From 480e75729a81f6981fbafd22dabfd31f6c40f9a3 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Wed, 28 May 2025 21:08:04 -0700 Subject: [PATCH 1/2] Development (#322) merge from development to main --------- Co-authored-by: Abhijit Paranjpe <109541284+abhijit-paranjpe@users.noreply.github.com> Co-authored-by: telake Co-authored-by: Roberto Sanchez Herrera Co-authored-by: P M Darshan Co-authored-by: C R Aniruddh Srivatsa Co-authored-by: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Co-authored-by: Chintamani Bhat Co-authored-by: Sarada Kommalapati Co-authored-by: Adrian Padilla Duarte Co-authored-by: Mahuwa-Barman Co-authored-by: srjanaki Co-authored-by: ManviGupta-prog Co-authored-by: Ananya Tripathi --- terraform/locals.tf | 5 +++-- terraform/main.tf | 7 ++++++- terraform/modules/observability/osmh/versions.tf | 10 ++++++++++ terraform/modules/policies/locals.tf | 9 ++++++--- terraform/modules/policies/variables.tf | 7 ++++++- terraform/modules/validators/validators.tf | 3 +++ terraform/modules/validators/variables.tf | 8 ++++++++ terraform/schema.yaml | 2 +- terraform/schema_14110.yaml | 2 +- terraform/schema_14120.yaml | 2 +- terraform/variables.tf | 2 -- terraform/versions.tf | 2 +- 12 files changed, 46 insertions(+), 13 deletions(-) create mode 100644 terraform/modules/observability/osmh/versions.tf diff --git a/terraform/locals.tf b/terraform/locals.tf index 7ddb8551..2059b25c 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -196,8 +196,9 @@ locals { select_existing_profile = var.select_existing_profile create_profile = (local.enable_osmh && !local.select_existing_profile) ? true : false profile_ocid = local.select_existing_profile ? var.profile_ocid : "" - profile_compartment_id = var.profile_compartment_id - profile_name = var.profile_name + profile_compartment_id = var.profile_compartment_id == "" ? var.compartment_ocid : var.profile_compartment_id + profile_name = var.profile_name == "" ? format("%s_profile", local.service_name_prefix) : var.profile_name + # Secured Production Mode preserve_boot_properties = var.configure_secure_mode ? var.preserve_boot_properties : true diff --git a/terraform/main.tf b/terraform/main.tf index eefefae4..93388b69 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -239,6 +239,8 @@ module "policies" { apm_domain_compartment_id = local.apm_domain_compartment_id use_autoscaling = var.use_autoscaling enable_osmh = var.enable_osmh + profile_compartment_id = var.profile_compartment_id + ocir_auth_token_id = var.ocir_auth_token_id add_fss = var.add_fss add_load_balancer = local.add_load_balancer @@ -484,6 +486,9 @@ module "validators" { wls_secondary_admin_password_id = local.wls_secondary_admin_password_id administration_port = var.administration_port ms_administration_port = var.ms_administration_port + + profile_ocid = local.profile_ocid + select_existing_profile = local.select_existing_profile } module "fss" { @@ -593,7 +598,7 @@ module "observability-osmh"{ source = "./modules/observability/osmh" count = local.create_profile ? 1 : 0 tenancy_id = var.tenancy_ocid - display_name = var.profile_name + display_name = local.profile_name compartment_id = local.profile_compartment_id } diff --git a/terraform/modules/observability/osmh/versions.tf b/terraform/modules/observability/osmh/versions.tf new file mode 100644 index 00000000..779e92ea --- /dev/null +++ b/terraform/modules/observability/osmh/versions.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index c4dd4249..cc7de66f 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -53,9 +53,12 @@ locals { plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2]) # Policies required for enabling the OSMH plugin - osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in tenancy" : "" - osmh_policy_statement2 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : "" - osmh_policy_statement = compact([local.osmh_policy_statement1, local.osmh_policy_statement2]) + osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.compartment_id}" : "" + osmh_policy_statement2 = var.enable_osmh? var.profile_compartment_id != var.compartment_id? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.profile_compartment_id}" : "" : "" + osmh_policy_statement3 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : "" + osmh_policy_statement4 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} in compartment id ${var.compartment_id}" : "" + osmh_policy_statement = compact([local.osmh_policy_statement1, local.osmh_policy_statement2, local.osmh_policy_statement3, local.osmh_policy_statement4]) + #Policies for WLS instance principal dynamic group autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : "" diff --git a/terraform/modules/policies/variables.tf b/terraform/modules/policies/variables.tf index ac18bc27..0f963765 100644 --- a/terraform/modules/policies/variables.tf +++ b/terraform/modules/policies/variables.tf @@ -224,7 +224,12 @@ variable "wls_secondary_admin_password_id" { description = "The OCID of the vault secret with the password for secondary WebLogic administration user" } variable "enable_osmh" { - type = bool + type = bool description = "Indicating that OSMH is enabled" } +variable "profile_compartment_id"{ + type = string + description = "The compartment Id to create the profile" +} + \ No newline at end of file diff --git a/terraform/modules/validators/validators.tf b/terraform/modules/validators/validators.tf index 80c4d627..6ce13a66 100644 --- a/terraform/modules/validators/validators.tf +++ b/terraform/modules/validators/validators.tf @@ -84,4 +84,7 @@ locals { invalid_jrf_12c_secure_mode = var.configure_secure_mode && local.is12cVersion && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "") invalid_jrf_12c_secure_mode_msg = "WLSC-ERROR: JRF domain is not supported for FMW 12c version in secured production mode." validate_jrf_12c_secure_mode = local.invalid_jrf_12c_secure_mode ? local.validators_msg_map[local.invalid_jrf_12c_secure_mode_msg] : "" + + missing_profile_id_msg = "WLSC-ERROR: The value for profile id is required if existing profile is used for OSMH" + validate_profile_id = (var.select_existing_profile && var.profile_ocid == "" ? local.validators_msg_map[local.missing_profile_id_msg] : null) } diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 31d0e195..0acf8f60 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -564,3 +564,11 @@ variable "ms_administration_port" { type = number description = "The administration port for managed servers to configure a secure WebLogic domain" } +variable "select_existing_profile"{ + type = bool + description = "Set to true to use an existing profile" +} +variable "profile_ocid"{ + type = string + description = "The ocid of the profile used for OSMH registration." +} \ No newline at end of file diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 896ce5ad..1b753aae 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -105,9 +105,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index a93dff23..37800d7e 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -78,9 +78,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" diff --git a/terraform/schema_14120.yaml b/terraform/schema_14120.yaml index 3be46da0..25d627bf 100644 --- a/terraform/schema_14120.yaml +++ b/terraform/schema_14120.yaml @@ -106,9 +106,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" diff --git a/terraform/variables.tf b/terraform/variables.tf index 1793919e..f4049d51 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -143,8 +143,6 @@ variable "profile_name" { description = "The name specified by user for creating the profile" default = "" } - - variable "profile_compartment_id"{ type = string description = "The compartment Id to create the profile" diff --git a/terraform/versions.tf b/terraform/versions.tf index cc23efac..5a89c253 100644 --- a/terraform/versions.tf +++ b/terraform/versions.tf @@ -6,7 +6,7 @@ terraform { required_providers { oci = { source = "oracle/oci" - version = "4.96.0" + version = "6.34.0" } random = { version = "~>3.4.3" From c8dcfbb4fb04604c5d99770a10fbe8130a7f5d27 Mon Sep 17 00:00:00 2001 From: Siddharth Sahu Date: Wed, 2 Jul 2025 13:43:56 +0530 Subject: [PATCH 2/2] ER 37979056 - Set the Http Idle timeout for OCI LB --- terraform/modules/lb/backends/lb_backends.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/lb/backends/lb_backends.tf b/terraform/modules/lb/backends/lb_backends.tf index 8ebb1139..5ff7bbab 100644 --- a/terraform/modules/lb/backends/lb_backends.tf +++ b/terraform/modules/lb/backends/lb_backends.tf @@ -67,7 +67,7 @@ resource "oci_load_balancer_listener" "wls_lb_listener_https" { rule_set_names = [oci_load_balancer_rule_set.SSL_headers[count.index].name] connection_configuration { - idle_timeout_in_seconds = "10" + idle_timeout_in_seconds = "300" } ssl_configuration { #Required