Variables in Terraform Scripts

The variables you need input to the terraform scripts in Oracle WebLogic Server for OCI.

Criteria for VCN peering

If wls_vcn_name or wls_existing_vcn_id and ocidb_existing_vcn_id are passed together and vcn_ids are different, complete the following steps:

For an existing DB subnet, set the following stateful security rules:
- Allow WebLogic VCN CIDR (for example, 11.0.0.0/16) access to the database port 1521.
- Allow database DNS subnet CIDR (for example, 10.0.7.0/24) access to TCP/53 and UDP/53 ports.
- Setup the database to use the default DHCP options for the VCN.
For an existing WebLogic subnet, set the following stateful security rules:
- Allow 0.0.0.0/0 access to ICMP/3,4
- Allow 0.0.0.0/0 access to TCP/22
- Allow 0.0.0.0/0 access to TCP/7001-7002 (optional, only required for accessing console).
  7001 and 7002 are examples, use the ports used for WebLogic server admin console port and admin console SSL port.
- Allow LB subnet CIDRs access to TCP/7003-7004 ports.
  7003 and 7004 are example, use the ports used for WebLogic managed server port and managed server SSL port.
- Allow WebLogic subnet CIDR (for example, 11.0.3.0/24) access to TCP/All ports. This is for VM to VM communication.
- Allow WLS DNS subnet CIDR (for example, 11.0.7.0/24) access to TCP/53 and UDP/53 ports.
- WebLogic subnet should be setup to use the default DHCP options for the VCN.

The following table lists all the variables in terraform scripts:

