{"id":18802309,"url":"https://github.com/oracle-quickstart/oci-arch-vip","last_synced_at":"2026-01-05T02:30:19.026Z","repository":{"id":106379859,"uuid":"227204544","full_name":"oracle-quickstart/oci-arch-vip","owner":"oracle-quickstart","description":"Terraform automation that provisions Floating IP(VIP) emulation on the Oracle Cloud Infrastructure(OCI).","archived":false,"fork":false,"pushed_at":"2020-02-05T12:28:48.000Z","size":1027,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-12-29T20:16:05.514Z","etag":null,"topics":["floating-ip","keepalived","networking","oci","oracle-led","vip","vrrp"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-quickstart.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-10T19:59:21.000Z","updated_at":"2023-01-27T19:55:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"a37f1b5d-af95-4764-9cae-bd3430310110","html_url":"https://github.com/oracle-quickstart/oci-arch-vip","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":"oracle-quickstart/oci-quickstart-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-vip","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-vip/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-vip/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-vip/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-quickstart","download_url":"https://codeload.github.com/oracle-quickstart/oci-arch-vip/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239735262,"owners_count":19688262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["floating-ip","keepalived","networking","oci","oracle-led","vip","vrrp"],"created_at":"2024-11-07T22:27:25.964Z","updated_at":"2026-01-05T02:30:18.976Z","avatar_url":"https://github.com/oracle-quickstart.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Oracle Cloud Infrastructure Architecture VIP\n\n## Introduction\n\nThe [Oracle Cloud Infrastructure (OCI) Quick Start](https://github.com/oracle?q=quickstart) is a collection of examples that allow OCI users to get a quick start deploying advanced infrastructure on OCI.\n\n\nThis terraform automation provisions Floating IP(VIP) emulation on the Oracle Cloud Infrastructure(OCI).\n\nThe number of cluster nodes is configurable. The automation will evenly distribute the cluster nodes across all the ADs in the target region and across all the fault domains in an AD.\n\nOptionally you'll be able to add a File System Service and mount it as an NFS mount on all the cluster nodes.\n\nAll the cluster nodes will have a boot volume and an aditional block volume that will be mounted under a configurable mount point.\n\nAll the cluster nodes will be configured with Apache or Nginx, keepalived(for cluster management, using VRRP in unicast mode), python and a custom python script using instance principal authentication. The python script will call the OCI REST API to claim the private/public IP to it's vnic as 2nd IP when it will be invoked by the local keepalived process.\n\nAn utility VM will be optionally provisioned into the subnet for VIP testing reasons.\n\nA volume group will be created on each and every AD where cluster nodes were created. To an AD volume group all boot and block volumes of the cluster nodes running on that AD will be added. \n\nThe automation will create a regional subnet inside a given(existing) VCN. All the cluster nodes and the FSS mount target will be added to this subnet.\n\nAn NSG that contains rules to allow egress to everywhere over any protocol and ingress for VRRP from subnet CIDR, ICMP from subnet CIDR and TCP for ssh(22), http(80) and https(443) from anywhere.\n\nAt the subnet level will have a security list for FSS that allows just the VMs exposed to the subnet to mount the NFS mounts FSS is exposing.\n\nA private IP that will have a public IP attached will be created. They both will play the role of a private/public VIP. The private VIP will be attached to the master keepalived node. When the master keepalived node will change, the new master will claim(attach the private/public VIP to its vnic) by calling the custom python script.\n\nIt will also provision all the IAM constructs needed by the cluster nodes to make REST API calls to the OCI REST API by using Instance Principals authentication method. The artifacts being provisioned will be:\n- a Dynamic Group containing the OCIDs of all the cluster nodes\n- Security Policies that will allow the Dynamic Group above to manage VNICs and Private IPs.\n\n## Short Description and Example\n\nThis automation is performing the following steps:\n\n - provisioning a subnet inside a given VCN\n - configuring the routing tables, network security groups, security lists and DHCP for that subnet\n - provisioning a given number of cluster nodes toghether with an optional utility VM. \n - provision the Dynamic Group and create the specific Dynamic Group policy to allow the cluster nodes instance principals to run rest API calls for migrating the private IP from one vnic to another\n - provisioning a 2nd private IP with an attached public IP. Those will serve as public and private VIPs.