Two Tier Grabdish

grabdish/config/db/common/apply/order-object-scripts.sql

@@ -169,4 +169,4 @@ EXCEPTION
 
 END;
 /
-show errors
+show errors

grabdish/docs/Provisioning.md

@@ -9,7 +9,7 @@ The code that provisions the Grabdish application is located in the grabdish/con
 ## Prerequisites
 
 The following are required before provisioning Grabdish:
-1. Kubernetes cluster with kuebctl configured
+1. Kubernetes cluster with kubectl configured
 2. One or two databases
 3. An OCI object store bucket (ATP 2DB only)
 4. get_secret bash function (available in infra/vault/folder)

workshops/dcms-db/config/apply.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+# Copyright (c) 2021 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+
+# Fail on error
+set -eu
+
+if ! provisioning-helper-pre-apply; then
+  exit 1
+fi
+
+QUEUE_TYPE=$(state_get QUEUE_TYPE)
+OCI_REGION="$(state_get OCI_REGION)"
+
+# Generate the ssh keys
+if ! test -d $MY_STATE/ssh; then
+  mkdir -p $MY_STATE/ssh
+  ssh-keygen -t rsa -N "" -b 2048 -C "db" -f $MY_STATE/ssh/dcmsdb
+  state_set SSH_PUBLIC_KEY_FILE $"$MY_STATE/ssh/dcmsdb.pub"
+  state_set SSH_PRIVATE_KEY_FILE "$MY_STATE/ssh/dcmsdb"
+fi
+
+# Copy terraform to my state
+if ! test -d $MY_STATE/terraform; then
+  rm -rf $MY_STATE/terraform
+  cp -r $MSDD_WORKSHOP_CODE/$DCMS_WORKSHOP/config/terraform $MY_STATE
+fi
+
+# Start the provisioning apply
+cd $MY_STATE/terraform
+source terraform-env.sh
+
+if ! terraform init; then
+    echo 'ERROR: terraform init failed!'
+    exit 1
+fi
+
+if ! terraform apply -auto-approve; then
+    echo 'ERROR: terraform apply failed!'
+    exit 1
+fi
+
+# Get the load balancer public IP
+state_set LB_ADDRESS `terraform output -raw lb_address`
+
+# Get the ORDS instance public IP
+state_set ORDS_ADDRESS `terraform output -raw ords_address`
+
+# Get the ORDS instance public IP
+state_set DB_OCID `terraform output -raw db_ocid`
+
+state_set TNS_ADMIN_ZIP_FILE $MY_STATE/terraform/uploads/adb_wallet.zip
+TNS_ADMIN=$MY_STATE/tns_admin
+mkdir -p $TNS_ADMIN
+unzip $(state_get TNS_ADMIN_ZIP_FILE) -d $TNS_ADMIN
+cat >$TNS_ADMIN/sqlnet.ora <<- !
+	WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="$TNS_ADMIN")))
+	SSL_SERVER_DN_MATCH=yes
+!
+
+state_set TNS_ADMIN $TNS_ADMIN
+
+# Write the output
+cat >$OUTPUT_FILE <<!
+export LB_ADDRESS='$(state_get LB_ADDRESS)'
+export ORDS_ADDRESS='$(state_get ORDS_ADDRESS)'
+export TNS_ADMIN='$(state_get TNS_ADMIN)'
+!

workshops/dcms-db/config/destroy.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright (c) 2021 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Fail on error
+set -e
+
+
+if ! provisioning-helper-pre-destroy; then
+  exit 1
+fi
+
+cd $MY_STATE/terraform
+
+# Workaround for issue where terraform fails in OCI cloud shell after a few days
+rm -rf .terraform
+rm -f .terraform.lock.hcl
+
+# Start the provisioning destroy
+source terraform-env.sh
+
+if ! terraform init; then
+    echo 'ERROR: terraform init failed!'
+    exit 1
+fi
+
+if ! terraform destroy -auto-approve; then
+    echo 'ERROR: terraform apply failed!'
+    exit 1
+fi
+
+rm -f $STATE_FILE

