added bastion instance

terraform/compute.tf

@@ -159,37 +159,161 @@ resource "oci_core_instance" "service_instance" {
     }
     source      = "${path.module}/private_key.pem"
     destination = "/home/opc/.oci_docker/car_demo.pem"
-  } 
+  }
 }
 
-# resource "oci_core_instance" "bastion_instance" {
-#   count               = 1
-#   availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] : var.availability_domain_name
-#   compartment_id      = var.compartment_ocid
-#   display_name        = "bastion-instance-${random_id.tag.hex}"
-#   shape               = var.node_shape
-
-#   dynamic "shape_config" {
-#     for_each = local.is_flex_shape ? [1] : []
-#     content {
-#       memory_in_gbs = var.node_flex_shape_memory
-#       ocpus         = var.node_flex_shape_ocpus
-#     }
-#   }
-
-#   create_vnic_details {
-#     subnet_id        = local.vm_subnet_id
-#     display_name     = "bastion-instance"
-#     assign_public_ip = var.should_config_public_ip_for_vm
-#   }
-
-#   source_details {
-#     source_id               = data.oci_core_images.InstanceImageOCID.images[0].id
-#     source_type             = "image"
-#     boot_volume_size_in_gbs = 50
-#   }
-
-#   metadata = {
-#     ssh_authorized_keys = var.ssh_public_key == "" ? "${tls_private_key.public_private_key_pair.public_key_openssh}" : "${var.ssh_public_key}\n${tls_private_key.public_private_key_pair.public_key_openssh}"
-#   }
-# }
+resource "oci_core_instance" "bastion_instance" {
+  count               = 1
+  availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] : var.availability_domain_name
+  compartment_id      = var.compartment_ocid
+  display_name        = "bastion-instance-${random_id.tag.hex}"
+  shape               = var.node_shape
+
+  dynamic "shape_config" {
+    for_each = local.is_flex_shape ? [1] : []
+    content {
+      memory_in_gbs = var.node_flex_shape_memory
+      ocpus         = var.node_flex_shape_ocpus
+    }
+  }
+
+  create_vnic_details {
+    subnet_id        = local.vm_subnet_id
+    display_name     = "bastion-instance"
+    assign_public_ip = var.should_config_public_ip_for_vm
+  }
+
+  source_details {
+    source_id               = data.oci_core_images.InstanceImageOCID.images[0].id
+    source_type             = "image"
+    boot_volume_size_in_gbs = 50
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_public_key == "" ? "${tls_private_key.public_private_key_pair.public_key_openssh}" : "${var.ssh_public_key}\n${tls_private_key.public_private_key_pair.public_key_openssh}"
+    user_data = base64encode(templatefile("${path.module}/scripts/bastion_init.tftpl", {
+      region              = var.region,
+      opensearch_username = var.opensearch_cluster_master_user,
+      opensearch_password = var.opensearch_cluster_master_password,
+      opensearch_endpoint = "https://${oci_opensearch_opensearch_cluster.opensearch_cluster[0].opensearch_fqdn}:9200",
+    }))
+  }
+
+  # Copies app.env file to destination vm
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    content = templatefile("${path.module}/scripts/app_env.tftpl", {
+      tenancy_ocid     = var.tenancy_ocid,
+      region           = var.region,
+      user_ocid        = var.user_ocid,
+      compartment_ocid = var.compartment_ocid,
+      fingerprint      = oci_identity_api_key.user_api_key.fingerprint,
+
+      adb_db_name         = local.adb_db_name,
+      adb_admin_password  = var.adb_admin_password,
+      adb_wallet_password = var.adb_wallet_password,
+
+      pg_username         = var.db_system_credentials_username,
+      pg_password         = var.db_system_credentials_password_details_password,
+      pg_primary_endpoint = data.oci_psql_db_system_connection_detail.pg_db_system_connection_detail[0].primary_db_endpoint[0],
+
+      redis_primay_endpoint = oci_redis_redis_cluster.dedicated_redis_cluster[0].primary_fqdn,
+      vm_public_ip          = oci_core_instance.service_instance[0].public_ip,
+      pg_load_balancer_ip   = oci_load_balancer_load_balancer.pg_load_balancer[0].ip_address_details[0].ip_address,
+
+      opensearch_username = var.opensearch_cluster_master_user,
+      opensearch_password = var.opensearch_cluster_master_password,
+      opensearch_endpoint = "https://${oci_opensearch_opensearch_cluster.opensearch_cluster[0].opensearch_fqdn}:9200",
+    })
+    destination = "/home/opc/app.env"
+  }
+
+  # Copies the Autonomous Database wallet to destination vm
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "${path.module}/adb_wallet.zip"
+    destination = "/home/opc/wallet/adb_wallet.zip"
+  }
+
+  # Copies the Nginx conf file to destination vm
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "./files/nginx.conf"
+    destination = "/home/opc/nginx.conf"
+  }
+
+  # Copies db-init to destination
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "./db-init"
+    destination = "/home/opc/db-init"
+  }
+
+  # Copies api key file to destination vm
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "${path.module}/private_key.pem"
+    destination = "/home/opc/.oci/car_demo.pem"
+  }
+
+  # Copies opensearch-init to destination
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "./opensearch-init"
+    destination = "/home/opc/opensearch-init"
+  }
+
+  # Copy loadtest scripts to the VM
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "./load-test"
+    destination = "/home/opc/load-test"
+  }
+
+  # Copy private key to .oci_docker for application use.
+  provisioner "file" {
+    connection {
+      type        = "ssh"
+      user        = "opc"
+      private_key = tls_private_key.public_private_key_pair.private_key_pem
+      host        = self.public_ip
+    }
+    source      = "${path.module}/private_key.pem"
+    destination = "/home/opc/.oci_docker/car_demo.pem"
+  }
+}

