-
Notifications
You must be signed in to change notification settings - Fork 8
/
variables.tf
executable file
·111 lines (83 loc) · 3.29 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
##############################################################################
# Account Variables
##############################################################################
# target region
variable "ibm_region" {
description = "IBM Cloud region where all resources will be deployed"
default = "us-south"
# default = "us-east"
# default = "eu-gb"
}
# variable "ibmcloud_api_key" {
# description = "IBM Cloud API key when run standalone"
# }
variable "resource_group_name" {
description = "Name of IBM Cloud Resource Group used for all VPC resources"
default = "Default"
}
# #Only tested with Gen2. Gen1 requires changes to images, profile names and some VPC resources
# variable "generation" {
# description = "VPC generation. Only tested with VPC Gen2"
# default = 2
# }
# unique name for the VPC in the account
variable "vpc_name" {
description = "Name of vpc"
default = "ssh-bastion-host"
}
##############################################################################
##############################################################################
# Network variables
##############################################################################
# When running under Schematics the default here is overriden to only SSH access
# from remove-exec or Redhat Ansible running under Schematics
variable "ssh_source_cidr_override" {
type = list
description = "Override CIDR range that is allowed to ssh to the bastion"
default = ["0.0.0.0/0"]
}
locals {
pub_repo_egress_cidr = "0.0.0.0/0" # cidr range required to contact public software repositories
}
# Predefine subnets for all app tiers for use with `ibm_is_address_prefix`. Single tier CIDR used for NACLs
# Each app tier uses:
# frontend_cidr_blocks = [cidrsubnet(var.frontend_cidr, 4, 0), cidrsubnet(var.frontend_cidr, 4, 2), cidrsubnet(var.frontend_cidr, 4, 4)]
# to create individual zone subnets for use with `ibm_is_address_prefix`
variable "bastion_cidr" {
description = "Complete CIDR range across all three zones for bastion host subnets"
default = "172.22.192.0/20"
}
variable "frontend_cidr" {
description = "Complete CIDR range across all three zones for frontend subnets"
default = "172.16.0.0/20"
}
##############################################################################
# VSI profile
variable "profile" {
description = "Profile for VSIs deployed in frontend and backend"
default = "cx2-2x4"
}
# image names can be determined with the cli command `ibmcloud is images`
variable "image_name" {
description = "OS image for VSI deployments. Only tested with Centos"
default = "ibm-centos-7-6-minimal-amd64-1"
}
data "ibm_is_image" "os" {
name = var.image_name
}
##############################################################################
# Access check variables
##############################################################################
variable "ssh_accesscheck" {
description = "Flag to request remote-exec validation of SSH access, true/false"
default = false
}
variable "ssh_private_key" {
description = "SSH private key of SSH key pair used for VSIs and Bastion"
}
data "ibm_is_ssh_key" "sshkey" {
name = var.ssh_key_name
}
variable "ssh_key_name" {
description = "Name giving to public SSH key uploaded to IBM Cloud for VSI access"
}