First commit

LICENSE

@@ -1,35 +1,27 @@
-Copyright (c) 2021 Oracle and/or its affiliates.
+Copyright (c) 2019 Oracle and/or its affiliates.  All rights reserved.
 
 The Universal Permissive License (UPL), Version 1.0
 
-Subject to the condition set forth below, permission is hereby granted to any
-person obtaining a copy of this software, associated documentation and/or data
-(collectively the "Software"), free of charge and under any and all copyright
-rights in the Software, and any and all patent rights owned or freely
-licensable by each licensor hereunder covering either (i) the unmodified
-Software as contributed to or provided by such licensor, or (ii) the Larger
-Works (as defined below), to deal in both
+Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this
+software, associated documentation and/or data (collectively the "Software"), free of charge and under any and
+all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor
+hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or
+(ii) the Larger Works (as defined below), to deal in both
 
 (a) the Software, and
-(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
-one is included with the Software (each a "Larger Work" to which the Software
-is contributed by such licensors),
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software
+(each a “Larger Work” to which the Software is contributed by such licensors),
 
-without restriction, including without limitation the rights to copy, create
-derivative works of, display, perform, and distribute the Software and make,
-use, sell, offer for sale, import, export, have made, and have sold the
-Software and the Larger Work(s), and to sublicense the foregoing rights on
-either these or other terms.
+without restriction, including without limitation the rights to copy, create derivative works of, display,
+perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have
+sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms.
 
 This license is subject to the following condition:
-The above copyright notice and either this complete permission notice or at
-a minimum a reference to the UPL must be included in all copies or
-substantial portions of the Software.
+The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must
+be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

README.md

@@ -1,23 +1,125 @@
-# oci-postgresql
+# terraform-oci-arch-postgresql
 
-[![License: UPL](https://img.shields.io/badge/license-UPL-green)](https://img.shields.io/badge/license-UPL-green) [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=oracle-devrel_terraform-oci-arch-postgresql)](https://sonarcloud.io/dashboard?id=oracle-devrel_terraform-oci-arch-postgresql)
+PostgreSQL is an open source object-relational database management system. It’s highly extensible, highly scalable, and has many features. PostgreSQL supports data replication across multiple data centers.
 
-## THIS IS A NEW, BLANK REPO THAT IS NOT READY FOR USE YET.  PLEASE CHECK BACK SOON!
+This reference architecture shows a typical three-node deployment of a PostgreSQL cluster on Oracle Cloud Infrastructure Compute instances. In this architecture, the servers are configured in master and standby configuration and use streaming replication.
 
-## Introduction
-MISSING
+For details of the architecture, see [_Deploy a PostgreSQL database_](https://docs.oracle.com/en/solutions/deploy-postgresql-db/index.html)
 
-## Getting Started
-MISSING
+## Prerequisites
+
+- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `route-tables`, `security-lists`, `subnets`, and `instances`.
+
+- Quota to create the following resources: 1 VCN, 1 subnet, 1 Internet Gateway, 1 route rules, and 3 compute instances (1 primary master PostgreSQL instance and 2 Standby instances of PostgreSQL).
+
+If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm).
+
+## Deploy Using Oracle Resource Manager
+
+1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-devrel/terraform-oci-arch-postgresql/releases/latest/download/terraform-oci-arch-postgresql-stack-latest.zip)
+
+    If you aren't already signed in, when prompted, enter the tenancy and user credentials.
+
+2. Review and accept the terms and conditions.
+
+3. Select the region where you want to deploy the stack.
+
+4. Follow the on-screen prompts and instructions to create the stack.
+
+5. After creating the stack, click **Terraform Actions**, and select **Plan**.
+
+6. Wait for the job to be completed, and review the plan.
+
+    To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.
+
+7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 
+
+## Deploy Using the Terraform CLI
+
+### Clone the Repository
+Now, you'll want a local copy of this repo. You can make that with the commands:
+
+    git clone https://github.com/oracle-devrel/terraform-oci-arch-postgresql
+    cd terraform-oci-arch-postgresql
+    ls
 
 ### Prerequisites
-MISSING
+First off, you'll need to do some pre-deploy setup.  That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites).
+
+Secondly, create a `terraform.tfvars` file and populate with the following information:
 
