diff --git a/README.md b/README.md index 6a0b797..f168990 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A reusable and extensible Terraform module that provisions a Trivadis LAB Bastio It creates the following resources: -* A bastion host for a given VCN +* A bastion host for a given VCN including an optional *Apache* *Guacamole* remote desktop gateway. * Optional DNS zone registration for the public IP * Optional n-number of bastion hosts for multiple VCNs. This is used to build several identical environments for a training and laboratory environment. @@ -29,7 +29,7 @@ Add the module to the `main.tf` with the mandatory parameter. Whereby the `basti ```bash module "tvdlab-bastion" { source = "Trivadis/tvdlab-bastion/oci" - version = "1.0.0" + version = ">= 1.1.0" # - Mandatory Parameters -------------------------------------------------- tenancy_ocid = var.tenancy_ocid @@ -57,13 +57,14 @@ module "tvdlab-bastion" { } ``` -The module can be customized by a couple of additional parameter. See [variables](./doc/variables.md) for more information about customisation. The folder [examples](examples) does contain an example files for [main.tf](examples/main.tf), [variables.tv](examples/variables.tf) and [terraform.tfvars](examples/terraform.tfvars.example). +The module can be customized by a couple of additional parameter. See [variables](./doc/variables.md) for more information about customisation. The folder [examples](examples) does contain an example files for [main.tf](examples/main.tf), [variables.tf](examples/variables.tf) and [terraform.tfvars](examples/terraform.tfvars.example). ## Related Documentation, Blog - [Oracle Cloud Infrastructure Documentation](https://docs.cloud.oracle.com/iaas/Content/home.htm) - [Terraform OCI Provider Documentation](https://www.terraform.io/docs/providers/oci/index.html) - [Terraform Creating Modules](https://www.terraform.io/docs/modules/index.html) +- Docker based Guacamole Configuration [oehrlis/guacamole](https://github.com/oehrlis/guacamole) ## Projects using this module diff --git a/doc/variables.md b/doc/variables.md index 51e51cc..5e2a9d3 100644 --- a/doc/variables.md +++ b/doc/variables.md @@ -21,21 +21,31 @@ Variables for the configuration of the terraform module, defined in [variables]( ## Bastion Host -| Parameter | Description | Values | Default | -|----------------------------|-----------------------------------------------------------------------------------------------------|-------------------|------------------| -| `bastion_bootstrap` | Bootstrap script to provision the bastion host. | | n/a | -| `bastion_dns_registration` | Whether to register the bastion host in DNS zone. | ftrue/false | true | -| `bastion_enabled` | Whether to create the bastion host or not. | true/false | false | -| `bastion_image_id` | Provide a custom image id for the bastion host or leave as OEL (Oracle Enterprise Linux). | OCID | OEL | -| `bastion_name` | A Name portion of bastion host. | | bastion | -| `bastion_os` | Base OS for the bastion host. This is used to identify the default `bastion_image_id` | | Oracle Linux | -| `bastion_os_version` | Base OS version for the bastion host. This is used to identify the default `bastion_image_id` | | 7.8 | -| `bastion_shape` | The shape of bastion instance. | | VM.Standard.E2.1 | -| `bastion_state` | Whether bastion host should be either RUNNING or STOPPED state. | RUNNING / STOPPED | RUNNING | -| `bastion_boot_volume_size` | Size of the boot volume. | | 50 | -| `bastion_subnet` | List of subnets for the bastion hosts | | n/a | -| `ssh_public_key_path` | Path to the ssh public key used to access the bastion. set this or the `ssh_public_key` | | n/a | -| `ssh_public_key` | The content of the ssh public key used to access the bastion. set this or the `ssh_public_key_path` | | n/a | +| Parameter | Description | Values | Default | +|----------------------------|-----------------------------------------------------------------------------------------------------|-------------------|--------------------------------------| +| `admin_email` | Admin email used to configure Let's encrypt. | | admin@domain.com | +| `bastion_boot_volume_size` | Size of the boot volume. | | 50 | +| `bastion_bootstrap` | Bootstrap script to provision the bastion host. | | n/a | +| `bastion_dns_registration` | Whether to register the bastion host in DNS zone. | true/false | true | +| `bastion_enabled` | Whether to create the bastion host or not. | true/false | false | +| `bastion_image_id` | Provide a custom image id for the bastion host or leave as OEL (Oracle Enterprise Linux). | OCID | OEL | +| `bastion_name` | A Name portion of bastion host. | | bastion | +| `bastion_os_version` | Base OS version for the bastion host. This is used to identify the default `bastion_image_id` | | 7.8 | +| `bastion_os` | Base OS for the bastion host. This is used to identify the default `bastion_image_id` | | Oracle Linux | +| `bastion_shape` | The shape of bastion instance. | | VM.Standard.E2.1 | +| `bastion_state` | Whether bastion host should be either RUNNING or STOPPED state. | RUNNING / STOPPED | RUNNING | +| `bastion_subnet` | List of subnets for the bastion hosts | | n/a | +| `fail2ban_config` | Path to a custom fail2ban configuration file | | `fail2ban.template.conf` | +| `guacadmin_password` | Guacamole console admin user password. If password is empty it will be auto generate during setup. | | n/a | +| `guacadmin_user` | Guacamole console admin user | | guacadmin | +| `guacamole_connections` | Path to a custom guacamole connections SQL script | | `guacamole_connections.template.sql` | +| `guacamole_enabled` | Whether to configure guacamole or not" | true/false | true | +| `guacamole_user"` | Guacamole OS user name | | avocado | +| `hosts_file` | Path to a custom hosts file which will be appended to `/etc/hosts` | | `hosts.template` | +| `ssh_public_key_path` | Path to the ssh public key used to access the bastion. set this or the `ssh_public_key` | | n/a | +| `ssh_public_key` | The content of the ssh public key used to access the bastion. set this or the `ssh_public_key_path` | | n/a | +| `staging` | Set to 1 if you're testing your setup to avoid hitting request limits | 0/1 | 0 | +| `yum_upgrade` | Enable YUM upgrade during bootstrap / cloud-init | true/false | true | ## Trivadis LAB diff --git a/variables.tf b/variables.tf index 3336b69..e48c9a1 100644 --- a/variables.tf +++ b/variables.tf @@ -133,6 +133,66 @@ variable "bastion_subnet" { type = list(string) } +variable "hosts_file" { + description = "path to a custom /etc/hosts which has to be appended" + default = "" + type = string +} + +variable "yum_upgrade" { + description = "Enable YUM upgrade during bootstrap / cloud-init" + default = true + type = bool +} + +variable "guacamole_enabled" { + description = "whether to configure guacamole or not" + default = true + type = bool +} + +variable "guacamole_connections" { + description = "path to a custom guacamole connections SQL script" + default = "" + type = string +} + +variable "fail2ban_config" { + description = "path to a custom fail2ban configuration file" + default = "" + type = string +} + +variable "guacamole_user" { + description = "Guacamole OS user name" + default = "avocado" + type = string +} + +variable "guacadmin_user" { + description = "Guacamole console admin user" + default = "guacadmin" + type = string +} + +variable "guacadmin_password" { + description = "Guacamole console admin user password. If password is empty it will be autogenerate during setup." + default = "" + type = string +} + +variable "admin_email" { + description = "Admin email used to configure Let's encrypt." + default = "admin@domain.com" + type = string +} + +variable "staging" { + description = "Set to 1 if you're testing your setup to avoid hitting request limits" + default = 0 + type = number +} + # Trivadis LAB specific parameter ------------------------------------------- variable "tvd_participants" { description = "The number of VCN to create"