Merge pull request #10 from oracle-devrel/fixed-bastion

Fixed bastion

Author: ttscoff

bastion.tf

@@ -1,8 +1,13 @@
 ## Copyright (c) 2022 Oracle and/or its affiliates.
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
+locals {
+  use_bastion_service = (var.free_tier == false && var.use_bastion_service == true) ? true : false 
+  use_bastion_host = (var.free_tier == false && var.use_bastion_service == false) ? true : false 
+}
+
 resource "oci_bastion_bastion" "bastion-service" {
-  count                        = var.use_bastion_service ? 1 : 0
+  count                        = local.use_bastion_service ? 1 : 0
   bastion_type                 = "STANDARD"
   compartment_id               = var.compartment_ocid
   target_subnet_id             = oci_core_subnet.vcn01_subnet_pub02.id
@@ -22,7 +27,7 @@ resource "oci_bastion_session" "ssh_via_bastion_service" {
     oci_core_network_security_group_security_rule.SSHSecurityIngressGroupRules
   ]
 
-  count      = var.use_bastion_service ? var.numberOfNodes : 0
+  count      = local.use_bastion_service ? var.numberOfNodes : 0
   bastion_id = oci_bastion_bastion.bastion-service[0].id
 
   key_details {
@@ -45,7 +50,7 @@ resource "oci_bastion_session" "ssh_via_bastion_service" {
 
 
 resource "oci_core_instance" "bastion_instance" {
-  count               = var.use_bastion_service ? 0 : 1
+  count               = local.use_bastion_host ? 1 : 0
   availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name
   compartment_id      = var.compartment_ocid
   display_name        = "BastionVM"

remote.tf

@@ -38,9 +38,9 @@ data "template_file" "tomcat_context_xml" {
   }
 }
 
-resource "null_resource" "tomcat-server-config" {
+resource "null_resource" "tomcat_server_config_with_bastion" {
   depends_on = [oci_core_instance.tomcat-server, module.terraform-oci-arch-adb.adb_database]
-  count      = var.numberOfNodes
+  count      = var.free_tier ? 0 : var.numberOfNodes
 
   provisioner "local-exec" {
     command = "echo '${module.terraform-oci-arch-adb.adb_database.adb_wallet_content}' >> ${var.atp_tde_wallet_zip_file}_encoded-${count.index}"
@@ -156,4 +156,100 @@ resource "null_resource" "tomcat-server-config" {
 
 }
 
+resource "null_resource" "tomcat_server_config_without_bastion" {
+  depends_on = [oci_core_instance.tomcat-server, module.terraform-oci-arch-adb.adb_database]
+  count      = var.free_tier ? var.numberOfNodes : 0 
+
+  provisioner "local-exec" {
+    command = "echo '${module.terraform-oci-arch-adb.adb_database.adb_wallet_content}' >> ${var.atp_tde_wallet_zip_file}_encoded-${count.index}"
+  }
+
+  provisioner "local-exec" {
+    command = "base64 --decode ${var.atp_tde_wallet_zip_file}_encoded-${count.index} > ${var.atp_tde_wallet_zip_file}-${count.index}"
+  }
+
+  provisioner "local-exec" {
+    command = "rm -rf ${var.atp_tde_wallet_zip_file}_encoded-${count.index}"
+  }
+
+  provisioner "file" {
+    connection {
+      type                = "ssh"
+      user                = "opc"
+      host                = data.oci_core_vnic.tomcat-server_primaryvnic[count.index].public_ip_address
+      private_key         = tls_private_key.public_private_key_pair.private_key_pem
+      script_path         = "/home/opc/myssh.sh"
+      agent               = false
+      timeout             = "10m"
+    }
+    source      = "${var.atp_tde_wallet_zip_file}-${count.index}"
+    destination = "/tmp/${var.atp_tde_wallet_zip_file}"
+  }
+
+  provisioner "local-exec" {
+    command = "rm -rf ${var.atp_tde_wallet_zip_file}-${count.index}"
+  }
+
+  provisioner "file" {
+    connection {
+      type                = "ssh"
+      user                = "opc"
+      host                = data.oci_core_vnic.tomcat-server_primaryvnic[count.index].public_ip_address
+      private_key         = tls_private_key.public_private_key_pair.private_key_pem
+      script_path         = "/home/opc/myssh.sh"
+      agent               = false
+      timeout             = "10m"
+    }
+
+    content     = data.template_file.tomcat_template[count.index].rendered
+    destination = "/home/opc/tomcat_bootstrap.sh"
+  }
+
+  provisioner "file" {
+    connection {
+      type                = "ssh"
+      user                = "opc"
+      host                = data.oci_core_vnic.tomcat-server_primaryvnic[count.index].public_ip_address
+      private_key         = tls_private_key.public_private_key_pair.private_key_pem
+      script_path         = "/home/opc/myssh.sh"
+      agent               = false
+      timeout             = "10m"
+    }
+
+    content     = data.template_file.tomcat_service_template[count.index].rendered
+    destination = "/home/opc/tomcat.service"
+  }
+
+  provisioner "file" {
+    connection {
+      type                = "ssh"
+      user                = "opc"
+      host                = data.oci_core_vnic.tomcat-server_primaryvnic[count.index].public_ip_address
+      private_key         = tls_private_key.public_private_key_pair.private_key_pem
+      script_path         = "/home/opc/myssh.sh"
+      agent               = false
+      timeout             = "10m"
+    }
+
+    content     = data.template_file.tomcat_context_xml.rendered
+    destination = "~/context.xml"
+  }
+
+  provisioner "remote-exec" {
+    connection {
+      type                = "ssh"
+      user                = "opc"
+      host                = data.oci_core_vnic.tomcat-server_primaryvnic[count.index].public_ip_address
+      private_key         = tls_private_key.public_private_key_pair.private_key_pem
+      script_path         = "/home/opc/myssh.sh"
+      agent               = false
+      timeout             = "10m"
+    }
+    inline = [
+      "chmod +x ~/tomcat_bootstrap.sh",
+      "sudo ~/tomcat_bootstrap.sh"
+    ]
+  }
+
+}
 

schema.yaml

@@ -160,12 +160,16 @@ variables:
 
   use_bastion_service:
     type: boolean
-    visibile: true
     default: false
     required: false
     title: "Use OCI Bastion Service"
     description: "Check the box to use OCI Bastion Service instead of Bastion Host VM."
- 
+    visible: 
+      and:   
+        - eq:
+          - free_tier
+          - false 
+          
   # Optional Configuration  
 
   ssh_public_key: