Add files via upload

40net-cloud · Dec 11, 2023 · d769b68 · d769b68
1 parent f3d2b30
commit d769b68
Show file tree

Hide file tree

Showing 8 changed files with 307 additions and 0 deletions.
diff --git a/FortiManager/New-VCN/BYOL/terraform/block.tf b/FortiManager/New-VCN/BYOL/terraform/block.tf
@@ -0,0 +1,12 @@
+resource "oci_core_volume" "vm_volume" {
+ availability_domain = data.oci_identity_availability_domain.ad.name
+ compartment_id = var.compartment_ocid
+ display_name = "vm_volume"
+ size_in_gbs = var.volume_size
+}
+
+resource "oci_core_volume_attachment" "vm_volume_attach" {
+ attachment_type = "paravirtualized"
+ instance_id = oci_core_instance.FortiManager.id
+ volume_id = oci_core_volume.vm_volume.id
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/compute.tf b/FortiManager/New-VCN/BYOL/terraform/compute.tf
@@ -0,0 +1,34 @@
+resource "oci_core_instance" "FortiManager" {
+ availability_domain = data.oci_identity_availability_domain.ad.name
+ compartment_id = var.compartment_ocid
+ display_name = "FortiManager"
+ shape = var.instance_shape
+
+ // Uncomment and addapt if you are yousing newer instance types like VM.Standard.E3.Flex
+ # shape_config {
+ # memory_in_gbs = "16"
+ # ocpus = "4"
+ # }
+
+ create_vnic_details {
+ subnet_id = oci_core_subnet.untrust_subnet.id
+ display_name = "FortiManager"
+ assign_public_ip = true
+ hostname_label = "vma"
+ private_ip = var.untrust_private_ip
+ }
+
+ source_details {
+ source_type = "image"
+ source_id = var.vm_image_ocid
+ }
+
+ # Apply the following flag only if you wish to preserve the attached boot volume upon destroying this instance
+ # Setting this and destroying the instance will result in a boot volume that should be managed outside of this config.
+ # When changing this value, make sure to run 'terraform apply' so that it takes effect before the resource is destroyed.
+ #preserve_boot_volume = true
+
+ timeouts {
+ create = "60m"
+ }
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/datasources.tf b/FortiManager/New-VCN/BYOL/terraform/datasources.tf
@@ -0,0 +1,13 @@
+# Gets a list of Availability Domains
+data "oci_identity_availability_domain" "ad" {
+ compartment_id = var.tenancy_ocid
+ ad_number = var.availability_domain
+}
+
+# Gets the boot volume attachments for each instance
+data "oci_core_boot_volume_attachments" "block_attach" {
+ depends_on = [oci_core_instance.FortiManager]
+ availability_domain = data.oci_identity_availability_domain.ad.name
+ compartment_id = var.compartment_ocid
+ instance_id = oci_core_instance.FortiManager.id
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/image_subscription.tf b/FortiManager/New-VCN/BYOL/terraform/image_subscription.tf
@@ -0,0 +1,38 @@
+//Local variables pointing to the Marketplace catalog resource
+locals {
+ mp_listing_id = var.mp_listing_id
+ mp_listing_resource_id = var.vm_image_ocid
+ mp_listing_resource_version = var.mp_listing_resource_version
+}
+
+//Get Image Agreement
+resource "oci_core_app_catalog_listing_resource_version_agreement" "mp_image_agreement" {
+ listing_id = local.mp_listing_id
+ listing_resource_version = local.mp_listing_resource_version
+}
+
+//Accept Terms and Subscribe to the image, placing the image in a particular compartment
+resource "oci_core_app_catalog_subscription" "mp_image_subscription" {
+ compartment_id = var.compartment_ocid
+ eula_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.eula_link
+ listing_id = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_id
+ listing_resource_version = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_resource_version
+ oracle_terms_of_use_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.oracle_terms_of_use_link
+ signature = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.signature
+ time_retrieved = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.time_retrieved
+
+ timeouts {
+ create = "30m"
+ }
+}
+
+// Gets the partner image subscription
+data "oci_core_app_catalog_subscriptions" "mp_image_subscription" {
+ #Required
+ compartment_id = var.compartment_ocid
+ listing_id = local.mp_listing_id
+ filter {
+ name = "listing_resource_version"
+ values = ["${local.mp_listing_resource_version}"]
+ }
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/network.tf b/FortiManager/New-VCN/BYOL/terraform/network.tf
@@ -0,0 +1,116 @@
+#######################################
+# VCN & IGW SETTINGS #
+#######################################
+// VCN CIDR config
+resource "oci_core_virtual_network" "my_vcn" {
+ cidr_block = var.vcn_cidr
+ compartment_id = var.compartment_ocid
+ display_name = "my-vcn"
+ dns_label = "myvcn"
+}
+// Internet Gateway config
+resource "oci_core_internet_gateway" "igw" {
