From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3282D22612 for ; Tue, 1 Apr 2025 01:00:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743469224; cv=none; b=lTT/QtqJmPOsBodeIDlCI7894mqHFNAneuUVfG96foVri1wou3l6Utookaix4Now8VVotLeA12GYQGW2S6h8otuF0lCL/mFxOHrgau/QqQO0WVozewN5KU80V+fIajdpyfbeGj9GYJLVhMbVXsU42uKNxw1NC9gFIByFgbEKg3A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743469224; c=relaxed/simple; bh=vV8YY/4BT5TjDKF8laF5R0FXfEfqcdWtmRq1klkE8BE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=N79A8DyrX725gRQcKnIR+xHTtr0NqfM77buxX8XOunzGe5JvVTjFENfE2W14COH2sTju5Qzed7PiR3HyyC7+RFXo2TdLT/Ixj9odIw7WSVdjCbqwdVYcsMeqzsZbGh4JM30/8mL03slaiZ0Q99TXvW00vK8/B7V9BPjL8ANvPU0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FnvsWj6S; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FnvsWj6S" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57E20C4CEEB; Tue, 1 Apr 2025 01:00:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743469223; bh=vV8YY/4BT5TjDKF8laF5R0FXfEfqcdWtmRq1klkE8BE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FnvsWj6SsgCE1ZqyeWeaDAyNmkzTcZVbcZ90ZP7gyZxW+nHcr7y7fl9iM0OjU27Fc 1BHrlbcRB0E2N/iboxgArV4g/PaUjojN5BXXDg0KV8AddLGxNkb7Ye8r5qS0auDgdZ SjUJi6tH5V640UHpLhxhjQjaT6PGg+j6V3OUSYCznsdGQkjkKa4f5G/Iuxl9jaMRXm IaeCm//Eh12hvNXn5BhHNiVkUUhGdTxJoByZpN/MaOOuyEt7Tj8dI32J6HvnOyhycm 0yOFTFFLwdfz8bZM0Peaw1XQD1e3zffq5PgaxsDcIeaKcLM5Ib/whkwFzUb8le3Egq 2H0hLOE4imgkg== From: cel@kernel.org To: Cc: Chandan Babu R , Chuck Lever Subject: [RFC PATCH 27/31] terraform/OCI: Add a Kconfig switch to create a VCN on the fly Date: Mon, 31 Mar 2025 20:59:56 -0400 Message-ID: <20250401010000.764234-28-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250401010000.764234-1-cel@kernel.org> References: <20250401010000.764234-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Chuck Lever Make it simpler to use OCI: create a kdevops VCN if there isn't already a persistent VCN to use. Signed-off-by: Chuck Lever --- playbooks/roles/gen_tfvars/defaults/main.yml | 1 + .../templates/oci/terraform.tfvars.j2 | 3 ++ terraform/oci/kconfigs/Kconfig.network | 19 +++++++++++ terraform/oci/main.tf | 32 +++++++++++++------ terraform/oci/vars.tf | 6 ++++ 5 files changed, 51 insertions(+), 10 deletions(-) diff --git a/playbooks/roles/gen_tfvars/defaults/main.yml b/playbooks/roles/gen_tfvars/defaults/main.yml index b6caadcb7e0c..24b932974f36 100644 --- a/playbooks/roles/gen_tfvars/defaults/main.yml +++ b/playbooks/roles/gen_tfvars/defaults/main.yml @@ -49,6 +49,7 @@ terraform_gce_image_name: "invalid" terraform_gce_credentials: "invalid" terraform_oci_assign_public_ip: false +terraform_oci_use_existing_vcn: false terraform_openstack_cloud_name: "invalid" terraform_openstack_instance_prefix: "invalid" diff --git a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 index 192d72ff32a9..56402d13630b 100644 --- a/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 +++ b/playbooks/roles/gen_tfvars/templates/oci/terraform.tfvars.j2 @@ -14,7 +14,10 @@ oci_instance_flex_memory_in_gbs = {{ terraform_oci_instance_flex_memory_in_gbs } {% endif %} oci_os_image_ocid = "{{ terraform_oci_os_image_ocid }}" oci_assign_public_ip = {{ terraform_oci_assign_public_ip | lower }} +oci_use_existing_vcn = {{ terraform_oci_use_existing_vcn | lower }} +{% if terraform_oci_use_existing_vcn %} oci_subnet_ocid = "{{ terraform_oci_subnet_ocid }}" +{% endif %} oci_volumes_per_instance = {{ terraform_oci_volumes_per_instance }} oci_volumes_size = {{ terraform_oci_volumes_size }} oci_data_volume_device_file_name = "{{ terraform_oci_data_volume_device_file_name }}" diff --git a/terraform/oci/kconfigs/Kconfig.network b/terraform/oci/kconfigs/Kconfig.network index 22d1e5ad3062..8130ca04de6d 100644 --- a/terraform/oci/kconfigs/Kconfig.network +++ b/terraform/oci/kconfigs/Kconfig.network @@ -7,6 +7,23 @@ config TERRAFORM_OCI_ASSIGN_PUBLIC_IP assigned to each instance. Leave it unset to prevent your instances from being accessible on the public internet. +config TERRAFORM_OCI_USE_EXISTING_VCN + bool "Attach instances to an existing VCN" + output yaml + default y + help + If your tenancy administrator prefers to create and secure + the network resources used within a compartment, or your + tenancy has special networking requirements, enable this + option. Then enter