Table 1-1 Variables in terraform scripts

Variables	Type	Default Value	Optional	Can be updated?	Description
Authentication Information Note: Use `env_vars_template` to create `env_vars` and source it as: source `./env_vars` before running terraform init.	–––	–––	–––	–––	–––
`FingerPrint`	String	-	-	Yes	Fingerprint of your public key.
`Path to private key`	String	-	-	-	Path to the private key that matches the fingerprint.
`Tenancy OCID`	String	-	-	-	OCID of the tenancy in which you want to perform changes.
`User OCID`	String	-	-	-	OCID of the signed in user. That is, your OCID.
WebLogic Server Variables	–––	–––	–––	–––	–––
`compartment_ocid`	String	-	-	-	OCID of the compartment for Weblogic instances.
`instance_shape`	String	-	-	Yes	Shape for all WebLogic Server compute instances.
`region`	String	-	-	-	Region for provisioning.
`service_name`	String	-	-	-	Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here.
`wls_admin_password_ocid`	String	-	-	-	OCID of the Secret that contains the password for the administrator in the WebLogic Server domain.
`wls_admin_user`	String	`weblogic`	-	-	Name of the administrator in the WebLogic Server domain.
`wls_node_count`	Number	`1`	-	Yes	Number of WebLogic server compute instances and the number of managed servers in the domain. The maximum is node count is 8. For 11g Standard Edition, the maximum is 4.
`wls_ocpu_count`	Number	`1`	-	Yes	Number of OCPU count for instances. Note: Required only for `VM.Standard.E3.Flex` shape. The maximum is 64.
`wls_version`	String	`12.2.1.4`	-	-	WebLogic server version. Supported versions: 12c (12.2.1.3): `12.2.1.3` 12c (12.2.1.4): `12.2.1.4` 14c (14.1.1.0): `14.1.1.0`
`create_service_tag`	Boolean	`false`	-	-	Indicates if you want create a service tag.
`service_tag`	Object	`freeformTags, definedTags`	-	-	The type of service type to be used.
`wls_node_count_limit`	Number	`8`	-	-	The maximum number of WebLogic managed servers.
`bastion_instance_shape`	String	`VM.Standard2.1`	-	-	The default shape of bastion VM instances.
`wls_nm_port`	String	`5556`	-	-	The node manager port.
`wls_extern_admin_port`	String	`7001`	-	-	The WebLogic console port.
`wls_extern_ssl_admin_port`	String	`7002`	-	-	The WebLogic console SSL port.
`wls_cluster_mc_port`	String	`5555`	-	-	The WebLogic multi-cluster port.
`wls_admin_port`	String	`9071`	-	-	The WebLogic admin port.
`wls_ssl_admin_port`	String	`9072`	-	-	The WebLogic admin SSL port.
`wls_ms_extern_port`	String	`7003`	-	-	The WebLogic managed server external HTTP port.
`wls_ms_extern_ssl_port`	String	`7004`	-	-	The WebLogic managed server external SSL port.
`wls_ms_port`	String	`9073`	-	-	The WebLogic managed server port.
`wls_ms_ssl_port`	String	`9074`	-	-	The WebLogic managed server SSL port.
`allow_manual_domain_extension`	Boolean	`false`	-	-	Indicates if the domain is manually extended for managed servers.
`wls_14c_jdk_version`	-	`jdk8`	-	-	The JDK version.
General	-	-	-	-	-
`create_policies`	Boolean	`true`	-	-	Create policies to read Secrets from Vault and manage ATP database (if applicable).
`deploy_sample_app`	Boolean	`true`	-	-	Indicates if you can deploy a sample application.
Network Variables	-	-	-	-	-
`assign_weblogic_public_ip`	Boolean	`true`	-	-	Indicates if you are using any private subnets. If `false`, the WebLogic server compute instances are created in a new private subnet.
`bastion_ssh_private_key`	String	-	-	-	Private ssh key for existing bastion instance. See Additional information.
`bastion_subnet_cidr`	String	-	-	-	CIDR of the new public subnet to create for a Bastion compute instance. This field is required only if you do not assign public IP addresses to the WebLogic server.
`bastion_subnet_id`	String	-	-	-	An existing public subnet to use for a Bastion compute instance. This subnet must already be present in the chosen VCN and required only if you do not assign public IP addresses to the WebLogic server.
`bastion_subnet_name`	String	-	-	-	Name of new bastion subnet.
`existing_bastion_instance_id`	String	-	-	-	OCID for existing bastion instance.
`is_bastion_instance_required`	Boolean	`true`	-	-	Creates bastion for the stack. If `true`, it provisions a bastion compute instance on a public subnet to provide access to the WebLogic server compute instances on a private subnet.
