oracle-devrel · lfeldman · Nov 19, 2021 · Nov 8, 2021 · Nov 19, 2021 · Nov 19, 2021
diff --git a/provider.tf b/provider.tf
@@ -2,11 +2,11 @@
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
 terraform {
-  required_version = ">= 0.14"
+  required_version = ">= 0.1"
   required_providers {
     oci = {
       source  = "hashicorp/oci"
-      version = "4.34.0"
+      version = ">= 4.34.0"
     }
   }
 }

diff --git a/remote.tf b/remote.tf
@@ -8,6 +8,7 @@ data "template_file" "postgresql_install_binaries_sh" {
     pg_password       = var.postgresql_password
     pg_version_no_dot = replace(var.postgresql_version, ".", "")
     pg_version        = var.postgresql_version
+    pg_whitelisted_ip = var.pg_whitelisted_ip
   }
 }
 
@@ -44,6 +45,7 @@ data "template_file" "postgresql_master_setup_sh" {
     pg_replicat_username = var.postgresql_replicat_username
     node_subnet_cidr     = var.postgresql_subnet_cidr
     add_iscsi_volume     = var.add_iscsi_volume
+    pg_whitelisted_ip    = var.pg_whitelisted_ip
   }
 }
 

diff --git a/schema.yaml b/schema.yaml
@@ -34,6 +34,7 @@
           and:
             - show_advanced
       variables:
+      - pg_whitelisted_ip 
       - postgresql_vcn_cidr
       - postgresql_subnet_cidr
       - create_drg_for_private_subnet
@@ -99,6 +100,16 @@
         visible: true
         default: false
 
+      pg_whitelisted_ip: 
+        type: string
+        visible: 
+          not:
+            - create_in_private_subnet
+        required: false
+        title: "Whitelisted IP"
+        description: "Choose whitelisted IP in a public scenario (for example, 89.64.91.8). It will give you the ability to access the database from your laptop and PGAdmin tool."
+        default: ""
+
       postgresql_deploy_hotstandby1:
         type: boolean
         title: "Deploy first PostgreSQL HotStandby?"

diff --git a/scripts/postgresql_install_binaries.sh b/scripts/postgresql_install_binaries.sh
@@ -17,6 +17,15 @@ sudo yum-config-manager --enable ol7_developer_EPEL
 sudo yum install -y llvm5.0-devel
 sudo yum install -y postgresql${pg_version_no_dot}-devel
 
+# Setting firewall rules
+export pg_whitelisted_ip='${pg_whitelisted_ip}'
+if [[ $pg_whitelisted_ip != "" ]]; then 
+   sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-source=${pg_whitelisted_ip}/32"
+fi
+sudo -u root bash -c "firewall-cmd --permanent --zone=trusted --add-port=5432/tcp"
+sudo -u root bash -c "firewall-cmd --reload"
+
+
 echo '#####################################'
 echo 'PostgreSQL Install Binaries finished.'
 echo '#####################################'
diff --git a/scripts/postgresql_master_setup.sh b/scripts/postgresql_master_setup.sh
@@ -18,6 +18,7 @@ sudo -u root bash -c "firewall-cmd --reload"
 # Create replication user
 chown postgres /tmp/postgresql_master_setup.sql
 sudo -u postgres bash -c "psql -d template1 -f /tmp/postgresql_master_setup.sql"
+sudo -u postgres bash -c "psql -U postgres -d postgres -c \"alter user postgres with password '${pg_password}';\""
 
 if [[ $add_iscsi_volume == "true" ]]; then 
 	# Update the content of postgresql.conf to support WAL
@@ -40,6 +41,10 @@ if [[ $add_iscsi_volume == "true" ]]; then
     sudo -u root bash -c "echo 'host all all ${pg_hotstandby_ip}/32 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
     sudo -u root bash -c "echo 'host all all ${pg_master_ip}/32 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
     sudo -u root bash -c "echo 'host all all ${node_subnet_cidr} md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
+    export pg_whitelisted_ip='${pg_whitelisted_ip}'
+	if [[ $pg_whitelisted_ip != "" ]]; then 
+    	sudo -u root bash -c "echo 'host all all ${pg_whitelisted_ip}/0 md5' | sudo tee -a /data/pgsql/pg_hba.conf" 
+    fi
     sudo -u root bash -c "chown postgres /data/pgsql/pg_hba.conf" 
 else
 	# Update the content of postgresql.conf to support WAL
@@ -62,6 +67,10 @@ else
 	sudo -u root bash -c "echo 'host all all ${pg_hotstandby_ip}/32 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 	sudo -u root bash -c "echo 'host all all ${pg_master_ip}/32 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 	sudo -u root bash -c "echo 'host all all ${node_subnet_cidr} md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
+	export pg_whitelisted_ip='${pg_whitelisted_ip}'
+	if [[ $pg_whitelisted_ip != "" ]]; then 
+    	sudo -u root bash -c "echo 'host all all ${pg_whitelisted_ip}/0 md5' | sudo tee -a /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
+    fi
 	sudo -u root bash -c "chown postgres /var/lib/pgsql/${pg_version}/data/pg_hba.conf" 
 fi 
 

diff --git a/tags.tf b/tags.tf
@@ -25,7 +25,7 @@ resource "oci_identity_tag" "ArchitectureCenterTag" {
 
   validator {
     validator_type = "ENUM"
-    values         = ["release", "1.4"]
+    values         = ["release", "1.4.1"]
   }
 
   provisioner "local-exec" {

diff --git a/variables.tf b/variables.tf
@@ -13,6 +13,11 @@ variable "use_existing_vcn" {
   default = false
 }
 
+variable "pg_whitelisted_ip" {
+  description = "Should be Public host IP Address like 89.64.91.8"
+  default     = ""
+}
+
 variable "postgresql_vcn" {
   default = ""
 }
@@ -30,12 +35,12 @@ variable "create_in_private_subnet" {
 }
 
 variable "create_drg_for_private_subnet" {
-  default = true
+  default = false
 }
 
 variable "release" {
   description = "Reference Architecture Release (OCI Architecture Center)"
-  default     = "1.4"
+  default     = "1.4.1"
 }
 
 variable "ssh_public_key" {