Reserved ip (#29)

fmeheust · web-flow · commit 4cdfa5cdc94d · 2024-03-13T10:09:38.000+01:00
* Reserved IP addresses
diff --git a/config-repo.tf b/config-repo.tf
@@ -8,6 +8,7 @@
 
 # creates the git repo called "config-repo"
 resource "oci_devops_repository" "config_repo" {
+  depends_on = [ oci_identity_api_key.user_api_key ]
   name = local.config_repo_name
   project_id = local.project_id
   repository_type = "HOSTED"
@@ -19,18 +20,21 @@ resource "oci_devops_repository" "config_repo" {
 resource "tls_private_key" "rsa_api_key" {
   algorithm = "RSA"
   rsa_bits  = 4096
+  count = (local.use-image ? 0 : 1)
 }
 
 resource "oci_identity_api_key" "user_api_key" {
-    #Required
-    key_value = tls_private_key.rsa_api_key.public_key_pem
-    user_id = var.current_user_ocid
+  #Required
+  key_value = tls_private_key.rsa_api_key[0].public_key_pem
+  user_id = var.current_user_ocid
+  count = (local.use-image ? 0 : 1)
 }
 
 resource "local_file" "api_private_key" {
   depends_on = [ tls_private_key.rsa_api_key ]
   filename = "${path.module}/api-private-key.pem"
-  content = tls_private_key.rsa_api_key.private_key_pem
+  content = tls_private_key.rsa_api_key[0].private_key_pem
+  count = (local.use-image ? 0 : 1)
 }
 
 resource "local_file" "ssh_config" {
@@ -95,6 +99,7 @@ resource "null_resource" "create_config_repo" {
     local_file.self_signed_certificate,
     local_file.oci_build_config,
     local_file.ssh_config,
+    local_file.api_private_key,
     random_password.wallet_password
   ]
 
@@ -105,46 +110,26 @@ resource "null_resource" "create_config_repo" {
     working_dir = "${path.module}"
   }
 
-  # copy private key
-  provisioner "local-exec" {
-    command = "cp api-private-key.pem ~/.ssh/private-key.pem"
-    on_failure = fail
-    working_dir = "${path.module}"
-  }
-
   # copy ssh-config
   provisioner "local-exec" {
     command = "cp ssh_config ~/.ssh/config"
     on_failure = fail
     working_dir = "${path.module}"
   }
-
-  provisioner "local-exec" {
-    command = "less ~/.ssh/config"
-    on_failure = fail
-    working_dir = "${path.module}"
-  }
-
-  provisioner "local-exec" {
-    command = "less ~/.ssh/private-key.pem"
-    on_failure = fail
-    working_dir = "${path.module}"
-  }
-
   provisioner "local-exec" {
-    command = "chmod 400 ~/.ssh/private-key.pem"
+    command = "chmod 600 ~/.ssh/config"
     on_failure = fail
     working_dir = "${path.module}"
   }
 
+  # copy private key
   provisioner "local-exec" {
-    command = "chmod 600 ~/.ssh/config"
+    command = "cp api-private-key.pem ~/.ssh/api-private-key.pem"
     on_failure = fail
     working_dir = "${path.module}"
   }
-
   provisioner "local-exec" {
-    command = "ls -lai ~/.ssh"
+    command = "chmod 400 ~/.ssh/api-private-key.pem"
     on_failure = fail
     working_dir = "${path.module}"
   }
diff --git a/datasources.tf b/datasources.tf
@@ -85,9 +85,6 @@ data "template_file" "deploy_script" {
 }
 
 data "template_file" "ssh_config" {
-  depends_on = [
-    local_file.api_private_key
-  ]
   template = "${file("${path.module}/ssh_config.template")}"
   vars = {
     "user" = local.ssh_login
diff --git a/listing/usage-information.html b/listing/usage-information.html
@@ -56,9 +56,6 @@
 	the stack will let you select the existing vault and key (AES). To create a new vault you must provide
 	the&nbsp;user-friendly name of the vault to create.</p>
 
-<p>An <strong>authentication token</strong> is used by the stack to authenticate the user when connecting to the code
-	repository or container registry. This token can either be provided or created by the stack.</p>
-
 <p><strong>Database</strong>: The stack assumes that the persistence is handled by a database and this section lets you
 	configure that database. You can either choose an existing database by selecting the database or create a new one.</p>
 
@@ -152,7 +149,6 @@
 	<li><strong>DNS zone</strong>: homain name managed in OCI DNS.</li>
 	<li><strong>Host name</strong>: host name that will be created on the selected Zone and will resolve to the the load
 		balancer&#39;s IP address.</li>
-	<li><strong>Certificate OCID</strong>: certificate for the application URL</li>
 </ul>
 
 <p><strong>Network</strong>: The stack is designed to create all of its resources in the same VCN. You have the choice
@@ -169,7 +165,9 @@
 	<li>The <strong>load balancer subnet </strong>can either be private (accessible from inside OCI) or public (accessible
 		from both OCI and the Internet). A NSG will be created and configured to allow the communication between the load
 		balancer and the application. If you chose to <em>open the load balancer to the internet</em>, the load balancer
-		subnet will be a public subnet and an Internet Gateway will be created.</li>
+		subnet will be a public subnet and an Internet Gateway will be created. A <strong>reserved IP</strong> address can
+		be used as the load balancer&#39;s public IP.</li>
+	<li>A c<strong>ertificate</strong> can be provided for the application URL</li>
 </ul>
 
 <p>By default the <em>load balancer</em> is configured with minimum and maximum bandwidth of 10Mbps, the health check
diff --git a/ssh_config.template b/ssh_config.template
@@ -1,3 +1,3 @@
 Host devops.scmservice.*.oci.oraclecloud.com
 User ${user}
-IdentityFile ~/.ssh/private-key.pem
+IdentityFile ~/.ssh/api-private-key.pem

Original file line number	Diff line number	Diff line change
`@@ -85,9 +85,6 @@ data "template_file" "deploy_script" {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`data "template_file" "ssh_config" {`
`88`		`- depends_on = [`
`89`		`- local_file.api_private_key`
`90`		`- ]`
`91`	`88`	`template = "${file("${path.module}/ssh_config.template")}"`
`92`	`89`	`vars = {`
`93`	`90`	`"user" = local.ssh_login`