This resource provides the Backend Set resource in Oracle Cloud Infrastructure Load Balancer service.
Adds a backend set to a load balancer.
oci_load_balancer_backendset
resource "oci_load_balancer_backend_set" "test_backend_set" {
#Required
health_checker {
#Required
protocol = var.backend_set_health_checker_protocol
#Optional
interval_ms = var.backend_set_health_checker_interval_ms
is_force_plain_text = var.backend_set_health_checker_is_force_plain_text
port = var.backend_set_health_checker_port
response_body_regex = var.backend_set_health_checker_response_body_regex
retries = var.backend_set_health_checker_retries
return_code = var.backend_set_health_checker_return_code
timeout_in_millis = var.backend_set_health_checker_timeout_in_millis
url_path = var.backend_set_health_checker_url_path
}
load_balancer_id = oci_load_balancer_load_balancer.test_load_balancer.id
name = var.backend_set_name
policy = var.backend_set_policy
#Optional
backend_max_connections = var.backend_set_backend_max_connections
lb_cookie_session_persistence_configuration {
#Optional
cookie_name = var.backend_set_lb_cookie_session_persistence_configuration_cookie_name
disable_fallback = var.backend_set_lb_cookie_session_persistence_configuration_disable_fallback
domain = var.backend_set_lb_cookie_session_persistence_configuration_domain
is_http_only = var.backend_set_lb_cookie_session_persistence_configuration_is_http_only
is_secure = var.backend_set_lb_cookie_session_persistence_configuration_is_secure
max_age_in_seconds = var.backend_set_lb_cookie_session_persistence_configuration_max_age_in_seconds
path = var.backend_set_lb_cookie_session_persistence_configuration_path
}
session_persistence_configuration {
#Required
cookie_name = var.backend_set_session_persistence_configuration_cookie_name
#Optional
disable_fallback = var.backend_set_session_persistence_configuration_disable_fallback
}
ssl_configuration {
#Optional
certificate_ids = var.backend_set_ssl_configuration_certificate_ids
certificate_name = oci_load_balancer_certificate.test_certificate.name
cipher_suite_name = var.backend_set_ssl_configuration_cipher_suite_name
protocols = var.backend_set_ssl_configuration_protocols
server_order_preference = var.backend_set_ssl_configuration_server_order_preference
trusted_certificate_authority_ids = var.backend_set_ssl_configuration_trusted_certificate_authority_ids
verify_depth = var.backend_set_ssl_configuration_verify_depth
verify_peer_certificate = var.backend_set_ssl_configuration_verify_peer_certificate
}
}
Note: The sessionPersistenceConfiguration
(application cookie stickiness) and lbCookieSessionPersistenceConfiguration
(LB cookie stickiness) attributes are mutually exclusive. To avoid returning an error, configure only one of these two
attributes per backend set.
The following arguments are supported:
backend
- (Optional) (Updatable)
backup
- (Optional) (Updatable) Whether the load balancer should treat this server as a backup unit. If true
, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy.
Note: You cannot add a backend server marked as backup
to a backend set that uses the IP Hash policy.
Example: false
drain
- (Optional) (Updatable) Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false
ip_address
- (Required) (Updatable) The IP address of the backend server. Example: 10.0.0.3
max_connections
- (Optional) (Updatable) The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. Example: 300
offline
- (Optional) (Updatable) Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false
port
- (Required) (Updatable) The communication port for the backend server. Example: 8080
weight
- (Optional) (Updatable) The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work. Example: 3
backend_max_connections
- (Optional) (Updatable) The maximum number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting. If this is not set then the number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting is unlimited. Example: 300
health_checker
- (Required) (Updatable) The health check policy's configuration details.
interval_ms
- (Optional) (Updatable) The interval between health checks, in milliseconds. Example: 10000
is_force_plain_text
- (Optional) (Updatable) Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL.
If "true", health checks will be done using plain text even if the associated backend set is configured to use SSL.
If "false", health checks will be done using SSL encryption if the associated backend set is configured to use SSL. If the backend set is not so configured the health checks will be done using plain text.
Example: false
port
- (Optional) (Updatable) The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the Backend
object. Example: 8080
protocol
- (Required) (Updatable) The protocol the health check must use; either HTTP or TCP. Example: HTTP
response_body_regex
- (Optional) (Updatable) A regular expression for parsing the response body from the backend server. Example: ^((?!false).|\s)*$
retries
- (Optional) (Updatable) The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Example: 3
return_code
- (Optional) (Updatable) The status code a healthy backend server should return. Example: 200
timeout_in_millis
- (Optional) (Updatable) The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Example: 3000
url_path
- (Optional) (Updatable) The path against which to run the health check. Example: /healthcheck
lb_cookie_session_persistence_configuration
- (Optional) (Updatable) The configuration details for implementing load balancer cookie session persistence (LB cookie stickiness).
Session persistence enables the Load Balancing service to direct all requests that originate from a single logical client to a single backend web server. For more information, see Session Persistence.
When you configure LB cookie stickiness, the load balancer inserts a cookie into the response. The parameters configured in the cookie enable session stickiness. This method is useful when you have applications and Web backend services that cannot generate their own cookies.
Path route rules take precedence to determine the target backend server. The load balancer verifies that session stickiness is enabled for the backend server and that the cookie configuration (domain, path, and cookie hash) is valid for the target. The system ignores invalid cookies.
To disable LB cookie stickiness on a running load balancer, use the UpdateBackendSet operation and specify null
for the LBCookieSessionPersistenceConfigurationDetails
object.
Example: LBCookieSessionPersistenceConfigurationDetails: null
Note: SessionPersistenceConfigurationDetails
(application cookie stickiness) and LBCookieSessionPersistenceConfigurationDetails
(LB cookie stickiness) are mutually exclusive. An error results if you try to enable both types of session persistence.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
cookie_name
- (Optional) (Updatable) The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route". Example: example_cookie
Notes:
Set-cookie
generated by a backend server and the Set-cookie
generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both Set-cookie
names are the same, but the domain and path names are different, the client or browser treats them as two different cookies. disable_fallback
- (Optional) (Updatable) Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false
domain
- (Optional) (Updatable) The domain in which the cookie is valid. The Set-cookie
header inserted by the load balancer contains a domain attribute with the specified value.
This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie
header.
Notes:
Set-cookie
header.If the value of the Domain
attribute is example.com
in the Set-cookie
header, the client includes the same cookie in the Cookie
header when making HTTP requests to example.com
, www.example.com
, and www.abc.example.com
. If the Domain
attribute is not present, the client returns the cookie only for the domain to which the original request was made.
Domain
attribute in the Set-cookie
header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain
attribute value example.com
or www.example.com
sent from www.example.com
. It does not accept a cookie with the Domain
attribute abc.example.com
or www.abc.example.com
sent from www.example.com
.Example: example.com
is_http_only
- (Optional) (Updatable) Whether the Set-cookie
header should contain the HttpOnly
attribute. If true
, the Set-cookie
header inserted by the load balancer contains the HttpOnly
attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true
is_secure
- (Optional) (Updatable) Whether the Set-cookie
header should contain the Secure
attribute. If true
, the Set-cookie
header inserted by the load balancer contains the Secure
attribute, which directs the client or browser to send the cookie only using a secure protocol.
Note: If you set this field to true
, you cannot associate the corresponding backend set with an HTTP listener.
Example: true
max_age_in_seconds
- (Optional) (Updatable) The amount of time the cookie remains valid. The Set-cookie
header inserted by the load balancer contains a Max-Age
attribute with the specified value.
The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age
attribute in the Set-cookie
header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client.
Example: 3600
path
- (Optional) (Updatable) The path in which the cookie is valid. The Set-cookie header
inserted by the load balancer contains a Path
attribute with the specified value.
Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path
attribute.
The default value is /
.
Example: /example
load_balancer_id
- (Required) The OCID of the load balancer on which to add a backend set.name
- (Required) A friendly name for the backend set. It must be unique and it cannot be changed.
Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.
Example: example_backend_set
policy
- (Required) (Updatable) The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS
session_persistence_configuration
- (Optional) (Updatable) The configuration details for implementing session persistence based on a user-specified cookie name (application cookie stickiness).
Session persistence enables the Load Balancing service to direct any number of requests that originate from a single logical client to a single backend web server. For more information, see Session Persistence.
With application cookie stickiness, the load balancer enables session persistence only when the response from a backend application server includes a Set-cookie
header with the user-specified cookie name.
To disable application cookie stickiness on a running load balancer, use the UpdateBackendSet operation and specify null
for the SessionPersistenceConfigurationDetails
object.
Example: SessionPersistenceConfigurationDetails: null
Note: SessionPersistenceConfigurationDetails
(application cookie stickiness) and LBCookieSessionPersistenceConfigurationDetails
(LB cookie stickiness) are mutually exclusive. An error results if you try to enable both types of session persistence.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
cookie_name
- (Required) (Updatable) The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie
disable_fallback
- (Optional) (Updatable) Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false
ssl_configuration
- (Optional) (Updatable) The load balancer's SSL handling configuration details.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
certificate_ids
- (Optional) (Updatable) Ids for Oracle Cloud Infrastructure certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]
certificate_name
- (Optional) (Updatable) A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle
cipher_suite_name
- (Optional) (Updatable) The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is oci-default-ssl-cipher-suite-v1
.
Notes:
GET
operation returns oci-default-ssl-cipher-suite-v1
as the value of this field in the SSL configuration for existing listeners that predate this feature.GET
operation returns oci-customized-ssl-cipher-suite
as the value of this field in the SSL configuration for existing listeners that predate this feature.GET
operation returns oci-wider-compatible-ssl-cipher-suite-v1
as the value of this field in the SSL configuration for existing backend sets that predate this feature.GET
operation on a listener returns oci-customized-ssl-cipher-suite
as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource.oci-customized-ssl-cipher-suite
Oracle reserved cipher suite name is not accepted as valid input for this field.example: example_cipher_suite
protocols
- (Optional) (Updatable) A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
If this field is not specified, TLSv1.2 is the default.
