Add files via upload

FortiGate/Active-Passive/New-VCN/terraform/block.tf

@@ -0,0 +1,26 @@
+resource "oci_core_volume" "vm_volume-a" {
+ availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain_a - 1], "name")
+ compartment_id = var.compartment_ocid
+ display_name = "vm_volume-a"
+ size_in_gbs = var.volume_size
+}
+
+resource "oci_core_volume_attachment" "vm_volume_attach-a" {
+ attachment_type = "paravirtualized"
+ instance_id = oci_core_instance.FortiGate-A.id
+ volume_id = oci_core_volume.vm_volume-a.id
+}
+
+
+resource "oci_core_volume" "vm_volume-b" {
+ availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain_b - 1], "name")
+ compartment_id = var.compartment_ocid
+ display_name = "vm_volume-b"
+ size_in_gbs = var.volume_size
+}
+
+resource "oci_core_volume_attachment" "vm_volume_attach-b" {
+ attachment_type = "paravirtualized"
+ instance_id = oci_core_instance.FortiGate-B.id
+ volume_id = oci_core_volume.vm_volume-b.id
+}

FortiGate/Active-Passive/New-VCN/terraform/compute-a.tf

@@ -0,0 +1,152 @@
+resource "oci_core_instance" "FortiGate-A" {
+ availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain_a - 1], "name")
+ compartment_id = var.compartment_ocid
+ display_name = "FortiGate-A"
+ shape = var.instance_shape
+
+ // Uncomment and addapt if you are yousing newer instance types like VM.Standard.E3.Flex
+ # shape_config {
+ # memory_in_gbs = "16"
+ # ocpus = "4"
+ # }
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.mgmt_subnet.id
+ display_name = "FortiGate-A"
+ assign_public_ip = true
+ hostname_label = "vma"
+ private_ip = var.mgmt_private_ip_primary_a
+ }
+
+ source_details {
+ source_type = "image"
+ source_id = var.vm_image_ocid
+
+ //for PIC image: source_id = var.vm_image_ocid
+
+ # Apply this to set the size of the boot volume that's created for this instance.
+ # Otherwise, the default boot volume size of the image is used.
+ # This should only be specified when source_type is set to "image".
+ #boot_volume_size_in_gbs = "60"
+ }
+
+ # Apply the following flag only if you wish to preserve the attached boot volume upon destroying this instance
+ # Setting this and destroying the instance will result in a boot volume that should be managed outside of this config.
+ # When changing this value, make sure to run 'terraform apply' so that it takes effect before the resource is destroyed.
+ #preserve_boot_volume = true
+
+
+ //required for metadata setup via cloud-init
+ metadata = {
+ // ssh_authorized_keys = var.ssh_public_key
+ user_data = base64encode(data.template_file.FortiGate-A_userdata.rendered)
+ }
+
+ timeouts {
+ create = "60m"
+ }
+}
+
+resource "oci_core_vnic_attachment" "vnic_attach_untrust_a" {
+ depends_on = [oci_core_instance.FortiGate-A]
+ instance_id = oci_core_instance.FortiGate-A.id
+ display_name = "vnic_untrust_a"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.untrust_subnet.id
+ display_name = "vnic_untrust_a"
+ assign_public_ip = false
+ skip_source_dest_check = false
+ private_ip = var.untrust_private_ip_primary_a
+ }
+}
+
+resource "oci_core_private_ip" "untrust_private_ip" {
+ #Get Primary VNIC id
+ vnic_id = element(oci_core_vnic_attachment.vnic_attach_untrust_a.*.vnic_id, 0)
+
+ #Optional
+ display_name = "untrust_ip"
+ hostname_label = "untrust"
+ ip_address = var.untrust_floating_private_ip
+}
+
+resource "oci_core_public_ip" "untrust_public_ip" {
+ #Required
+ compartment_id = var.compartment_ocid
+ lifetime = var.untrust_public_ip_lifetime
+
+ #Optional
+ display_name = "vm-untrust"
+ private_ip_id = oci_core_private_ip.untrust_private_ip.id
+}
+
+resource "oci_core_vnic_attachment" "vnic_attach_trust_a" {
+ depends_on = [oci_core_vnic_attachment.vnic_attach_untrust_a]
+ instance_id = oci_core_instance.FortiGate-A.id
+ display_name = "vnic_trust"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.trust_subnet.id
+ display_name = "vnic_trust_a"
+ assign_public_ip = false
+ skip_source_dest_check = true
+ private_ip = var.trust_private_ip_primary_a
+ }
+}
+
+resource "oci_core_private_ip" "trust_private_ip" {
+ #Get Primary VNIC id
+ vnic_id = element(oci_core_vnic_attachment.vnic_attach_trust_a.*.vnic_id, 0)
+
+ #Optional
+ display_name = "trust_ip"
+ hostname_label = "trust"
+ ip_address = var.trust_floating_private_ip
+}
+
+
+resource "oci_core_vnic_attachment" "vnic_attach_hb_a" {
+ depends_on = [oci_core_vnic_attachment.vnic_attach_trust_a]
+ instance_id = oci_core_instance.FortiGate-A.id
+ display_name = "vnic_hb_a"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.hb_subnet.id
+ display_name = "vnic_hb_a"
+ assign_public_ip = false
+ skip_source_dest_check = false
+ private_ip = var.hb_private_ip_primary_a
+ }
+}
+
+
+data "template_file" "FortiGate-A_userdata" {
+
+ template = file(var.bootstrap_FortiGate-A)
+
+ vars = {
+ mgmt_ip = var.mgmt_private_ip_primary_a
+ mgmt_ip_mask = "255.255.255.0"
+ untrust_ip = var.untrust_private_ip_primary_a
+ untrust_ip_mask = "255.255.255.0"
+ trust_ip = var.trust_private_ip_primary_a
+ trust_ip_mask = "255.255.255.0"
+ hb_ip = var.hb_private_ip_primary_a
+ hb_ip_mask = "255.255.255.0"
+ hb_peer_ip = var.hb_private_ip_primary_b
+ untrust_floating_private_ip = var.untrust_floating_private_ip
+ untrust_floating_private_ip_mask = "255.255.255.0"
+ trust_floating_private_ip = var.trust_floating_private_ip
+ trust_floating_private_ip_mask = "255.255.255.0"
+ untrust_subnet_gw = var.untrust_subnet_gateway
+ vcn_cidr = var.vcn_cidr
+ trust_subnet_gw = var.trust_subnet_gateway
+ mgmt_subnet_gw = var.mgmt_subnet_gateway
+
+ tenancy_ocid = var.tenancy_ocid
+ //oci_user_ocid = var.oci_user_ocid
+ compartment_ocid = var.compartment_ocid
+
+ }
+}

