diff --git a/cloud-foundation/modules/cloud-foundation-library/database/adw/main.tf b/cloud-foundation/modules/cloud-foundation-library/database/adw/main.tf new file mode 100644 index 0000000..f2fe9a0 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/database/adw/main.tf @@ -0,0 +1,30 @@ +# # Copyright © 2021, Oracle and/or its affiliates. +# # All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +resource "oci_database_autonomous_database" "adw" { + for_each = { + for k,v in var.adw_params : k => v if v.compartment_id != "" + } + admin_password = each.value.database_admin_password + compartment_id = each.value.compartment_id + cpu_core_count = each.value.adw_cpu_core_count + data_storage_size_in_tbs = each.value.adw_size_in_tbs + db_name = each.value.adw_db_name + display_name = each.value.adw_db_name + db_workload = each.value.adw_db_workload + db_version = each.value.adw_db_version + is_auto_scaling_enabled = each.value.adw_enable_auto_scaling + is_free_tier = each.value.adw_is_free_tier + license_model = each.value.adw_license_model + # subnet_id = each.value.subnet_id + # nsg_ids = each.value.nsg_ids + defined_tags = each.value.defined_tags +} + +resource "oci_database_autonomous_database_wallet" "autonomous_data_warehouse_wallet" { + for_each = var.adw_params + autonomous_database_id = oci_database_autonomous_database.adw[each.key].id + password = each.value.database_wallet_password + base64_encode_content = true +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/database/adw/outputs.tf b/cloud-foundation/modules/cloud-foundation-library/database/adw/outputs.tf new file mode 100644 index 0000000..98ffdff --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/database/adw/outputs.tf @@ -0,0 +1,6 @@ +# # Copyright © 2021, Oracle and/or its affiliates. +# # All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "ADW_Service_Console_URL" { + value = join(", ", [for x in oci_database_autonomous_database.adw : x.service_console_url]) +} diff --git a/cloud-foundation/modules/cloud-foundation-library/database/adw/variables.tf b/cloud-foundation/modules/cloud-foundation-library/database/adw/variables.tf new file mode 100644 index 0000000..ac1848f --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/database/adw/variables.tf @@ -0,0 +1,27 @@ +# # Copyright © 2021, Oracle and/or its affiliates. +# # All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "adw_params" { + type = map(object({ + compartment_id = string + adw_cpu_core_count = number + adw_size_in_tbs = number + adw_db_name = string + adw_db_workload = string + adw_db_version = string + adw_enable_auto_scaling = bool + adw_is_free_tier = bool + adw_license_model = string + database_admin_password = string + database_wallet_password = string + # subnet_id = string + # nsg_ids = list(string) + defined_tags = map(string) + })) +} + + + + + + \ No newline at end of file diff --git a/cloud-foundation/modules/cloud-foundation-library/datacatalog/main.tf b/cloud-foundation/modules/cloud-foundation-library/datacatalog/main.tf new file mode 100644 index 0000000..fcad9ff --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/datacatalog/main.tf @@ -0,0 +1,12 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +resource "oci_datacatalog_catalog" "this" { + for_each = { + for k,v in var.datacatalog_params : k => v if v.compartment_id != "" + } + compartment_id = each.value.compartment_id + display_name = each.value.catalog_display_name + defined_tags = each.value.defined_tags +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/datacatalog/outputs.tf b/cloud-foundation/modules/cloud-foundation-library/datacatalog/outputs.tf new file mode 100644 index 0000000..4dea57e --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/datacatalog/outputs.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "datacatalog" { + value = { + for datacatalog in oci_datacatalog_catalog.this: + datacatalog.display_name => datacatalog.display_name + } +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/datacatalog/variables.tf b/cloud-foundation/modules/cloud-foundation-library/datacatalog/variables.tf new file mode 100644 index 0000000..b4d39fb --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/datacatalog/variables.tf @@ -0,0 +1,10 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "datacatalog_params" { + type = map(object({ + compartment_id = string + catalog_display_name = string + defined_tags = map(string) + })) +} diff --git a/cloud-foundation/modules/cloud-foundation-library/oac/main.tf b/cloud-foundation/modules/cloud-foundation-library/oac/main.tf new file mode 100644 index 0000000..f52cdae --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/oac/main.tf @@ -0,0 +1,37 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +resource "oci_analytics_analytics_instance" "oac" { + for_each = { + for k,v in var.oac_params : k => v if v.compartment_id != "" + } + compartment_id = each.value.compartment_id + feature_set = each.value.analytics_instance_feature_set + license_type = each.value.analytics_instance_license_type + name = each.value.analytics_instance_hostname + description = "Oracle Analytics Cloud" + idcs_access_token = each.value.analytics_instance_idcs_access_token + #Optional + defined_tags = each.value.defined_tags + network_endpoint_details { + #Required + network_endpoint_type = each.value.analytics_instance_network_endpoint_details_network_endpoint_type + + #Optional + subnet_id = each.value.subnet_id + vcn_id = each.value.vcn_id + whitelisted_ips = each.value.analytics_instance_network_endpoint_details_whitelisted_ips + + whitelisted_vcns { + #Optional + id = each.value.analytics_instance_network_endpoint_details_whitelisted_vcns_id + whitelisted_ips = each.value.whitelisted_ips + } + } + capacity { + capacity_type = each.value.analytics_instance_capacity_capacity_type + capacity_value = each.value.analytics_instance_capacity_value + } +} + + diff --git a/cloud-foundation/modules/cloud-foundation-library/oac/outputs.tf b/cloud-foundation/modules/cloud-foundation-library/oac/outputs.tf new file mode 100644 index 0000000..ce235d9 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/oac/outputs.tf @@ -0,0 +1,7 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "Analytics_URL" { + value = join(", ", [for x in oci_analytics_analytics_instance.oac : x.service_url]) +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/oac/variables.tf b/cloud-foundation/modules/cloud-foundation-library/oac/variables.tf new file mode 100644 index 0000000..52f14f2 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/oac/variables.tf @@ -0,0 +1,22 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "oac_params" { + type = map(object({ + compartment_id = string + analytics_instance_feature_set = string + analytics_instance_license_type = string + analytics_instance_hostname = string + analytics_instance_idcs_access_token = string + analytics_instance_capacity_capacity_type = string + analytics_instance_capacity_value = number + defined_tags = map(string) + analytics_instance_network_endpoint_details_network_endpoint_type = string + subnet_id = string + vcn_id = string + analytics_instance_network_endpoint_details_whitelisted_ips = list(string) + analytics_instance_network_endpoint_details_whitelisted_vcns_id = string + whitelisted_ips = list(string) + })) +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/object-storage/main.tf b/cloud-foundation/modules/cloud-foundation-library/object-storage/main.tf new file mode 100644 index 0000000..5da8e9e --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/object-storage/main.tf @@ -0,0 +1,19 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +data "oci_objectstorage_namespace" "os" { + compartment_id = var.tenancy_ocid +} + +resource "oci_objectstorage_bucket" "os" { + for_each = { + for k,v in var.bucket_params : k => v if v.compartment_id != "" + } + compartment_id = each.value.compartment_id + name = each.value.name + namespace = data.oci_objectstorage_namespace.os.namespace + access_type = each.value.access_type + storage_tier = each.value.storage_tier + object_events_enabled = each.value.events_enabled + defined_tags = each.value.defined_tags +} diff --git a/cloud-foundation/modules/cloud-foundation-library/object-storage/outputs.tf b/cloud-foundation/modules/cloud-foundation-library/object-storage/outputs.tf new file mode 100644 index 0000000..2c08bbf --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/object-storage/outputs.tf @@ -0,0 +1,9 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "buckets" { + value = { + for bucket in oci_objectstorage_bucket.os: + bucket.name => bucket.access_type + } +} diff --git a/cloud-foundation/modules/cloud-foundation-library/object-storage/variables.tf b/cloud-foundation/modules/cloud-foundation-library/object-storage/variables.tf new file mode 100644 index 0000000..ec0afbf --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/object-storage/variables.tf @@ -0,0 +1,18 @@ +// Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. +// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "tenancy_ocid" { + type = string +} + +variable "bucket_params" { + type = map(object({ + compartment_id = string + name = string + access_type = string + storage_tier = string + events_enabled = bool + defined_tags = map(string) + })) +} + diff --git a/cloud-foundation/modules/cloud-foundation-library/odi/main.tf b/cloud-foundation/modules/cloud-foundation-library/odi/main.tf new file mode 100644 index 0000000..2ceb5b2 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/odi/main.tf @@ -0,0 +1,26 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + + resource "oci_dataintegration_workspace" "this" { + for_each = { + for k,v in var.odi_params : k => v if v.compartment_id != "" + } + #Required + compartment_id = each.value.compartment_id + display_name = each.value.display_name + + #Optional + defined_tags = each.value.defined_tags + description = each.value.description + # dns_server_ip = var.workspace_dns_server_ip + # dns_server_zone = var.workspace_dns_server_zone + # freeform_tags = each.value.freeform_tags + # is_private_network_enabled = each.value.is_private_network_enabled + is_private_network_enabled = false + # subnet_id = each.value.subnet_id + # vcn_id = each.value.vcn_id +} + + + + diff --git a/cloud-foundation/modules/cloud-foundation-library/odi/outputs.tf b/cloud-foundation/modules/cloud-foundation-library/odi/outputs.tf new file mode 100644 index 0000000..efc44d5 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/odi/outputs.tf @@ -0,0 +1,9 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "odi" { + value = { + for odi in oci_dataintegration_workspace.this: + odi.display_name => odi.display_name + } +} \ No newline at end of file diff --git a/cloud-foundation/modules/cloud-foundation-library/odi/variables.tf b/cloud-foundation/modules/cloud-foundation-library/odi/variables.tf new file mode 100644 index 0000000..9b3abb1 --- /dev/null +++ b/cloud-foundation/modules/cloud-foundation-library/odi/variables.tf @@ -0,0 +1,15 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "odi_params" { + type = map(object({ + compartment_id = string + display_name = string + description = string + # is_private_network_enabled = bool + # subnet_id = string + # vcn_id = string + defined_tags = map(string) + })) +} + diff --git a/cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic/main.tf b/cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic/main.tf index 902ebce..35c64ce 100644 --- a/cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic/main.tf +++ b/cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic/main.tf @@ -79,7 +79,7 @@ resource "oci_core_drg_attachment" "these" { ### Subnets resource "oci_core_subnet" "these" { - for_each = {for subnet in local.subnets : "${subnet.display_name}" => subnet if subnet.cidr != ""} + for_each = {for subnet in local.subnets : subnet.display_name => subnet if subnet.cidr != ""} display_name = each.value.display_name vcn_id = each.value.vcn_name != "" ? oci_core_vcn.these[each.value.vcn_name].id : each.value.vcn_id availability_domain = each.value.availability_domain diff --git a/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Full-Solution.zip b/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Full-Solution.zip new file mode 100644 index 0000000..45728a3 Binary files /dev/null and b/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Full-Solution.zip differ diff --git a/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Small-Footprint-Solution.zip b/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Small-Footprint-Solution.zip new file mode 100644 index 0000000..f817c59 Binary files /dev/null and b/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Small-Footprint-Solution.zip differ diff --git a/cloud-foundation/solutions-for-oracle-res-mgr/README.md b/cloud-foundation/solutions-for-oracle-res-mgr/README.md new file mode 100644 index 0000000..ed76f4f --- /dev/null +++ b/cloud-foundation/solutions-for-oracle-res-mgr/README.md @@ -0,0 +1,6 @@ +# Oracle Cloud Foundation Terraform Solution - Departmental data warehousing - business domain analytics + + +## Overview +This is the folder for the Oracle OCI Console Resource Manager files. +They will be automatically generated when something in the modules and/or solutions folders changes. \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/.gitignore b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/.gitignore new file mode 100644 index 0000000..bb8c378 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/.gitignore @@ -0,0 +1,3 @@ +.terraform +*tfstate* +*.pem \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/CONTRIBUTING.md b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/CONTRIBUTING.md new file mode 100644 index 0000000..7fd10e9 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/CONTRIBUTING.md @@ -0,0 +1,33 @@ + +# Contributing to Oracle Cloud Foundation Terraform Framework + +## Contributing to Oracle Cloud Foundation Terraform Framework + +Oracle welcomes contributions to this repository from anyone. + +If you want to submit a pull request to fix a bug or enhance an existing +feature, please first open an issue and link to that issue when you +submit your pull request. + +If you have any questions about a possible submission, feel free to open +an issue too. + +## Pull request process + +1. Fork this repository +1. Create a branch in your fork to implement the changes. We recommend using +the issue number as part of your branch name, e.g. `1234-fixes` +1. Ensure that there is at least one test that would fail without the fix and +passes post fix +1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly +what your changes are meant to do and provide simple steps on how to validate +your changes, ideally referencing the test. Ensure that you reference the issue +you created as well. We will assign the pull request to 1-2 people for review +before it is submitted internally and the PR is closed. \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/LICENSE b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/LICENSE new file mode 100644 index 0000000..74bc471 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/LICENSE @@ -0,0 +1,27 @@ +Copyright © 2021 Oracle and/or its affiliates. All rights reserved. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/README.md b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/README.md new file mode 100644 index 0000000..401cc71 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/README.md @@ -0,0 +1,530 @@ +# Oracle Cloud Foundation Terraform Solution - Departmental data warehousing - business domain analytics + +## Table of Contents +1. [Overview](#overview) +1. [Deliverables](#deliverables) +1. [Architecture](#Architecture-Diagram) +1. [Executing Instructions](#instructions) + 1. [Deploy Using Oracle Resource Manager](#Deploy-Using-Oracle-Resource-Manager) + 1. [Deploy Using the Terraform CLI](#Deploy-Using-the-Terraform-CLI) +1. [Documentation](#documentation) +1. [The Team](#team) +1. [Feedback](#feedback) +1. [Known Issues](#known-issues) +1. [Contribute](#CONTRIBUTING.md) + + +## Overview +This architecture uses Oracle Autonomous Data Warehouse to load and optimize data from multiple flat-file sources into a centralized data warehouse and then uses Oracle Analytics Cloud to analyze the data to provide actionable insights. + +For details of the architecture, see [_Departmental data warehousing - business domain analytics_](https://docs.oracle.com/en/solutions/oci-spreadsheet-analysis/index.html) + +## Deliverables + This repository encloses one deliverable: + +- A reference implementation written in Terraform HCL (Hashicorp Language) that provisions fully functional resources in an OCI tenancy. + +## Architecture-Diagram +The diagram below shows services that are deployed: + +![](https://docs.oracle.com/en/solutions/oci-spreadsheet-analysis/img/analysis-spreadsheets-architecture.png) + + +## Executing Instructions + +## Prerequisites + +- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `autonomous-database-family`. +- Quota to create the following resources: 1 ADW database instance and 1 Oracle Analytics Cloud (OAC) instance. +If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). + +# Deploy Using Oracle Resource Manager + +1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://raw.githubusercontent.com/oracle-devrel/terraform-oci-oracle-cloud-foundation/develop/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Full-Solution.zip) + + If you aren't already signed in, when prompted, enter the tenancy and user credentials. + +2. Review and accept the terms and conditions. +3. Select the region where you want to deploy the stack. +4. Follow the on-screen prompts and instructions to create the stack. +5. After creating the stack, click **Terraform Actions**, and select **Plan**. +6. Wait for the job to be completed, and review the plan. + To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. +7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. + + +# Deploy Using the Terraform CLI + +## Clone the Module +Now, you'll want a local copy of this repo. You can make that with the commands: + + git clone https://github.com/oracle-devrel/terraform-oci-oracle-cloud-foundation.git + cd terraform-oci-oracle-cloud-foundation/cloud-foundation/solutions/Departmental-DWH-Full-Solution + ls + +## Deployment + +- Follow the instructions from Prerequisites links in order to install terraform. +- Download the terraform version suitable for your operating system. +- Unzip the archive. +- Add the executable to the PATH. +- You will have to generate an API signing key (public/private keys) and the public key should be uploaded in the OCI console, for the iam user that will