-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoci_create_instance.yml
176 lines (151 loc) · 6.66 KB
/
oci_create_instance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
---
#
# Oracle Linux Automation Manager
#
# Copyright (c) 2022 Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at
# https://oss.oracle.com/licenses/upl.
#
# Description: Playbook to create an OL Instance within OCI
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# This playbook uses the following additional variables which should be configured at run time for the template, these are examples values used
# in the lab:
# rescue_test: false
# instance_shape: VM.Standard2.1
# instance_hostname: OLAMinstance
# instance_image: ocid1.image.oc1.iad.aaaaaaaanxbmz7rm7tkopukbbahtcbcx45v5omusafwhjaenzf7tkcoq56qa
# instance_ad: ergw:US-ASHBURN-AD-1
# instance_compartment: ocid1.compartment.oc1..aaaaaaaazxd6wrvcuicrgbi6cbaob4pyrr3i7i33xudheqhx6pbcesobdazq
#
# Also, two template files are needed which exist in the templates directory, these are to enable the ingress and egress configuration for the OCI security list
# Within the lab OLAM server I placed these files in: /var/lib/awx/projects/templates with awx:awx permissions for both file and directory.
# These files are: egress_security_rules.yaml.j2 & ingress_security_rules.yaml.j2
# An ssh directory is also needed with the public key which you should have the matching private one in order to connect to the instance as user opc
- name: Launch a compute instance
hosts: localhost
collections:
- oracle.oci
vars:
# common networking definitions
quad_zero_route: "0.0.0.0/0"
TCP_protocol: "6"
SSH_port: "22"
vcn_name: "OLAM-vcn"
vcn_cidr_block: "10.0.0.0/16"
vcn_dns_label: "OLAMlcs"
ig_name: "OLAMinternetgateway"
route_table_name: "OLAMroutetable"
# route all internet access to our Internet Gateway
route_table_rules:
- cidr_block: "{{ quad_zero_route }}"
network_entity_id: "{{ ig_id }}"
subnet_cidr: "10.0.0.48/28"
subnet_name: "OLAMsubnet"
subnet_dns_label: "OLAMsubnet"
securitylist_name: "OLAMsecuritylist"
tasks:
- block:
- name: Create a VCN
oci_network_vcn:
compartment_id: "{{ instance_compartment }}"
display_name: "{{ vcn_name }}"
cidr_block: "{{ vcn_cidr_block }}"
dns_label: "{{ vcn_dns_label }}"
register: result
- set_fact:
vcn_id: "{{ result.vcn.id }}"
- name: Create a new Internet Gateway
oci_network_internet_gateway:
compartment_id: "{{ instance_compartment }}"
vcn_id: "{{ vcn_id }}"
name: "{{ ig_name }}"
is_enabled: 'yes'
state: 'present'
register: result
- set_fact:
ig_id: "{{ result.internet_gateway.id }}"
- name: Create route table to connect internet gateway to the VCN
oci_network_route_table:
compartment_id: "{{ instance_compartment }}"
vcn_id: "{{ vcn_id }}"
name: "{{ route_table_name }}"
route_rules: "{{ route_table_rules }}"
state: 'present'
register: result
- set_fact:
rt_id: "{{ result.route_table.id }}"
- name: create ingress rules yaml body
template: src=./templates/ingress_security_rules.yaml.j2 dest=/tmp/instance_ingress_security_rules.yaml
- name: create egress yaml body
template: src=./templates/egress_security_rules.yaml.j2 dest=/tmp/instance_egress_security_rules.yaml
- name: load the variables defined in the ingress rules yaml body
include_vars:
file: /tmp/instance_ingress_security_rules.yaml
name: loaded_ingress
- name: print loaded_ingress
debug:
msg: "loaded ingress is {{loaded_ingress}}"
- name: load the variables defined in the egress rules yaml body
include_vars:
file: /tmp/instance_egress_security_rules.yaml
name: loaded_egress
- name: print loaded_egress
debug:
msg: "loaded egress is {{loaded_egress}}"
- name: Create a security list for allowing access to public instance
oci_network_security_list:
name: "{{ securitylist_name }}"
compartment_id: "{{ instance_compartment }}"
vcn_id: '{{ vcn_id }}'
ingress_security_rules: "{{ loaded_ingress.instance_ingress_security_rules }}"
egress_security_rules: "{{ loaded_egress.instance_egress_security_rules }}"
register: result
- set_fact:
instance_security_list_ocid: "{{ result.security_list.id }}"
- name: Create a subnet to host the public instance. Link security_list and route_table.
oci_network_subnet:
availability_domain: "{{ instance_ad }}"
cidr_block: "{{ subnet_cidr }}"
compartment_id: "{{ instance_compartment }}"
display_name: "{{ subnet_name }}"
prohibit_public_ip_on_vnic: false
route_table_id: "{{ rt_id }}"
security_list_ids: [ "{{ instance_security_list_ocid }}" ]
vcn_id: '{{ vcn_id }}'
dns_label: "{{ subnet_dns_label }}"
register: result
- set_fact:
instance_subnet_id: "{{ result.subnet.id }}"
- name: Launch an instance
oci_compute_instance:
availability_domain: "{{ instance_ad }}"
compartment_id: "{{ instance_compartment }}"
name: "{{ instance_hostname }}"
image_id: "{{ instance_image }}"
shape: "{{ instance_shape }}"
create_vnic_details:
assign_public_ip: true
hostname_label: "{{ instance_hostname }}"
subnet_id: "{{ instance_subnet_id }}"
register: result
- name: Print instance details
debug:
msg: "Launched a new instance {{ result }}"
- set_fact:
instance_id: "{{result.instance.id }}"
- name: Get the VNIC attachment details of instance
oci_compute_vnic_attachment_facts:
compartment_id: "{{ instance_compartment }}"
instance_id: "{{ instance_id }}"
register: result
- name: Get details of the VNIC
oci_network_vnic_facts:
id: "{{ result.vnic_attachments[0].vnic_id }}"
register: result
- set_fact:
instance_public_ip: "{{result.vnic.public_ip}}"
- name: Print the public ip of the newly launched instance
debug:
msg: "Public IP of launched instance {{ instance_public_ip }}, connect as user opc with the uploaded public key"