├── .gitignore ├── LICENSE ├── README.md ├── cluster ├── README.md ├── multi-ad │ ├── README.md │ ├── blockvolumes.tf │ ├── compute.tf │ ├── datasources.tf │ ├── images │ │ └── Elasticsearch_deployment_architecture_Capture.PNG │ ├── lbaas.tf │ ├── network.tf │ ├── outputs.tf │ ├── provider.tf │ ├── remote.tf │ ├── schema.yaml │ ├── scripts │ │ ├── BastionBootStrap.sh │ │ ├── ESBootStrap.sh │ │ └── sshkey.tpl │ ├── tags.tf │ ├── tls.tf │ ├── variables.tf │ └── versions.tf └── single-ad │ ├── README.md │ ├── blockvolumes.tf │ ├── compute.tf │ ├── datasources.tf │ ├── images │ └── elk-oci-single-ad.png │ ├── lbaas.tf │ ├── network.tf │ ├── outputs.tf │ ├── provider.tf │ ├── remote.tf │ ├── schema.yaml │ ├── scripts │ ├── BastionBootStrap.sh │ ├── ESBootStrap.sh │ └── sshkey.tpl │ ├── tags.tf │ ├── tls.tf │ ├── variables.tf │ └── versions.tf ├── images ├── cluster │ └── Elasticsearch_deployment_architecture_Capture.PNG └── simple │ ├── console.png │ ├── elasticsearch.png │ ├── git-clone.png │ ├── kibana.png │ ├── terraform-apply.png │ ├── terraform-console.png │ ├── terraform-destroy.png │ ├── terraform-init.png │ └── terraform-plan.png └── simple ├── README.md ├── compute.tf ├── datasources.tf ├── network.tf ├── outputs.tf ├── provider.tf ├── schema.yaml ├── scripts └── elk.sh ├── security_lists.tf ├── tags.tf ├── tls.tf ├── variables.tf └── versions.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # .tfvars files 9 | *.tfvars 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2018-2019 Elastic 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # oci-elastic 2 | 3 | ## This repository has moved to [Oracle DevRel](https://www.github.com/oracle-devrel/terraform-oci-arch-elastic) 4 | -------------------------------------------------------------------------------- /cluster/README.md: -------------------------------------------------------------------------------- 1 | These are Terraform modules that deploy [Elastic](https://www.elastic.co/products/) on [Oracle Cloud Infrastructure (OCI)](https://cloud.oracle.com/en_US/cloud-infrastructure). They are developed jointly by Oracle and Elastic. 2 | 3 | * [multi-ad](multi-ad) deploys a highly available cluster across avaiability domains with Elasticsearch and Kibana 4 | * [single-ad](single-ad) deploys a highly available cluster across fault domains with Elasticsearch and Kibana -------------------------------------------------------------------------------- /cluster/multi-ad/README.md: -------------------------------------------------------------------------------- 1 | # oci-elastic (cluster/multi-ad) 2 | 3 | This reference architecture shows a cluster (multi-ad) deployment of Elasticsearch and Kibana in Oracle Cloud Infrastructure. 4 | 5 | ## Prerequisites 6 | 7 | - Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `load-balancers`, `route-tables`, `security-lists`, `subnets`, and `instances`. 8 | 9 | - Quota to create the following resources: 1 VCN, 3 subnets, 1 Internet Gateway, 1 NAT Gateway, 2 route rules, and 7 compute instances (bastion host, 3 ElasticSearch Master nodes, 4 ElasticSearch Data nodes). 10 | 11 | If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). 12 | 13 | ## Deploy Using Oracle Resource Manager 14 | 15 | 1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-quickstart/oci-elastic/releases/latest/download/oci-elastic-multi-ad-stack-latest.zip) 16 | 17 | If you aren't already signed in, when prompted, enter the tenancy and user credentials. 18 | 19 | 2. Review and accept the terms and conditions. 20 | 21 | 3. Select the region where you want to deploy the stack. 22 | 23 | 4. Follow the on-screen prompts and instructions to create the stack. 24 | 25 | 5. After creating the stack, click **Terraform Actions**, and select **Plan**. 26 | 27 | 6. Wait for the job to be completed, and review the plan. 28 | 29 | To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. 30 | 31 | 7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 32 | 33 | ## Deploy Using the Terraform CLI 34 | 35 | ### Clone of the repo 36 | Now, you'll want a local copy of this repo. You can make that with the commands: 37 | 38 | git clone https://github.com/oracle-quickstart/oci-elastic.git 39 | cd oci-elastic/cluster/multi-ad 40 | ls 41 | 42 | ### Prerequisites 43 | First off, you'll need to do some pre-deploy setup. That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites). 44 | 45 | Secondly, create a `terraform.tfvars` file and populate with the following information: 46 | 47 | ``` 48 | # Authentication 49 | tenancy_ocid = "" 50 | user_ocid = "" 51 | fingerprint = "" 52 | private_key_path = "" 53 | 54 | # Region 55 | region = "" 56 | 57 | # Compartment 58 | compartment_ocid = "" 59 | 60 | ```` 61 | 62 | ### Create the Resources 63 | Run the following commands: 64 | 65 | terraform init 66 | terraform plan 67 | terraform apply 68 | 69 | ### Destroy the Deployment 70 | When you no longer need the deployment, you can run this command to destroy the resources: 71 | 72 | terraform destroy 73 | 74 | ## Architecture Diagram 75 | 76 | ![](./images/Elasticsearch_deployment_architecture_Capture.PNG) 77 | -------------------------------------------------------------------------------- /cluster/multi-ad/blockvolumes.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_core_volume" "ESData1Vol1" { 5 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 6 | compartment_id = var.compartment_ocid 7 | size_in_gbs = var.DataVolSize 8 | display_name = "ESData1Vol1" 9 | } 10 | 11 | resource "oci_core_volume" "ESData2Vol2" { 12 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 13 | compartment_id = var.compartment_ocid 14 | size_in_gbs = var.DataVolSize 15 | display_name = "ESData2Vol2" 16 | } 17 | 18 | resource "oci_core_volume" "ESData3Vol3" { 19 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 20 | compartment_id = var.compartment_ocid 21 | size_in_gbs = var.DataVolSize 22 | display_name = "ESData3Vol3" 23 | } 24 | 25 | resource "oci_core_volume" "ESData4Vol4" { 26 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 27 | compartment_id = var.compartment_ocid 28 | size_in_gbs = var.DataVolSize 29 | display_name = "ESData4Vol4" 30 | } 31 | 32 | resource "oci_core_volume_attachment" "Attach_ESData1Vol1" { 33 | attachment_type = var.volume_attachment_attachment_type 34 | instance_id = oci_core_instance.ESDataNode1.id 35 | volume_id = oci_core_volume.ESData1Vol1.id 36 | } 37 | 38 | resource "oci_core_volume_attachment" "Attach_ESData2Vol2" { 39 | attachment_type = var.volume_attachment_attachment_type 40 | instance_id = oci_core_instance.ESDataNode2.id 41 | volume_id = oci_core_volume.ESData2Vol2.id 42 | } 43 | 44 | resource "oci_core_volume_attachment" "Attach_ESData3Vol3" { 45 | attachment_type = var.volume_attachment_attachment_type 46 | instance_id = oci_core_instance.ESDataNode3.id 47 | volume_id = oci_core_volume.ESData3Vol3.id 48 | } 49 | 50 | resource "oci_core_volume_attachment" "Attach_ESData4Vol4" { 51 | attachment_type = var.volume_attachment_attachment_type 52 | instance_id = oci_core_instance.ESDataNode4.id 53 | volume_id = oci_core_volume.ESData4Vol4.id 54 | } 55 | 56 | -------------------------------------------------------------------------------- /cluster/multi-ad/compute.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_core_instance" "BastionHost" { 5 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 6 | compartment_id = var.compartment_ocid 7 | display_name = "BastionHost" 8 | shape = var.BastionShape 9 | 10 | dynamic "shape_config" { 11 | for_each = local.is_flexible_bastion_shape ? [1] : [] 12 | content { 13 | memory_in_gbs = var.Bastion_Flex_Shape_Memory 14 | ocpus = var.Bastion_Flex_Shape_OCPUS 15 | } 16 | } 17 | 18 | create_vnic_details { 19 | subnet_id = oci_core_subnet.BastionSubnetAD1.id 20 | skip_source_dest_check = true 21 | } 22 | 23 | metadata = { 24 | ssh_authorized_keys = var.ssh_public_key 25 | user_data = data.template_cloudinit_config.cloud_init_bastion.rendered 26 | } 27 | 28 | source_details { 29 | source_id = lookup(data.oci_core_images.InstanceImageOCID_Bastion.images[0], "id") 30 | source_type = "image" 31 | } 32 | 33 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 34 | 35 | timeouts { 36 | create = var.create_timeout 37 | } 38 | } 39 | 40 | resource "oci_core_instance" "ESMasterNode1" { 41 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 42 | compartment_id = var.compartment_ocid 43 | display_name = "ESMasterNode1" 44 | shape = var.MasterNodeShape 45 | 46 | dynamic "shape_config" { 47 | for_each = local.is_flexible_masternode_shape ? [1] : [] 48 | content { 49 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 50 | ocpus = var.MasterNode_Flex_Shape_OCPUS 51 | } 52 | } 53 | 54 | depends_on = [oci_core_instance.BastionHost] 55 | 56 | create_vnic_details { 57 | subnet_id = oci_core_subnet.PrivSubnetAD1.id 58 | assign_public_ip = false 59 | } 60 | 61 | metadata = { 62 | ssh_authorized_keys = var.ssh_public_key 63 | user_data = data.template_cloudinit_config.cloud_init.rendered 64 | } 65 | 66 | source_details { 67 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 68 | source_type = "image" 69 | boot_volume_size_in_gbs = var.BootVolSize 70 | } 71 | 72 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 73 | 74 | timeouts { 75 | create = var.create_timeout 76 | } 77 | } 78 | 79 | resource "oci_core_instance" "ESMasterNode2" { 80 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 81 | compartment_id = var.compartment_ocid 82 | display_name = "ESMasterNode2" 83 | shape = var.MasterNodeShape 84 | 85 | dynamic "shape_config" { 86 | for_each = local.is_flexible_masternode_shape ? [1] : [] 87 | content { 88 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 89 | ocpus = var.MasterNode_Flex_Shape_OCPUS 90 | } 91 | } 92 | 93 | depends_on = [oci_core_instance.BastionHost] 94 | 95 | create_vnic_details { 96 | subnet_id = oci_core_subnet.PrivSubnetAD2.id 97 | assign_public_ip = false 98 | } 99 | 100 | metadata = { 101 | ssh_authorized_keys = var.ssh_public_key 102 | user_data = data.template_cloudinit_config.cloud_init.rendered 103 | } 104 | 105 | source_details { 106 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 107 | source_type = "image" 108 | boot_volume_size_in_gbs = var.BootVolSize 109 | } 110 | 111 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 112 | 113 | timeouts { 114 | create = var.create_timeout 115 | } 116 | } 117 | 118 | resource "oci_core_instance" "ESMasterNode3" { 119 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[2]["name"] 120 | compartment_id = var.compartment_ocid 121 | display_name = "ESMasterNode3" 122 | shape = var.MasterNodeShape 123 | 124 | dynamic "shape_config" { 125 | for_each = local.is_flexible_masternode_shape ? [1] : [] 126 | content { 127 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 128 | ocpus = var.MasterNode_Flex_Shape_OCPUS 129 | } 130 | } 131 | 132 | depends_on = [oci_core_instance.BastionHost] 133 | 134 | create_vnic_details { 135 | subnet_id = oci_core_subnet.PrivSubnetAD3.id 136 | assign_public_ip = false 137 | } 138 | 139 | metadata = { 140 | ssh_authorized_keys = var.ssh_public_key 141 | user_data = data.template_cloudinit_config.cloud_init.rendered 142 | } 143 | 144 | source_details { 145 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 146 | source_type = "image" 147 | boot_volume_size_in_gbs = var.BootVolSize 148 | } 149 | 150 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 151 | 152 | timeouts { 153 | create = var.create_timeout 154 | } 155 | } 156 | 157 | resource "oci_core_instance" "ESDataNode1" { 158 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 159 | compartment_id = var.compartment_ocid 160 | display_name = "ESDataNode1" 161 | shape = var.DataNodeShape 162 | 163 | dynamic "shape_config" { 164 | for_each = local.is_flexible_datanode_shape ? [1] : [] 165 | content { 166 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 167 | ocpus = var.DataNode_Flex_Shape_OCPUS 168 | } 169 | } 170 | 171 | depends_on = [oci_core_instance.BastionHost] 172 | 173 | create_vnic_details { 174 | subnet_id = oci_core_subnet.PrivSubnetAD1.id 175 | assign_public_ip = false 176 | } 177 | 178 | metadata = { 179 | ssh_authorized_keys = var.ssh_public_key 180 | user_data = data.template_cloudinit_config.cloud_init.rendered 181 | } 182 | 183 | source_details { 184 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 185 | source_type = "image" 186 | boot_volume_size_in_gbs = var.BootVolSize 187 | } 188 | 189 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 190 | 191 | timeouts { 192 | create = var.create_timeout 193 | } 194 | } 195 | 196 | resource "oci_core_instance" "ESDataNode2" { 197 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 198 | compartment_id = var.compartment_ocid 199 | display_name = "ESDataNode2" 200 | shape = var.DataNodeShape 201 | 202 | dynamic "shape_config" { 203 | for_each = local.is_flexible_datanode_shape ? [1] : [] 204 | content { 205 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 206 | ocpus = var.DataNode_Flex_Shape_OCPUS 207 | } 208 | } 209 | 210 | depends_on = [oci_core_instance.BastionHost] 211 | 212 | create_vnic_details { 213 | subnet_id = oci_core_subnet.PrivSubnetAD1.id 214 | assign_public_ip = false 215 | } 216 | 217 | metadata = { 218 | ssh_authorized_keys = var.ssh_public_key 219 | user_data = data.template_cloudinit_config.cloud_init.rendered 220 | } 221 | 222 | source_details { 223 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 224 | source_type = "image" 225 | boot_volume_size_in_gbs = var.BootVolSize 226 | } 227 | 228 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 229 | 230 | timeouts { 231 | create = var.create_timeout 232 | } 233 | } 234 | 235 | resource "oci_core_instance" "ESDataNode3" { 236 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 237 | compartment_id = var.compartment_ocid 238 | display_name = "ESDataNode3" 239 | shape = var.DataNodeShape 240 | 241 | dynamic "shape_config" { 242 | for_each = local.is_flexible_datanode_shape ? [1] : [] 243 | content { 244 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 245 | ocpus = var.DataNode_Flex_Shape_OCPUS 246 | } 247 | } 248 | 249 | depends_on = [oci_core_instance.BastionHost] 250 | 251 | create_vnic_details { 252 | subnet_id = oci_core_subnet.PrivSubnetAD2.id 253 | assign_public_ip = false 254 | } 255 | 256 | metadata = { 257 | ssh_authorized_keys = var.ssh_public_key 258 | user_data = data.template_cloudinit_config.cloud_init.rendered 259 | } 260 | 261 | source_details { 262 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 263 | source_type = "image" 264 | boot_volume_size_in_gbs = var.BootVolSize 265 | } 266 | 267 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 268 | 269 | timeouts { 270 | create = var.create_timeout 271 | } 272 | } 273 | 274 | resource "oci_core_instance" "ESDataNode4" { 275 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 276 | compartment_id = var.compartment_ocid 277 | display_name = "ESDataNode4" 278 | shape = var.DataNodeShape 279 | 280 | dynamic "shape_config" { 281 | for_each = local.is_flexible_datanode_shape ? [1] : [] 282 | content { 283 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 284 | ocpus = var.DataNode_Flex_Shape_OCPUS 285 | } 286 | } 287 | 288 | depends_on = [oci_core_instance.BastionHost] 289 | 290 | create_vnic_details { 291 | subnet_id = oci_core_subnet.PrivSubnetAD2.id 292 | assign_public_ip = false 293 | } 294 | 295 | metadata = { 296 | ssh_authorized_keys = var.ssh_public_key 297 | user_data = data.template_cloudinit_config.cloud_init.rendered 298 | } 299 | 300 | source_details { 301 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 302 | source_type = "image" 303 | boot_volume_size_in_gbs = var.BootVolSize 304 | } 305 | 306 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 307 | 308 | timeouts { 309 | create = var.create_timeout 310 | } 311 | } 312 | 313 | 314 | -------------------------------------------------------------------------------- /cluster/multi-ad/datasources.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | # Gets a list of Availability Domains 5 | data "oci_identity_availability_domains" "ADs" { 6 | compartment_id = var.tenancy_ocid 7 | } 8 | 9 | # Gets a list of vNIC attachments on the bastion host 10 | data "oci_core_vnic_attachments" "BastionVnics" { 11 | compartment_id = var.compartment_ocid 12 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 13 | instance_id = oci_core_instance.BastionHost.id 14 | } 15 | 16 | # Gets the OCID of the first vNIC on the bastion host 17 | data "oci_core_vnic" "BastionVnic" { 18 | vnic_id = data.oci_core_vnic_attachments.BastionVnics.vnic_attachments[0]["vnic_id"] 19 | } 20 | 21 | # Get the Private of bastion host 22 | data "oci_core_private_ips" "BastionPrivateIPs" { 23 | ip_address = data.oci_core_vnic.BastionVnic.private_ip_address 24 | subnet_id = oci_core_subnet.BastionSubnetAD1.id 25 | } 26 | 27 | 28 | # Gets a list of vNIC attachments on the ESMasterNode1 29 | data "oci_core_vnic_attachments" "ESMasterNode1Vnics" { 30 | compartment_id = var.compartment_ocid 31 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 32 | instance_id = oci_core_instance.ESMasterNode1.id 33 | } 34 | 35 | # Gets the OCID of the first vNIC on the ESMasterNode1 36 | data "oci_core_vnic" "ESMasterNode1Vnic" { 37 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode1Vnics.vnic_attachments.0.vnic_id 38 | } 39 | 40 | 41 | # Gets a list of vNIC attachments on the ESMasterNode2 42 | data "oci_core_vnic_attachments" "ESMasterNode2Vnics" { 43 | compartment_id = var.compartment_ocid 44 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 45 | instance_id = oci_core_instance.ESMasterNode2.id 46 | } 47 | 48 | # Gets the OCID of the first vNIC on the ESMasterNode2 49 | data "oci_core_vnic" "ESMasterNode2Vnic" { 50 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode2Vnics.vnic_attachments.0.vnic_id 51 | } 52 | 53 | # Gets a list of vNIC attachments on the ESMasterNode3 54 | data "oci_core_vnic_attachments" "ESMasterNode3Vnics" { 55 | compartment_id = var.compartment_ocid 56 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[2]["name"] 57 | instance_id = oci_core_instance.ESMasterNode3.id 58 | } 59 | 60 | # Gets the OCID of the first vNIC on the ESMasterNode3 61 | data "oci_core_vnic" "ESMasterNode3Vnic" { 62 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode3Vnics.vnic_attachments.0.vnic_id 63 | } 64 | 65 | # Gets a list of vNIC attachments on the ESDataNode1 66 | data "oci_core_vnic_attachments" "ESDataNode1Vnics" { 67 | compartment_id = var.compartment_ocid 68 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 69 | instance_id = oci_core_instance.ESDataNode1.id 70 | } 71 | 72 | # Gets the OCID of the first vNIC on the ESMasterNode1 73 | data "oci_core_vnic" "ESDataNode1Vnic" { 74 | vnic_id = data.oci_core_vnic_attachments.ESDataNode1Vnics.vnic_attachments.0.vnic_id 75 | } 76 | 77 | 78 | # Gets a list of vNIC attachments on the ESDataNode2 79 | data "oci_core_vnic_attachments" "ESDataNode2Vnics" { 80 | compartment_id = var.compartment_ocid 81 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 82 | instance_id = oci_core_instance.ESDataNode2.id 83 | } 84 | 85 | # Gets the OCID of the first vNIC on the ESMasterNode2 86 | data "oci_core_vnic" "ESDataNode2Vnic" { 87 | vnic_id = data.oci_core_vnic_attachments.ESDataNode2Vnics.vnic_attachments.0.vnic_id 88 | } 89 | 90 | 91 | # Gets a list of vNIC attachments on the ESDataNode3 92 | data "oci_core_vnic_attachments" "ESDataNode3Vnics" { 93 | compartment_id = var.compartment_ocid 94 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 95 | instance_id = oci_core_instance.ESDataNode3.id 96 | } 97 | 98 | # Gets the OCID of the first vNIC on the ESMasterNode3 99 | data "oci_core_vnic" "ESDataNode3Vnic" { 100 | vnic_id = data.oci_core_vnic_attachments.ESDataNode3Vnics.vnic_attachments.0.vnic_id 101 | } 102 | 103 | # Gets a list of vNIC attachments on the ESDataNode4 104 | data "oci_core_vnic_attachments" "ESDataNode4Vnics" { 105 | compartment_id = var.compartment_ocid 106 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 107 | instance_id = oci_core_instance.ESDataNode4.id 108 | } 109 | 110 | # Gets the OCID of the first vNIC on the ESMasterNode4 111 | data "oci_core_vnic" "ESDataNode4Vnic" { 112 | vnic_id = data.oci_core_vnic_attachments.ESDataNode4Vnics.vnic_attachments.0.vnic_id 113 | } 114 | 115 | data "oci_core_images" "InstanceImageOCID_Bastion" { 116 | compartment_id = var.compartment_ocid 117 | operating_system = var.instance_os 118 | operating_system_version = var.linux_os_version 119 | shape = var.BastionShape 120 | 121 | filter { 122 | name = "display_name" 123 | values = ["^.*Oracle[^G]*$"] 124 | regex = true 125 | } 126 | } 127 | 128 | data "oci_core_images" "InstanceImageOCID_MasterNode" { 129 | compartment_id = var.compartment_ocid 130 | operating_system = var.instance_os 131 | operating_system_version = var.linux_os_version 132 | shape = var.MasterNodeShape 133 | 134 | filter { 135 | name = "display_name" 136 | values = ["^.*Oracle[^G]*$"] 137 | regex = true 138 | } 139 | } 140 | 141 | data "oci_core_images" "InstanceImageOCID_DataNode" { 142 | compartment_id = var.compartment_ocid 143 | operating_system = var.instance_os 144 | operating_system_version = var.linux_os_version 145 | shape = var.DataNodeShape 146 | 147 | filter { 148 | name = "display_name" 149 | values = ["^.