be used to create the resources. Also, you should make sure that this user has enough permissions to create resources in OCI. In order to generate the API Signing key, follow the steps from: https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#How + The API signing key will generate a fingerprint in the OCI console, and that fingerprint will be used in a terraform file described below. +- You will also need to generate an OpenSSH public key pair. Please store those keys in a place accessible like your user home .ssh directory. + +## Prerequisites + +- Install Terraform v0.13 or greater: https://www.terraform.io/downloads.html +- Install Python 3.6: https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-centos-7 +- Generate an OCI API Key +- Create your config under \$home*directory/.oci/config (run \_oci setup config* and follow the steps) +- Gather Tenancy related variables (tenancy_id, user_id, local path to the oci_api_key private key, fingerprint of the oci_api_key_public key, and region) + +### Installing Terraform + +Go to [terraform.io](https://www.terraform.io/downloads.html) and download the proper package for your operating system and architecture. Terraform is distributed as a single binary. +Install Terraform by unzipping it and moving it to a directory included in your system's PATH. You will need the latest version available. + +### Prepare Terraform Provider Values + +**variables.tf** is located in the root directory. This file is used in order to be able to make API calls in OCI, hence it will be needed by all terraform automations. + +In order to populate the **variables.tf** file, you will need the following: + +- Tenancy OCID +- User OCID +- Local Path to your private oci api key +- Fingerprint of your public oci api key +- Region + +#### **Getting the Tenancy and User OCIDs** + +You will have to login to the [console](https://console.us-ashburn-1.oraclecloud.com) using your credentials (tenancy name, user name and password). If you do not know those, you will have to contact a tenancy administrator. + +In order to obtain the tenancy ocid, after logging in, from the menu, select Administration -> Tenancy Details. The tenancy OCID, will be found under Tenancy information and it will be similar to **ocid1.tenancy.oc1..aaa…** + +In order to get the user ocid, after logging in, from the menu, select Identity -> Users. Find your user and click on it (you will need to have this page open for uploading the oci_api_public_key). From this page, you can get the user OCID which will be similar to **ocid1.user.oc1..aaaa…** + +#### **Creating the OCI API Key Pair and Upload it to your user page** + +Create an oci_api_key pair in order to authenticate to oci as specified in the [documentation](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#How): + +Create the .oci directory in the home of the current user + +`$ mkdir ~/.oci` + +Generate the oci api private key + +`$ openssl genrsa -out ~/.oci/oci_api_key.pem 2048` + +Make sure only the current user can access this key + +`$ chmod go-rwx ~/.oci/oci_api_key.pem` + +Generate the oci api public key from the private key + +`$ openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem` + +You will have to upload the public key to the oci console for your user (go to your user page -> API Keys -> Add Public Key and paste the contents in there) in order to be able to do make API calls. + +After uploading the public key, you can see its fingerprint into the console. You will need that fingerprint for your variables.tf file. +You can also get the fingerprint from running the following command on your local workstation by using your newly generated oci api private key. + +`$ openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c` + +#### **Generating an SSH Key Pair on UNIX or UNIX-Like Systems Using ssh-keygen** + +- Run the ssh-keygen command. + +`ssh-keygen -b 2048 -t rsa` + +- The command prompts you to enter the path to the file in which you want to save the key. A default path and file name are suggested in parentheses. For example: /home/user_name/.ssh/id_rsa. To accept the default path and file name, press Enter. Otherwise, enter the required path and file name, and then press Enter. +- The command prompts you for a passphrase. Enter a passphrase, or press ENTER if you don't want to havea passphrase. + Note that the passphrase isn't displayed when you type it in. Remember the passphrase. If you forget the passphrase, you can't recover it. When prompted, enter the passphrase again to confirm it. +- The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_rsa, then the file name of the public key would be id_rsa.pub. + Make a note of the path where you've saved the SSH key pair. + When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding SSH private key and enter the passphrase when prompted. + +#### **Getting the Region** + +Even though, you may know your region name, you will needs its identifier for the variables.tf file (for example, US East Ashburn has us-ashburn-1 as its identifier). +In order to obtain your region identifier, you will need to Navigate in the OCI Console to Administration -> Region Management +Select the region you are interested in, and save the region identifier. + +#### **Prepare the variables.tf file** + +You will have to modify the **variables.tf** file to reflect the values that you’ve captured. + +``` +variable "tenancy_ocid" { + type = string + default = "" (tenancy ocid, obtained from OCI console - Profile -> Tenancy) +} + +variable "region" { + type = string + default = "" (the region used for deploying the infrastructure - ex: eu-frankfurt-1) +} + +variable "compartment_id" { + type = string + default = "" (the compartment used for deploying the solution - ex: compartment1) +} + +variable "user_ocid" { + type = string + default = "" (user ocid, obtained from OCI console - Profile -> User Settings) +} + +variable "fingerprint" { + type = string + default = "" (fingerprint obtained after setting up the API public key in OCI console - Profile -> User Settings -> API Keys -> Add Public Key) +} + +variable "private_key_path" { + type = string + default = "" (the path of your local oci api key - ex: /root/.ssh/oci_api_key.pem) +} +``` + +## Repository files + + +* **modules(folder)** - Contains folders with subsystems and modules for each section of the project: networking, autonomous database, analytics cloud, etc. +* **main.tf** - Main Terraform script used for instantiating the Oracle Cloud Infrastructure provider and all subsystems modules +* **README.md** - This file +* **outputs.tf** - Defines project's outputs that you will see after the code runs successfuly +* **provider.tf** - The terraform provider that will be used (OCI) +* **LICENSE** - The Universal Permissive License (UPL), Version 1.0 +* **local.tf** - Local values can be helpful to avoid repeating the same values or expressions multiple times in a configuration, but if overused they can also make a configuration hard to read by future maintainers by hiding the actual values used. +* **schema.yaml** - Schema documents are recommended for Terraform configurations when using Resource Manager. Including a schema document allows you to extend pages in the Oracle Cloud Infrastructure Console. Facilitate variable entry in the Create Stack page by surfacing SSH key controls and by naming, grouping, dynamically prepopulating values, and more. Define text in the Application Information tab of the stack detail page displayed for a created stack. +* **variables.tf** - Project's global variables + + +Secondly, populate the `terraform.tf` file with the disared configuration following the information: + + +# Autonomous Data Warehouse + +The ADW subsystem / module is able to create ADW/ATP databases. + +* Parameters: + * __adw_cpu_core_count__ - The number of OCPU cores to be made available to the database. For Autonomous Databases on dedicated Exadata infrastructure, the maximum number of cores is determined by the infrastructure shape. See Characteristics of Infrastructure Shapes for shape details. + * __adw_size_in_tbss__ - The size, in gigabytes, of the data volume that will be created and attached to the database. This storage can later be scaled up if needed. The maximum storage value is determined by the infrastructure shape. See Characteristics of Infrastructure Shapes for shape details. + * __adw_db_name__ - The database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted. The database name must be unique in the tenancy. + * __adw_db_workload__ - The Autonomous Database workload type. The following values are valid: + - OLTP - indicates an Autonomous Transaction Processing database + - DW - indicates an Autonomous Data Warehouse database + - AJD - indicates an Autonomous JSON Database + - APEX - indicates an Autonomous Database with the Oracle APEX Application Development workload type. *Note: db_workload can only be updated from AJD to OLTP or from a free OLTP to AJD. + * __adw_db_version__ - A valid Oracle Database version for Autonomous Database.db_workload AJD and APEX are only supported for db_version 19c and above. + * __adw_enable_auto_scaling__ - Indicates if auto scaling is enabled for the Autonomous Database OCPU core count. The default value is FALSE. + * __adw_is_free_tier__ - Indicates if this is an Always Free resource. The default value is false. Note that Always Free Autonomous Databases have 1 CPU and 20GB of memory. For Always Free databases, memory and CPU cannot be scaled. When db_workload is AJD or APEX it cannot be true. + * __adw_license_model__ - The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle PaaS and IaaS services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Database service. Note that when provisioning an Autonomous Database on dedicated Exadata infrastructure, this attribute must be null because the attribute is already set at the Autonomous Exadata Infrastructure level. When using shared Exadata infrastructure, if a value is not specified, the system will supply the value of BRING_YOUR_OWN_LICENSE. It is a required field when db_workload is AJD and needs to be set to LICENSE_INCLUDED as AJD does not support default license_model value BRING_YOUR_OWN_LICENSE. + * __database_admin_password__ - The password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (") or the username "admin", regardless of casing. The password is mandatory if source value is "BACKUP_FROM_ID", "BACKUP_FROM_TIMESTAMP", "DATABASE" or "NONE". + * __database_wallet_password__ - (Required) The password to encrypt the keys inside the wallet. The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. + +Below is an example: + +``` +variable "adw_cpu_core_count" { + type = number + default = 1 +} + +variable "adw_size_in_tbs" { + type = number + default = 1 +} + +variable "adw_db_name" { + type = string + default = "ADWipan" +} + +variable "adw_db_workload" { + type = string + default = "DW" +} + +variable "adw_db_version" { + type = string + default = "19c" +} + +variable "adw_enable_auto_scaling" { + type = bool + default = true +} + +variable "adw_is_free_tier" { + type = bool + default = false +} + +variable "adw_license_model" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "database_admin_password" { + type = string + default = "" +} + +variable "database_wallet_password" { + type = string + default = "" +} + +``` + +# Oracle Analytics Cloud +This resource provides the Analytics Instance resource in Oracle Cloud Infrastructure Analytics service. +Create a new AnalyticsInstance in the specified compartment. The operation is long-running and creates a new WorkRequest. + +* Parameters + * __analytics_instance_feature_set__ - Analytics feature set: ENTERPRISE_ANALYTICS or SELF_SERVICE_ANALYTICS set + * __analytics_instance_license_type__ - The license used for the service: LICENSE_INCLUDED or BRING_YOUR_OWN_LICENSE + * __analytics_instance_hostname__ - The name of the Analytics instance. This name must be unique in the tenancy and cannot be changed. + * __analytics_instance_idcs_access_token__ - IDCS access token identifying a stripe and service administrator user. THe IDCS access token can be obtained from OCI console - Menu -> Identity & Security -> Federation -> OracleIdentityCloudService - and now click on the Oracle Identity Cloud Service Console) + Access Oracle Identity Cloud Service console, click the avatar icon on the top-right corner, and then click My Access Tokens. + You can download an access token in the following ways: + Select Invokes Identity Cloud Service APIs to specify the available administrator roles that are assigned to you. The APIs from the specified administrator roles will be included in the token. + Select Invokes other APIs to select confidential applications that are assigned to the user account. + Click Select an Application to add a configured confidential resource application. On the Select an Application window, the list of assigned confidential applications displays. + Click applications to select them, and then click Add. The My Access Tokens page lists the added applications. + In the Token Expires in (Mins) field, select or enter how long (in minutes) the access token you're generating can be used before it expires. You can choose to keep the default number or specify between 1 and 527,040. + Click Download Token. The access token is generated and downloaded to your local machine as a tokens.tok file. + * __analytics_instance_capacity_capacity_type__ - The capacity model to use. Accepted values are: OLPU_COUNT, USER_COUNT . Values are case-insensitive. + * __analytics_instance_capacity_value__ - The capacity value selected (OLPU count, number of users, …etc…). This parameter affects the number of CPUs, amount of memory or other resources allocated to the instance. + * __analytics_instance_network_endpoint_details_network_endpoint_type__ - The type of network endpoint public or private + * __whitelisted_ips__ and __analytics_instance_network_endpoint_details_whitelisted_ips__ - If the network_endpoint_type is public you need to put the Source IP addresses or IP address ranges igress rules. + + +Below is an example: +``` +variable "analytics_instance_feature_set" { + type = string + default = "ENTERPRISE_ANALYTICS" +} + +variable "analytics_instance_license_type" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "analytics_instance_hostname" { + type = string + default = "AnalyicSD" +} + +variable "analytics_instance_idcs_access_token" { + type = string + default = "copy-paste your token instead" +} + +variable "analytics_instance_capacity_capacity_type" { + type = string + default = "OLPU_COUNT" +} + +variable "analytics_instance_capacity_value" { + type = number + default = 1 +} + +variable "analytics_instance_network_endpoint_details_network_endpoint_type" { + type = string + default = "public" +} + +variable "whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} +``` + +# Network +This resource provides the Vcn resource in Oracle Cloud Infrastructure Core service anso This resource provides the Subnet resource in Oracle Cloud Infrastructure Core service. +The solution will create 1 VCN in your compartment, 2 subnets ( one public and one private so the analytics cloud instance can be public or private ), 2 route tables for incomming and outoing traffic, 2 Network Security Groups for ingress and egress traffic, 1 internet gateway, 2 route tables for each subnet, dhcp service, NAT Gateway and a Service Gateway. + +* Parameters + * __service_name__ - The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter. + * __vcn_cidr__ - The list of one or more IPv4 CIDR blocks for the VCN that meet the following criteria: + The CIDR blocks must be valid. + They must not overlap with each other or with the on-premises network CIDR block. + The number of CIDR blocks must not exceed the limit of CIDR blocks allowed per VCN. It is an error to set both cidrBlock and cidrBlocks. Note: cidr_blocks update must be restricted to one operation at a time (either add/remove or modify one single cidr_block) or the operation will be declined. + * __vcn_name__ - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. + * __public_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the public subnet. + * __public_subnet_name__ - A user-friendly name for the public subnet. Does not have to be unique, and it's changeable. Avoid entering confidential information. + * __private_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the private subnet. + * __private_subnet_name__ - A user-friendly name for the private subnet. Does not have to be unique, and it's changeable. Avoid entering confidential information. + + +Below is an example: +``` +variable "service_name" { + type = string + default = "servicename" + description = "prefix for stack resources" +} + +variable "vcn_cidr" { + default = "172.0.0.0/16" + description = "CIDR for new virtual cloud network" +} + +variable "vcn_name" { + default = "vcn" + description = "Name of new virtual cloud network" +} + +variable "public_subnet_cidr" { + default = "172.0.0.128/27" + description = "CIDR for bastion subnet" +} + +variable "public_subnet_name" { + default = "pub" +} + +variable "private_subnet_cidr" { + default = "172.0.0.32/27" +} + +variable "private_subnet_name" { + default = "priv" +} +``` + +# Object Storage +This resource provides the Bucket resource in Oracle Cloud Infrastructure Object Storage service. +Creates a bucket in the given namespace with a bucket name and optional user-defined metadata. Avoid entering confidential information in bucket names. + +* Parameters: + * __bucket_name__ - The name of the bucket. Valid characters are uppercase or lowercase letters, numbers, hyphens, underscores, and periods. Bucket names must be unique within an Object Storage namespace. Avoid entering confidential information. example: Example: my-new-bucket1 + * __bucket_access_type__ - The type of public access enabled on this bucket. A bucket is set to NoPublicAccess by default, which only allows an authenticated caller to access the bucket and its contents. When ObjectRead is enabled on the bucket, public access is allowed for the GetObject, HeadObject, and ListObjects operations. When ObjectReadWithoutList is enabled on the bucket, public access is allowed for the GetObject and HeadObject operations. + * __bucket_storage_tier__ - The type of storage tier of this bucket. A bucket is set to 'Standard' tier by default, which means the bucket will be put in the standard storage tier. When 'Archive' tier type is set explicitly, the bucket is put in the Archive Storage tier. The 'storageTier' property is immutable after bucket is created. + * __bucket_events_enabled__ - Whether or not events are emitted for object state changes in this bucket. By