Various Tutorials
  • About
  • Tutorials
    • 1. Instance for deployment
      • Create instance
      • Install and configure OCI CLI
      • OCI CLI small test
      • Install and configure Terraform
      • Terraform - small test
    • 2. OCI Networking &Terraform
      • 2.1 VCN (basics)
        • 2.1.1 Create a virtual network using Start VCN Wizard
        • 2.1.2 VCN & public subnet (step-by-step in Terraform)
        • 2.1.3 VCN & public subnet (new compartment)
        • 2.1.4 VCN, Terraform and Ansible (Nginx example)
        • 2.1.5 VCN & private subnet (step-by-step in Terraform)
      • 2.2
      • 2.3
    • 3. Untitled
    • 4. Untitled
    • 5. ATP and APEX
      • Setup Autonomous Database
        • Deploying ATP using OCI Interface
        • Deploy with OCI CLI
      • Setup APEX on ATP
      • Connect remotely to ATP
      • ATP, APEX and Jupyter
      • Demo
    • 6. MySQL
      • 6.1. The basics - OCI UI (MySQL DB System)
      • 6.2 The basics - OCI CLI (MySQL DB System)
      • 6.3 Access MySQL DB System
      • 6.4 HeatWave and MySQL DB Service
      • 6.5 Python SDK
      • 6.6 MySQL Replication (Compute Instances)
      • 6.7 Monitoring MySQL instances
        • Deploy MySQL instances
        • Monitoring tools
          • 1. Networking setup
          • 2. Prometheus setup
          • 3. MySQL Prometheus Exporter Setup
          • 4. Grafana setup
          • 5. Grafana metric graphs
    • 7. MySQL OCI &Terraform
      • 7.1 Deploy MySQL DB System with Terraform (basic tutorial)
      • 7.2 Deploy MySQL DB System with Terraform and access the system
      • 7.3 Endpoints
      • 7.4 Channels (troubleshooting)
        • Fixed MySQL source - MDS replication
      • 7.5 Channels (code)
Powered by GitBook
On this page
  • Creation of new compartment
  • The terraform implementation
  • Back to the Cloud UI
  • And one simple test
  • Destroy resources
  1. Tutorials
  2. 2. OCI Networking &Terraform
  3. 2.1 VCN (basics)

2.1.3 VCN & public subnet (new compartment)

Terraform only implementation

Previous2.1.2 VCN & public subnet (step-by-step in Terraform)Next2.1.4 VCN, Terraform and Ansible (Nginx example)

Last updated 4 years ago

n.b: This example will be implemented under a child compartment of root compartment

Creation of new compartment

For creation of compartment, you use the Terraform resource

The terraform implementation

Those that need a better understanding for what is happening in this tutorial, check my previous lesson, (step-by-step in Terraform). This tutorial is focused strictly on the automation for creating VCN and its resources in a new compartment.

My new working directory contains the following files:

root@deploymentmachine:/home/terra/vcn_new_compartment# tree . 
.
├── compartment.tf
├── dhcp_opt.tf
├── int_gateway.tf
├── provider.tf
├── route.tf
├── security_list.tf
├── subnet.tf
├── variables.tf
└── vcn.tf

0 directories, 9 files

Content of variables.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more variables.tf

# provided here the root compartment 

variable "compartment_ocid" {
  default = "ocid1.tenancy.oc1..aaaaaaaahereIaddedTheOcidOfR00tCompartment"
}

#for vcn block

variable "cidrblockz" {
  type = list(string)
  default = ["10.0.0.0/16"]
}

#for subnet

variable "cidrsubnet" {
  default = "10.0.1.0/24"
}

# for ingress


variable "cidr_ingress" {
  default = "10.0.0.0/16"
}

# for security list

variable "portz" {
 default = [22,3306,33060]
}

Content of provider.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more provider.tf

provider "oci" {
  tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaafaketenancyocidhahahah123234234"
  user_ocid = "ocid1.user.oc1..aaaaaaafakeuserocidhahahah12312434"
  private_key_path = "/root/.oci/oci_api_key.pem"
  fingerprint = "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
  region = "eu-frankfurt-1"
}