*Oracle[^G]*$"] 150 | regex = true 151 | } 152 | } 153 | 154 | 155 | data "oci_identity_region_subscriptions" "home_region_subscriptions" { 156 | tenancy_id = var.tenancy_ocid 157 | 158 | filter { 159 | name = "is_home_region" 160 | values = [true] 161 | } 162 | } 163 | 164 | # This Terraform script provisions a compute instance 165 | 166 | data "template_file" "key_script" { 167 | template = file("./scripts/sshkey.tpl") 168 | vars = { 169 | ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh 170 | } 171 | } 172 | 173 | data "template_cloudinit_config" "cloud_init" { 174 | gzip = true 175 | base64_encode = true 176 | 177 | part { 178 | filename = "ainit.sh" 179 | content_type = "text/x-shellscript" 180 | content = data.template_file.key_script.rendered 181 | } 182 | } 183 | 184 | data "template_file" "key_script_bastion" { 185 | template = file("./scripts/BastionBootStrap.sh") 186 | vars = { 187 | ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh 188 | } 189 | } 190 | 191 | data "template_cloudinit_config" "cloud_init_bastion" { 192 | gzip = true 193 | base64_encode = true 194 | 195 | part { 196 | filename = "ainit.sh" 197 | content_type = "text/x-shellscript" 198 | content = data.template_file.key_script_bastion.rendered 199 | } 200 | } -------------------------------------------------------------------------------- /cluster/multi-ad/images/Elasticsearch_deployment_architecture_Capture.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/cluster/multi-ad/images/Elasticsearch_deployment_architecture_Capture.PNG -------------------------------------------------------------------------------- /cluster/multi-ad/lbaas.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_load_balancer_load_balancer" "ES-LB" { 5 | compartment_id = var.compartment_ocid 6 | display_name = "ES-LB" 7 | shape = var.lb_shape 8 | 9 | dynamic "shape_details" { 10 | for_each = local.is_flexible_lb_shape ? [1] : [] 11 | content { 12 | minimum_bandwidth_in_mbps = var.flex_lb_min_shape 13 | maximum_bandwidth_in_mbps = var.flex_lb_max_shape 14 | } 15 | } 16 | 17 | subnet_ids = [oci_core_subnet.LBSubnetAD1.id, oci_core_subnet.LBSubnetAD2.id] 18 | is_private = "false" 19 | depends_on = [ 20 | oci_core_instance.ESDataNode1, 21 | oci_core_instance.ESDataNode2, 22 | oci_core_instance.ESDataNode3, 23 | oci_core_instance.ESDataNode4, 24 | oci_core_instance.ESMasterNode1, 25 | oci_core_instance.ESMasterNode2, 26 | oci_core_instance.ESMasterNode3, 27 | ] 28 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 29 | } 30 | 31 | resource "oci_load_balancer_backend_set" "ESKibana" { 32 | health_checker { 33 | protocol = "TCP" 34 | interval_ms = var.backend_set_health_checker_interval_ms 35 | port = "22" 36 | } 37 | 38 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 39 | name = "ESKibana" 40 | policy = "ROUND_ROBIN" 41 | 42 | session_persistence_configuration { 43 | cookie_name = "*" 44 | } 45 | } 46 | 47 | resource "oci_load_balancer_backend_set" "ES-Data" { 48 | health_checker { 49 | protocol = "TCP" 50 | interval_ms = var.backend_set_health_checker_interval_ms 51 | port = "22" 52 | } 53 | 54 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 55 | name = "ES-Data" 56 | policy = "ROUND_ROBIN" 57 | 58 | session_persistence_configuration { 59 | cookie_name = "*" 60 | } 61 | } 62 | 63 | resource "oci_load_balancer_backend" "DataNode1" { 64 | backendset_name = "ES-Data" 65 | ip_address = oci_core_instance.ESDataNode1.private_ip 66 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 67 | port = var.ESDataPort 68 | depends_on = [oci_load_balancer_backend_set.ES-Data] 69 | } 70 | 71 | resource "oci_load_balancer_backend" "DataNode2" { 72 | backendset_name = "ES-Data" 73 | ip_address = oci_core_instance.ESDataNode2.private_ip 74 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 75 | port = var.ESDataPort 76 | depends_on = [oci_load_balancer_backend_set.ES-Data] 77 | } 78 | 79 | resource "oci_load_balancer_backend" "DataNode3" { 80 | backendset_name = "ES-Data" 81 | ip_address = oci_core_instance.ESDataNode3.private_ip 82 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 83 | port = var.ESDataPort 84 | depends_on = [oci_load_balancer_backend_set.ES-Data] 85 | } 86 | 87 | resource "oci_load_balancer_backend" "DataNode4" { 88 | backendset_name = "ES-Data" 89 | ip_address = oci_core_instance.ESDataNode4.private_ip 90 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 91 | port = var.ESDataPort 92 | depends_on = [oci_load_balancer_backend_set.ES-Data] 93 | } 94 | 95 | resource "oci_load_balancer_backend" "ESMaster1" { 96 | backendset_name = "ESKibana" 97 | ip_address = oci_core_instance.ESMasterNode1.private_ip 98 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 99 | port = var.KibanaPort 100 | depends_on = [oci_load_balancer_backend_set.ESKibana] 101 | } 102 | 103 | resource "oci_load_balancer_backend" "ESMaster2" { 104 | backendset_name = "ESKibana" 105 | ip_address = oci_core_instance.ESMasterNode2.private_ip 106 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 107 | port = var.KibanaPort 108 | depends_on = [oci_load_balancer_backend_set.ESKibana] 109 | } 110 | 111 | resource "oci_load_balancer_backend" "ESMaster3" { 112 | backendset_name = "ESKibana" 113 | ip_address = oci_core_instance.ESMasterNode3.private_ip 114 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 115 | port = var.KibanaPort 116 | depends_on = [oci_load_balancer_backend_set.ESKibana] 117 | } 118 | 119 | resource "oci_load_balancer_listener" "KibanaLS" { 120 | default_backend_set_name = "ESKibana" 121 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 122 | name = "KibanaLS" 123 | port = var.KibanaPort 124 | protocol = "HTTP" 125 | depends_on = [oci_load_balancer_backend_set.ESKibana] 126 | } 127 | 128 | resource "oci_load_balancer_listener" "ESDataLS" { 129 | default_backend_set_name = "ES-Data" 130 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 131 | name = "ESDataLS" 132 | port = var.ESDataPort 133 | protocol = "HTTP" 134 | depends_on = [oci_load_balancer_backend_set.ES-Data] 135 | } 136 | 137 | -------------------------------------------------------------------------------- /cluster/multi-ad/network.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_core_virtual_network" "OCI_ES_VCN" { 5 | cidr_block = var.VCN-CIDR 6 | compartment_id = var.compartment_ocid 7 | display_name = "OCI_ES_VCN" 8 | dns_label = "OCIESVCN" 9 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 10 | } 11 | 12 | resource "oci_core_internet_gateway" "OCI_ES_IGW" { 13 | compartment_id = var.compartment_ocid 14 | display_name = "OCI_ES_IGW" 15 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 16 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 17 | } 18 | 19 | resource "oci_core_nat_gateway" "OCI_ES_NATGW" { 20 | compartment_id = var.compartment_ocid 21 | display_name = "OCI_ES_NATGW" 22 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 23 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 24 | } 25 | 26 | resource "oci_core_route_table" "OCI_PUB_RTB" { 27 | compartment_id = var.compartment_ocid 28 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 29 | display_name = "OCI_PUB_RTB" 30 | 31 | route_rules { 32 | destination = "0.0.0.0/0" 33 | destination_type = "CIDR_BLOCK" 34 | network_entity_id = oci_core_internet_gateway.OCI_ES_IGW.id 35 | } 36 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 37 | } 38 | 39 | resource "oci_core_route_table" "OCI_NAT_RTB" { 40 | compartment_id = var.compartment_ocid 41 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 42 | display_name = "OCI_NAT_RTB" 43 | 44 | route_rules { 45 | destination = "0.0.0.0/0" 46 | destination_type = "CIDR_BLOCK" 47 | network_entity_id = oci_core_nat_gateway.OCI_ES_NATGW.id 48 | } 49 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 50 | } 51 | 52 | resource "oci_core_security_list" "LBSecList" { 53 | compartment_id = var.compartment_ocid 54 | display_name = "LBSecList" 55 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 56 | 57 | egress_security_rules { 58 | protocol = "6" 59 | destination = "0.0.0.0/0" 60 | } 61 | 62 | ingress_security_rules { 63 | tcp_options { 64 | max = var.ESDataPort 65 | min = var.ESDataPort 66 | } 67 | 68 | protocol = "6" 69 | source = "0.0.0.0/0" 70 | } 71 | ingress_security_rules { 72 | tcp_options { 73 | max = var.KibanaPort 74 | min = var.KibanaPort 75 | } 76 | 77 | protocol = "6" 78 | source = "0.0.0.0/0" 79 | } 80 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 81 | } 82 | 83 | resource "oci_core_security_list" "PrivSecList" { 84 | compartment_id = var.compartment_ocid 85 | display_name = "PrivSecList" 86 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 87 | 88 | egress_security_rules { 89 | protocol = "6" 90 | destination = "0.0.0.0/0" 91 | } 92 | 93 | ingress_security_rules { 94 | tcp_options { 95 | max = var.ESDataPort 96 | min = var.ESDataPort 97 | } 98 | 99 | protocol = "6" 100 | source = var.VCN-CIDR 101 | } 102 | ingress_security_rules { 103 | tcp_options { 104 | max = var.ESDataPort2 105 | min = var.ESDataPort2 106 | } 107 | 108 | protocol = "6" 109 | source = var.VCN-CIDR 110 | } 111 | ingress_security_rules { 112 | tcp_options { 113 | max = var.KibanaPort 114 | min = var.KibanaPort 115 | } 116 | 117 | protocol = "6" 118 | source = var.VCN-CIDR 119 | } 120 | ingress_security_rules { 121 | tcp_options { 122 | max = 22 123 | min = 22 124 | } 125 | 126 | protocol = "6" 127 | source = var.VCN-CIDR 128 | } 129 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 130 | } 131 | 132 | resource "oci_core_security_list" "BastionSecList" { 133 | compartment_id = var.compartment_ocid 134 | display_name = "BastionSecList" 135 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 136 | 137 | egress_security_rules { 138 | protocol = "6" 139 | destination = "0.0.0.0/0" 140 | } 141 | 142 | ingress_security_rules { 143 | tcp_options { 144 | max = 22 145 | min = 22 146 | } 147 | 148 | protocol = "6" 149 | source = "0.0.0.0/0" 150 | } 151 | ingress_security_rules { 152 | protocol = "all" 153 | source = var.VCN-CIDR 154 | } 155 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 156 | } 157 | 158 | resource "oci_core_subnet" "LBSubnetAD1" { 159 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 160 | cidr_block = var.LBSubnetAD1CIDR 161 | display_name = "LBSubnetAD1" 162 | compartment_id = var.compartment_ocid 163 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 164 | route_table_id = oci_core_route_table.OCI_PUB_RTB.id 165 | security_list_ids = [oci_core_security_list.LBSecList.id] 166 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 167 | dns_label = "lbad1" 168 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 169 | } 170 | 171 | resource "oci_core_subnet" "LBSubnetAD2" { 172 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 173 | cidr_block = var.LBSubnetAD2CIDR 174 | display_name = "LBSubnetAD2" 175 | compartment_id = var.compartment_ocid 176 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 177 | route_table_id = oci_core_route_table.OCI_PUB_RTB.id 178 | security_list_ids = [oci_core_security_list.LBSecList.id] 179 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 180 | dns_label = "lbad2" 181 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 182 | } 183 | 184 | resource "oci_core_subnet" "PrivSubnetAD1" { 185 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 186 | cidr_block = var.PrivSubnetAD1CIDR 187 | display_name = "PrivateSubnetAD1" 188 | compartment_id = var.compartment_ocid 189 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 190 | route_table_id = oci_core_route_table.OCI_NAT_RTB.id 191 | security_list_ids = [oci_core_security_list.PrivSecList.id] 192 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 193 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 194 | 195 | #prohibit_public_ip_on_vnic = "true" 196 | dns_label = "privad1" 197 | } 198 | 199 | resource "oci_core_subnet" "PrivSubnetAD2" { 200 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[1]["name"] 201 | cidr_block = var.PrivSubnetAD2CIDR 202 | display_name = "PrivateSubnetAD2" 203 | compartment_id = var.compartment_ocid 204 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 205 | route_table_id = oci_core_route_table.OCI_NAT_RTB.id 206 | security_list_ids = [oci_core_security_list.PrivSecList.id] 207 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 208 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 209 | 210 | #prohibit_public_ip_on_vnic = "true" 211 | dns_label = "privad2" 212 | } 213 | 214 | resource "oci_core_subnet" "PrivSubnetAD3" { 215 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[2]["name"] 216 | cidr_block = var.PrivSubnetAD3CIDR 217 | display_name = "PrivateSubnetAD3" 218 | compartment_id = var.compartment_ocid 219 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 220 | route_table_id = oci_core_route_table.OCI_NAT_RTB.id 221 | security_list_ids = [oci_core_security_list.PrivSecList.id] 222 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 223 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 224 | 225 | #prohibit_public_ip_on_vnic = "true" 226 | dns_label = "privad3" 227 | } 228 | 229 | resource "oci_core_subnet" "BastionSubnetAD1" { 230 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0]["name"] 231 | cidr_block = var.BastSubnetAD1CIDR 232 | display_name = "BastionSubnetAD1" 233 | compartment_id = var.compartment_ocid 234 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 235 | route_table_id = oci_core_route_table.OCI_PUB_RTB.id 236 | security_list_ids = [oci_core_security_list.BastionSecList.id] 237 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 238 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 239 | dns_label = "bastsub" 240 | } 241 | 242 | -------------------------------------------------------------------------------- /cluster/multi-ad/outputs.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | # Output the private and public IPs of the instance 5 | 6 | output "BastionPublicIP" { 7 | value = oci_core_instance.BastionHost.public_ip 8 | } 9 | 10 | output "Kibana_URL_via_LBaaS" { 11 | value = "http://${oci_load_balancer_load_balancer.ES-LB.ip_addresses[0]}:${var.KibanaPort}/" 12 | } 13 | 14 | output "Elasticsearch_URL_via_LBaaS" { 15 | value = "http://${oci_load_balancer_load_balancer.ES-LB.ip_addresses[0]}:${var.ESDataPort}/" 16 | } 17 | 18 | output "generated_ssh_private_key" { 19 | value = tls_private_key.public_private_key_pair.private_key_pem 20 | sensitive = true 21 | } 22 | 23 | -------------------------------------------------------------------------------- /cluster/multi-ad/provider.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | provider "oci" { 5 | tenancy_ocid = var.tenancy_ocid 6 | user_ocid = var.user_ocid 7 | fingerprint = var.fingerprint 8 | private_key_path = var.private_key_path 9 | region = var.region 10 | } 11 | 12 | provider "oci" { 13 | alias = "homeregion" 14 | tenancy_ocid = var.tenancy_ocid 15 | user_ocid = var.user_ocid 16 | fingerprint = var.fingerprint 17 | private_key_path = var.private_key_path 18 | region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name 19 | disable_auto_retries = "true" 20 | } -------------------------------------------------------------------------------- /cluster/multi-ad/remote.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | data "template_file" "setup_esbootstrap" { 5 | depends_on = [oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 6 | 7 | template = file(var.ESBootStrap) 8 | 9 | vars = { 10 | elasticsearch_download_url = var.elasticsearch_download_url 11 | kibana_download_url = var.kibana_download_url 12 | elasticsearch_download_version = var.elasticsearch_download_version 13 | kibana_download_version = var.kibana_download_version 14 | ESDataPort = var.ESDataPort 15 | ESDataPort2 = var.ESDataPort2 16 | KibanaPort = var.KibanaPort 17 | esmasternode1_private_ip = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 18 | esmasternode2_private_ip = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 19 | esmasternode3_private_ip = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 20 | esdatanode1_private_ip = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 21 | esdatanode2_private_ip = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 22 | esdatanode3_private_ip = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 23 | esdatanode4_private_ip = data.oci_core_vnic.ESDataNode4Vnic.private_ip_address 24 | } 25 | } 26 | 27 | resource "null_resource" "ESMasterNode1_BootStrap" { 28 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 29 | 30 | provisioner "file" { 31 | connection { 32 | type = "ssh" 33 | user = "opc" 34 | host = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 35 | private_key = tls_private_key.public_private_key_pair.private_key_pem 36 | script_path = "/home/opc/myssh.sh" 37 | agent = false 38 | timeout = "10m" 39 | bastion_host = oci_core_instance.BastionHost.public_ip 40 | bastion_port = "22" 41 | bastion_user = "opc" 42 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 43 | } 44 | 45 | content = data.template_file.setup_esbootstrap.rendered 46 | destination = "~/esbootstrap.sh" 47 | } 48 | provisioner "remote-exec" { 49 | connection { 50 | type = "ssh" 51 | user = "opc" 52 | host = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 53 | private_key = tls_private_key.public_private_key_pair.private_key_pem 54 | script_path = "/home/opc/myssh.sh" 55 | agent = false 56 | timeout = "10m" 57 | bastion_host = oci_core_instance.BastionHost.public_ip 58 | bastion_port = "22" 59 | bastion_user = "opc" 60 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 61 | } 62 | inline = [ 63 | "chmod +x ~/esbootstrap.sh", 64 | "sudo ~/esbootstrap.sh", 65 | ] 66 | } 67 | } 68 | 69 | resource "null_resource" "ESMasterNode2_BootStrap" { 70 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 71 | 72 | provisioner "file" { 73 | connection { 74 | type = "ssh" 75 | user = "opc" 76 | host = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 77 | private_key = tls_private_key.public_private_key_pair.private_key_pem 78 | script_path = "/home/opc/myssh.sh" 79 | agent = false 80 | timeout = "10m" 81 | bastion_host = oci_core_instance.BastionHost.public_ip 82 | bastion_port = "22" 83 | bastion_user = "opc" 84 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 85 | } 86 | 87 | content = data.template_file.setup_esbootstrap.rendered 88 | destination = "~/esbootstrap.sh" 89 | } 90 | provisioner "remote-exec" { 91 | connection { 92 | type = "ssh" 93 | user = "opc" 94 | host = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 95 | private_key = tls_private_key.public_private_key_pair.private_key_pem 96 | script_path = "/home/opc/myssh.sh" 97 | agent = false 98 | timeout = "10m" 99 | bastion_host = oci_core_instance.BastionHost.public_ip 100 | bastion_port = "22" 101 | bastion_user = "opc" 102 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 103 | } 104 | inline = [ 105 | "chmod +x ~/esbootstrap.sh", 106 | "sudo ~/esbootstrap.sh", 107 | ] 108 | } 109 | } 110 | 111 | resource "null_resource" "ESMasterNode3_BootStrap" { 112 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 113 | 114 | provisioner "file" { 115 | connection { 116 | type = "ssh" 117 | user = "opc" 118 | host = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 119 | private_key = tls_private_key.public_private_key_pair.private_key_pem 120 | script_path = "/home/opc/myssh.sh" 121 | agent = false 122 | timeout = "10m" 123 | bastion_host = oci_core_instance.BastionHost.public_ip 124 | bastion_port = "22" 125 | bastion_user = "opc" 126 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 127 | } 128 | 129 | content = data.template_file.setup_esbootstrap.rendered 130 | destination = "~/esbootstrap.sh" 131 | } 132 | provisioner "remote-exec" { 133 | connection { 134 | type = "ssh" 135 | user = "opc" 136 | host = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 137 | private_key = tls_private_key.public_private_key_pair.private_key_pem 138 | script_path = "/home/opc/myssh.sh" 139 | agent = false 140 | timeout = "10m" 141 | bastion_host = oci_core_instance.BastionHost.public_ip 142 | bastion_port = "22" 143 | bastion_user = "opc" 144 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 145 | } 146 | inline = [ 147 | "chmod +x ~/esbootstrap.sh", 148 | "sudo ~/esbootstrap.sh", 149 | ] 150 | } 151 | } 152 | 153 | resource "null_resource" "ESDataNode1_BootStrap" { 154 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 155 | 156 | provisioner "file" { 157 | connection { 158 | type = "ssh" 159 | user = "opc" 160 | host = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 161 | private_key = tls_private_key.public_private_key_pair.private_key_pem 162 | script_path = "/home/opc/myssh.sh" 163 | agent = false 164 | timeout = "10m" 165 | bastion_host = oci_core_instance.BastionHost.public_ip 166 | bastion_port = "22" 167 | bastion_user = "opc" 168 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 169 | } 170 | 171 | content = data.template_file.setup_esbootstrap.rendered 172 | destination = "~/esbootstrap.sh" 173 | } 174 | provisioner "remote-exec" { 175 | connection { 176 | type = "ssh" 177 | user = "opc" 178 | host = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 179 | private_key = tls_private_key.public_private_key_pair.private_key_pem 180 | script_path = "/home/opc/myssh.sh" 181 | agent = false 182 | timeout = "10m" 183 | bastion_host = oci_core_instance.BastionHost.public_ip 184 | bastion_port = "22" 185 | bastion_user = "opc" 186 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 187 | } 188 | inline = [ 189 | "chmod +x ~/esbootstrap.sh", 190 | "sudo ~/esbootstrap.sh", 191 | ] 192 | } 193 | } 194 | 195 | resource "null_resource" "ESDataNode2_BootStrap" { 196 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 197 | 198 | provisioner "file" { 199 | connection { 200 | type = "ssh" 201 | user = "opc" 202 | host = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 203 | private_key = tls_private_key.public_private_key_pair.private_key_pem 204 | script_path = "/home/opc/myssh.sh" 205 | agent = false 206 | timeout = "10m" 207 | bastion_host = oci_core_instance.BastionHost.public_ip 208 | bastion_port = "22" 209 | bastion_user = "opc" 210 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 211 | } 212 | 213 | content = data.template_file.setup_esbootstrap.rendered 214 | destination = "~/esbootstrap.sh" 215 | } 216 | provisioner "remote-exec" { 217 | connection { 218 | type = "ssh" 219 | user = "opc" 220 | host = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 221 | private_key = tls_private_key.public_private_key_pair.private_key_pem 222 | script_path = "/home/opc/myssh.sh" 223 | agent = false 224 | timeout = "10m" 225 | bastion_host = oci_core_instance.BastionHost.public_ip 226 | bastion_port = "22" 227 | bastion_user = "opc" 228 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 229 | } 230 | inline = [ 231 | "chmod +x ~/esbootstrap.sh", 232 | "sudo ~/esbootstrap.sh", 233 | ] 234 | } 235 | } 236 | 237 | resource "null_resource" "ESDataNode3_BootStrap" { 238 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 239 | 240 | provisioner "file" { 241 | connection { 242 | type = "ssh" 243 | user = "opc" 244 | host = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 245 | private_key = tls_private_key.public_private_key_pair.private_key_pem 246 | script_path = "/home/opc/myssh.sh" 247 | agent = false 248 | timeout = "10m" 249 | bastion_host = oci_core_instance.BastionHost.public_ip 250 | bastion_port = "22" 251 | bastion_user = "opc" 252 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 253 | } 254 | 255 | content = data.template_file.setup_esbootstrap.rendered 256 | destination = "~/esbootstrap.sh" 257 | } 258 | provisioner "remote-exec" { 259 | connection { 260 | type = "ssh" 261 | user = "opc" 262 | host = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 263 | private_key = tls_private_key.public_private_key_pair.private_key_pem 264 | script_path = "/home/opc/myssh.sh" 265 | agent = false 266 | timeout = "10m" 267 | bastion_host = oci_core_instance.BastionHost.public_ip 268 | bastion_port = "22" 269 | bastion_user = "opc" 270 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 271 | } 272 | inline = [ 273 | "chmod +x ~/esbootstrap.sh", 274 | "sudo ~/esbootstrap.sh", 275 | ] 276 | } 277 | } 278 | 279 | resource "null_resource" "ESDataNode4_BootStrap" { 280 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3, oci_core_instance.ESDataNode4] 281 | 282 | provisioner "file" { 283 | connection { 284 | type = "ssh" 285 | user = "opc" 286 | host = data.oci_core_vnic.ESDataNode4Vnic.private_ip_address 287 | private_key = tls_private_key.public_private_key_pair.private_key_pem 288 | script_path = "/home/opc/myssh.sh" 289 | agent = false 290 | timeout = "10m" 291 | bastion_host = oci_core_instance.BastionHost.public_ip 292 | bastion_port = "22" 293 | bastion_user = "opc" 294 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 295 | } 296 | 297 | content = data.template_file.setup_esbootstrap.rendered 298 | destination = "~/esbootstrap.sh" 299 | } 300 | provisioner "remote-exec" { 301 | connection { 302 | type = "ssh" 303 | user = "opc" 304 | host = data.oci_core_vnic.ESDataNode4Vnic.private_ip_address 305 | private_key = tls_private_key.public_private_key_pair.private_key_pem 306 | script_path = "/home/opc/myssh.sh" 307 | agent = false 308 | timeout = "10m" 309 | bastion_host = oci_core_instance.BastionHost.public_ip 310 | bastion_port = "22" 311 | bastion_user = "opc" 312 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 313 | } 314 | inline = [ 315 | "chmod +x ~/esbootstrap.sh", 316 | "sudo ~/esbootstrap.sh", 317 | ] 318 | } 319 | } -------------------------------------------------------------------------------- /cluster/multi-ad/schema.yaml: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | title: "Deploy Elasticsearch and Kibana in OCI" 5 | description: "Deploy cluster configuration (multi-ad) of Elasticsearch and Kibana in Oracle Cloud Infrastructure." 6 | stackDescription: "Deploy Elasticsearch and Kibana in OCI" 7 | informationalText: "To connect to the Kibana UI, copy Kibana_URL_via_LBaaS and paste it to your web browser. To connect to ElasticSearch, copy Elasticsearch_URL_via_LBaaS and paste it to your web browser." 8 | schemaVersion: 1.1.0 9 | version: "20201028" 10 | locale: "en" 11 | 12 | variableGroups: 13 | - title: "General Configuration" 14 | visible: false 15 | variables: 16 | - tenancy_ocid 17 | - region 18 | - release 19 | - BastionBootStrap 20 | - elasticsearch_download_url 21 | - kibana_download_url 22 | - create_timeout 23 | - volume_attachment_attachment_type 24 | 25 | - title: "Required Configuration" 26 | visible: true 27 | variables: 28 | - compartment_ocid 29 | - show_advanced 30 | 31 | - title: "Networking Optional Configuration" 32 | visible: 33 | and: 34 | - show_advanced 35 | variables: 36 | - VCN-CIDR 37 | - BastSubnetAD1CIDR 38 | - PrivSubnetAD1CIDR 39 | - PrivSubnetAD2CIDR 40 | - PrivSubnetAD3CIDR 41 | - LBSubnetAD1CIDR 42 | - LBSubnetAD2CIDR 43 | 44 | - title: "Compute Optional Configuration" 45 | visible: 46 | and: 47 | - show_advanced 48 | variables: 49 | - ssh_public_key 50 | - instance_os 51 | - linux_os_version 52 | - BastionShape 53 | - Bastion_Flex_Shape_OCPUS 54 | - Bastion_Flex_Shape_Memory 55 | - MasterNodeShape 56 | - MasterNode_Flex_Shape_OCPUS 57 | - MasterNode_Flex_Shape_Memory 58 | - DataNodeShape 59 | - DataNode_Flex_Shape_OCPUS 60 | - DataNode_Flex_Shape_Memory 61 | - BootVolSize 62 | - DataVolSize 63 | 64 | - title: "Load Balancer Optional Configuration" 65 | visible: 66 | and: 67 | - show_advanced 68 | variables: 69 | - lb_shape 70 | - flex_lb_min_shape 71 | - flex_lb_max_shape 72 | - backend_set_health_checker_interval_ms 73 | 74 | - title: "ES & Kibana Optional Configuration" 75 | visible: 76 | and: 77 | - show_advanced 78 | variables: 79 | - KibanaPort 80 | - ESDataPort 81 | - ESDataPort2 82 | - ESBootStrap 83 | - elasticsearch_download_version 84 | - kibana_download_version 85 | 86 | variables: 87 | 88 | show_advanced: 89 | type: boolean 90 | title: "Show advanced options?" 91 | description: "Shows advanced options." 92 | visible: true 93 | default: false 94 | 95 | # General Configuration 96 | tenancy_ocid: 97 | title: "Tenancy ID" 98 | description: "The Oracle Cloud Identifier (OCID) for your tenancy" 99 | type: string 100 | required: true 101 | visible: false 102 | 103 | region: 104 | title: "Region" 105 | description: "Region where you deploy your Elasticsearch and Kibana" 106 | type: oci:identity:region:name 107 | required: true 108 | visible: true 109 | 110 | compartment_ocid: 111 | title: "Compartment OCID" 112 | description: "Comparment where you deploy your Elasticsearch and Kibana" 113 | type: oci:identity:compartment:id 114 | required: true 115 | visible: true 116 | 117 | # Optional Configuration 118 | 119 | ssh_public_key: 120 | type: oci:core:ssh:publickey 121 | title: "Public SSH Key" 122 | description: "Choose public SSH Key to be uploaded into compute instances." 123 | required: false 124 | 125 | instance_os: 126 | type: enum 127 | required: false 128 | visible: true 129 | title: "Instance OS" 130 | description: "An Operating System that determines the operating system for your Elasticsearch and Kibana hosts." 131 | default: "Oracle Linux" 132 | enum: 133 | - "Oracle Linux" 134 | 135 | linux_os_version: 136 | type: enum 137 | required: false 138 | visible: true 139 | title: "Instance OS version" 140 | description: "An Operating System version that determines the operating system version for your Elasticsearch and Kibana hosts." 141 | default: "8" 142 | enum: 143 | - "8" 144 | 145 | BastionShape: 146 | type: oci:core:instanceshape:name 147 | default: "VM.Standard.E4.Flex" 148 | title: "Bastion Shape" 149 | description: "Bastion Host Shape" 150 | required: false 151 | dependsOn: 152 | compartmentId: ${compartment_ocid} 153 | 154 | Bastion_Flex_Shape_OCPUS: 155 | type: number 156 | required: false 157 | minimum: 1 158 | maximum: 128 159 | multipleOf: 1 160 | default: 1 161 | title: "Bastion Node Flex Shape OCPUs" 162 | description: "Choose number of OCPUs for Flex Shape of Bastion Node." 163 | visible: 164 | and: 165 | - or: 166 | - eq: 167 | - BastionShape 168 | - "VM.Standard.E3.Flex" 169 | - eq: 170 | - BastionShape 171 | - "VM.Standard.E4.Flex" 172 | - eq: 173 | - BastionShape 174 | - "VM.Standard.A1.Flex" 175 | 176 | Bastion_Flex_Shape_Memory: 177 | type: number 178 | required: false 179 | minimum: 1 180 | maximum: 128 181 | multipleOf: 1 182 | default: 1 183 | title: "Bastion Node Flex Shape Memory (GB)" 184 | description: "Choose number GB for Flex Shape Memory of Bastion Node." 185 | visible: 186 | and: 187 | - or: 188 | - eq: 189 | - BastionShape 190 | - "VM.Standard.E3.Flex" 191 | - eq: 192 | - BastionShape 193 | - "VM.Standard.E4.Flex" 194 | - eq: 195 | - BastionShape 196 | - "VM.Standard.A1.Flex" 197 | 198 | MasterNodeShape: 199 | type: oci:core:instanceshape:name 200 | default: "VM.Standard.E4.Flex" 201 | title: "ESMaster Node Shape" 202 | description: "ElasticSearch Master Node Shape" 203 | required: false 204 | dependsOn: 205 | compartmentId: ${compartment_ocid} 206 | 207 | MasterNode_Flex_Shape_OCPUS: 208 | type: number 209 | required: false 210 | minimum: 1 211 | maximum: 128 212 | multipleOf: 1 213 | default: 2 214 | title: "ESMaster Node Flex Shape OCPUs" 215 | description: "Choose number of OCPUs for Flex Shape of ESMaster Node." 216 | visible: 217 | and: 218 | - or: 219 | - eq: 220 | - MasterNodeShape 221 | - "VM.Standard.E3.Flex" 222 | - eq: 223 | - MasterNodeShape 224 | - "VM.Standard.E4.Flex" 225 | - eq: 226 | - MasterNodeShape 227 | - "VM.Standard.A1.Flex" 228 | 229 | MasterNode_Flex_Shape_Memory: 230 | type: number 231 | required: false 232 | minimum: 1 233 | maximum: 128 234 | multipleOf: 1 235 | default: 30 236 | title: "ESMaster Node Flex Shape Memory (GB)" 237 | description: "Choose number GB for Flex Shape Memory of ESMaster Node." 238 | visible: 239 | and: 240 | - or: 241 | - eq: 242 | - MasterNodeShape 243 | - "VM.Standard.E3.Flex" 244 | - eq: 245 | - MasterNodeShape 246 | - "VM.Standard.E4.Flex" 247 | - eq: 248 | - MasterNodeShape 249 | - "VM.Standard.A1.Flex" 250 | 251 | DataNodeShape: 252 | type: oci:core:instanceshape:name 253 | default: "VM.Standard.E4.Flex" 254 | title: "ESData Node Shape" 255 | description: "ElasticSearch Data Node Shape" 256 | required: false 257 | dependsOn: 258 | compartmentId: ${compartment_ocid} 259 | 260 | DataNode_Flex_Shape_OCPUS: 261 | type: number 262 | required: false 263 | minimum: 1 264 | maximum: 128 265 | multipleOf: 1 266 | default: 2 267 | title: "ESData Node Flex Shape OCPUs" 268 | description: "Choose number of OCPUs for Flex Shape of ESData Node." 269 | visible: 270 | and: 271 | - or: 272 | - eq: 273 | - DataNodeShape 274 | - "VM.Standard.E3.Flex" 275 | - eq: 276 | - DataNodeShape 277 | - "VM.Standard.E4.Flex" 278 | - eq: 279 | - DataNodeShape 280 | - "VM.Standard.A1.Flex" 281 | 282 | DataNode_Flex_Shape_Memory: 283 | type: number 284 | required: false 285 | minimum: 1 286 | maximum: 128 287 | multipleOf: 1 288 | default: 30 289 | title: "ESData Node Flex Shape Memory (GB)" 290 | description: "Choose number GB for Flex Shape Memory of ESData Node." 291 | visible: 292 | and: 293 | - or: 294 | - eq: 295 | - DataNodeShape 296 | - "VM.Standard.E3.Flex" 297 | - eq: 298 | - DataNodeShape 299 | - "VM.Standard.E4.Flex" 300 | - eq: 301 | - DataNodeShape 302 | - "VM.Standard.A1.Flex" 303 | 304 | BootVolSize: 305 | type: number 306 | required: false 307 | minimum: 50 308 | maximum: 32000 309 | multipleOf: 1 310 | default: 100 311 | title: "ESMaster/ESData Nodes Boot Volume Size (GB)" 312 | description: "Choose ESMaster/ESData Nodes Boot Volume Size" 313 | 314 | DataVolSize: 315 | type: number 316 | required: false 317 | minimum: 50 318 | maximum: 32000 319 | multipleOf: 1 320 | default: 200 321 | title: "ESData Nodes Data Volume Size (GB)" 322 | description: "Choose ESData Nodes Data Volume Size" 323 | 324 | VCN-CIDR: 325 | type: string 326 | required: false 327 | default: "192.168.0.0/25" 328 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 329 | title: "VCN CIDR" 330 | description: "A single, contiguous IPv4 CIDR block of your choice for the VCN" 331 | 332 | BastSubnetAD1CIDR: 333 | type: string 334 | required: false 335 | default: "192.168.0.0/28" 336 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 337 | title: "Bastion Subnet AD1 CIDR" 338 | description: "Bastion Subnet AD1 CIDR" 339 | 340 | PrivSubnetAD1CIDR: 341 | type: string 342 | required: false 343 | default: "192.168.0.16/28" 344 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 345 | title: "Private Subnet AD1 CIDR" 346 | description: "Private Subnet AD1 CIDR" 347 | 348 | PrivSubnetAD2CIDR: 349 | type: string 350 | required: false 351 | default: "192.168.0.32/28" 352 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 353 | title: "Private Subnet AD2 CIDR" 354 | description: "Private Subnet AD2 CIDR" 355 | 356 | PrivSubnetAD3CIDR: 357 | type: string 358 | required: false 359 | default: "192.168.0.48/28" 360 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 361 | title: "Private Subnet AD3 CIDR" 362 | description: "Private Subnet AD3 CIDR" 363 | 364 | LBSubnetAD1CIDR: 365 | type: string 366 | required: false 367 | default: "192.168.0.64/28" 368 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 369 | title: "LB Subnet AD1 CIDR" 370 | description: "LB Subnet AD1 CIDR" 371 | 372 | LBSubnetAD2CIDR: 373 | type: string 374 | required: false 375 | default: "192.168.0.80/28" 376 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 377 | title: "LB Subnet AD2 CIDR" 378 | description: "LB Subnet AD2 CIDR" 379 | 380 | lb_shape: 381 | type: enum 382 | title: "Load Balanacer Shape" 383 | description: "Load Balanacer Shape" 384 | default: "flexible" 385 | required: false 386 | enum: 387 | - "flexible" 388 | - "100Mbps" 389 | - "10Mbps" 390 | - "10Mbps-Micro" 391 | - "400Mbps" 392 | - "8000Mbps" 393 | 394 | flex_lb_min_shape: 395 | type: enum 396 | required: false 397 | default: "10" 398 | title: "LB Flex Min Shape" 399 | description: "Choose Minimum Shape for Flex Load Balancer." 400 | enum: 401 | - "10" 402 | - "100" 403 | - "1000" 404 | - "400" 405 | - "8000" 406 | visible: 407 | and: 408 | - eq: 409 | - lb_shape 410 | - "flexible" 411 | 412 | flex_lb_max_shape: 413 | type: enum 414 | required: false 415 | default: "100" 416 | title: "LB Flex Max Shape" 417 | description: "Choose Maximum Shape for Flex Load Balancer." 418 | enum: 419 | - "10" 420 | - "100" 421 | - "1000" 422 | - "400" 423 | - "8000" 424 | visible: 425 | and: 426 | - eq: 427 | - lb_shape 428 | - "flexible" 429 | 430 | ESBootStrap: 431 | type: string 432 | required: false 433 | visible: false 434 | 435 | BastionBootStrap: 436 | type: string 437 | required: false 438 | visible: false 439 | 440 | elasticsearch_download_url: 441 | title: "Elasticsearch download URL" 442 | description: "Elasticsearch download URL" 443 | type: string 444 | required: false 445 | 446 | kibana_download_url: 447 | title: "Kibana download URL" 448 | description: "Kibana download URL" 449 | type: string 450 | required: false 451 | 452 | backend_set_health_checker_interval_ms: 453 | title: "Load Balanacer Health Check interval (ms)" 454 | description: "Load Balanacer Health Check interval (ms)" 455 | type: number 456 | minimum: 1 457 | maximum: 65535 458 | multipleOf: 1 459 | default: 15000 460 | required: false 461 | 462 | KibanaPort: 463 | title: "Kibana Port" 464 | description: "Kibana Port" 465 | type: number 466 | minimum: 1 467 | maximum: 65535 468 | multipleOf: 1 469 | default: 5601 470 | required: false 471 | 472 | ESDataPort: 473 | title: "ESData Port 1" 474 | description: "Elasticsearch Data Port (Outbound HTTP Traffic)" 475 | type: number 476 | minimum: 1 477 | maximum: 65535 478 | multipleOf: 1 479 | default: 9200 480 | required: false 481 | 482 | ESDataPort2: 483 | title: "ESData Port 2" 484 | description: "Elasticsearch Data Port (Internode binary Traffic)" 485 | type: number 486 | minimum: 1 487 | maximum: 65535 488 | multipleOf: 1 489 | default: 9300 490 | required: false 491 | 492 | elasticsearch_download_version: 493 | type: enum 494 | required: false 495 | visible: true 496 | title: "Elasticsearch version" 497 | description: "Choose the Elasticsearch version to install." 498 | default: "7.16.3" 499 | enum: 500 | - "7.16.3" 501 | 502 | kibana_download_version: 503 | type: enum 504 | required: false 505 | visible: true 506 | title: "Kibana version" 507 | description: "Choose the Kibana version to install." 508 | default: "7.16.3" 509 | enum: 510 | - "7.16.3" 511 | 512 | create_timeout: 513 | type: string 514 | required: false 515 | visible: false 516 | 517 | volume_attachment_attachment_type: 518 | type: string 519 | required: false 520 | visible: false 521 | 522 | release: 523 | type: string 524 | required: false 525 | visible: false 526 | title: "Reference Architecture Release (OCI Architecture Center)" 527 | 528 | outputs: 529 | 530 | BastionPublicIP: 531 | title: "Bastion Server Public IP" 532 | displayText: "Bastion Server Public IP" 533 | type: copyableString 534 | visible: true 535 | 536 | Kibana_URL_via_LBaaS: 537 | title: "Kibana URL" 538 | displayText: "Kibana URL via LBaaS" 539 | type: copyableString 540 | visible: true 541 | 542 | Elasticsearch_URL_via_LBaaS: 543 | title: "Elasticsearch URL" 544 | displayText: "Elasticsearch URL via LBaaS" 545 | type: copyableString 546 | visible: true 547 | 548 | generated_ssh_private_key: 549 | title: "Generated SSH Private Key" 550 | displayText: "Generated SSH Private Key" 551 | type: text 552 | visible: true 553 | -------------------------------------------------------------------------------- /cluster/multi-ad/scripts/BastionBootStrap.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | ## Enables Bastion Host as NAT instance for ES master/data nodes to update/install software from internet. 3 | echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf 4 | firewall-offline-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ens3 -j MASQUERADE 5 | firewall-offline-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens3 -j ACCEPT 6 | sysctl -p 7 | systemctl restart firewalld 8 | 9 | # Uploads SSH Public Key to authorized keys. 10 | cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak 11 | echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys 12 | chown -R opc /home/opc/.ssh/authorized_keys -------------------------------------------------------------------------------- /cluster/multi-ad/scripts/ESBootStrap.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | echo "############################################################" 3 | echo "Elasticsearch Master/Data Nodes bootstrap script starting..." 4 | echo "############################################################" 5 | echo "." 6 | echo "=(0%)> Setting limits (/etc/security/limits.conf, /etc/sysctl.conf)" 7 | echo "." 8 | ulimit -n 65536 9 | ulimit -u 4096 10 | echo "elasticsearch - nofile 65536" >>/etc/security/limits.conf 11 | echo "elasticsearch - nproc 4096" >>/etc/security/limits.conf 12 | echo "vm.max_map_count=262144" >>/etc/sysctl.conf 13 | echo "vm.swappiness=1" >>/etc/sysctl.conf 14 | sysctl -p 15 | memgb="$((`cat /proc/meminfo |grep MemTotal|awk '{print $2}'` /1024/1024/2))" 16 | echo "=(100%)> Limits done." 17 | echo "." 18 | 19 | ##Configures Data Nodes 20 | DataNodeFunc() 21 | { 22 | echo "." 23 | echo "=(0%)> iSCSI discovery and vg/lvcreate" 24 | echo "." 25 | IQN=$(iscsiadm -m discovery -t st -p 169.254.2.2:3260 |awk '{print $2}') 26 | iscsiadm -m node -o new -T $IQN -p 169.254.2.2:3260 27 | iscsiadm -m node -o update -T $IQN -n node.startup -v automatic 28 | iscsiadm -m node -T $IQN -p 169.254.2.2:3260 -l 29 | pvcreate /dev/sdb 30 | vgcreate vgdata /dev/sdb 31 | lvcreate -l 100%VG -n lvdata vgdata 32 | mkfs.ext4 /dev/vgdata/lvdata 33 | mkdir /elasticsearch 34 | echo "/dev/vgdata/lvdata /elasticsearch ext4 defaults,_netdev 0 0" >>/etc/fstab 35 | mount -a 36 | echo "=(100%)> iSCSI discovery and vg/lvcreate done." 37 | echo "." 38 | echo "=(0%)> yum install java and elasticsearch" 39 | echo "." 40 | yum install -y java 41 | if [[ $(uname -m | sed 's/^.*\(el[0-9]\+\).*$/\1/') == "aarch64" ]] 42 | then 43 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-aarch64.rpm 44 | else 45 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-x86_64.rpm 46 | fi 47 | echo "=(100%)> yum install java and elasticsearch done." 48 | echo "." 49 | echo "=(0%)> elasticsearch setup (override.conf, user config, jvm.options)" 50 | echo "." 51 | mkdir /etc/systemd/system/elasticsearch.service.d 52 | echo "[Service]" >>/etc/systemd/system/elasticsearch.service.d/override.conf 53 | echo "LimitMEMLOCK=infinity" >>/etc/systemd/system/elasticsearch.service.d/override.conf 54 | mkdir /elasticsearch/data /elasticsearch/log 55 | chown -R elasticsearch:elasticsearch /elasticsearch 56 | sed -i 's/\/var\/log\/elasticsearch/\/elasticsearch\/log/g' /etc/elasticsearch/jvm.options 57 | sed -i 's/\/var\/lib\/elasticsearch/\/elasticsearch\/data/g' /etc/elasticsearch/jvm.options 58 | sed -i 's/-Xmx1g/-Xmx'$memgb'g/' /etc/elasticsearch/jvm.options 59 | sed -i 's/-Xms1g/-Xms'$memgb'g/' /etc/elasticsearch/jvm.options 60 | echo "." 61 | echo "=(100%)> elasticsearch setup (override.conf, user config, jvm.options) done." 62 | echo "." 