-## Notes/Issues
-MISSING
+```
+# Authentication
+tenancy_ocid         = "<tenancy_ocid>"
+user_ocid            = "<user_ocid>"
+fingerprint          = "<finger_print>"
+private_key_path     = "<pem_private_key_path>"
 
-## URLs
-* Nothing at this time
+# Region
+region = "<oci_region>"
+
+# Availablity Domain 
+availablity_domain_name = "<availablity_domain_name>" # for example GrCH:US-ASHBURN-AD-1
+
+# Compartment
+compartment_ocid        = "<compartment_ocid>"
+
+# PostgreSQL Password
+postgresql_password     = "<postgresql_password>"
+
+# PostgreSQL Version (supported versions 9.6, 10, 11, 12, 13)
+postgresql_version      = "<postgresql_version>"
+
+# Optional first HotStandby 
+postgresql_deploy_hotstandby1 = true
+postgresql_hotstandby1_ad = "<availablity_domain_name>" # for example GrCH:US-ASHBURN-AD-2
+postgresql_hotstandby1_fd = "<postgresql_hotstandby1_fd>" # for example FAULT-DOMAIN-2
+
+# Optional second HotStandby 
+postgresql_deploy_hotstandby2 = true
+postgresql_hotstandby2_ad = "<availablity_domain_name>" # for example GrCH:US-ASHBURN-AD-3
+postgresql_hotstandby2_fd = "<postgresql_hotstandby2_fd>" # for example FAULT-DOMAIN-3
+
+````
+
+### Create the Resources
+Run the following commands:
+
+    terraform init
+    terraform plan
+    terraform apply
+
+### Destroy the Deployment
+When you no longer need the deployment, you can run this command to destroy the resources:
+
+    terraform destroy
+
+## Deploy as a Module
+It's possible to utilize this repository as remote module, providing the necessary inputs:
+
+```
+module "oci-postgresql" {
+  source                        = "github.com/oracle-devrel/terraform-oci-arch-postgresql"
+  tenancy_ocid                  = "<tenancy_ocid>"
+  user_ocid                     = "<user_ocid>"
+  fingerprint                   = "<finger_print>"
+  private_key_path              = "<private_key_path>"
+  region                        = "<oci_region>"
+  availablity_domain_name       = "<availablity_domain_name>"
+  compartment_ocid              = "<compartment_ocid>"
+  use_existing_vcn              = true # You can inject your own VCN and subnet 
+  create_in_private_subnet      = true # Subnet should be associated with NATGW and proper Route Table.
+  postgresql_vcn                = oci_core_virtual_network.my_vcn.id # Injected VCN
+  postgresql_subnet             = oci_core_subnet.my_private_subnet.id # Injected Private Subnet
+  postgresql_password           = "<password>"
+  postgresql_deploy_hotstandby1 = true # if we want to setup hotstandby1
+  postgresql_deploy_hotstandby2 = true # if we want to setup hotstandby2
+}
+```
+
+## Architecture Diagram
+
+![](./images/postgre-oci.png)
 
 ## Contributing
 This project is open source.  Please submit your contributions by forking this repository and submitting a pull request!  Oracle appreciates any contributions that are made by the open source community.
@@ -28,3 +130,4 @@ Copyright (c) 2021 Oracle and/or its affiliates.
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 
 See [LICENSE](LICENSE) for more details.
+

