2.1.3 VCN & public subnet (new compartment)
Terraform only implementation
n.b: This example will be implemented under a child compartment of root compartment
Creation of new compartment
For creation of compartment, you use the Terraform resource oci identity compartment
The terraform implementation
Those that need a better understanding for what is happening in this tutorial, check my previous lesson, 2.1.2 VCN &public subnet (step-by-step in Terraform). This tutorial is focused strictly on the automation for creating VCN and its resources in a new compartment.
My new working directory contains the following files:
root@deploymentmachine:/home/terra/vcn_new_compartment# tree .
.
├── compartment.tf
├── dhcp_opt.tf
├── int_gateway.tf
├── provider.tf
├── route.tf
├── security_list.tf
├── subnet.tf
├── variables.tf
└── vcn.tf
0 directories, 9 filesContent of variables.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more variables.tf
# provided here the root compartment
variable "compartment_ocid" {
default = "ocid1.tenancy.oc1..aaaaaaaahereIaddedTheOcidOfR00tCompartment"
}
#for vcn block
variable "cidrblockz" {
type = list(string)
default = ["10.0.0.0/16"]
}
#for subnet
variable "cidrsubnet" {
default = "10.0.1.0/24"
}
# for ingress
variable "cidr_ingress" {
default = "10.0.0.0/16"
}
# for security list
variable "portz" {
default = [22,3306,33060]
}
Content of provider.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more provider.tf
provider "oci" {
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaafaketenancyocidhahahah123234234"
user_ocid = "ocid1.user.oc1..aaaaaaafakeuserocidhahahah12312434"
private_key_path = "/root/.oci/oci_api_key.pem"
fingerprint = "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
region = "eu-frankfurt-1"
}Content of compartment.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more compartment.tf
# using the root compartment OCID at compartment_id
# WildTestCompartment will be the root's child
resource "oci_identity_compartment" "WildTestCompartment" {
compartment_id = var.compartment_ocid
description = "Compartment test for VCN"
name = "WildTestCompartment"
}Content of vcn.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more vcn.tf
resource "oci_core_virtual_network" "WildTestVCN" {
cidr_blocks = var.cidrblockz
compartment_id = oci_identity_compartment.WildTestCompartment.id
display_name = "WildTestVCN"
dns_label = "WildTestVCN"
}Content of subnet.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more subnet.tf
resource "oci_core_subnet" "WildTestSubnet"{
cidr_block = var.cidrsubnet
compartment_id = oci_identity_compartment.WildTestCompartment.id
vcn_id = oci_core_virtual_network.WildTestVCN.id
display_name = "WildTestSubnet"
# security list
security_list_ids = [oci_core_security_list.WildTestSecurityList.id]
# route table
route_table_id = oci_core_route_table.WildTestRouteTable.id
# dhcp
dhcp_options_id = oci_core_dhcp_options.WildTestDHCPOptions.id
# dns
dns_label = "WildTest"
}Content of creating an internet gateway,int_gateway.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more int_gateway.tf
resource "oci_core_internet_gateway" "WildTestInternetGateway" {
compartment_id = oci_identity_compartment.WildTestCompartment.id
display_name = "WildTestInternetGateway"
vcn_id = oci_core_virtual_network.WildTestVCN.id
}Content of creating security list, security_list.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more security_list.tf
resource "oci_core_security_list" "WildTestSecurityList" {
compartment_id = oci_identity_compartment.WildTestCompartment.id
display_name = "WildTestSecurityList"
vcn_id = oci_core_virtual_network.WildTestVCN.id
egress_security_rules {
stateless = false
protocol = "6"
destination = "0.0.0.0/0"
}
# apply ingress tcp rules for each port
# of variable portz
dynamic "ingress_security_rules" {
for_each = toset(var.portz)
content {
protocol = "6"
source = "0.0.0.0/0"
tcp_options {
max = ingress_security_rules.value
min = ingress_security_rules.value
}
}
}
ingress_security_rules {
stateless = false
protocol = "6"
source = var.cidr_ingress
}
}Content of route.tf:
root@deploymentmachine:/home/terra/vcn_new_compartment# more route.tf
resource "oci_core_route_table" "WildTestRouteTable" {
compartment_id = oci_identity_compartment.WildTestCompartment.id
vcn_id = oci_core_virtual_network.WildTestVCN.id
display_name = "WildTestRouteTable"
route_rules {
destination = "0.0.0.0/0"
network_entity_id = oci_core_internet_gateway.WildTestInternetGateway.id
}
}Content of creating dhcp options, dhcp_opt.tf:
root@deploymentmachine:/home/tests/terra/test6# more dhcp_opt.tf
resource "oci_core_dhcp_options" "WildTestDHCPOptions" {
compartment_id = oci_identity_compartment.WildTestCompartment.id
vcn_id = oci_core_virtual_network.WildTestVCN.id
display_name = "WildTestDHCPOptions"
options {
type = "DomainNameServer"
server_type = "VcnLocalPlusInternet"
}
options {
type = "SearchDomain"
search_domain_names = ["wildtest.com"]
}
}
Proceed with the known terraform command: "terraform init" ; "terraform plan"; "terraform plan"
The "terraform apply" would show the following output:
root@deploymentmachine:/home/terra/vcn_new_compartment# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Enter a value: yes
oci_identity_compartment.WildTestCompartment: Creating...
