oracle-quickstart · skommala · Apr 18, 2023 · May 9, 2023 · May 10, 2023 · May 11, 2023
diff --git a/builds/build_cli.sh b/builds/build_cli.sh
@@ -80,6 +80,8 @@ replace_variables()
   sed -i '/variable "generate_dg_tag" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/variables.tf
   sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/mp_variables.tf
   sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = \"'"$SCRIPTS_VERSION"'\"' ${TMP_BUILD}/variables.tf
+  sed -i '/variable "is_rms_private_endpoint_required" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/variables.tf
+  sed -i '/variable "is_bastion_instance_required" {/!b;n;n;n;cdefault = true' ${TMP_BUILD}/bastion_variables.tf
 }
 
 

diff --git a/solutions/jrf/jrf_instance.tfvars b/solutions/jrf/jrf_instance.tfvars
@@ -26,7 +26,10 @@ wls_node_count = 2
 wls_availability_domain_name = "<availability_domain_name>"
 wls_subnet_id = "ocid1.subnet.xxxxxxxxxxxxxxx"
 
-### Bastion parameters to create new bastion instance
+### Resource Manager Private Endpoint parameter
+is_rms_private_endpoint_required = false
+
+### Bastion instance parameters
 is_bastion_instance_required = true
 bastion_subnet_id = "ocid1.subnet.xxxxxxxxxxxxxxx"
-bastion_instance_shape = "VM.Standard.E4.Flex"
+bastion_instance_shape = "VM.Standard.E4.Flex"
diff --git a/terraform/bastion_variables.tf b/terraform/bastion_variables.tf
@@ -4,7 +4,7 @@
 variable "is_bastion_instance_required" {
   type        = bool
   description = "Set to true to use a bastion, either new or existing. If existing_bastion_instance_id is blank, a new bastion will be created"
-  default     = true
+  default     = false
 }
 
 variable "existing_bastion_instance_id" {

diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -84,7 +84,6 @@ locals {
   lb_subnet_1_name = var.is_lb_private ? "lbprist1" : "lbpubst1"
   lb_subnet_2_name = var.is_lb_private ? "lbprist2" : "lbpubst2"
 
-
   lb_id = local.use_existing_lb ? var.existing_load_balancer_id : local.new_lb_id
   lb_ip = local.use_existing_lb ? local.existing_lb_ip : local.new_lb_ip
 
@@ -105,7 +104,7 @@ locals {
     local.lb_ip,
   ) : ""
 
-  async_prov_mode = !local.assign_weblogic_public_ip && !var.is_bastion_instance_required ? "Asynchronous provisioning is enabled. Connect to each compute instance and confirm that the file /u01/data/domains/${format("%s_domain", local.service_name_prefix)}/provCompletedMarker exists. Details are found in the file /u01/logs/provisioning.log." : ""
+  async_prov_mode = !local.assign_weblogic_public_ip && !var.is_rms_private_endpoint_required && !var.is_bastion_instance_required ? "Asynchronous provisioning is enabled. Connect to each compute instance and confirm that the file /u01/data/domains/${format("%s_domain", local.service_name_prefix)}/provCompletedMarker exists. Details are found in the file /u01/logs/provisioning.log." : ""
 
   jdk_labels  = { jdk7 = "JDK 7", jdk8 = "JDK 8", jdk11 = "JDK 11" }
   jdk_version = var.wls_version == "14.1.1.0" ? local.jdk_labels[var.wls_14c_jdk_version] : (var.wls_version == "11.1.1.7" ? local.jdk_labels["jdk7"] : local.jdk_labels["jdk8"])
@@ -151,13 +150,11 @@ locals {
   use_apm_service           = (var.use_apm_service || var.use_autoscaling)
   apm_domain_compartment_id = local.use_apm_service ? lookup(data.oci_apm_apm_domain.apm_domain[0], "compartment_id") : ""
 