default, objectEventsEnabled is set to false. Set objectEventsEnabled to true to emit events for object state changes. For more information about events, see Overview of Events. + + +Below is an example: +``` +variable "bucket_name" { + type = string + default = "BucketOnee" +} + +variable "bucket_access_type" { + type = string + default = "NoPublicAccess" +} + +variable "bucket_storage_tier" { + type = string + default = "Standard" +} + +variable "bucket_events_enabled" { + type = bool + default = false +} +``` + +# Data Catalog +This resource provides the Catalog resource in Oracle Cloud Infrastructure Data Catalog service. +Creates a new data catalog instance that includes a console and an API URL for managing metadata operations. For more information, please see the documentation. + +* Parameters: + * __datacatalog_display_name__ - Data catalog identifier. + + +Below is an example: +``` +variable "datacatalog_display_name" { + type = string + default = "DataCatalogIP" +} +``` + +# Oracle Cloud Infrastructure Data Integration service +This resource provides the Workspace resource in Oracle Cloud Infrastructure Data Integration service. +Creates a new Data Integration workspace ready for performing data integration tasks. + +* Parameters: + * __odi_display_name__ - A user-friendly display name for the workspace. Does not have to be unique, and can be modified. Avoid entering confidential information. + * __odi_description__ - A user defined description for the workspace. + + +Below is an example: +``` +variable "odi_display_name" { + type = string + default = "odi_workspace" +} + +variable "odi_description" { + type = string + default = "odi_workspace" +} +``` + +Don't modify any other variables in the variable.tf file - it may cause that the solution will not work propertly. + +## Running the code + +``` +# Run init to get terraform modules +$ terraform init + +# Create the infrastructure +$ terraform apply --auto-approve + +# If you are done with this infrastructure, take it down +$ terraform destroy --auto-approve +``` + + +## Documentation + +[Autonomous Databases Overview](https://docs.oracle.com/en-us/iaas/Content/Database/Concepts/adboverview.htm) + +[Analytics Cloud Overview](https://docs.oracle.com/en-us/iaas/analytics-cloud/index.html) + +[Network Overview](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/overview.htm) + +[Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm) + +[Data Catalog Overview](https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/data-catalog/using/overview.htm) + +[Data Integration Overview](https://docs.oracle.com/en-us/iaas/data-integration/using/overview.htm) + +[Terraform Autonomous Databases Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/database_autonomous_database) + +[Terraform Analytics Cloud Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/analytics_analytics_instance) + +[Terraform Vcn resource in Oracle Cloud Infrastructure Core service](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_vcn) + +[Terraform Subnet resource in Oracle Cloud Infrastructure Core service](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_subnet) + +[Terraform Object Storage Service Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/objectstorage_bucket) + +[Terraform Data Catalog Service Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/datacatalog_catalog) + +[Terraform Data Integration Service Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/dataintegration_workspace) + +## The Team +- **Owners**: [Panaitescu Ionel](https://github.com/ionelpanaitescu), [Corina Todea](https://github.com/ctodearo) +- **Contributors**: Name Name, [Name Name](https://github.com/somebody), [Name Name](https://github.com/somebody) + +## Feedback +We welcome your feedback. To post feedback, submit feature ideas or report bugs, please use the Issues section on this repository. + +## Known Issues +**At the moment, there are no known issues** \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/local.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/local.tf new file mode 100644 index 0000000..f69ecb1 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/local.tf @@ -0,0 +1,379 @@ +data "oci_identity_availability_domains" "ADs" { + compartment_id = var.tenancy_ocid +} + +data "oci_identity_tenancy" "tenancy" { + tenancy_id = var.tenancy_ocid +} + +data "template_file" "ad_names" { + count = length(data.oci_identity_availability_domains.ADs.availability_domains) + template = lookup(data.oci_identity_availability_domains.ADs.availability_domains[count.index], "name") +} + +data "oci_core_services" "tf_services" { + filter { + name = "cidr_block" + values = ["all-.*-services-in-oracle-services-network"] + regex = true + } +} + +# resource "oci_identity_tag_namespace" "namespace" { +# provider = oci +# compartment_id = var.compartment_id +# description = "cloudfoundationorcl" +# name = "cloudfoundationorcl-deploy-adw-oac" + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "release" { +# provider = oci +# description = "release" +# name = "release" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "solution" { +# provider = oci +# description = "solution" +# name = "solution" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "subsystem" { +# provider = oci +# description = "subsystem" +# name = "subsystem" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "module" { +# provider = oci +# description = "module" +# name = "module" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +locals { + +# # # Remove all characters from the service_name that dont satisfy the criteria: +# # # must start with letter, must only contain letters and numbers and length between 1,8 +# # # See https://github.com/google/re2/wiki/Syntax - regex syntax supported by replace() + service_name_prefix = replace(var.service_name, "/[^a-zA-Z0-9]/", "") + # # #Availability Domains + ad_names = compact(data.template_file.ad_names.*.rendered) + public_subnet_availability_domain = local.ad_names[0] + + num_ads = length( + data.oci_identity_availability_domains.ADs.availability_domains, + ) + + is_single_ad_region = local.num_ads == 1 ? true : false + use_existing_subnets = false + is_vcn_peering = false + vcnsCount = var.vcn_name !="" && local.use_existing_subnets==false ? 1:0 + assign_public_ip = var.assign_public_ip || var.subnet_type == "Use Public Subnet" ? true : false + + public_subnet_cidr = var.public_subnet_cidr == "" && var.vcn_name != "" && ! local.assign_public_ip ? local.is_vcn_peering ? "11.0.6.0/24" : "10.0.6.0/24" : var.public_subnet_cidr + private_subnet_cidr = var.private_subnet_cidr == "" && var.vcn_name != "" ? local.is_vcn_peering ? "11.0.3.0/24" : "10.0.3.0/24" : var.private_subnet_cidr + + public_subnet = { + exists = {compartment_id=var.compartment_id, + availability_domain=var.use_regional_subnet? "" : local.public_subnet_availability_domain, + cidr = local.public_subnet_cidr, + dns_label=replace("${var.public_subnet_name}-${substr(uuid(), -7, -1)}", "-",""), + private=false, + dhcp_options_id=module.network-dhcp-options.dhcp_options["${var.service_name}-${var.dhcp_options_name}"].id, + security_list_ids=local.public_security_list_id, + defined_tags=local.defined_tags, + # defined_tags=var.network_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags=local.freeform_tags} + not_exists = {compartment_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}} + } + + private_subnet = { + exists = {compartment_id=var.compartment_id, + availability_domain=var.use_regional_subnet? "" : var.private_subnet_availability_domain_name, + cidr = local.private_subnet_cidr, + dns_label=replace(format("%s-%s", var.private_subnet_name, substr(strrev(var.service_name), 0, 7)), "-",""), + private=true, + dhcp_options_id=module.network-dhcp-options.dhcp_options["${var.service_name}-${var.dhcp_options_name}"].id, + security_list_ids=local.private_security_list_id, + defined_tags=local.defined_tags, + # defined_tags=var.network_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags=local.freeform_tags} + not_exists={compartment_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}} + } + + exists_public_subnet = ! local.assign_public_ip && var.public_subnet_id == "" ? true : false + exists_private_subnet = ! local.assign_public_ip && var.private_subnet_id == "" ? true : false + + existing_public_subnet = local.public_subnet[local.exists_public_subnet ? "exists" : "not_exists"] + existing_private_subnet = local.private_subnet[local.exists_private_subnet ? "exists" : "not_exists"] + +create_subnets = {"${local.service_name_prefix}-${var.public_subnet_name}"=local.existing_public_subnet,"${local.service_name_prefix}-${var.private_subnet_name}"=local.existing_private_subnet} + +# Security Lists + + public-security-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = concat([ + { + stateless = false, + protocol = "6", + src = var.anywhere_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 22, max = 22}, + icmp_type = null, + icmp_code = null + }], + [ + { + stateless = false, + protocol = "6", + src = var.anywhere_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 80, max = 80}, + icmp_type = null, + icmp_code = null + }]), + egress_rules = [ + { + stateless = false, + protocol = "all", + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }] + } + not_exists = {vcn_id="", compartment_id="", defined_tags = {}, ingress_rules=[], egress_rules=[]} + } + + private-security-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = [ + { + stateless = false, + protocol = "6", + src = var.public_subnet_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }], + egress_rules = [ + { + stateless = false, + protocol = "all", + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }] + } + not_exists = {vcn_id="", compartment_id="", defined_tags = {}, ingress_rules=[], egress_rules=[]} + } + + public_security_list_id = compact( + concat( + [module.network-security-lists.security_lists["${var.service_name}-public-security-list"].id], + ), + ) + + private_security_list_id = compact( + concat( + [module.network-security-lists.security_lists["${var.service_name}-private-security-list"].id], + ), + ) + + public-security-list = local.public-security-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + private-security-list = local.private-security-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + + security-lists = { + !local.assign_public_ip ? "${var.service_name}-public-security-list" : "${var.service_name}-public-security-list" = local.public-security-list, + "${var.service_name}-private-security-list" = local.private-security-list, + } + + +# NSG: + public-nsgs-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = { ingress1 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + src = var.public_subnet_cidr, + src_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + egress_rules = { egress1 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + } + not_exists = {vcn_id="", ingress_rules=[], egress_rules=[]} + } + +### + private-nsgs-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = { ingress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + src = var.private_subnet_cidr, + src_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + egress_rules = { egress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }} + } + not_exists = {vcn_id="", ingress_rules=[], egress_rules=[]} + } + + + public_nsg_list_id = compact( + concat( + [module.network-security-groups.nsgs["${var.service_name}-public-nsg-list"].id], + ), + ) + + private_nsg_list_id = compact( + concat( + [module.network-security-groups.nsgs["${var.service_name}-private-nsg-list"].id], + ), + ) + + public-nsg-list = local.public-nsgs-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + private-nsg-list = local.private-nsgs-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + nsgs-lists = {!local.assign_public_ip ? "${var.service_name}-public-nsg-list" : "${var.service_name}-public-nsg-list" = local.public-nsg-list, + "${var.service_name}-private-nsg-list" = local.private-nsg-list, + } + +# Tags + + #map of Tag key and value + #special chars string denotes empty values for tags for validation purposes + #otherwise zipmap function below fails first for empty strings before validators executed + use_defined_tags = var.defined_tag == "~!@#$%^&*()" && var.defined_tag_value == "~!@#$%^&*()" ? false : true + use_freeform_tags = var.free_form_tag == "~!@#$%^&*()" && var.free_form_tag_value == "~!@#$%^&*()" ? false : true + + #ignore defaults of special chars if tags are not provided + defined_tag = false == local.use_defined_tags ? "" : var.defined_tag + defined_tag_value = false == local.use_defined_tags ? "" : var.defined_tag_value + free_form_tag = false == local.use_freeform_tags ? "" : var.free_form_tag + free_form_tag_value = false == local.use_freeform_tags ? "" : var.free_form_tag_value + + defined_tags = zipmap( + compact([trimspace(local.defined_tag)]), + compact([trimspace(local.defined_tag_value)]), + ) + freeform_tags = zipmap( + compact([trimspace(local.free_form_tag)]), + compact([trimspace(local.free_form_tag_value)]), + ) + +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/main.tf new file mode 100644 index 0000000..7b77469 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/main.tf @@ -0,0 +1,275 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "adw" { + source = "./modules/adw_subsystem" + compartment_id = var.compartment_id + adw_cpu_core_count = var.adw_cpu_core_count + adw_size_in_tbs = var.adw_size_in_tbs + adw_db_name = var.adw_db_name + adw_db_workload = var.adw_db_workload + adw_db_version = var.adw_db_version + adw_enable_auto_scaling = var.adw_enable_auto_scaling + adw_is_free_tier = var.adw_is_free_tier + adw_license_model = var.adw_license_model + database_admin_password = var.database_admin_password + database_wallet_password = var.database_wallet_password + # subnet_ocid = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id + # nsg_ids = module.network-security-groups.nsgid + defined_tags = local.defined_tags + # defined_tags = var.adw_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "adw_subsystem", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "adw" + # } +} + +module "oac" { + source = "./modules/oac_subsystem" + compartment_id = var.compartment_id + analytics_instance_feature_set = var.analytics_instance_feature_set + analytics_instance_license_type = var.analytics_instance_license_type + analytics_instance_hostname = var.analytics_instance_hostname + analytics_instance_idcs_access_token = var.analytics_instance_idcs_access_token + analytics_instance_capacity_capacity_type = var.analytics_instance_capacity_capacity_type + analytics_instance_capacity_value = var.analytics_instance_capacity_value + analytics_instance_network_endpoint_details_network_endpoint_type = var.analytics_instance_network_endpoint_details_network_endpoint_type + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + analytics_instance_network_endpoint_details_whitelisted_ips = var.analytics_instance_network_endpoint_details_whitelisted_ips + analytics_instance_network_endpoint_details_whitelisted_vcns_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + whitelisted_ips = var.whitelisted_ips + defined_tags = local.defined_tags + # defined_tags = var.oac_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "oac_subsystem", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "oac" + # } +} + +module "os" { + source = "./modules/object-storage_subsystem" + tenancy_ocid = var.tenancy_ocid + compartment_id = var.compartment_id + bucket_name = var.bucket_name + bucket_access_type = var.bucket_access_type + bucket_storage_tier = var.bucket_storage_tier + bucket_events_enabled = var.bucket_events_enabled + defined_tags = local.defined_tags + # defined_tags = var.os_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "objectstorage", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "objectstorage" + # } +} + +module "datacatalog" { + source = "./modules/datacatalog_subsystem" + compartment_id = var.compartment_id + datacatalog_display_name = var.datacatalog_display_name + defined_tags = local.defined_tags + # defined_tags = var.datacatalog_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "datacatalog_subsystem", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "datacatalog" + # } +} + +module "odi" { + source = "./modules/odi_subsystem" + compartment_id = var.compartment_id + display_name = var.odi_display_name + description = var.odi_description + defined_tags = local.defined_tags + # defined_tags = var.os_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "objectstorage", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "objectstorage" + # } +} + +module "network-vcn" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" + + compartment_id = var.compartment_id + service_label = var.service_name + service_gateway_cidr = lookup(data.oci_core_services.tf_services.services[0], "cidr_block") + + vcns = {for x in range(local.vcnsCount) : "${var.service_name}-${var.vcn_name}" => { + + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = format("%svcn",substr((var.service_name), 0, 10)) + is_create_igw = (var.vcn_name=="" || local.use_existing_subnets) ? false : true + is_attach_drg = false + block_nat_traffic = local.assign_public_ip && var.vcn_name!="" ? true : false + + subnets = {subnet={compartment_id="", vcn_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}}} + + defined_tags = local.defined_tags + # defined_tags = var.network_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-subnets" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" + + compartment_id = var.compartment_id + service_label = var.service_name + service_gateway_cidr = "all-.*-services-in-oracle-services-network" + + vcns = {for x in range(local.vcnsCount) : "" => { + + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = format("%svcn",substr((var.service_name), 0, 10)) + is_create_igw = false + is_attach_drg = false + block_nat_traffic = local.assign_public_ip && var.vcn_name!="" ? true : false + + subnets = {for k, v in local.create_subnets: k => { + compartment_id = v.