Content of compartment.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more compartment.tf

# using the root compartment OCID at compartment_id
# WildTestCompartment will be the root's child

resource "oci_identity_compartment" "WildTestCompartment" {
    compartment_id = var.compartment_ocid
    description = "Compartment test for VCN"
    name = "WildTestCompartment"
}

Content of vcn.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more vcn.tf

resource "oci_core_virtual_network" "WildTestVCN" {
  cidr_blocks = var.cidrblockz
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  display_name = "WildTestVCN"
  dns_label = "WildTestVCN"
}

Content of subnet.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more subnet.tf

resource "oci_core_subnet" "WildTestSubnet"{

  cidr_block = var.cidrsubnet
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id

  display_name = "WildTestSubnet"

  # security list

  security_list_ids = [oci_core_security_list.WildTestSecurityList.id]

  # route table

  route_table_id = oci_core_route_table.WildTestRouteTable.id

  # dhcp
  dhcp_options_id = oci_core_dhcp_options.WildTestDHCPOptions.id

  # dns
  dns_label = "WildTest"

}

Content of creating an internet gateway,int_gateway.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more int_gateway.tf

resource "oci_core_internet_gateway" "WildTestInternetGateway" {
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  display_name = "WildTestInternetGateway"
  vcn_id = oci_core_virtual_network.WildTestVCN.id
}

Content of creating security list, security_list.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more security_list.tf

resource "oci_core_security_list" "WildTestSecurityList" {

  compartment_id = oci_identity_compartment.WildTestCompartment.id

  display_name = "WildTestSecurityList"

  vcn_id = oci_core_virtual_network.WildTestVCN.id

  egress_security_rules {
    stateless = false
    protocol = "6"
    destination = "0.0.0.0/0"
 }

   # apply ingress tcp rules for each port
   # of variable portz

   dynamic "ingress_security_rules" {
    for_each = toset(var.portz)
      content {
        protocol = "6"
        source = "0.0.0.0/0"
        tcp_options {
           max = ingress_security_rules.value
           min = ingress_security_rules.value
       }
    }
  }



  ingress_security_rules {
    stateless = false
    protocol = "6"
    source = var.cidr_ingress
  }
}

Content of route.tf:

root@deploymentmachine:/home/terra/vcn_new_compartment# more route.tf

resource "oci_core_route_table" "WildTestRouteTable" {
  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id
  display_name = "WildTestRouteTable"

  route_rules {
    destination = "0.0.0.0/0"
    network_entity_id = oci_core_internet_gateway.WildTestInternetGateway.id
  }
}

Content of creating dhcp options, dhcp_opt.tf:

root@deploymentmachine:/home/tests/terra/test6# more dhcp_opt.tf
resource "oci_core_dhcp_options" "WildTestDHCPOptions" {

  compartment_id = oci_identity_compartment.WildTestCompartment.id
  vcn_id = oci_core_virtual_network.WildTestVCN.id
  display_name = "WildTestDHCPOptions"

  options {
    type = "DomainNameServer"
    server_type = "VcnLocalPlusInternet"
  }

  options {
    type = "SearchDomain"
    search_domain_names = ["wildtest.com"]
  }

 }

Proceed with the known terraform command: "terraform init" ; "terraform plan"; "terraform plan"