`network_compartment_id`	String	-	Yes	-	Compartment where you want to create the network resources, such as: Virtual Cloud Network (VCN), security lists, route tables and gateways.
`use_regional_subnet`	Boolean	`true`	-	-	Indicates use of regional subnets.
`wls_admin_port_source_cidr`	String	-	Yes	-	Create a security list to allow access to the WebLogic Administration Console port to the source CIDR range. Note: Keeping the default 0.0.0.0/0 CIDR exposes the console to the internet. You must change the CIDR range to allow access to a trusted IP range.
`wls_availability_domain_name`	String	-	-	-	Name of the availability domain where you want to create the WebLogic server compute instances.
`wls_existing_vcn_id`	String	-	-	-	OCID of an existing VCN where you want to create the compute instances, network resources, and load balancers.
`wls_expose_admin_port`	Boolean	-	-	-	Indicates if you are enabling access to administration console port. Note: Enabling this option exposes the console to the internet if the default 0.0.0.0/0 CIDR is used. In the `wls_admin_port_source_cidr` variable, specify the CIDR range to allow access to a trusted IP range.
`wls_subnet_cidr`	String	-	-	-	CIDR of the new subnet, which would be used in the WebLogic server compute instances.
`wls_subnet_id`	String	-	-	-	OCID for existing subnet for weblogic instances.
`wls_subnet_name`	String	-	-	-	Name of new subnet.
`wls_vcn_cidr`	String	-	-	-	CIDR to assign to the new VCN) to create for the service. This field is not required if you want to use an existing VCN.
`wls_vcn_name`	String	-	-	-	Name of the new VCN to create for the service.
`lb_subnet_1_availability_domain_name`	String	-	-	-	Availability domain for load balancer
`lb_subnet_1_availability_domain_name`	String	-	-	-	Availability domain for load balancer
`is_bastion_with_reserved_public_ip`	Boolean	`false`	-	Yes	Indicates if a reserved public IP is created for the bastion instance.
Load Balancer Variables	-	-	-	-	-
`add_load_balancer`	Boolean	`false`	-	-	If you want to provision a load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain.
`is_lb_private`	Boolean	`false`	-	-	If you want to use a private load balancer.
`lb_min_bandwidth`	Number	`10`	-	Yes	Minimum size of the flexible load balancer shape.
`lb_max_bandwidth`	Number	`400`	-	Yes	Maximum size of the flexible load balancer shape.
`lb_subnet_1_cidr`	String	-	-	Yes	CIDR of new primary regional subnet.
`lb_subnet_1_id`	String	-	-	-	OCID for existing regional subnet for primary load balancer.
`lb_subnet_1_name`	String	-	-	-	Name of new primary regional subnet.
`lb_subnet_2_cidr`	String	-	-	-	CIDR of secondary regional subnet.
`mount_target_subnet_cidr`	String	-	-	-	CIDR of new primary regional subnet.
`mount_target_subnet_id`	String	-	-	-	OCID for existing subnet for mount target.
`lb_subnet_2_id`	String	-	-	-	OCID for existing AD subnet for secondary load balancer.
`add_lb_reserved_public_ip_ocid`	Boolean	`false`	-	-	Indicates use of reserved public IP for Public Load balancer.
`lb_reserved_public_ip_ocid`	String	-	-	-	Value for load balancer reserved public IP OCID
IDCS-related Variables	-	-	-	-	-
`idcs_client_id`	String	-	-	-	IDCS client ID value.
`idcs_client_secret_ocid`	String	-	-	-	IDCS client secret OCID value.
`idcs_cloudgate_port`	Number	`9999`	-	-	IDCS cloud gate port value.
`idcs_host`	String	`identity.oraclecloud.com`	-	-	IDCS host value.
`idcs_port`	Number	`443`	-	-	IDCS port value.
`idcs_tenant`	String	-	-	-	IDCS tenant value.
`is_idcs_selected`	Boolean	`false`	-	-	If you want an IDCS has to be provisioned.
FSS Variables	-	-	-	-	-
`add_fss`	Boolean	`false`	-	-	Add FSS to instances.
`fss_availability_domain`	String				AD for FSS subnet.
`mountTarget_id`	String				Existing mount target ID.
`mountTarget_compartment_id`	String				Compartment OCID for the mount target.
`mount_path`	String	`/u01/shared`			Default mount path for FSS.
VCN Peering Variables for OCI Database	-	-	-	-	-
`dns_instance_shape`	String	-	-	-	Shape of the DNS instance
`ocidb_dns_subnet_cidr`	String	-	-	-	CIDR value of the subnet to be used for database DNS instance.