63 | echo "=(0%)> elasticsearch setup (elasticsearch.yml)" 64 | echo "." 65 | sed -i 's/#MAX_LOCKED_MEMORY/MAX_LOCKED_MEMORY/' /etc/sysconfig/elasticsearch 66 | mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.original 67 | echo "cluster.name: oci-es-cluster" >>/etc/elasticsearch/elasticsearch.yml 68 | echo "node.name: $HOSTNAME" >>/etc/elasticsearch/elasticsearch.yml 69 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 70 | echo "network.host: $local_ip" >>/etc/elasticsearch/elasticsearch.yml 71 | echo "discovery.zen.ping.unicast.hosts: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}","${esdatanode1_private_ip}","${esdatanode2_private_ip}","${esdatanode3_private_ip}","${esdatanode4_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 72 | echo "path.data: /elasticsearch/data" >>/etc/elasticsearch/elasticsearch.yml 73 | echo "path.logs: /elasticsearch/log" >>/etc/elasticsearch/elasticsearch.yml 74 | echo "cluster.initial_master_nodes: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 75 | echo "cluster.routing.allocation.awareness.attributes: privad" >>/etc/elasticsearch/elasticsearch.yml 76 | subnetID=`hostname -f | awk -F "." '{print $2}'` 77 | echo "node.attr.privad: $subnetID" >>/etc/elasticsearch/elasticsearch.yml 78 | echo "node.roles: [data]" >>/etc/elasticsearch/elasticsearch.yml 79 | echo "bootstrap.memory_lock: true" >>/etc/elasticsearch/elasticsearch.yml 80 | chmod 660 /etc/elasticsearch/elasticsearch.yml 81 | chown root:elasticsearch /etc/elasticsearch/elasticsearch.yml 82 | cat /etc/elasticsearch/elasticsearch.yml 83 | echo "." 84 | echo "=(100%)> elasticsearch setup (elasticsearch.yml) done." 85 | echo "." 86 | echo "=(0%)> elasticsearch service setup and firewall-offline-cmd" 87 | echo "." 88 | systemctl daemon-reload 89 | systemctl enable elasticsearch.service 90 | systemctl start elasticsearch.service 91 | firewall-offline-cmd --add-port=${ESDataPort}/tcp 92 | firewall-offline-cmd --add-port=${ESDataPort2}/tcp 93 | systemctl restart firewalld 94 | echo "." 95 | echo "=(100%)> elasticsearch service setup and firewall-offline-cmd done." 96 | echo "." 97 | } 98 | 99 | ##Configure Master Nodes 100 | MasterNodeFunc() 101 | { 102 | echo "." 103 | echo "=(0%)> yum install java, elasticsearch and kibana" 104 | echo "." 105 | yum install -y java 106 | if [[ $(uname -m | sed 's/^.*\(el[0-9]\+\).*$/\1/') == "aarch64" ]] 107 | then 108 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-aarch64.rpm 109 | yum install -y ${kibana_download_url}-${kibana_download_version}-aarch64.rpm 110 | else 111 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-x86_64.rpm 112 | yum install -y ${kibana_download_url}-${kibana_download_version}-x86_64.rpm 113 | fi 114 | echo "=(100%)> yum install java, elasticsearch and kibana done." 115 | echo "." 116 | echo "=(0%)> elasticsearch setup (override.conf, user config, jvm.options)" 117 | echo "." 118 | mkdir /etc/systemd/system/elasticsearch.service.d 119 | echo "[Service]" >>/etc/systemd/system/elasticsearch.service.d/override.conf 120 | echo "LimitMEMLOCK=infinity" >>/etc/systemd/system/elasticsearch.service.d/override.conf 121 | mkdir -p /elasticsearch/data /elasticsearch/log 122 | chown -R elasticsearch:elasticsearch /elasticsearch 123 | sed -i 's/\/var\/log\/elasticsearch/\/elasticsearch\/log/g' /etc/elasticsearch/jvm.options 124 | sed -i 's/\/var\/lib\/elasticsearch/\/elasticsearch\/data/g' /etc/elasticsearch/jvm.options 125 | sed -i 's/-Xmx1g/-Xmx'$memgb'g/' /etc/elasticsearch/jvm.options 126 | sed -i 's/-Xms1g/-Xms'$memgb'g/' /etc/elasticsearch/jvm.options 127 | echo "." 128 | echo "=(100%)> elasticsearch setup (override.conf, user config, jvm.options) done." 129 | echo "." 130 | echo "." 131 | echo "=(0%)> elasticsearch setup (elasticsearch.yml)" 132 | echo "." 133 | sed -i 's/#MAX_LOCKED_MEMORY/MAX_LOCKED_MEMORY/' /etc/sysconfig/elasticsearch 134 | mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.original 135 | echo "cluster.name: oci-es-cluster" >>/etc/elasticsearch/elasticsearch.yml 136 | echo "node.name: $HOSTNAME" >>/etc/elasticsearch/elasticsearch.yml 137 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 138 | echo "network.host: $local_ip" >>/etc/elasticsearch/elasticsearch.yml 139 | echo "discovery.zen.ping.unicast.hosts: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}","${esdatanode1_private_ip}","${esdatanode2_private_ip}","${esdatanode3_private_ip}","${esdatanode4_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 140 | echo "path.data: /elasticsearch/data" >>/etc/elasticsearch/elasticsearch.yml 141 | echo "path.logs: /elasticsearch/log" >>/etc/elasticsearch/elasticsearch.yml 142 | echo "cluster.initial_master_nodes: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 143 | echo "cluster.routing.allocation.awareness.attributes: privad" >>/etc/elasticsearch/elasticsearch.yml 144 | subnetID=`hostname -f | awk -F "." '{print $2}'` 145 | echo "node.attr.privad: $subnetID" >>/etc/elasticsearch/elasticsearch.yml 146 | echo "node.roles: [master,data]" >>/etc/elasticsearch/elasticsearch.yml 147 | echo "bootstrap.memory_lock: true" >>/etc/elasticsearch/elasticsearch.yml 148 | mv /etc/kibana/kibana.yml /etc/kibana/kibana.yml.original 149 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 150 | echo "server.host: $local_ip" >>/etc/kibana/kibana.yml 151 | echo "elasticsearch.hosts: ["http://$local_ip:${ESDataPort}"]" >>/etc/kibana/kibana.yml 152 | cat /etc/kibana/kibana.yml 153 | chmod 660 /etc/elasticsearch/elasticsearch.yml 154 | chown root:elasticsearch /etc/elasticsearch/elasticsearch.yml 155 | cat /etc/elasticsearch/elasticsearch.yml 156 | echo "." 157 | echo "=(100%)> elasticsearch setup (elasticsearch.yml) done." 158 | echo "." 159 | echo "=(0%)> elasticsearch service setup and firewall-offline-cmd" 160 | echo "." 161 | systemctl daemon-reload 162 | systemctl enable elasticsearch.service 163 | systemctl start elasticsearch.service 164 | systemctl enable kibana.service 165 | systemctl start kibana.service 166 | firewall-offline-cmd --add-port=${ESDataPort}/tcp 167 | firewall-offline-cmd --add-port=${ESDataPort2}/tcp 168 | firewall-offline-cmd --add-port=${KibanaPort}/tcp 169 | systemctl restart firewalld 170 | echo "." 171 | echo "=(100%)> elasticsearch service setup and firewall-offline-cmd done." 172 | echo "." 173 | } 174 | 175 | ## Select the node as Master/Data and runs relevant function. 176 | case $HOSTNAME in 177 | esmasternode1|esmasternode2|esmasternode3) 178 | echo "Running Master Node Function" 179 | MasterNodeFunc 180 | ;; 181 | esdatanode1|esdatanode2|esdatanode3|esdatanode4) 182 | echo "Running Data Node Function" 183 | DataNodeFunc 184 | ;; 185 | *) 186 | esac 187 | 188 | echo "#######################################################" 189 | echo "Elasticsearch Master/Data Nodes bootstrap script done." 190 | echo "#######################################################" 191 | 192 | -------------------------------------------------------------------------------- /cluster/multi-ad/scripts/sshkey.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak 4 | echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys 5 | chown -R opc /home/opc/.ssh/authorized_keys 6 | -------------------------------------------------------------------------------- /cluster/multi-ad/tags.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "random_id" "tag" { 5 | byte_length = 2 6 | } 7 | 8 | resource "oci_identity_tag_namespace" "ArchitectureCenterTagNamespace" { 9 | provider = oci.homeregion 10 | compartment_id = var.compartment_ocid 11 | description = "ArchitectureCenterTagNamespace" 12 | name = "ArchitectureCenter\\deploy-elk-${random_id.tag.hex}" 13 | 14 | provisioner "local-exec" { 15 | command = "sleep 10" 16 | } 17 | } 18 | 19 | resource "oci_identity_tag" "ArchitectureCenterTag" { 20 | provider = oci.homeregion 21 | description = "ArchitectureCenterTag" 22 | name = "release" 23 | tag_namespace_id = oci_identity_tag_namespace.ArchitectureCenterTagNamespace.id 24 | 25 | validator { 26 | validator_type = "ENUM" 27 | values = ["release", "2.0"] 28 | } 29 | 30 | provisioner "local-exec" { 31 | command = "sleep 120" 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /cluster/multi-ad/tls.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "tls_private_key" "public_private_key_pair" { 5 | algorithm = "RSA" 6 | } -------------------------------------------------------------------------------- /cluster/multi-ad/variables.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | variable "tenancy_ocid" {} 5 | variable "user_ocid" {} 6 | variable "fingerprint" {} 7 | variable "private_key_path" {} 8 | variable "region" {} 9 | variable "compartment_ocid" {} 10 | 11 | variable "release" { 12 | description = "Reference Architecture Release (OCI Architecture Center)" 13 | default = "2.0" 14 | } 15 | 16 | variable "BastionShape" { 17 | default = "VM.Standard.E4.Flex" 18 | } 19 | 20 | variable "Bastion_Flex_Shape_OCPUS" { 21 | default = 1 22 | } 23 | 24 | variable "Bastion_Flex_Shape_Memory" { 25 | default = 1 26 | } 27 | 28 | variable "MasterNodeShape" { 29 | default = "VM.Standard.E4.Flex" 30 | } 31 | 32 | variable "MasterNode_Flex_Shape_OCPUS" { 33 | default = 2 34 | } 35 | 36 | variable "MasterNode_Flex_Shape_Memory" { 37 | default = 30 38 | } 39 | 40 | variable "DataNodeShape" { 41 | default = "VM.Standard.E4.Flex" 42 | } 43 | 44 | variable "DataNode_Flex_Shape_OCPUS" { 45 | default = 4 46 | } 47 | 48 | variable "DataNode_Flex_Shape_Memory" { 49 | default = 60 50 | } 51 | 52 | 53 | variable "BootVolSize" { 54 | default = "100" 55 | } 56 | 57 | variable "ssh_public_key" { 58 | default = "" 59 | } 60 | 61 | variable "lb_shape" { 62 | default = "flexible" 63 | } 64 | 65 | variable "flex_lb_min_shape" { 66 | default = "10" 67 | } 68 | 69 | variable "flex_lb_max_shape" { 70 | default = "100" 71 | } 72 | 73 | variable "instance_os" { 74 | description = "Operating system for compute instances" 75 | default = "Oracle Linux" 76 | } 77 | 78 | variable "linux_os_version" { 79 | description = "Operating system version for all Linux instances" 80 | default = "8" 81 | } 82 | 83 | variable "VCN-CIDR" { 84 | default = "192.168.0.0/25" 85 | } 86 | 87 | variable "BastSubnetAD1CIDR" { 88 | default = "192.168.0.0/28" 89 | } 90 | 91 | variable "PrivSubnetAD1CIDR" { 92 | default = "192.168.0.16/28" 93 | } 94 | 95 | variable "PrivSubnetAD2CIDR" { 96 | default = "192.168.0.32/28" 97 | } 98 | 99 | variable "PrivSubnetAD3CIDR" { 100 | default = "192.168.0.48/28" 101 | } 102 | 103 | variable "LBSubnetAD1CIDR" { 104 | default = "192.168.0.64/28" 105 | } 106 | 107 | variable "LBSubnetAD2CIDR" { 108 | default = "192.168.0.80/28" 109 | } 110 | 111 | variable "ESBootStrap" { 112 | default = "./scripts/ESBootStrap.sh" 113 | } 114 | 115 | variable "BastionBootStrap" { 116 | default = "./scripts/BastionBootStrap.sh" 117 | } 118 | 119 | variable "elasticsearch_download_url" { 120 | default = "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch" 121 | } 122 | 123 | variable "elasticsearch_download_version" { 124 | default = "7.16.3" 125 | } 126 | 127 | variable "kibana_download_url" { 128 | default = "https://artifacts.elastic.co/downloads/kibana/kibana" 129 | } 130 | 131 | variable "kibana_download_version" { 132 | default = "7.16.3" 133 | } 134 | 135 | variable "backend_set_health_checker_interval_ms" { 136 | default = "15000" 137 | } 138 | 139 | variable "KibanaPort" { 140 | default = "5601" 141 | } 142 | 143 | variable "ESDataPort" { 144 | default = "9200" 145 | } 146 | 147 | variable "ESDataPort2" { 148 | default = "9300" 149 | } 150 | 151 | variable "create_timeout" { 152 | default = "60000m" 153 | } 154 | 155 | variable "DataVolSize" { 156 | default = "200" 157 | } 158 | 159 | variable "volume_attachment_attachment_type" { 160 | default = "iscsi" 161 | } 162 | 163 | # Dictionary Locals 164 | locals { 165 | compute_flexible_shapes = [ 166 | "VM.Standard.E3.Flex", 167 | "VM.Standard.E4.Flex" 168 | ] 169 | } 170 | 171 | # Checks if is using Flexible Compute Shapes 172 | locals { 173 | is_flexible_bastion_shape = contains(local.compute_flexible_shapes, var.BastionShape) 174 | is_flexible_masternode_shape = contains(local.compute_flexible_shapes, var.MasterNodeShape) 175 | is_flexible_datanode_shape = contains(local.compute_flexible_shapes, var.DataNodeShape) 176 | is_flexible_lb_shape = var.lb_shape == "flexible" ? true : false 177 | } 178 | -------------------------------------------------------------------------------- /cluster/multi-ad/versions.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | terraform { 5 | required_version = ">= 0.12" 6 | } 7 | -------------------------------------------------------------------------------- /cluster/single-ad/README.md: -------------------------------------------------------------------------------- 1 | # oci-elastic (cluster/single-ad) 2 | 3 | This reference architecture shows a cluster (single-ad) deployment of Elasticsearch and Kibana in Oracle Cloud Infrastructure. 4 | 5 | For details of the architecture, see [_Deploy Elasticsearch and Kibana_](https://docs.oracle.com/en/solutions/deploy-elk/index.html) 6 | 7 | ## Prerequisites 8 | 9 | - Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `load-balancers`, `route-tables`, `security-lists`, `subnets`, and `instances`. 10 | 11 | - Quota to create the following resources: 1 VCN, 3 subnets, 1 Internet Gateway, 1 NAT Gateway, 2 route rules, and 7 compute instances (bastion host, 3 ElasticSearch Master nodes, 3 ElasticSearch Data nodes). 12 | 13 | If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). 14 | 15 | ## Deploy Using Oracle Resource Manager 16 | 17 | 1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-quickstart/oci-elastic/releases/latest/download/oci-elastic-single-ad-stack-latest.zip) 18 | 19 | If you aren't already signed in, when prompted, enter the tenancy and user credentials. 20 | 21 | 2. Review and accept the terms and conditions. 22 | 23 | 3. Select the region where you want to deploy the stack. 24 | 25 | 4. Follow the on-screen prompts and instructions to create the stack. 26 | 27 | 5. After creating the stack, click **Terraform Actions**, and select **Plan**. 28 | 29 | 6. Wait for the job to be completed, and review the plan. 30 | 31 | To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. 32 | 33 | 7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 34 | 35 | ## Deploy Using the Terraform CLI 36 | 37 | ### Clone of the repo 38 | Now, you'll want a local copy of this repo. You can make that with the commands: 39 | 40 | git clone https://github.com/oracle-quickstart/oci-elastic.git 41 | cd oci-elastic/cluster/single-ad 42 | ls 43 | 44 | ### Prerequisites 45 | First off, you'll need to do some pre-deploy setup. That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites). 46 | 47 | Secondly, create a `terraform.tfvars` file and populate with the following information: 48 | 49 | ``` 50 | # Authentication 51 | tenancy_ocid = "" 52 | user_ocid = "" 53 | fingerprint = "" 54 | private_key_path = "" 55 | 56 | # Region 57 | region = "" 58 | 59 | # Compartment 60 | compartment_ocid = "" 61 | 62 | # AD (optional) 63 | availability_domain_name = "" # for example GrCH:US-ASHBURN-AD-1 64 | 65 | ```` 66 | 67 | ### Create the Resources 68 | Run the following commands: 69 | 70 | terraform init 71 | terraform plan 72 | terraform apply 73 | 74 | ### Destroy the Deployment 75 | When you no longer need the deployment, you can run this command to destroy the resources: 76 | 77 | terraform destroy 78 | 79 | ## Architecture Diagram 80 | 81 | ![](./images/elk-oci-single-ad.png) 82 | -------------------------------------------------------------------------------- /cluster/single-ad/blockvolumes.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | resource "oci_core_volume" "ESData1Vol1" { 6 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 7 | compartment_id = var.compartment_ocid 8 | size_in_gbs = var.DataVolSize 9 | display_name = "ESData1Vol1" 10 | } 11 | 12 | resource "oci_core_volume" "ESData2Vol2" { 13 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 14 | compartment_id = var.compartment_ocid 15 | size_in_gbs = var.DataVolSize 16 | display_name = "ESData2Vol2" 17 | } 18 | 19 | resource "oci_core_volume" "ESData3Vol3" { 20 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 21 | compartment_id = var.compartment_ocid 22 | size_in_gbs = var.DataVolSize 23 | display_name = "ESData3Vol3" 24 | } 25 | 26 | 27 | resource "oci_core_volume_attachment" "Attach_ESData1Vol1" { 28 | attachment_type = var.volume_attachment_attachment_type 29 | instance_id = oci_core_instance.ESDataNode1.id 30 | volume_id = oci_core_volume.ESData1Vol1.id 31 | } 32 | 33 | resource "oci_core_volume_attachment" "Attach_ESData2Vol2" { 34 | attachment_type = var.volume_attachment_attachment_type 35 | instance_id = oci_core_instance.ESDataNode2.id 36 | volume_id = oci_core_volume.ESData2Vol2.id 37 | } 38 | 39 | resource "oci_core_volume_attachment" "Attach_ESData3Vol3" { 40 | attachment_type = var.volume_attachment_attachment_type 41 | instance_id = oci_core_instance.ESDataNode3.id 42 | volume_id = oci_core_volume.ESData3Vol3.id 43 | } 44 | 45 | -------------------------------------------------------------------------------- /cluster/single-ad/compute.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | resource "oci_core_instance" "BastionHost" { 6 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 7 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[0]["name"] 8 | compartment_id = var.compartment_ocid 9 | display_name = "BastionHost" 10 | shape = var.BastionShape 11 | 12 | dynamic "shape_config" { 13 | for_each = local.is_flexible_bastion_shape ? [1] : [] 14 | content { 15 | memory_in_gbs = var.Bastion_Flex_Shape_Memory 16 | ocpus = var.Bastion_Flex_Shape_OCPUS 17 | } 18 | } 19 | 20 | create_vnic_details { 21 | subnet_id = oci_core_subnet.BastionSubnet.id 22 | skip_source_dest_check = true 23 | } 24 | 25 | metadata = { 26 | ssh_authorized_keys = var.ssh_public_key 27 | user_data = data.template_cloudinit_config.cloud_init_bastion.rendered 28 | } 29 | 30 | source_details { 31 | source_id = lookup(data.oci_core_images.InstanceImageOCID_Bastion.images[0], "id") 32 | source_type = "image" 33 | } 34 | 35 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 36 | 37 | timeouts { 38 | create = var.create_timeout 39 | } 40 | } 41 | 42 | resource "oci_core_instance" "ESMasterNode1" { 43 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 44 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[0]["name"] 45 | compartment_id = var.compartment_ocid 46 | display_name = "ESMasterNode1" 47 | shape = var.MasterNodeShape 48 | 49 | dynamic "shape_config" { 50 | for_each = local.is_flexible_masternode_shape ? [1] : [] 51 | content { 52 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 53 | ocpus = var.MasterNode_Flex_Shape_OCPUS 54 | } 55 | } 56 | 57 | create_vnic_details { 58 | subnet_id = oci_core_subnet.PrivSubnet.id 59 | assign_public_ip = false 60 | } 61 | 62 | metadata = { 63 | ssh_authorized_keys = var.ssh_public_key 64 | user_data = data.template_cloudinit_config.cloud_init.rendered 65 | } 66 | 67 | source_details { 68 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 69 | source_type = "image" 70 | boot_volume_size_in_gbs = var.BootVolSize 71 | } 72 | 73 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 74 | 75 | timeouts { 76 | create = var.create_timeout 77 | } 78 | } 79 | 80 | resource "oci_core_instance" "ESMasterNode2" { 81 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 82 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[1]["name"] 83 | compartment_id = var.compartment_ocid 84 | display_name = "ESMasterNode2" 85 | shape = var.MasterNodeShape 86 | 87 | dynamic "shape_config" { 88 | for_each = local.is_flexible_masternode_shape ? [1] : [] 89 | content { 90 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 91 | ocpus = var.MasterNode_Flex_Shape_OCPUS 92 | } 93 | } 94 | 95 | create_vnic_details { 96 | subnet_id = oci_core_subnet.PrivSubnet.id 97 | assign_public_ip = false 98 | } 99 | 100 | metadata = { 101 | ssh_authorized_keys = var.ssh_public_key 102 | user_data = data.template_cloudinit_config.cloud_init.rendered 103 | } 104 | 105 | source_details { 106 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 107 | source_type = "image" 108 | boot_volume_size_in_gbs = var.BootVolSize 109 | } 110 | 111 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 112 | 113 | timeouts { 114 | create = var.create_timeout 115 | } 116 | } 117 | 118 | resource "oci_core_instance" "ESMasterNode3" { 119 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 120 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[2]["name"] 121 | compartment_id = var.compartment_ocid 122 | display_name = "ESMasterNode3" 123 | shape = var.MasterNodeShape 124 | 125 | dynamic "shape_config" { 126 | for_each = local.is_flexible_masternode_shape ? [1] : [] 127 | content { 128 | memory_in_gbs = var.MasterNode_Flex_Shape_Memory 129 | ocpus = var.MasterNode_Flex_Shape_OCPUS 130 | } 131 | } 132 | 133 | create_vnic_details { 134 | subnet_id = oci_core_subnet.PrivSubnet.id 135 | assign_public_ip = false 136 | } 137 | 138 | metadata = { 139 | ssh_authorized_keys = var.ssh_public_key 140 | user_data = data.template_cloudinit_config.cloud_init.rendered 141 | } 142 | 143 | source_details { 144 | source_id = lookup(data.oci_core_images.InstanceImageOCID_MasterNode.images[0], "id") 145 | source_type = "image" 146 | boot_volume_size_in_gbs = var.BootVolSize 147 | } 148 | 149 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 150 | 151 | timeouts { 152 | create = var.create_timeout 153 | } 154 | } 