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + availability_domain = v.availability_domain, + cidr = v.cidr, + dns_label = v.dns_label, + private = v.private, + dhcp_options_id = v.dhcp_options_id, + security_list_ids = v.security_list_ids, + defined_tags = v.defined_tags, + freeform_tags = v.freeform_tags + } if v.compartment_id != "" + } + + defined_tags = local.defined_tags + # defined_tags = var.network_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-routing" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" + + compartment_id = var.compartment_id + + subnets_route_tables = { + "${local.service_name_prefix}-routetable-out" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.public_subnet_name}").id, + route_table_id = "", + route_rules = [{ + is_create = true, + destination = "0.0.0.0/0", + destination_type = "CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.internet_gateways, lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id).id, + description = "" + }], + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + }, + "${local.service_name_prefix}-routetable" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id, + route_table_id = "", + route_rules = concat( [], + [ + { + is_create = true + destination = lookup(data.oci_core_services.tf_services.services[0], "cidr_block"), + destination_type = "SERVICE_CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.service_gateways, lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id).id, + description = "" + } + ]), + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + } + } +} + +module "network-routing-attachment" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" + compartment_id = var.compartment_id + + subnets_route_tables = { + "" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.public_subnet_name}").id, + route_table_id = lookup(module.network-routing.subnets_route_tables,"${local.service_name_prefix}-routetable-out").id, + route_rules = ([]), + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + } + } +} + +module "network-security-lists" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + ports_not_allowed_from_anywhere_cidr = [3390,4500] + + security_lists = { + for k,v in local.security-lists : k => v if v.compartment_id != "" + } +} + +module "network-dhcp-options" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + + dhcp_options = {for x in range(local.is_vcn_peering ? 0 : (local.use_existing_subnets ? 0 : 1 ) ) : "${var.service_name}-${var.dhcp_options_name}" => { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + options = { + type = "DomainNameServer" + server_type = "VcnLocalPlusInternet" + }, + defined_tags = local.defined_tags + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-security-groups" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + + nsgs = { + for k,v in local.nsgs-lists : k => v if v.compartment_id != "" + } +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/main.tf new file mode 100644 index 0000000..50963df --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/main.tf @@ -0,0 +1,28 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "adw" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/database/adw" + adw_params = { + adw = { + compartment_id = var.compartment_id, + adw_cpu_core_count = var.adw_cpu_core_count, + adw_size_in_tbs = var.adw_size_in_tbs, + adw_db_name = var.adw_db_name, + adw_db_workload = var.adw_db_workload, + adw_db_version = var.adw_db_version, + adw_enable_auto_scaling = var.adw_enable_auto_scaling, + adw_is_free_tier = var.adw_is_free_tier, + adw_license_model = var.adw_license_model, + database_admin_password = var.database_admin_password, + database_wallet_password = var.database_wallet_password, + # subnet_id = var.subnet_ocid, + # nsg_ids = var.nsg_ids, + defined_tags = var.defined_tags + }, + } +} + + + + \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/outputs.tf new file mode 100644 index 0000000..0976316 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/outputs.tf @@ -0,0 +1,6 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "ADW_Service_Console_URL" { + value = module.adw.ADW_Service_Console_URL +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/variables.tf new file mode 100644 index 0000000..df44792 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/adw_subsystem/variables.tf @@ -0,0 +1,26 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" {} +variable "adw_cpu_core_count" {} +variable "adw_size_in_tbs" {} +variable "adw_db_name" {} +variable "adw_db_workload" {} +variable "adw_db_version" {} +variable "adw_enable_auto_scaling" {} +variable "adw_is_free_tier" {} +variable "adw_license_model" {} +variable "database_admin_password" {} +variable "database_wallet_password" {} + +# variable "subnet_ocid" {} + +# variable "nsg_ids" { +# type = list(string) +# default = [] +# } + +variable "defined_tags" { + type = map + default = {} +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/main.tf new file mode 100644 index 0000000..b5ba36e --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/main.tf @@ -0,0 +1,14 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "datacatalog" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/datacatalog" + + datacatalog_params = { + datacatalog = { + compartment_id = var.compartment_id, + catalog_display_name = var.datacatalog_display_name, + defined_tags = var.defined_tags + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/outputs.tf new file mode 100644 index 0000000..410f01e --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/outputs.tf @@ -0,0 +1,6 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "datacatalog" { + value = module.datacatalog.datacatalog +} \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/variables.tf new file mode 100644 index 0000000..9b21bd3 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/datacatalog_subsystem/variables.tf @@ -0,0 +1,18 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" { + type = string +} + +variable "datacatalog_display_name" { + type = string +} + +variable "defined_tags" { + type = map + default = {} +} + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/main.tf new file mode 100644 index 0000000..ae21690 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/main.tf @@ -0,0 +1,24 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "oac" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/oac" + oac_params = { + oac = { + compartment_id = var.compartment_id, + analytics_instance_feature_set = var.analytics_instance_feature_set, + analytics_instance_license_type = var.analytics_instance_license_type, + analytics_instance_hostname = var.analytics_instance_hostname, + analytics_instance_idcs_access_token = var.analytics_instance_idcs_access_token, + analytics_instance_capacity_capacity_type = var.analytics_instance_capacity_capacity_type, + analytics_instance_capacity_value = var.analytics_instance_capacity_value, + defined_tags = var.defined_tags + analytics_instance_network_endpoint_details_network_endpoint_type = var.analytics_instance_network_endpoint_details_network_endpoint_type + subnet_id = var.subnet_id + vcn_id = var.vcn_id + analytics_instance_network_endpoint_details_whitelisted_ips = var.analytics_instance_network_endpoint_details_whitelisted_ips + analytics_instance_network_endpoint_details_whitelisted_vcns_id = var.analytics_instance_network_endpoint_details_whitelisted_vcns_id + whitelisted_ips = var.whitelisted_ips + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/outputs.tf new file mode 100644 index 0000000..896ba46 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/outputs.tf @@ -0,0 +1,11 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "Analytics_URL" { + value = module.oac.Analytics_URL +} + + + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/variables.tf new file mode 100644 index 0000000..4fd45c6 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/oac_subsystem/variables.tf @@ -0,0 +1,55 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" { + type = string +} + +variable "analytics_instance_feature_set" { + type = string +} + +variable "analytics_instance_license_type" { + type = string +} + +variable "analytics_instance_hostname" { + type = string +} + +variable "analytics_instance_idcs_access_token" { + type = string +} + +variable "analytics_instance_capacity_capacity_type" { + type = string +} + +variable "analytics_instance_capacity_value" { + type = number +} + +variable "defined_tags" { + type = map + default = {} +} + +variable "subnet_id" {} +variable "vcn_id" {} +variable "analytics_instance_network_endpoint_details_network_endpoint_type" {} +variable "analytics_instance_network_endpoint_details_whitelisted_vcns_id" {} + +variable "whitelisted_ips" { + type = list(string) + default = [] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = [] +} + + + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/main.tf new file mode 100644 index 0000000..5a6f33e --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/main.tf @@ -0,0 +1,18 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "os" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/object-storage" + tenancy_ocid = var.tenancy_ocid + + bucket_params = { + bucket = { + compartment_id = var.compartment_id, + name = var.bucket_name, + access_type = var.bucket_access_type, + storage_tier = var.bucket_storage_tier, + events_enabled = var.bucket_events_enabled, + defined_tags = var.defined_tags + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/outputs.tf new file mode 100644 index 0000000..2576639 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/outputs.tf @@ -0,0 +1,6 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "buckets" { + value = module.os.buckets +} \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/variables.tf new file mode 100644 index 0000000..e6428ce --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/object-storage_subsystem/variables.tf @@ -0,0 +1,35 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "tenancy_ocid" { + type = string +} + +variable "compartment_id" { + type = string +} + +variable "bucket_name" { + type = string +} + +variable "bucket_access_type" { + type = string +} + +variable "bucket_storage_tier" { + type = string +} + +variable "bucket_events_enabled" { + type = bool +} + +variable "defined_tags" { + type = map + default = {} +} + + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/main.tf new file mode 100644 index 0000000..dd24316 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/main.tf @@ -0,0 +1,17 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "odi" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/odi" + odi_params = { + odi = { + compartment_id = var.compartment_id, + display_name = var.display_name, + description = var.description, + # is_private_network_enabled = var.is_private_network_enabled + # subnet_id = var.subnet_id + # vcn_id = var.vcn_id + defined_tags = var.defined_tags + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/outputs.tf new file mode 100644 index 0000000..86d8d60 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/outputs.tf @@ -0,0 +1,6 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "odi" { + value = module.odi.odi +} \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/variables.tf new file mode 100644 index 0000000..674e3f6 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/modules/odi_subsystem/variables.tf @@ -0,0 +1,27 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" { + type = string +} + +variable "display_name" { + type = string +} + +variable "description" { + type = string +} + +# variable "is_private_network_enabled" { +# type = bool +# } + +# variable "subnet_id" {} +# variable "vcn_id" {} + +variable "defined_tags" { + type = map + default = {} +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/outputs.tf new file mode 100644 index 0000000..5fc0c27 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/outputs.tf @@ -0,0 +1,26 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "ADW_Service_Console_URL" { + value = module.adw.ADW_Service_Console_URL +} + +output "Analytics_URL" { + value = module.oac.Analytics_URL +} + +output "Instructions" { + value = "Please use the ADW URL to login by using the user admin and the password that it's provided in the output.Also change the password with one that you desire." +} + +output "Buckets" { + value = module.os.buckets +} + +output "DataCatalog" { + value = module.datacatalog.datacatalog +} + +output "Odi" { + value = module.odi.odi +} \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/provider.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/provider.tf new file mode 100644 index 0000000..6019931 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/provider.tf @@ -0,0 +1,11 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_providers { + oci = { + version = ">= 4.37.0" + source = "hashicorp/oci" + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/schema.yaml b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/schema.yaml new file mode 100644 index 0000000..aba25b5 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/schema.yaml @@ -0,0 +1,464 @@ +title: "Create ADW and OAC in Oracle Cloud Infrastructure" +stackDescription: "Deploy Autonomous Data Warehouse (ADW) and Oracle Analytics Cloud (OAC) in Oracle Cloud Infrastructure." +schemaVersion: 1.1.0 +version: "20210902" +locale: "en" +groupings: + - title: "General Settings" + visible: true + variables: + - tenancy_ocid + - compartment_id + - region + - display_name_prefix + - title: "Autonomous Database Configuration" + variables: + - adw_db_name + - adw_is_free_tier + - adw_license_model + - database_admin_password + - database_wallet_password + - adw_db_version + - adw_size_in_tbs + - adw_enable_auto_scaling + - adw_cpu_core_count + - adw_db_workload + - title: "Oracle Analytics Cloud Configuration" + variables: + - analytics_instance_hostname + - analytics_instance_license_type + - analytics_instance_feature_set + - analytics_instance_capacity_value + - analytics_instance_capacity_capacity_type + - analytics_instance_network_endpoint_details_network_endpoint_type + - analytics_instance_idcs_access_token + - title: "Object Storage" + variables: + - bucket_name + - bucket_access_type + - bucket_storage_tier + - bucket_events_enabled + - title: "Data Catalog" + variables: + - datacatalog_display_name + - title: "Oracle Cloud Infrastructure Data Integration Service" + variables: + - odi_display_name + - odi_description + - title: "Network Configuration" + variables: + - service_name + - vcn_cidr + - vcn_name + - public_subnet_name + - public_subnet_cidr + - private_subnet_name + - private_subnet_cidr + - show_advanced_options + - title: "Hidden Variables" + visible: false + variables: + - user_ocid + - fingerprint + - private_key_path + - defined_tag + - defined_tag_value + - free_form_tag + - free_form_tag_value + - dhcp_options_name + - anywhere_cidr + - assign_public_ip + - use_regional_subnet + - subnet_type + - private_subnet_availability_domain_name + - private_subnet_id + - public_subnet_id + - whitelisted_ips + - analytics_instance_network_endpoint_details_whitelisted_ips +# General Configuration Variables +variables: + tenancy_ocid: + title: Tenancy ID + description: The Oracle Cloud Identifier (OCID) for your tenancy. + type: string + required: true + visible: false + compartment_id: + title: Stack Compartment + description: Choose the compartment where all resources will be provisioned. + type: oci:identity:compartment:id + required: true + visible: true + region: + title: Region + description: Select Region where all resources will be created. + type: oci:identity:region:name + required: true + visible: true + display_name_prefix: + title: Display Name Prefix + type: string + default: "Autonomous Data Warehouse (ADW) and Oracle Analytics Cloud (OAC)" + description: Enter the Display name for the solution. + required: true + visible: true +# Autonomous Database Configuration Variables + adw_db_name: + title: Database Name + description: "Provide Database name. Constraints: 12 alphanumeric characters only. No Spaces." + required: true + type: string + maxLength: 14 + adw_is_free_tier: + title: Do do want a always Free Oracle Autonomous Database instance? + description: "Provision Always Free Oracle Autonomous Database instance (1 OCPU 20 GB Storage)?" + type: enum + enum: + - "true" + - "false" + default: "false" + required: true + visible: true + adw_license_model: + title: "Provision Paid Oracle Autonomous Database instance (2 OCPU 1 TB Storage) - License Included or BYOL?" + description: "Note: This configuration can be changed later from the OCI console." + type: enum + enum: + - LICENSE_INCLUDED + - BRING_YOUR_OWN_LICENSE + default: LICENSE_INCLUDED + required: true + visible: + eq: + - adw_is_free_tier + - "false" + database_admin_password: + title: Database Admin Password + description: "Provide admin password. Constraints: 12 - 30 characters. At least one uppercase letter, one lowercase letter, and one number. No special characters." + type: password + required: true + confirmation: true + pattern: ((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*[%!@^&)(]).{12,20}) + database_wallet_password: + title: Database Wallet Password + description: Provide database wallet password. Must be a minimum 12 characters, contain at least one uppercase letter, one lowercase letter, one number. Do not include special characters. + type: password + required: true + confirmation: true + pattern: ((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*[%!@^&)(]).{12,20}) + adw_db_version: + title: "A valid Oracle Database version for Autonomous Database" + description: "A valid Oracle Database version for Autonomous Database" + type: enum + enum: + - "19c" + default: "19c" + required: true + visible: true + adw_size_in_tbs: + title: "The quantity of data in the database, in terabytes." + description: "The quantity of data in the database, in terabytes." + type: enum + enum: + - 1 + - 2 + - 4 + - 6 + - 8 + - 10 + - 12 + - 16 + - 24 + - 36 + - 52 + - 128 + default: 1 + visible: true + required: true + adw_enable_auto_scaling: + title: Indicates if auto scaling is enabled for the Autonomous Database CPU core count. + description: "Indicates if auto scaling is enabled for the Autonomous Database CPU core count. " + type: enum + enum: + - "true" + - "false" + default: "true" + required: true + visible: true + adw_cpu_core_count: + title: The number of OCPU cores to be made available to the database + description: "The number of OCPU cores to enable. Available cores are subject to your tenancy's service limits." + type: enum + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + - 11 + - 12 + default: 1 + required: true + visible: true + adw_db_workload: + title: Autonomous Database Type of workload. + description: "Autonomous Database Type of workload." + type: enum + enum: + - "DW" + default: "DW" + required: true + visible: false + # Oracle Analytics Cloud Configuration + analytics_instance_hostname: + title: Analytics Instance Name + description: "Enter a unique name for this instance. The name provided must start with a letter, contain only alphanumeric characters, no spaces and span up to 30 characters in total." + type: string + maxLength: 30 + default: "AnalyticsX" + required: true + visible: true + analytics_instance_license_type: + title: Analytics License + description: Choose your Oracle Analytics Cloud License Type. + type: enum + enum: + - LICENSE_INCLUDED + - BRING_YOUR_OWN_LICENSE + default: LICENSE_INCLUDED + visible: true + required: true + analytics_instance_feature_set: + title: Analytics Instance Type + description: Choose the Analytics Product Type. + type: enum + enum: + - SELF_SERVICE_ANALYTICS + - ENTERPRISE_ANALYTICS + default: "ENTERPRISE_ANALYTICS" + visible: create_analytics_instance + required: true + analytics_instance_capacity_value: + title: Analytics Instance Capacity + description: Provide the number of OCPUs for the Oracle Analytics Instance. + type: enum + enum: + - 1 + - 2 + - 4 + - 6 + - 8 + - 10 + - 12 + - 16 + - 24 + - 36 + - 52 + default: 1 + visible: true + required: true + analytics_instance_capacity_capacity_type: + title: Analytics Instance Capacity Type + description: The capacity value selected (OLPU count, number of users, …etc…). This parameter affects the number of CPUs, amount of memory or other resources allocated to the instance. + type: enum + enum: + - "OLPU_COUNT" + - "USERS_COUNT" + default: "OLPU_COUNT" + visible: true + required: true + analytics_instance_network_endpoint_details_network_endpoint_type: + title: Analytics Instance Base representation of a network endpoint + description: "The type of network endpoint: Public or Private Network endpoint" + type: enum + enum: + - "public" + - "private" + default: "public" + visible: true + required: true + analytics_instance_idcs_access_token: + title: IDCS Access Token + description: Provide IDCS Access token. See Pre-req section in the Installation Document. + type: string + default: "copy-paste your token instead" + visible: true + required: true +# Object Storage Configuration + bucket_name: + title: Object Storage Bucket Name + description: "Enter a unique name for this object storage bucket. The name provided must start with a letter, contain only alphanumeric characters, no spaces and span up to 30 characters in total." + type: string + maxLength: 30 + default: "BucketOne" + required: true + visible: true + bucket_access_type: + title: Object Storage Access Type + description: "Select the Access Type of the bucket." + type: enum + enum: + - NoPublicAccess + - ObjectReadWithoutList + - ObjectRead + default: "NoPublicAccess" + required: true + visible: true + bucket_storage_tier: + title: Object Storage Bucket Name + description: "Select the storage Tier of the bucket." + type: enum + enum: + - Standard + - Archive + default: "Standard" + required: true + visible: true + bucket_events_enabled: + title: Indicates if bucket events are enabled or not. + description: "Indicates if bucket events are enabled or not " + type: enum + enum: + - "true" + - "false" + default: "false" + required: true + visible: true +# Data Catalog Configuration + datacatalog_display_name: + title: Data Catalog Name + description: "Enter a unique name for this data catalog. The name provided must start with a letter, contain only alphanumeric characters, no spaces and span up to 30 characters in total." + type: string + maxLength: 30 + default: "DataCatalogIP" + required: true + visible: true +# ODI - Oracle Cloud Infrastructure Data Integration service + odi_display_name: + title: Oracle Data Integration Service + description: "Enter a unique name for the Oracle Data Integration Service. The name provided must start with a letter, contain only alphanumeric characters, no spaces and span up to 30 characters in total." + type: string + maxLength: 30 + default: "odi_workspace" + required: true + visible: true + odi_description: + title: Oracle Data Integration Service + description: "Enter a descriptionfor the Oracle Data Integration Service." + type: string + maxLength: 30 + default: "odi_workspace" + required: true + visible: true +# Network Configuration + service_name: + visible: + and: + - show_advanced_options + type: string + default: "servicename" + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: Resource Name Prefix + description: The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter. + vcn_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.0/16" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + title: VCN Network CIDR + required: true + description: The CIDR to assign to the new Virtual Cloud Network (VCN) to create for this service. This field is not required if you want to use an existing VCN. When using VCN peering ensure that the VCNs being peered have non-overlapping CIDR blocks. + vcn_name: + visible: + and: + - show_advanced_options + type: string + default: "vcn" + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: VCN Name + description: The name of the new Virtual Cloud Network (VCN) to create for this service + public_subnet_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.128/27" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: Public Subnet CIDR + description: "The CIDR of the new public subnet." + public_subnet_name: + visible: + and: + - show_advanced_options + type: string + default: "pub" + required: true + title: Public Subnet Name + description: "The name of the new public subnet." + private_subnet_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.32/27" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: Private Subnet CIDR + description: "The CIDR of the new private subnet." + private_subnet_name: + visible: + and: + - show_advanced_options + type: string + default: "priv" + required: true + title: Private Subnet Name + description: "The name of the new private subnet." + show_advanced_options: + title: Show Advanced Options + description: Enable advanced options for network. + type: boolean + default: false + visible: true +outputs: + Instructions: + type: string + title: Instructions + Analytics_URL: + type: link + title: Analytics URL + ADW_Service_Console_URL: + type: link + title: ADB Service Console URL + Buckets: + type: string + title: Buckets + DataCatalog: + type: string + title: DataCatalog + Odi: + type: string + title: Odi workspace +outputGroups: + - title: Application + outputs: + - Instructions + - ADW_Service_Console_URL + - Analytics_URL + - Buckets + - DataCatalog + - Odi diff --git a/cloud-foundation/solutions/Departmental-DWH-Full-Solution/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/variables.tf new file mode 100644 index 0000000..878591f --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Full-Solution/variables.tf @@ -0,0 +1,285 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + + +terraform { + required_version = ">= 0.14.0" +} + +variable "tenancy_ocid" { + type = string + default = "" +} +variable "region" { + type = string + default = "" +} + +variable "compartment_id" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +# Autonomous Database Configuration Variables + +variable "adw_cpu_core_count" { + type = number + default = 1 +} + +variable "adw_size_in_tbs" { + type = number + default = 1 +} + +variable "adw_db_name" { + type = string + default = "ADWipa" +} + +variable "adw_db_workload" { + type = string + default = "DW" +} + +variable "adw_db_version" { + type = string + default = "19c" +} + +variable "adw_enable_auto_scaling" { + type = bool + default = true +} + +variable "adw_is_free_tier" { + type = bool + default = false +} + +variable "adw_license_model" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "database_admin_password" { + type = string + default = "" +} + +variable "database_wallet_password" { + type = string + default = "" +} + +# Oracle Analytics Cloud Configuration + +variable "analytics_instance_feature_set" { + type = string + default = "ENTERPRISE_ANALYTICS" +} + +variable "analytics_instance_license_type" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "analytics_instance_hostname" { + type = string + default = "AnalyicsO" +} + +variable "analytics_instance_idcs_access_token" { + type = string + default = "copy-paste your token instead" +} + +variable "analytics_instance_capacity_capacity_type" { + type = string + default = "OLPU_COUNT" +} + +variable "analytics_instance_capacity_value" { + type = number + default = 1 +} + +variable "analytics_instance_network_endpoint_details_network_endpoint_type" { + type = string + default = "public" +} + +variable "whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +# Object Storage Bucket + +variable "bucket_name" { + type = string + default = "BucketOnee" +} + +variable "bucket_access_type" { + type = string + default = "NoPublicAccess" +} + +variable "bucket_storage_tier" { + type = string + default = "Standard" +} + +variable "bucket_events_enabled" { + type = bool + default = false +} + +# Data Catalog + +variable "datacatalog_display_name" { + type = string + default = "DataCatalogIP" +} + +# ODI - Oracle Cloud Infrastructure Data Integration service + +variable "odi_display_name" { + type = string + default = "odi_workspace" +} + +variable "odi_description" { + type = string + default = "odi_workspace" +} + +# Network + +variable "service_name" { + type = string + default = "servicename" + description = "prefix for stack resources" +} + +variable "vcn_cidr" { + default = "172.0.0.0/16" + description = "CIDR for new virtual cloud network" +} + +variable "vcn_name" { + default = "vcn" + description = "Name of new virtual cloud network" +} + +variable "public_subnet_cidr" { + default = "172.0.0.128/27" + description = "CIDR for bastion subnet" +} + +variable "public_subnet_name" { + default = "pub" +} + +variable "private_subnet_cidr" { + default = "172.0.0.32/27" +} + +variable "private_subnet_name" { + default = "priv" +} + +# don't modify any other variables (below) - it may cause that the solution will not work propertly. + +variable "use_regional_subnet" { + type = bool + default = true + description = "Indicates use of regional subnets (preferred) instead of AD specific subnets" +} + +variable "subnet_type" { + default = "Use Private Subnet" +} + +variable "public_subnet_id" { + default = "" + description = "OCID for existing subnet for bastion instance" +} + +variable "private_subnet_id" { + default = "" + description = "OCID for existing subnet for weblogic instances" +} + +variable "assign_public_ip" { + type = bool + default = false + description = "Indicates use of private subnets" +} + +variable "private_subnet_availability_domain_name" { + type = string + default = "" + description = "availablility domain for weblogic vm instances" +} + +variable "dhcp_options_name" { + default = "dhcpOptions" +} + +variable anywhere_cidr { + default = "0.0.0.0/0" +} + +# Define Tags + + +#Note: special chars string denotes empty values for tags for validation purposes +#otherwise zipmap function in main.tf fails first for empty strings before validators executed. + +variable "defined_tag" { + type = string + default = "~!@#$%^&*()" + description = "defined resource tag name" +} + +variable "defined_tag_value" { + type = string + default = "~!@#$%^&*()" + description = "defined resource tag value" +} + +variable "free_form_tag" { + type = string + default = "~!@#$%^&*()" + description = "free form resource tag name" +} + +variable "free_form_tag_value" { + type = string + default = "~!@#$%^&*()" + description = "free form resource tag value" +} + +# End diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/.gitignore b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/.gitignore new file mode 100644 index 0000000..bb8c378 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/.gitignore @@ -0,0 +1,3 @@ +.terraform +*tfstate* +*.pem \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/CONTRIBUTING.md b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/CONTRIBUTING.md new file mode 100644 index 0000000..7fd10e9 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/CONTRIBUTING.md @@ -0,0 +1,33 @@ + +# Contributing to Oracle Cloud Foundation Terraform Framework + +## Contributing to Oracle Cloud Foundation Terraform Framework + +Oracle welcomes contributions to this repository from anyone. + +If you want to submit a pull request to fix a bug or enhance an existing +feature, please first open an issue and link to that issue when you +submit your pull request. + +If you have any questions about a possible submission, feel free to open +an issue too. + +## Pull request process + +1. Fork this repository +1. Create a branch in your fork to implement the changes. We recommend using +the issue number as part of your branch name, e.g. `1234-fixes` +1. Ensure that there is at least one test that would fail without the fix and +passes post fix +1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly +what your changes are meant to do and provide simple steps on how to validate +your changes, ideally referencing the test. Ensure that you reference the issue +you created as well. We will assign the pull request to 1-2 people for review +before it is submitted internally and the PR is closed. \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/LICENSE b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/LICENSE new file mode 100644 index 0000000..74bc471 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/LICENSE @@ -0,0 +1,27 @@ +Copyright © 2021 Oracle and/or its affiliates. All rights reserved. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/README.md b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/README.md new file mode 100644 index 0000000..cf46870 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/README.md @@ -0,0 +1,447 @@ +# Oracle Cloud Foundation Terraform Solution - Departmental data warehousing - business domain analytics + +## Table of Contents +1. [Overview](#overview) +1. [Deliverables](#deliverables) +1. [Architecture](#Architecture-Diagram) +1. [Executing Instructions](#instructions) + 1. [Deploy Using Oracle Resource Manager](#Deploy-Using-Oracle-Resource-Manager) + 1. [Deploy Using the Terraform CLI](#Deploy-Using-the-Terraform-CLI) +1. [Documentation](#documentation) +1. [The Team](#team) +1. [Feedback](#feedback) +1. [Known Issues](#known-issues) +1. [Contribute](#CONTRIBUTING.md) + + +## Overview +This architecture uses Oracle Autonomous Data Warehouse to load and optimize data from multiple flat-file sources into a centralized data warehouse and then uses Oracle Analytics Cloud to analyze the data to provide actionable insights. + +For details of the architecture, see [_Departmental data warehousing - business domain analytics_](https://docs.oracle.com/en/solutions/oci-spreadsheet-analysis/index.html) + +## Deliverables + This repository encloses one deliverable: + +- A reference implementation written in Terraform HCL (Hashicorp Language) that provisions fully functional resources in an OCI tenancy. + +## Architecture-Diagram +The diagram below shows services that are deployed: + +![](https://docs.oracle.com/en/solutions/oci-spreadsheet-analysis/img/analysis-spreadsheets-architecture.png) + + +## Executing Instructions + +## Prerequisites + +- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `autonomous-database-family`. +- Quota to create the following resources: 1 ADW database instance and 1 Oracle Analytics Cloud (OAC) instance. +If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). + +# Deploy Using Oracle Resource Manager + +1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://raw.githubusercontent.com/oracle-devrel/terraform-oci-oracle-cloud-foundation/develop/cloud-foundation/solutions-for-oracle-res-mgr/Departmental-DWH-Small-Footprint-Solution.zip) + + If you aren't already signed in, when prompted, enter the tenancy and user credentials. + +2. Review and accept the terms and conditions. +3. Select the region where you want to deploy the stack. +4. Follow the on-screen prompts and instructions to create the stack. +5. After creating the stack, click **Terraform Actions**, and select **Plan**. +6. Wait for the job to be completed, and review the plan. + To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. +7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. + + +# Deploy Using the Terraform CLI + +## Clone the Module +Now, you'll want a local copy of this repo. You can make that with the commands: + + git clone https://github.com/oracle-devrel/terraform-oci-oracle-cloud-foundation.git + cd terraform-oci-oracle-cloud-foundation/cloud-foundation/solutions/Departmental-DWH-Full-Solution + ls + +## Deployment + +- Follow the instructions from Prerequisites links in order to install terraform. +- Download the terraform version suitable for your operating system. +- Unzip the archive. +- Add the executable to the PATH. +- You will have to generate an API signing key (public/private keys) and the public key should be uploaded in the OCI console, for the iam user that will be used to create the resources. Also, you should make sure that this user has enough permissions to create resources in OCI. In order to generate the API Signing key, follow the steps from: https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm#How + The API signing key will generate a fingerprint in the OCI console, and that fingerprint will be used in a terraform file described below. +- You will also need to generate an OpenSSH public key pair. Please store those keys in a place accessible like your user home .ssh directory. + +## Prerequisites + +- Install Terraform v0.13 or greater: https://www.terraform.io/downloads.html +- Install Python 3.6: https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-centos-7 +- Generate an OCI API Key +- Create your config under \$home*directory/.oci/config (run \_oci setup config* and follow the steps) +- Gather Tenancy related variables (tenancy_id, user_id, local path to the oci_api_key private key, fingerprint of the oci_api_key_public key, and region) + +### Installing Terraform + +Go to [terraform.io](https://www.terraform.io/downloads.html) and download the proper package for your operating system and architecture. Terraform is distributed as a single binary. +Install Terraform by unzipping it and moving it to a directory included in your system's PATH. You will need the latest version available. + +### Prepare Terraform Provider Values + +**variables.tf** is located in the root directory. This file is used in order to be able to make API calls in OCI, hence it will be needed by all terraform automations. + +In order to populate the **variables.tf** file, you will need the following: + +- Tenancy OCID +- User OCID +- Local Path to your private oci api key +- Fingerprint of your public oci api key +- Region + +#### **Getting the Tenancy and User OCIDs** + +You will have to login to the [console](https://console.us-ashburn-1.oraclecloud.com) using your credentials (tenancy name, user name and password). If you do not know those, you will have to contact a tenancy administrator. + +In order to obtain the tenancy