Skip to content

Latest commit

 

History

History
462 lines (386 loc) · 11.1 KB

terraformoptions.adoc

File metadata and controls

462 lines (386 loc) · 11.1 KB

Terraform Options

1. Provider

Parameter Description Values Default

api_fingerprint

ssl fingerprint of api public key. Required

None

api_private_key_path

path to api private key. Required

None

region

Region where to provision the resources. List of regions. Required

None

tenancy_ocid

Tenancy id of the user. Required

None

user_ocid

User’s id. Required

None

2. General OCI

Parameter Description Values Default

compartment_id

Compartment id where the VCN and other resources will be provisioned. Required

None

label_prefix

a string to be prepended to the name of resources. Recommended. Set to "none" if you dont want any prefix.

3. OCI Networking

Parameter Description Values Default

create_drg

whether to create Dynamic Routing Gateway. If set to true, creates a Dynamic Routing Gateway and attach it to the vcn.

true/false

false

drg_display_name

Name of Dynamic Routing Gateway. Does not have to be unique (Updatable)

internet_gateway_enabled

Whether to create an internet gateway. Required for public subnets.

true/false

true

lockdown_default_seclist

whether to remove all default security rules from the VCN Default Security List

true/false

true

nat_gateway_enabled

Whether to create a NAT gateway. Required for private subnets.

true/false

true

nat_gateway_public_ip_id

OCID of reserved IP address for NAT gateway. The reserved public IP address needs to be manually created. The default value of "none" will select a public IP address from the Oracle pool.

none

service_gateway_enabled

Whether to create a Service Gateway to use Oracle Services.

true/false

true

tags

The tags to apply on the VCN.

map(any)

null

vcn_cidr

The VCN’s CIDR block.

10.0.0.0/16

vcn_dns_label

The internal DNS domain for resources created and prepended to "oraclevcn.com" which is the VCN-internal domain name. Required

vcn_name

The name of the VCN that will be appended to the label_prefix. Recommended

internet_gateway_route_rules

List of routing rules to add to Internet Gateway Route Table. (Updatable)

[ { destination = "192.168.1.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "drg" // use drg created by this module. Requires `create_drg = true description = "route through drg" }, { destination = "8.8.8.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "internet_gateway" // use Internet Gateway created by this module. Requires internet_gateway_enabled = true description = "route through Internet Gateway" }, { destination = "8.8.8.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "ocid1.drg." // use an externally created resource or a resource that was not available at the time of the 1st run` description = "route through an externally created resource or a resource that was not available at the time of the 1st run" } ]`

nat_gateway_route_rules

List of routing rules to add to NAT Gateway Route Table. (Updatable)

[ { destination = "192.168.1.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "drg" // use drg created by this module. Requires `create_drg = true description = "route through drg" }, { destination = "8.8.8.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "nat_gateway" // use NAT gateway created by this module. Requires nat_gateway_enabled = true description = "route through NAT gateway" }, { destination = "8.8.8.0/24" destination_type = "CIDR_BLOCK" network_entity_id = "ocid1.drg." // use an externally created resource or a resource that was not available at the time of the 1st run` description = "route through an externally created resource or a resource that was not available at the time of the 1st run" } ]`

4. Bastion Host

Parameter Description Values Default

availability_domains

The Availability Domain where to provision resources e.g. bastion host. This is specified in the form of a map.

 
1
 
1

bastion_access

CIDR block in the form of a string to which ssh access to the bastion must be restricted to. ANYWHERE is equivalent to 0.0.0.0/0 and allows ssh access from anywhere.

XYZ.XYZ.XYZ.XYZ/YY

ANYWHERE

bastion_enabled

Whether to create the bastion host.

true/false

false

bastion_image_id

Provide a custom image id for the bastion host or leave as Autonomous.

imageid/Autonomous

Autonomous

bastion_operating_system_version

The version of the operating system.

