Added Oracle Cloud Infrastructure as a new provider.

README.md

@@ -61,6 +61,7 @@ This lab use free windows VM only (180 days). After that delay enter a license o
   - [Install with VmWare](./docs/install_with_vmware.md)
   - [Install with Proxmox](./docs/install_with_proxmox.md)
   - [Install with Azure](./docs/install_with_azure.md)
+  - [Install with OCI](./docs/install_with_oci.md)
 
 - Installation is in three parts :
   1. Templating : this will create the template to use (needed only for proxmox) 
@@ -84,6 +85,7 @@ This lab use free windows VM only (180 days). After that delay enter a license o
    - vmware
    - azure
    - proxmox
+   - oci
 
 - ANSIBLE_RUN_METHOD : ansible method to use :
    - local : to use local ansible install

ad/GOAD/providers/oci/inventory

@@ -0,0 +1,49 @@
+[default]
+; Note: ansible_host *MUST* be an IPv4 address or setting things like DNS
+; servers will break.
+; ------------------------------------------------
+; sevenkingdoms.local
+; ------------------------------------------------
+dc01 ansible_host=192.168.56.10 dns_domain=dc01 dict_key=dc01 ansible_user=ansible ansible_password=YourSecurePassword123!
+; ------------------------------------------------
+; north.sevenkingdoms.local
+; ------------------------------------------------
+dc02 ansible_host=192.168.56.11 dns_domain=dc01 dict_key=dc02 ansible_user=ansible ansible_password=YourSecurePassword123!
+srv02 ansible_host=192.168.56.22 dns_domain=dc02 dict_key=srv02 ansible_user=ansible ansible_password=YourSecurePassword123!
+; ------------------------------------------------
+; essos.local
+; ------------------------------------------------
+dc03 ansible_host=192.168.56.12 dns_domain=dc03 dict_key=dc03 ansible_user=ansible ansible_password=YourSecurePassword123!
+srv03 ansible_host=192.168.56.23 dns_domain=dc03 dict_key=srv03 ansible_user=ansible ansible_password=YourSecurePassword123!
+; ------------------------------------------------
+; Other
+; ------------------------------------------------
+; elk ansible_host=192.168.56.50 ansible_connection=ssh
+
+[all:vars]
+; domain_name : folder inside ad/
+domain_name=GOAD
+
+force_dns_server=no
+dns_server=9.9.9.9
+
+two_adapters=no
+
+; adapter created by vagrant and virtualbox (comment if you use vmware)
+;nat_adapter=NAT
+domain_adapter=Ethernet 2
+
+; adapter created by vagrant and vmware (uncomment if you use vmware)
+; nat_adapter=Ethernet0
+; domain_adapter=Ethernet1
+
+; winrm connection (windows)
+ansible_user=ansible
+ansible_password=YourSecurePassword123!
+ansible_connection=winrm
+ansible_winrm_server_cert_validation=ignore
+ansible_winrm_operation_timeout_sec=400
+ansible_winrm_read_timeout_sec=500
+
+; proxy settings (the lab need internet for some install, if you are behind a proxy you should set the proxy here)
+enable_http_proxy=no

ad/GOAD/providers/oci/terraform/jumpbox.tf

@@ -0,0 +1,91 @@
+resource "oci_core_instance" "jumpbox" {
+  availability_domain = var.availability_domain
+  compartment_id      = var.compartment_ocid
+  display_name        = "jumpbox"
+  shape               = var.shape
+
+  shape_config {
+    baseline_ocpu_utilization = "BASELINE_1_1"
+    memory_in_gbs             = var.memory_in_gbs
+    ocpus                     = var.ocpus
+  }
+
+  source_details {
+    source_id   = var.image_ocid
+    source_type = "image"
+  }
+#IMAGE OCID'S https://docs.oracle.com/en-us/iaas/images/image/bd616d0a-fae4-490e-bd31-a9406095b844/ 
+  create_vnic_details {
+    assign_ipv6ip             = false
+    assign_private_dns_record = true
+    assign_public_ip          = true
+    subnet_id                 = oci_core_subnet.public_subnet.id
+  }
+
+  metadata = {
+    ssh_authorized_keys = var.ssh_authorized_keys
+  }
+
+  agent_config {
+    is_management_disabled = false
+    is_monitoring_disabled = false
+
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Vulnerability Scanning"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Management Agent"
+    }
+    plugins_config {
+      desired_state = "ENABLED"
+      name          = "Custom Logs Monitoring"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Compute RDMA GPU Monitoring"
+    }
+    plugins_config {
+      desired_state = "ENABLED"
+      name          = "Compute Instance Monitoring"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Compute HPC RDMA Auto-Configuration"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Compute HPC RDMA Authentication"
+    }
+    plugins_config {
+      desired_state = "ENABLED"
+      name          = "Cloud Guard Workload Protection"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Block Volume Management"
+    }
+    plugins_config {
+      desired_state = "DISABLED"
+      name          = "Bastion"
+    }
+  }
+
+  availability_config {
+    is_live_migration_preferred = true
+    recovery_action             = "RESTORE_INSTANCE"
+  }
+
+  platform_config {
+    is_symmetric_multi_threading_enabled = true
+    type                                 = "AMD_VM"
+  }
+
+  instance_options {
+    are_legacy_imds_endpoints_disabled = false
+  }
+}
+
+
+