-
-
   ocir_namespace = data.oci_objectstorage_namespace.object_namespace.namespace
 
-  ocir_namespace_with_slash = format("%s/",local.ocir_namespace)
-  ocir_user_starts_with = substr(var.ocir_user, 0, length(local.ocir_namespace_with_slash))
-  ocir_user =  local.ocir_user_starts_with == local.ocir_namespace_with_slash ? var.ocir_user :  "${format("%s%s", local.ocir_namespace_with_slash, var.ocir_user)}"
+  ocir_namespace_with_slash = format("%s/", local.ocir_namespace)
+  ocir_user_starts_with     = substr(var.ocir_user, 0, length(local.ocir_namespace_with_slash))
+  ocir_user                 = local.ocir_user_starts_with == local.ocir_namespace_with_slash ? var.ocir_user : "${format("%s%s", local.ocir_namespace_with_slash, var.ocir_user)}"
 
   region_keys         = data.oci_identity_regions.all_regions.regions.*.key
   region_names        = data.oci_identity_regions.all_regions.regions.*.name
@@ -180,4 +177,11 @@ locals {
     "instanceShape" = var.bastion_instance_shape,
     "ocpus"         = 1
   }
+
+  is_bastion_instance_required = (var.is_bastion_instance_required && var.subnet_type != "Use Public Subnet") || var.wls_existing_vcn_id == "" || (var.wls_existing_vcn_id != "" && var.wls_subnet_id == "") ? true : false
+
+  # Resource Manager Endpoint
+  is_rms_private_endpoint_required  = var.is_rms_private_endpoint_required && var.wls_existing_vcn_id != "" && var.wls_subnet_id != "" && !local.assign_weblogic_public_ip ? true : false
+  add_new_rms_private_endpoint      = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Create New Resource Manager Endpoint" ? true : false
+  add_existing_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Use Existing Resource Manager Endpoint" ? true : false
 }
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -72,7 +72,7 @@ module "network-vcn-config" {
   create_load_balancer         = local.add_load_balancer
   resource_name_prefix         = local.service_name_prefix
   bastion_subnet_cidr          = local.bastion_subnet_cidr
-  is_bastion_instance_required = var.is_bastion_instance_required
+  is_bastion_instance_required = local.is_bastion_instance_required
   existing_bastion_instance_id = var.existing_bastion_instance_id
   vcn_cidr                     = var.wls_vcn_name == "" ? data.oci_core_vcn.wls_vcn[0].cidr_block : element(concat(module.network-vcn.*.vcn_cidr, tolist([""])), 0)
   existing_mt_subnet_id        = var.mount_target_subnet_id
@@ -116,7 +116,7 @@ module "network-lb-nsg" {
 
 module "network-bastion-nsg" {
   source         = "./modules/network/nsg"
-  count          = var.is_bastion_instance_required && var.existing_bastion_instance_id == "" && !local.use_existing_subnets && local.bastion_subnet_cidr != "" ? 1 : 0
+  count          = local.is_bastion_instance_required && var.existing_bastion_instance_id == "" && !local.use_existing_subnets && local.bastion_subnet_cidr != "" ? 1 : 0
   compartment_id = local.network_compartment_id
   vcn_id         = local.vcn_id
   nsg_name       = "${local.service_name_prefix}-bastion-nsg"
@@ -190,13 +190,13 @@ module "network-lb-subnet-1" {
 /* Create back end subnet for bastion subnet */
 module "network-bastion-subnet" {
   source             = "./modules/network/subnet"
-  count              = !local.assign_weblogic_public_ip && var.bastion_subnet_id == "" && var.is_bastion_instance_required && var.existing_bastion_instance_id == "" ? 1 : 0
+  count              = !local.assign_weblogic_public_ip && var.bastion_subnet_id == "" && local.is_bastion_instance_required && var.existing_bastion_instance_id == "" ? 1 : 0
   compartment_id     = local.network_compartment_id
   vcn_id             = local.vcn_id
   dhcp_options_id    = length(module.network-vcn-config) > 0 ? module.network-vcn-config[0].dhcp_options_id : ""
   route_table_id     = length(module.network-vcn-config) > 0 ? module.network-vcn-config[0].route_table_id : ""
   subnet_name        = "${local.service_name_prefix}-${var.bastion_subnet_name}"
-  dns_label          = "${var.bastion_subnet_name}-${substr(uuid(), -7, -1)}"
+  dns_label          = local.is_bastion_instance_required && local.is_rms_private_endpoint_required ? format("%s-%s", var.bastion_subnet_name, substr(strrev(var.service_name), 0, 7)) : "${var.bastion_subnet_name}-${substr(uuid(), -7, -1)}"
   cidr_block         = local.bastion_subnet_cidr
   prohibit_public_ip = false
 
