-
Notifications
You must be signed in to change notification settings - Fork 4
/
servers.tf
97 lines (64 loc) · 3.03 KB
/
servers.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
locals {
compute_flexible_shapes = toset([for s in data.oci_core_shapes.compute_flexible_shapes.shapes: s.name if s.is_flexible])
}
locals {
is_servers_shape_flexible = contains(local.compute_flexible_shapes, var.servers_shape)
sftp_user_group = "sftp"
}
resource "oci_core_instance" "cn_sftp_servers" {
count = var.servers_count
compartment_id = var.servers_compartment_id
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[count.index % length(data.oci_identity_availability_domains.ads.availability_domains)].name
display_name = format("%s-%02d", var.servers_display_name, count.index + 1)
shape = var.servers_shape
dynamic "shape_config" {
for_each = local.is_servers_shape_flexible ? [1] : []
content {
ocpus = var.servers_ocpus
memory_in_gbs = var.servers_memory
}
}
source_details {
source_type = "image"
source_id = var.servers_image_id
}
create_vnic_details {
subnet_id = data.oci_core_subnet.cn_sftp_servers_subnet.id
display_name = format("vnic-%s-%02d", var.servers_hostname, count.index + 1)
hostname_label = format("%s-%02d", var.servers_hostname, count.index + 1)
assign_public_ip = false
}
metadata = {
ssh_authorized_keys = var.servers_ssh_authorized_keys != "" ? var.servers_ssh_authorized_keys : tls_private_key.sftp_servers_key_pair[0].public_key_openssh
user_data = base64encode(templatefile("${path.module}/cloud-init/cloud-init.yaml", {
sftp-user-group = local.sftp_user_group
sftp-user-name = var.sftp_user_name
sftp-user-public-key = var.servers_ssh_authorized_keys != "" ? var.servers_ssh_authorized_keys : tls_private_key.sftp_servers_key_pair[0].public_key_openssh
host-key-rsa-private = indent(4, tls_private_key.sftp_servers_host_key_pair_rsa.private_key_pem)
host-key-rsa-public = tls_private_key.sftp_servers_host_key_pair_rsa.public_key_openssh
host-key-ecdsa-private = indent(4, tls_private_key.sftp_servers_host_key_pair_ecdsa.private_key_pem)
host-key-ecdsa-public = tls_private_key.sftp_servers_host_key_pair_ecdsa.public_key_openssh
sshd_config = base64encode(templatefile("${path.module}/cloud-init/resources/sshd_config", {
sftp-user-group = local.sftp_user_group
}))
bootstrap-sh = base64encode(templatefile("${path.module}/cloud-init/resources/bootstrap.sh", {
sftp-user-name = var.sftp_user_name
sftp-user-group = local.sftp_user_group
region = var.region
bucket-namespace = data.oci_objectstorage_namespace.bucket_namespace.namespace
bucket-name = var.bucket_name
s3-access-key = oci_identity_customer_secret_key.cn_sftp_customer_secret_key.id
s3-secret-key = oci_identity_customer_secret_key.cn_sftp_customer_secret_key.key
}))
}))
}
agent_config {
are_all_plugins_disabled = false
is_management_disabled = false
is_monitoring_disabled = false
plugins_config {
name = "Bastion"
desired_state = "ENABLED"
}
}
}