155 | 156 | resource "oci_core_instance" "ESDataNode1" { 157 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 158 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[0]["name"] 159 | compartment_id = var.compartment_ocid 160 | display_name = "ESDataNode1" 161 | shape = var.DataNodeShape 162 | 163 | dynamic "shape_config" { 164 | for_each = local.is_flexible_datanode_shape ? [1] : [] 165 | content { 166 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 167 | ocpus = var.DataNode_Flex_Shape_OCPUS 168 | } 169 | } 170 | 171 | create_vnic_details { 172 | subnet_id = oci_core_subnet.PrivSubnet.id 173 | assign_public_ip = false 174 | } 175 | 176 | metadata = { 177 | ssh_authorized_keys = var.ssh_public_key 178 | user_data = data.template_cloudinit_config.cloud_init.rendered 179 | } 180 | 181 | source_details { 182 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 183 | source_type = "image" 184 | boot_volume_size_in_gbs = var.BootVolSize 185 | } 186 | 187 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 188 | 189 | timeouts { 190 | create = var.create_timeout 191 | } 192 | } 193 | 194 | resource "oci_core_instance" "ESDataNode2" { 195 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 196 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[1]["name"] 197 | compartment_id = var.compartment_ocid 198 | display_name = "ESDataNode2" 199 | shape = var.DataNodeShape 200 | 201 | dynamic "shape_config" { 202 | for_each = local.is_flexible_datanode_shape ? [1] : [] 203 | content { 204 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 205 | ocpus = var.DataNode_Flex_Shape_OCPUS 206 | } 207 | } 208 | 209 | depends_on = [oci_core_instance.BastionHost] 210 | 211 | create_vnic_details { 212 | subnet_id = oci_core_subnet.PrivSubnet.id 213 | assign_public_ip = false 214 | } 215 | 216 | metadata = { 217 | ssh_authorized_keys = var.ssh_public_key 218 | user_data = data.template_cloudinit_config.cloud_init.rendered 219 | } 220 | 221 | source_details { 222 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 223 | source_type = "image" 224 | boot_volume_size_in_gbs = var.BootVolSize 225 | } 226 | 227 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 228 | 229 | timeouts { 230 | create = var.create_timeout 231 | } 232 | } 233 | 234 | resource "oci_core_instance" "ESDataNode3" { 235 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 236 | fault_domain = data.oci_identity_fault_domains.FDs.fault_domains[2]["name"] 237 | compartment_id = var.compartment_ocid 238 | display_name = "ESDataNode3" 239 | shape = var.DataNodeShape 240 | 241 | dynamic "shape_config" { 242 | for_each = local.is_flexible_datanode_shape ? [1] : [] 243 | content { 244 | memory_in_gbs = var.DataNode_Flex_Shape_Memory 245 | ocpus = var.DataNode_Flex_Shape_OCPUS 246 | } 247 | } 248 | 249 | depends_on = [oci_core_instance.BastionHost] 250 | 251 | create_vnic_details { 252 | subnet_id = oci_core_subnet.PrivSubnet.id 253 | assign_public_ip = false 254 | } 255 | 256 | metadata = { 257 | ssh_authorized_keys = var.ssh_public_key 258 | user_data = data.template_cloudinit_config.cloud_init.rendered 259 | } 260 | 261 | source_details { 262 | source_id = lookup(data.oci_core_images.InstanceImageOCID_DataNode.images[0], "id") 263 | source_type = "image" 264 | boot_volume_size_in_gbs = var.BootVolSize 265 | } 266 | 267 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 268 | 269 | timeouts { 270 | create = var.create_timeout 271 | } 272 | } 273 | 274 | -------------------------------------------------------------------------------- /cluster/single-ad/datasources.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | # Get list of availability domains 5 | data "oci_identity_availability_domains" "ADs" { 6 | compartment_id = var.tenancy_ocid 7 | } 8 | 9 | data "oci_identity_fault_domains" "FDs" { 10 | #Required 11 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 12 | compartment_id = var.compartment_ocid 13 | } 14 | 15 | 16 | # Gets a list of vNIC attachments on the bastion host 17 | data "oci_core_vnic_attachments" "BastionVnics" { 18 | compartment_id = var.compartment_ocid 19 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 20 | instance_id = oci_core_instance.BastionHost.id 21 | } 22 | 23 | # Gets the OCID of the first vNIC on the bastion host 24 | data "oci_core_vnic" "BastionVnic" { 25 | vnic_id = data.oci_core_vnic_attachments.BastionVnics.vnic_attachments[0]["vnic_id"] 26 | } 27 | 28 | # Get the Private of bastion host 29 | data "oci_core_private_ips" "BastionPrivateIPs" { 30 | ip_address = data.oci_core_vnic.BastionVnic.private_ip_address 31 | subnet_id = oci_core_subnet.BastionSubnet.id 32 | } 33 | 34 | 35 | # Gets a list of vNIC attachments on the ESMasterNode1 36 | data "oci_core_vnic_attachments" "ESMasterNode1Vnics" { 37 | compartment_id = var.compartment_ocid 38 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 39 | instance_id = oci_core_instance.ESMasterNode1.id 40 | } 41 | 42 | # Gets the OCID of the first vNIC on the ESMasterNode1 43 | data "oci_core_vnic" "ESMasterNode1Vnic" { 44 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode1Vnics.vnic_attachments.0.vnic_id 45 | } 46 | 47 | 48 | # Gets a list of vNIC attachments on the ESMasterNode2 49 | data "oci_core_vnic_attachments" "ESMasterNode2Vnics" { 50 | compartment_id = var.compartment_ocid 51 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 52 | instance_id = oci_core_instance.ESMasterNode2.id 53 | } 54 | 55 | # Gets the OCID of the first vNIC on the ESMasterNode2 56 | data "oci_core_vnic" "ESMasterNode2Vnic" { 57 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode2Vnics.vnic_attachments.0.vnic_id 58 | } 59 | 60 | # Gets a list of vNIC attachments on the ESMasterNode3 61 | data "oci_core_vnic_attachments" "ESMasterNode3Vnics" { 62 | compartment_id = var.compartment_ocid 63 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 64 | instance_id = oci_core_instance.ESMasterNode3.id 65 | } 66 | 67 | # Gets the OCID of the first vNIC on the ESMasterNode3 68 | data "oci_core_vnic" "ESMasterNode3Vnic" { 69 | vnic_id = data.oci_core_vnic_attachments.ESMasterNode3Vnics.vnic_attachments.0.vnic_id 70 | } 71 | 72 | # Gets a list of vNIC attachments on the ESDataNode1 73 | data "oci_core_vnic_attachments" "ESDataNode1Vnics" { 74 | compartment_id = var.compartment_ocid 75 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 76 | instance_id = oci_core_instance.ESDataNode1.id 77 | } 78 | 79 | # Gets the OCID of the first vNIC on the ESMasterNode1 80 | data "oci_core_vnic" "ESDataNode1Vnic" { 81 | vnic_id = data.oci_core_vnic_attachments.ESDataNode1Vnics.vnic_attachments.0.vnic_id 82 | } 83 | 84 | 85 | # Gets a list of vNIC attachments on the ESDataNode2 86 | data "oci_core_vnic_attachments" "ESDataNode2Vnics" { 87 | compartment_id = var.compartment_ocid 88 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 89 | instance_id = oci_core_instance.ESDataNode2.id 90 | } 91 | 92 | # Gets the OCID of the first vNIC on the ESMasterNode2 93 | data "oci_core_vnic" "ESDataNode2Vnic" { 94 | vnic_id = data.oci_core_vnic_attachments.ESDataNode2Vnics.vnic_attachments.0.vnic_id 95 | } 96 | 97 | 98 | # Gets a list of vNIC attachments on the ESDataNode3 99 | data "oci_core_vnic_attachments" "ESDataNode3Vnics" { 100 | compartment_id = var.compartment_ocid 101 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 102 | instance_id = oci_core_instance.ESDataNode3.id 103 | } 104 | 105 | # Gets the OCID of the first vNIC on the ESMasterNode3 106 | data "oci_core_vnic" "ESDataNode3Vnic" { 107 | vnic_id = data.oci_core_vnic_attachments.ESDataNode3Vnics.vnic_attachments.0.vnic_id 108 | } 109 | 110 | data "oci_core_images" "InstanceImageOCID_Bastion" { 111 | compartment_id = var.compartment_ocid 112 | operating_system = var.instance_os 113 | operating_system_version = var.linux_os_version 114 | shape = var.BastionShape 115 | 116 | filter { 117 | name = "display_name" 118 | values = ["^.*Oracle[^G]*$"] 119 | regex = true 120 | } 121 | } 122 | 123 | data "oci_core_images" "InstanceImageOCID_MasterNode" { 124 | compartment_id = var.compartment_ocid 125 | operating_system = var.instance_os 126 | operating_system_version = var.linux_os_version 127 | shape = var.MasterNodeShape 128 | 129 | filter { 130 | name = "display_name" 131 | values = ["^.*Oracle[^G]*$"] 132 | regex = true 133 | } 134 | } 135 | 136 | data "oci_core_images" "InstanceImageOCID_DataNode" { 137 | compartment_id = var.compartment_ocid 138 | operating_system = var.instance_os 139 | operating_system_version = var.linux_os_version 140 | shape = var.DataNodeShape 141 | 142 | filter { 143 | name = "display_name" 144 | values = ["^.*Oracle[^G]*$"] 145 | regex = true 146 | } 147 | } 148 | 149 | 150 | data "oci_identity_region_subscriptions" "home_region_subscriptions" { 151 | tenancy_id = var.tenancy_ocid 152 | 153 | filter { 154 | name = "is_home_region" 155 | values = [true] 156 | } 157 | } 158 | 159 | # This Terraform script provisions a compute instance 160 | 161 | data "template_file" "key_script" { 162 | template = file("./scripts/sshkey.tpl") 163 | vars = { 164 | ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh 165 | } 166 | } 167 | 168 | data "template_cloudinit_config" "cloud_init" { 169 | gzip = true 170 | base64_encode = true 171 | 172 | part { 173 | filename = "ainit.sh" 174 | content_type = "text/x-shellscript" 175 | content = data.template_file.key_script.rendered 176 | } 177 | } 178 | 179 | 180 | data "template_file" "key_script_bastion" { 181 | template = file("./scripts/BastionBootStrap.sh") 182 | vars = { 183 | ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh 184 | } 185 | } 186 | 187 | data "template_cloudinit_config" "cloud_init_bastion" { 188 | gzip = true 189 | base64_encode = true 190 | 191 | part { 192 | filename = "ainit.sh" 193 | content_type = "text/x-shellscript" 194 | content = data.template_file.key_script_bastion.rendered 195 | } 196 | } 197 | -------------------------------------------------------------------------------- /cluster/single-ad/images/elk-oci-single-ad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/cluster/single-ad/images/elk-oci-single-ad.png -------------------------------------------------------------------------------- /cluster/single-ad/lbaas.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_load_balancer_load_balancer" "ES-LB" { 5 | compartment_id = var.compartment_ocid 6 | display_name = "ES-LB" 7 | shape = var.lb_shape 8 | 9 | dynamic "shape_details" { 10 | for_each = local.is_flexible_lb_shape ? [1] : [] 11 | content { 12 | minimum_bandwidth_in_mbps = var.flex_lb_min_shape 13 | maximum_bandwidth_in_mbps = var.flex_lb_max_shape 14 | } 15 | } 16 | 17 | subnet_ids = [oci_core_subnet.LBSubnet.id] 18 | is_private = "false" 19 | depends_on = [ 20 | oci_core_instance.ESDataNode1, 21 | oci_core_instance.ESDataNode2, 22 | oci_core_instance.ESDataNode3, 23 | oci_core_instance.ESMasterNode1, 24 | oci_core_instance.ESMasterNode2, 25 | oci_core_instance.ESMasterNode3, 26 | ] 27 | 28 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 29 | } 30 | 31 | resource "oci_load_balancer_backend_set" "ESKibana" { 32 | health_checker { 33 | protocol = "TCP" 34 | interval_ms = var.backend_set_health_checker_interval_ms 35 | port = "22" 36 | } 37 | 38 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 39 | name = "ESKibana" 40 | policy = "ROUND_ROBIN" 41 | 42 | session_persistence_configuration { 43 | cookie_name = "*" 44 | } 45 | } 46 | 47 | resource "oci_load_balancer_backend_set" "ES-Data" { 48 | health_checker { 49 | protocol = "TCP" 50 | interval_ms = var.backend_set_health_checker_interval_ms 51 | port = "22" 52 | } 53 | 54 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 55 | name = "ES-Data" 56 | policy = "ROUND_ROBIN" 57 | 58 | session_persistence_configuration { 59 | cookie_name = "*" 60 | } 61 | } 62 | 63 | resource "oci_load_balancer_backend" "DataNode1" { 64 | backendset_name = "ES-Data" 65 | ip_address = oci_core_instance.ESDataNode1.private_ip 66 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 67 | port = var.ESDataPort 68 | depends_on = [oci_load_balancer_backend_set.ES-Data] 69 | } 70 | 71 | resource "oci_load_balancer_backend" "DataNode2" { 72 | backendset_name = "ES-Data" 73 | ip_address = oci_core_instance.ESDataNode2.private_ip 74 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 75 | port = var.ESDataPort 76 | depends_on = [oci_load_balancer_backend_set.ES-Data] 77 | } 78 | 79 | resource "oci_load_balancer_backend" "DataNode3" { 80 | backendset_name = "ES-Data" 81 | ip_address = oci_core_instance.ESDataNode3.private_ip 82 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 83 | port = var.ESDataPort 84 | depends_on = [oci_load_balancer_backend_set.ES-Data] 85 | } 86 | 87 | 88 | resource "oci_load_balancer_backend" "ESMaster1" { 89 | backendset_name = "ESKibana" 90 | ip_address = oci_core_instance.ESMasterNode1.private_ip 91 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 92 | port = var.KibanaPort 93 | depends_on = [oci_load_balancer_backend_set.ESKibana] 94 | } 95 | 96 | resource "oci_load_balancer_backend" "ESMaster2" { 97 | backendset_name = "ESKibana" 98 | ip_address = oci_core_instance.ESMasterNode2.private_ip 99 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 100 | port = var.KibanaPort 101 | depends_on = [oci_load_balancer_backend_set.ESKibana] 102 | } 103 | 104 | resource "oci_load_balancer_backend" "ESMaster3" { 105 | backendset_name = "ESKibana" 106 | ip_address = oci_core_instance.ESMasterNode3.private_ip 107 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 108 | port = var.KibanaPort 109 | depends_on = [oci_load_balancer_backend_set.ESKibana] 110 | } 111 | 112 | resource "oci_load_balancer_listener" "KibanaLS" { 113 | default_backend_set_name = "ESKibana" 114 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 115 | name = "KibanaLS" 116 | port = var.KibanaPort 117 | protocol = "HTTP" 118 | depends_on = [oci_load_balancer_backend_set.ESKibana] 119 | } 120 | 121 | resource "oci_load_balancer_listener" "ESDataLS" { 122 | default_backend_set_name = "ES-Data" 123 | load_balancer_id = oci_load_balancer_load_balancer.ES-LB.id 124 | name = "ESDataLS" 125 | port = var.ESDataPort 126 | protocol = "HTTP" 127 | depends_on = [oci_load_balancer_backend_set.ES-Data] 128 | } 129 | 130 | -------------------------------------------------------------------------------- /cluster/single-ad/network.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | resource "oci_core_virtual_network" "OCI_ES_VCN" { 6 | cidr_block = var.VCN-CIDR 7 | compartment_id = var.compartment_ocid 8 | display_name = "OCI_ES_VCN" 9 | dns_label = "OCIESVCN" 10 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 11 | } 12 | 13 | resource "oci_core_nat_gateway" "natgtw" { 14 | compartment_id = var.compartment_ocid 15 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 16 | display_name = "OCI_ES_NAT" 17 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 18 | } 19 | 20 | resource "oci_core_internet_gateway" "OCI_ES_IGW" { 21 | compartment_id = var.compartment_ocid 22 | display_name = "OCI_ES_IGW" 23 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 24 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 25 | } 26 | 27 | resource "oci_core_route_table" "OCI_PUB_RTB" { 28 | compartment_id = var.compartment_ocid 29 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 30 | display_name = "OCI_PUB_RTB" 31 | 32 | route_rules { 33 | destination = "0.0.0.0/0" 34 | destination_type = "CIDR_BLOCK" 35 | network_entity_id = oci_core_internet_gateway.OCI_ES_IGW.id 36 | } 37 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 38 | } 39 | 40 | resource "oci_core_route_table" "OCI_ES_RTB" { 41 | compartment_id = var.compartment_ocid 42 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 43 | display_name = "OCI_ES_RTB" 44 | 45 | route_rules { 46 | destination = "0.0.0.0/0" 47 | destination_type = "CIDR_BLOCK" 48 | network_entity_id = oci_core_nat_gateway.natgtw.id 49 | } 50 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 51 | } 52 | 53 | resource "oci_core_security_list" "LBSecList" { 54 | compartment_id = var.compartment_ocid 55 | display_name = "LBSecList" 56 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 57 | 58 | egress_security_rules { 59 | protocol = "6" 60 | destination = "0.0.0.0/0" 61 | } 62 | 63 | ingress_security_rules { 64 | tcp_options { 65 | max = var.ESDataPort 66 | min = var.ESDataPort 67 | } 68 | 69 | protocol = "6" 70 | source = "0.0.0.0/0" 71 | } 72 | ingress_security_rules { 73 | tcp_options { 74 | max = var.KibanaPort 75 | min = var.KibanaPort 76 | } 77 | 78 | protocol = "6" 79 | source = "0.0.0.0/0" 80 | } 81 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 82 | } 83 | 84 | resource "oci_core_security_list" "PrivSecList" { 85 | compartment_id = var.compartment_ocid 86 | display_name = "PrivSecList" 87 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 88 | 89 | egress_security_rules { 90 | protocol = "6" 91 | destination = "0.0.0.0/0" 92 | } 93 | 94 | ingress_security_rules { 95 | tcp_options { 96 | max = var.ESDataPort 97 | min = var.ESDataPort 98 | } 99 | 100 | protocol = "6" 101 | source = var.VCN-CIDR 102 | } 103 | ingress_security_rules { 104 | tcp_options { 105 | max = var.ESDataPort2 106 | min = var.ESDataPort2 107 | } 108 | 109 | protocol = "6" 110 | source = var.VCN-CIDR 111 | } 112 | ingress_security_rules { 113 | tcp_options { 114 | max = 5601 115 | min = 5601 116 | } 117 | 118 | protocol = "6" 119 | source = var.VCN-CIDR 120 | } 121 | ingress_security_rules { 122 | tcp_options { 123 | max = 22 124 | min = 22 125 | } 126 | 127 | protocol = "6" 128 | source = var.VCN-CIDR 129 | } 130 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 131 | } 132 | 133 | resource "oci_core_security_list" "BastionSecList" { 134 | compartment_id = var.compartment_ocid 135 | display_name = "BastionSecList" 136 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 137 | 138 | egress_security_rules { 139 | protocol = "6" 140 | destination = "0.0.0.0/0" 141 | } 142 | 143 | ingress_security_rules { 144 | tcp_options { 145 | max = 22 146 | min = 22 147 | } 148 | 149 | protocol = "6" 150 | source = "0.0.0.0/0" 151 | } 152 | ingress_security_rules { 153 | protocol = "all" 154 | source = var.VCN-CIDR 155 | } 156 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 157 | } 158 | 159 | resource "oci_core_subnet" "LBSubnet" { 160 | cidr_block = var.LBSubnetCIDR 161 | display_name = "LB-Subnet" 162 | compartment_id = var.compartment_ocid 163 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 164 | route_table_id = oci_core_route_table.OCI_PUB_RTB.id 165 | security_list_ids = [oci_core_security_list.LBSecList.id] 166 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 167 | dns_label = "lbnet" 168 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 169 | } 170 | 171 | 172 | resource "oci_core_subnet" "PrivSubnet" { 173 | cidr_block = var.PrivSubnetCIDR 174 | display_name = "Private-Subnet" 175 | compartment_id = var.compartment_ocid 176 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 177 | route_table_id = oci_core_route_table.OCI_ES_RTB.id 178 | security_list_ids = [oci_core_security_list.PrivSecList.id] 179 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 180 | prohibit_public_ip_on_vnic = "true" 181 | dns_label = "privatenet" 182 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 183 | } 184 | 185 | 186 | resource "oci_core_subnet" "BastionSubnet" { 187 | cidr_block = var.BastSubnetCIDR 188 | display_name = "BastionSubnet" 189 | compartment_id = var.compartment_ocid 190 | vcn_id = oci_core_virtual_network.OCI_ES_VCN.id 191 | route_table_id = oci_core_route_table.OCI_PUB_RTB.id 192 | security_list_ids = [oci_core_security_list.BastionSecList.id] 193 | dhcp_options_id = oci_core_virtual_network.OCI_ES_VCN.default_dhcp_options_id 194 | dns_label = "bastnet" 195 | } 196 | 197 | -------------------------------------------------------------------------------- /cluster/single-ad/outputs.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | # Output the private and public IPs of the instance 6 | 7 | output "BastionPublicIP" { 8 | value = oci_core_instance.BastionHost.public_ip 9 | } 10 | 11 | output "Kibana_URL_via_LBaaS" { 12 | value = "http://${oci_load_balancer_load_balancer.ES-LB.ip_addresses[0]}:${var.KibanaPort}/" 13 | } 14 | 15 | output "Elasticsearch_URL_via_LBaaS" { 16 | value = "http://${oci_load_balancer_load_balancer.ES-LB.ip_addresses[0]}:${var.ESDataPort}/" 17 | } 18 | 19 | output "generated_ssh_private_key" { 20 | value = tls_private_key.public_private_key_pair.private_key_pem 21 | sensitive = true 22 | } 23 | 24 | -------------------------------------------------------------------------------- /cluster/single-ad/provider.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | provider "oci" { 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | region = var.region 11 | } 12 | 13 | provider "oci" { 14 | alias = "homeregion" 15 | tenancy_ocid = var.tenancy_ocid 16 | user_ocid = var.user_ocid 17 | fingerprint = var.fingerprint 18 | private_key_path = var.private_key_path 19 | region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name 20 | disable_auto_retries = "true" 21 | } -------------------------------------------------------------------------------- /cluster/single-ad/remote.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | 5 | data "template_file" "setup_esbootstrap" { 6 | depends_on = [oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 7 | 8 | template = file(var.ESBootStrap) 9 | 10 | vars = { 11 | elasticsearch_download_url = var.elasticsearch_download_url 12 | kibana_download_url = var.kibana_download_url 13 | elasticsearch_download_version = var.elasticsearch_download_version 14 | kibana_download_version = var.kibana_download_version 15 | ESDataPort = var.ESDataPort 16 | ESDataPort2 = var.ESDataPort2 17 | KibanaPort = var.KibanaPort 18 | esmasternode1_private_ip = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 19 | esmasternode2_private_ip = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 20 | esmasternode3_private_ip = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 21 | esdatanode1_private_ip = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 22 | esdatanode2_private_ip = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 23 | esdatanode3_private_ip = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 24 | } 25 | } 26 | 27 | resource "null_resource" "ESMasterNode1_BootStrap" { 28 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 29 | 30 | provisioner "file" { 31 | connection { 32 | type = "ssh" 33 | user = "opc" 34 | host = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 35 | private_key = tls_private_key.public_private_key_pair.private_key_pem 36 | script_path = "/home/opc/myssh.sh" 37 | agent = false 38 | timeout = "10m" 39 | bastion_host = oci_core_instance.BastionHost.public_ip 40 | bastion_port = "22" 41 | bastion_user = "opc" 42 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 43 | } 44 | 45 | content = data.template_file.setup_esbootstrap.rendered 46 | destination = "~/esbootstrap.sh" 47 | } 48 | provisioner "remote-exec" { 49 | connection { 50 | type = "ssh" 51 | user = "opc" 52 | host = data.oci_core_vnic.ESMasterNode1Vnic.private_ip_address 53 | private_key = tls_private_key.public_private_key_pair.private_key_pem 54 | script_path = "/home/opc/myssh.sh" 55 | agent = false 56 | timeout = "10m" 57 | bastion_host = oci_core_instance.BastionHost.public_ip 58 | bastion_port = "22" 59 | bastion_user = "opc" 60 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 61 | } 62 | inline = [ 63 | "chmod +x ~/esbootstrap.sh", 64 | "sudo ~/esbootstrap.sh", 65 | ] 66 | } 67 | } 68 | 69 | resource "null_resource" "ESMasterNode2_BootStrap" { 70 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 71 | 72 | provisioner "file" { 73 | connection { 74 | type = "ssh" 75 | user = "opc" 76 | host = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 77 | private_key = tls_private_key.public_private_key_pair.private_key_pem 78 | script_path = "/home/opc/myssh.sh" 79 | agent = false 80 | timeout = "10m" 81 | bastion_host = oci_core_instance.BastionHost.public_ip 82 | bastion_port = "22" 83 | bastion_user = "opc" 84 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 85 | } 86 | 87 | content = data.template_file.setup_esbootstrap.rendered 88 | destination = "~/esbootstrap.sh" 89 | } 90 | provisioner "remote-exec" { 91 | connection { 92 | type = "ssh" 93 | user = "opc" 94 | host = data.oci_core_vnic.ESMasterNode2Vnic.private_ip_address 95 | private_key = tls_private_key.public_private_key_pair.private_key_pem 96 | script_path = "/home/opc/myssh.sh" 97 | agent = false 98 | timeout = "10m" 99 | bastion_host = oci_core_instance.BastionHost.public_ip 100 | bastion_port = "22" 101 | bastion_user = "opc" 102 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 103 | } 104 | inline = [ 105 | "chmod +x ~/esbootstrap.sh", 106 | "sudo ~/esbootstrap.sh", 107 | ] 108 | } 109 | } 110 | 111 | resource "null_resource" "ESMasterNode3_BootStrap" { 112 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 113 | 114 | provisioner "file" { 115 | connection { 116 | type = "ssh" 117 | user = "opc" 118 | host = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 119 | private_key = tls_private_key.public_private_key_pair.private_key_pem 120 | script_path = "/home/opc/myssh.sh" 121 | agent = false 122 | timeout = "10m" 123 | bastion_host = oci_core_instance.BastionHost.public_ip 124 | bastion_port = "22" 125 | bastion_user = "opc" 126 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 127 | } 128 | 129 | content = data.template_file.setup_esbootstrap.rendered 130 | destination = "~/esbootstrap.sh" 131 | } 132 | provisioner "remote-exec" { 133 | connection { 134 | type = "ssh" 135 | user = "opc" 136 | host = data.oci_core_vnic.ESMasterNode3Vnic.private_ip_address 137 | private_key = tls_private_key.public_private_key_pair.private_key_pem 138 | script_path = "/home/opc/myssh.sh" 139 | agent = false 140 | timeout = "10m" 141 | bastion_host = oci_core_instance.BastionHost.public_ip 142 | bastion_port = "22" 143 | bastion_user = "opc" 144 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 145 | } 146 | inline = [ 147 | "chmod +x ~/esbootstrap.sh", 148 | "sudo ~/esbootstrap.sh", 149 | ] 150 | } 151 | } 152 | 153 | resource "null_resource" "ESDataNode1_BootStrap" { 154 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 155 | 156 | provisioner "file" { 157 | connection { 158 | type = "ssh" 159 | user = "opc" 160 | host = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 161 | private_key = tls_private_key.public_private_key_pair.private_key_pem 162 | script_path = "/home/opc/myssh.sh" 163 | agent = false 164 | timeout = "10m" 165 | bastion_host = oci_core_instance.BastionHost.public_ip 166 | bastion_port = "22" 167 | bastion_user = "opc" 168 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 169 | } 170 | 171 | content = data.template_file.setup_esbootstrap.rendered 172 | destination = "~/esbootstrap.sh" 173 | } 174 | provisioner "remote-exec" { 175 | connection { 176 | type = "ssh" 177 | user = "opc" 178 | host = data.oci_core_vnic.ESDataNode1Vnic.private_ip_address 179 | private_key = tls_private_key.public_private_key_pair.private_key_pem 180 | script_path = "/home/opc/myssh.sh" 181 | agent = false 182 | timeout = "10m" 183 | bastion_host = oci_core_instance.BastionHost.public_ip 184 | bastion_port = "22" 185 | bastion_user = "opc" 186 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 187 | } 188 | inline = [ 189 | "chmod +x ~/esbootstrap.sh", 190 | "sudo ~/esbootstrap.sh", 191 | ] 192 | } 193 | } 194 | 195 | resource "null_resource" "ESDataNode2_BootStrap" { 196 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 197 | 198 | provisioner "file" { 199 | connection { 200 | type = "ssh" 201 | user = "opc" 202 | host = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 203 | private_key = tls_private_key.public_private_key_pair.private_key_pem 204 | script_path = "/home/opc/myssh.sh" 205 | agent = false 206 | timeout = "10m" 207 | bastion_host = oci_core_instance.BastionHost.public_ip 208 | bastion_port = "22" 209 | bastion_user = "opc" 210 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 211 | } 212 | 213 | content = data.template_file.setup_esbootstrap.rendered 214 | destination = "~/esbootstrap.sh" 215 | } 216 | provisioner "remote-exec" { 217 | connection { 218 | type = "ssh" 219 | user = "opc" 220 | host = data.oci_core_vnic.ESDataNode2Vnic.private_ip_address 221 | private_key = tls_private_key.public_private_key_pair.private_key_pem 222 | script_path = "/home/opc/myssh.sh" 223 | agent = false 224 | timeout = "10m" 225 | bastion_host = oci_core_instance.BastionHost.public_ip 226 | bastion_port = "22" 227 | bastion_user = "opc" 228 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 229 | } 230 | inline = [ 231 | "chmod +x ~/esbootstrap.sh", 232 | "sudo ~/esbootstrap.sh", 233 | ] 234 | } 235 | } 236 | 237 | resource "null_resource" "ESDataNode3_BootStrap" { 238 | depends_on = [oci_core_instance.BastionHost, oci_core_instance.ESMasterNode1, oci_core_instance.ESMasterNode2, oci_core_instance.ESMasterNode3, oci_core_instance.ESDataNode1, oci_core_instance.ESDataNode2, oci_core_instance.ESDataNode3] 239 | 240 | provisioner "file" { 241 | connection { 242 | type = "ssh" 243 | user = "opc" 244 | host = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 245 | private_key = tls_private_key.public_private_key_pair.private_key_pem 246 | script_path = "/home/opc/myssh.sh" 247 | agent = false 248 | timeout = "10m" 249 | bastion_host = oci_core_instance.BastionHost.public_ip 250 | bastion_port = "22" 251 | bastion_user = "opc" 252 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 253 | } 254 | 255 | content = data.template_file.setup_esbootstrap.rendered 256 | destination = "~/esbootstrap.sh" 257 | } 258 | provisioner "remote-exec" { 259 | connection { 260 | type = "ssh" 261 | user = "opc" 262 | host = data.oci_core_vnic.ESDataNode3Vnic.private_ip_address 263 | private_key = tls_private_key.public_private_key_pair.private_key_pem 264 | script_path = "/home/opc/myssh.sh" 265 | agent = false 266 | timeout = "10m" 267 | bastion_host = oci_core_instance.BastionHost.public_ip 268 | bastion_port = "22" 269 | bastion_user = "opc" 270 | bastion_private_key = tls_private_key.public_private_key_pair.private_key_pem 271 | } 272 | inline = [ 273 | "chmod +x ~/esbootstrap.sh", 274 | "sudo ~/esbootstrap.sh", 275 | ] 276 | } 277 | } -------------------------------------------------------------------------------- /cluster/single-ad/schema.yaml: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | title: "Deploy Elasticsearch and Kibana in OCI" 5 | description: "Deploy cluster configuration (single-ad) of Elasticsearch and Kibana in Oracle Cloud Infrastructure." 6 | stackDescription: "Deploy Elasticsearch and Kibana in OCI" 7 | informationalText: "To connect to the Kibana UI, copy Kibana_URL_via_LBaaS and paste it to your web browser. To connect to ElasticSearch, copy Elasticsearch_URL_via_LBaaS and paste it to your web browser." 8 | schemaVersion: 1.1.0 9 | version: "20201028" 10 | locale: "en" 11 | 12 | variableGroups: 13 | - title: "General Configuration" 14 | visible: false 15 | variables: 16 | - tenancy_ocid 17 | - region 18 | - release 19 | - BastionBootStrap 20 | - elasticsearch_download_url 21 | - kibana_download_url 22 | - create_timeout 23 | - volume_attachment_attachment_type 24 | - availability_domain_number 25 | 26 | - title: "Required Configuration" 27 | visible: true 28 | variables: 29 | - compartment_ocid 30 | - availability_domain_name 31 | - show_advanced 32 | 33 | - title: "Compute Optional Configuration" 34 | visible: 35 | and: 36 | - show_advanced 37 | variables: 38 | - ssh_public_key 39 | - instance_os 40 | - linux_os_version 41 | - BastionShape 42 | - Bastion_Flex_Shape_OCPUS 43 | - Bastion_Flex_Shape_Memory 44 | - MasterNodeShape 45 | - MasterNode_Flex_Shape_OCPUS 46 | - MasterNode_Flex_Shape_Memory 47 | - DataNodeShape 48 | - DataNode_Flex_Shape_OCPUS 49 | - DataNode_Flex_Shape_Memory 50 | - BootVolSize 51 | - DataVolSize 52 | 53 | - title: "Networking Optional Configuration" 54 | visible: 55 | and: 56 | - show_advanced 57 | variables: 58 | - VCN-CIDR 59 | - BastSubnetCIDR 60 | - PrivSubnetCIDR 61 | - LBSubnetCIDR 62 | 63 | - title: "Load Balancer Optional Configuration" 64 | visible: 65 | and: 66 | - show_advanced 67 | variables: 68 | - lb_shape 69 | - flex_lb_min_shape 70 | - flex_lb_max_shape 71 | - backend_set_health_checker_interval_ms 72 | 73 | - title: "ES & Kibana Optional Configuration" 74 | visible: 75 | and: 76 | - show_advanced 77 | variables: 78 | - KibanaPort 79 | - ESDataPort 80 | - ESDataPort2 81 | - ESBootStrap 82 | - elasticsearch_download_version 83 | - kibana_download_version 84 | 85 | 86 | variables: 87 | 88 | show_advanced: 89 | type: boolean 90 | title: "Show advanced options?" 91 | description: "Shows advanced options." 92 | visible: true 93 | default: false 94 | 95 | # General Configuration 96 | tenancy_ocid: 97 | title: "Tenancy ID" 98 | description: "The Oracle Cloud Identifier (OCID) for your tenancy" 99 | type: string 100 | required: true 101 | visibile: false 102 | 103 | region: 104 | title: "Region" 105 | description: "Region where you deploy your Elasticsearch and Kibana" 106 | type: oci:identity:region:name 107 | required: true 108 | visibile: true 109 | 110 | availability_domain_name: 111 | type: oci:identity:availabilitydomain:name 112 | required: true 113 | visibile: true 114 | title: "Availability Domain to be chosen" 115 | description: "Choose Availability Domain where your infrastructure will be deployed." 116 | dependsOn: 117 | regionName: ${region} 118 | compartmentId: ${compartment_ocid} 119 | 120 | compartment_ocid: 121 | title: "Compartment OCID" 122 | description: "Comparment where you deploy your Elasticsearch and Kibana" 123 | type: oci:identity:compartment:id 124 | required: true 125 | visibile: true 126 | 127 | # Optional Configuration 128 | ssh_public_key: 129 | type: oci:core:ssh:publickey 130 | title: "Public SSH Key" 131 | description: "Choose public SSH Key to be uploaded into compute instances." 132 | required: false 133 | 134 | instance_os: 135 | type: enum 136 | required: false 137 | visible: true 138 | title: "Instance OS" 139 | description: "An Operating System that determines the operating system for your Elasticsearch and Kibana hosts." 140 | default: "Oracle Linux" 141 | enum: 142 | - "Oracle Linux" 143 | 144 | linux_os_version: 145 | type: enum 146 | required: false 147 | visible: true 148 | title: "Instance OS version" 149 | description: "An Operating System version that determines the operating system version for your Elasticsearch and Kibana hosts." 150 | default: "8" 151 | enum: 152 | - "8" 153 | 154 | BastionShape: 155 | type: oci:core:instanceshape:name 156 | default: "VM.Standard.E4.Flex" 157 | title: "Bastion Shape" 158 | description: "Bastion Host Shape" 159 | required: false 160 | dependsOn: 161 | compartmentId: ${compartment_ocid} 162 | 163 | Bastion_Flex_Shape_OCPUS: 164 | type: number 165 | required: false 166 | minimum: 1 167 | maximum: 128 168 | multipleOf: 1 169 | default: 1 170 | title: "Bastion Node Flex Shape OCPUs" 171 | description: "Choose number of OCPUs for Flex Shape of Bastion Node." 172 | visible: 173 | and: 174 | - or: 175 | - eq: 176 | - BastionShape 177 | - "VM.Standard.E3.Flex" 178 | - eq: 179 | - BastionShape 180 | - "VM.Standard.E4.Flex" 181 | - eq: 182 | - BastionShape 183 | - "VM.Standard.A1.Flex" 184 | 185 | Bastion_Flex_Shape_Memory: 186 | type: number 187 | required: false 188 | minimum: 1 189 | maximum: 128 190 | multipleOf: 1 191 | default: 1 192 | title: "Bastion Node Flex Shape Memory (GB)" 193 | description: "Choose number GB for Flex Shape Memory of Bastion Node." 194 | visible: 195 | and: 196 | - or: 197 | - eq: 198 | - BastionShape 199 | - "VM.Standard.E3.Flex" 200 | - eq: 201 | - BastionShape 202 | - "VM.Standard.E4.Flex" 203 | - eq: 204 | - BastionShape 205 | - "VM.Standard.A1.Flex" 206 | 207 | MasterNodeShape: 208 | type: oci:core:instanceshape:name 209 | default: "VM.Standard.E4.Flex" 210 | title: "ESMaster Node Shape" 211 | description: "ElasticSearch Master Node Shape" 212 | required: false 213 | dependsOn: 214 | compartmentId: ${compartment_ocid} 215 | 216 | MasterNode_Flex_Shape_OCPUS: 217 | type: number 218 | required: false 219 | minimum: 1 220 | maximum: 128 221 | multipleOf: 1 222 | default: 2 223 | title: "ESMaster Node Flex Shape OCPUs" 224 | description: "Choose number of OCPUs for Flex Shape of ESMaster Node." 225 | visible: 226 | and: 227 | - or: 228 | - eq: 229 | - MasterNodeShape 230 | - "VM.Standard.E3.Flex" 231 | - eq: 232 | - MasterNodeShape 233 | - "VM.Standard.E4.Flex" 234 | - eq: 235 | - MasterNodeShape 236 | - "VM.Standard.A1.Flex" 237 | 238 | MasterNode_Flex_Shape_Memory: 239 | type: number 240 | required: false 241 | minimum: 1 242 | maximum: 128 243 | multipleOf: 1 244 | default: 30 245 | title: "ESMaster Node Flex Shape Memory (GB)" 246 | description: "Choose number GB for Flex Shape Memory of ESMaster Node." 247 | visible: 248 | and: 249 | - or: 250 | - eq: 251 | - MasterNodeShape 252 | - "VM.Standard.E3.Flex" 253 | - eq: 254 | - MasterNodeShape 255 | - "VM.Standard.E4.Flex" 256 | - eq: 257 | - MasterNodeShape 258 | - "VM.Standard.A1.Flex" 259 | 260 | DataNodeShape: 261 | type: oci:core:instanceshape:name 262 | default: "VM.Standard.E3.Flex" 263 | title: "ESData Node Shape" 264 | description: "ElasticSearch Data Node Shape" 265 | required: false 266 | dependsOn: 267 | compartmentId: ${compartment_ocid} 268 | 269 | DataNode_Flex_Shape_OCPUS: 270 | type: number 271 | required: false 272 | minimum: 1 273 | maximum: 128 274 | multipleOf: 1 275 | default: 2 276 | title: "ESData Node Flex Shape OCPUs" 277 | description: "Choose number of OCPUs for Flex Shape of ESData Node." 278 | visible: 279 | and: 280 | - or: 281 | - eq: 282 | - DataNodeShape 283 | - "VM.Standard.E3.Flex" 284 | - eq: 285 | - DataNodeShape 286 | - "VM.Standard.E4.Flex" 287 | 288 | DataNode_Flex_Shape_Memory: 289 | type: number 290 | required: false 291 | minimum: 1 292 | maximum: 128 293 | multipleOf: 1 294 | default: 30 295 | title: "ESData Node Flex Shape Memory (GB)" 296 | description: "Choose number GB for Flex Shape Memory of ESData Node." 297 | visible: 298 | and: 299 | - or: 300 | - eq: 301 | - DataNodeShape 302 | - "VM.Standard.E3.Flex" 303 | - eq: 304 | - DataNodeShape 305 | - "VM.Standard.E4.Flex" 306 | 307 | BootVolSize: 308 | type: number 309 | required: false 310 | minimum: 50 311 | maximum: 32000 312 | multipleOf: 1 313 | default: 100 314 | title: "ESMaster/ESData Nodes Boot Volume Size (GB)" 315 | description: "Choose ESMaster/ESData Nodes Boot Volume Size" 316 | 317 | DataVolSize: 318 | type: number 319 | required: false 320 | minimum: 50 321 | maximum: 32000 322 | multipleOf: 1 323 | default: 200 324 | title: "ESData Nodes Data Volume Size (GB)" 325 | description: "Choose ESData Nodes Data Volume Size" 326 | 327 | VCN-CIDR: 328 | type: string 329 | required: false 330 | default: "192.168.0.0/25" 331 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 332 | title: "VCN CIDR" 333 | description: "A single, contiguous IPv4 CIDR block of your choice for the VCN" 334 | 335 | BastSubnetCIDR: 336 | type: string 337 | required: false 338 | default: "192.168.0.0/28" 339 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 340 | title: "Bastion Subnet CIDR" 341 | description: "Bastion Subnet CIDR" 342 | 343 | PrivSubnetCIDR: 344 | type: string 345 | required: false 346 | default: "192.168.0.16/28" 347 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 348 | title: "Private Subnet CIDR" 349 | description: "Private Subnet CIDR" 350 | 351 | LBSubnetCIDR: 352 | type: string 353 | required: false 354 | default: "192.168.0.64/28" 355 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 356 | title: "LB Subnet AD1 CIDR" 357 | description: "LB Subnet CIDR" 358 | 359 | lb_shape: 360 | type: enum 361 | title: "Load Balanacer Shape" 362 | description: "Load Balanacer Shape" 363 | default: "flexible" 364 | required: false 365 | enum: 366 | - "flexible" 367 | - "100Mbps" 368 | - "10Mbps" 369 | - "10Mbps-Micro" 370 | - "400Mbps" 371 | - "8000Mbps" 372 | 373 | flex_lb_min_shape: 374 | type: enum 375 | required: false 376 | default: "10" 377 | title: "LB Flex Min Shape" 378 | description: "Choose Minimum Shape for Flex Load Balancer." 379 | enum: 380 | - "10" 381 | - "100" 382 | - "1000" 383 | - "400" 384 | - "8000" 385 | visible: 386 | and: 387 | - eq: 388 | - lb_shape 389 | - "flexible" 390 | 391 | flex_lb_max_shape: 392 | type: enum 393 | required: false 394 | default: "100" 395 | title: "LB Flex Max Shape" 396 | description: "Choose Maximum Shape for Flex Load Balancer." 397 | enum: 398 | - "10" 399 | - "100" 400 | - "1000" 401 | - "400" 402 | - "8000" 403 | visible: 404 | and: 405 | - eq: 406 | - lb_shape 407 | - "flexible" 408 | 409 | ESBootStrap: 410 | type: string 411 | required: false 412 | visible: false 413 | 414 | BastionBootStrap: 415 | type: string 416 | required: false 417 | visible: false 418 | 419 | elasticsearch_download_url: 420 | title: "Elasticsearch download URL" 421 | description: "Elasticsearch download URL" 422 | type: string 423 | required: false 424 | 425 | kibana_download_url: 426 | title: "Kibana download URL" 427 | description: "Kibana download URL" 428 | type: string 429 | required: false 430 | 431 | backend_set_health_checker_interval_ms: 432 | title: "Load Balanacer Health Check interval (ms)" 433 | description: "Load Balanacer Health Check interval (ms)" 434 | type: number 435 | minimum: 1 436 | maximum: 65535 437 | multipleOf: 1 438 | default: 15000 439 | required: false 440 | 441 | KibanaPort: 442 | title: "Kibana Port" 443 | description: "Kibana Port" 444 | type: number 445 | minimum: 1 446 | maximum: 65535 447 | multipleOf: 1 448 | default: 5601 449 | required: false 450 | 451 | ESDataPort: 452 | title: "ESData Port 1" 453 | description: "Elasticsearch Data Port (Outbound HTTP Traffic)" 454 | type: number 455 | minimum: 1 456 | maximum: 65535 457 | multipleOf: 1 458 | default: 9200 459 | required: false 460 | 461 | ESDataPort2: 462 | title: "ESData Port 2" 463 | description: "Elasticsearch Data Port (Internode binary Traffic)" 464 | type: number 465 | minimum: 1 466 | maximum: 65535 467 | multipleOf: 1 468 | default: 9300 469 | required: false 470 | 471 | elasticsearch_download_version: 472 | type: enum 473 | required: false 474 | visible: true 475 | title: "Elasticsearch version" 476 | description: "Choose the Elasticsearch version to install." 477 | default: "7.16.3" 478 | enum: 479 | - "7.16.3" 480 | 481 | kibana_download_version: 482 | type: enum 483 | required: false 484 | visible: true 485 | title: "Kibana version" 486 | description: "Choose the Kibana version to install." 