7.9

7.9

bastion_shape

The shape of bastion instance. This is now specified as a map and supports E3.Flex. If a non-Flex shape is specified, then the other parameters are ignored.

e.g. bastion_shape = { shape="VM.Standard.E3.Flex", ocpus=1, memory=4, boot_volume_size=50 }

bastion_shape = { shape="VM.Standard.E3.Flex", ocpus=1, memory=4, boot_volume_size=50 }

bastion_state

The default state of the bastion compute instance.

RUNNING/STOPPED

RUNNING

bastion_upgrade

Whether to upgrade the bastion host packages after provisioning. It’s useful to set this to false during development/testing so the bastion is provisioned faster.

true/false

true

newbits

The difference between the VCN’s netmask and the desired subnets' masks specified in the form of a map. The values of the map are used as the newbits parameter in the cidrsubnet Terraform function to calculate each subnet’s mask.

 
14
 
14

netnum

0-based index of the subnet when the VCN’s CIDR is masked with the corresponding newbit value and specified in the form of a map. Used to define the boundaries of the subnet. The values of the map are used as the netnum parameter in the cidrsubnet Terraform function.

 
0
 
0

notification_enabled

Whether to enable ONS notification for the bastion host.

true/false

false

notification_endpoint

The subscription notification endpoint. Email address to be notified. Required if notification_enabled = true .

notification_protocol

The notification protocol used.

EMAIL

notification_topic

The name of the notification topic

bastion

ssh_private_key_path

path to ssh private key. This ssh key is used to authenticate and log into the bastion host. Must be the private key of the public key provided below. Required if bastion is enabled.

None

ssh_public_key_path

path to ssh public key. The ssh key is used when provisioning the bastion host. Must be the public key of the private key provided above. Required if bastion is enabled.

None

tags

The tags to apply on the bastion resources.

map(any)

 
tags = {
    role        = "bastion"
}

timezone

The preferred timezone for the bastion host. List of timezones

5. Operator Host

Parameter Description Values Default

operator_enabled

Whether to create the operator host.

true/false

false

operator_image_id

Custom image id for the operator host

image_id/Oracle. If the value is set to Oracle, an Oracle Platform image will be used instead.

Oracle

enable_instance_principal

Whether to enable instance_principal on the operator server. Refer to instance_principal[instance_principal]

true/false

false

newbits

The difference between the VCN’s netmask and the desired subnets' masks specified in the form of a map. The values of the map are used as the newbits parameter in the cidrsubnet Terraform function to calculate each subnet’s mask.

 
14
 
14

netnum

0-based index of the subnet when the VCN’s CIDR is masked with the corresponding newbit value and specified in the form of a map. Used to define the boundaries of the subnet. The values of the map are used as the netnum parameter in the cidrsubnet Terraform function.

 
0
 
0

notification_enabled

Whether to enable ONS notification for the operator host. Do not enable for now.

true/false

false

notification_endpoint

The subscription notification endpoint. Email address to be notified. Only email is currently supported although ONS can also support Slack, Pagerduty among others.

notification_protocol

The notification protocol used.

EMAIL

EMAIL

notification_topic

The name of the notification topic

operator

operator_package_upgrade

Whether to also upgrade the packages for the operator host.

true/false

true

operator_shape

The shape of operator instance. This is now specified as a map and supports E3.Flex. If a non-Flex shape is specified, then the other parameters are ignored.

e.g. operator_shape = { shape="VM.Standard.E3.Flex", ocpus=1, memory=4, boot_volume_size=50 }

operator_shape = { shape="VM.Standard.E3.Flex", ocpus=1, memory=4, boot_volume_size=50 }

operator_state

The state of the operator instance whether RUNNING or STOPPED.

RUNNING/STOPPED

RUNNING

operating_system_version

The Oracle Linux version.

"8"

"8"

ssh_private_key_path

path to ssh private key. This ssh key is used to authenticate and log into the bastion host. Must be the private key of the public key provided below. Required if bastion is enabled.

None

ssh_public_key_path

path to ssh public key. The ssh key is used when provisioning the bastion host. Must be the public key of the private key provided above. Required if bastion is enabled.

None

tags

The tags to apply on the bastion resources.

map(any)

 
tags = {
  role        = "operator"
}

operator_timezone

The preferred timezone for the operator host. List of timezones

Australia/Sydney