I am back to an older project involving VMware products and Terraform. For those of you new to the subject, Terraform is an open source infrastructure as code tool developed by HashiCorp. It allows to define the entire infrastructure in a language called HashiCorp Configuration Language (HCL) and JSON files (where HCL is not enough).
The interest for Terraform is its ability to easily deliver infrastructure across different infrastructures: public cloud, private cloud, Kubernetes. You write your configuration files, test it (with plan) and then you apply it to the infrastructure to get your resources deployed. There are other software tools that can be used such as HashiCorp Vault which is a secret management solution that can be consumed programmatically. In my example I will be using Vault to store the passwords required for setting up VCSA.
In this example we will use Terraform to update the VCSA JSON template with values provided in a variable file and then run the VCSA cli installer. So we are not using the vSphere provider, rather local provider for modifying the template file and null provider to run a local command. I chose this example though because it is something I struggled to get it working.
I've used the following simple project structure:
resource "local_file" "vcsa_json" { content = templatefile ( var.template_file_path, { vc_fqdn = var.vcenterserver, vc_user = var.vcenterserver_user vc_user_pass = data.vault_generic_secret.vcenter_auth.data["value"], vm_network = var.pg_mgmt, vdc = var.vdc, datastore = var.datastore, host = var.host, cluster = var.cluster, vcsa_name = element(split(".", var.vcsa_fqdn),0), vcsa_fqdn = var.vcsa_fqdn, vcsa_ip = var.vcsa_ip, prefix = var.prefix, gateway = var.gateway, dns = var.dns, vcsa_root_pass = data.vault_generic_secret.vcsa_root.data["value"], ntp_servers = var.ntp, sso_password = data.vault_generic_secret.vcsa_admin.data["value"] } ) filename = var.config_file_path } resource "null_resource" "vcsa_install" { provisioner "local-exec" { command = "${var.installcmd_file_path}/vcsa-deploy install --accept-eula --acknowledge-ceip --no-esx-ssl-verify ${var.config_file_path}" } }
variable "template_file_path" { description = "JSON template file path" type = string default = "templates/vcsa70_embedded_vCSA_on_VC.json" } variable "config_file_path" { description = "vcsa configuration JSON file path" type = string default = "/data/build/vcsa01_embedded_vCSA_on_VC.json" } variable "installcmd_file_path" { description = "command line file path" type = string default = "/data/VMware-VCSA-all-7.0.1-17491101/vcsa-cli-installer/lin64" } variable "vcsa_fqdn" { description = "vcsa hostname" default = "vcsa01.mylab.local" } variable "vcsa_ip" { description = "vcsa ip address" default = "192.168.1.10" } variable "prefix" { description = "IP prefix" default = "24" }
vault.tf
provider "vault" { address = "https://192.168.1.2:8200" token = "ABCD" skip_tls_verify = true } # vcsa deploy data "vault_generic_secret" "vcsa_admin" { path = "kv-vmware-stgdev/administrator@vsphere.local" } data "vault_generic_secret" "vcsa_root" { path = "kv-vmware-stgdev/root" }
{ "__version": "2.13.0", "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on a vCenter Server instance.", "new_vcsa": { "vc": { "__comments": [ "'datacenter' must end with a datacenter name, and only with a datacenter name. ", "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ", "The item 'Resources' must precede the resource pool name. ", "All names are case-sensitive. ", "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help" ], "hostname": "${vc_fqdn}", "username": "${vc_user}", "password": "${vc_user_pass}", "deployment_network": "${vm_network}", "datacenter": [ "${vdc}" ], "datastore": "${datastore}", "target": [ "${cluster}", "${host}" ] }, "appliance": { "__comments": [ "You must provide the 'deployment_option' key with a value, which will affect the vCenter Server Appliance's configuration parameters, such as the vCenter Server Appliance's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes" ], "thin_disk_mode": true, "deployment_option": "small", "name": "${vcsa_name}" }, "network": { "ip_family": "ipv4", "mode": "static", "system_name": "${vcsa_fqdn}", "ip": "${vcsa_ip}", "prefix": "${prefix}", "gateway": "${gateway}", "dns_servers": [ "${dns}" ] }, "os": { "password": "${vcsa_root_pass}", "ntp_servers": "${ntp_servers}", "ssh_enable": false }, "sso": { "password": "${sso_password}", "domain_name": "vsphere.local" } }, "ceip": { "description": { "__comments": [ "++++VMware Customer Experience Improvement Program (CEIP)++++", "VMware's Customer Experience Improvement Program (CEIP) ", "provides VMware with information that enables VMware to ", "improve its products and services, to fix problems, ", "and to advise you on how best to deploy and use our ", "products. As part of CEIP, VMware collects technical ", "information about your organization's use of VMware ", "products and services on a regular basis in association ", "with your organization's VMware license key(s). This ", "information does not personally identify any individual. ", "", "Additional information regarding the data collected ", "through CEIP and the purposes for which it is used by ", "VMware is set forth in the Trust & Assurance Center at ", "http://www.vmware.com/trustvmware/ceip.html . If you ", "prefer not to participate in VMware's CEIP for this ", "product, you should disable CEIP by setting ", "'ceip_enabled': false. You may join or leave VMware's ", "CEIP for this product at any time. Please confirm your ", "acknowledgement by passing in the parameter ", "--acknowledge-ceip in the command line.", "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" ] }, "settings": { "ceip_enabled": false } } }
No comments:
Post a Comment