bastion.tf

@@ -0,0 +1,94 @@
+## Copyright (c) 2021 Oracle and/or its affiliates.
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+resource "oci_bastion_bastion" "bastion-service" {
+  count                        = var.create_in_private_subnet ? 1 : 0
+  bastion_type                 = "STANDARD"
+  compartment_id               = var.compartment_ocid
+  target_subnet_id             = !var.use_existing_vcn ? oci_core_subnet.postgresql_subnet[0].id : var.postgresql_subnet
+  client_cidr_block_allow_list = ["0.0.0.0/0"]
+  defined_tags                 = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  name                         = "BastionService${random_id.tag.hex}"
+  max_session_ttl_in_seconds   = 10800
+}
+
+resource "oci_bastion_session" "ssh_postgresql_master_session" {
+  depends_on = [oci_core_instance.postgresql_master,
+    oci_core_nat_gateway.postgresql_nat,
+    #    oci_core_route_table_attachment.vcn01_subnet_app01_route_table_attachment,
+    oci_core_route_table.postgresql_rt2
+  ]
+
+  count      = var.create_in_private_subnet ? 1 : 0
+  bastion_id = oci_bastion_bastion.bastion-service[0].id
+
+  key_details {
+    public_key_content = tls_private_key.public_private_key_pair.public_key_openssh
+  }
+  target_resource_details {
+    session_type       = "MANAGED_SSH"
+    target_resource_id = oci_core_instance.postgresql_master.id
+
+    target_resource_operating_system_user_name = "opc"
+    target_resource_port                       = 22
+    target_resource_private_ip_address         = oci_core_instance.postgresql_master.private_ip
+  }
+
+  display_name           = "ssh_postgresql_master_session"
+  key_type               = "PUB"
+  session_ttl_in_seconds = 10800
+}
+
+resource "oci_bastion_session" "ssh_postgresql_hotstandby1_session" {
+  depends_on = [oci_core_instance.postgresql_master,
+    oci_core_nat_gateway.postgresql_nat,
+    #    oci_core_route_table_attachment.vcn01_subnet_app01_route_table_attachment,
+    oci_core_route_table.postgresql_rt2
+  ]
+
+  count      = (var.create_in_private_subnet && var.postgresql_deploy_hotstandby1) ? 1 : 0
+  bastion_id = oci_bastion_bastion.bastion-service[0].id
+
+  key_details {
+    public_key_content = tls_private_key.public_private_key_pair.public_key_openssh
+  }
+  target_resource_details {
+    session_type       = "MANAGED_SSH"
+    target_resource_id = oci_core_instance.postgresql_hotstandby1[count.index].id
+
+    target_resource_operating_system_user_name = "opc"
+    target_resource_port                       = 22
+    target_resource_private_ip_address         = oci_core_instance.postgresql_hotstandby1[count.index].private_ip
+  }
+
+  display_name           = "ssh_postgresql_hotstandby1_session"
+  key_type               = "PUB"
+  session_ttl_in_seconds = 10800
+}
+
+resource "oci_bastion_session" "ssh_postgresql_hotstandby2_session" {
+  depends_on = [oci_core_instance.postgresql_master,
+    oci_core_nat_gateway.postgresql_nat,
+    #    oci_core_route_table_attachment.vcn01_subnet_app01_route_table_attachment,
+    oci_core_route_table.postgresql_rt2
+  ]
+
+  count      = (var.create_in_private_subnet && var.postgresql_deploy_hotstandby2) ? 1 : 0
+  bastion_id = oci_bastion_bastion.bastion-service[0].id
+
+  key_details {
+    public_key_content = tls_private_key.public_private_key_pair.public_key_openssh
+  }
+  target_resource_details {
+    session_type       = "MANAGED_SSH"
+    target_resource_id = oci_core_instance.postgresql_hotstandby2[count.index].id
+
+    target_resource_operating_system_user_name = "opc"
+    target_resource_port                       = 22
+    target_resource_private_ip_address         = oci_core_instance.postgresql_hotstandby2[count.index].private_ip
+  }
+
+  display_name           = "ssh_postgresql_hotstandby2_session"
+  key_type               = "PUB"
+  session_ttl_in_seconds = 10800
+}

block_volume.tf

@@ -0,0 +1,90 @@
+## Copyright (c) 2021 Oracle and/or its affiliates.
+## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
+
+resource "oci_core_volume" "postgresql_master_volume" {
+  count               = var.add_iscsi_volume ? 1 : 0
+  availability_domain = var.availablity_domain_name
+  compartment_id      = var.compartment_ocid
+  display_name        = "PostgreSQL_Master_Volume"
+  size_in_gbs         = var.iscsi_volume_size_in_gbs
+  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
+
+resource "oci_core_volume_attachment" "postgresql_master_volume_attachment" {
+  count           = var.add_iscsi_volume ? 1 : 0
+  attachment_type = "iscsi"
+  instance_id     = oci_core_instance.postgresql_master.id
+  volume_id       = oci_core_volume.postgresql_master_volume[0].id
+}
+
+resource "oci_core_volume_backup" "postgresql_master_volume_backup" {
+  count        = (var.add_iscsi_volume && var.boot_volume_initial_backup) ? 1 : 0
+  volume_id    = oci_core_volume.postgresql_master_volume[0].id
+  display_name = "PostgreSQL_Master_Volume_Backup_FULL"
+  type         = "FULL"
+}
+
+resource "oci_core_volume_backup_policy_assignment" "postgresql_master_volume_backup_policy_assignment" {
+  count     = (var.add_iscsi_volume && var.block_volume_backup_policy_enabled) ? 1 : 0
+  asset_id  = oci_core_volume.postgresql_master_volume[0].id
+  policy_id = data.oci_core_volume_backup_policies.block_volume_backup_policy[count.index].volume_backup_policies[0].id
+}
+
+resource "oci_core_volume" "postgresql_hotstandby1_volume" {
+  count               = (var.postgresql_deploy_hotstandby1 && var.add_iscsi_volume && var.boot_volume_initial_backup) ? 1 : 0
+  availability_domain = var.postgresql_hotstandby1_ad == "" ? var.availablity_domain_name : var.postgresql_hotstandby1_ad
+  compartment_id      = var.compartment_ocid
+  display_name        = "PostgreSQL_HotStandby1_Volume"
+  size_in_gbs         = var.iscsi_volume_size_in_gbs
+  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
+
+resource "oci_core_volume_attachment" "postgresql_hotstandby1_volume_attachment" {
+  count           = (var.postgresql_deploy_hotstandby1 && var.add_iscsi_volume) ? 1 : 0
+  attachment_type = "iscsi"
+  instance_id     = oci_core_instance.postgresql_hotstandby1[0].id
+  volume_id       = oci_core_volume.postgresql_hotstandby1_volume[0].id
+}
+
+resource "oci_core_volume_backup" "postgresql_hotstandby1_volume_backup" {
+  count        = (var.postgresql_deploy_hotstandby1 && var.add_iscsi_volume && var.boot_volume_initial_backup) ? 1 : 0
+  volume_id    = oci_core_volume.postgresql_hotstandby1_volume[0].id
+  display_name = "PostgreSQL_HotStandby1_Volume_Backup_FULL"
+  type         = "FULL"
+}
+
+resource "oci_core_volume_backup_policy_assignment" "postgresql_hotstandby1_volume_backup_policy_assignment" {
+  count     = (var.postgresql_deploy_hotstandby1 && var.add_iscsi_volume && var.block_volume_backup_policy_enabled) ? 1 : 0
+  asset_id  = oci_core_volume.postgresql_hotstandby1_volume[0].id
+  policy_id = data.oci_core_volume_backup_policies.block_volume_backup_policy[count.index].volume_backup_policies[0].id
+}
+
+resource "oci_core_volume" "postgresql_hotstandby2_volume" {
+  count               = (var.postgresql_deploy_hotstandby2 && var.add_iscsi_volume) ? 1 : 0
+  availability_domain = var.postgresql_hotstandby2_ad == "" ? var.availablity_domain_name : var.postgresql_hotstandby2_ad
+  compartment_id      = var.compartment_ocid
+  display_name        = "PostgreSQL_HotStandby2_Volume"
+  size_in_gbs         = var.iscsi_volume_size_in_gbs
+  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+}
+
+resource "oci_core_volume_attachment" "postgresql_hotstandby2_volume_attachment" {
+  count           = (var.postgresql_deploy_hotstandby2 && var.add_iscsi_volume) ? 1 : 0
+  attachment_type = "iscsi"
+  instance_id     = oci_core_instance.postgresql_hotstandby2[0].id
+  volume_id       = oci_core_volume.postgresql_hotstandby2_volume[0].id
+}
+
+resource "oci_core_volume_backup" "postgresql_hotstandby2_volume_backup" {
+  count        = (var.postgresql_deploy_hotstandby2 && var.add_iscsi_volume && var.boot_volume_initial_backup) ? 1 : 0
+  volume_id    = oci_core_volume.postgresql_hotstandby2_volume[0].id
+  display_name = "PostgreSQL_HotStandby2_Volume_Backup_FULL"
+  type         = "FULL"
+}
+
+resource "oci_core_volume_backup_policy_assignment" "postgresql_hotstandby2_volume_backup_policy_assignment" {
+  count     = (var.postgresql_deploy_hotstandby2 && var.add_iscsi_volume && var.block_volume_backup_policy_enabled) ? 1 : 0
+  asset_id  = oci_core_volume.postgresql_hotstandby2_volume[0].id
+  policy_id = data.oci_core_volume_backup_policies.block_volume_backup_policy[count.index].volume_backup_policies[0].id
+}
+