ocid, after logging in, from the menu, select Administration -> Tenancy Details. The tenancy OCID, will be found under Tenancy information and it will be similar to **ocid1.tenancy.oc1..aaa…** + +In order to get the user ocid, after logging in, from the menu, select Identity -> Users. Find your user and click on it (you will need to have this page open for uploading the oci_api_public_key). From this page, you can get the user OCID which will be similar to **ocid1.user.oc1..aaaa…** + +#### **Creating the OCI API Key Pair and Upload it to your user page** + +Create an oci_api_key pair in order to authenticate to oci as specified in the [documentation](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#How): + +Create the .oci directory in the home of the current user + +`$ mkdir ~/.oci` + +Generate the oci api private key + +`$ openssl genrsa -out ~/.oci/oci_api_key.pem 2048` + +Make sure only the current user can access this key + +`$ chmod go-rwx ~/.oci/oci_api_key.pem` + +Generate the oci api public key from the private key + +`$ openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem` + +You will have to upload the public key to the oci console for your user (go to your user page -> API Keys -> Add Public Key and paste the contents in there) in order to be able to do make API calls. + +After uploading the public key, you can see its fingerprint into the console. You will need that fingerprint for your variables.tf file. +You can also get the fingerprint from running the following command on your local workstation by using your newly generated oci api private key. + +`$ openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c` + +#### **Generating an SSH Key Pair on UNIX or UNIX-Like Systems Using ssh-keygen** + +- Run the ssh-keygen command. + +`ssh-keygen -b 2048 -t rsa` + +- The command prompts you to enter the path to the file in which you want to save the key. A default path and file name are suggested in parentheses. For example: /home/user_name/.ssh/id_rsa. To accept the default path and file name, press Enter. Otherwise, enter the required path and file name, and then press Enter. +- The command prompts you for a passphrase. Enter a passphrase, or press ENTER if you don't want to havea passphrase. + Note that the passphrase isn't displayed when you type it in. Remember the passphrase. If you forget the passphrase, you can't recover it. When prompted, enter the passphrase again to confirm it. +- The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_rsa, then the file name of the public key would be id_rsa.pub. + Make a note of the path where you've saved the SSH key pair. + When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding SSH private key and enter the passphrase when prompted. + +#### **Getting the Region** + +Even though, you may know your region name, you will needs its identifier for the variables.tf file (for example, US East Ashburn has us-ashburn-1 as its identifier). +In order to obtain your region identifier, you will need to Navigate in the OCI Console to Administration -> Region Management +Select the region you are interested in, and save the region identifier. + +#### **Prepare the variables.tf file** + +You will have to modify the **variables.tf** file to reflect the values that you’ve captured. + +``` +variable "tenancy_ocid" { + type = string + default = "" (tenancy ocid, obtained from OCI console - Profile -> Tenancy) +} + +variable "region" { + type = string + default = "" (the region used for deploying the infrastructure - ex: eu-frankfurt-1) +} + +variable "compartment_id" { + type = string + default = "" (the compartment used for deploying the solution - ex: compartment1) +} + +variable "user_ocid" { + type = string + default = "" (user ocid, obtained from OCI console - Profile -> User Settings) +} + +variable "fingerprint" { + type = string + default = "" (fingerprint obtained after setting up the API public key in OCI console - Profile -> User Settings -> API Keys -> Add Public Key) +} + +variable "private_key_path" { + type = string + default = "" (the path of your local oci api key - ex: /root/.ssh/oci_api_key.pem) +} +``` + +## Repository files + + +* **modules(folder)** - Contains folders with subsystems and modules for each section of the project: networking, autonomous database, analytics cloud, etc. +* **main.tf** - Main Terraform script used for instantiating the Oracle Cloud Infrastructure provider and all subsystems modules +* **README.md** - This file +* **outputs.tf** - Defines project's outputs that you will see after the code runs successfuly +* **provider.tf** - The terraform provider that will be used (OCI) +* **LICENSE** - The Universal Permissive License (UPL), Version 1.0 +* **local.tf** - Local values can be helpful to avoid repeating the same values or expressions multiple times in a configuration, but if overused they can also make a configuration hard to read by future maintainers by hiding the actual values used. +* **schema.yaml** - Schema documents are recommended for Terraform configurations when using Resource Manager. Including a schema document allows you to extend pages in the Oracle Cloud Infrastructure Console. Facilitate variable entry in the Create Stack page by surfacing SSH key controls and by naming, grouping, dynamically prepopulating values, and more. Define text in the Application Information tab of the stack detail page displayed for a created stack. +* **variables.tf** - Project's global variables + + +Secondly, populate the `terraform.tf` file with the disared configuration following the information: + + +# Autonomous Data Warehouse + +The ADW subsystem / module is able to create ADW/ATP databases. + +* Parameters: + * __adw_cpu_core_count__ - The number of OCPU cores to be made available to the database. For Autonomous Databases on dedicated Exadata infrastructure, the maximum number of cores is determined by the infrastructure shape. See Characteristics of Infrastructure Shapes for shape details. + * __adw_size_in_tbss__ - The size, in gigabytes, of the data volume that will be created and attached to the database. This storage can later be scaled up if needed. The maximum storage value is determined by the infrastructure shape. See Characteristics of Infrastructure Shapes for shape details. + * __adw_db_name__ - The database name. The name must begin with an alphabetic character and can contain a maximum of 14 alphanumeric characters. Special characters are not permitted. The database name must be unique in the tenancy. + * __adw_db_workload__ - The Autonomous Database workload type. The following values are valid: + - OLTP - indicates an Autonomous Transaction Processing database + - DW - indicates an Autonomous Data Warehouse database + - AJD - indicates an Autonomous JSON Database + - APEX - indicates an Autonomous Database with the Oracle APEX Application Development workload type. *Note: db_workload can only be updated from AJD to OLTP or from a free OLTP to AJD. + * __adw_db_version__ - A valid Oracle Database version for Autonomous Database.db_workload AJD and APEX are only supported for db_version 19c and above. + * __adw_enable_auto_scaling__ - Indicates if auto scaling is enabled for the Autonomous Database OCPU core count. The default value is FALSE. + * __adw_is_free_tier__ - Indicates if this is an Always Free resource. The default value is false. Note that Always Free Autonomous Databases have 1 CPU and 20GB of memory. For Always Free databases, memory and CPU cannot be scaled. When db_workload is AJD or APEX it cannot be true. + * __adw_license_model__ - The Oracle license model that applies to the Oracle Autonomous Database. Bring your own license (BYOL) allows you to apply your current on-premises Oracle software licenses to equivalent, highly automated Oracle PaaS and IaaS services in the cloud. License Included allows you to subscribe to new Oracle Database software licenses and the Database service. Note that when provisioning an Autonomous Database on dedicated Exadata infrastructure, this attribute must be null because the attribute is already set at the Autonomous Exadata Infrastructure level. When using shared Exadata infrastructure, if a value is not specified, the system will supply the value of BRING_YOUR_OWN_LICENSE. It is a required field when db_workload is AJD and needs to be set to LICENSE_INCLUDED as AJD does not support default license_model value BRING_YOUR_OWN_LICENSE. + * __database_admin_password__ - The password must be between 12 and 30 characters long, and must contain at least 1 uppercase, 1 lowercase, and 1 numeric character. It cannot contain the double quote symbol (") or the username "admin", regardless of casing. The password is mandatory if source value is "BACKUP_FROM_ID", "BACKUP_FROM_TIMESTAMP", "DATABASE" or "NONE". + * __database_wallet_password__ - (Required) The password to encrypt the keys inside the wallet. The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. + +Below is an example: + +``` +variable "adw_cpu_core_count" { + type = number + default = 1 +} + +variable "adw_size_in_tbs" { + type = number + default = 1 +} + +variable "adw_db_name" { + type = string + default = "ADWipan" +} + +variable "adw_db_workload" { + type = string + default = "DW" +} + +variable "adw_db_version" { + type = string + default = "19c" +} + +variable "adw_enable_auto_scaling" { + type = bool + default = true +} + +variable "adw_is_free_tier" { + type = bool + default = false +} + +variable "adw_license_model" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "database_admin_password" { + type = string + default = "" +} + +variable "database_wallet_password" { + type = string + default = "" +} + +``` + +# Oracle Analytics Cloud +This resource provides the Analytics Instance resource in Oracle Cloud Infrastructure Analytics service. +Create a new AnalyticsInstance in the specified compartment. The operation is long-running and creates a new WorkRequest. + +* Parameters + * __analytics_instance_feature_set__ - Analytics feature set: ENTERPRISE_ANALYTICS or SELF_SERVICE_ANALYTICS set + * __analytics_instance_license_type__ - The license used for the service: LICENSE_INCLUDED or BRING_YOUR_OWN_LICENSE + * __analytics_instance_hostname__ - The name of the Analytics instance. This name must be unique in the tenancy and cannot be changed. + * __analytics_instance_idcs_access_token__ - IDCS access token identifying a stripe and service administrator user. THe IDCS access token can be obtained from OCI console - Menu -> Identity & Security -> Federation -> OracleIdentityCloudService - and now click on the Oracle Identity Cloud Service Console) + Access Oracle Identity Cloud Service console, click the avatar icon on the top-right corner, and then click My Access Tokens. + You can download an access token in the following ways: + Select Invokes Identity Cloud Service APIs to specify the available administrator roles that are assigned to you. The APIs from the specified administrator roles will be included in the token. + Select Invokes other APIs to select confidential applications that are assigned to the user account. + Click Select an Application to add a configured confidential resource application. On the Select an Application window, the list of assigned confidential applications displays. + Click applications to select them, and then click Add. The My Access Tokens page lists the added applications. + In the Token Expires in (Mins) field, select or enter how long (in minutes) the access token you're generating can be used before it expires. You can choose to keep the default number or specify between 1 and 527,040. + Click Download Token. The access token is generated and downloaded to your local machine as a tokens.tok file. + * __analytics_instance_capacity_capacity_type__ - The capacity model to use. Accepted values are: OLPU_COUNT, USER_COUNT . Values are case-insensitive. + * __analytics_instance_capacity_value__ - The capacity value selected (OLPU count, number of users, …etc…). This parameter affects the number of CPUs, amount of memory or other resources allocated to the instance. + * __analytics_instance_network_endpoint_details_network_endpoint_type__ - The type of network endpoint public or private + * __whitelisted_ips__ and __analytics_instance_network_endpoint_details_whitelisted_ips__ - If the network_endpoint_type is public you need to put the Source IP addresses or IP address ranges igress rules. + + +Below is an example: +``` +variable "analytics_instance_feature_set" { + type = string + default = "ENTERPRISE_ANALYTICS" +} + +variable "analytics_instance_license_type" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "analytics_instance_hostname" { + type = string + default = "AnalyicSD" +} + +variable "analytics_instance_idcs_access_token" { + type = string + default = "copy-paste your token instead" +} + +variable "analytics_instance_capacity_capacity_type" { + type = string + default = "OLPU_COUNT" +} + +variable "analytics_instance_capacity_value" { + type = number + default = 1 +} + +variable "analytics_instance_network_endpoint_details_network_endpoint_type" { + type = string + default = "public" +} + +variable "whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} +``` + +# Network +This resource provides the Vcn resource in Oracle Cloud Infrastructure Core service anso This resource provides the Subnet resource in Oracle Cloud Infrastructure Core service. +The solution will create 1 VCN in your compartment, 2 subnets ( one public and one private so the analytics cloud instance can be public or private ), 2 route tables for incomming and outoing traffic, 2 Network Security Groups for ingress and egress traffic, 1 internet gateway, 2 route tables for each subnet, dhcp service, NAT Gateway and a Service Gateway. + +* Parameters + * __service_name__ - The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter. + * __vcn_cidr__ - The list of one or more IPv4 CIDR blocks for the VCN that meet the following criteria: + The CIDR blocks must be valid. + They must not overlap with each other or with the on-premises network CIDR block. + The number of CIDR blocks must not exceed the limit of CIDR blocks allowed per VCN. It is an error to set both cidrBlock and cidrBlocks. Note: cidr_blocks update must be restricted to one operation at a time (either add/remove or modify one single cidr_block) or the operation will be declined. + * __vcn_name__ - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information. + * __public_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the public subnet. + * __public_subnet_name__ - A user-friendly name for the public subnet. Does not have to be unique, and it's changeable. Avoid entering confidential information. + * __private_subnet_cidr__ - The CIDR IP address range of the subnet. The CIDR must maintain the following rules - a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges. This is the cidr for the private subnet. + * __private_subnet_name__ - A user-friendly name for the private subnet. Does not have to be unique, and it's changeable. Avoid entering confidential information. + + +Below is an example: +``` +variable "service_name" { + type = string + default = "servicename" + description = "prefix for stack resources" +} + +variable "vcn_cidr" { + default = "172.0.0.0/16" + description = "CIDR for new virtual cloud network" +} + +variable "vcn_name" { + default = "vcn" + description = "Name of new virtual cloud network" +} + +variable "public_subnet_cidr" { + default = "172.0.0.128/27" + description = "CIDR for bastion subnet" +} + +variable "public_subnet_name" { + default = "pub" +} + +variable "private_subnet_cidr" { + default = "172.0.0.32/27" +} + +variable "private_subnet_name" { + default = "priv" +} +``` + +Don't modify any other variables in the variable.tf file - it may cause that the solution will not work propertly. + +## Running the code + +``` +# Run init to get terraform modules +$ terraform init + +# Create the infrastructure +$ terraform apply --auto-approve + +# If you are done with this infrastructure, take it down +$ terraform destroy --auto-approve +``` + + +## Documentation + +[Autonomous Databases Overview](https://docs.oracle.com/en-us/iaas/Content/Database/Concepts/adboverview.htm) + +[Analytics Cloud Overview](https://docs.oracle.com/en-us/iaas/analytics-cloud/index.html) + +[Network Overview](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/overview.htm) + +[Terraform Autonomous Databases Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/database_autonomous_database) + +[Terraform Analytics Cloud Resource](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/analytics_analytics_instance) + +[Terraform Vcn resource in Oracle Cloud Infrastructure Core service](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_vcn) + +[Terraform Subnet resource in Oracle Cloud Infrastructure Core service](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_subnet) + + +## The Team +- **Owners**: [Panaitescu Ionel](https://github.com/ionelpanaitescu), [Corina Todea](https://github.com/ctodearo) +- **Contributors**: Name Name, [Name Name](https://github.com/somebody), [Name Name](https://github.com/somebody) + +## Feedback +We welcome your feedback. To post feedback, submit feature ideas or report bugs, please use the Issues section on this repository. + +## Known Issues +**At the moment, there are no known issues** \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/local.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/local.tf new file mode 100644 index 0000000..f69ecb1 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/local.tf @@ -0,0 +1,379 @@ +data "oci_identity_availability_domains" "ADs" { + compartment_id = var.tenancy_ocid +} + +data "oci_identity_tenancy" "tenancy" { + tenancy_id = var.tenancy_ocid +} + +data "template_file" "ad_names" { + count = length(data.oci_identity_availability_domains.ADs.availability_domains) + template = lookup(data.oci_identity_availability_domains.ADs.availability_domains[count.index], "name") +} + +data "oci_core_services" "tf_services" { + filter { + name = "cidr_block" + values = ["all-.