2.1.3 VCN & public subnet (new compartment)

Terraform only implementation

n.b: This example will be implemented under a child compartment of root compartment

Creation of new compartment

For creation of compartment, you use the Terraform resource oci identity compartment

The terraform implementation

Those that need a better understanding for what is happening in this tutorial, check my previous lesson, 2.1.2 VCN &public subnet (step-by-step in Terraform). This tutorial is focused strictly on the automation for creating VCN and its resources in a new compartment.

My new working directory contains the following files:

root@deploymentmachine:/home/terra/vcn_new_compartment# tree . 
.
├── compartment.tf
├── dhcp_opt.tf
├── int_gateway.tf
├── provider.tf
├── route.tf
├── security_list.tf
├── subnet.tf
├── variables.tf
└── vcn.tf

0 directories, 9 files

Content of variables.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more variables.tf

# provided here the root compartment 

variable "compartment_ocid" {
  default = "ocid1.tenancy.oc1..aaaaaaaahereIaddedTheOcidOfR00tCompartment"
}

#for vcn block

variable "cidrblockz" {
  type = list(string)
  default = ["10.0.0.0/16"]
}

#for subnet

variable "cidrsubnet" {
  default = "10.0.1.0/24"
}

# for ingress


variable "cidr_ingress" {
  default = "10.0.0.0/16"
}

# for security list

variable "portz" {
 default = [22,3306,33060]
}

Content of provider.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more provider.tf

provider "oci" {
  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaafaketenancyocidhahahah123234234"
  user_ocid = "ocid1.user.oc1..aaaaaaafakeuserocidhahahah12312434"
  private_key_path = "/root/.oci/oci_api_key.pem"
  fingerprint = "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
  region = "eu-frankfurt-1"
}

Content of compartment.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more compartment.tf

# using the root compartment OCID at compartment_id
# WildTestCompartment will be the root's child

resource "oci_identity_compartment" "WildTestCompartment" {
    compartment_id = var.compartment_ocid
    description = "Compartment test for VCN"
    name = "WildTestCompartment"
}

Content of vcn.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more vcn.tf

resource "oci_core_virtual_network" "WildTestVCN" {
  cidr_blocks = var.cidrblockz
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  display_name = "WildTestVCN"
  dns_label = "WildTestVCN"
}

Content of subnet.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more subnet.tf

resource "oci_core_subnet" "WildTestSubnet"{

  cidr_block = var.cidrsubnet
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id

  display_name = "WildTestSubnet"

  # security list

  security_list_ids = [oci_core_security_list.WildTestSecurityList.id]

  # route table

  route_table_id = oci_core_route_table.WildTestRouteTable.id

  # dhcp
  dhcp_options_id = oci_core_dhcp_options.WildTestDHCPOptions.id

  # dns
  dns_label = "WildTest"

}

Content of creating an internet gateway,int_gateway.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more int_gateway.tf

resource "oci_core_internet_gateway" "WildTestInternetGateway" {
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  display_name = "WildTestInternetGateway"
  vcn_id = oci_core_virtual_network.WildTestVCN.id
}

Content of creating security list, security_list.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more security_list.tf

resource "oci_core_security_list" "WildTestSecurityList" {

  compartment_id = oci_identity_compartment.WildTestCompartment.id

  display_name = "WildTestSecurityList"

  vcn_id = oci_core_virtual_network.WildTestVCN.id

  egress_security_rules {
    stateless = false
    protocol = "6"
    destination = "0.0.0.0/0"
 }

   # apply ingress tcp rules for each port
   # of variable portz

   dynamic "ingress_security_rules" {
    for_each = toset(var.portz)
      content {
        protocol = "6"
        source = "0.0.0.0/0"
        tcp_options {
           max = ingress_security_rules.value
           min = ingress_security_rules.value
       }
    }
  }



  ingress_security_rules {
    stateless = false
    protocol = "6"
    source = var.cidr_ingress
  }
}

Content of route.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more route.tf

resource "oci_core_route_table" "WildTestRouteTable" {
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id
  display_name = "WildTestRouteTable"

  route_rules {
    destination = "0.0.0.0/0"
    network_entity_id = oci_core_internet_gateway.WildTestInternetGateway.id
  }
}

Content of creating dhcp options, dhcp_opt.tf:

root@deploymentmachine:/home/tests/terra/test6# more dhcp_opt.tf
resource "oci_core_dhcp_options" "WildTestDHCPOptions" {

