Support for bastion service

oracle-quickstart · Aug 19, 2021 · e000810 · e000810
1 parent bc409e0
commit e000810
Show file tree

Hide file tree

Showing 13 changed files with 100 additions and 73 deletions.
diff --git a/bastion.tf b/bastion.tf
@@ -0,0 +1,44 @@
+## Copyright © 2021, Oracle and/or its affiliates. 
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+resource "oci_bastion_bastion" "bastion-service" {
+  count                        = var.use_bastion_service ? 1 : 0
+  bastion_type                 = "STANDARD"
+  compartment_id               = var.compartment_ocid
+  target_subnet_id             = oci_core_subnet.JenkinsBastion.id
+  client_cidr_block_allow_list = ["0.0.0.0/0"]
+  name                         = "BastionService"
+  max_session_ttl_in_seconds   = 1800
+  defined_tags                 = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
+
+resource "oci_core_instance" "JenkinsBastion" {
+  count               = var.use_bastion_service ? 0 : 1
+  availability_domain = var.availablity_domain_name
+  compartment_id      = var.compartment_ocid
+  display_name        = var.bastion_display_name
+  shape               = local.bastion_shape
+
+  dynamic "shape_config" {
+    for_each = local.bastion_is_flex_shape
+    content {
+      ocpus         = local.bastion_flex_shape_ocpus
+      memory_in_gbs = local.bastion_flex_shape_memory
+    }
+  }
+
+  create_vnic_details {
+    subnet_id        = oci_core_subnet.JenkinsBastion.id
+    assign_public_ip = true
+  }
+
+  metadata = {
+    ssh_authorized_keys = tls_private_key.public_private_key_pair.public_key_openssh
+  }
+
+  source_details {
+    source_id   = lookup(data.oci_core_images.bastion_image.images[0], "id")
+    source_type = "image"
+  }
+  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
diff --git a/compute.tf b/compute.tf
@@ -1,37 +1,6 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
-resource "oci_core_instance" "JenkinsBastion" {
-  availability_domain = var.availablity_domain_name
-  compartment_id      = var.compartment_ocid
-  display_name        = var.bastion_display_name
-  shape               = local.bastion_shape
-
-  dynamic "shape_config" {
-    for_each = local.bastion_is_flex_shape
-    content {
-      ocpus         = local.bastion_flex_shape_ocpus
-      memory_in_gbs = local.bastion_flex_shape_memory
-    }
-  }
-
-
-  create_vnic_details {
-    subnet_id        = oci_core_subnet.JenkinsBastion.id
-    assign_public_ip = true
-  }
-
-  metadata = {
-    ssh_authorized_keys = tls_private_key.public_private_key_pair.public_key_openssh
-  }
-
-  source_details {
-    source_id   = lookup(data.oci_core_images.bastion_image.images[0], "id")
-    source_type = "image"
-  }
-  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
-}
-
 # ------------------------------------------------------------------------------
 # DEPLOY THE JENKINS CLUSTER
 # ------------------------------------------------------------------------------
@@ -56,9 +25,14 @@ module "jenkins" {
   agent_flex_shape_memory      = var.agent_flex_shape_memory
   ssh_authorized_keys          = tls_private_key.public_private_key_pair.public_key_openssh
   ssh_private_key              = tls_private_key.public_private_key_pair.private_key_pem
-  bastion_host                 = oci_core_instance.JenkinsBastion.public_ip
-  bastion_user                 = var.bastion_user
+  use_bastion_service          = var.use_bastion_service
+  bastion_service_id           = var.use_bastion_service ? oci_bastion_bastion.bastion-service[0].id : ""
+  bastion_service_region       = var.use_bastion_service ? var.region : ""
+  bastion_host                 = var.use_bastion_service ? "" : oci_core_instance.JenkinsBastion[0].public_ip
+  bastion_user                 = var.use_bastion_service ? "" : var.bastion_user
   bastion_private_key          = tls_private_key.public_private_key_pair.private_key_pem
+  bastion_authorized_keys      = tls_private_key.public_private_key_pair.public_key_openssh
   http_port                    = var.http_port
 }
 
+
diff --git a/datasources.tf b/datasources.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 # Gets a list of Availability Domains
@@ -14,13 +14,15 @@ data "template_file" "ad_names" {
 }
 
 data "oci_core_vnic_attachments" "bastion_VNIC1_attach" {
+  count               = var.use_bastion_service ? 0 : 1
   availability_domain = var.availablity_domain_name
   compartment_id      = var.compartment_ocid
-  instance_id         = oci_core_instance.JenkinsBastion.id
+  instance_id         = oci_core_instance.JenkinsBastion[count.index].id
 }
 
 data "oci_core_vnic" "bastion_VNIC1" {
-  vnic_id = data.oci_core_vnic_attachments.bastion_VNIC1_attach.vnic_attachments.0.vnic_id
+  count   = var.use_bastion_service ? 0 : 1
+  vnic_id = data.oci_core_vnic_attachments.bastion_VNIC1_attach[count.index].vnic_attachments.0.vnic_id
 }
 
 data "oci_core_images" "controller_image" {

diff --git a/lb.tf b/lb.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 locals {

diff --git a/locals.tf b/locals.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 locals {
@@ -44,4 +44,4 @@ locals {
   agent_flex_shape_memory = var.agent_flex_shape_memory
 