+ compartment_id = var.compartment_ocid
+ display_name = "igw"
+ vcn_id = oci_core_virtual_network.my_vcn.id
+}
+#######################################
+# UNTRUST NETWORK SETTINGS #
+#######################################
+// Untrust Route Table
+resource "oci_core_route_table" "untrust_routetable" {
+ compartment_id = var.compartment_ocid
+ vcn_id = oci_core_virtual_network.my_vcn.id
+ display_name = "untrust-rt"
+
+ route_rules {
+ destination = "0.0.0.0/0"
+ network_entity_id = oci_core_internet_gateway.igw.id
+ }
+}
+// Untrust Subnet
+resource "oci_core_subnet" "untrust_subnet" {
+ cidr_block = var.untrust_subnet_cidr
+ display_name = "untrust"
+ compartment_id = var.compartment_ocid
+ vcn_id = oci_core_virtual_network.my_vcn.id
+ route_table_id = oci_core_route_table.untrust_routetable.id
+ security_list_ids = [oci_core_virtual_network.my_vcn.default_security_list_id, oci_core_security_list.untrust_security_list.id]
+ dhcp_options_id = oci_core_virtual_network.my_vcn.default_dhcp_options_id
+ dns_label = "mgmt"
+}
+
+// Untrust Security List
+# Protocols are specified as protocol numbers.
+# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+resource "oci_core_security_list" "untrust_security_list" {
+ compartment_id = var.compartment_ocid
+ vcn_id = oci_core_virtual_network.my_vcn.id
+ display_name = "untrust-security-list"
+
+ // allow outbound tcp traffic on all ports
+ egress_security_rules {
+ destination = "0.0.0.0/0"
+ protocol = "6" //tcp
+ }
+
+ // allow inbound http (port 80) traffic
+ ingress_security_rules {
+ protocol = "6" // tcp
+ source = "0.0.0.0/0"
+ stateless = false
+
+ tcp_options {
+ min = 80
+ max = 80
+ }
+ }
+
+ // allow inbound http (port 443) traffic
+ ingress_security_rules {
+ protocol = "6" // tcp
+ source = "0.0.0.0/0"
+ stateless = false
+
+ tcp_options {
+ min = 443
+ max = 443
+ }
+ }
+
+ // allow inbound traffic to port 5901 (vnc)
+ ingress_security_rules {
+ protocol = "6" // tcp
+ source = "0.0.0.0/0"
+ stateless = false
+
+ tcp_options {
+ min = 5901
+ max = 5901
+ }
+ }
+
+ // allow inbound ssh traffic
+ ingress_security_rules {
+ protocol = "6" // tcp
+ source = "0.0.0.0/0"
+ stateless = false
+
+ tcp_options {
+ min = 22
+ max = 22
+ }
+ }
+
+ // allow inbound icmp traffic of a specific type
+ ingress_security_rules {
+ protocol = 1
+ source = "0.0.0.0/0"
+ stateless = false
+
+ icmp_options {
+ type = 3
+ code = 4
+ }
+ }
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/output.tf b/FortiManager/New-VCN/BYOL/terraform/output.tf
@@ -0,0 +1,9 @@
+# Output the private and public IPs of the instance
+
+output "Mgmt-FortiManager-PublicIP" {
+ value = [oci_core_instance.FortiManager.*.public_ip]
+}
+
+output "FortiManager-ID" {
+ value = [oci_core_instance.FortiManager.id]
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/provider.tf b/FortiManager/New-VCN/BYOL/terraform/provider.tf
@@ -0,0 +1,18 @@
+provider "oci" {
+ tenancy_ocid = var.tenancy_ocid
+ user_ocid = var.user_ocid
+ fingerprint = var.fingerprint
+ private_key_path = var.private_key_path
+ region = var.region
+}
+
+terraform {
+ required_version = ">=1.0"
+ required_providers {
+ oci = {
+ source = "oracle/oci"
+ version = ">=3.69.0"
+ }
+ template = ">=2.1.2"
+ }
+}
diff --git a/FortiManager/New-VCN/BYOL/terraform/variables.tf b/FortiManager/New-VCN/BYOL/terraform/variables.tf
@@ -0,0 +1,67 @@
+variable "tenancy_ocid" {}
+variable "compartment_ocid" {}
+variable "user_ocid" {
+ default = ""
+}
+variable "private_key_path" {
+ default = ""
+}
+variable "fingerprint" {
+ default = ""
+}
+variable "region" {
+ description = "Oracle Cloud region"
+}
+
+##VCN and SUBNET ADDRESSESS
+variable "vcn_cidr" {
+ default = "10.1.0.0/16"
+}
+
+variable "untrust_subnet_cidr" {
+ default = "10.1.1.0/24"
+}
+
+variable "untrust_subnet_gateway" {
+ default = "10.1.1.1"
+}
+
+#FIREWALL IPs
+
+variable "untrust_private_ip" {
+ default = "10.1.1.10"
+}
+
+variable "vm_image_ocid" {
+ default = "ocid1.image.oc1..aaaaaaaaqn5cldxcwqmebswez75wksr2brcbujzbapil4bztfope3fw7gika"
+}
+
+variable "mp_listing_id" {
+ default = "ocid1.appcataloglisting.oc1..aaaaaaaawpkjzjrzqhd6m4q6j6qfkwsiqaqnv5f5juup6z2lvyg56wjbcbyq" //BYOL
+}
+
+// Version
+variable "mp_listing_resource_version" {
+ default = "7.4.0_Paravirtualized_Mode"
+}
+variable "instance_shape" {
+ default = "VM.Standard2.4"
+}
+
+# Choose an Availability Domain (1,2,3)
+variable "availability_domain" {
+ default = "1"
+}
+
+variable "volume_size" {
+ default = "50" //GB
+}
+
+variable "bootstrap_FortiGate" {
+ default = "./userdata/bootstrap_FortiGate.tpl"
+}
+
+variable "untrust_public_ip_lifetime" {
+ default = "RESERVED"
+ //or EPHEMERAL
+}