@@ -223,28 +223,29 @@ module "policies" {
     defined_tags  = local.defined_tags
     freeform_tags = local.free_form_tags
   }
-  atp_db                      = local.atp_db
-  oci_db                      = local.oci_db
-  vcn_id                      = element(concat(module.network-vcn[*].vcn_id, [""]), 0)
-  wls_existing_vcn_id         = var.wls_existing_vcn_id
-  is_idcs_selected            = var.is_idcs_selected
-  idcs_client_secret_id       = var.idcs_client_secret_id
-  use_oci_logging             = var.use_oci_logging
-  use_apm_service             = local.use_apm_service
-  apm_domain_compartment_id   = local.apm_domain_compartment_id
-  use_autoscaling             = var.use_autoscaling
-  ocir_auth_token_id          = var.ocir_auth_token_id
-  add_fss                     = var.add_fss
-  add_load_balancer           = local.add_load_balancer
-  fss_compartment_id          = var.fss_compartment_id == "" ? var.compartment_ocid : var.fss_compartment_id
-  mount_target_compartment_id = var.mount_target_compartment_id == "" ? var.compartment_ocid : var.mount_target_compartment_id
-}
+  atp_db                           = local.atp_db
+  oci_db                           = local.oci_db
+  vcn_id                           = element(concat(module.network-vcn[*].vcn_id, [""]), 0)
+  wls_existing_vcn_id              = var.wls_existing_vcn_id
+  is_idcs_selected                 = var.is_idcs_selected
+  idcs_client_secret_id            = var.idcs_client_secret_id
+  use_oci_logging                  = var.use_oci_logging
+  use_apm_service                  = local.use_apm_service
+  apm_domain_compartment_id        = local.apm_domain_compartment_id
+  use_autoscaling                  = var.use_autoscaling
+  ocir_auth_token_id               = var.ocir_auth_token_id
+  add_fss                          = var.add_fss
+  add_load_balancer                = local.add_load_balancer
+  fss_compartment_id               = var.fss_compartment_id == "" ? var.compartment_ocid : var.fss_compartment_id
+  mount_target_compartment_id      = var.mount_target_compartment_id == "" ? var.compartment_ocid : var.mount_target_compartment_id
+  is_rms_private_endpoint_required = local.is_rms_private_endpoint_required
 
+}
 
 module "bastion" {
   #depends_on          = [module.network-validation]
   source              = "./modules/compute/bastion"
-  count               = (!local.assign_weblogic_public_ip && var.is_bastion_instance_required && var.existing_bastion_instance_id == "") ? 1 : 0
+  count               = (!local.assign_weblogic_public_ip && local.is_bastion_instance_required && var.existing_bastion_instance_id == "") ? 1 : 0
   availability_domain = local.bastion_availability_domain
   bastion_subnet_id   = var.bastion_subnet_id != "" ? var.bastion_subnet_id : module.network-bastion-subnet[0].subnet_id
 
