In a previous blog post I wrote how to build a small and secure development environment in Oracle Cloud Infrastructure with an OpenVPN entry point and a compute instance in a private setup. Now there is the Terraform code available in GitHub to setup it on an easy and reusable way:
terraform-examples/oci/openvpnas at main · Trivadis/terraform-examples (github.com)
What you get
After executing the code, you will get this setup here:
- an OpenVPN Access Server from OCI Marketplace
- a Compute Instance
Prerequisites
- Oracle OCI CLI installed and configured
- Terraform up and running
- Git client installed
SSH Key Access
An example private and public SSH key to get access on the compute instance in the private subnet is provided in subdirectory SSH, if you want to use your own SSH key – which is highly recommended – just replace the public key variable in file variables.tf with your own key:
variable "ssh_public_key" { default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbytm9y7UigHeV2L0vUXWqFiplf9ntG9VMUBGwEoWATV6Ir/4udvObm/6dFCltVmvHVWD5XdbXWvyz9is69jH3Cb2hOUtyZMeXJBTtXnMuC0HaN7zHmrV6qfkQDiRpJNHCEpD3LhAL2VG7tViqCC9rSTEfezKibjGXVl1R606xp57oduuT1V4g82+BLYKdEsDAfgVLI8z23dSYyzd3Kb6ikqG+9wSA1KWWb051KE8ofRtL+FD5cZ/uGLwhczIbMaEZjHs5Zv5L9kWKUU4nBIxv4RN2QjbpFQ+EoTVVZqPeT1eILKEuOFPy5s42AA1an4FMdSoLmEuRtC0sIoR5L5kj imported-openssh-key" type = string }
Some Code Snippets
Terraform State File
In file backend.tf, the Terraform state is set to local, there is also an example to store your state file in OCI Object Store. Please prepare the bucket first according the documentation here: Using Object Storage for State Files (oracle.com). Example:
# define remote state file for terraform terraform { required_version = ">= 0.13.0" backend "http" { update_method = "PUT" address = "https://objectstorage.eu-zurich-1.oraclecloud.com/p/............./b/terraform_state_file/o/terraform.tfstate" } }
Compute Instance Image
The compute instance as defined in compute.tf uses this images according your location – for other data centers or images, follow here is the link where all images are listed: https://docs.us-phoenix-1.oraclecloud.com/images/
variable "linux_image_ocid" { type = map(any) default = { # See https://docs.us-phoenix-1.oraclecloud.com/images/ # Oracle-provided image "Oracle-Linux-7.8-2020.04.17-0" eu-zurich-1 = "ocid1.image.oc1.eu-zurich-1.aaaaaaaa5ganyj57k2dqyik4m4btpuq23le3e7clh56rjhgz6fekvtoyazqa" eu-frankfurt-1 = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaavz6p7tyrczcwd5uvq6x2wqkbwcrjjbuohbjomtzv32k5bq24rsha" eu-amsterdam-1 = "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaaie5km236l53ymcvpwufyb2srtc3hw2pa6astfjdafzlxxdv5nfsq" us-ashburn-1 = "ocid1.image.oc1.iad.aaaaaaaahjkmmew2pjrcpylaf6zdddtom6xjnazwptervti35keqd4fdylca" } }
OpenVPN Marketplace Image
variable "mp_listing_id" { description = "OCI Marketplace Listing ID" default = "ocid1.appcataloglisting.oc1..aaaaaaaafbgwdxg5j6jnyfhbcxvd62iabcraaf6bwu2u2nhrddztrrle66lq" type = string } variable "mp_listing_resource_id" { description = "OCI Marketplace Listing Resource ID" default = "ocid1.image.oc1..aaaaaaaa4ozqggnywlp3e3wzvu5x3aoohkt6cwm2pumgpn2tlzroj756azma" type = string } variable "mp_listing_resource_version" { description = "OCI Marketplace Listing Version" default = "AS_2.8.3" type = string }
Let’s Terraform it
0: Clone GitHub Directory
And go to openvpnas subdirectory.
$ git clone https://github.com/Trivadis/terraform-examples.git Cloning into 'terraform-examples'... remote: Enumerating objects: 241, done. remote: Counting objects: 100% (241/241), done. remote: Compressing objects: 100% (155/155), done. remote: Total 241 (delta 130), reused 155 (delta 72), pack-reused 0 Receiving objects: 100% (241/241), 230.16 KiB | 0 bytes/s, done. Resolving deltas: 100% (130/130), done. Checking connectivity... done. $ cd terraform-examples/oci/openvpnas
1st: Set Variables
export TF_VAR_tenancy_ocid=<your_tenancy_ocid> export TF_VAR_user_ocid=<your_username_OCID> export TF_VAR_private_key_path=<your_ssh_private_key> export TF_VAR_fingerprint=<your_public_key_fingerprint> export TF_VAR_region=<your_OCI_region> export TF_VAR_compartment_name=<your_compartment_name> export TF_VAR_compartment_description=<your_compartment_description> export TF_VAR_compartment_master_ocid=<your_OCID of the master compartment> export TF_VAR_openvpn_admin_password=<your_openvpn_inital_password_for_user_openvpnadmin>
2nd: terraform init, plan and apply
$ terraform init $ terraform plan $ terraform apply
Login and Go!
And after some minutes – you can get access to the OpenVPN Administrator Dashboard or get your client or profile. All required information like OpenVPN Access Server public IP, URL etc. are provided in the Terraform output.
Login into the compute instance with the private key and the private subnet IP address when the VPN tunnel is up and running:
Links and Documents
- A good point to start: Terraform: Set Up a Simple Infrastructure with OCI Terraform (oracle.com)
- Getting started with the Terraform OCI Provider: Getting Started (oracle.com)
- Hashicorp Documentation: Docs overview | hashicorp/oci | Terraform Registry
- Blog post by Lucas Jellema with the first steps: Very first steps in Oracle Cloud Infrastructure as Code with Terraform – AMIS, Data Driven Blog – Oracle & Microsoft Azure
Summary
Setup an Oracle Cloud Infrastructure with Terraform is a good way to start in the IaC – Infrastructure as Code – world. Feel free to use this code a base for your next project. What’s your next level? Mine is to integrate the code in the Oracle Cloud Resource Manager – stay tuned!