Updates: Works with version 14; Added postgis34 and pg_vector; added …

…in postgresql_install_binaries option to whitelist cider block to postgresql(added in firewall-cmd trusted zone); code now changes postgres user password(it worked only when first replica was enabled); added in postgresql_master_initdb option to allow connection from a cidr block to pg_hba.conf; added in postgresql_master_initdb line that will modify postgresql.conf to listen on 0.0.0.0/0 (it was enabled only when first replica was enabled); extended max connections to postgres db; code works now on both ORM and from local.
oracle-devrel · Dec 13, 2024 · 52a45ad · 52a45ad
1 parent 9422168
commit 52a45ad
Show file tree

Hide file tree

Showing 15 changed files with 312 additions and 139 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 PostgreSQL is an open source object-relational database management system. It’s highly extensible, highly scalable, and has many features. PostgreSQL supports data replication across multiple data centers.
 
-This reference architecture shows a typical three-node deployment of a PostgreSQL cluster on Oracle Cloud Infrastructure Compute instances. In this architecture, the servers are configured in master and standby configuration and use streaming replication.
+This reference architecture shows a typical three-node deployment of a PostgreSQL cluster on Oracle Cloud Infrastructure Compute instances. In this architecture, the servers are configured in master and standby configuration and use streaming replication. It will also automatically install postgis34 and pgvector.
 
 For details of the architecture, see [_Deploy a PostgreSQL database_](https://docs.oracle.com/en/solutions/deploy-postgresql-db/index.html)
 
@@ -18,7 +18,7 @@ If you don't have the required permissions and quota, contact your tenancy admin
 
 1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-devrel/terraform-oci-arch-postgresql/releases/latest/download/terraform-oci-arch-postgresql-stack-latest.zip)
 
-    If you aren't already signed in, when prompted, enter the tenancy and user credentials.
+   If you aren't already signed in, when prompted, enter the tenancy and user credentials.
 
 2. Review and accept the terms and conditions.
 
@@ -30,21 +30,23 @@ If you don't have the required permissions and quota, contact your tenancy admin
 
 6. Wait for the job to be completed, and review the plan.
 
-    To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.
+   To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.
 
-7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. 
+7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**.
 
 ## Deploy Using the Terraform CLI
 
 ### Clone the Repository
+
 Now, you'll want a local copy of this repo. You can make that with the commands:
 
     git clone https://github.com/oracle-devrel/terraform-oci-arch-postgresql
     cd terraform-oci-arch-postgresql
     ls
 
 ### Prerequisites
-First off, you'll need to do some pre-deploy setup.  That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites).
+
+First off, you'll need to do some pre-deploy setup. That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites).
 
 Secondly, create a `terraform.tfvars` file and populate with the following information:
 
@@ -58,43 +60,74 @@ private_key_path     = "<pem_private_key_path>"
 # Region
 region = "<oci_region>"
 
-# availability Domain 
-availability_domain_name = "<availability_domain_name>" # for example GrCH:US-ASHBURN-AD-1
+# availability Domain
+availability_domain_number = "1" # Example: 1, 2, 3
 
 # Compartment
 compartment_ocid        = "<compartment_ocid>"
 
 # PostgreSQL Password
+# The password must start with a letter, and it can contain letters (uppercase, lowercase), numbers, and the symbols _ $ #
+# Minimum length 12 and max is 30
 postgresql_password     = "<postgresql_password>"
 
-# PostgreSQL Version (supported versions 9.6, 10, 11, 12, 13)
-postgresql_version      = "<postgresql_version>"
+# PostgreSQL Version (supported versions 9.6, 10, 11, 12, 13, 14)
+postgresql_version      = "14"
+
+# Cidr block that will be added in the firewall-cmd trusted zone on the instances running the postgresql server.
+# Please add a cidr block from where you run postgresql client.
+pg_whitelist_cidr = "" # Example "10.0.0.0/16"
+
+
+### Using existing network
+use_existing_vcn         = true
+postgresql_vcn           = "<postgresqls_vcn_ocid>"
+postgresql_subnet        = "<postgresql_subnet_ocid>"
+create_in_private_subnet = true # In case of deploying in a private subnet, a Bastion Service will be created.
+
+
+linux_os_version = "8" # (supported versions : 7.9, 8)
+
+# SSH KEY
+# If you're using a PRIVATE subnet, the bastion service will be created.
+# The code will upload on the instances both the ssh public key that you provide and the one that will be GENERATED.
+# The bastion will automatically create sessions for instances using the private key GENERATED.
+# If you want to connect using your ssh key, create new sessions with your public key. You can also use the GENERATED ssh key.
+ssh_public_key = "<your_public_ssh_key" #optional
+
 
