if there isn't
already a persistent VCN to use.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
playbooks/roles/gen_tfvars/defaults/main.yml | 1 +
.../templates/oci/terraform.tfvars.j2 | 3 ++
terraform/oci/kconfigs/Kconfig.network | 19 +++++++++++
terraform/oci/main.tf | 32 +++++++++++++------
terraform/oci/vars.tf | 6 ++++
5 files changed, 51 insertions(+), 10 deletions(-)
diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml
index b6caadcb7e0c..24b932974f36 100644
--- a/playbooks/roles/gen_tfvars/defaults/main.yml
+++ b/playbooks/roles/gen_tfvars/defaults/main.yml
@@ -49,6 +49,7 @@ terraform_gce_image_name: "invalid"
terraform_gce_credentials: "invalid"
terraform_oci_assign_public_ip: false
+terraform_oci_use_existing_vcn: false
terraform_openstack_cloud_name: "invalid"
terraform_openstack_instance_prefix: "invalid"
diff --git a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
index 192d72ff32a9..56402d13630b 100644
--- a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
+++ b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2
@@ -14,7 +14,10 @@ oci_instance_flex_memory_in_gbs = {{ terraform_oci_instance_flex_memory_in_gbs }
{% endif %}
oci_os_image_ocid = "{{ terraform_oci_os_image_ocid }}"
oci_assign_public_ip = {{ terraform_oci_assign_public_ip | lower }}
+oci_use_existing_vcn = {{ terraform_oci_use_existing_vcn | lower }}
+{% if terraform_oci_use_existing_vcn %}
oci_subnet_ocid = "{{ terraform_oci_subnet_ocid }}"
+{% endif %}
oci_volumes_per_instance = {{ terraform_oci_volumes_per_instance }}
oci_volumes_size = {{ terraform_oci_volumes_size }}
oci_data_volume_device_file_name = "{{ terraform_oci_data_volume_device_file_name }}"
diff --git a/terraform/oci/kconfigs/Kconfig.network b/terraform/oci/kconfigs/Kconfig.network
index 22d1e5ad3062..8130ca04de6d 100644
--- a/terraform/oci/kconfigs/Kconfig.network
+++ b/terraform/oci/kconfigs/Kconfig.network
@@ -7,6 +7,23 @@ config TERRAFORM_OCI_ASSIGN_PUBLIC_IP
assigned to each instance. Leave it unset to prevent your
instances from being accessible on the public internet.
+config TERRAFORM_OCI_USE_EXISTING_VCN
+ bool "Attach instances to an existing VCN"
+ output yaml
+ default y
+ help
+ If your tenancy administrator prefers to create and secure
+ the network resources used within a compartment, or your
+ tenancy has special networking requirements, enable this
+ option. Then enter the OCID of the existing subnet in the
+ TERRAFORM_OCI_SUBNET_OCID option below. kdevops will join
+ its compute instances to that subnet.
+
+ Disable this option if you'd like kdevops to create a
+ secure VPN and subnet automatically.
+
+if TERRAFORM_OCI_USE_EXISTING_VCN
+
config TERRAFORM_OCI_SUBNET_OCID
string "OCI Subnet OCID"
output yaml
@@ -18,3 +35,5 @@ config TERRAFORM_OCI_SUBNET_OCID
kdevops does not manage this resource. Before running
"make bringup", the subnet must already exist and your OCI
user must have permission to attach to it.
+
+endif # TERRAFORM_OCI_USE_EXISTING_VCN
diff --git a/terraform/oci/main.tf b/terraform/oci/main.tf
index 250c3b722537..20aa7c5a612b 100644
--- a/terraform/oci/main.tf
+++ b/terraform/oci/main.tf
@@ -30,7 +30,7 @@ resource "oci_core_instance" "kdevops_instance" {
create_vnic_details {
assign_public_ip = var.oci_assign_public_ip
- subnet_id = var.oci_subnet_ocid
+ subnet_id = var.oci_use_existing_vcn ? var.oci_subnet_ocid : one(oci_core_subnet.kdevops_subnet[*].id)
}
metadata = {
@@ -53,6 +53,8 @@ module "volumes" {
}
resource "oci_core_vcn" "kdevops_vcn" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
cidr_blocks = [
"10.0.0.0/16",
]
@@ -63,15 +65,19 @@ resource "oci_core_vcn" "kdevops_vcn" {
}
resource "oci_core_internet_gateway" "kdevops_internet_gateway" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops internet gateway"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
}
resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops dhcp options"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
options {
type = "DomainNameServer"
@@ -84,20 +90,24 @@ resource "oci_core_dhcp_options" "kdevops_dhcp_options" {
}
resource "oci_core_route_table" "kdevops_route_table" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops route table"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
- network_entity_id = oci_core_internet_gateway.kdevops_internet_gateway.id
+ network_entity_id = one(oci_core_internet_gateway.kdevops_internet_gateway[*].id)
}
}
resource "oci_core_security_list" "kdevops_security_list" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
display_name = "kdevops security list"
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
egress_security_rules {
description = "Allow all outbound traffic"
@@ -153,13 +163,15 @@ resource "oci_core_security_list" "kdevops_security_list" {