 
-}
+}
diff --git a/network.tf b/network.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 ############################################

diff --git a/outputs.tf b/outputs.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 output "controller_private_ip" {
@@ -17,11 +17,11 @@ output "jenkins_https_login_url" {
   value = "https://${oci_load_balancer.JenkinsLB.ip_addresses[0]}:${var.lb_https_port}/"
 }
 
-
 output "generated_ssh_private_key" {
-  value = tls_private_key.public_private_key_pair.private_key_pem
+  value     = tls_private_key.public_private_key_pair.private_key_pem
+  sensitive = true
 }
 
 output "bastion_public_ip" {
-  value = data.oci_core_vnic.bastion_VNIC1.public_ip_address
+  value = data.oci_core_vnic.bastion_VNIC1.*.public_ip_address
 }
diff --git a/provider.tf b/provider.tf
@@ -1,23 +1,23 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 ############################################
 # Provider
 ############################################
 provider "oci" {
-  tenancy_ocid     = var.tenancy_ocid
-  user_ocid        = var.user_ocid
-  fingerprint      = var.fingerprint
-  private_key_path = var.private_key_path
-  region           = var.region
+  tenancy_ocid = var.tenancy_ocid
+  # user_ocid        = var.user_ocid
+  # fingerprint      = var.fingerprint
+  # private_key_path = var.private_key_path
+  region = var.region
 }
 
 provider "oci" {
-  alias                = "homeregion"
-  tenancy_ocid         = var.tenancy_ocid
-  user_ocid            = var.user_ocid
-  fingerprint          = var.fingerprint
-  private_key_path     = var.private_key_path
+  alias        = "homeregion"
+  tenancy_ocid = var.tenancy_ocid
+  # user_ocid            = var.user_ocid
+  # fingerprint          = var.fingerprint
+  # private_key_path     = var.private_key_path
   region               = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name
   disable_auto_retries = "true"
 }
diff --git a/schema.yaml b/schema.yaml
@@ -1,4 +1,4 @@
-# Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 title: "Jenkins in controller-agent mode"
@@ -24,6 +24,7 @@ variableGroups:
   - compartment_ocid
   - availablity_domain_name 
   - jenkins_password
+  - use_bastion_service
   - show_advanced
 
 - title: Networking Optional Configuration
@@ -109,6 +110,14 @@ variables:
     required: true
     visibile: true
 
+  use_bastion_service:
+    type: boolean
+    visibile: true
+    default: true
+    required: false
+    title: "Use OCI Bastion Service"
+    description: "Check the box to use OCI Bastion Service instead of Bastion Host VM."
+
   availablity_domain_name:
     type: oci:identity:availabilitydomain:name
     required: true

diff --git a/tags.tf b/tags.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 resource "random_id" "tag" {
@@ -25,10 +25,10 @@ resource "oci_identity_tag" "ArchitectureCenterTag" {
 
   validator {
     validator_type = "ENUM"
-    values         = ["release", "1.4"]
+    values         = ["release", "1.5"]
   }
 
   provisioner "local-exec" {
     command = "sleep 120"
   }
-}
+}
diff --git a/tls.tf b/tls.tf
@@ -1,6 +1,6 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 resource "tls_private_key" "public_private_key_pair" {
   algorithm = "RSA"
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -1,17 +1,17 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 variable "tenancy_ocid" {}
 variable "region" {}
 variable "compartment_ocid" {}
-variable "user_ocid" {}
-variable "fingerprint" {}
-variable "private_key_path" {}
+#variable "user_ocid" {}
+#variable "fingerprint" {}
+#variable "private_key_path" {}
 variable "availablity_domain_name" {}
 
 variable "release" {
   description = "Reference Architecture Release (OCI Architecture Center)"
-  default     = "1.4"
+  default     = "1.5"
 }
 
 variable "vcn_cidr" {
@@ -50,11 +50,9 @@ variable "flex_lb_max_shape" {
   default = "100"
 }
 
-#variable "plugins" {
-#  type        = list(string)
-#  description = "A list of Jenkins plugins to install, use short names. "
-#  default     = ["git", "ssh-slaves", "oracle-cloud-infrastructure-compute"]
-#}
+variable "use_bastion_service" {
+  default = true
+}
 
 variable "plugins" {
   description = "Jenkins Plugins"

diff --git a/versions.tf b/versions.tf
@@ -1,4 +1,4 @@
-## Copyright © 2020, Oracle and/or its affiliates. 
+## Copyright © 2021, Oracle and/or its affiliates. 
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 terraform {