Warning: All SSL listeners created on a given port must use the same set of SSL protocols.
Notes:
GET
operation displays a list of SSL protocols currently used by those resources.example: ["TLSv1.1", "TLSv1.2"]
server_order_preference
- (Optional) (Updatable) When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration
object is associated with a backend set.
trusted_certificate_authority_ids
- (Optional) (Updatable) Ids for Oracle Cloud Infrastructure certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]
verify_depth
- (Optional) (Updatable) The maximum depth for peer certificate chain verification. Example: 3
verify_peer_certificate
- (Optional) (Updatable) Whether the load balancer listener should verify peer certificates. Example: true
If the value of the Domain
attribute is example.com
in the Set-cookie
header, the client includes the same cookie in the Cookie
header when making HTTP requests to example.com
, www.example.com
, and www.abc.example.com
. If the Domain
attribute is not present, the client returns the cookie only for the domain to which the original request was made.
Domain
attribute in the Set-cookie
header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain
attribute value example.com
or www.example.com
sent from www.example.com
. It does not accept a cookie with the Domain
attribute abc.example.com
or www.abc.example.com
sent from www.example.com
.Example: example.com
is_http_only
- Whether the Set-cookie
header should contain the HttpOnly
attribute. If true
, the Set-cookie
header inserted by the load balancer contains the HttpOnly
attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true
is_secure
- Whether the Set-cookie
header should contain the Secure
attribute. If true
, the Set-cookie
header inserted by the load balancer contains the Secure
attribute, which directs the client or browser to send the cookie only using a secure protocol.
Note: If you set this field to true
, you cannot associate the corresponding backend set with an HTTP listener.
Example: true
max_age_in_seconds
- The amount of time the cookie remains valid. The Set-cookie
header inserted by the load balancer contains a Max-Age
attribute with the specified value.
The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age
attribute in the Set-cookie
header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client.
Example: 3600
path
- The path in which the cookie is valid. The Set-cookie header
inserted by the load balancer contains a Path
attribute with the specified value.
Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path
attribute.
The default value is /
.
Example: /example
name
- A friendly name for the backend set. It must be unique and it cannot be changed.
Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.
Example: example_backend_set
policy
- The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS
session_persistence_configuration
- The configuration details for implementing session persistence based on a user-specified cookie name (application cookie stickiness).
Session persistence enables the Load Balancing service to direct any number of requests that originate from a single logical client to a single backend web server. For more information, see Session Persistence.
With application cookie stickiness, the load balancer enables session persistence only when the response from a backend application server includes a Set-cookie
header with the user-specified cookie name.
To disable application cookie stickiness on a running load balancer, use the UpdateBackendSet operation and specify null
for the SessionPersistenceConfigurationDetails
object.
Example: SessionPersistenceConfigurationDetails: null
Note: SessionPersistenceConfigurationDetails
(application cookie stickiness) and LBCookieSessionPersistenceConfigurationDetails
(LB cookie stickiness) are mutually exclusive. An error results if you try to enable both types of session persistence.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
cookie_name
- The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie
disable_fallback
- Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false
ssl_configuration
- A listener's SSL handling configuration.
To use SSL, a listener must be associated with a certificate bundle.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
certificate_ids
- Ids for Oracle Cloud Infrastructure certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]
certificate_name
- A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle
cipher_suite_name
- The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is oci-default-ssl-cipher-suite-v1
.
Notes:
GET
operation returns oci-default-ssl-cipher-suite-v1
as the value of this field in the SSL configuration for existing listeners that predate this feature.GET
operation returns oci-customized-ssl-cipher-suite
as the value of this field in the SSL configuration for existing listeners that predate this feature.GET
operation returns oci-wider-compatible-ssl-cipher-suite-v1
as the value of this field in the SSL configuration for existing backend sets that predate this feature.GET
operation on a listener returns oci-customized-ssl-cipher-suite
as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource.oci-customized-ssl-cipher-suite
Oracle reserved cipher suite name is not accepted as valid input for this field.example: example_cipher_suite
protocols
- A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
If this field is not specified, TLSv1.2 is the default.
Warning: All SSL listeners created on a given port must use the same set of SSL protocols.
Notes:
GET
operation displays a list of SSL protocols currently used by those resources.example: ["TLSv1.1", "TLSv1.2"]
server_order_preference
- When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration
object is associated with a backend set.
trusted_certificate_authority_ids
- Ids for Oracle Cloud Infrastructure certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]
verify_depth
- The maximum depth for peer certificate chain verification. Example: 3
verify_peer_certificate
- Whether the load balancer listener should verify peer certificates. Example: true
The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Backend Set
* update
- (Defaults to 20 minutes), when updating the Backend Set
* delete
- (Defaults to 20 minutes), when destroying the Backend Set
BackendSets can be imported using the id
, e.g.
$ terraform import oci_load_balancer_backend_set.test_backend_set "loadBalancers/{loadBalancerId}/backendSets/{backendSetName}"