resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/examples/azure-encrypt-running-linux-vm/variables.tf

126 lines
4.5 KiB
Terraform
Raw Normal View History

provider/azurerm: Add example of encrypting a running linux (#14642) * initial commit - 101-vm-from-user-image * changed branch name * not deploying - storage problems * provisions vm but image not properly prepared * storage not correct * provisions properly * changed main.tf to azuredeploy.tf * added tfvars and info for README * tfvars ignored and corrected file ext * added CI config; added sane defaults for variables; updated deployment script, added mac specific deployment for local testing * deploy.sh to be executable * executable deploy files * added CI files; changed vars * prep for PR * removal of old folder * prep for PR * wrong args for travis * more PR prep * updated README * commented out variables in terraform.tfvars * Topic 101 vm from user image (#2) * initial commit - 101-vm-from-user-image * added tfvars and info for README * added CI config; added sane defaults for variables; updated deployment script, added mac specific deployment for local testing * prep for PR * added new template * oops, left off master * prep for PR * correct repository for destination * renamed scripts to be more intuitive; added check for docker * merge vm simple; vm from image * initial commit * deploys locally * updated deploy * consolidated deploy and after_deploy into a single script; simplified ci process; added os_profile_linux_config * added terraform show * changed to allow http & https (like ARM tmplt) * changed host_name & host_name variable desc * added az cli check * on this branch, only build test_dir; master will aggregate all the examples * merge master * added new constructs/naming for deploy scripts, etc. * suppress az login output * suppress az login output * forgot about line breaks * breaking build as an example * fixing broken build example * merge of CI config * fixed grammar in readme * prep for PR * took out armviz button and minor README changes * changed host_name * fixed merge conflicts * changed host_name variable * updating Hashicorp's changes to merged simple linux branch * updating files to merge w/master and prep for Hashicorp pr * Revert "updating files to merge w/master and prep for Hashicorp pr" This reverts commit b850cd5d2a858eff073fc5a1097a6813d0f8b362. * Revert "updating Hashicorp's changes to merged simple linux branch" This reverts commit dbaf8d14a9cdfcef0281919671357f6171ebd4e6. * removing vm from user image example from this branch * removed old branch * azure-2-vms-loadbalancer-lbrules (#13) * initial commit * need to change lb_rule & nic * deploys locally * updated README * updated travis and deploy scripts for Hari's repo * renamed deploy script * clean up * prep for PR * updated readme * fixing conflict in .travis.yml * initial commit; in progress * in progress * in progress; encryption fails * in progress * deploys successfully locally * clean up; deploy typo fixed * merging hashi master into this branch * troubleshooting deploy * added missing vars to deploy script * updated README, outputs, and added graph * simplified outputs * reverting to Hashicorp's .travis.yml * clean up * readme graph correction
2017-05-19 12:21:13 +02:00
variable "resource_group" {
description = "Resource group name into which your new virtual machine will go."
}
variable "location" {
description = "The location/region where the virtual network is created. Changing this forces a new resource to be created."
default = "southcentralus"
}
variable "hostname" {
description = "Used to form various names including the key vault, vm, and storage. Must be unique."
}
variable "address_space" {
description = "The address space that is used by the virtual network. You can supply more than one address space. Changing this forces a new resource to be created."
default = "10.0.0.0/24"
}
variable "subnet_prefix" {
description = "The address prefix to use for the subnet."
default = "10.0.0.0/24"
}
variable "storage_account_type" {
description = "Defines the type of storage account to be created. Valid options are Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS. Changing this is sometimes valid - see the Azure documentation for more information on which types of accounts can be converted into other types."
default = "Standard_LRS"
}
variable "vm_size" {
description = "Specifies the size of the virtual machine. This must be the same as the vm image from which you are copying."
default = "Standard_A0"
}
variable "image_publisher" {
description = "name of the publisher of the image (az vm image list)"
default = "Canonical"
}
variable "image_offer" {
description = "the name of the offer (az vm image list)"
default = "UbuntuServer"
}
variable "image_sku" {
description = "image sku to apply (az vm image list)"
default = "16.04-LTS"
}
variable "image_version" {
description = "version of the image to apply (az vm image list)"
default = "latest"
}
variable "admin_username" {
description = "administrator user name for the vm"
default = "vmadmin"
}
variable "admin_password" {
description = "administrator password for the vm (recommended to disable password auth)"
}
variable "aad_client_id" {
description = "Client ID of AAD app which has permissions to KeyVault"
}
variable "aad_client_secret" {
description = "Client Secret of AAD app which has permissions to KeyVault"
}
variable "disk_format_query" {
description = "The query string used to identify the disks to format and encrypt. This parameter only works when you set the EncryptionOperation as EnableEncryptionFormat. For example, passing [{\"dev_path\":\"/dev/md0\",\"name\":\"encryptedraid\",\"file_system\":\"ext4\"}] will format /dev/md0, encrypt it and mount it at /mnt/dataraid. This parameter should only be used for RAID devices. The specified device must not have any existing filesystem on it."
default = ""
}
variable "encryption_operation" {
description = "EnableEncryption would encrypt the disks in place and EnableEncryptionFormat would format the disks directly"
default = "EnableEncryption"
}
variable "volume_type" {
description = "Defines which drives should be encrypted. OS encryption is supported on RHEL 7.2, CentOS 7.2 & Ubuntu 16.04. Allowed values: OS, Data, All"
default = "All"
}
variable "key_encryption_key_url" {
description = "URL of the KeyEncryptionKey used to encrypt the volume encryption key"
}
variable "key_vault_resource_id" {
description = "uri of Azure key vault resource"
}
variable "key_vault_name" {
description = "name of Azure key vault resource"
}
variable "passphrase" {
description = "The passphrase for the disks"
}
variable "extension_name" {
description = "the name of the vm extension"
default = "AzureDiskEncryptionForLinux"
}
variable "sequence_version" {
description = "sequence version of the bitlocker operation. Increment this everytime an operation is performed on the same VM"
default = 1
}
variable "use_kek" {
description = "Select kek if the secret should be encrypted with a key encryption key. Allowed values: kek, nokek"
default = "kek"
}
variable "artifacts_location" {
description = "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
default = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master"
}
variable "artifacts_location_sas_token" {
description = "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
default = ""
}