terraform/outputs.tf

@@ -103,35 +103,40 @@ output "car_health" {
 
 # OCI CLI Identity output
 
-output OCI_CLI_FINGERPRINT {
+output "OCI_CLI_FINGERPRINT" {
   value = oci_identity_api_key.user_api_key.fingerprint
 }
 
-output OCI_CLI_KEY_CONTENT {
-  value = tls_private_key.public_private_key_pair.private_key_pem
+output "OCI_CLI_KEY_CONTENT" {
+  value     = tls_private_key.public_private_key_pair.private_key_pem
   sensitive = true
 }
 
-output OCI_CLI_REGION {
+output "OCI_CLI_REGION" {
   value = var.region
 }
 
-output OCI_CLI_TENANCY {
+output "OCI_CLI_TENANCY" {
   value = var.tenancy_ocid
 }
 
-output OCI_CLI_USER {
+output "OCI_CLI_USER" {
   value = var.user_ocid
 }
 
-output OCI_COMPARTMENT_OCID {
+output "OCI_COMPARTMENT_OCID" {
   value = var.compartment_ocid
 }
 
-output OCI_AUTH_TOKEN {
+output "OCI_AUTH_TOKEN" {
   value = oci_identity_auth_token.user_auth_token.token
 }
 
-output OCI_DEVOPS_PIPELINE_ID {
-    value = oci_devops_deploy_pipeline.supremo-deploy-pipeline.id
-}
+output "OCI_DEVOPS_PIPELINE_ID" {
+  value = oci_devops_deploy_pipeline.supremo-deploy-pipeline.id
+}
+
+# Bastion instance output
+output "bastion_instance_public_ip" {
+  value = oci_core_instance.bastion_instance[0].public_ip
+}

terraform/schema.yaml

@@ -934,6 +934,10 @@ outputs:
     type: link
     title: "car_health"
 
+  bastion_instance_public_ip:
+    type: copyableString
+    title: "bastion_instance_public_ip"
+
 
 
 outputGroups:
@@ -973,4 +977,8 @@ outputGroups:
       - ${user_service_redis}
       - ${user_service}
       - ${order_search}
-      - ${car_health}
+      - ${car_health}
+
+  - title: Bastion Instance
+    outputs:
+      - ${bastion_instance_public_ip}

