» nsxt_lb_https_monitor

Provides a resource to configure lb https monitor on NSX-T manager

» Example Usage


data "nsxt_certificate" "client" {
  display_name = "client-1"
}

data "nsxt_certificate" "CA" {
  display_name = "ca-1"
}

resource "nsxt_lb_https_monitor" "lb_https_monitor" {
  description             = "lb_https_monitor provisioned by Terraform"
  display_name            = "lb_https_monitor"
  fall_count              = 2
  interval                = 5
  monitor_port            = 8080
  rise_count              = 5
  timeout                 = 10
  certificate_chain_depth = 2
  ciphers                 = ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"]
  client_certificate_id   = "${data.nsxt_certificate.client.id}"
  protocols               = ["TLS_V1_2"]
  request_body            = "ping"
  request_method          = "HEAD"
  request_url             = "/index.html"
  request_version         = "HTTP_VERSION_1_1"
  response_body           = "pong"
  response_status_codes   = [200, 304]
  server_auth             = "REQUIRED"
  server_auth_ca_ids      = ["${data.nsxt_certificate.CA.id}"]
  server_auth_crl_ids     = ["78ba3814-bfe1-45e5-89d3-46862bed7896"]

  request_header {
    name  = "X-healthcheck"
    value = "NSX"
  }

  tag {
    scope = "color"
    tag   = "red"
  }
}

» Argument Reference

The following arguments are supported:

  • description - (Optional) Description of this resource.
  • display_name - (Optional) The display name of this resource. Defaults to ID if not set.
  • tag - (Optional) A list of scope + tag pairs to associate with this lb https monitor.
  • fall_count - (Optional) Number of consecutive checks that must fail before marking it down.
  • interval - (Optional) The frequency at which the system issues the monitor check (in seconds).
  • monitor_port - (Optional) If the monitor port is specified, it would override pool member port setting for healthcheck. A port range is not supported.
  • rise_count - (Optional) Number of consecutive checks that must pass before marking it up.
  • timeout - (Optional) Number of seconds the target has to respond to the monitor request.
  • certificate_chain_depth - (Optional) Authentication depth is used to set the verification depth in the server certificates chain.
  • ciphers - (Optional) List of supported SSL ciphers.
  • client_certificate_id - (Optional) Client certificate can be specified to support client authentication.
  • protocols - (Optional) SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default.
  • request_body - (Optional) String to send as HTTP health check request body. Valid only for certain HTTP methods like POST.
  • request_header - (Optional) HTTP request headers.
  • request_method - (Optional) Health check method for HTTP monitor type. Valid values are GET, HEAD, PUT, POST and OPTIONS.
  • request_url - (Optional) URL used for HTTP monitor.
  • request_version - (Optional) HTTP request version. Valid values are HTTP_VERSION_1_0 and HTTP_VERSION_1_1.
  • response_body - (Optional) If response body is specified, healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match (regular expressions not supported). If response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is among configured values.
  • response_status_codes - (Optional) HTTP response status code should be a valid HTTP status code.
  • server_auth - (Optional) Server authentication mode - REQUIRED or IGNORE.
  • server_auth_ca_ids - (Optional) If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.
  • server_auth_crl_ids - (Optional) A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates.

» Attributes Reference

In addition to arguments listed above, the following attributes are exported:

  • id - ID of the lb_https_monitor.
  • revision - Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
  • is_secure - This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure.

» Importing

An existing lb https monitor can be imported into this resource, via the following command:

terraform import nsxt_lb_https_monitor.lb_https_monitor UUID

The above would import the lb https monitor named lb_https_monitor with the nsx id UUID