Variables in Terraform Scripts
The variables you need input to the terraform scripts in Oracle WebLogic Server for OCI.
Criteria for VCN peering
wls_vcn_name
or wls_existing_vcn_id
and
ocidb_existing_vcn_id
are passed together and
vcn_ids
are different, complete the following steps:
- For an existing DB subnet, set the following stateful security
rules:
- Allow WebLogic VCN CIDR (for example,
11.0.0.0/16
) access to the database port1521
. - Allow database DNS subnet CIDR (for example,
10.0.7.0/24
) access to TCP/53 and UDP/53 ports. - Setup the database to use the default DHCP options for the VCN.
- Allow WebLogic VCN CIDR (for example,
- For an existing WebLogic subnet, set the following stateful
security rules:
- Allow 0.0.0.0/0 access to ICMP/3,4
- Allow 0.0.0.0/0 access to TCP/22
- Allow 0.0.0.0/0 access to TCP/7001-7002 (optional, only
required for accessing console).
7001 and 7002 are examples, use the ports used for WebLogic server admin console port and admin console SSL port.
- Allow LB subnet CIDRs access to TCP/7003-7004 ports.
7003 and 7004 are example, use the ports used for WebLogic managed server port and managed server SSL port.
- Allow WebLogic subnet CIDR (for example, 11.0.3.0/24) access to TCP/All ports. This is for VM to VM communication.
- Allow WLS DNS subnet CIDR (for example, 11.0.7.0/24) access to TCP/53 and UDP/53 ports.
- WebLogic subnet should be setup to use the default DHCP options for the VCN.
The following table lists all the variables in terraform scripts:
Table 1-1 Variables in terraform scripts
Variables | Type | Default Value | Optional | Can be updated? | Description |
---|---|---|---|---|---|
Authentication Information Note: Use |
––– | ––– | ––– | ––– | ––– |
|
String | - | - | Yes | Fingerprint of your public key. |
|
String | - | - | - | Path to the private key that matches the fingerprint. |
|
String | - | - | - | OCID of the tenancy in which you want to perform changes. |
|
String | - | - | - | OCID of the signed in user. That is, your OCID. |
WebLogic Server Variables |
––– | ––– | ––– | ––– | ––– |
|
String | - | - | - | OCID of the compartment for Weblogic instances. |
|
String | - | - | Yes | Shape for all WebLogic Server compute instances. |
|
String | - | - | - | Region for provisioning. |
|
String | - | - | - | Prefix for stack resources. The names of all the related compute and network resources begins with the prefix you assign here. |
|
String | - | - | - | OCID of the Secret that contains the password for the administrator in the WebLogic Server domain. |
|
String | weblogic |
- | - | Name of the administrator in the WebLogic Server domain. |
|
Number | 1 |
- | Yes | Number of WebLogic server compute instances and the
number of managed servers in the domain.
The maximum is node count is 8. For 11g Standard Edition, the maximum is 4. |
|
Number | 1 |
- | Yes | Number of OCPU count for instances.
Note: Required only for
|
|
String | 12.2.1.4 |
- | - | WebLogic server version.
Supported
versions:
|
|
Boolean | false |
- | - | Indicates if you want create a service tag. |
|
Object | freeformTags, definedTags |
- | - | The type of service type to be used. |
|
Number | 8 |
- | - | The maximum number of WebLogic managed servers. |
|
String | VM.Standard2.1 |
- | - | The default shape of bastion VM instances. |
|
String | 5556 |
- | - | The node manager port. |
|
String | 7001 |
- | - | The WebLogic console port. |
|
String | 7002 |
- | - | The WebLogic console SSL port. |
|
String | 5555 |
- | - | The WebLogic multi-cluster port. |
|
String | 9071 |
- | - | The WebLogic admin port. |
|
String | 9072 |
- | - | The WebLogic admin SSL port. |
|
String | 7003 |
- | - | The WebLogic managed server external HTTP port. |
|
String | 7004 |
- | - | The WebLogic managed server external SSL port. |
|
String | 9073 |
- | - | The WebLogic managed server port. |
|
String | 9074 |
- | - | The WebLogic managed server SSL port. |
|
Boolean | false |
- | - | Indicates if the domain is manually extended for managed servers. |
|
- | jdk8 |
- | - | The JDK version. |
General |
- | - | - | - | - |
|
Boolean | true |
- | - | Create policies to read Secrets from Vault and manage ATP database (if applicable). |
|
Boolean | true |
- | - | Indicates if you can deploy a sample application. |
Network Variables |
- | - | - | - | - |
|
Boolean | true |
- | - | Indicates if you are using any private subnets.
If |
|
String | - | - | - | Private ssh key for existing bastion instance. |
|
String | - | - | - | CIDR of the new public subnet to create for a Bastion
compute instance.
This field is required only if you do not assign public IP addresses to the WebLogic server. |
|
String | - | - | - | An existing public subnet to use for a Bastion compute
instance.
This subnet must already be present in the chosen VCN and required only if you do not assign public IP addresses to the WebLogic server. |
|
String | - | - | - | Name of new bastion subnet. |
|
String | - | - | - | OCID for existing bastion instance. |
|
Boolean | true |
- | - | Creates bastion for the stack.
If
|
|
String | - | Yes | - | Compartment where you want to create the network resources, such as: Virtual Cloud Network (VCN), security lists, route tables and gateways. |
|
Boolean | true |
- | - | Indicates use of regional subnets. |
|
String | - | Yes | - |
Create a security list to allow access to the WebLogic Administration Console port to the source CIDR range. Note: Keeping the default 0.0.0.0/0 CIDR exposes the console to the internet. You must change the CIDR range to allow access to a trusted IP range. |
|
String | - | - | - | Name of the availability domain where you want to create the WebLogic server compute instances. |
|
String | - | - | - | OCID of an existing VCN where you want to create the compute instances, network resources, and load balancers. |
|
Boolean | - | - | - |
Indicates if you are enabling access to administration console port. Note: Enabling this option exposes the console to
the internet if the default 0.0.0.0/0 CIDR is used. In the
|
|
String | - | - | - | CIDR of the new subnet, which would be used in the WebLogic server compute instances. |
|
String | - | - | - | OCID for existing subnet for weblogic instances. |
|
String | - | - | - | Name of new subnet. |
|
String | - | - | - | CIDR to assign to the new VCN) to create for the
service.
This field is not required if you want to use an existing VCN. |
|
String | - | - | - | Name of the new VCN to create for the service. |
|
String | - | - | - | Availability domain for load balancer |
|
String | - | - | - | Availability domain for load balancer |
|
Boolean | false |
- | Yes | Indicates if a reserved public IP is created for the bastion instance. |
Load Balancer Variables |
- | - | - | - | - |
|
Boolean | false |
- | - | If you want to provision a load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain. |
|
Boolean | false |
- | - | If you want to use a private load balancer. |
|
Number | 10 |
- | Yes | Minimum size of the flexible load balancer shape. |
|
Number | 400 |
- | Yes | Maximum size of the flexible load balancer shape. |
|
String | - | - | Yes | CIDR of new primary regional subnet. |
|
String | - | - | - | OCID for existing regional subnet for primary load balancer. |
|
String | - | - | - | Name of new primary regional subnet. |
|
String | - | - | - | CIDR of secondary regional subnet. |
|
String | - | - | - | CIDR of new primary regional subnet. |
|
String | - | - | - | OCID for existing subnet for mount target. |
|
String | - | - | - | OCID for existing AD subnet for secondary load balancer. |
|
Boolean | false |
- | - | Indicates use of reserved public IP for Public Load balancer. |
|
String | - | - | - | Value for load balancer reserved public IP OCID |
IDCS-related Variables |
- | - | - | - | - |
|
String | - | - | - | IDCS client ID value. |
|
String | - | - | - | IDCS client secret OCID value. |
|
Number | 9999 |
- | - | IDCS cloud gate port value. |
|
String | identity.oraclecloud.com |
- | - | IDCS host value. |
|
Number | 443 |
- | - | IDCS port value. |
|
String | - | - | - | IDCS tenant value. |
|
Boolean | false |
- | - | If you want an IDCS has to be provisioned. |
FSS Variables |
- | - | - | - | - |
|
Boolean | false |
- | - | Add FSS to instances. |
|
String | AD for FSS subnet. | |||
|
String | Existing mount target ID. | |||
|
String | Compartment OCID for the mount target. | |||
|
String | /u01/shared |
Default mount path for FSS. | ||
VCN Peering Variables for OCI Database |
- | - | - | - | - |
|
String | - | - | - | Shape of the DNS instance |
|
String | - | - | - | CIDR value of the subnet to be used for database DNS instance. |
|
Boolean | true |
- | - | Indicates use of VCN peering, if database and WebLogic server are on different VCNs. |
|
String | - | - | - | CIDR value of the subnet to be used for DNS instance. |
OCI Database Variables |
- | - | - | - | - |
|
String | - | - | - | OCID of the OCI database password. |
|
String | sys |
- | - | OCI database username. |
|
String | - | - | - | OCID of the OCI database compartment. |
|
String | - | - | - | OCID of the OCI database. |
|
String | - | - | - | ID of the OCI database system DB home. |
|
String | - | - | - | OCID of the OCI database system. |
|
Boolean | true |
- | - | If you want a security list to the database subnet that allows connections from the WebLogic server subnet. |
|
String | - | - | - | VCN ID of the existing OCI database. |
|
String | - | - | - | OCID of the OCI database network.
It is
usually same as the |
|
String | - | - | - | PDB name of the OCI database. |
|
Number | 1521 |
- | Value for OCI database port. | |
|
Boolean | false |
- | Use OCI database connect string. | |
|
String | - | Value of OCI DB connect string. | ||
ATP Database Variables |
- | - | - | - | - |
|
String | - | - | - | OCID of the ATP database compartment. |
|
String | - | - | - | OCID of the ATP database. |
|
String | - | - | - | ATP database level value. |
|
String | - | - | - | OCID of the ATP database password. |
OCI Database-related (used for AppDB) Variables |
- | - | - | - | - |
|
String | - | - | - | OCID of the Application database password. |
|
String | - | - | - | User name of the Application database. |
|
String | - | - | - | OCID of the Application database compartment. |
|
String | - | - | - | OCID of the Application database. |
|
String | - | - | - | ID of the Application database system DB home. |
|
String | - | - | - | OCID of the Application database system. |
|
Boolean | true |
- | - | If you want a security list to the Application database subnet that allows connections from the WebLogic server subnet. |
|
String | - | - | - | VCN ID of the existing Application database. |
|
String | - | - | - | OCID of the Application database network. |
|
String | - | - | - | PDB name of the Application database. |
|
Number | 1521 |
- | - | Database port number. |
|
Boolean | false |
- | - | Indicates that the Application Database is requested. |
ATP Database-related (used for AppDB) Variables |
- | - | - | - | - |
|
String | - | - | - | Compartment where the ATP database for the Application database resides. |
|
String | - | - | - | OCID of the selected ATP database. |
|
String | low |
- | - | ATP database DB level.
Supported levels:
|
|
String | - | - | - | Secret OCID that contains the ATP database user password. |
|
String | - | - | - | User name for creating the datasource. |
VCN Peering Variables for Application Database |
- | - | - | - | - |
|
String | - | - | - | CIDR value of the subnet to be used for DNS instance. |
|
String | - | - | - | Shape of the DNS instance. |
|
String | - | - | - | CIDR value of the subnet to be used for database DNS instance. |
OCI Logging |
- | - | - | - | - |
|
String | - | - | - | Dynamic group OCID for OCI logging agent configuration, when the create policies is not set. |
|
Boolean | false | - | - | Indicated if OCI logging is enabled. |
Note:
Support for existing bastion host to be used in provisioning WebLogic server with private subnet is enabled in terraform CLI only. This can be achieved by using the varaibles:is_bastion_instance_required
,
existing_bastion_instance_id
, and
bastion_ssh_private_key
. For existing WebLogic server subnet,
you will need to open port 22
for bastion IP/subnet CIDR. For a new
WebLogic server subnet we create security list with bastion private IP.