ad/GOAD/providers/oci/terraform/network.tf

@@ -0,0 +1,125 @@
+resource "oci_core_vcn" "generated_oci_core_vcn" {
+  cidr_block     = "192.168.0.0/16"
+  compartment_id = var.compartment_ocid
+  display_name   = "goad-virtual-network"
+  dns_label      = "goadvcn"
+}
+
+resource "oci_core_subnet" "public_subnet" {
+  cidr_block     = "192.168.57.0/24"
+  compartment_id = var.compartment_ocid
+  display_name   = "public-subnet"
+  dns_label      = "publicsubnet"
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+  route_table_id = oci_core_route_table.public_route_table.id
+}
+
+resource "oci_core_subnet" "private_subnet" {
+  cidr_block                 = "192.168.56.0/24"
+  compartment_id             = var.compartment_ocid
+  display_name               = "private-subnet"
+  dns_label                  = "privatesubnet"
+  vcn_id                     = oci_core_vcn.generated_oci_core_vcn.id
+  route_table_id             = oci_core_route_table.private_route_table.id
+  prohibit_internet_ingress  = true
+  prohibit_public_ip_on_vnic = true
+  security_list_ids          = [oci_core_security_list.winrm_rdp_security_list.id]
+}
+
+resource "oci_core_internet_gateway" "generated_oci_core_internet_gateway" {
+  compartment_id = var.compartment_ocid
+  display_name   = "Internet Gateway goad-virtual-network"
+  enabled        = true
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+}
+
+resource "oci_core_nat_gateway" "generated_oci_core_nat_gateway" {
+  compartment_id = var.compartment_ocid
+  display_name   = "NAT Gateway goad-virtual-network"
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+}
+
+resource "oci_core_route_table" "public_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+  display_name   = "public-route-table"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.generated_oci_core_internet_gateway.id
+  }
+}
+
+resource "oci_core_route_table" "private_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+  display_name   = "private-route-table"
+
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_nat_gateway.generated_oci_core_nat_gateway.id
+  }
+}
+
+resource "oci_core_default_dhcp_options" "default_dhcp_options" {
+  manage_default_resource_id = oci_core_vcn.generated_oci_core_vcn.default_dhcp_options_id
+
+  options {
+    type                  = "DomainNameServer"
+    server_type           = "CustomDnsServer"
+    custom_dns_servers    = ["192.168.56.10","8.8.8.8"]
+  }
+ options {
+        type = "SearchDomain"
+        search_domain_names = [ "sevenkingdoms.local" ]
+    }
+}
+
+resource "oci_core_security_list" "winrm_rdp_security_list" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.generated_oci_core_vcn.id
+  display_name   = "winrm_rdp_security_list"
+
+  egress_security_rules {
+    protocol    = "all"
+    destination = "0.0.0.0/0"
+    stateless   = false
+  }
+
+  ingress_security_rules {
+    protocol    = "all"
+    source      = "192.168.0.0/16"
+    stateless   = false
+  }
+}
+  #ingress_security_rules {
+  #  protocol = "6"  # TCP
+  #  source   = "192.168.0.0/16"
+  #  tcp_options {
+  #    min = 3389
+  #    max = 3389
+  #  }
+  #  stateless = false
+  #  }
+
+#  ingress_security_rules {
+ #   protocol = "6"  # TCP
+  #  source   = "0.0.0.0/0"
+  #  tcp_options {
+  #    min = 22
+  #    max = 22
+  #  }
+  #  stateless = false
+  #}
+
+#  ingress_security_rules {
+#    protocol = "6"  # TCP
+#    source   = "192.168.0.0/16"
+#    tcp_options {
+#      min = 5985
+#      max = 5986
+#    }
+#    stateless = false
+#  }