`use_local_vcn_peering`	Boolean	`true`	-	-	Indicates use of VCN peering, if database and WebLogic server are on different VCNs.
`wls_dns_subnet_cidr`	String	-	-	-	CIDR value of the subnet to be used for DNS instance.
OCI Database Variables	-	-	-	-	-
`oci_db_password_ocid`	String	-	-	-	OCID of the OCI database password.
`oci_db_user`	String	`sys`	-	-	OCI database username.
`ocidb_compartment_id`	String	-	-	-	OCID of the OCI database compartment.
`ocidb_database_id`	String	-	-	-	OCID of the OCI database.
`ocidb_dbhome_id`	String	-	-	-	ID of the OCI database system DB home.
`ocidb_dbsystem_id`	String	-	-	-	OCID of the OCI database system.
`ocidb_existing_vcn_add_seclist`	Boolean	`true`	-	-	If you want a security list to the database subnet that allows connections from the WebLogic server subnet.
`ocidb_existing_vcn_id`	String	-	-	-	VCN ID of the existing OCI database.
`ocidb_network_compartment_id`	String	-	-	-	OCID of the OCI database network. It is usually same as the `ocidb_compartment_id` variable.
`ocidb_pdb_service_name`	String	-	-	-	PDB name of the OCI database.
`db_port`	Number	`1521`	-		Value for OCI database port.
`use_dbconnect_string`	Boolean	`false`	-		Use OCI database connect string.
`db_connect_string`	String		-		Value of OCI DB connect string.
ATP Database Variables	-	-	-	-	-
`atp_db_compartment_id`	String	-	-	-	OCID of the ATP database compartment.
`atp_db_id`	String	-	-	-	OCID of the ATP database.
`atp_db_level`	String	-	-	-	ATP database level value.
`atp_db_password_ocid`	String	-	-	-	OCID of the ATP database password.
OCI Database-related (used for AppDB) Variables	-	-	-	-	-
`app_db_password_ocid`	String	-	-	-	OCID of the Application database password.
`app_db_user`	String	-	-	-	User name of the Application database.
`appdb_compartment_id`	String	-	-	-	OCID of the Application database compartment.
`appdb_database_id`	String	-	-	-	OCID of the Application database.
`appdb_dbhome_id`	String	-	-	-	ID of the Application database system DB home.
`appdb_dbsystem_id`	String	-	-	-	OCID of the Application database system.
`appdb_existing_vcn_add_seclist`	Boolean	`true`	-	-	If you want a security list to the Application database subnet that allows connections from the WebLogic server subnet.
`appdb_existing_vcn_id`	String	-	-	-	VCN ID of the existing Application database.
`appdb_network_compartment_id`	String	-	-	-	OCID of the Application database network.
`appdb_pdb_service_name`	String	-	-	-	PDB name of the Application database.
`appdb_port`	Number	`1521`	-	-	Database port number.
`configure_app_db`	Boolean	`false`	-	-	Indicates that the Application Database is requested.
ATP Database-related (used for AppDB) Variables	-	-	-	-	-
`app_atp_db_compartment_id`	String	-	-	-	Compartment where the ATP database for the Application database resides.
`app_atp_db_id`	String	-	-	-	OCID of the selected ATP database.
`app_atp_db_level`	String	`low`	-	-	ATP database DB level. Supported levels: `low` `tp` `tp_urgent`
`app_atp_db_password_ocid`	String	-	-	-	Secret OCID that contains the ATP database user password.
`app_atp_db_user`	String	-	-	-	User name for creating the datasource.
VCN Peering Variables for Application Database	-	-	-	-	-
`appdb_wls_dns_subnet_cidr`	String	-	-	-	CIDR value of the subnet to be used for DNS instance.
`appdbdns_instance_shape`	String	-	-	-	Shape of the DNS instance.
`ociappdb_dns_subnet_cidr`	String	-	-	-	CIDR value of the subnet to be used for database DNS instance.
OCI Logging	-	-	-	-	-
`dynamic_group_ocid`	String	-	-	-	Dynamic group OCID for OCI logging agent configuration, when the create policies is not set.
`use_oci_logging`	Boolean	false	-	-	Indicated if OCI logging is enabled.

Note:

Support for existing bastion host to be used in provisioning WebLogic server with private subnet is enabled in terraform CLI only. This can be achieved by using the varaibles: is_bastion_instance_required, existing_bastion_instance_id, and bastion_ssh_private_key. For existing WebLogic server subnet, you will need to open port 22 for bastion IP/subnet CIDR. For a new WebLogic server subnet we create security list with bastion private IP.