487 | default: "7.16.3" 488 | enum: 489 | - "7.16.3" 490 | 491 | create_timeout: 492 | type: string 493 | required: false 494 | visible: false 495 | 496 | volume_attachment_attachment_type: 497 | type: string 498 | required: false 499 | visible: false 500 | 501 | release: 502 | type: string 503 | required: false 504 | visible: false 505 | title: "Reference Architecture Release (OCI Architecture Center)" 506 | 507 | outputs: 508 | 509 | BastionPublicIP: 510 | title: "Bastion Server Public IP" 511 | displayText: "Bastion Server Public IP" 512 | type: copyableString 513 | visible: true 514 | 515 | Kibana_URL_via_LBaaS: 516 | title: "Kibana URL" 517 | displayText: "Kibana URL via LBaaS" 518 | type: copyableString 519 | visible: true 520 | 521 | Elasticsearch_URL_via_LBaaS: 522 | title: "Elasticsearch URL" 523 | displayText: "Elasticsearch URL via LBaaS" 524 | type: copyableString 525 | visible: true 526 | 527 | generated_ssh_private_key: 528 | title: "Generated SSH Private Key" 529 | displayText: "Generated SSH Private Key" 530 | type: text 531 | visible: true 532 | 533 | 534 | 535 | -------------------------------------------------------------------------------- /cluster/single-ad/scripts/BastionBootStrap.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | ## Enables Bastion Host as NAT instance for ES master/data nodes to update/install software from internet. 3 | echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf 4 | firewall-offline-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ens3 -j MASQUERADE 5 | firewall-offline-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens3 -j ACCEPT 6 | sysctl -p 7 | systemctl restart firewalld 8 | 9 | # Uploads SSH Public Key to authorized keys. 10 | cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak 11 | echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys 12 | chown -R opc /home/opc/.ssh/authorized_keys -------------------------------------------------------------------------------- /cluster/single-ad/scripts/ESBootStrap.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | echo "############################################################" 3 | echo "Elasticsearch Master/Data Nodes bootstrap script starting..." 4 | echo "############################################################" 5 | echo "." 6 | echo "=(0%)> Setting limits (/etc/security/limits.conf, /etc/sysctl.conf)" 7 | echo "." 8 | ulimit -n 65536 9 | ulimit -u 4096 10 | echo "elasticsearch - nofile 65536" >>/etc/security/limits.conf 11 | echo "elasticsearch - nproc 4096" >>/etc/security/limits.conf 12 | echo "vm.max_map_count=262144" >>/etc/sysctl.conf 13 | echo "vm.swappiness=1" >>/etc/sysctl.conf 14 | sysctl -p 15 | memgb="$((`cat /proc/meminfo |grep MemTotal|awk '{print $2}'` /1024/1024/2))" 16 | echo "=(100%)> Limits done." 17 | echo "." 18 | 19 | ##Configures Data Nodes 20 | DataNodeFunc() 21 | { 22 | echo "." 23 | echo "=(0%)> iSCSI discovery and vg/lvcreate" 24 | echo "." 25 | IQN=$(iscsiadm -m discovery -t st -p 169.254.2.2:3260 |awk '{print $2}') 26 | iscsiadm -m node -o new -T $IQN -p 169.254.2.2:3260 27 | iscsiadm -m node -o update -T $IQN -n node.startup -v automatic 28 | iscsiadm -m node -T $IQN -p 169.254.2.2:3260 -l 29 | pvcreate /dev/sdb 30 | vgcreate vgdata /dev/sdb 31 | lvcreate -l 100%VG -n lvdata vgdata 32 | mkfs.ext4 /dev/vgdata/lvdata 33 | mkdir /elasticsearch 34 | echo "/dev/vgdata/lvdata /elasticsearch ext4 defaults,_netdev 0 0" >>/etc/fstab 35 | mount -a 36 | echo "=(100%)> iSCSI discovery and vg/lvcreate done." 37 | echo "." 38 | echo "=(0%)> yum install java and elasticsearch" 39 | echo "." 40 | yum install -y java 41 | if [[ $(uname -m | sed 's/^.*\(el[0-9]\+\).*$/\1/') == "aarch64" ]] 42 | then 43 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-aarch64.rpm 44 | else 45 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-x86_64.rpm 46 | fi 47 | echo "=(100%)> yum install java and elasticsearch done." 48 | echo "." 49 | echo "=(0%)> elasticsearch setup (override.conf, user config, jvm.options)" 50 | echo "." 51 | mkdir /etc/systemd/system/elasticsearch.service.d 52 | echo "[Service]" >>/etc/systemd/system/elasticsearch.service.d/override.conf 53 | echo "LimitMEMLOCK=infinity" >>/etc/systemd/system/elasticsearch.service.d/override.conf 54 | mkdir /elasticsearch/data /elasticsearch/log 55 | chown -R elasticsearch:elasticsearch /elasticsearch 56 | sed -i 's/\/var\/log\/elasticsearch/\/elasticsearch\/log/g' /etc/elasticsearch/jvm.options 57 | sed -i 's/\/var\/lib\/elasticsearch/\/elasticsearch\/data/g' /etc/elasticsearch/jvm.options 58 | sed -i 's/-Xmx1g/-Xmx'$memgb'g/' /etc/elasticsearch/jvm.options 59 | sed -i 's/-Xms1g/-Xms'$memgb'g/' /etc/elasticsearch/jvm.options 60 | echo "." 61 | echo "=(100%)> elasticsearch setup (override.conf, user config, jvm.options) done." 62 | echo "." 63 | echo "=(0%)> elasticsearch setup (elasticsearch.yml)" 64 | echo "." 65 | sed -i 's/#MAX_LOCKED_MEMORY/MAX_LOCKED_MEMORY/' /etc/sysconfig/elasticsearch 66 | mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.original 67 | echo "cluster.name: oci-es-cluster" >>/etc/elasticsearch/elasticsearch.yml 68 | echo "node.name: $HOSTNAME" >>/etc/elasticsearch/elasticsearch.yml 69 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 70 | echo "network.host: $local_ip" >>/etc/elasticsearch/elasticsearch.yml 71 | echo "discovery.zen.ping.unicast.hosts: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}","${esdatanode1_private_ip}","${esdatanode2_private_ip}","${esdatanode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 72 | echo "path.data: /elasticsearch/data" >>/etc/elasticsearch/elasticsearch.yml 73 | echo "path.logs: /elasticsearch/log" >>/etc/elasticsearch/elasticsearch.yml 74 | echo "cluster.initial_master_nodes: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 75 | echo "cluster.routing.allocation.awareness.attributes: privad" >>/etc/elasticsearch/elasticsearch.yml 76 | subnetID=`hostname -f | awk -F "." '{print $2}'` 77 | echo "node.attr.privad: $subnetID" >>/etc/elasticsearch/elasticsearch.yml 78 | echo "node.roles: [data]" >>/etc/elasticsearch/elasticsearch.yml 79 | echo "bootstrap.memory_lock: true" >>/etc/elasticsearch/elasticsearch.yml 80 | chmod 660 /etc/elasticsearch/elasticsearch.yml 81 | chown root:elasticsearch /etc/elasticsearch/elasticsearch.yml 82 | cat /etc/elasticsearch/elasticsearch.yml 83 | echo "." 84 | echo "=(100%)> elasticsearch setup (elasticsearch.yml) done." 85 | echo "." 86 | echo "=(0%)> elasticsearch service setup and firewall-offline-cmd" 87 | echo "." 88 | systemctl daemon-reload 89 | systemctl enable elasticsearch.service 90 | systemctl start elasticsearch.service 91 | firewall-offline-cmd --add-port=${ESDataPort}/tcp 92 | firewall-offline-cmd --add-port=${ESDataPort2}/tcp 93 | systemctl restart firewalld 94 | echo "." 95 | echo "=(100%)> elasticsearch service setup and firewall-offline-cmd done." 96 | echo "." 97 | } 98 | 99 | ##Configure Master Nodes 100 | MasterNodeFunc() 101 | { 102 | echo "." 103 | echo "=(0%)> yum install java, elasticsearch and kibana" 104 | echo "." 105 | yum install -y java 106 | if [[ $(uname -m | sed 's/^.*\(el[0-9]\+\).*$/\1/') == "aarch64" ]] 107 | then 108 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-aarch64.rpm 109 | yum install -y ${kibana_download_url}-${kibana_download_version}-aarch64.rpm 110 | else 111 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-x86_64.rpm 112 | yum install -y ${kibana_download_url}-${kibana_download_version}-x86_64.rpm 113 | fi 114 | echo "=(100%)> yum install java, elasticsearch and kibana done." 115 | echo "." 116 | echo "=(0%)> elasticsearch setup (override.conf, user config, jvm.options)" 117 | echo "." 118 | mkdir /etc/systemd/system/elasticsearch.service.d 119 | echo "[Service]" >>/etc/systemd/system/elasticsearch.service.d/override.conf 120 | echo "LimitMEMLOCK=infinity" >>/etc/systemd/system/elasticsearch.service.d/override.conf 121 | mkdir -p /elasticsearch/data /elasticsearch/log 122 | chown -R elasticsearch:elasticsearch /elasticsearch 123 | sed -i 's/\/var\/log\/elasticsearch/\/elasticsearch\/log/g' /etc/elasticsearch/jvm.options 124 | sed -i 's/\/var\/lib\/elasticsearch/\/elasticsearch\/data/g' /etc/elasticsearch/jvm.options 125 | sed -i 's/-Xmx1g/-Xmx'$memgb'g/' /etc/elasticsearch/jvm.options 126 | sed -i 's/-Xms1g/-Xms'$memgb'g/' /etc/elasticsearch/jvm.options 127 | echo "." 128 | echo "=(100%)> elasticsearch setup (override.conf, user config, jvm.options) done." 129 | echo "." 130 | echo "." 131 | echo "=(0%)> elasticsearch setup (elasticsearch.yml)" 132 | echo "." 133 | sed -i 's/#MAX_LOCKED_MEMORY/MAX_LOCKED_MEMORY/' /etc/sysconfig/elasticsearch 134 | mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.original 135 | echo "cluster.name: oci-es-cluster" >>/etc/elasticsearch/elasticsearch.yml 136 | echo "node.name: $HOSTNAME" >>/etc/elasticsearch/elasticsearch.yml 137 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 138 | echo "network.host: $local_ip" >>/etc/elasticsearch/elasticsearch.yml 139 | echo "discovery.zen.ping.unicast.hosts: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}","${esdatanode1_private_ip}","${esdatanode2_private_ip}","${esdatanode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 140 | echo "path.data: /elasticsearch/data" >>/etc/elasticsearch/elasticsearch.yml 141 | echo "path.logs: /elasticsearch/log" >>/etc/elasticsearch/elasticsearch.yml 142 | echo "cluster.initial_master_nodes: ["${esmasternode1_private_ip}","${esmasternode2_private_ip}","${esmasternode3_private_ip}"]" >>/etc/elasticsearch/elasticsearch.yml 143 | echo "cluster.routing.allocation.awareness.attributes: privad" >>/etc/elasticsearch/elasticsearch.yml 144 | subnetID=`hostname -f | awk -F "." '{print $2}'` 145 | echo "node.attr.privad: $subnetID" >>/etc/elasticsearch/elasticsearch.yml 146 | echo "node.roles: [master,data]" >>/etc/elasticsearch/elasticsearch.yml 147 | echo "bootstrap.memory_lock: true" >>/etc/elasticsearch/elasticsearch.yml 148 | mv /etc/kibana/kibana.yml /etc/kibana/kibana.yml.original 149 | local_ip=`ip addr show ens3 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/'` 150 | echo "server.host: $local_ip" >>/etc/kibana/kibana.yml 151 | echo "elasticsearch.hosts: ["http://$local_ip:${ESDataPort}"]" >>/etc/kibana/kibana.yml 152 | cat /etc/kibana/kibana.yml 153 | chmod 660 /etc/elasticsearch/elasticsearch.yml 154 | chown root:elasticsearch /etc/elasticsearch/elasticsearch.yml 155 | cat /etc/elasticsearch/elasticsearch.yml 156 | echo "." 157 | echo "=(100%)> elasticsearch setup (elasticsearch.yml) done." 158 | echo "." 159 | echo "=(0%)> elasticsearch service setup and firewall-offline-cmd" 160 | echo "." 161 | systemctl daemon-reload 162 | systemctl enable elasticsearch.service 163 | systemctl start elasticsearch.service 164 | systemctl enable kibana.service 165 | systemctl start kibana.service 166 | firewall-offline-cmd --add-port=${ESDataPort}/tcp 167 | firewall-offline-cmd --add-port=${ESDataPort2}/tcp 168 | firewall-offline-cmd --add-port=${KibanaPort}/tcp 169 | systemctl restart firewalld 170 | echo "." 171 | echo "=(100%)> elasticsearch service setup and firewall-offline-cmd done." 172 | echo "." 173 | } 174 | 175 | ## Select the node as Master/Data and runs relevant function. 176 | case $HOSTNAME in 177 | esmasternode1|esmasternode2|esmasternode3) 178 | echo "Running Master Node Function" 179 | MasterNodeFunc 180 | ;; 181 | esdatanode1|esdatanode2|esdatanode3) 182 | echo "Running Data Node Function" 183 | DataNodeFunc 184 | ;; 185 | *) 186 | esac 187 | 188 | echo "#######################################################" 189 | echo "Elasticsearch Master/Data Nodes bootstrap script done." 190 | echo "#######################################################" 191 | 192 | -------------------------------------------------------------------------------- /cluster/single-ad/scripts/sshkey.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak 4 | echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys 5 | chown -R opc /home/opc/.ssh/authorized_keys 6 | -------------------------------------------------------------------------------- /cluster/single-ad/tags.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "random_id" "tag" { 5 | byte_length = 2 6 | } 7 | 8 | resource "oci_identity_tag_namespace" "ArchitectureCenterTagNamespace" { 9 | provider = oci.homeregion 10 | compartment_id = var.compartment_ocid 11 | description = "ArchitectureCenterTagNamespace" 12 | name = "ArchitectureCenter\\deploy-elk-${random_id.tag.hex}" 13 | 14 | provisioner "local-exec" { 15 | command = "sleep 10" 16 | } 17 | } 18 | 19 | resource "oci_identity_tag" "ArchitectureCenterTag" { 20 | provider = oci.homeregion 21 | description = "ArchitectureCenterTag" 22 | name = "release" 23 | tag_namespace_id = oci_identity_tag_namespace.ArchitectureCenterTagNamespace.id 24 | 25 | validator { 26 | validator_type = "ENUM" 27 | values = ["release", "2.0"] 28 | } 29 | 30 | provisioner "local-exec" { 31 | command = "sleep 120" 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /cluster/single-ad/tls.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "tls_private_key" "public_private_key_pair" { 5 | algorithm = "RSA" 6 | } -------------------------------------------------------------------------------- /cluster/single-ad/variables.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | variable "tenancy_ocid" {} 5 | variable "user_ocid" {} 6 | variable "fingerprint" {} 7 | variable "private_key_path" {} 8 | variable "region" {} 9 | variable "compartment_ocid" {} 10 | variable "availability_domain_name" { 11 | default = "" 12 | } 13 | variable "availability_domain_number" { 14 | default = 0 15 | } 16 | 17 | variable "release" { 18 | description = "Reference Architecture Release (OCI Architecture Center)" 19 | default = "2.0" 20 | } 21 | 22 | variable "BastionShape" { 23 | default = "VM.Standard.E4.Flex" 24 | } 25 | 26 | variable "Bastion_Flex_Shape_OCPUS" { 27 | default = 1 28 | } 29 | 30 | variable "Bastion_Flex_Shape_Memory" { 31 | default = 1 32 | } 33 | 34 | variable "MasterNodeShape" { 35 | default = "VM.Standard.E4.Flex" 36 | } 37 | 38 | variable "MasterNode_Flex_Shape_OCPUS" { 39 | default = 2 40 | } 41 | 42 | variable "MasterNode_Flex_Shape_Memory" { 43 | default = 30 44 | } 45 | 46 | variable "DataNodeShape" { 47 | default = "VM.Standard.E4.Flex" 48 | } 49 | 50 | variable "DataNode_Flex_Shape_OCPUS" { 51 | default = 4 52 | } 53 | 54 | variable "DataNode_Flex_Shape_Memory" { 55 | default = 60 56 | } 57 | 58 | 59 | variable "BootVolSize" { 60 | default = "100" 61 | } 62 | 63 | variable "ssh_public_key" { 64 | default = "" 65 | } 66 | 67 | variable "lb_shape" { 68 | default = "flexible" 69 | } 70 | 71 | variable "flex_lb_min_shape" { 72 | default = "10" 73 | } 74 | 75 | variable "flex_lb_max_shape" { 76 | default = "100" 77 | } 78 | 79 | variable "instance_os" { 80 | description = "Operating system for compute instances" 81 | default = "Oracle Linux" 82 | } 83 | 84 | variable "linux_os_version" { 85 | description = "Operating system version for all Linux instances" 86 | default = "8" 87 | } 88 | 89 | 90 | variable "VCN-CIDR" { 91 | default = "192.168.0.0/25" 92 | } 93 | 94 | variable "BastSubnetCIDR" { 95 | default = "192.168.0.0/28" 96 | } 97 | 98 | variable "PrivSubnetCIDR" { 99 | default = "192.168.0.16/28" 100 | } 101 | 102 | variable "LBSubnetCIDR" { 103 | default = "192.168.0.64/28" 104 | } 105 | 106 | variable "ESBootStrap" { 107 | default = "./scripts/ESBootStrap.sh" 108 | } 109 | 110 | variable "BastionBootStrap" { 111 | default = "./scripts/BastionBootStrap.sh" 112 | } 113 | 114 | variable "elasticsearch_download_url" { 115 | default = "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch" 116 | } 117 | 118 | variable "elasticsearch_download_version" { 119 | default = "7.16.3" 120 | } 121 | 122 | variable "kibana_download_url" { 123 | default = "https://artifacts.elastic.co/downloads/kibana/kibana" 124 | } 125 | 126 | variable "kibana_download_version" { 127 | default = "7.16.3" 128 | } 129 | 130 | variable "backend_set_health_checker_interval_ms" { 131 | default = "15000" 132 | } 133 | 134 | variable "KibanaPort" { 135 | default = "5601" 136 | } 137 | 138 | variable "ESDataPort" { 139 | default = "9200" 140 | } 141 | 142 | variable "ESDataPort2" { 143 | default = "9300" 144 | } 145 | 146 | variable "create_timeout" { 147 | default = "60000m" 148 | } 149 | 150 | variable "DataVolSize" { 151 | default = "200" 152 | } 153 | 154 | variable "volume_attachment_attachment_type" { 155 | default = "iscsi" 156 | } 157 | 158 | # Dictionary Locals 159 | locals { 160 | compute_flexible_shapes = [ 161 | "VM.Standard.E3.Flex", 162 | "VM.Standard.E4.Flex" 163 | ] 164 | } 165 | 166 | # Checks if is using Flexible Compute Shapes 167 | locals { 168 | is_flexible_bastion_shape = contains(local.compute_flexible_shapes, var.BastionShape) 169 | is_flexible_masternode_shape = contains(local.compute_flexible_shapes, var.MasterNodeShape) 170 | is_flexible_datanode_shape = contains(local.compute_flexible_shapes, var.DataNodeShape) 171 | is_flexible_lb_shape = var.lb_shape == "flexible" ? true : false 172 | } 173 | 174 | -------------------------------------------------------------------------------- /cluster/single-ad/versions.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | terraform { 5 | required_version = ">= 0.12" 6 | } 7 | -------------------------------------------------------------------------------- /images/cluster/Elasticsearch_deployment_architecture_Capture.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/cluster/Elasticsearch_deployment_architecture_Capture.PNG -------------------------------------------------------------------------------- /images/simple/console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/console.png -------------------------------------------------------------------------------- /images/simple/elasticsearch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/elasticsearch.png -------------------------------------------------------------------------------- /images/simple/git-clone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/git-clone.png -------------------------------------------------------------------------------- /images/simple/kibana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/kibana.png -------------------------------------------------------------------------------- /images/simple/terraform-apply.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/terraform-apply.png -------------------------------------------------------------------------------- /images/simple/terraform-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/terraform-console.png -------------------------------------------------------------------------------- /images/simple/terraform-destroy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/terraform-destroy.png -------------------------------------------------------------------------------- /images/simple/terraform-init.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/terraform-init.png -------------------------------------------------------------------------------- /images/simple/terraform-plan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-quickstart/oci-elastic/021559a2c07b6f0b0a30fa289c19793f5dbdf336/images/simple/terraform-plan.png -------------------------------------------------------------------------------- /simple/README.md: -------------------------------------------------------------------------------- 1 | # oci-elastic (simple) 2 | 3 | Terraform module that deploys Elasticsearch, Kibana, and Logstash on a one VM. 4 | 5 | ## Prerequisites 6 | 7 | - Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `route-tables`, `security-lists`, `subnets`, and `instances`. 8 | 9 | - Quota to create the following resources: 1 VCN, 1 subnet, 1 Internet Gateway, 1 route rule, and 1 compute instance. 10 | 11 | If you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm). 12 | 13 | ## Deploy Using Oracle Resource Manager 14 | 15 | 1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-quickstart/oci-elastic/releases/latest/download/oci-elastic-simple-stack-latest.zip) 16 | 17 | If you aren't already signed in, when prompted, enter the tenancy and user credentials. 18 | 19 | 2. Review and accept the terms and conditions. 20 | 21 | 3. Select the region where you want to deploy the stack. 22 | 23 | 4. Follow the on-screen prompts and instructions to create the stack. 24 | 25 | 5. After creating the stack, click **Terraform Actions**, and select **Plan**. 26 | 27 | 6. Wait for the job to be completed, and review the plan. 28 | 29 | To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again. 30 | 31 | 7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 32 | 33 | ## Deploy Using the Terraform CLI 34 | 35 | ### Clone the repository 36 | Now, you'll want a local copy of this repo. You can make that with the commands: 37 | 38 | git clone https://github.com/oracle-quickstart/oci-elastic.git 39 | cd oci-elastic/simple 40 | ls 41 | 42 | That should give you this: 43 | 44 | ![](../images/simple/git-clone.png) 45 | 46 | ### Initialize the deployment 47 | Pick a module and change into the directory containing it (enterprise or community). 48 | 49 | We now need to initialize the directory with the module in it. This makes the module aware of the OCI provider. You can do this by running: 50 | 51 | terraform init 52 | 53 | This gives the following output: 54 | 55 | ![](../images/simple/terraform-init.png) 56 | 57 | ### Deploy the module 58 | Now for the main attraction. Let's make sure the plan looks good: 59 | 60 | terraform plan 61 | 62 | That gives: 63 | 64 | ![](../images/simple/terraform-plan.png) 65 | 66 | If that's good, we can go ahead and apply the deploy: 67 | 68 | terraform apply 69 | 70 | You'll need to enter `yes` when prompted. Once complete, you'll see something like this: 71 | 72 | ![](../images/simple/terraform-apply.png) 73 | 74 | When the apply is complete, the infrastructure will be deployed, but cloud-init scripts will still be running. Those will wrap up asynchronously. So, it'll be a few more minutes before your cluster is accessible. Now is a good time to get a coffee. 