*-services-in-oracle-services-network"] + regex = true + } +} + +# resource "oci_identity_tag_namespace" "namespace" { +# provider = oci +# compartment_id = var.compartment_id +# description = "cloudfoundationorcl" +# name = "cloudfoundationorcl-deploy-adw-oac" + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "release" { +# provider = oci +# description = "release" +# name = "release" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "solution" { +# provider = oci +# description = "solution" +# name = "solution" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "subsystem" { +# provider = oci +# description = "subsystem" +# name = "subsystem" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +# resource "oci_identity_tag" "module" { +# provider = oci +# description = "module" +# name = "module" +# tag_namespace_id = oci_identity_tag_namespace.namespace.id + +# provisioner "local-exec" { +# command = "sleep 60" +# } +# } + +locals { + +# # # Remove all characters from the service_name that dont satisfy the criteria: +# # # must start with letter, must only contain letters and numbers and length between 1,8 +# # # See https://github.com/google/re2/wiki/Syntax - regex syntax supported by replace() + service_name_prefix = replace(var.service_name, "/[^a-zA-Z0-9]/", "") + # # #Availability Domains + ad_names = compact(data.template_file.ad_names.*.rendered) + public_subnet_availability_domain = local.ad_names[0] + + num_ads = length( + data.oci_identity_availability_domains.ADs.availability_domains, + ) + + is_single_ad_region = local.num_ads == 1 ? true : false + use_existing_subnets = false + is_vcn_peering = false + vcnsCount = var.vcn_name !="" && local.use_existing_subnets==false ? 1:0 + assign_public_ip = var.assign_public_ip || var.subnet_type == "Use Public Subnet" ? true : false + + public_subnet_cidr = var.public_subnet_cidr == "" && var.vcn_name != "" && ! local.assign_public_ip ? local.is_vcn_peering ? "11.0.6.0/24" : "10.0.6.0/24" : var.public_subnet_cidr + private_subnet_cidr = var.private_subnet_cidr == "" && var.vcn_name != "" ? local.is_vcn_peering ? "11.0.3.0/24" : "10.0.3.0/24" : var.private_subnet_cidr + + public_subnet = { + exists = {compartment_id=var.compartment_id, + availability_domain=var.use_regional_subnet? "" : local.public_subnet_availability_domain, + cidr = local.public_subnet_cidr, + dns_label=replace("${var.public_subnet_name}-${substr(uuid(), -7, -1)}", "-",""), + private=false, + dhcp_options_id=module.network-dhcp-options.dhcp_options["${var.service_name}-${var.dhcp_options_name}"].id, + security_list_ids=local.public_security_list_id, + defined_tags=local.defined_tags, + # defined_tags=var.network_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags=local.freeform_tags} + not_exists = {compartment_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}} + } + + private_subnet = { + exists = {compartment_id=var.compartment_id, + availability_domain=var.use_regional_subnet? "" : var.private_subnet_availability_domain_name, + cidr = local.private_subnet_cidr, + dns_label=replace(format("%s-%s", var.private_subnet_name, substr(strrev(var.service_name), 0, 7)), "-",""), + private=true, + dhcp_options_id=module.network-dhcp-options.dhcp_options["${var.service_name}-${var.dhcp_options_name}"].id, + security_list_ids=local.private_security_list_id, + defined_tags=local.defined_tags, + # defined_tags=var.network_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags=local.freeform_tags} + not_exists={compartment_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}} + } + + exists_public_subnet = ! local.assign_public_ip && var.public_subnet_id == "" ? true : false + exists_private_subnet = ! local.assign_public_ip && var.private_subnet_id == "" ? true : false + + existing_public_subnet = local.public_subnet[local.exists_public_subnet ? "exists" : "not_exists"] + existing_private_subnet = local.private_subnet[local.exists_private_subnet ? "exists" : "not_exists"] + +create_subnets = {"${local.service_name_prefix}-${var.public_subnet_name}"=local.existing_public_subnet,"${local.service_name_prefix}-${var.private_subnet_name}"=local.existing_private_subnet} + +# Security Lists + + public-security-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = concat([ + { + stateless = false, + protocol = "6", + src = var.anywhere_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 22, max = 22}, + icmp_type = null, + icmp_code = null + }], + [ + { + stateless = false, + protocol = "6", + src = var.anywhere_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = {min = 80, max = 80}, + icmp_type = null, + icmp_code = null + }]), + egress_rules = [ + { + stateless = false, + protocol = "all", + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }] + } + not_exists = {vcn_id="", compartment_id="", defined_tags = {}, ingress_rules=[], egress_rules=[]} + } + + private-security-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = [ + { + stateless = false, + protocol = "6", + src = var.public_subnet_cidr, + src_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }], + egress_rules = [ + { + stateless = false, + protocol = "all", + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + src_port = null, + dst_port = null, + icmp_type = null, + icmp_code = null + }] + } + not_exists = {vcn_id="", compartment_id="", defined_tags = {}, ingress_rules=[], egress_rules=[]} + } + + public_security_list_id = compact( + concat( + [module.network-security-lists.security_lists["${var.service_name}-public-security-list"].id], + ), + ) + + private_security_list_id = compact( + concat( + [module.network-security-lists.security_lists["${var.service_name}-private-security-list"].id], + ), + ) + + public-security-list = local.public-security-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + private-security-list = local.private-security-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + + security-lists = { + !local.assign_public_ip ? "${var.service_name}-public-security-list" : "${var.service_name}-public-security-list" = local.public-security-list, + "${var.service_name}-private-security-list" = local.private-security-list, + } + + +# NSG: + public-nsgs-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = { ingress1 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + src = var.public_subnet_cidr, + src_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + egress_rules = { egress1 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + } + not_exists = {vcn_id="", ingress_rules=[], egress_rules=[]} + } + +### + private-nsgs-list-def = { + exists = { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + defined_tags=local.defined_tags, + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + ingress_rules = { ingress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + src = var.private_subnet_cidr, + src_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }}, + egress_rules = { egress2 = { + is_create = true, + description = "Parameters for customizing Network Security Group(s).", + protocol = "all", + stateless = false, + dst = var.anywhere_cidr, + dst_type = "CIDR_BLOCK", + dst_port_min = null, + dst_port_max = null, + src_port_min = null, + src_port_max = null, + icmp_type = null, + icmp_code = null + }} + } + not_exists = {vcn_id="", ingress_rules=[], egress_rules=[]} + } + + + public_nsg_list_id = compact( + concat( + [module.network-security-groups.nsgs["${var.service_name}-public-nsg-list"].id], + ), + ) + + private_nsg_list_id = compact( + concat( + [module.network-security-groups.nsgs["${var.service_name}-private-nsg-list"].id], + ), + ) + + public-nsg-list = local.public-nsgs-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + private-nsg-list = local.private-nsgs-list-def[local.use_existing_subnets ? "not_exists" : "exists"] + nsgs-lists = {!local.assign_public_ip ? "${var.service_name}-public-nsg-list" : "${var.service_name}-public-nsg-list" = local.public-nsg-list, + "${var.service_name}-private-nsg-list" = local.private-nsg-list, + } + +# Tags + + #map of Tag key and value + #special chars string denotes empty values for tags for validation purposes + #otherwise zipmap function below fails first for empty strings before validators executed + use_defined_tags = var.defined_tag == "~!@#$%^&*()" && var.defined_tag_value == "~!@#$%^&*()" ? false : true + use_freeform_tags = var.free_form_tag == "~!@#$%^&*()" && var.free_form_tag_value == "~!@#$%^&*()" ? false : true + + #ignore defaults of special chars if tags are not provided + defined_tag = false == local.use_defined_tags ? "" : var.defined_tag + defined_tag_value = false == local.use_defined_tags ? "" : var.defined_tag_value + free_form_tag = false == local.use_freeform_tags ? "" : var.free_form_tag + free_form_tag_value = false == local.use_freeform_tags ? "" : var.free_form_tag_value + + defined_tags = zipmap( + compact([trimspace(local.defined_tag)]), + compact([trimspace(local.defined_tag_value)]), + ) + freeform_tags = zipmap( + compact([trimspace(local.free_form_tag)]), + compact([trimspace(local.free_form_tag_value)]), + ) + +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/main.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/main.tf new file mode 100644 index 0000000..916dbfe --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/main.tf @@ -0,0 +1,235 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "adw" { + source = "./modules/adw_subsystem" + compartment_id = var.compartment_id + adw_cpu_core_count = var.adw_cpu_core_count + adw_size_in_tbs = var.adw_size_in_tbs + adw_db_name = var.adw_db_name + adw_db_workload = var.adw_db_workload + adw_db_version = var.adw_db_version + adw_enable_auto_scaling = var.adw_enable_auto_scaling + adw_is_free_tier = var.adw_is_free_tier + adw_license_model = var.adw_license_model + database_admin_password = var.database_admin_password + database_wallet_password = var.database_wallet_password + # subnet_ocid = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id + # nsg_ids = module.network-security-groups.nsgid + defined_tags = local.defined_tags + # defined_tags = var.adw_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "adw_subsystem", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "adw" + # } +} + + +module "oac" { + source = "./modules/oac_subsystem" + compartment_id = var.compartment_id + analytics_instance_feature_set = var.analytics_instance_feature_set + analytics_instance_license_type = var.analytics_instance_license_type + analytics_instance_hostname = var.analytics_instance_hostname + analytics_instance_idcs_access_token = var.analytics_instance_idcs_access_token + analytics_instance_capacity_capacity_type = var.analytics_instance_capacity_capacity_type + analytics_instance_capacity_value = var.analytics_instance_capacity_value + analytics_instance_network_endpoint_details_network_endpoint_type = var.analytics_instance_network_endpoint_details_network_endpoint_type + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + analytics_instance_network_endpoint_details_whitelisted_ips = var.analytics_instance_network_endpoint_details_whitelisted_ips + analytics_instance_network_endpoint_details_whitelisted_vcns_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + whitelisted_ips = var.whitelisted_ips + defined_tags = local.defined_tags + # defined_tags = var.oac_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "oac_subsystem", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "oac" + # } +} + +module "network-vcn" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" + + compartment_id = var.compartment_id + service_label = var.service_name + service_gateway_cidr = lookup(data.oci_core_services.tf_services.services[0], "cidr_block") + + vcns = {for x in range(local.vcnsCount) : "${var.service_name}-${var.vcn_name}" => { + + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = format("%svcn",substr((var.service_name), 0, 10)) + is_create_igw = (var.vcn_name=="" || local.use_existing_subnets) ? false : true + is_attach_drg = false + block_nat_traffic = local.assign_public_ip && var.vcn_name!="" ? true : false + + subnets = {subnet={compartment_id="", vcn_id="", availability_domain="", cidr="", dns_label="",private=false,dhcp_options_id="",security_list_ids=[""], defined_tags={}, freeform_tags={}}} + + defined_tags = local.defined_tags + # defined_tags = var.network_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-subnets" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-basic" + + compartment_id = var.compartment_id + service_label = var.service_name + service_gateway_cidr = "all-.*-services-in-oracle-services-network" + + vcns = {for x in range(local.vcnsCount) : "" => { + + compartment_id = var.compartment_id + cidr = var.vcn_cidr + dns_label = format("%svcn",substr((var.service_name), 0, 10)) + is_create_igw = false + is_attach_drg = false + block_nat_traffic = local.assign_public_ip && var.vcn_name!="" ? true : false + + subnets = {for k, v in local.create_subnets: k => { + compartment_id = v.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id + availability_domain = v.availability_domain, + cidr = v.cidr, + dns_label = v.dns_label, + private = v.private, + dhcp_options_id = v.dhcp_options_id, + security_list_ids = v.security_list_ids, + defined_tags = v.defined_tags, + freeform_tags = v.freeform_tags + } if v.compartment_id != "" + } + + defined_tags = local.defined_tags + # defined_tags = var.network_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-basic" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-routing" { + + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" + + compartment_id = var.compartment_id + + subnets_route_tables = { + "${local.service_name_prefix}-routetable-out" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.public_subnet_name}").id, + route_table_id = "", + route_rules = [{ + is_create = true, + destination = "0.0.0.0/0", + destination_type = "CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.internet_gateways, lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id).id, + description = "" + }], + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + }, + "${local.service_name_prefix}-routetable" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.private_subnet_name}").id, + route_table_id = "", + route_rules = concat( [], + [ + { + is_create = true + destination = lookup(data.oci_core_services.tf_services.services[0], "cidr_block"), + destination_type = "SERVICE_CIDR_BLOCK", + network_entity_id = lookup(module.network-vcn.service_gateways, lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id).id, + description = "" + } + ]), + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + } + } +} + +module "network-routing-attachment" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/vcn-routing" + compartment_id = var.compartment_id + + subnets_route_tables = { + "" = { + compartment_id = var.compartment_id, + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + subnet_id = lookup(module.network-subnets.subnets,"${local.service_name_prefix}-${var.public_subnet_name}").id, + route_table_id = lookup(module.network-routing.subnets_route_tables,"${local.service_name_prefix}-routetable-out").id, + route_rules = ([]), + defined_tags = local.defined_tags + # defined_tags = var.routing_defined_tags + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "vcn-routing" + # } + } + } +} + +module "network-security-lists" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + ports_not_allowed_from_anywhere_cidr = [3390,4500] + + security_lists = { + for k,v in local.security-lists : k => v if v.compartment_id != "" + } +} + +module "network-dhcp-options" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + + dhcp_options = {for x in range(local.is_vcn_peering ? 0 : (local.use_existing_subnets ? 0 : 1 ) ) : "${var.service_name}-${var.dhcp_options_name}" => { + vcn_id = lookup(module.network-vcn.vcns,"${var.service_name}-${var.vcn_name}").id, + compartment_id = var.compartment_id, + options = { + type = "DomainNameServer" + server_type = "VcnLocalPlusInternet" + }, + defined_tags = local.defined_tags + # defined_tags = var.security_defined_tags, + # defined_tags = { "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.release.name}" = "1.0", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.subsystem.name}" = "network", + # "${oci_identity_tag_namespace.namespace.name}.${oci_identity_tag.module.name}" = "security" + # } + freeform_tags = local.freeform_tags + } + } +} + +module "network-security-groups" { + source = "../../../cloud-foundation/modules/oci-cis-landingzone-quickstart/network/security" + compartment_id = var.compartment_id + + nsgs = { + for k,v in local.nsgs-lists : k => v if v.compartment_id != "" + } +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/main.tf new file mode 100644 index 0000000..50963df --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/main.tf @@ -0,0 +1,28 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "adw" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/database/adw" + adw_params = { + adw = { + compartment_id = var.compartment_id, + adw_cpu_core_count = var.adw_cpu_core_count, + adw_size_in_tbs = var.adw_size_in_tbs, + adw_db_name = var.adw_db_name, + adw_db_workload = var.adw_db_workload, + adw_db_version = var.adw_db_version, + adw_enable_auto_scaling = var.adw_enable_auto_scaling, + adw_is_free_tier = var.adw_is_free_tier, + adw_license_model = var.adw_license_model, + database_admin_password = var.database_admin_password, + database_wallet_password = var.database_wallet_password, + # subnet_id = var.subnet_ocid, + # nsg_ids = var.nsg_ids, + defined_tags = var.defined_tags + }, + } +} + + + + \ No newline at end of file diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/outputs.tf new file mode 100644 index 0000000..0976316 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/outputs.tf @@ -0,0 +1,6 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "ADW_Service_Console_URL" { + value = module.adw.ADW_Service_Console_URL +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/variables.tf new file mode 100644 index 0000000..df44792 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/adw_subsystem/variables.tf @@ -0,0 +1,26 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" {} +variable "adw_cpu_core_count" {} +variable "adw_size_in_tbs" {} +variable "adw_db_name" {} +variable "adw_db_workload" {} +variable "adw_db_version" {} +variable "adw_enable_auto_scaling" {} +variable "adw_is_free_tier" {} +variable "adw_license_model" {} +variable "database_admin_password" {} +variable "database_wallet_password" {} + +# variable "subnet_ocid" {} + +# variable "nsg_ids" { +# type = list(string) +# default = [] +# } + +variable "defined_tags" { + type = map + default = {} +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/main.