workshops/dcms-db/config/requirements.env

@@ -0,0 +1,7 @@
+#!/bin/bash
+# Copyright (c) 2021 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+REQ_UTILS="touch rm mkdir"
+REQ_INPUT_PARAMS=""
+REQ_OUTPUT_PARAMS="LB_ADDRESS ORDS_ADDRESS TNS_ADMIN"

workshops/dcms-db/config/terraform/availability_domain.tf

@@ -0,0 +1,23 @@
+# Copyright © 2020, Oracle and/or its affiliates. 
+# All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+data "oci_identity_availability_domains" "availability_domains" {
+  compartment_id = var.tenancy_ocid
+}
+
+// If this is ALF, need to determine which AD can create CI's in
+data "oci_limits_limit_values" "limits_limit_values" {
+  compartment_id = var.tenancy_ocid
+  service_name   = "compute"
+  scope_type     = "AD"
+  name           = "vm-standard-e2-1-micro-count"
+  filter {
+    name   = "value"
+    values = ["2"]
+  }    
+}
+
+// If we have a value from limits, use that as ALF, otherwise use AD-1
+locals {
+  availability_domain = length(data.oci_limits_limit_values.limits_limit_values.limit_values.*.availability_domain) != 0 ? data.oci_limits_limit_values.limits_limit_values.limit_values[0].availability_domain : data.oci_identity_availability_domains.availability_domains.availability_domains[0]["name"]
+}

workshops/dcms-db/config/terraform/core_instance.tf

@@ -0,0 +1,57 @@
+# Copyright © 2020, Oracle and/or its affiliates.
+# All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+// Get the latest Oracle Linux image
+data "oci_core_images" "images" {
+  compartment_id           = var.compartment_ocid
+  operating_system         = var.compute_os
+  operating_system_version = var.linux_os_version
+  shape                    = local.compute_shape
+
+  filter {
+    name   = "display_name"
+    values = ["^.*Oracle[^G]*$"]
+    regex  = true
+  }
+}
+
+resource "oci_core_instance" "instance" {
+  compartment_id      = var.compartment_ocid
+  display_name        = format("%s-ords-core", var.proj_abrv)
+  availability_domain = local.availability_domain
+  shape               = local.compute_shape
+  dynamic "shape_config" {
+    for_each = local.is_flexible_shape ? [1] : []
+    content {
+      baseline_ocpu_utilization = "BASELINE_1_2"
+      ocpus                     = var.compute_flex_shape_ocpus[var.size]
+      // Memory OCPU * 16GB
+      memory_in_gbs             = var.compute_flex_shape_ocpus[var.size] * 16
+    }
+  }
+  source_details {
+    source_type = "image"
+    source_id   = data.oci_core_images.images.images[0].id
+  }
+  agent_config {
+    are_all_plugins_disabled = false
+    is_management_disabled   = false
+    is_monitoring_disabled   = false
+    plugins_config  {
+      desired_state = "ENABLED"
+      name          = "Bastion"
+    }
+  }
+  // If this is ALF, we can't place in the private subnet as need access to the cloud agent/packages
+  create_vnic_details {
+    subnet_id        = local.is_always_free ? oci_core_subnet.subnet_public.id: oci_core_subnet.subnet_private[0].id
+    assign_public_ip = local.is_always_free
+    nsg_ids          = [oci_core_network_security_group.security_group_ssh.id, oci_core_network_security_group.security_group_ords.id]
+  }
+  metadata = {
+    ssh_authorized_keys = file(var.ssh_public_key_file)
+  }
+  lifecycle {
+    ignore_changes = all
+  }
+}

