removed redundant bastion_image parameter, the internal hostname_label for the bastion, updated terraformoptions doc and added link for the hardening script

hyder · hyder · commit 60b4bb7d56a3 · 2019-10-21T12:15:09.000+11:00
diff --git a/docs/terraformoptions.adoc b/docs/terraformoptions.adoc
@@ -152,7 +152,7 @@ Configuration Terraform Options:
 |VM.Standard.E2.1
 
 |bastion_upgrade
-|Whether to upgrade the bastion host after provisioning. It's useful to set this to false during development so the bastion is provisioned faster.
+|Whether to upgrade the bastion host packages after provisioning. It's useful to set this to false during development so the bastion is provisioned faster.
 |true/false
 |true
 
diff --git a/modules/bastion/compute.tf b/modules/bastion/compute.tf
@@ -9,7 +9,7 @@ resource "oci_core_instance" "bastion" {
     assign_public_ip = true
     subnet_id        = oci_core_subnet.bastion[0].id
     display_name     = "${var.oci_bastion_general.label_prefix}-bastion-vnic"
-    hostname_label   = "bastion-primary"
+    hostname_label   = "bastion"
   }
 
   display_name = "${var.oci_bastion_general.label_prefix}-bastion"
diff --git a/modules/bastion/scripts/oracle.template.sh b/modules/bastion/scripts/oracle.template.sh
@@ -3,6 +3,9 @@
 # Copyright 2017, 2019, Oracle Corporation and/or affiliates.  All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
 
+# Hardening of the host based on https://www.cisecurity.org/benchmark/oracle_linux/
+# This script is used only if the Oracle Linux platform image is used to create the bastion
+
 yum update --security
 
 sed -i -e "s/autoinstall\s=\sno/# autoinstall = yes/g" /etc/uptrack/uptrack.conf
diff --git a/variables.tf b/variables.tf
@@ -55,7 +55,6 @@ variable "oci_base_bastion" {
     availability_domains      = number
     bastion_access            = string
     bastion_image_id          = string
-    bastion_image             = string
     bastion_upgrade           = bool    
     bastion_shape             = string
     create_bastion            = bool
@@ -76,7 +75,6 @@ variable "oci_base_bastion" {
     availability_domains      = 1
     bastion_access            = "ANYWHERE"
     bastion_image_id          = "NONE"
-    bastion_image             = "Oracle"
     bastion_shape             = "VM.Standard.E2.1"
     bastion_upgrade           = true    
     create_bastion            = false

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ resource "oci_core_instance" "bastion" {`
`9`	`9`	`assign_public_ip = true`
`10`	`10`	`subnet_id = oci_core_subnet.bastion[0].id`
`11`	`11`	`display_name = "${var.oci_bastion_general.label_prefix}-bastion-vnic"`
`12`		`- hostname_label = "bastion-primary"`
	`12`	`+ hostname_label = "bastion"`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`display_name = "${var.oci_bastion_general.label_prefix}-bastion"`