75 | 76 | 77 | ### Connect to Elasticsearch and Kibana 78 | When the module is deployed, you will see an output that shows the ELK VM public IP and generated ssh private key. Obtain the private key by accessing terraform console and decrypting sensitive value as follows: 79 | 80 | ![](../images/simple/terraform-console.png) 81 | 82 | Next save the content of the generated ssh private key and grant minimum privileges: 83 | 84 | `chmod 400 id_rsa` 85 | 86 | Now let's build SSH tunnels for each product of ELK: 87 | 88 | `ELK_VM_public_IP = 132.145.139.235` 89 | 90 | Create an SSH tunnel for ports `9200` and `5601` with the following command: 91 | 92 | `ssh -i id_rsa -L 9200:localhost:9200 -L 5601:localhost:5601 opc@` 93 | 94 | Now you can browse to (http://localhost:9200) for Elasticsearch, and (http://localhost:5601) for Kibana. 95 | 96 | ![](../images/simple/elasticsearch.png) 97 | 98 | ![](../images/simple/kibana.png) 99 | 100 | ### SSH to a Node 101 | These machines are using Oracle Enterprise Linux (OEL). The default login is opc. You can SSH into the machine with a command like this: 102 | 103 | ssh -i id_rsa opc@ 104 | 105 | ## View the Cluster in the Console 106 | You can also login to the web console [here](https://console.us-phoenix-1.oraclecloud.com/a/compute/instances) to view the IaaS that is running the cluster. 107 | 108 | ![](../images/simple/console.png) 109 | 110 | ### Destroy the Deployment 111 | When you no longer need the deployment, you can run this command to destroy it: 112 | 113 | terraform destroy 114 | 115 | You'll need to enter `yes` when prompted. 116 | 117 | ![](../images/simple/terraform-destroy.png) 118 | -------------------------------------------------------------------------------- /simple/compute.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | data "template_file" "ELK" { 5 | template = file("./scripts/elk.sh") 6 | 7 | vars = { 8 | elasticsearch_download_url = var.elasticsearch_download_url 9 | kibana_download_url = var.kibana_download_url 10 | logstash_download_url = var.logstash_download_url 11 | elasticsearch_download_version = var.elasticsearch_download_version 12 | kibana_download_version = var.kibana_download_version 13 | logstash_download_version = var.logstash_download_version 14 | KibanaPort = var.KibanaPort 15 | ESDataPort = var.ESDataPort 16 | ssh_public_key = tls_private_key.public_private_key_pair.public_key_openssh 17 | } 18 | 19 | } 20 | 21 | resource "oci_core_instance" "ELK" { 22 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 23 | compartment_id = var.compartment_ocid 24 | display_name = "ELK" 25 | shape = var.instance_shape 26 | 27 | dynamic "shape_config" { 28 | for_each = local.is_flexible_shape ? [1] : [] 29 | content { 30 | memory_in_gbs = var.instance_flex_shape_memory 31 | ocpus = var.instance_flex_shape_ocpus 32 | } 33 | } 34 | 35 | create_vnic_details { 36 | subnet_id = oci_core_subnet.ELKSubnet.id 37 | display_name = "primaryvnic" 38 | assign_public_ip = true 39 | hostname_label = "elk" 40 | } 41 | 42 | source_details { 43 | source_type = "image" 44 | source_id = lookup(data.oci_core_images.InstanceImageOCID.images[0], "id") 45 | } 46 | 47 | metadata = { 48 | ssh_authorized_keys = tls_private_key.public_private_key_pair.public_key_openssh 49 | user_data = base64encode(data.template_file.ELK.rendered) 50 | } 51 | 52 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 53 | } 54 | -------------------------------------------------------------------------------- /simple/datasources.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | # Get list of availability domains 5 | data "oci_identity_availability_domains" "ADs" { 6 | compartment_id = var.tenancy_ocid 7 | } 8 | 9 | data "oci_core_vnic_attachments" "elk_vnics" { 10 | compartment_id = var.compartment_ocid 11 | availability_domain = var.availability_domain_name == "" ? data.oci_identity_availability_domains.ADs.availability_domains[var.availability_domain_number]["name"] : var.availability_domain_name 12 | instance_id = oci_core_instance.ELK.id 13 | } 14 | 15 | data "oci_core_vnic" "elk_vnic" { 16 | vnic_id = lookup(data.oci_core_vnic_attachments.elk_vnics.vnic_attachments[0], "vnic_id") 17 | } 18 | 19 | data "oci_core_images" "InstanceImageOCID" { 20 | compartment_id = var.compartment_ocid 21 | operating_system = var.instance_os 22 | operating_system_version = var.linux_os_version 23 | shape = var.instance_shape 24 | 25 | filter { 26 | name = "display_name" 27 | values = ["^.*Oracle[^G]*$"] 28 | regex = true 29 | } 30 | } 31 | 32 | 33 | data "oci_identity_region_subscriptions" "home_region_subscriptions" { 34 | tenancy_id = var.tenancy_ocid 35 | 36 | filter { 37 | name = "is_home_region" 38 | values = [true] 39 | } 40 | } -------------------------------------------------------------------------------- /simple/network.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_core_virtual_network" "ELKVCN" { 5 | cidr_block = var.VCN-CIDR 6 | compartment_id = var.compartment_ocid 7 | display_name = "ELKVCN" 8 | dns_label = "elkvcn" 9 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 10 | } 11 | 12 | resource "oci_core_subnet" "ELKSubnet" { 13 | cidr_block = var.ELKSubnet-CIDR 14 | display_name = "ELKSubnet" 15 | dns_label = "elksubnet" 16 | security_list_ids = [oci_core_security_list.ELKSecurityList.id] 17 | compartment_id = var.compartment_ocid 18 | vcn_id = oci_core_virtual_network.ELKVCN.id 19 | route_table_id = oci_core_route_table.ELKRT.id 20 | dhcp_options_id = oci_core_virtual_network.ELKVCN.default_dhcp_options_id 21 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 22 | } 23 | 24 | resource "oci_core_internet_gateway" "ELKIG" { 25 | compartment_id = var.compartment_ocid 26 | display_name = "ELKIG" 27 | vcn_id = oci_core_virtual_network.ELKVCN.id 28 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 29 | } 30 | 31 | resource "oci_core_route_table" "ELKRT" { 32 | compartment_id = var.compartment_ocid 33 | vcn_id = oci_core_virtual_network.ELKVCN.id 34 | display_name = "ELKRouteTable" 35 | 36 | route_rules { 37 | destination = "0.0.0.0/0" 38 | destination_type = "CIDR_BLOCK" 39 | network_entity_id = oci_core_internet_gateway.ELKIG.id 40 | } 41 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 42 | } 43 | -------------------------------------------------------------------------------- /simple/outputs.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | output "ELK_VM_public_IP" { 5 | value = data.oci_core_vnic.elk_vnic.public_ip_address 6 | } 7 | 8 | output "generated_ssh_private_key" { 9 | value = tls_private_key.public_private_key_pair.private_key_pem 10 | sensitive = true 11 | } 12 | 13 | 14 | -------------------------------------------------------------------------------- /simple/provider.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | provider "oci" { 5 | tenancy_ocid = var.tenancy_ocid 6 | user_ocid = var.user_ocid 7 | fingerprint = var.fingerprint 8 | private_key_path = var.private_key_path 9 | region = var.region 10 | } 11 | 12 | provider "oci" { 13 | alias = "homeregion" 14 | tenancy_ocid = var.tenancy_ocid 15 | user_ocid = var.user_ocid 16 | fingerprint = var.fingerprint 17 | private_key_path = var.private_key_path 18 | region = data.oci_identity_region_subscriptions.home_region_subscriptions.region_subscriptions[0].region_name 19 | disable_auto_retries = "true" 20 | } -------------------------------------------------------------------------------- /simple/schema.yaml: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | title: "Deploy Elasticsearch and Kibana in OCI" 5 | description: "Deploy cluster configuration (simple) of Elasticsearch and Kibana in Oracle Cloud Infrastructure." 6 | stackDescription: "Deploy Elasticsearch and Kibana in OCI" 7 | schemaVersion: 1.1.0 8 | version: "20201028" 9 | locale: "en" 10 | 11 | variableGroups: 12 | - title: "General Configuration" 13 | visible: false 14 | variables: 15 | - tenancy_ocid 16 | - region 17 | - release 18 | - elasticsearch_download_url 19 | - kibana_download_url 20 | - logstash_download_url 21 | - availability_domain_number 22 | 23 | - title: "Required Configuration" 24 | visible: true 25 | variables: 26 | - compartment_ocid 27 | - availability_domain_name 28 | - show_advanced 29 | 30 | - title: "Compute Optional Configuration" 31 | visible: 32 | and: 33 | - show_advanced 34 | variables: 35 | - ssh_public_key 36 | - instance_os 37 | - linux_os_version 38 | - instance_shape 39 | - instance_flex_shape_ocpus 40 | - instance_flex_shape_memory 41 | 42 | - title: "Networking Optional Configuration" 43 | visible: 44 | and: 45 | - show_advanced 46 | variables: 47 | - VCN-CIDR 48 | - ELKSubnet-CIDR 49 | 50 | - title: "ES & Kibana Optional Configuration" 51 | visible: 52 | and: 53 | - show_advanced 54 | variables: 55 | - KibanaPort 56 | - ESDataPort 57 | - elasticsearch_download_version 58 | - kibana_download_version 59 | - logstash_download_version 60 | 61 | variables: 62 | 63 | show_advanced: 64 | type: boolean 65 | title: "Show advanced options?" 66 | description: "Shows advanced options." 67 | visible: true 68 | default: false 69 | 70 | # General Configuration 71 | tenancy_ocid: 72 | title: "Tenancy ID" 73 | description: "The Oracle Cloud Identifier (OCID) for your tenancy" 74 | type: string 75 | required: true 76 | visibile: false 77 | 78 | region: 79 | title: "Region" 80 | description: "Region where you deploy your Elasticsearch and Kibana" 81 | type: oci:identity:region:name 82 | required: true 83 | visibile: true 84 | 85 | compartment_ocid: 86 | title: "Compartment OCID" 87 | description: "Compartment where you deploy your Elasticsearch and Kibana" 88 | type: oci:identity:compartment:id 89 | required: true 90 | visibile: true 91 | 92 | availability_domain_name: 93 | title: "Availability Domain Name" 94 | description: "Availability Domain where you deploy your Elasticsearch and Kibana" 95 | type: oci:identity:availabilitydomain:name 96 | required: true 97 | dependsOn: 98 | compartmentId: ${compartment_ocid} 99 | visible: complexExpression 100 | 101 | # Optional Configuration 102 | 103 | ssh_public_key: 104 | type: oci:core:ssh:publickey 105 | title: "Public SSH Key" 106 | description: "Choose public SSH Key to be uploaded into compute instances." 107 | required: false 108 | 109 | instance_os: 110 | type: enum 111 | required: false 112 | visible: true 113 | title: "Instance OS" 114 | description: "An Operating System that determines the operating system for your Elasticsearch and Kibana host." 115 | default: "Oracle Linux" 116 | enum: 117 | - "Oracle Linux" 118 | 119 | linux_os_version: 120 | type: enum 121 | required: false 122 | visible: true 123 | title: "Instance OS version" 124 | description: "An Operating System version that determines the operating system version for your Elasticsearch and Kibana host." 125 | default: "8" 126 | enum: 127 | - "8" 128 | 129 | instance_shape: 130 | type: oci:core:instanceshape:name 131 | default: "VM.Standard.E4.Flex" 132 | title: "ELK Instance Shape" 133 | description: "ELK Instance Shape" 134 | required: false 135 | dependsOn: 136 | compartmentId: ${compartment_ocid} 137 | 138 | instance_flex_shape_ocpus: 139 | type: number 140 | required: false 141 | minimum: 1 142 | maximum: 128 143 | multipleOf: 1 144 | default: 1 145 | title: "Flex Shape OCPUs" 146 | description: "Choose number of OCPUs for Flex Shape." 147 | visible: 148 | and: 149 | - or: 150 | - eq: 151 | - instance_shape 152 | - "VM.Standard.E3.Flex" 153 | - eq: 154 | - instance_shape 155 | - "VM.Standard.E4.Flex" 156 | - eq: 157 | - instance_shape 158 | - "VM.Standard.A1.Flex" 159 | 160 | instance_flex_shape_memory: 161 | type: number 162 | required: false 163 | minimum: 1 164 | maximum: 128 165 | multipleOf: 1 166 | default: 15 167 | title: "Flex Shape Memory (GB)" 168 | description: "Choose number GB for Flex Shape Memory." 169 | visible: 170 | and: 171 | - or: 172 | - eq: 173 | - instance_shape 174 | - "VM.Standard.E3.Flex" 175 | - eq: 176 | - instance_shape 177 | - "VM.Standard.E4.Flex" 178 | - eq: 179 | - instance_shape 180 | - "VM.Standard.A1.Flex" 181 | 182 | VCN-CIDR: 183 | type: string 184 | required: false 185 | default: "192.168.0.0/25" 186 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 187 | title: "VCN CIDR" 188 | description: "A single, contiguous IPv4 CIDR block of your choice for the VCN" 189 | 190 | ELKSubnet-CIDR: 191 | type: string 192 | required: false 193 | default: "192.168.0.0/28" 194 | pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" 195 | title: "ELK Subnet CIDR" 196 | description: "ELK Subnet CIDR" 197 | 198 | elasticsearch_download_url: 199 | title: "Elasticsearch download URL" 200 | description: "Elasticsearch download URL" 201 | type: string 202 | required: false 203 | 204 | kibana_download_url: 205 | title: "Kibana download URL" 206 | description: "Kibana download URL" 207 | type: string 208 | required: false 209 | 210 | logstash_download_url: 211 | title: "Logstash download URL" 212 | description: "Logstash download URL" 213 | type: string 214 | required: false 215 | 216 | KibanaPort: 217 | title: "Kibana Port" 218 | description: "Kibana Port" 219 | type: number 220 | minimum: 1 221 | maximum: 65535 222 | multipleOf: 1 223 | default: 5601 224 | required: false 225 | 226 | ESDataPort: 227 | title: "ESData Port" 228 | description: "Elasticsearch Data Port (Outbound HTTP Traffic)" 229 | type: number 230 | minimum: 1 231 | maximum: 65535 232 | multipleOf: 1 233 | default: 9200 234 | required: false 235 | 236 | elasticsearch_download_version: 237 | type: enum 238 | required: false 239 | visible: true 240 | title: "Elasticsearch version" 241 | description: "Choose the Elasticsearch version to install." 242 | default: "7.16.3" 243 | enum: 244 | - "7.16.3" 245 | 246 | kibana_download_version: 247 | type: enum 248 | required: false 249 | visible: true 250 | title: "Kibana version" 251 | description: "Choose the Kibana version to install." 252 | default: "7.16.3" 253 | enum: 254 | - "7.16.3" 255 | 256 | logstash_download_version: 257 | type: enum 258 | required: false 259 | visible: true 260 | title: "Logstash version" 261 | description: "Choose the Logstash version to install." 262 | default: "7.16.3" 263 | enum: 264 | - "7.16.3" 265 | 266 | release: 267 | type: string 268 | required: false 269 | visible: false 270 | title: "Reference Architecture Release (OCI Architecture Center)" 271 | 272 | outputs: 273 | 274 | ELK_VM_public_IP: 275 | title: "ELK VM Public IP" 276 | displayText: "ELK VM Public IP" 277 | type: copyableString 278 | visible: true 279 | 280 | generated_ssh_private_key: 281 | title: "Generated SSH Private Key" 282 | displayText: "Generated SSH Private Key" 283 | type: text 284 | visible: true 285 | 286 | 287 | 288 | -------------------------------------------------------------------------------- /simple/scripts/elk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Uploads SSH Public Key to authorized keys. 4 | cp /home/opc/.ssh/authorized_keys /home/opc/.ssh/authorized_keys.bak 5 | echo "${ssh_public_key}" >> /home/opc/.ssh/authorized_keys 6 | chown -R opc /home/opc/.ssh/authorized_keys 7 | 8 | # Configure firewall 9 | firewall-offline-cmd --add-port=${ESDataPort}/tcp 10 | firewall-offline-cmd --add-port=${KibanaPort}/tcp 11 | systemctl restart firewalld 12 | 13 | # Install Java 14 | yum install -y java 15 | 16 | if [[ $(uname -m | sed 's/^.*\(el[0-9]\+\).*$/\1/') == "aarch64" ]] 17 | then 18 | # Install Elasticsearch 19 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-aarch64.rpm 20 | # Install Kibana 21 | yum install -y ${kibana_download_url}-${kibana_download_version}-aarch64.rpm 22 | # Install Logstash 23 | yum install -y ${logstash_download_url}-${logstash_download_version}-aarch64.rpm 24 | else 25 | # Install Elasticsearch 26 | yum install -y ${elasticsearch_download_url}-${elasticsearch_download_version}-x86_64.rpm 27 | # Install Kibana 28 | yum install -y ${kibana_download_url}-${kibana_download_version}-x86_64.rpm 29 | # Install Logstash 30 | yum install -y ${logstash_download_url}-${logstash_download_version}-x86_64.rpm 31 | fi 32 | 33 | # Enable and start services 34 | systemctl daemon-reload 35 | systemctl enable elasticsearch.service 36 | systemctl start elasticsearch.service 37 | systemctl enable kibana.service 38 | systemctl start kibana.service 39 | systemctl enable logstash.service 40 | systemctl start logstash.service 41 | 42 | -------------------------------------------------------------------------------- /simple/security_lists.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "oci_core_security_list" "ELKSecurityList" { 5 | compartment_id = var.compartment_ocid 6 | vcn_id = oci_core_virtual_network.ELKVCN.id 7 | display_name = "ELKSecurityList" 8 | 9 | egress_security_rules { 10 | protocol = "6" 11 | destination = "0.0.0.0/0" 12 | } 13 | 14 | ingress_security_rules { 15 | protocol = "6" 16 | source = "0.0.0.0/0" 17 | 18 | tcp_options { 19 | max = "22" 20 | min = "22" 21 | } 22 | } 23 | 24 | ingress_security_rules { 25 | protocol = "6" 26 | source = "0.0.0.0/0" 27 | 28 | tcp_options { 29 | max = var.ESDataPort 30 | min = var.ESDataPort 31 | } 32 | } 33 | 34 | ingress_security_rules { 35 | protocol = "6" 36 | source = "0.0.0.0/0" 37 | 38 | tcp_options { 39 | max = var.KibanaPort 40 | min = var.KibanaPort 41 | } 42 | } 43 | defined_tags = {"${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release } 44 | } 45 | -------------------------------------------------------------------------------- /simple/tags.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "random_id" "tag" { 5 | byte_length = 2 6 | } 7 | 8 | resource "oci_identity_tag_namespace" "ArchitectureCenterTagNamespace" { 9 | provider = oci.homeregion 10 | compartment_id = var.compartment_ocid 11 | description = "ArchitectureCenterTagNamespace" 12 | name = "ArchitectureCenter\\deploy-elk-${random_id.tag.hex}" 13 | 14 | provisioner "local-exec" { 15 | command = "sleep 10" 16 | } 17 | } 18 | 19 | resource "oci_identity_tag" "ArchitectureCenterTag" { 20 | provider = oci.homeregion 21 | description = "ArchitectureCenterTag" 22 | name = "release" 23 | tag_namespace_id = oci_identity_tag_namespace.ArchitectureCenterTagNamespace.id 24 | 25 | validator { 26 | validator_type = "ENUM" 27 | values = ["release", "2.0"] 28 | } 29 | 30 | provisioner "local-exec" { 31 | command = "sleep 120" 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /simple/tls.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | resource "tls_private_key" "public_private_key_pair" { 5 | algorithm = "RSA" 6 | } -------------------------------------------------------------------------------- /simple/variables.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | variable "tenancy_ocid" {} 5 | variable "user_ocid" {} 6 | variable "fingerprint" {} 7 | variable "private_key_path" {} 8 | variable "region" {} 9 | variable "compartment_ocid" {} 10 | variable "availability_domain_name" { 11 | default = "" 12 | } 13 | variable "availability_domain_number" { 14 | default = 0 15 | } 16 | 17 | variable "release" { 18 | description = "Reference Architecture Release (OCI Architecture Center)" 19 | default = "2.0" 20 | } 21 | 22 | variable "ssh_public_key" { 23 | default = "" 24 | } 25 | 26 | variable "VCN-CIDR" { 27 | default = "10.1.0.0/16" 28 | } 29 | 30 | variable "ELKSubnet-CIDR" { 31 | default = "10.1.20.0/24" 32 | } 33 | 34 | variable "instance_shape" { 35 | default = "VM.Standard.A1.Flex" 36 | } 37 | 38 | variable "instance_flex_shape_ocpus" { 39 | default = 1 40 | } 41 | 42 | variable "instance_flex_shape_memory" { 43 | default = 15 44 | } 45 | 46 | variable "instance_os" { 47 | description = "Operating system for compute instances" 48 | default = "Oracle Linux" 49 | } 50 | 51 | variable "linux_os_version" { 52 | description = "Operating system version for all Linux instances" 53 | default = "8" 54 | } 55 | 56 | variable "elasticsearch_download_url" { 57 | default = "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch" 58 | } 59 | 60 | variable "elasticsearch_download_version" { 61 | default = "7.16.3" 62 | } 63 | 64 | variable "kibana_download_url" { 65 | default = "https://artifacts.elastic.co/downloads/kibana/kibana" 66 | } 67 | 68 | variable "kibana_download_version" { 69 | default = "7.16.3" 70 | } 71 | 72 | variable "logstash_download_url" { 73 | default = "https://artifacts.elastic.co/downloads/logstash/logstash" 74 | } 75 | 76 | variable "logstash_download_version" { 77 | default = "7.16.3" 78 | } 79 | 80 | variable "KibanaPort" { 81 | default = "5601" 82 | } 83 | 84 | variable "ESDataPort" { 85 | default = "9200" 86 | } 87 | 88 | # Dictionary Locals 89 | locals { 90 | compute_flexible_shapes = [ 91 | "VM.Standard.E3.Flex", 92 | "VM.Standard.E4.Flex", 93 | "VM.Standard.A1.Flex" 94 | ] 95 | } 96 | 97 | # Checks if is using Flexible Compute Shapes 98 | locals { 99 | is_flexible_shape = contains(local.compute_flexible_shapes, var.instance_shape) 100 | } 101 | 102 | 103 | -------------------------------------------------------------------------------- /simple/versions.tf: -------------------------------------------------------------------------------- 1 | ## Copyright (c) 2022, Oracle and/or its affiliates. 2 | ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl 3 | 4 | terraform { 5 | required_version = ">= 0.12" 6 | } 7 | --------------------------------------------------------------------------------