Cohesity Cloud Scale Technology Deployment Guide Using Terraform for AWS

tar_file_location

Cloud Scale Technology tar location.

tar_file_name

Name of the Cloud Scale Technology tar.

load_balancer_subnet

Provide load balancer subnet id. The subnet ID should be from where the load balancer service would provision IP address to the cloud scale services.

EKS_NODES_ZONE_01_SUBNET_ID and LOAD_BALANCER_SUBNET must be in the same availability zone.

load_balancer_security_group_id

The values allowed are: ID of an already created security group or eks-managed. If set to eks-managed load balancer uses the AWS managed security group.

media_server_replica_count

Provide the number of replicas for the media server. The desired size of the media server pool and the replica count should be same. The media_server_replica_count must be between 1-16. The default value is 1.

storage_server_replica_count

Provide the number of replicas for storage server. The desired size of the storage server node pool and the replica count should be same. The storage_server_replica_count must be between 1-16.

The default value is 1.

primary_server_ip_fqdn_mapping

Provide IP hostname mapping for NetBackup primary server. The hostname must be of 1-32 characters long and must start with a lowercase letter and can only contain alphanumeric characters, hyphens, and underscores.

storage_server_ip_fqdn_mapping

Provide hostname mappings of NetBackup storage server.

Storage server IP FQDN entries must be equal to storage server replica count. You can add multiple entries and it can be provided as comma separated objects like [{},{}].

snapshot_manager_ip_fqdn_mapping

Provide hostname of NetBackup mappings Snapshot Manager server.

primary_username

Provide username to configure primary server. The primary_username must be of 1-32 characters long and must start with a lowercase letter and can only contain alphanumeric characters, hyphens, and underscores.

It is used to login into NetBackup web UI.

primary_password

Provide password for the user to configure the Primary server

The primary_password must be at least 8 characters long and must have at least a number, a lower case, an upper case, and a special character (@$%!*?&.).

host_master_key_id

Provide the Host Master Key ID.

The host_master_key_id must be of 1-32 characters long, must contain only lowercase alphanumeric characters, hyphens, and underscores.

host_master_key_passphrase

Provide the Host Master Key passphrase.

The host_master_key_passphrase must be at least 12 characters long and must have at least a number, a lower case, an upper case and a special character (@$%!*?&.).

key_protection_key_id

Provide the Key Protection Key ID.

The key_protection_key_id must be of 1-32 characters long, must contain only lowercase alphanumeric characters, hyphens, and underscores.

key_protection_key_passphrase

Provide the Key Protection Key Passphrase.

The key_protection_key_passphrase must be at least 12 characters long and must have at least a number, a lower case, an upper case and a special character (@$%!*?&.).

storage_server_kms_key_group

Provide the name of KMS Key Group for storage server.

The storage_server_kms_key_group must be of 1-64 characters long with at least one lowercase alphabet, other characters include alphanumeric characters and hyphens.

storage_server_kms_key_secret_name

Provide the KMS key name for storage server.

The storage_server_kms_key_secret_name must be of 1-32 characters long, must contain only lowercase alphanumeric characters, hyphens or underscores.

storage_server_kms_key_secret_password

Provide the KMS key password for storage server.

The storage_server_kms_key_secret_password must be at least 12 characters long and must have at least a number, a lower case, an upper case and a special character (@$%!*?&.).

storage_server_kms_key_secret_username

Provide the KMS key username for storage erver.

The storage_server_kms_key_secret_username must be of 1-32 characters long, must contain only lowercase alphanumeric characters, hyphens or underscores.

storage_server_credential_secret_name

Provide the credential name for storage server.

storage_server_credential_secret_username

Provide the username for storage server credentials.

The storage_server_credential_secret_username must be of 1-62 characters long, must be in the printable ASCII range (0x20-0x7E) except for spaces, leading/trailing quotes and the special characters ('*', '\', '/', '^', '(', ')','"', '<', '>', '&', '[', ']', '%', '@', '#).

storage_server_credential_secret_password

Provide the password for storage server credentials.

The storage_server_credential_secret_password must be of 8-62 characters long, must be in the printable ASCII range (0x20-0x7E) except for spaces, leading/trailing quotes and the special characters ('*', '\', '/', '^', '(', ')','"', '<', '>', '&', '[', ']', '%', '@', '#).

primary_server_catalog_size_in_gi

Provide the size for primary server catalog volume. It must be at least 100 Gi.

primary_server_log_size_in_gi

Provide the size for primary server log volume. It must be at least 30 Gi.

primary_server_data_size_in_gi

Provide the size for primary server data volume. It must be at least 30 Gi.

media_server_log_size_in_gi

Provide the size for media server log volume. It must be at least 30 Gi.

media_server_data_size_in_gi

Provide the size for media server data volume. It must be at least 50 Gi.

storage_server_log_size_in_gi

Provide the size for storage server log volume. It must be at least 5 Gi.

storage_server_data_size_in_gi

Provide the size for storage server data volume. It must be at least 5 Gi.

snapshot_manager_log_size_in_gi

Provide the size for Snapshot Manager log volume. It must be at least 5 Gi.

snapshot_manager_data_size_in_gi

Provide the size for Snapshot Manager data volume. It must be at least 30 Gi.

fluentbit_log_collector_size_in_gi

Provide the size for Fluentbit log collector. It must be at least 100 Gi.

log_collection_namespaces

Provide the namespaces for the logging daemonsets to collect pod stdout logs.

Optional timezone input for NB servers

global_timezone

Provide value like global_timezone="/usr/share/zoneinfo/Asia/Kolkata.

Keep the timezone as blank value.

Optional fields

snapshot_manager_vx_http_proxy

Provide the value to be used as the HTTP proxy for all connections for Snapshot Manager.

snapshot_manager_vx_https_proxy

Provide the value to be used as the HTTPS proxy for all connections for Snapshot Manager.

snapshot_manager_vx_no_proxy

Provide the addresses that are allowed to bypass the proxy server. You can specify host names, IP addresses, and domain names in this parameter as comma separated.

While providing multiple values please escape commas and dots in urls if any with \\ e.g "localhost\\,mycompany\\.com\\,1.2.3.4"

dr_info_secret_name

Name of secret to pass the DR information.

dr_info_secret_passphrase

Details of DR passphrase.

dr_info_secret_email_address

Details of DR email address.

email_server_configmap_name

Name of the config map that contains all the required information to configured email server.

email_server_configmap_details

Details required to configure email server. Provide all the required fields comma separated.

Escape commas with \\ while providing values.

For example: email_server_configmap_details="smtp=smtpserverName:port\\,ssl-verify=ignore\\,smtp-use-starttls"

Optional parameters to support external container registry

ext_container_registry_url

Specifies the URL for the external container registry.

ext_container_registry_secret_name

Name of the secret containing credentials for the external container registry.

ext_container_registry_username

Username to authenticate with the external container registry.

ext_container_registry_password

Password to authenticate with the external container registry.