@@ -349,7 +350,7 @@ module "vcn-peering" {
 
 module "validators" {
   #depends_on = [module.network-validation]
-  source     = "./modules/validators"
+  source                     = "./modules/validators"
   compartment_id             = var.compartment_ocid
   service_name               = var.service_name
   wls_ms_port                = var.wls_ms_extern_port
@@ -394,7 +395,7 @@ module "validators" {
   lb_subnet_1_cidr             = var.lb_subnet_1_cidr
   bastion_subnet_cidr          = local.bastion_subnet_cidr
   assign_public_ip             = local.assign_weblogic_public_ip
-  is_bastion_instance_required = var.is_bastion_instance_required
+  is_bastion_instance_required = local.is_bastion_instance_required
   existing_bastion_instance_id = var.existing_bastion_instance_id
   bastion_ssh_private_key      = var.bastion_ssh_private_key
 
@@ -468,8 +469,8 @@ module "validators" {
 
 module "fss" {
   #depends_on = [module.network-validation]
-  source     = "./modules/fss"
-  count      = var.add_fss ? 1 : 0
+  source = "./modules/fss"
+  count  = var.add_fss ? 1 : 0
 
   compartment_id      = var.compartment_ocid
   availability_domain = local.fss_availability_domain
@@ -491,8 +492,8 @@ module "fss" {
 
 module "load-balancer" {
   #depends_on = [module.network-validation]
-  source     = "./modules/lb/loadbalancer"
-  count      = (local.add_load_balancer && var.existing_load_balancer_id == "") ? 1 : 0
+  source = "./modules/lb/loadbalancer"
+  count  = (local.add_load_balancer && var.existing_load_balancer_id == "") ? 1 : 0
 
   compartment_id           = local.network_compartment_id
   lb_reserved_public_ip_id = compact([var.lb_reserved_public_ip_id])
@@ -510,10 +511,26 @@ module "load-balancer" {
   }
 }
 
+module "rms-private-endpoint" {
+  source = "./modules/rms-private-endpoint"
+  count  = local.is_rms_private_endpoint_required && local.add_new_rms_private_endpoint ? 1 : 0
+
+  vcn_id                     = local.vcn_id
+  compartment_id             = local.network_compartment_id
+  private_endpoint_subnet_id = var.wls_subnet_id != "" ? var.wls_subnet_id : element(concat(module.network-wls-private-subnet[*].subnet_id, [""]), 0)
+  private_endpoint_nsg_id    = var.wls_subnet_id != "" ? (var.add_existing_nsg ? [var.existing_admin_server_nsg_id] : []) : element(module.network-compute-admin-nsg[*].nsg_id, 0)
+  resource_name_prefix       = var.service_name
+
+  tags = {
+    defined_tags  = local.defined_tags
+    freeform_tags = local.free_form_tags
+  }
+}
+
 module "observability-common" {
   #depends_on = [module.network-validation]
-  source     = "./modules/observability/common"
-  count      = var.use_oci_logging ? 1 : 0
+  source = "./modules/observability/common"
+  count  = var.use_oci_logging ? 1 : 0
 
   compartment_id      = var.compartment_ocid
   service_prefix_name = local.service_name_prefix
@@ -522,8 +539,8 @@ module "observability-common" {
 
 module "observability-autoscaling" {
   #depends_on = [module.network-validation]
-  source     = "./modules/observability/autoscaling"
-  count      = var.use_autoscaling ? 1 : 0
+  source = "./modules/observability/autoscaling"
+  count  = var.use_autoscaling ? 1 : 0
 
   compartment_id        = var.compartment_ocid
   metric_compartment_id = local.apm_domain_compartment_id
@@ -608,7 +625,7 @@ module "compute" {
 
   deploy_sample_app = local.deploy_sample_app
 
-  is_bastion_instance_required = var.is_bastion_instance_required
+  is_bastion_instance_required = local.is_bastion_instance_required
 