terraform/scripts/bastion_init.tftpl

@@ -18,12 +18,85 @@ su opc -lc "echo VM_Intialization_Begins... >> /home/opc/app-init.out 2>&1" || t
    yum install pip -y >> /home/opc/app-init.out 2>&1 || true;
    su opc -lc "pip install pip -U >> /home/opc/app-init.out 2>&1" || true;
    su opc -lc "pip install psycopg2-binary >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "echo Install OCI... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "pip install oci-cli >> /home/opc/app-init.out 2>&1" || true;
    su opc -lc "echo Install_Git... >> /home/opc/app-init.out 2>&1" || true;
    yum install git -y >> /home/opc/app-init.out 2>&1;
+   su opc -lc "echo Install_Nginx... >> /home/opc/app-init.out 2>&1" || true;
+   yum install nginx -y >> /home/opc/app-init.out 2>&1;
+   systemctl enable nginx;
    su opc -lc "echo Install_Postgresql_Client... >> /home/opc/app-init.out 2>&1" || true;
    yum install postgresql -y >> /home/opc/app-init.out 2>&1 || true;
    su opc -lc "echo Install_Java... >> /home/opc/app-init.out 2>&1" || true;
    yum install java -y >> /home/opc/app-init.out 2>&1;
    su opc -lc "echo Install_SQLcl... >> /home/opc/app-init.out 2>&1" || true;
    yum install sqlcl -y >> /home/opc/app-init.out 2>&1;
+   su opc -lc "echo Install_conntrack... >> /home/opc/app-init.out 2>&1" || true;
+   yum install conntrack -y >> /home/opc/app-init.out 2>&1 || true;
+   su opc -lc "echo Configure_Nginx... >> /home/opc/app-init.out 2>&1" || true;
+   mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig;
+   mv /home/opc/nginx.conf /etc/nginx/;
+   su opc -lc "echo Cloning_Application_Startup_Scripts... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "git clone https://github.com/HysunHe/SupremoRentalDemo.git";
+   su opc -lc "chmod +x ~/SupremoRentalDemo/*.sh" || true;
+   su opc -lc "echo Configure_ADB_Wallet... >> /home/opc/app-init.out 2>&1" || true;
+   (su opc -lc "while ! [ -f ~/wallet/adb_wallet.zip ]; do echo -n . && sleep 1; done >> /home/opc/app-init.out 2>&1") || true;
+   su opc -lc "unzip -o ~/wallet/adb_wallet.zip -d ~/wallet/ >> /home/opc/app-init.out 2>&1";
+   (su opc -lc "sed -i 's/\?\/network\/admin/\/app\/wallet/' ~/wallet/sqlnet.ora") || true;
+   su opc -lc "echo Tune_System_Performance_Parameters... >> /home/opc/app-init.out 2>&1" || true;
+   touch /etc/systemd/system/nginx.service.d/filelimit.conf;
+   (echo "[Service]" >> /etc/systemd/system/nginx.service.d/filelimit.conf) || true;
+   (echo "LimitNOFILE=1000000" >> /etc/systemd/system/nginx.service.d/filelimit.conf) || true;
+   (echo "*               soft    nofile          1000000" >> /etc/security/limits.conf) || true;
+   (echo "*               hard    nofile          1000000" >> /etc/security/limits.conf) || true;
+   ulimit -n 1000000 && ulimit -Hn 1000000;
+   echo "net.nf_conntrack_max = 2621440" >> /etc/sysctl.conf || true;
+   echo "net.netfilter.nf_conntrack_max = 2621440" >> /etc/sysctl.conf || true;
+   sysctl -p;
+   systemctl daemon-reload;
+   systemctl restart nginx;
+   su opc -lc "echo Set_Envs... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "sed -i 's/\s*=\s*/=/g' ~/app.env";
+   su opc -lc "chmod +x ~/app.env";
+   su opc -lc "chmod +x ~/db-init/*.sh";
+   su opc -lc "echo Generate_OCI_Config... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "~/db-init/oci-config.sh >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "chmod 400 ~/.oci_docker/*" || true;
+   su opc -lc "chmod 400 ~/.oci/*" || true;
+   su opc -lc "echo Init_AJD... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "~/db-init/ajd-init.sh >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "echo Init_PG... >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "~/db-init/pg-init.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "echo Startup_App_Services... >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/car-service-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/car-service-redis-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/login-service-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/login-service-redis-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/transaction-service-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/car-health-service-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "~/SupremoRentalDemo/askme-service-batch.sh >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "echo Load_Data_For_AJD... >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "curl -X GET http://localhost/car-service/load-data >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "echo Load_Data_For_NoSQL... >> /home/opc/app-init.out 2>&1" || true;
+   # su opc -lc "curl -X GET http://localhost/car-health/load-data >> /home/opc/app-init.out 2>&1" || true;
+   su opc -lc "echo ------------- >> /home/opc/app-init.out 2>&1" || true;
    su opc -lc "echo Congrat_VM_Intialization_Done. >> /home/opc/app-init.out 2>&1" || true;
+
+
+
+# Load opensearch_data.json into OpenSearch cluster.
+curl -XPUT -u "${opensearch_username}:${opensearch_password}" "${opensearch_endpoint}/my_index" -H 'Content-Type: application/json' -d '
+{ 
+ "mappings": {
+ "properties": {
+ "id": {"type": "integer"},
+ "question": {"type": "text"},
+ "answer": {"type": "text"},
+ "url": {"type": "text"}
+ }
+ }
+}
+'
+
+curl -H 'Content-Type: application/x-ndjson' -XPOST -u "${opensearch_username}:${opensearch_password}" "${opensearch_endpoint}/my_index/_bulk?pretty" --data-binary @/home/opc/opensearch-init/opensearch_data.json
+