-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathinput.auto.tfvars.template
133 lines (127 loc) · 5.81 KB
/
input.auto.tfvars.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Copyright (c) 2023 Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#--------------------------------------------------------------------------------------------------------------------------------------
# 1. Rename this file to <project-name>.auto.tfvars, where <project-name> is a name of your choice.
# 2. Provide values for "Tenancy Connectivity Variables".
# 3. Replace <REPLACE-BY-*> placeholders with appropriate values.
#--------------------------------------------------------------------------------------------------------------------------------------
#---------------------------------------
# Tenancy Connectivity Variables
#---------------------------------------
tenancy_ocid = "<tenancy OCID>" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: <your tenancy name>").
user_ocid = "<user OCID>" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile").
fingerprint = "<PEM key fingerprint>" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side.
private_key_path = "<path to the private key>" # This is the full path on your local system to the API signing private key.
private_key_password = "" # This is the password that protects the private key, if any.
region = "<your tenancy region>" # The region name.
#---------------------------------------
# Input variable
#---------------------------------------
instances_configuration = {
default_compartment_id = "<REPLACE-BY-COMPARTMENT-OCID>"
default_subnet_id = "<REPLACE-BY-SUBNET-OCID>"
default_ssh_public_key_path = "~/.ssh/id_rsa.pub"
instances = {
INSTANCE-1 = {
cis_level = "2"
shape = "VM.Standard.E4.Flex"
name = "<REPLACE-BY-INSTANCE-NAME>"
placement = {
availability_domain = 1
fault_domain = 1
}
boot_volume = {
size = 120
preserve_on_instance_deletion = false
}
encryption = {
kms_key_id = "<REPLACE-BY-KEY-OCID>"
}
networking = {
hostname = "<REPLACE-BY-INSTANCE-HOSTNAME>"
network_security_groups = ["<REPLACE-BY-NETWORK-SECURITY-GROUP_NAME>"]
}
image = {
name = "Oracle Linux 7 STIG" # Marketplace image
publisher_name = "Oracle Linux"
}
cloud_agent = {
disable_monitoring = false
disable_management = false
plugins = [
{name = "Vulnerability Scanning", enabled = true},
{name = "Oracle Java Management Service", enabled = true},
{name = "Oracle Autonomous Linux", enabled = true},
{name = "Management Agent", enabled = true},
{name = "OS Management Service Agent", enabled = true}, # management plugin, impacted by disable_management attribute if not set.
{name = "Custom Logs Monitoring", enabled = true}, # monitoring plugin, impacted by disable_monitoring attribute if not set.
{name = "Compute RDMA GPU Monitoring", enabled = true},
{name = "Compute Instance Run Command", enabled = true}, # management plugin, impacted by disable_management attribute if not set.
{name = "Compute Instance Monitoring", enabled = true}, # monitoring plugin, impacted by disable_monitoring attribute if not set.
{name = "Compute HPC RDMA Auto-Configuration", enabled = true},
{name = "Compute HPC RDMA Authentication", enabled = true},
{name = "Block Volume Management", enabled = true},
{name = "Bastion", enabled = true}
]
}
cloud_init = {
script_file = "./cloud-init.yaml"
## Comment the line above and uncomment the following five lines if you want provide the script inlined in heredoc style.
# heredoc_script = <<YAML
# #cloud-config
# runcmd:
# - echo 'This instance was provisioned by Terraform.' >> /etc/motd
# YAML
}
}
INSTANCE-2 = { # Shielded instance, per platform_type and boot_volume.measured_boot settings.
shape = "VM.Standard.E4.Flex"
name = "<REPLACE-BY-INSTANCE-NAME>"
platform_type = "AMD_VM"
placement = {
availability_domain = 1
fault_domain = 2
}
boot_volume = {
size = 120
preserve_on_instance_deletion = true
measured_boot = true # applicable when platform_type is set.
backup_policy = "silver"
}
networking = {
hostname = "<REPLACE-BY-INSTANCE-HOSTNAME>"
network_security_groups = ["<REPLACE-BY-NETWORK-SECURITY-GROUP_NAME>"]
}
encryption = {
encrypt_in_transit_on_instance_create = true
}
image = {
id = "ocid1.image.oc1.iad.aaaaaaaamf35m2qg5krijvq4alf6qmvdqiroq4i5zdwqqdijmstn4ryes36q" # Oracle-Linux-8.8-2023.08.31-0 platform image
}
}
INSTANCE-3 = { # Confidential computing instance, per platform_type and encryption.encrypt_data_in_use settings.
shape = "VM.Standard.E4.Flex"
name = "<REPLACE-BY-INSTANCE-NAME>"
platform_type = "AMD_VM"
placement = {
availability_domain = 1
fault_domain = 3
}
boot_volume = {
size = 120
preserve_on_instance_deletion = true
backup_policy = "gold"
}
networking = {
hostname = "<REPLACE-BY-INSTANCE-HOSTNAME>"
network_security_groups = ["<REPLACE-BY-NETWORK-SECURITY-GROUP_NAME>"]
}
encryption = {
encrypt_data_in_use = true # applicable when platform_type is set.
}
image = {
id = "ocid1.image.oc1.iad.aaaaaaaamf35m2qg5krijvq4alf6qmvdqiroq4i5zdwqqdijmstn4ryes36q" # Oracle-Linux-8.8-2023.08.31-0 platform image
}
}
}
}