   is_idcs_selected      = var.is_idcs_selected
   idcs_host             = var.idcs_host
@@ -683,8 +700,8 @@ module "compute" {
 
 module "load-balancer-backends" {
   #depends_on = [module.network-validation]
-  source     = "./modules/lb/backends"
-  count      = local.add_load_balancer ? 1 : 0
+  source = "./modules/lb/backends"
+  count  = local.add_load_balancer ? 1 : 0
 
   resource_name_prefix = local.service_name_prefix
   load_balancer_id     = local.add_load_balancer ? (var.existing_load_balancer_id != "" ? var.existing_load_balancer_id : element(coalescelist(module.load-balancer[*].wls_loadbalancer_id, [""]), 0)) : ""
@@ -698,8 +715,8 @@ module "load-balancer-backends" {
 
 module "observability-logging" {
   #depends_on = [module.network-validation]
-  source     = "./modules/observability/logging"
-  count      = var.use_oci_logging ? 1 : 0
+  source = "./modules/observability/logging"
+  count  = var.use_oci_logging ? 1 : 0
 
   compartment_id                        = var.compartment_ocid
   oci_managed_instances_principal_group = element(concat(module.policies[*].oci_managed_instances_principal_group, [""]), 0)
@@ -716,16 +733,18 @@ module "observability-logging" {
 
 module "provisioners" {
   #depends_on = [module.network-validation]
-  source     = "./modules/provisioners"
-
-  existing_bastion_instance_id = var.existing_bastion_instance_id
-  host_ips                     = coalescelist(compact(module.compute.instance_public_ips), compact(module.compute.instance_private_ips), [""])
-  num_vm_instances             = var.wls_node_count
-  ssh_private_key              = module.compute.ssh_private_key_opc
-  assign_public_ip             = local.assign_weblogic_public_ip
-  bastion_host                 = local.assign_weblogic_public_ip || !var.is_bastion_instance_required ? "" : var.existing_bastion_instance_id == "" ? module.bastion[0].public_ip : data.oci_core_instance.existing_bastion_instance[0].public_ip
-  bastion_host_private_key     = local.assign_weblogic_public_ip || !var.is_bastion_instance_required ? "" : var.existing_bastion_instance_id == "" ? module.bastion[0].bastion_private_ssh_key : file(var.bastion_ssh_private_key)
-  is_bastion_instance_required = var.is_bastion_instance_required
+  source = "./modules/provisioners"
+
+  existing_bastion_instance_id     = var.existing_bastion_instance_id
+  host_ips                         = coalescelist(compact(module.compute.instance_public_ips), compact(module.compute.instance_private_ips), [""])
+  num_vm_instances                 = var.wls_node_count
+  ssh_private_key                  = module.compute.ssh_private_key_opc
+  is_rms_private_endpoint_required = local.is_rms_private_endpoint_required
+  rms_private_endpoint_id          = local.is_rms_private_endpoint_required ? local.add_new_rms_private_endpoint ? module.rms-private-endpoint[0].rms_private_endpoint_id : var.rms_existing_private_endpoint_id : ""
+  assign_public_ip                 = local.assign_weblogic_public_ip
+  bastion_host                     = local.assign_weblogic_public_ip || !local.is_bastion_instance_required ? "" : var.existing_bastion_instance_id == "" ? module.bastion[0].public_ip : data.oci_core_instance.existing_bastion_instance[0].public_ip
+  bastion_host_private_key         = local.assign_weblogic_public_ip || !local.is_bastion_instance_required ? "" : var.existing_bastion_instance_id == "" ? module.bastion[0].bastion_private_ssh_key : file(var.bastion_ssh_private_key)
+  is_bastion_instance_required     = local.is_bastion_instance_required
 
   mode                             = var.mode
   wlsoci_vmscripts_zip_bundle_path = var.wlsoci_vmscripts_zip_bundle_path