FortiGate/Active-Passive/New-VCN/terraform/compute-b.tf

@@ -0,0 +1,123 @@
+resource "oci_core_instance" "FortiGate-B" {
+ depends_on = [oci_core_subnet.hb_subnet]
+ availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain_b - 1], "name")
+ compartment_id = var.compartment_ocid
+ display_name = "FortiGate-B"
+ shape = var.instance_shape
+ // Uncomment and addapt if you are yousing newer instance types like VM.Standard.E3.Flex
+ # shape_config {
+ # memory_in_gbs = "16"
+ # ocpus = "4"
+ # }
+
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.mgmt_subnet.id
+ display_name = "FortiGate-B"
+ assign_public_ip = true
+ hostname_label = "vmb"
+ private_ip = var.mgmt_private_ip_primary_b
+ }
+
+ source_details {
+ source_type = "image"
+ source_id = var.vm_image_ocid
+
+ //for PIC image: source_id = var.vm_image_ocid
+
+ # Apply this to set the size of the boot volume that's created for this instance.
+ # Otherwise, the default boot volume size of the image is used.
+ # This should only be specified when source_type is set to "image".
+ #boot_volume_size_in_gbs = "60"
+ }
+
+ # Apply the following flag only if you wish to preserve the attached boot volume upon destroying this instance
+ # Setting this and destroying the instance will result in a boot volume that should be managed outside of this config.
+ # When changing this value, make sure to run 'terraform apply' so that it takes effect before the resource is destroyed.
+ #preserve_boot_volume = true
+
+
+ //required for metadata setup via cloud-init
+ metadata = {
+ // ssh_authorized_keys = var.ssh_public_key
+ user_data = base64encode(data.template_file.FortiGate-B_userdata.rendered)
+ }
+
+ timeouts {
+ create = "60m"
+ }
+}
+
+resource "oci_core_vnic_attachment" "vnic_attach_untrust_b" {
+ depends_on = [oci_core_instance.FortiGate-B]
+ instance_id = oci_core_instance.FortiGate-B.id
+ display_name = "vnic_untrust_b"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.untrust_subnet.id
+ display_name = "vnic_untrust_b"
+ assign_public_ip = false
+ skip_source_dest_check = false
+ private_ip = var.untrust_private_ip_primary_b
+ }
+}
+
+
+resource "oci_core_vnic_attachment" "vnic_attach_trust_b" {
+ depends_on = [oci_core_vnic_attachment.vnic_attach_untrust_b]
+ instance_id = oci_core_instance.FortiGate-B.id
+ display_name = "vnic_trust"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.trust_subnet.id
+ display_name = "vnic_trust_b"
+ assign_public_ip = false
+ skip_source_dest_check = true
+ private_ip = var.trust_private_ip_primary_b
+ }
+}
+
+
+resource "oci_core_vnic_attachment" "vnic_attach_hb_b" {
+ depends_on = [oci_core_vnic_attachment.vnic_attach_trust_b]
+ instance_id = oci_core_instance.FortiGate-B.id
+ display_name = "vnic_hb_b"
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.hb_subnet.id
+ display_name = "vnic_hb_b"
+ assign_public_ip = false
+ skip_source_dest_check = false
+ private_ip = var.hb_private_ip_primary_b
+ }
+}
+
+
+data "template_file" "FortiGate-B_userdata" {
+ template = file(var.bootstrap_FortiGate-B)
+
+ vars = {
+ mgmt_ip = var.mgmt_private_ip_primary_b
+ mgmt_ip_mask = "255.255.255.0"
+ untrust_ip = var.untrust_private_ip_primary_b
+ untrust_ip_mask = "255.255.255.0"
+ trust_ip = var.trust_private_ip_primary_b
+ trust_ip_mask = "255.255.255.0"
+ hb_ip = var.hb_private_ip_primary_b
+ hb_ip_mask = "255.255.255.0"
+ hb_peer_ip = var.hb_private_ip_primary_a
+ untrust_floating_private_ip = var.untrust_floating_private_ip
+ untrust_floating_private_ip_mask = "255.255.255.0"
+ trust_floating_private_ip = var.trust_floating_private_ip
+ trust_floating_private_ip_mask = "255.255.255.0"
+ untrust_subnet_gw = var.untrust_subnet_gateway
+ vcn_cidr = var.vcn_cidr
+ trust_subnet_gw = var.trust_subnet_gateway
+ mgmt_subnet_gw = var.mgmt_subnet_gateway
+
+ tenancy_ocid = var.tenancy_ocid
+ //oci_user_ocid = var.oci_user_ocid
+ compartment_ocid = var.compartment_ocid
+
+ }
+}