The "terraform apply" would show the following output:

root@deploymentmachine:/home/terra/vcn_new_compartment# terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  Enter a value: yes

oci_identity_compartment.WildTestCompartment: Creating...
oci_identity_compartment.WildTestCompartment: Still creating... [10s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [20s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [30s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [40s elapsed]
oci_identity_compartment.WildTestCompartment: Creation complete after 43s [id=ocid1.compartment.oc1..aaaaaaaaqvdbwn7ajc6bl37ggvpom4qvqtjeeqtcmorwsjhu5qbrnpgdor5a]
oci_core_virtual_network.WildTestVCN: Creating...
oci_core_virtual_network.WildTestVCN: Creation complete after 1s [id=ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaa34qs2dyaxzfotfa5jixzhoxtocxpahat6iuzhwwxsk2dn5lwtcfa]
oci_core_dhcp_options.WildTestDHCPOptions: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creating...
oci_core_security_list.WildTestSecurityList: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creation complete after 0s [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaa4einp73aif27e55jlipzktwqk3iutz4tlyd7tnphxfmyvsnur65a]
oci_core_route_table.WildTestRouteTable: Creating...
oci_core_security_list.WildTestSecurityList: Creation complete after 0s [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaaxldsobthhdwtdsv4jxej4rkedxvunsgnypvoid4g55z6drrwm62q]
oci_core_dhcp_options.WildTestDHCPOptions: Creation complete after 0s [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaa7dphusxukgrfrvcf6bex2p6nyslkpji42ooos3tkz4g5t53ew74q]
oci_core_route_table.WildTestRouteTable: Creation complete after 0s [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaa7s24oegshleoear5nw6vreachy7td4q7oirf2kl65tcgn3qfx5ma]
oci_core_subnet.WildTestSubnet: Creating...
oci_core_subnet.WildTestSubnet: Creation complete after 5s [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaallavbxwnlaijq6lymtxw7h5dgmrd6vamwjyol6mf7wkh6xthhcwq]

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

Back to the Cloud UI

And let's check in the Cloud UI:

Compartment created:

The VCN created along with its resources:

a) Public Subnet

b) Security List

c) Internet Gateway

d) DHCP Options (and DNS, but you can already notice the DNS in previous photos)

And one simple test

Let's check if we can reach a compute instance deployed in the new VCN.

The steps for creating a new compute instance in the WildTestCompartment & WildTestVCN, from UI:

Once the Instance is created and available, try to log in via ssh, by using the Public IP:

Destroy resources

Wait until the termination status of the test instance we deployed in the WildTestVCN:

... and destroy the VCN & its resources by using the "terraform destroy"

root@deploymentmachine:/home/terra/vcn_new_compartment# terraform destroy

[ ............ snip .............. ]

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

oci_core_subnet.WildTestSubnet: Destroying... [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaacgxxxxxxxxxxxxxxxxxxxxxql
zyyocfitn5rbre2sta
7l3]
oci_core_subnet.WildTestSubnet: Destruction complete after 1s
oci_core_route_table.WildTestRouteTable: Destroying... [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaagxxxxxxxxxxxxxxxxxxxxxq]
oci_core_security_list.WildTestSecurityList: Destroying... [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaccxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destroying... [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaaccoqpo7zwehfc44ogxxxxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destruction complete after 0s
oci_core_security_list.WildTestSecurityList: Destruction complete after 0s
oci_core_route_table.WildTestRouteTable: Destruction complete after 0s
oci_core_internet_gateway.WildTestInternetGateway: Destroying... [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaasdfsdf2hkrxk3367ucs3tgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_internet_gateway.WildTestInternetGateway: Destruction complete after 0s
oci_core_virtual_network.WildTestVCN: Destroying... [id=ocid1.vcn.oc1.eu-frankfurt-1.asdaagovrtjfjztyshbo2swuhjgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_virtual_network.WildTestVCN: Destruction complete after 1s
oci_identity_compartment.WildTestCompartment: Destroying... [id=ocid1.compartment.oc1..aaagxxxxxxxxxxxxxxxxxxxxxqoq5crsyqa3iw5wpf6su3ds4z3q6figk3xa5su5l2agxxxxxxxxxxxxxxxxxxxxxq

Destroy complete! Resources: 7 destroyed.
root@deploymentmachine:/home/terra/vcn_new_compartment#

oci identity compartment
2.1.2 VCN &public subnet