oci_identity_compartment.WildTestCompartment: Still creating... [10s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [20s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [30s elapsed]
oci_identity_compartment.WildTestCompartment: Still creating... [40s elapsed]
oci_identity_compartment.WildTestCompartment: Creation complete after 43s [id=ocid1.compartment.oc1..aaaaaaaaqvdbwn7ajc6bl37ggvpom4qvqtjeeqtcmorwsjhu5qbrnpgdor5a]
oci_core_virtual_network.WildTestVCN: Creating...
oci_core_virtual_network.WildTestVCN: Creation complete after 1s [id=ocid1.vcn.oc1.eu-frankfurt-1.amaaaaaa34qs2dyaxzfotfa5jixzhoxtocxpahat6iuzhwwxsk2dn5lwtcfa]
oci_core_dhcp_options.WildTestDHCPOptions: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creating...
oci_core_security_list.WildTestSecurityList: Creating...
oci_core_internet_gateway.WildTestInternetGateway: Creation complete after 0s [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaa4einp73aif27e55jlipzktwqk3iutz4tlyd7tnphxfmyvsnur65a]
oci_core_route_table.WildTestRouteTable: Creating...
oci_core_security_list.WildTestSecurityList: Creation complete after 0s [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaaxldsobthhdwtdsv4jxej4rkedxvunsgnypvoid4g55z6drrwm62q]
oci_core_dhcp_options.WildTestDHCPOptions: Creation complete after 0s [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaa7dphusxukgrfrvcf6bex2p6nyslkpji42ooos3tkz4g5t53ew74q]
oci_core_route_table.WildTestRouteTable: Creation complete after 0s [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaa7s24oegshleoear5nw6vreachy7td4q7oirf2kl65tcgn3qfx5ma]
oci_core_subnet.WildTestSubnet: Creating...
oci_core_subnet.WildTestSubnet: Creation complete after 5s [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaallavbxwnlaijq6lymtxw7h5dgmrd6vamwjyol6mf7wkh6xthhcwq]
Apply complete! Resources: 7 added, 0 changed, 0 destroyed.Back to the Cloud UI
And let's check in the Cloud UI:
Compartment created:
The VCN created along with its resources:
a) Public Subnet
b) Security List
c) Internet Gateway
d) DHCP Options (and DNS, but you can already notice the DNS in previous photos)
And one simple test
Let's check if we can reach a compute instance deployed in the new VCN.
The steps for creating a new compute instance in the WildTestCompartment & WildTestVCN, from UI:
Once the Instance is created and available, try to log in via ssh, by using the Public IP:
Destroy resources
Wait until the termination status of the test instance we deployed in the WildTestVCN:
... and destroy the VCN & its resources by using the "terraform destroy"
root@deploymentmachine:/home/terra/vcn_new_compartment# terraform destroy
[ ............ snip .............. ]
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
oci_core_subnet.WildTestSubnet: Destroying... [id=ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaaacgxxxxxxxxxxxxxxxxxxxxxql
zyyocfitn5rbre2sta
7l3]
oci_core_subnet.WildTestSubnet: Destruction complete after 1s
oci_core_route_table.WildTestRouteTable: Destroying... [id=ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaagxxxxxxxxxxxxxxxxxxxxxq]
oci_core_security_list.WildTestSecurityList: Destroying... [id=ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaccxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destroying... [id=ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaaccoqpo7zwehfc44ogxxxxxxxxxxxxxxxxxxxxxq]
oci_core_dhcp_options.WildTestDHCPOptions: Destruction complete after 0s
oci_core_security_list.WildTestSecurityList: Destruction complete after 0s
oci_core_route_table.WildTestRouteTable: Destruction complete after 0s
oci_core_internet_gateway.WildTestInternetGateway: Destroying... [id=ocid1.internetgateway.oc1.eu-frankfurt-1.aaaaaaaasdfsdf2hkrxk3367ucs3tgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_internet_gateway.WildTestInternetGateway: Destruction complete after 0s
oci_core_virtual_network.WildTestVCN: Destroying... [id=ocid1.vcn.oc1.eu-frankfurt-1.asdaagovrtjfjztyshbo2swuhjgxxxxxxxxxxxxxxxxxxxxxq]
oci_core_virtual_network.WildTestVCN: Destruction complete after 1s
oci_identity_compartment.WildTestCompartment: Destroying... [id=ocid1.compartment.oc1..aaagxxxxxxxxxxxxxxxxxxxxxqoq5crsyqa3iw5wpf6su3ds4z3q6figk3xa5su5l2agxxxxxxxxxxxxxxxxxxxxxq
Destroy complete! Resources: 7 destroyed.
root@deploymentmachine:/home/terra/vcn_new_compartment# Previous2.1.2 VCN & public subnet (step-by-step in Terraform)Next2.1.4 VCN, Terraform and Ansible (Nginx example)
Last updated