FortiGate/Active-Passive/New-VCN/terraform/datasources.tf

@@ -0,0 +1,20 @@
+# Gets a list of Availability Domains
+
+data "oci_identity_availability_domains" "ads" {
+ compartment_id = var.tenancy_ocid
+}
+
+# Gets the boot volume attachments for each instance
+data "oci_core_boot_volume_attachments" "block_attach-a" {
+ depends_on = [oci_core_instance.FortiGate-A]
+ availability_domain = oci_core_instance.FortiGate-A.availability_domain
+ compartment_id = var.compartment_ocid
+ instance_id = oci_core_instance.FortiGate-A.id
+}
+
+data "oci_core_boot_volume_attachments" "block_attach-b" {
+ depends_on = [oci_core_instance.FortiGate-B]
+ availability_domain = oci_core_instance.FortiGate-B.availability_domain
+ compartment_id = var.compartment_ocid
+ instance_id = oci_core_instance.FortiGate-B.id
+}

FortiGate/Active-Passive/New-VCN/terraform/image_subscription.tf

@@ -0,0 +1,38 @@
+//Local variables pointing to the Marketplace catalog resource
+locals {
+ mp_listing_id = var.mp_listing_id
+ mp_listing_resource_id = var.vm_image_ocid
+ mp_listing_resource_version = var.mp_listing_resource_version
+}
+
+//Get Image Agreement
+resource "oci_core_app_catalog_listing_resource_version_agreement" "mp_image_agreement" {
+ listing_id = local.mp_listing_id
+ listing_resource_version = local.mp_listing_resource_version
+}
+
+//Accept Terms and Subscribe to the image, placing the image in a particular compartment
+resource "oci_core_app_catalog_subscription" "mp_image_subscription" {
+ compartment_id = var.compartment_ocid
+ eula_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.eula_link
+ listing_id = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_id
+ listing_resource_version = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_resource_version
+ oracle_terms_of_use_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.oracle_terms_of_use_link
+ signature = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.signature
+ time_retrieved = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.time_retrieved
+
+ timeouts {
+ create = "30m"
+ }
+}
+
+// Gets the partner image subscription
+data "oci_core_app_catalog_subscriptions" "mp_image_subscription" {
+ #Required
+ compartment_id = var.compartment_ocid
+ listing_id = local.mp_listing_id
+ filter {
+ name = "listing_resource_version"
+ values = ["${local.mp_listing_resource_version}"]
+ }
+}