Now we have everything else setup on the network side apart from subnets. Subnets are continuous IP address blocks which don’t overlap with any other subnet IP address block in your VCN.

Things to remember:

  • You can’t change subnet’s CIDR block once created. (So resource must be recreated if changed)
  • Two IP addresses from the start and the last one is reserved by networking service in each subnet

As time of writing this Oracle has released new functionality regarding subnets, regional subnets. Earlier each subnet was tied in specific Availability Domain but now you can create subnet which spans across all Availability Domains.

In my example I’m going to deploy public subnet which has route table with Internet Gateway and private subnet which has route to NAT Gateway. Also previously created security lists will be linked.

Terraform

As Terraform doesn’t yet support regional subnets in this example they are linked to an Availability Domain. For the subnet a CIDR block is needed and assignment of previously created resources to subnets.

Creating subnets with Terraform is defined here.

I also need to get my tenancy’s Availability Domains via Terraform data source. Remember the order of AD’s is specific to you so some other tenancy might have different AD as AD 1.

I’ve highlighted usage of data source – mainly you just send your tenancy’s OCID and get list of AD’s back which are then used on via lookup on calling the resource. For these both I’m using the first [0] item from the list.

Another thing to highlight is the usage of cidrsubnet. One option to define the cidr_block would be manually definining it in the variables. But with cidrsubnet we can take the variable vcn_cidr_block we defined when creating the VCN and allocate separate subnet CIDR blocks using it.

Usage of cidrsubnet is defined in this blog post and also in official documentation.

As VCN CIDR is /16 defining newbits ‘8’ will turn subnet block to /24 and netnum 0 means it will be first /24 block from that CIDR.

So our main.tf will get these added:

data "oci_identity_availability_domains" "ADs" {
  compartment_id = "${var.tenancy_ocid}"
}

resource "oci_core_subnet" "CreatePublicSubnet" {
  availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
  cidr_block                 = "${cidrsubnet(var.vcn_cidr_block, 8, 0)}"
  display_name               = "${var.public_subnet_display_name}"
  dns_label                  = "${var.public_subnet_dns_label}"
  compartment_id             = "${oci_identity_compartment.CreateCompartment.id}"
  vcn_id                     = "${oci_core_virtual_network.CreateVCN.id}"
  security_list_ids          = ["${oci_core_security_list.CreatePublicSecurityList.id}"]
  route_table_id             = "${oci_core_route_table.CreatePublicRouteTable.id}"
  dhcp_options_id            = "${oci_core_virtual_network.CreateVCN.default_dhcp_options_id}"
  prohibit_public_ip_on_vnic = "${var.public_prohibit_public_ip_on_vnic}"
}

resource "oci_core_subnet" "CreatePrivateSubnet" {
  availability_domain        = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
  cidr_block                 = "${cidrsubnet(var.vcn_cidr_block, 8, 1)}"
  display_name               = "${var.private_subnet_display_name}"
  dns_label                  = "${var.private_subnet_dns_label}"
  compartment_id             = "${oci_identity_compartment.CreateCompartment.id}"
  vcn_id                     = "${oci_core_virtual_network.CreateVCN.id}"
  security_list_ids          = ["${oci_core_security_list.CreatePrivateSecurityList.id}"]
  route_table_id             = "${oci_core_route_table.CreatePrivateRouteTable.id}"
  dhcp_options_id            = "${oci_core_virtual_network.CreateVCN.default_dhcp_options_id}"
  prohibit_public_ip_on_vnic = "${var.private_prohibit_public_ip_on_vnic}"
}

And variables.tf gets these:

// PUBLIC AND PRIVATE SUBNET VARIABLES
variable "public_subnet_display_name" {
  default = "PublicSubnet"
} // Name for public subnet

variable "private_subnet_display_name" {
  default = "PrivateSubnet"
} // Name for private subnet

variable "public_subnet_dns_label" {
  default = "pub"
} // DNS Label for public subnet

variable "private_subnet_dns_label" {
  default = "pri"
} // DNS label for private subnet

variable "public_prohibit_public_ip_on_vnic" {
  default = "false"
} // Can instances in public subnet get public IP

variable "private_prohibit_public_ip_on_vnic" {
  default = "true"
}// Can instances in private subnet get public IP

We don’t need to define too many variables as most of them are from previously created resources.

After running terraform plan and apply I have two new resources. See the availability domain picked up and CIDR block created for each subnet.

oci_core_subnet.CreatePrivateSubnet: Creating...
  availability_domain:          "" => "xknJ:EU-FRANKFURT-1-AD-1"
  cidr_block:                   "" => "172.16.1.0/24"
  compartment_id:               "" => "ocid1.compartment.oc1..xxxxx"
  dhcp_options_id:              "" => "ocid1.dhcpoptions.oc1.eu-frankfurt-1.xxxxx"
  display_name:                 "" => "PrivateSubnet"
  dns_label:                    "" => "pri"
  freeform_tags.%:              "" => "<computed>"
  prohibit_public_ip_on_vnic:   "" => "true"
  route_table_id:               "" => "ocid1.routetable.oc1.eu-frankfurt-1.xxxxx"
  security_list_ids.#:          "" => "1"
  security_list_ids.2007611926: "" => "ocid1.securitylist.oc1.eu-frankfurt-1.xxxxx"
  state:                        "" => "<computed>"
  subnet_domain_name:           "" => "<computed>"
  time_created:                 "" => "<computed>"
  vcn_id:                       "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
  virtual_router_ip:            "" => "<computed>"
  virtual_router_mac:           "" => "<computed>"
oci_core_subnet.CreatePublicSubnet: Creating...
  availability_domain:          "" => "xknJ:EU-FRANKFURT-1-AD-1"
  cidr_block:                   "" => "172.16.0.0/24"
  compartment_id:               "" => "ocid1.compartment.oc1..xxxxx"
  dhcp_options_id:              "" => "ocid1.dhcpoptions.oc1.eu-frankfurt-1.xxxxx"
  display_name:                 "" => "PublicSubnet"
  dns_label:                    "" => "pub"
  freeform_tags.%:              "" => "<computed>"
  prohibit_public_ip_on_vnic:   "" => "false"
  route_table_id:               "" => "ocid1.routetable.oc1.eu-frankfurt-1.xxxxx"
  security_list_ids.#:          "" => "1"
  security_list_ids.3189732490: "" => "ocid1.securitylist.oc1.eu-frankfurt-1.xxxxx"
  state:                        "" => "<computed>"
  subnet_domain_name:           "" => "<computed>"
  time_created:                 "" => "<computed>"
  vcn_id:                       "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
  virtual_router_ip:            "" => "<computed>"
  virtual_router_mac:           "" => "<computed>"
oci_core_subnet.CreatePrivateSubnet: Creation complete after 1s (ID: ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaa...xxxxx)
oci_core_subnet.CreatePublicSubnet: Creation complete after 1s (ID: ocid1.subnet.oc1.eu-frankfurt-1.aaaaaaa...xxxxx)

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

With that I have all necessary network components and what is left is to create the jump server on public subnet and then finally database on the private subnet.

Leave a Reply

Your email address will not be published. Required fields are marked *