the OCID of the existing subnet in the + TERRAFORM_OCI_SUBNET_OCID option below. kdevops will join + its compute instances to that subnet. + + Disable this option if you'd like kdevops to create a + secure VPN and subnet automatically. + +if TERRAFORM_OCI_USE_EXISTING_VCN + config TERRAFORM_OCI_SUBNET_OCID string "OCI Subnet OCID" output yaml @@ -18,3 +35,5 @@ config TERRAFORM_OCI_SUBNET_OCID kdevops does not manage this resource. Before running "make bringup", the subnet must already exist and your OCI user must have permission to attach to it. + +endif # TERRAFORM_OCI_USE_EXISTING_VCN diff --git a/terraform/oci/main.tf b/terraform/oci/main.tf index 250c3b722537..20aa7c5a612b 100644 --- a/terraform/oci/main.tf +++ b/terraform/oci/main.tf @@ -30,7 +30,7 @@ resource "oci_core_instance" "kdevops_instance" { create_vnic_details { assign_public_ip = var.oci_assign_public_ip - subnet_id = var.oci_subnet_ocid + subnet_id = var.oci_use_existing_vcn ? var.oci_subnet_ocid : one(oci_core_subnet.kdevops_subnet[*].id) } metadata = { @@ -53,6 +53,8 @@ module "volumes" { } resource "oci_core_vcn" "kdevops_vcn" { + count = var.oci_use_existing_vcn ? 0 : 1 + cidr_blocks = [ "10.0.0.0/16", ] @@ -63,15 +65,19 @@ resource "oci_core_vcn" "kdevops_vcn" { } resource "oci_core_internet_gateway" "kdevops_internet_gateway" { + count = var.oci_use_existing_vcn ? 0 : 1 + compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id display_name = "kdevops internet gateway" - vcn_id = oci_core_vcn.kdevops_vcn.id + vcn_id = one(oci_core_vcn.kdevops_vcn[*].id) } resource "oci_core_dhcp_options" "kdevops_dhcp_options" { + count = var.oci_use_existing_vcn ? 0 : 1 + compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id display_name = "kdevops dhcp options" - vcn_id = oci_core_vcn.kdevops_vcn.id + vcn_id = one(oci_core_vcn.kdevops_vcn[*].id) options { type = "DomainNameServer" @@ -84,20 +90,24 @@ resource "oci_core_dhcp_options" "kdevops_dhcp_options" { } resource "oci_core_route_table" "kdevops_route_table" { + count = var.oci_use_existing_vcn ? 0 : 1 + compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id display_name = "kdevops route table" - vcn_id = oci_core_vcn.kdevops_vcn.id + vcn_id = one(oci_core_vcn.kdevops_vcn[*].id) route_rules { destination = "0.0.0.0/0" destination_type = "CIDR_BLOCK" - network_entity_id = oci_core_internet_gateway.kdevops_internet_gateway.id + network_entity_id = one(oci_core_internet_gateway.kdevops_internet_gateway[*].id) } } resource "oci_core_security_list" "kdevops_security_list" { + count = var.oci_use_existing_vcn ? 0 : 1 + compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id display_name = "kdevops security list" - vcn_id = oci_core_vcn.kdevops_vcn.id + vcn_id = one(oci_core_vcn.kdevops_vcn[*].id) egress_security_rules { description = "Allow all outbound traffic" @@ -153,13 +163,15 @@ resource "oci_core_security_list" "kdevops_security_list" { } resource "oci_core_subnet" "kdevops_subnet" { + count = var.oci_use_existing_vcn ? 0 : 1 + availability_domain = data.oci_identity_availability_domain.kdevops_av_domain.name cidr_block = "10.0.0.0/24" compartment_id = data.oci_identity_compartments.kdevops_compartment.compartments[0].id - dhcp_options_id = oci_core_dhcp_options.kdevops_dhcp_options.id + dhcp_options_id = one(oci_core_dhcp_options.kdevops_dhcp_options[*].id) dns_label = "runners" display_name = "kdevops subnet" - route_table_id = oci_core_route_table.kdevops_route_table.id - security_list_ids = ["${oci_core_security_list.kdevops_security_list.id}"] - vcn_id = oci_core_vcn.kdevops_vcn.id + route_table_id = one(oci_core_route_table.kdevops_route_table[*].id) + security_list_ids = ["${one(oci_core_security_list.kdevops_security_list[*].id)}"] + vcn_id = one(oci_core_vcn.kdevops_vcn[*].id) } diff --git a/terraform/oci/vars.tf b/terraform/oci/vars.tf index 7c19720bebc2..225ebdf51648 100644 --- a/terraform/oci/vars.tf +++ b/terraform/oci/vars.tf @@ -61,10 +61,16 @@ variable "oci_assign_public_ip" { } variable "oci_subnet_ocid" { + default = null description = "Subnet OCID" type = string } +variable "oci_use_existing_vcn" { + description = "Use a pre-existing VCN" + type = bool +} + variable "oci_volumes_per_instance" { description = "The count of additional block volumes per instance" type = number -- 2.48.1