ad/GOAD/providers/oci/terraform/outputs.tf

@@ -0,0 +1,8 @@
+output "ubuntu_jumpbox_ip" {
+  value = oci_core_instance.jumpbox.public_ip
+}
+
+output "windows_instance_opc_passwords" {
+  value = { for k, v in oci_core_instance.windows_instance : k => v.metadata.admin_password }
+  sensitive = true
+}

ad/GOAD/providers/oci/terraform/profile.tf

@@ -0,0 +1,8 @@
+provider "oci" {
+
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}

ad/GOAD/providers/oci/terraform/userdata_windows.tpl

@@ -0,0 +1,6 @@
+<powershell>
+$adminUsername = "{{ admin_username }}"
+$adminPassword = ConvertTo-SecureString "{{ admin_password }}" -AsPlainText -Force
+New-LocalUser $adminUsername -Password $adminPassword -FullName $adminUsername -Description "Admin user"
+Add-LocalGroupMember -Group "Administrators" -Member $adminUsername
+</powershell>

ad/GOAD/providers/oci/terraform/variables.tf

@@ -0,0 +1,83 @@
+variable "tenancy_ocid" {
+  description = "The OCID of your tenancy."
+  type        = string
+  default = "ocid1.tenancy.oc1..YourOCID"
+}
+
+variable "user_ocid" {
+  description = "The OCID of the user calling the API."
+  type        = string
+  default = "ocid1.user.oc1..YourOCID"
+}
+
+variable "fingerprint" {
+  description = "The fingerprint of the API key."
+  type        = string
+  default = "b3:a2:cd:b4:54:17:9a:63:d2:2d:fc:b8:d9:af:d9:cb"
+}
+
+variable "private_key_path" {
+  description = "The path to the private key."
+  type        = string
+  default = "/Users/abirzu/.ssh/newpemkey.pem"
+}
+
+variable "region" {
+  description = "The region to use."
+  type        = string
+  default = "eu-frankfurt-1"
+}
+
+variable "compartment_ocid" {
+  description = "The OCID of the compartment to use."
+  type        = string
+  default = "ocid1.compartment.oc1..YourOCID"
+}
+
+variable "availability_domain" {
+  description = "The availability domain to use."
+  type        = string
+  default = "NoEK:EU-FRANKFURT-1-AD-1"
+}
+
+variable "shape" {
+  description = "The shape of the instance to be created."
+  type        = string
+  default     = "VM.Standard.E5.Flex"
+}
+
+variable "ocpus" {
+  description = "The number of OCPUs to allocate."
+  type        = number
+  default     = 1
+}
+
+variable "memory_in_gbs" {
+  description = "The amount of memory in GBs."
+  type        = number
+  default     = 12
+}
+
+variable "ssh_authorized_keys" {
+  description = "The public key for SSH access to the instances."
+  type        = string
+  default     =  "Your Public key c6Kbx3y24k3GszixVLMN3tnYNLS8EJ+28NPJDhitXouvAvEAbgo89ZTAwdytBtgiD3BqZi6qSlGlhTCsFlkoaAEzeSdsfE5vxeG+kDBnIrAYp///RCD7gIhGhhehQkQVJ1MiZ5KGka4uhuCo7qOJECt5Qn5DK5hxGLUL+JKVKgguTDGiClIXe2JdJIobAomguJaM7tlr9 alexandru_@419d0b8d7292"
+}
+
+variable "image_ocid" {
+  description = "The OCID of the Ubuntu image to use."
+  type        = string
+  default = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaaxroekfbow3kdrdjlwao6tsxxfcb23xmqrdjtjcay2ow52eijvzqa"
+}
+variable "windows2016_image_ocid" {
+  description = "The OCID of the Windows Server 2016 image."
+  type        = string
+  default     = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaae2knsz2v5pfsmfahfesqfcxbbtybhtucwxpq7c2lsvi3ouc5aira"
+}
+
+variable "windows2019_image_ocid" {
+  description = "The OCID of the Windows Server 2019 image."
+  type        = string
+  default     = "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaaq55esthgeydsqq5esexgu3numtsltsfkalqjcee6jit47kwv2vva"
+}
+