Continusing to build Oracle Cloud Infrastructure with Terraform. Today moving on to compute instances.<\/p>\n\n\n\n
But first some networking, the VCN I created earlier did not have access to the internet. Lets fix it now. The code below will add an Internet Gateway and modify the default route table to send out the network traffic via the Internet Gateway.<\/p>\n\n\n\n
# network.tf\n\nresource \"oci_core_internet_gateway\" \"internet_gateway\" {\n compartment_id = oci_identity_compartment.compartment.id\n vcn_id = oci_core_vcn.main.id\n # Internet Gateway cannot be associated with Route Table here, otherwise adding a route table rule will error with - Rules in the route table must use private IP as a target.\n #route_table_id = oci_core_vcn.main.default_route_table_id\n}\n\nresource \"oci_core_default_route_table\" \"default_route_table\" {\n manage_default_resource_id = oci_core_vcn.main.default_route_table_id\n compartment_id = oci_identity_compartment.compartment.id\n display_name = \"Default Route Table for VCN\"\n route_rules {\n network_entity_id = oci_core_internet_gateway.internet_gateway.id\n destination = \"0.0.0.0\/0\"\n destination_type = \"CIDR_BLOCK\"\n }\n}<\/code><\/pre>\n\n\n\nMoving on to the compute instance itself. First question is – what operating system should it run – what is the source image. There is a data source for this. Here I select the latest Oracle Linux 9 image for ARM.<\/p>\n\n\n\n
data \"oci_core_images\" \"oel\" {\n compartment_id = oci_identity_compartment.compartment.id\n operating_system = \"Oracle Linux\"\n operating_system_version = \"9\"\n shape = \"VM.Standard.A1.Flex\"\n state = \"AVAILABLE\"\n sort_by = \"TIMECREATED\"\n sort_order = \"DESC\"\n}\n\n# Output the list for debugging\noutput \"images\" {\n value = data.oci_core_images.oel\n}<\/code><\/pre>\n\n\n\nWe are now ready to create the compute instance itself. In the metadata I provide my SSH public key, so I could SSH into the server.<\/p>\n\n\n\n
resource \"oci_core_instance\" \"arm_instance\" {\n compartment_id = oci_identity_compartment.compartment.id\n # oci iam availability-domain list\n availability_domain = \"MpAX:EU-STOCKHOLM-1-AD-1\"\n # oci compute shape list --compartment-id \n shape = \"VM.Standard.A1.Flex\" # ARM based shape\n shape_config {\n # How many CPUs and memory\n ocpus = 2\n memory_in_gbs = 4\n }\n display_name = \"test-arm-1\"\n source_details {\n # The source operating system image\n # oci compute image list --all --output table --compartment-id \n source_id = data.oci_core_images.oel.images[0].id\n source_type = \"image\"\n }\n create_vnic_details {\n # Network details\n subnet_id = oci_core_subnet.subnet.id\n assign_public_ip = true\n }\n # CloudInit metadata - including my public SSH key\n metadata = {\n ssh_authorized_keys = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ4bqPK+Mwiy+HLabqJxCMcQ\/hY7IPx\/oEQZWZq7krJxkLLUI6lkw44XRCutgww1q91yTdsSUNDZ9jFz9LihGTEIu7CGKkzmoGtAWHwq2W38GuA5Fqr0r2vPH1qwkTiuN+VmeKJ+qzOfm9Lh1zjD5e4XndjxiaOrw0wI19zpWlUnEqTTjgs7jz9X7JrHRaimzS3PEF5GGrT6oy6gWoKiWSjrQA2VGWI0yNQpUBFTYWsKSHtR+oJHf2rM3LLyzKcEXnlUUJrjDqNsbbcCN26vIdCGIQTvSjyLj6SY+wYWJEHCgPSbBRUcCEcwp+bATDQNm9L4tI7ZON5ZiJstL\/sqIBBXmqruh7nSkWAYQK\/H6PUTMQrUU5iK8fSWgS+CB8CiaA8zos9mdMfs1+9UKz0vMDV7PFsb7euunS+DiS5iyz6dAz\/uFexDbQXPCbx9Vs7TbBW2iPtYc6SNMqFJD3E7sb1SIHhcpUvdLdctLKfnl6cvTz2o2VfHQLod+mtOq845s= ilmars_public_key\"\n }\n}<\/code><\/pre>\n\n\n\nAnd attach the block storage volumes I created in the previous post. Here I create attachments as paravirtualised, meaning the volumes appear on server as sd*<\/strong> devices, but also iSCSI is possible.<\/p>\n\n\n\nresource \"oci_core_volume_attachment\" \"test_volume_attachment\" {\n attachment_type = \"paravirtualized\"\n instance_id = oci_core_instance.arm_instance.id\n volume_id = oci_core_volume.test_volume.id\n\n # Interesting options, could be useful in some cases\n is_pv_encryption_in_transit_enabled = false\n is_read_only = false\n is_shareable = false\n}\n\nresource \"oci_core_volume_attachment\" \"silver_test_volume_attachment\" {\n # This is to enforce device attachment ordering\n depends_on = [oci_core_volume_attachment.test_volume_attachment]\n\n attachment_type = \"paravirtualized\"\n instance_id = oci_core_instance.arm_instance.id\n volume_id = oci_core_volume.silver_test_volume.id\n\n # Interesting options, could be useful in some cases\n is_pv_encryption_in_transit_enabled = false\n is_read_only = true\n is_shareable = false\n}<\/code><\/pre>\n\n\n\nLooks like OCI support some interesting options for attaching volumes, like encryption, read only and shareable. I can see them being useful in the future. If I log into the created server, the attached devices are created as sdb<\/strong> and sdc<\/strong> – where sdc was instructed to be read only. And indeed it is.<\/p>\n\n\n\n[root@test-arm-1 ~]# lsblk\nNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS\nsda 8:0 0 46.6G 0 disk\n\u251c\u2500sda1 8:1 0 100M 0 part \/boot\/efi\n\u251c\u2500sda2 8:2 0 2G 0 part \/boot\n\u2514\u2500sda3 8:3 0 44.5G 0 part\n \u251c\u2500ocivolume-root 252:0 0 29.5G 0 lvm \/\n \u2514\u2500ocivolume-oled 252:1 0 15G 0 lvm \/var\/oled\nsdb 8:16 0 50G 0 disk\nsdc 8:32 0 50G 1 disk\n\n[root@test-arm-1 ~]# dd if=\/dev\/zero of=\/dev\/sdb bs=1M count=10\n10+0 records in\n10+0 records out\n10485760 bytes (10 MB, 10 MiB) copied, 0.0453839 s, 231 MB\/s\n\n[root@test-arm-1 ~]# dd if=\/dev\/zero of=\/dev\/sdc bs=1M count=10\ndd: failed to open '\/dev\/sdc': Read-only file system<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Continusing to build Oracle Cloud Infrastructure with Terraform. Today moving on to compute instances. But first some networking, the VCN I created earlier did not have access to the internet. Lets fix it now. The code below will add an Internet Gateway and modify the default route table to send out the network traffic via […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[68,4,67],"class_list":["post-730","post","type-post","status-publish","format-standard","hentry","category-blog-entry","tag-oci","tag-oracle","tag-terraform"],"_links":{"self":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/comments?post=730"}],"version-history":[{"count":2,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/730\/revisions"}],"predecessor-version":[{"id":732,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/posts\/730\/revisions\/732"}],"wp:attachment":[{"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/media?parent=730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/categories?post=730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ilmarkerm.eu\/blog\/wp-json\/wp\/v2\/tags?post=730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}