imperva · assaf13 · Oct 16, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 15, 2023
diff --git a/examples/installation/dsf_single_account_deployment/sonar.tf b/examples/installation/dsf_single_account_deployment/sonar.tf
@@ -43,6 +43,7 @@ module "hub_main" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   mx_details = var.enable_dam ? [for mx in module.mx : {
     name     = mx.display_name
     address  = coalesce(mx.public_dns, mx.private_dns)
@@ -92,6 +93,7 @@ module "hub_dr" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   generate_access_tokens            = true
   tags                              = local.tags
   providers = {
@@ -156,6 +158,7 @@ module "agentless_gw_main" {
   sonarw_private_key_secret_name    = var.sonarw_gw_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null)
   instance_profile_name             = var.agentless_gw_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.provider-2
@@ -197,6 +200,7 @@ module "agentless_gw_dr" {
   sonarw_private_key_secret_name    = var.sonarw_gw_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null)
   instance_profile_name             = var.agentless_gw_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.provider-2

diff --git a/examples/installation/dsf_single_account_deployment/variables.tf b/examples/installation/dsf_single_account_deployment/variables.tf
@@ -448,6 +448,12 @@ variable "sonarw_gw_public_key_file_path" {
   description = "The Agentless Gateway sonarw user public key file path - used for remote Agentless Gateway federation, HADR, etc."
 }
 
+variable "sonar_machine_base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}
+
 ##############################
 ####    DAM variables     ####
 ##############################

diff --git a/examples/installation/sonar_multi_account_deployment/main.tf b/examples/installation/sonar_multi_account_deployment/main.tf
@@ -134,6 +134,7 @@ module "hub_main" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.hub-main
@@ -173,6 +174,7 @@ module "hub_dr" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.hub-dr
@@ -210,6 +212,7 @@ module "agentless_gw_main" {
   sonarw_private_key_secret_name    = var.sonarw_gw_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null)
   instance_profile_name             = var.gw_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.gw-main
@@ -250,6 +253,7 @@ module "agentless_gw_dr" {
   sonarw_private_key_secret_name    = var.sonarw_gw_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null)
   instance_profile_name             = var.gw_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
   providers = {
     aws = aws.gw-dr

diff --git a/examples/installation/sonar_multi_account_deployment/variables.tf b/examples/installation/sonar_multi_account_deployment/variables.tf
@@ -340,3 +340,9 @@ variable "sonarw_gw_public_key_file_path" {
   default     = null
   description = "The Agentless Gateway sonarw user public key file path - used for remote Agentless Gateway federation, HADR, etc."
 }
+
+variable "sonar_machine_base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}
diff --git a/examples/installation/sonar_single_account_deployment/main.tf b/examples/installation/sonar_single_account_deployment/main.tf
@@ -98,6 +98,7 @@ module "hub_main" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
 }
 
@@ -130,6 +131,7 @@ module "hub_dr" {
   sonarw_private_key_secret_name    = var.sonarw_hub_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_hub_public_key_file_path)), null)
   instance_profile_name             = var.hub_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
 }
 
@@ -163,6 +165,7 @@ module "agentless_gw" {
   sonarw_private_key_secret_name    = var.sonarw_gw_private_key_secret_name
   sonarw_public_key_content         = try(trimspace(file(var.sonarw_gw_public_key_file_path)), null)
   instance_profile_name             = var.gw_instance_profile_name
+  base_directory                    = var.sonar_machine_base_directory
   tags                              = local.tags
 }
 

diff --git a/examples/installation/sonar_single_account_deployment/variables.tf b/examples/installation/sonar_single_account_deployment/variables.tf
@@ -259,3 +259,9 @@ variable "use_hub_as_proxy" {
   default     = true
   description = "Whether to use the DSF Hub as a proxy for ssh into the Agentless Gateways"
 }
+
+variable "sonar_machine_base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}
diff --git a/modules/aws/agentless-gw/main.tf b/modules/aws/agentless-gw/main.tf
@@ -59,4 +59,5 @@ module "gw_instance" {
   sonarw_public_key_content         = var.sonarw_public_key_content
   volume_attachment_device_name     = var.volume_attachment_device_name
   tags                              = var.tags
+  base_directory                    = var.base_directory
 }
diff --git a/modules/aws/agentless-gw/variables.tf b/modules/aws/agentless-gw/variables.tf
@@ -236,4 +236,10 @@ variable "volume_attachment_device_name" {
   type        = string
   default     = null
   description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference"
-}
+}
+
+variable "base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}
diff --git a/modules/aws/hub/main.tf b/modules/aws/hub/main.tf
@@ -68,4 +68,5 @@ module "hub_instance" {
   sonarw_public_key_content         = var.sonarw_public_key_content
   volume_attachment_device_name     = var.volume_attachment_device_name
   tags                              = var.tags
-}
+  base_directory                    = var.base_directory
+}
diff --git a/modules/aws/hub/variables.tf b/modules/aws/hub/variables.tf
@@ -285,4 +285,10 @@ variable "volume_attachment_device_name" {
   type        = string
   default     = null
   description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference"
-}
+}
+
+variable "base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}
diff --git a/modules/aws/sonar-base-instance/setup.tftpl b/modules/aws/sonar-base-instance/setup.tftpl
@@ -134,7 +134,7 @@ function attach_disk() {
         echo "/dev/$DEVICE is not lvm memeber (\"$FS\"). Formatting it..."
         create_lvm /dev/$DEVICE
     fi
-    
+
     mount -a
 }
 
@@ -258,11 +258,10 @@ __EOF__
     fi
 }
 
-STATE_DIR=/imperva
-DATA_DIR=$STATE_DIR/data
-LOGS_DIR=$STATE_DIR/logs
-LOCAL_DIR=$STATE_DIR/local
-APPS_DIR=$STATE_DIR/apps
+DATA_DIR="${base_directory}/data"
+LOGS_DIR="${base_directory}/logs"
+LOCAL_DIR="${base_directory}/local"
+APPS_DIR="${base_directory}/apps"
 
 install_deps
 create_users_and_groups
@@ -278,4 +277,4 @@ fi
 
 set_environment_vars
 install_ssh_keys
-install_access_tokens
+install_access_tokens
diff --git a/modules/aws/sonar-base-instance/userdata.tf b/modules/aws/sonar-base-instance/userdata.tf
@@ -5,6 +5,7 @@ locals {
 
   instance_address = var.use_public_ip ? local.public_ip : local.private_ip
   display_name     = var.name
+  sonar_base_directory   = var.base_directory != null ? var.base_directory : ""
 
   script_path = var.terraform_script_path_folder == null ? null : (join("/", [var.terraform_script_path_folder, "terraform_%RAND%.sh"]))
   install_script = templatefile("${path.module}/setup.tftpl", {
@@ -20,6 +21,7 @@ locals {
     jsonar_uuid                         = random_uuid.jsonar_uuid.result
     additional_install_parameters       = var.additional_install_parameters
     access_tokens_array                 = local.access_tokens_array
+    base_directory                      = local.sonar_base_directory
   })
 }
 

diff --git a/modules/aws/sonar-base-instance/variables.tf b/modules/aws/sonar-base-instance/variables.tf
@@ -213,4 +213,10 @@ variable "volume_attachment_device_name" {
   type        = string
   default     = null
   description = "The device name to expose to the instance for the ebs volume. Keep null if you have no preference"
-}
+}
+
+variable "base_directory" {
+  type        = string
+  default     = "/imperva"
+  description = "The base directory where all Sonar related directories will be installed"
+}