-# Optional first HotStandby 
-postgresql_deploy_hotstandby1 = true
-postgresql_hotstandby1_ad = "<availability_domain_name>" # for example GrCH:US-ASHBURN-AD-2
-postgresql_hotstandby1_fd = "<postgresql_hotstandby1_fd>" # for example FAULT-DOMAIN-2
 
-# Optional second HotStandby 
-postgresql_deploy_hotstandby2 = true
-postgresql_hotstandby2_ad = "<availability_domain_name>" # for example GrCH:US-ASHBURN-AD-3
-postgresql_hotstandby2_fd = "<postgresql_hotstandby2_fd>" # for example FAULT-DOMAIN-3
+# Optional first HotStandby
+postgresql_deploy_hotstandby1 = false
+# PLEASE LEAVE THE postgresql_hotstandby1_ad = "" (empty string) if you're not using it.
+postgresql_hotstandby1_ad = "" # for example 2
+postgresql_hotstandby1_fd = "" # for example 2
 
-````
+# Optional second HotStandby
+postgresql_deploy_hotstandby2 = false
+# PLEASE LEAVE THE postgresql_hotstandby2_ad = "" (empty string) if you're not using it.
+postgresql_hotstandby2_ad = "" # for example 1
+postgresql_hotstandby2_fd = "" # for example 3
+
+
+```
 
 ### Create the Resources
+
 Run the following commands:
 
     terraform init
     terraform plan
     terraform apply
 
 ### Destroy the Deployment
+
 When you no longer need the deployment, you can run this command to destroy the resources:
 
     terraform destroy
 
 ## Deploy as a Module
+
 It's possible to utilize this repository as remote module, providing the necessary inputs:
 
 ```
@@ -107,11 +140,15 @@ module "arch-postgresql" {
   region                        = "<oci_region>"
   availability_domain_name       = "<availability_domain_name>"
   compartment_ocid              = "<compartment_ocid>"
-  use_existing_vcn              = true # You can inject your own VCN and subnet 
+  use_existing_vcn              = true # You can inject your own VCN and subnet
   create_in_private_subnet      = true # Subnet should be associated with NATGW and proper Route Table.
   postgresql_vcn                = oci_core_virtual_network.my_vcn.id # Injected VCN
   postgresql_subnet             = oci_core_subnet.my_private_subnet.id # Injected Private Subnet
   postgresql_password           = "<password>"
+  postgresql_version            = "14"
+  pg_whitelist_cidr             = "" # Example "10.0.0.0/16"
+  linux_os_version              = "8"
+  ssh_public_key                = "<your_public_ssh_key"
   postgresql_deploy_hotstandby1 = true # if we want to setup hotstandby1
   postgresql_deploy_hotstandby2 = true # if we want to setup hotstandby2
 }
@@ -122,12 +159,13 @@ module "arch-postgresql" {
 ![](./images/postgre-oci.png)
 
 ## Contributing
-This project is open source.  Please submit your contributions by forking this repository and submitting a pull request!  Oracle appreciates any contributions that are made by the open source community.
+
+This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
 
 ## License
+
 Copyright (c) 2024 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 
 See [LICENSE](LICENSE) for more details.
-
diff --git a/bastion.tf b/bastion.tf
@@ -64,7 +64,7 @@ resource "oci_bastion_bastion" "bastion-service" {
   compartment_id               = var.compartment_ocid
   target_subnet_id             = !var.use_existing_vcn ? oci_core_subnet.postgresql_subnet[0].id : var.postgresql_subnet
   client_cidr_block_allow_list = ["0.0.0.0/0"]
-  defined_tags                 = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags                 = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
   name                         = "BastionService${random_id.tag.hex}"
   max_session_ttl_in_seconds   = 10800
 }

diff --git a/block_volume.tf b/block_volume.tf
@@ -3,11 +3,11 @@
 
 resource "oci_core_volume" "postgresql_master_volume" {
   count               = var.add_iscsi_volume ? 1 : 0
-  availability_domain = var.availability_domain_name
+  availability_domain = local.get_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_Master_Volume"
   size_in_gbs         = var.iscsi_volume_size_in_gbs
-  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_volume_attachment" "postgresql_master_volume_attachment" {
@@ -32,11 +32,11 @@ resource "oci_core_volume_backup_policy_assignment" "postgresql_master_volume_ba
 
 resource "oci_core_volume" "postgresql_hotstandby1_volume" {
   count               = (var.postgresql_deploy_hotstandby1 && var.add_iscsi_volume && var.boot_volume_initial_backup) ? 1 : 0
-  availability_domain = var.postgresql_hotstandby1_ad == "" ? var.availability_domain_name : var.postgresql_hotstandby1_ad
+  availability_domain = var.postgresql_hotstandby1_ad == "" ? local.get_ad : local.standby2_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_HotStandby1_Volume"
   size_in_gbs         = var.iscsi_volume_size_in_gbs
-  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_volume_attachment" "postgresql_hotstandby1_volume_attachment" {
@@ -61,11 +61,11 @@ resource "oci_core_volume_backup_policy_assignment" "postgresql_hotstandby1_volu
 
 resource "oci_core_volume" "postgresql_hotstandby2_volume" {
   count               = (var.postgresql_deploy_hotstandby2 && var.add_iscsi_volume) ? 1 : 0
-  availability_domain = var.postgresql_hotstandby2_ad == "" ? var.availability_domain_name : var.postgresql_hotstandby2_ad
+  availability_domain = var.postgresql_hotstandby2_ad == "" ? local.get_ad : local.standby2_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_HotStandby2_Volume"
   size_in_gbs         = var.iscsi_volume_size_in_gbs
-  defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags        = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_volume_attachment" "postgresql_hotstandby2_volume_attachment" {

diff --git a/compute.tf b/compute.tf
@@ -20,7 +20,7 @@ data "template_cloudinit_config" "cloud_init" {
 }
 
 resource "oci_core_instance" "postgresql_master" {
-  availability_domain = var.availability_domain_name
+  availability_domain = local.get_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_Master"
   shape               = var.postgresql_instance_shape
@@ -46,7 +46,7 @@ resource "oci_core_instance" "postgresql_master" {
     }
   }
 
-  fault_domain = var.postgresql_master_fd
+  fault_domain = contains(["1", "2", "3"],tostring(var.postgresql_master_fd)) ? "FAULT-DOMAIN-${var.postgresql_master_fd}" : "FAULT-DOMAIN-1"
 
   create_vnic_details {
     subnet_id        = !var.use_existing_vcn ? oci_core_subnet.postgresql_subnet[0].id : var.postgresql_subnet
@@ -69,7 +69,7 @@ resource "oci_core_instance" "postgresql_master" {
     command = "sleep 240"
   }
 
-  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_boot_volume_backup" "postgresql_master_boot_volume_backup" {
@@ -87,7 +87,7 @@ resource "oci_core_volume_backup_policy_assignment" "postgresql_master_boot_volu
 
 resource "oci_core_instance" "postgresql_hotstandby1" {
   count               = var.postgresql_deploy_hotstandby1 ? 1 : 0
-  availability_domain = var.postgresql_hotstandby1_ad == "" ? var.availability_domain_name : var.postgresql_hotstandby1_ad
+  availability_domain = var.postgresql_hotstandby1_ad == "" ? local.get_ad : local.standby1_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_HotStandby1"
   shape               = var.postgresql_hotstandby1_shape
@@ -114,7 +114,7 @@ resource "oci_core_instance" "postgresql_hotstandby1" {
   }
 
 
-  fault_domain = var.postgresql_hotstandby1_fd
+  fault_domain = contains(["1", "2", "3"],tostring(var.postgresql_hotstandby1_fd)) ? "FAULT-DOMAIN-${var.postgresql_hotstandby1_fd}" : "FAULT-DOMAIN-2"
 
   create_vnic_details {
     subnet_id        = !var.use_existing_vcn ? oci_core_subnet.postgresql_subnet[0].id : var.postgresql_subnet
@@ -137,7 +137,7 @@ resource "oci_core_instance" "postgresql_hotstandby1" {
     command = "sleep 240"
   }
 
-  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_boot_volume_backup" "postgresql_hotstandby1_boot_volume_backup" {
@@ -155,7 +155,7 @@ resource "oci_core_volume_backup_policy_assignment" "postgresql_hotstandby1_boot
 
 resource "oci_core_instance" "postgresql_hotstandby2" {
   count               = var.postgresql_deploy_hotstandby2 ? 1 : 0
-  availability_domain = var.postgresql_hotstandby2_ad == "" ? var.availability_domain_name : var.postgresql_hotstandby2_ad
+  availability_domain = var.postgresql_hotstandby2_ad == "" ? local.get_ad : local.standby2_ad
   compartment_id      = var.compartment_ocid
   display_name        = "PostgreSQL_HotStandby2"
   shape               = var.postgresql_hotstandby2_shape
@@ -182,7 +182,7 @@ resource "oci_core_instance" "postgresql_hotstandby2" {
     }
   }
 
-  fault_domain = var.postgresql_hotstandby2_fd
+  fault_domain = contains(["1", "2", "3"],tostring(var.postgresql_hotstandby2_fd)) ? "FAULT-DOMAIN-${var.postgresql_hotstandby2_fd}" : "FAULT-DOMAIN-3"
 
   create_vnic_details {
     subnet_id        = !var.use_existing_vcn ? oci_core_subnet.postgresql_subnet[0].id : var.postgresql_subnet
@@ -205,7 +205,7 @@ resource "oci_core_instance" "postgresql_hotstandby2" {
     command = "sleep 240"
   }
 
-  defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
+  #defined_tags = { "${oci_identity_tag_namespace.ArchitectureCenterTagNamespace.name}.${oci_identity_tag.ArchitectureCenterTag.name}" = var.release }
 }
 
 resource "oci_core_boot_volume_backup" "postgresql_hotstandby2_boot_volume_backup" {

diff --git a/datasources.tf b/datasources.tf
@@ -1,15 +1,32 @@
 ## Copyright (c) 2022 Oracle and/or its affiliates.
 ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
 
+
+
+locals {
+  get_ad = "${lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain_number - 1], "name")}"
+  standby1_ad = var.postgresql_hotstandby1_ad == "" ? null : "${lookup(data.oci_identity_availability_domains.ads.availability_domains[var.postgresql_hotstandby1_ad - 1], "name")}"
+  standby2_ad = var.postgresql_hotstandby2_ad == "" ? null : "${lookup(data.oci_identity_availability_domains.ads.availability_domains[var.postgresql_hotstandby2_ad - 1], "name")}"
+
+}
+
+
+data "oci_identity_availability_domains" "ads" {
+    #Required
+    compartment_id = var.compartment_ocid
+}
+
+
+
 data "oci_core_vnic_attachments" "postgresql_master_vnics" {
   compartment_id      = var.compartment_ocid
-  availability_domain = var.availability_domain_name
+  availability_domain = local.get_ad
   instance_id         = oci_core_instance.postgresql_master.id
 }
 
 
 data "oci_core_vnic_attachments" "postgresql_master_primaryvnic_attach" {
-  availability_domain = var.availability_domain_name
+  availability_domain = local.get_ad
   compartment_id      = var.compartment_ocid
   instance_id         = oci_core_instance.postgresql_master.id
 }
@@ -20,7 +37,7 @@ data "oci_core_vnic" "postgresql_master_primaryvnic" {
 
 data "oci_core_vnic_attachments" "postgresql_hotstandby1_primaryvnic_attach" {
   count               = var.postgresql_deploy_hotstandby1 ? 1 : 0
-  availability_domain = var.postgresql_hotstandby1_ad
+  availability_domain = local.standby1_ad
   compartment_id      = var.compartment_ocid
   instance_id         = oci_core_instance.postgresql_hotstandby1[count.index].id
 }
@@ -32,7 +49,7 @@ data "oci_core_vnic" "postgresql_hotstandby1_primaryvnic" {
 
 data "oci_core_vnic_attachments" "postgresql_hotstandby2_primaryvnic_attach" {
   count               = var.postgresql_deploy_hotstandby2 ? 1 : 0
-  availability_domain = var.postgresql_hotstandby2_ad
+  availability_domain = local.standby2_ad
   compartment_id      = var.compartment_ocid
   instance_id         = oci_core_instance.postgresql_hotstandby2[count.index].id
 }