Skip to content

Go programs to manage VIP association to Oracle Cloud Instance VNICs and destinations in Subnet Routing Tables

Notifications You must be signed in to change notification settings

daniel-pro/go-oci-linux-vip-routing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

go-oci-linux-vip-routing

Go programs to manage VIP association to Oracle Cloud Instance VNICs and Subnet Routing Tables

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Prerequisites

This project requires

Installing

  • Install Go
  • Install oci-go-sdk - you can skip the SDK Configuration as we'll see later, these programs leverage the OCI IAM Feature called Instance Principals that will allow our VM instance to make API calls to OCI Services without configuring any user credentials
  • Clone this repo under your Go workspace directory
$ cd $HOME/go/src
$ git clone https://github.com/daniel-pro/go-oci-linux-vip-routing.git

Build

$ cd $HOME/go/src/go-oci-linux-vip-routing
$ go build movePrivateIp.go
$ go build moveRoutingRule.go

Configuration

This projects to call OCI services uses Instance Principals https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm to authenticate in OCI without any credentials . Therefore to make it working an additional configuration is required in OCI

  • Create a Dynamic Group and call it IPSec-VRRP-DGroup or whatever name you like
  • Create a rule which includes all instances where the script will be invoked :
    ANY {instance.id = 'ocid1.instance.oc1.eu-frankfurt-1.<instance-id>', instance.id = 'ocid1.instance.oc1.eu-frankfurt-1.<instance-id>', instance.id = 'ocid1.instance.oc1.eu-frankfurt-1.<instance-id>'}
  • Creare a new Policy and call it IPSec-VRRP-DGroup-ManageNetwork-Policy or whatever suits you best
  • Add the following Policy Statements :
   Allow dynamic-group IPSec-VRRP-DGroup to use private-ips in compartment <YOUR_COMPARTMENT>
   Allow dynamic-group IPSec-VRRP-DGroup to use subnets in compartment <YOUR_COMPARTMENT> 
   Allow dynamic-group IPSec-VRRP-DGroup to use vnics in compartment <YOUR_COMPARTMENT>
   Allow dynamic-group IPSec-VRRP-DGroup to manage virtual-network-family in compartment <YOUR_COMPARTMENT>
   Allow dynamic-group IPSec-VRRP-DGroup to use instances in compartment <YOUR_COMPARTMENT>

About

Go programs to manage VIP association to Oracle Cloud Instance VNICs and destinations in Subnet Routing Tables

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages