mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 07:01:09 +02:00
5e90024b26
* Add Enos benchmark scenario * add docs on how to run the scenario * update description again * see if this works better if we return an empty map * hopefully disabling telemetry doesn't crash everything now * yet another try at making telemetry configurable * swap consul nodes over to be the same as the vault ones * adjust up IOPs and add a note about it to the docs * fix missing variables in the ec2 shim * randomly pick an az for k6 and metrics instances * enos(benchmark): futher modularize and make target infra cloud agnostic The initial goal of this was to resolve an issue where sometimes the one-or-more target instances would attempt to be provisioned in an avaliability zone that doesn't support it. The target_ec2_instances module already supports assigning based on instance offerings so I wanted to use it for all instances. It also has a side effect of provisioning instances in parallel to speed up overall scenario time. I ended up futher modularizing the `benchmark` module into several sub-modules that perform a single task well, and rely on provisioning in the root module. This will allow us to utilize the module in other clouds more easily should we desire to do that in the future. Signed-off-by: Ryan Cragun <me@ryan.ec> * add copywrite headers Signed-off-by: Ryan Cragun <me@ryan.ec> * address some feedback and limit disk iops to 16k by default Signed-off-by: Ryan Cragun <me@ryan.ec> --------- Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
200 lines
5.2 KiB
HCL
200 lines
5.2 KiB
HCL
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
variable "cluster_name" {
|
|
type = string
|
|
description = "The Vault cluster name"
|
|
}
|
|
|
|
variable "cluster_port" {
|
|
type = number
|
|
description = "The cluster port for Vault to listen on"
|
|
default = 8201
|
|
}
|
|
|
|
variable "cluster_tag_key" {
|
|
type = string
|
|
description = "The Vault cluster tag key"
|
|
default = "retry_join"
|
|
}
|
|
|
|
variable "config_dir" {
|
|
type = string
|
|
description = "The directory to use for Vault configuration"
|
|
default = "/etc/vault.d"
|
|
}
|
|
|
|
variable "config_mode" {
|
|
description = "The method to use when configuring Vault. When set to 'env' we will configure Vault using VAULT_ style environment variables if possible. When 'file' we'll use the HCL configuration file for all configuration options."
|
|
default = "file"
|
|
|
|
validation {
|
|
condition = contains(["env", "file"], var.config_mode)
|
|
error_message = "The config_mode must be either 'env' or 'file'. No other configuration modes are supported."
|
|
}
|
|
}
|
|
|
|
variable "disable_mlock" {
|
|
type = bool
|
|
description = "Disable mlock for Vault process."
|
|
default = false
|
|
}
|
|
|
|
variable "enable_telemetry" {
|
|
type = bool
|
|
description = "Enable Vault telemetry"
|
|
default = false
|
|
}
|
|
|
|
variable "environment" {
|
|
description = "Optional Vault configuration environment variables to set starting Vault"
|
|
type = map(string)
|
|
default = null
|
|
}
|
|
|
|
variable "external_storage_port" {
|
|
type = number
|
|
description = "The port to connect to when using external storage"
|
|
default = 8500
|
|
}
|
|
|
|
variable "hosts" {
|
|
description = "The target machines host addresses to use for the Vault cluster"
|
|
type = map(object({
|
|
ipv6 = string
|
|
private_ip = string
|
|
public_ip = string
|
|
}))
|
|
}
|
|
|
|
variable "install_dir" {
|
|
type = string
|
|
description = "The directory where the vault binary will be installed"
|
|
default = "/opt/vault/bin"
|
|
}
|
|
|
|
variable "ip_version" {
|
|
type = number
|
|
description = "The IP version to use for the Vault TCP listeners"
|
|
|
|
validation {
|
|
condition = contains([4, 6], var.ip_version)
|
|
error_message = "The ip_version must be either 4 or 6"
|
|
}
|
|
}
|
|
|
|
variable "license" {
|
|
type = string
|
|
sensitive = true
|
|
description = "The value of the Vault license"
|
|
default = null
|
|
}
|
|
|
|
variable "log_level" {
|
|
type = string
|
|
description = "The vault service log level"
|
|
default = "info"
|
|
|
|
validation {
|
|
condition = contains(["trace", "debug", "info", "warn", "error"], var.log_level)
|
|
error_message = "The log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'."
|
|
}
|
|
}
|
|
|
|
variable "manage_service" {
|
|
type = bool
|
|
description = "Manage the Vault service users and systemd unit. Disable this to use configuration in RPM and Debian packages"
|
|
default = true
|
|
}
|
|
|
|
variable "listener_port" {
|
|
type = number
|
|
description = "The port for Vault to listen on"
|
|
default = 8200
|
|
}
|
|
|
|
variable "seal_alias" {
|
|
type = string
|
|
description = "The primary seal alias name"
|
|
default = "primary"
|
|
}
|
|
|
|
variable "seal_alias_secondary" {
|
|
type = string
|
|
description = "The secondary seal alias name"
|
|
default = "secondary"
|
|
}
|
|
|
|
variable "seal_attributes" {
|
|
description = "The primary auto-unseal attributes"
|
|
default = null
|
|
}
|
|
|
|
variable "seal_attributes_secondary" {
|
|
description = "The secondary auto-unseal attributes"
|
|
default = null
|
|
}
|
|
|
|
variable "seal_priority" {
|
|
type = string
|
|
description = "The primary seal priority"
|
|
default = "1"
|
|
}
|
|
|
|
variable "seal_priority_secondary" {
|
|
type = string
|
|
description = "The secondary seal priority"
|
|
default = "2"
|
|
}
|
|
|
|
variable "seal_type" {
|
|
type = string
|
|
description = "The method by which to unseal the Vault cluster"
|
|
default = "awskms"
|
|
|
|
validation {
|
|
condition = contains(["awskms", "pkcs11", "shamir"], var.seal_type)
|
|
error_message = "The seal_type must be either 'awskms', 'pkcs11', or 'shamir'. No other seal types are supported."
|
|
}
|
|
}
|
|
|
|
variable "seal_type_secondary" {
|
|
type = string
|
|
description = "A secondary HA seal method. Only supported in Vault Enterprise >= 1.15"
|
|
default = "none"
|
|
|
|
validation {
|
|
condition = contains(["awskms", "pkcs11", "none"], var.seal_type_secondary)
|
|
error_message = "The secondary_seal_type must be 'awskms', 'pkcs11' or 'none'. No other secondary seal types are supported."
|
|
}
|
|
}
|
|
|
|
variable "service_username" {
|
|
type = string
|
|
description = "The host username to own the vault service"
|
|
default = "vault"
|
|
}
|
|
|
|
variable "storage_backend" {
|
|
type = string
|
|
description = "The storage backend to use"
|
|
default = "raft"
|
|
|
|
validation {
|
|
condition = contains(["raft", "consul"], var.storage_backend)
|
|
error_message = "The storage_backend must be either raft or consul. No other storage backends are supported."
|
|
}
|
|
}
|
|
|
|
variable "storage_backend_attrs" {
|
|
type = map(any)
|
|
description = "An optional set of key value pairs to inject into the storage block"
|
|
default = {}
|
|
}
|
|
|
|
variable "storage_node_prefix" {
|
|
type = string
|
|
description = "A prefix to use for each node in the Vault storage configuration"
|
|
default = "node"
|
|
}
|