\n - on each vm creating and mounting a 2nd block volume of a given size and on a given mount point.\n - Optionaly, create a file system to act as an NFS Share to be shared and mounted across the cluster nodes. An initial snapshot will be performed against the mount.    \n - on top of the cluster nodes it is installing and configuring:\n\t - then network alias for the private VIP\n\t - mounting via ISCI the 2nd block volume\n\t - installing/configuring the specified product Apache/Nginx\n\t - installing/configuring keepalived\n\t - installing/configuring the python script that is used by keepalived to float the private/public IP to the new Master node.\n\nThe script is invoked by the unicast keepalived mechanism, when a node state is changed from BACKUP to MASTER.\n\n## Prerequisites\n\nFirst off we'll need to do some pre deploy setup.  That's all detailed [here](https://github.com/oracle/oci-quickstart-prerequisites).\n\n\n\n## Getting Started\n\nA fully-functional example has been provided in the `root` directory\n\n```bash\n$ terraform init\n$ terraform plan\n$ terraform apply -state \u003cyour-state-file\u003e.tfstate\n```\n\nBellow you can find an example of the input parameters:\n- Authentication parameters: `terraform.tfvars.template`:\n\n```\n\n#\n# 1. Download and install TerraForm (https://www.terraform.io/downloads.html)\n# 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/)\n# 3. Make sure that you have an OCI API key setup\n#       See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key\n#       See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API\n# 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading)\n# 5. Copy your OCI user account OCID (login to OCI \u003e Identity \u003e Users)\n# 6. Copy the required API key fingerprint and private key path (below)\n# 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances)\n#       See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair\n#\n# HELPFUL URLs\n# * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md\n#\n\n# RUNNING Terraform\n#\n# Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below:\n# 1. Modify this file (so it reflects your OCIDs, etc.)\n# 2. $ terraform init\n#       You only have to do this once after installing or upgrading your TerraForm plugins\n# 3. $ terraform plan\n#       This will show you what TerraForm might do if you applied it\n# 4. $ terraform apply\n\n#############################\n# TENANCY DETAILS\n#############################\n\n# Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading)\ntenancy_id = \"\u003ctenancy-idt\u003e\"\n\n# Get this from OCI \u003e Identity \u003e Users (for your user account)\nuser_id = \"\u003cuser-ocid\u003e\"\n\n# the fingerprint can be gathered from your user account (OCI \u003e Identity \u003e Users \u003e click your username \u003e API Keys fingerprint (select it, copy it and paste it below))\nfingerprint = \"\u003cfingerprint\u003e\"\n\n# this is the full path on your local system to the private key used for the API key pair\nprivate_key_path = \"\u003cprivate-key-path\u003e\"\n\n# region (us-phoenix-1, ca-toronto-1, etc)\nregion = \"eu-frankfurt-1\"\n```\n\n- Configuration parameters `vip.auto.tfvars`:\n\n```\n\n##############################\n# TENANCY DETAILS\n#############################\n\n# default compartment \ndefault_compartment_id = \"\u003cdefault_compartment_ocid\u003e\"\n\n# iam compartment - if null then default_compartment_id will be used\niam_compartment_id = null\n\n#############################\n# naming convension\n#############################\n\n# the prefix that will be used for all the names of the OCI artifacts that this automation will provision\nnames_prefix = \"oci-vip-nginx\"\n\n# the defined tags to be used for all the artifacts that this automation will provision\ndefined_tags = {}\n\n# the freeform tags to be used for all the artifacts that this automation will provision\nfreeform_tags = {}\n\n#############################\n# volumes - block storage\n#############################\n\n# block storage compartment - if null then default_compartment_id will be used\nblock_storage_compartment_id = null\n\n# The aditional block volumes backup policy: Bronze, Silver or Gold. Default = Bronze. Null = Bronze\nvolumes_backup_policy = null\n\n# The aditional block volumes mount point\naditional_block_volume_mount_point = \"/u01\"\n\n# The aditional block volumes size\naditional_block_volume_size = 55\n\n#############################\n# OCI VIP network\n#############################\n\n# The specific network compartment id. If this is null then the default, project level compartment_id will be used.