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/main.tf new file mode 100644 index 0000000..ae21690 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/main.tf @@ -0,0 +1,24 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +module "oac" { + source = "../../../../../cloud-foundation/modules/cloud-foundation-library/oac" + oac_params = { + oac = { + compartment_id = var.compartment_id, + analytics_instance_feature_set = var.analytics_instance_feature_set, + analytics_instance_license_type = var.analytics_instance_license_type, + analytics_instance_hostname = var.analytics_instance_hostname, + analytics_instance_idcs_access_token = var.analytics_instance_idcs_access_token, + analytics_instance_capacity_capacity_type = var.analytics_instance_capacity_capacity_type, + analytics_instance_capacity_value = var.analytics_instance_capacity_value, + defined_tags = var.defined_tags + analytics_instance_network_endpoint_details_network_endpoint_type = var.analytics_instance_network_endpoint_details_network_endpoint_type + subnet_id = var.subnet_id + vcn_id = var.vcn_id + analytics_instance_network_endpoint_details_whitelisted_ips = var.analytics_instance_network_endpoint_details_whitelisted_ips + analytics_instance_network_endpoint_details_whitelisted_vcns_id = var.analytics_instance_network_endpoint_details_whitelisted_vcns_id + whitelisted_ips = var.whitelisted_ips + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/outputs.tf new file mode 100644 index 0000000..896ba46 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/outputs.tf @@ -0,0 +1,11 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "Analytics_URL" { + value = module.oac.Analytics_URL +} + + + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/variables.tf new file mode 100644 index 0000000..4fd45c6 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/modules/oac_subsystem/variables.tf @@ -0,0 +1,55 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +variable "compartment_id" { + type = string +} + +variable "analytics_instance_feature_set" { + type = string +} + +variable "analytics_instance_license_type" { + type = string +} + +variable "analytics_instance_hostname" { + type = string +} + +variable "analytics_instance_idcs_access_token" { + type = string +} + +variable "analytics_instance_capacity_capacity_type" { + type = string +} + +variable "analytics_instance_capacity_value" { + type = number +} + +variable "defined_tags" { + type = map + default = {} +} + +variable "subnet_id" {} +variable "vcn_id" {} +variable "analytics_instance_network_endpoint_details_network_endpoint_type" {} +variable "analytics_instance_network_endpoint_details_whitelisted_vcns_id" {} + +variable "whitelisted_ips" { + type = list(string) + default = [] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = [] +} + + + + + diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/outputs.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/outputs.tf new file mode 100644 index 0000000..3f82620 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/outputs.tf @@ -0,0 +1,15 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +output "ADW_Service_Console_URL" { + value = module.adw.ADW_Service_Console_URL +} + +output "Analytics_URL" { + value = module.oac.Analytics_URL +} + +output "Instructions" { + value = "Please use the ADW URL to login by using the user admin and the password that it's provided in the output.Also change the password with one that you desire." +} + diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/provider.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/provider.tf new file mode 100644 index 0000000..6019931 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/provider.tf @@ -0,0 +1,11 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_providers { + oci = { + version = ">= 4.37.0" + source = "hashicorp/oci" + } + } +} diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/schema.yaml b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/schema.yaml new file mode 100644 index 0000000..1196415 --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/schema.yaml @@ -0,0 +1,373 @@ +title: "Create ADW and OAC in Oracle Cloud Infrastructure" +stackDescription: "Deploy Autonomous Data Warehouse (ADW) and Oracle Analytics Cloud (OAC) in Oracle Cloud Infrastructure." +schemaVersion: 1.1.0 +version: "20210902" +locale: "en" +groupings: + - title: "General Settings" + visible: true + variables: + - region + - tenancy_ocid + - compartment_id + - display_name_prefix + - title: "Autonomous Database Configuration" + variables: + - adw_db_name + - adw_is_free_tier + - adw_license_model + - database_admin_password + - database_wallet_password + - adw_db_version + - adw_size_in_tbs + - adw_enable_auto_scaling + - adw_cpu_core_count + - adw_db_workload + - title: "Oracle Analytics Cloud Configuration" + variables: + - analytics_instance_hostname + - analytics_instance_license_type + - analytics_instance_feature_set + - analytics_instance_capacity_value + - analytics_instance_capacity_capacity_type + - analytics_instance_network_endpoint_details_network_endpoint_type + - analytics_instance_idcs_access_token + - title: "Network Configuration" + variables: + - service_name + - vcn_cidr + - vcn_name + - public_subnet_name + - public_subnet_cidr + - private_subnet_name + - private_subnet_cidr + - show_advanced_options + - title: "Hidden Variables" + visible: false + variables: + - user_ocid + - fingerprint + - private_key_path + - defined_tag + - defined_tag_value + - free_form_tag + - free_form_tag_value + - dhcp_options_name + - anywhere_cidr + - assign_public_ip + - use_regional_subnet + - subnet_type + - private_subnet_availability_domain_name + - private_subnet_id + - public_subnet_id + - whitelisted_ips + - analytics_instance_network_endpoint_details_whitelisted_ips +# General Configuration Variables +variables: + tenancy_ocid: + title: Tenancy ID + description: The Oracle Cloud Identifier (OCID) for your tenancy. + type: string + required: true + visible: false + region: + title: Region + description: Select Region where all resources will be created. + type: oci:identity:region:name + required: true + visible: true + compartment_id: + title: Stack Compartment + description: Choose the compartment where all resources will be provisioned. + type: oci:identity:compartment:id + required: true + visible: true + display_name_prefix: + title: Display Name Prefix + type: string + default: "Autonomous Data Warehouse (ADW) and Oracle Analytics Cloud (OAC)" + description: Enter the Display name for the solution. + required: true + visible: true +# Autonomous Database Configuration Variables + adw_db_name: + title: Database Name + description: "Provide Database name. Constraints: 12 alphanumeric characters only. No Spaces." + required: true + type: string + maxLength: 14 + adw_is_free_tier: + title: Do do want a always Free Oracle Autonomous Database instance? + description: "Provision Always Free Oracle Autonomous Database instance (1 OCPU 20 GB Storage)?" + type: enum + enum: + - "true" + - "false" + default: "false" + required: true + visible: true + adw_license_model: + title: "Provision Paid Oracle Autonomous Database instance (2 OCPU 1 TB Storage) - License Included or BYOL?" + description: "Note: This configuration can be changed later from the OCI console." + type: enum + enum: + - LICENSE_INCLUDED + - BRING_YOUR_OWN_LICENSE + default: LICENSE_INCLUDED + required: true + visible: + eq: + - adw_is_free_tier + - "false" + database_admin_password: + title: Database Admin Password + description: "Provide admin password. Constraints: 12 - 30 characters. At least one uppercase letter, one lowercase letter, and one number. No special characters." + type: password + required: true + confirmation: true + pattern: ((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*[%!@^&)(]).{12,20}) + database_wallet_password: + title: Database Wallet Password + description: Provide database wallet password. Must be a minimum 12 characters, contain at least one uppercase letter, one lowercase letter, one number. Do not include special characters. + type: password + required: true + confirmation: true + pattern: ((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*[%!@^&)(]).{12,20}) + adw_db_version: + title: "A valid Oracle Database version for Autonomous Database" + description: "A valid Oracle Database version for Autonomous Database" + type: enum + enum: + - "19c" + default: "19c" + required: true + visible: true + adw_size_in_tbs: + title: "The quantity of data in the database, in terabytes." + description: "The quantity of data in the database, in terabytes." + type: enum + enum: + - 1 + - 2 + - 4 + - 6 + - 8 + - 10 + - 12 + - 16 + - 24 + - 36 + - 52 + - 128 + default: 1 + visible: true + required: true + adw_enable_auto_scaling: + title: Indicates if auto scaling is enabled for the Autonomous Database CPU core count. + description: "Indicates if auto scaling is enabled for the Autonomous Database CPU core count. " + type: enum + enum: + - "true" + - "false" + default: "true" + required: true + visible: true + adw_cpu_core_count: + title: The number of OCPU cores to be made available to the database + description: "The number of OCPU cores to enable. Available cores are subject to your tenancy's service limits." + type: enum + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + - 8 + - 9 + - 10 + - 11 + - 12 + default: 1 + required: true + visible: true + adw_db_workload: + title: Autonomous Database Type of workload. + description: "Autonomous Database Type of workload." + type: enum + enum: + - "DW" + default: "DW" + required: true + visible: false + # Oracle Analytics Cloud Configuration + analytics_instance_hostname: + title: Analytics Instance Name + description: "Enter a unique name for this instance. The name provided must start with a letter, contain only alphanumeric characters, no spaces and span up to 30 characters in total." + type: string + maxLength: 30 + default: "AnalyticsG" + required: true + visible: true + analytics_instance_license_type: + title: Analytics License + description: Choose your Oracle Analytics Cloud License Type. + type: enum + enum: + - LICENSE_INCLUDED + - BRING_YOUR_OWN_LICENSE + default: LICENSE_INCLUDED + visible: true + required: true + analytics_instance_feature_set: + title: Analytics Instance Type + description: Choose the Analytics Product Type. + type: enum + enum: + - SELF_SERVICE_ANALYTICS + - ENTERPRISE_ANALYTICS + default: "ENTERPRISE_ANALYTICS" + visible: create_analytics_instance + required: true + analytics_instance_capacity_value: + title: Analytics Instance Capacity + description: Provide the number of OCPUs for the Oracle Analytics Instance. + type: enum + enum: + - 1 + - 2 + - 4 + - 6 + - 8 + - 10 + - 12 + - 16 + - 24 + - 36 + - 52 + default: 1 + visible: true + required: true + analytics_instance_capacity_capacity_type: + title: Analytics Instance Capacity Type + description: The capacity value selected (OLPU count, number of users, …etc…). This parameter affects the number of CPUs, amount of memory or other resources allocated to the instance. + type: enum + enum: + - "OLPU_COUNT" + - "USERS_COUNT" + default: "OLPU_COUNT" + visible: true + required: true + analytics_instance_network_endpoint_details_network_endpoint_type: + title: Analytics Instance Base representation of a network endpoint + description: "The type of network endpoint: Public or Private Network endpoint" + type: enum + enum: + - "public" + - "private" + default: "public" + visible: true + required: true + analytics_instance_idcs_access_token: + title: IDCS Access Token + description: Provide IDCS Access token. See Pre-req section in the Installation Document. + type: string + default: "copy-paste your token instead" + visible: true + required: true +# Network Configuration + service_name: + visible: + and: + - show_advanced_options + type: string + default: "servicename" + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: Resource Name Prefix + description: The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter. + vcn_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.0/16" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + title: VCN Network CIDR + required: true + description: The CIDR to assign to the new Virtual Cloud Network (VCN) to create for this service. This field is not required if you want to use an existing VCN. When using VCN peering ensure that the VCNs being peered have non-overlapping CIDR blocks. + vcn_name: + visible: + and: + - show_advanced_options + type: string + default: "vcn" + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: VCN Name + description: The name of the new Virtual Cloud Network (VCN) to create for this service + public_subnet_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.128/27" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: Public Subnet CIDR + description: "The CIDR of the new public subnet." + public_subnet_name: + visible: + and: + - show_advanced_options + type: string + default: "pub" + required: true + title: Public Subnet Name + description: "The name of the new public subnet." + private_subnet_cidr: + visible: + and: + - show_advanced_options + type: string + default: "172.0.0.32/27" + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: Private Subnet CIDR + description: "The CIDR of the new private subnet." + private_subnet_name: + visible: + and: + - show_advanced_options + type: string + default: "priv" + required: true + title: Private Subnet Name + description: "The name of the new private subnet." + show_advanced_options: + title: Show Advanced Options + description: Enable advanced options for network. + type: boolean + default: false + visible: true +outputs: + Instructions: + type: string + title: Instructions + Analytics_URL: + type: link + title: Analytics URL + ADW_Service_Console_URL: + type: link + title: ADB Service Console URL +outputGroups: + - title: Application + outputs: + - Instructions + - ADW_Service_Console_URL + - Analytics_URL diff --git a/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/variables.tf b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/variables.tf new file mode 100644 index 0000000..4428a1d --- /dev/null +++ b/cloud-foundation/solutions/Departmental-DWH-Small-Footprint-Solution/variables.tf @@ -0,0 +1,244 @@ +# Copyright © 2021, Oracle and/or its affiliates. +# All rights reserved. Licensed under the Universal Permissive License (UPL), Version 1.0 as shown at https://oss.oracle.com/licenses/upl. + + +terraform { + required_version = ">= 0.14.0" +} + +variable "tenancy_ocid" { + type = string + default = "" +} +variable "region" { + type = string + default = "" +} + +variable "compartment_id" { + type = string + default = "" +} + +variable "user_ocid" { + type = string + default = "" +} + +variable "fingerprint" { + type = string + default = "" +} + +variable "private_key_path" { + type = string + default = "" +} + +# Autonomous Database Configuration Variables + +variable "adw_cpu_core_count" { + type = number + default = 1 +} + +variable "adw_size_in_tbs" { + type = number + default = 1 +} + +variable "adw_db_name" { + type = string + default = "ADWiopa" +} + +variable "adw_db_workload" { + type = string + default = "DW" +} + +variable "adw_db_version" { + type = string + default = "19c" +} + +variable "adw_enable_auto_scaling" { + type = bool + default = true +} + +variable "adw_is_free_tier" { + type = bool + default = false +} + +variable "adw_license_model" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "database_admin_password" { + type = string + default = "" +} + +variable "database_wallet_password" { + type = string + default = "" +} + +# Oracle Analytics Cloud Configuration + +variable "analytics_instance_feature_set" { + type = string + default = "ENTERPRISE_ANALYTICS" +} + +variable "analytics_instance_license_type" { + type = string + default = "LICENSE_INCLUDED" +} + +variable "analytics_instance_hostname" { + type = string + default = "AnalyicSD" +} + +variable "analytics_instance_idcs_access_token" { + type = string + default = "copy-paste your token instead" +} + +variable "analytics_instance_capacity_capacity_type" { + type = string + default = "OLPU_COUNT" +} + +variable "analytics_instance_capacity_value" { + type = number + default = 1 +} + +variable "analytics_instance_network_endpoint_details_network_endpoint_type" { + type = string + default = "public" +} + +variable "whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +variable "analytics_instance_network_endpoint_details_whitelisted_ips" { + type = list(string) + default = ["0.0.0.0/0"] +} + +# Network + +variable "service_name" { + type = string + default = "servicename" + description = "prefix for stack resources" +} + +variable "vcn_cidr" { + default = "172.0.0.0/16" + description = "CIDR for new virtual cloud network" +} + +variable "vcn_name" { + default = "vcn" + description = "Name of new virtual cloud network" +} + +variable "public_subnet_cidr" { + default = "172.0.0.128/27" + description = "CIDR for bastion subnet" +} + +variable "public_subnet_name" { + default = "pub" +} + +variable "private_subnet_cidr" { + default = "172.0.0.32/27" +} + +variable "private_subnet_name" { + default = "priv" +} + +# don't modify any other variables (below) - it may cause that the solution will not work propertly. + +variable "use_regional_subnet" { + type = bool + default = true + description = "Indicates use of regional subnets (preferred) instead of AD specific subnets" +} + +variable "subnet_type" { + default = "Use Private Subnet" +} + +variable "public_subnet_id" { + default = "" + description = "OCID for existing subnet for bastion instance" +} + +variable "private_subnet_id" { + default = "" + description = "OCID for existing subnet for weblogic instances" +} + +variable "assign_public_ip" { + type = bool + default = false + description = "Indicates use of private subnets" +} + +variable "private_subnet_availability_domain_name" { + type = string + default = "" + description = "availablility domain for weblogic vm instances" +} + +variable "dhcp_options_name" { + default = "dhcpOptions" +} + +variable anywhere_cidr { + default = "0.0.0.0/0" +} + +# Define Tags + + +#Note: special chars string denotes empty values for tags for validation purposes +#otherwise zipmap function in main.tf fails first for empty strings before validators executed. + +variable "defined_tag" { + type = string + default = "~!@#$%^&*()" + description = "defined resource tag name" +} + +variable "defined_tag_value" { + type = string + default = "~!@#$%^&*()" + description = "defined resource tag value" +} + +variable "free_form_tag" { + type = string + default = "~!@#$%^&*()" + description = "free form resource tag name" +} + +variable "free_form_tag_value" { + type = string + default = "~!@#$%^&*()" + description = "free form resource tag value" +} + +# End diff --git a/cloud-foundation/solutions/README.md b/cloud-foundation/solutions/README.md new file mode 100644 index 0000000..5bfc83e --- /dev/null +++ b/cloud-foundation/solutions/README.md @@ -0,0 +1,8 @@ +# Oracle Cloud Foundation Terraform Solution Available today + + +## Overview +For the moment we have implemented the following solutions: +- Departmental DWH Full Solution +- Departmental DWH Small Footprint Solution +- Weblogic Clustered Deployment Solution \ No newline at end of file