-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcompute.tf
89 lines (80 loc) · 4.05 KB
/
compute.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# ------------------------------------------------------------------------------
# Trivadis - Part of Accenture, Platform Factory - Data Platforms
# Saegereistrasse 29, 8152 Glattbrugg, Switzerland
# ------------------------------------------------------------------------------
# Name.......: compute.tf
# Author.....: Stefan Oehrli (oes) [email protected]
# Editor.....: Stefan Oehrli
# Date.......: 2023.04.19
# Revision...:
# Purpose....: Compute Instance for the terraform module tvdlab bastion.
# Notes......: --
# Reference..: --
# License....: Apache License Version 2.0, January 2004 as shown
# at http://www.apache.org/licenses/
# ------------------------------------------------------------------------------
resource "oci_core_instance" "bastion" {
count = var.bastion_enabled == true ? var.numberOf_labs : 0
availability_domain = local.availability_domain
compartment_id = var.compartment_id
display_name = var.label_prefix == "none" ? format("${local.resource_shortname}-${var.bastion_name}%02d", count.index) : format("${var.label_prefix}-${local.resource_shortname}-${var.bastion_name}%02d", count.index)
shape = var.bastion_shape
state = var.bastion_state
freeform_tags = var.tags
defined_tags = var.defined_tags
create_vnic_details {
subnet_id = var.bastion_subnet[count.index]
assign_public_ip = true
display_name = var.label_prefix == "none" ? "bastion-vnic" : "${var.label_prefix}-bastion-vnic"
hostname_label = var.label_prefix == "none" ? format("${local.resource_shortname}-${var.bastion_name}%02d", count.index) : format("${var.label_prefix}-${local.resource_shortname}-${var.bastion_name}%02d", count.index)
}
instance_options {
# disable the legacy (/v1) instance metadata service endpoints
are_legacy_imds_endpoints_disabled = true
}
# Whether to enable in-transit encryption for the data volume's paravirtualized attachment
is_pv_encryption_in_transit_enabled = true
# prevent the bastion from destroying and recreating itself if the image ocid changes
lifecycle {
ignore_changes = [source_details[0].source_id]
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
user_data = base64gzip(templatefile(local.bootstrap_cloudinit_template, {
guacamole_user = var.guacamole_user
ssh_port = var.inbound_ssh_port
vpn_port = var.inbound_vpn_port
guacamole_connections = base64gzip(local.guacamole_connections)
authorized_keys = base64gzip(var.ssh_public_key)
etc_hosts = base64gzip(local.hosts_file)
fail2ban_config = local.fail2ban_config
post_bootstrap_config = base64gzip(file(local.post_bootstrap_config))
guacamole_initialization = base64gzip(templatefile("${path.module}/scripts/guacamole_init.template.sh", {
webhost_name = var.webhost_name
webproxy_name = var.webproxy_name
host_name = var.label_prefix == "none" ? format("${local.resource_shortname}-${var.bastion_name}%02d", count.index) : format("${var.label_prefix}-${local.resource_shortname}-${var.bastion_name}%02d", count.index)
domain_name = var.lab_domain
admin_email = var.admin_email
staging = local.staging
vpn_port = var.inbound_vpn_port
guacamole_enabled = var.guacamole_enabled
guacamole_user = var.guacamole_user
guacadmin_user = var.guacadmin_user
guacadmin_password = var.guacadmin_password
}))
}))
}
shape_config {
memory_in_gbs = var.bastion_memory_in_gbs
ocpus = var.bastion_ocpus
}
source_details {
source_type = "image"
source_id = local.bastion_image_id
boot_volume_size_in_gbs = var.bastion_boot_volume_size
}
timeouts {
create = "60m"
}
}
# --- EOF ----------------------------------------------------------------------