  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id
  display_name = "WildTestDHCPOptions"

  options {
    type = "DomainNameServer"
    server_type = "VcnLocalPlusInternet"
  }

  options {
    type = "SearchDomain"
    search_domain_names = ["wildtest.com"]
  }

 }

Proceed with the known terraform command: "terraform init" ; "terraform plan"; "terraform plan"

The "terraform apply" would show the following output:

root@deploymentmachine:/home/terra/vcn_new_compartment# terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  Enter a value: yes

oci_identity_compartment.WildTestCompartment: Creating...
oci_identity_compartment.WildTestCompartment: Still creating... [10s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [20s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [30s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [40s elapsed]
oci_identity_compartment.WildTestCompartment: Creation complete after 43s [id=ocid1.compartment.oc1..aaaaaaaaqvdbwn7ajc6bl37ggvpom4qvqtjeeqtcmorwsjhu5qbrnpgdor5a]
oci_core_virtual_network.WildTestVCN: Creating...
oci_core_virtual_network.WildTestVCN: Creation complete after 1s [id=ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaa34qs2dyaxzfotfa5jixzhoxtocxpahat6iuzhwwxsk2dn5lwtcfa]
oci_core_dhcp_options.WildTestDHCPOptions: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creating...
oci_core_security_list.WildTestSecurityList: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creation complete after 0s [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaa4einp73aif27e55jlipzktwqk3iutz4tlyd7tnphxfmyvsnur65a]
oci_core_route_table.WildTestRouteTable: Creating...
oci_core_security_list.WildTestSecurityList: Creation complete after 0s [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaaxldsobthhdwtdsv4jxej4rkedxvunsgnypvoid4g55z6drrwm62q]
oci_core_dhcp_options.WildTestDHCPOptions: Creation complete after 0s [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaa7dphusxukgrfrvcf6bex2p6nyslkpji42ooos3tkz4g5t53ew74q]
oci_core_route_table.WildTestRouteTable: Creation complete after 0s [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaa7s24oegshleoear5nw6vreachy7td4q7oirf2kl65tcgn3qfx5ma]
oci_core_subnet.WildTestSubnet: Creating...
oci_core_subnet.WildTestSubnet: Creation complete after 5s [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaallavbxwnlaijq6lymtxw7h5dgmrd6vamwjyol6mf7wkh6xthhcwq]

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

Back to the Cloud UI

And let's check in the Cloud UI:

Compartment created:

The VCN created along with its resources:

a) Public Subnet

b) Security List

c) Internet Gateway

d) DHCP Options (and DNS, but you can already notice the DNS in previous photos)

And one simple test

Let's check if we can reach a compute instance deployed in the new VCN.

The steps for creating a new compute instance in the WildTestCompartment & WildTestVCN, from UI:

Once the Instance is created and available, try to log in via ssh, by using the Public IP:

Destroy resources

Wait until the termination status of the test instance we deployed in the WildTestVCN:

... and destroy the VCN & its resources by using the "terraform destroy"

root@deploymentmachine:/home/terra/vcn_new_compartment# terraform destroy

[ ............ snip .............. ]

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

oci_core_subnet.WildTestSubnet: Destroying... [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaacgxxxxxxxxxxxxxxxxxxxxxql
zyyocfitn5rbre2sta
7l3]
oci_core_subnet.WildTestSubnet: Destruction complete after 1s
oci_core_route_table.WildTestRouteTable: Destroying... [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaagxxxxxxxxxxxxxxxxxxxxxq]
oci_core_security_list.WildTestSecurityList: Destroying... [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaccxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destroying... [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaaccoqpo7zwehfc44ogxxxxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destruction complete after 0s
oci_core_security_list.WildTestSecurityList: Destruction complete after 0s
oci_core_route_table.WildTestRouteTable: Destruction complete after 0s
oci_core_internet_gateway.WildTestInternetGateway: Destroying... [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaasdfsdf2hkrxk3367ucs3tgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_internet_gateway.WildTestInternetGateway: Destruction complete after 0s
oci_core_virtual_network.WildTestVCN: Destroying... [id=ocid1.vcn.oc1.eu-frankfurt-1.asdaagovrtjfjztyshbo2swuhjgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_virtual_network.WildTestVCN: Destruction complete after 1s
oci_identity_compartment.WildTestCompartment: Destroying... [id=ocid1.compartment.oc1..aaagxxxxxxxxxxxxxxxxxxxxxqoq5crsyqa3iw5wpf6su3ds4z3q6figk3xa5su5l2agxxxxxxxxxxxxxxxxxxxxxq

Destroy complete! Resources: 7 destroyed.
root@deploymentmachine:/home/terra/vcn_new_compartment#