workshops/dcms-db/config/terraform/core_nsg.tf

@@ -0,0 +1,146 @@
+# Copyright © 2020, Oracle and/or its affiliates.
+# All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+#####################################################################
+## Always Free + Paid Resources
+#####################################################################
+// Security Group for SSH
+resource "oci_core_network_security_group" "security_group_ssh" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = format("%s-security-group-ssh", var.proj_abrv)
+}
+// Security Group for SSH - EGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_ssh_egress" {
+  network_security_group_id = oci_core_network_security_group.security_group_ssh.id
+  direction                 = "EGRESS"
+  protocol                  = "6"
+  destination               = "0.0.0.0/0"
+  destination_type          = "CIDR_BLOCK"
+}
+// Security Group for SSH - INGRES
+resource "oci_core_network_security_group_security_rule" "security_group_ssh_ingress_TCP22" {
+  network_security_group_id = oci_core_network_security_group.security_group_ssh.id
+  direction                 = "INGRESS"
+  protocol                  = "6"
+  source                    = "0.0.0.0/0"
+  source_type               = "CIDR_BLOCK"
+  tcp_options {
+    destination_port_range {
+      max = 22
+      min = 22
+    }
+  }
+}
+
+// Security Group for Load Balancer (lb)
+resource "oci_core_network_security_group" "security_group_lb" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = format("%s-security-group-lb", var.proj_abrv)
+}
+// Security Group for Load Balancer (lb) - EGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_lb_egress" {
+  network_security_group_id = oci_core_network_security_group.security_group_lb.id
+  direction                 = "EGRESS"
+  protocol                  = "6"
+  destination               = "0.0.0.0/0"
+  destination_type          = "CIDR_BLOCK"
+}
+// Security Group for Load Balancer (lb) - INGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_lb_inress_TCP80" {
+  network_security_group_id = oci_core_network_security_group.security_group_lb.id
+  direction                 = "INGRESS"
+  protocol                  = "6"
+  source                    = "0.0.0.0/0"
+  source_type               = "CIDR_BLOCK"
+  tcp_options {
+    destination_port_range {
+      max = 80
+      min = 80
+    }
+  }
+}
+resource  "oci_core_network_security_group_security_rule" "security_group_lb_inress_TCP443" {
+  network_security_group_id = oci_core_network_security_group.security_group_lb.id
+  direction                 = "INGRESS"
+  protocol                  = "6"
+  source                    = "0.0.0.0/0"
+  source_type               = "CIDR_BLOCK"
+  tcp_options {
+    destination_port_range {
+      max = 443
+      min = 443
+    }
+  }
+}
+
+// Security Group for ORDS
+resource "oci_core_network_security_group" "security_group_ords" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = format("%s-security-group-ords", var.proj_abrv)
+}
+// Security Group for ORDS - EGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_ords_egress_grp" {
+  network_security_group_id = oci_core_network_security_group.security_group_ords.id
+  direction                 = "EGRESS"
+  protocol                  = "6"
+  destination               = oci_core_network_security_group.security_group_ords.id
+  destination_type          = "NETWORK_SECURITY_GROUP"
+}
+resource "oci_core_network_security_group_security_rule" "security_group_ords_egress" {
+  network_security_group_id = oci_core_network_security_group.security_group_ords.id
+  direction                 = "EGRESS"
+  protocol                  = "6"
+  destination               = "0.0.0.0/0"
+  destination_type          = "CIDR_BLOCK"
+}
+// Security Group for ORDS - INGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_ords_ingress_TCP8080" {
+  network_security_group_id = oci_core_network_security_group.security_group_ords.id
+  direction                 = "INGRESS"
+  protocol                  = "6"
+  source                    = var.public_subnet_cidr
+  source_type               = "CIDR_BLOCK"
+  tcp_options {
+    destination_port_range {
+      max = 8080
+      min = 8080
+    }
+  }
+}
+
+#####################################################################
+## Paid Resources
+#####################################################################
+resource "oci_core_network_security_group" "security_group_adb" {
+  count          = local.is_always_free ? 0 : 1
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = format("%s-security-group-adb", var.proj_abrv)
+}
+// Security Group for ADB - EGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_adb_egress" {
+  count                     = local.is_always_free ? 0 : 1
+  network_security_group_id = oci_core_network_security_group.security_group_adb[0].id
+  direction                 = "EGRESS"
+  protocol                  = "6"
+  destination               = var.private_subnet_cidr
+  destination_type          = "CIDR_BLOCK"
+}
+// Security Group for ADB - INGRESS
+resource "oci_core_network_security_group_security_rule" "security_group_adb_ingress_TCP1522" {
+  count                     = local.is_always_free ? 0 : 1
+  network_security_group_id = oci_core_network_security_group.security_group_adb[0].id
+  direction                 = "INGRESS"
+  protocol                  = "6"
+  source                    = var.private_subnet_cidr
+  source_type               = "CIDR_BLOCK"
+  tcp_options {
+    destination_port_range {
+      max = 1522
+      min = 1522
+    }
+  }
+}