}
resource "oci_core_subnet" "kdevops_subnet" {
+ count = var.oci_use_existing_vcn ? 0 : 1
+
availability_domain = data.oci_identity_availability_domain.kdevops_av_domain.name
cidr_block = "10.0.0.0/24"
compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id
- dhcp_options_id = oci_core_dhcp_options.kdevops_dhcp_options.id
+ dhcp_options_id = one(oci_core_dhcp_options.kdevops_dhcp_options[*].id)
dns_label = "runners"
display_name = "kdevops subnet"
- route_table_id = oci_core_route_table.kdevops_route_table.id
- security_list_ids = ["${oci_core_security_list.kdevops_security_list.id}"]
- vcn_id = oci_core_vcn.kdevops_vcn.id
+ route_table_id = one(oci_core_route_table.kdevops_route_table[*].id)
+ security_list_ids = ["${one(oci_core_security_list.kdevops_security_list[*].id)}"]
+ vcn_id = one(oci_core_vcn.kdevops_vcn[*].id)
}
diff --git a/terraform/oci/vars.tf b/terraform/oci/vars.tf
index 7c19720bebc2..225ebdf51648 100644
--- a/terraform/oci/vars.tf
+++ b/terraform/oci/vars.tf
@@ -61,10 +61,16 @@ variable "oci_assign_public_ip" {
}
variable "oci_subnet_ocid" {
+ default = null
description = "Subnet OCID"
type = string
}
+variable "oci_use_existing_vcn" {
+ description = "Use a pre-existing VCN"
+ type = bool
+}
+
variable "oci_volumes_per_instance" {
description = "The count of additional block volumes per instance"
type = number
--
2.48.1
next prev parent reply other threads:[~2025-04-01 1:00 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 0:59 [RFC PATCH 00/31] Simplify OCI configuration menu cel
2025-04-01 0:59 ` [RFC PATCH 01/31] terraform/OCI: Remove terraform_oci_instance_display_name cel
2025-04-01 0:59 ` [RFC PATCH 02/31] terraform/OCI: One default value to rule them cel
2025-04-01 0:59 ` [RFC PATCH 03/31] terraform/OCI: Add an "Identity & Access" submenu cel
2025-04-01 0:59 ` [RFC PATCH 04/31] terraform/OCI: Add a "Resource location" submenu cel
2025-04-01 0:59 ` [RFC PATCH 05/31] terraform/OCI: Add a "Compute" Kconfig submenu cel
2025-04-01 0:59 ` [RFC PATCH 06/31] terraform/OCI: Add a "Storage" " cel
2025-04-01 0:59 ` [RFC PATCH 07/31] terraform/OCI: Add a "Networking" " cel
2025-04-01 0:59 ` [RFC PATCH 08/31] terraform/OCI: Use "output yaml" for the tenancy OCID cel
2025-04-01 0:59 ` [RFC PATCH 09/31] terraform/OCI: Use "output yaml" for the user OCID cel
2025-04-01 0:59 ` [RFC PATCH 10/31] terraform/OCI: Use "output yaml" for the signing key cel
2025-04-01 0:59 ` [RFC PATCH 11/31] terraform/OCI: Use "output yaml" for the fingerprint cel
2025-04-01 0:59 ` [RFC PATCH 12/31] terraform/OCI: Add a Region selector cel
2025-04-01 0:59 ` [RFC PATCH 13/31] terraform/OCI: Add an availability domain selector cel
2025-04-01 0:59 ` [RFC PATCH 14/31] terraform/OCI: Select your compartment by name instead of by OCID cel
2025-04-01 0:59 ` [RFC PATCH 15/31] terraform/OCI: Use "output yaml" for the instance shape setting cel
2025-04-01 0:59 ` [RFC PATCH 16/31] terraform/OCI: Add a shape selector for Flex shapes cel
2025-04-01 0:59 ` [RFC PATCH 17/31] terraform/OCI: Use "output yaml" for the OCPUs setting cel
2025-04-01 0:59 ` [RFC PATCH 18/31] terraform/OCI: Use "output yaml" for the memory_in_gbs setting cel
2025-04-01 0:59 ` [RFC PATCH 19/31] terraform/OCI: Add a shape family selector cel
2025-04-01 0:59 ` [RFC PATCH 20/31] terraform/OCI: Add a bare metal shape selector cel
2025-04-01 0:59 ` [RFC PATCH 21/31] terraform/OCI: Use "output yaml" for the source image setting cel
2025-04-01 0:59 ` [RFC PATCH 22/31] terraform/OCI: Simplify image selection cel
2025-04-01 0:59 ` [RFC PATCH 23/31] terraform/OCI: Remove TERRAFORM_OCI_VOLUMES_ENABLE_EXTRA cel
2025-04-01 0:59 ` [RFC PATCH 24/31] terraform/OCI: Use "output yaml" for the assign_public_ip" setting cel
2025-04-01 0:59 ` [RFC PATCH 25/31] terraform/OCI: Use "output yaml" for the subnet_ocid setting cel
2025-04-01 0:59 ` [RFC PATCH 26/31] terraform/OCI: Add a default VCN cel
2025-04-01 0:59 ` cel [this message]
2025-04-01 0:59 ` [RFC PATCH 28/31] terraform/OCI: Run "terraform fmt" on provider.tf cel
2025-04-01 0:59 ` [RFC PATCH 29/31] terraform/OCI: Run "terraform fmt" on main.tf cel
2025-04-01 0:59 ` [RFC PATCH 30/31] terraform/OCI: Nit: alphabetize vars.tf cel
2025-04-01 1:00 ` [RFC PATCH 31/31] terraform/OCI: Update the OCI section of docs/kdevops-terraform.md cel
2025-04-02 19:21 ` [RFC PATCH 00/31] Simplify OCI configuration menu Luis Chamberlain
2025-04-02 19:24 ` Luis Chamberlain
2025-04-02 19:38 ` Chuck Lever
2025-04-02 20:08 ` Luis Chamberlain
2025-04-08 12:42 ` Chandan Babu R
2025-04-08 13:20 ` Chuck Lever
2025-04-09 4:04 ` Chandan Babu R
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250401010000.764234-28-cel@kernel.org \
--to=cel@kernel.org \
--cc=chandanbabu@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox