From 2258b0deb612f4f472c414cb2209cd6d654a48d0 Mon Sep 17 00:00:00 2001 From: jackiewangjingchun-cpu Date: Wed, 11 Feb 2026 23:17:00 +0800 Subject: [PATCH 1/2] feat(oci): add Oracle Cloud Infrastructure template (#201) - OCI Compute instance provisioning - VCN, subnet, and security group automation - Coder agent auto-installation - Configurable instance shapes Fixes #201 --- templates/oci/main.tf | 237 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 237 insertions(+) create mode 100644 templates/oci/main.tf diff --git a/templates/oci/main.tf b/templates/oci/main.tf new file mode 100644 index 000000000..0c7d2a17f --- /dev/null +++ b/templates/oci/main.tf @@ -0,0 +1,237 @@ +# Oracle Cloud Infrastructure (OCI) Template for Coder +# This template provisions Coder workspaces on OCI Compute instances + +terraform { + required_providers { + coder = { + source = "coder/coder" + } + oci = { + source = "oracle/oci" + } + } +} + +# OCI Provider Configuration +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + private_key_path = var.private_key_path + fingerprint = var.fingerprint + region = var.region +} + +# Coder data +data "coder_workspace" "me" {} + +# Variables +variable "tenancy_ocid" { + description = "OCI Tenancy OCID" + type = string +} + +variable "user_ocid" { + description = "OCI User OCID" + type = string +} + +variable "private_key_path" { + description = "Path to OCI API private key" + type = string +} + +variable "fingerprint" { + description = "OCI API Key Fingerprint" + type = string +} + +variable "region" { + description = "OCI Region" + type = string + default = "us-ashburn-1" +} + +variable "compartment_ocid" { + description = "OCI Compartment OCID" + type = string +} + +variable "ssh_public_key" { + description = "SSH Public Key" + type = string +} + +variable "instance_shape" { + description = "OCI Compute Instance Shape" + type = string + default = "VM.Standard.E4.Flex" +} + +variable "instance_ocpus" { + description = "Number of OCPUs" + type = number + default = 2 +} + +variable "instance_memory_in_gbs" { + description = "Memory in GB" + type = number + default = 8 +} + +# Get availability domains +data "oci_identity_availability_domains" "ads" { + compartment_id = var.tenancy_ocid +} + +# Get latest Oracle Linux image +data "oci_core_images" "oracle_linux" { + compartment_id = var.compartment_ocid + operating_system = "Oracle Linux" + operating_system_version = "8" + shape = var.instance_shape + sort_by = "TIMECREATED" + sort_order = "DESC" +} + +# Create VCN +resource "oci_core_vcn" "coder_vcn" { + compartment_id = var.compartment_ocid + cidr_block = "10.0.0.0/16" + display_name = "coder-vcn-${data.coder_workspace.me.id}" + dns_label = "codervcn" +} + +# Create Internet Gateway +resource "oci_core_internet_gateway" "coder_igw" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.coder_vcn.id + display_name = "coder-igw-${data.coder_workspace.me.id}" +} + +# Create Route Table +resource "oci_core_route_table" "coder_rt" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.coder_vcn.id + display_name = "coder-rt-${data.coder_workspace.me.id}" + + route_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_internet_gateway.coder_igw.id + } +} + +# Create Security List +resource "oci_core_security_list" "coder_sl" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.coder_vcn.id + display_name = "coder-sl-${data.coder_workspace.me.id}" + + # SSH + ingress_security_rules { + protocol = "6" # TCP + source = "0.0.0.0/0" + stateless = false + + tcp_options { + min = 22 + max = 22 + } + } + + # Coder app + ingress_security_rules { + protocol = "6" # TCP + source = "0.0.0.0/0" + stateless = false + + tcp_options { + min = 3000 + max = 3000 + } + } + + egress_security_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + protocol = "all" + stateless = false + } +} + +# Create Subnet +resource "oci_core_subnet" "coder_subnet" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.coder_vcn.id + cidr_block = "10.0.1.0/24" + display_name = "coder-subnet-${data.coder_workspace.me.id}" + dns_label = "codersubnet" + security_list_ids = [oci_core_security_list.coder_sl.id] + route_table_id = oci_core_route_table.coder_rt.id + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name +} + +# Create Compute Instance +resource "oci_core_instance" "coder_instance" { + availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name + compartment_id = var.compartment_ocid + display_name = "coder-${data.coder_workspace.me.name}" + shape = var.instance_shape + + shape_config { + ocpus = var.instance_ocpus + memory_in_gbs = var.instance_memory_in_gbs + } + + create_vnic_details { + subnet_id = oci_core_subnet.coder_subnet.id + display_name = "coder-vnic-${data.coder_workspace.me.id}" + assign_public_ip = true + } + + source_details { + source_type = "image" + source_id = data.oci_core_images.oracle_linux.images[0].id + } + + metadata = { + ssh_authorized_keys = var.ssh_public_key + } + + preserve_boot_volume = false +} + +# Coder Agent Resource +resource "coder_agent" "main" { + arch = "amd64" + os = "linux" + startup_script = < Date: Wed, 11 Feb 2026 23:17:10 +0800 Subject: [PATCH 2/2] docs(oci): add comprehensive OCI template documentation --- templates/oci/README.md | 207 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 207 insertions(+) create mode 100644 templates/oci/README.md diff --git a/templates/oci/README.md b/templates/oci/README.md new file mode 100644 index 000000000..9373fb430 --- /dev/null +++ b/templates/oci/README.md @@ -0,0 +1,207 @@ +# Oracle Cloud Infrastructure (OCI) Template for Coder + +This template allows you to provision Coder workspaces on Oracle Cloud Infrastructure (OCI) Compute instances. + +## Overview + +Deploy Coder workspaces on OCI with customizable compute shapes, networking, and automatic Coder agent setup. + +## Features + +- ✅ OCI Compute instance provisioning +- ✅ Customizable instance shapes (OCPUs and Memory) +- ✅ Automatic VCN, subnet, and security group creation +- ✅ Coder agent auto-installation +- ✅ SSH access enabled + +## Prerequisites + +1. **OCI Account** with necessary permissions +2. **OCI API Key** configured +3. **Terraform** >= 1.0 installed + +## Configuration + +### 1. OCI API Key Setup + +Follow the [OCI documentation](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm) to create an API signing key. + +### 2. Required Variables + +| Variable | Description | Example | +|----------|-------------|---------| +| `tenancy_ocid` | Your OCI Tenancy OCID | `ocid1.tenancy.oc1..xxx` | +| `user_ocid` | Your OCI User OCID | `ocid1.user.oc1..xxx` | +| `private_key_path` | Path to your API private key | `~/.oci/oci_api_key.pem` | +| `fingerprint` | API Key fingerprint | `xx:xx:xx:xx:xx:xx` | +| `region` | OCI Region | `us-ashburn-1` | +| `compartment_ocid` | Compartment OCID | `ocid1.compartment.oc1..xxx` | +| `ssh_public_key` | Your SSH public key | `ssh-rsa AAA...` | + +### 3. Optional Variables + +| Variable | Description | Default | +|----------|-------------|---------| +| `instance_shape` | Compute shape | `VM.Standard.E4.Flex` | +| `instance_ocpus` | Number of OCPUs | `2` | +| `instance_memory_in_gbs` | Memory in GB | `8` | + +## Usage + +### As a Coder Template + +```bash +# Login to Coder +coder login https://coder.example.com + +# Create template from this directory +coder templates create oci-template + +# Create a workspace +coder create oci-workspace --template oci-template +``` + +### With Terraform Directly + +```bash +# Set environment variables +export TF_VAR_tenancy_ocid="ocid1.tenancy.oc1..xxx" +export TF_VAR_user_ocid="ocid1.user.oc1..xxx" +export TF_VAR_private_key_path="~/.oci/oci_api_key.pem" +export TF_VAR_fingerprint="xx:xx:xx:xx:xx:xx" +export TF_VAR_compartment_ocid="ocid1.compartment.oc1..xxx" +export TF_VAR_ssh_public_key="ssh-rsa AAA..." + +# Initialize and apply +terraform init +terraform apply +``` + +## Architecture + +``` +┌─────────────────────────────────────┐ +│ OCI Region │ +│ ┌───────────────────────────────┐ │ +│ │ VCN │ │ +│ │ CIDR: 10.0.0.0/16 │ │ +│ │ │ │ +│ │ ┌─────────────────────────┐ │ │ +│ │ │ Subnet │ │ │ +│ │ │ CIDR: 10.0.1.0/24 │ │ │ +│ │ │ │ │ │ +│ │ │ ┌─────────────────┐ │ │ │ +│ │ │ │ Compute │ │ │ │ +│ │ │ │ Instance │ │ │ │ +│ │ │ │ │ │ │ │ +│ │ │ │ - Coder Agent │ │ │ │ +│ │ │ │ - Docker │ │ │ │ +│ │ │ │ - Dev Tools │ │ │ │ +│ │ │ └─────────────────┘ │ │ │ +│ │ └─────────────────────────┘ │ │ +│ │ │ │ +│ │ Internet Gateway │ │ +│ │ Route Table │ │ +│ │ Security List │ │ +│ └───────────────────────────────┘ │ +└─────────────────────────────────────┘ +``` + +## Compute Shapes + +Common OCI compute shapes supported: + +| Shape | OCPUs | Memory | Use Case | +|-------|-------|--------|----------| +| VM.Standard.E4.Flex | 1-64 | 1-1024 GB | General purpose | +| VM.Standard.A1.Flex | 1-80 | 1-512 GB | Arm-based, cost-effective | +| VM.Standard3.Flex | 1-32 | 1-512 GB | Intel Xeon | + +## Networking + +The template creates: +- **VCN** with CIDR `10.0.0.0/16` +- **Subnet** with CIDR `10.0.1.0/24` +- **Internet Gateway** for outbound connectivity +- **Security List** allowing: + - SSH (port 22) + - Coder app (port 3000) + +## Security + +- SSH key authentication required +- Security groups restrict inbound traffic +- No password authentication +- Boot volume not preserved on termination + +## Cost Considerations + +- OCI offers [Always Free](https://www.oracle.com/cloud/free/) tier resources +- VM.Standard.E4.Flex with 1 OCPU and 1 GB RAM is Always Free eligible +- Monitor your usage to avoid unexpected charges + +## Troubleshooting + +### Instance Not Creating + +Check OCI console for: +- Service limits in your region +- Available capacity in availability domain +- Valid compartment permissions + +### Cannot Connect via SSH + +1. Verify SSH key is correct +2. Check security list allows port 22 +3. Ensure instance has public IP assigned + +### Coder Agent Not Starting + +1. Check instance has internet access +2. Verify startup script logs: `/var/log/messages` +3. Ensure correct architecture (amd64/arm64) + +## Resources Created + +| Resource | Type | Description | +|----------|------|-------------| +| `oci_core_vcn` | Networking | Virtual Cloud Network | +| `oci_core_subnet` | Networking | Subnet for instances | +| `oci_core_internet_gateway` | Networking | Internet access | +| `oci_core_security_list` | Networking | Firewall rules | +| `oci_core_instance` | Compute | Coder workspace VM | +| `coder_agent` | Coder | Coder agent resource | + +## Cleanup + +```bash +# Destroy all resources +terraform destroy + +# Or via Coder UI +coder delete oci-workspace +``` + +## Contributing + +1. Fork the repository +2. Create a feature branch +3. Submit a PR with your changes +4. Include testing notes + +## License + +MIT License - See LICENSE file + +## References + +- [OCI Documentation](https://docs.oracle.com/en-us/iaas/Content/home.htm) +- [Coder Documentation](https://coder.com/docs) +- [OCI Terraform Provider](https://registry.terraform.io/providers/oracle/oci/latest/docs) + +## Support + +For issues related to: +- **OCI**: Contact Oracle Cloud Support +- **Coder**: Visit [Coder Discord](https://discord.gg/coder) +- **This Template**: Open an issue in this repository