\nnetwork_compartment_id = null\n\n# the VCN id where the VIP network components will be provisioned\nvcn_id = \"\u003cvcn-ocid\u003e\"\n\n# the route table attached to the VIP subnet. Configuration supports both public internet routes and private routes\noci_vip_route_table = {\n  route_rules = [{\n    # route to public internet (\"0.0.0.0/0\") or to private destination\n    dst      = \"0.0.0.0/0\"\n    dst_type = \"CIDR_BLOCK\"\n    # next hop can be an Internet Gateway or other Gateway(ex. DRG)\n    next_hop_id = \"\u003cIG-OCID\u003e\"\n  }]\n}\n\n# VIP subnet DHCP options\ndhcp_options = {\n  oci_vip_dhcp_option = {\n    server_type        = \"VcnLocalPlusInternet\"\n    search_domain_name = \"DomainNameServer\"\n    forwarder_1_ip     = null\n    forwarder_2_ip     = null\n    forwarder_3_ip     = null\n  }\n}\n\n# VIP subnet CIDR\noci_vip_subnet_cidr = \"10.0.80.0/24\"\n\n# option for having a public and private VIP or just a private VIP\nassign_public_ip = true\n\n#############################\n# File System Details\n#############################\n\n# The specific FSS compartment id. If this is null then the default, project level compartment_id will be used.\nfss_compartment_id = null\n\n# The FSS configuration. If null(file_system = null) then no FSS artifacts will not be configured\nfile_system = {\n  # the File Sytem and mount target AD - AD number\n  availability_domain = 1\n  export_path         = \"/u02\"\n}\n\n# the folder(mount point) where the FSS NFS share will be mounted\nfss_mount_point = \"/u02\"\n\n#############################\n# OCI VIP Instances\n#############################\n\n# The specific compute compartment id. If this is null then the default, project level compartment_id will be used.\ncompute_compartment_id = null\n\n# The number of cluster nodes to be provisioned\ncluster_size = 6\n\n# Compute instances ssh public key\nssh_public_key_path = \"\u003cssh-public-key\u003e\"\n\n# Compute instances ssh private key\nssh_private_key_path = \"\u003cssh-private-key\u003e\"\n\n# The name of the shape to be used for all the provisioned compute instances. The automation will automatically figure out the OCID for the specific shape name in the target region.\nshape = \"VM.Standard2.1\"\n\n# The name of the image to be used for all the provisioned compute instances. The automation will automatically figure out the OCID for the specific image name in the target region.\nimage_name = \"Oracle-Linux-7.7-2019.10.19-0\"\n\n\n# OCI VIP Config\n\n# Accepted values: [\"Apache\", \"Nginx\"] \ninstall_product = \"Nginx\"\n\n# Keepalived check script\n# Only 2 values are accepted:\n# - \"'/usr/sbin/pidof httpd'\"\n# - \"'/usr/sbin/pidof nginx'\"\nkeepalived_check = \"'/usr/sbin/pidof nginx'\"\n\n#############################\n# OCI VIP Util Nodes\n#############################\n\n# Option to have an util compute node provisioned or not.\nprovision_util_node = false\n```\n\n\n## High level diagrams\n\n### Regional Deployment\n\n![Screenshot](images/Network-Diagram.jpeg)\n\n## Current limitations\n\n* Currently the automation does ***not*** support:\n  * updating the number of cluster nodes after the initial provisioning. To update the number of cluster nodes you will need to destroy and re-apply.\n  * changing/updating the installed product(Apache/Nginx) after the initial provisioning. To update the installed product you will need to destroy and re-apply.\n\n## Versions\n\nThis module has been developed and tested by running terraform on macOS Mojave Version 10.14.6\n\n```\nuser-mac$ terraform --version\nTerraform v0.12.13\n+ provider.null v2.1.2\n+ provider.oci v3.50.0\n+ provider.random v2.2.1\n+ provider.oci v3.31.0\n```\n\n## GitHub Action Workflow - Automated Packaging\n\nThis project uses [GitHub Action Workflow](https://github.com/features/actions) that automatically generates a OCI Resource Manager Stack everytime there is a code change. A new ORM Stack file is hosted under GitHub Releases as a draft. Publishers can modify each Release individually or change the parameters at [ORM Stack](.github/workflows/build-orm-stack.yml) workflow Create Release step to make it public to everyone.\n\n```yaml\n - name: Create Release\n        id: create_release\n        uses: actions/create-release@v1\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n        with:\n          tag_name: ${{ github.ref }}\n          release_name: Release ${{ github.ref }}\n          body: |\n            Changes in this Release\n            - New ORM Stack template ${{ github.ref }}\n          draft: true\n          prerelease: true\n```\n\n## Contributing\n\nThis project is open source. Oracle appreciates any contributions that are made by the open source community.\n\n## License\n\nCopyright (c) 2020, Oracle and/or its affiliates.\n\nLicensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.\n\nSee [LICENSE](LICENSE) for more details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-arch-vip","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-quickstart%2Foci-arch-vip","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-arch-vip/lists"}