by Example Scripts – https://github.com/somanyclouds/VCD/tree/main/Terraform
VMware Cloud Director (VCD) is a multi tenanted platform by design and offers service providers the ability to configure their IaaS offerings to suit their business needs of their customers. In my view all cloud platforms should have automation as a key corner stone to the design and operational process. Terraform provides the ability to automate many platforms and products and VCD is one of them. VCD has had a Terraform provider available for many versions so is a mature product. I started to use the provider when working on a V2T migration project with a Service Provider and I needed to spin up Org’s and Org VDC’s with different network configurations to run and valid migration scenarios in a test lab.
Looking at the components needed i quickly identified that it was not just VCD that i needed to automate, vSphere and NSX both had key components which needed to be created before importing them into VCD to configure in the tenants, luckily Terraform also has providers for these VMware products as well.
Before getting further into this blog post i need to call out that i’m not a developer and never been on a Terraform course so i’m sure there are a bunch of things that could have been done better, cleaner and with more finesse. I plan to update the script as i build out my lab platforms to include other extensions within VCD and i’m sure this will also mean better code…hopefully.
The terraform files can be downloaded here.
When running the scripts it performs the following:
- Connects to all required endpoints (VMware Cloud Director, NSX-T )
- Build individual components that are imported into VDC or used by NSX e.g. segments used on edge gateways as uplinks
- Build the logical constructs like Orgs and OrgVDC’s and network configs
There are some perquisites before using these scripts, the oblivious ones like having VCD, NSX and vSphere installed and configured, these need to be in a state that you can manually create a tenant and it’s networking constructs. A NSX-T Edge Cluster deployed and a NSX-T T0 logical router created which will be used as the parent T0 for the VRF Lite gateways which are created for each tenant via the Terraform scripts. The parent T0 should not be added to VCD. If you are running the ALB file then NSX ALB (Avi) needs to be configured in VCD and a service engine group created in the ALB management interface. There are also other perquisites like having a shared catalog across all Org’s and VM images that you set in the variables file so you can build out a VM/vAPP.
Like when you build a tenant manually there are a number of inputs that are required within the UI, the script uses a variables file which contains these inputs so this can be used to build different tenant configurations just by updating a single file. The ifile needs to be updated with your environment details. I have not used terraform secrets so all passwords in the variables file are in plain text this is a good guide to store secerts.
In the scripts each Terraform resource and data source uses the variables inputs by using the var.<variable-name> as per below.
File structure:
Terraform allows you can create multiple files within a folder that contains terraform code and all of these files will be executed when you run the apply command. This structure allows you to only build out parts of a Org and Org VDC that you need e.g. removing the OrgVDC1-vApp.tf file into a subfolder named “Do not Run” will not deploy a vApp and associated VM’s from the catalog which saves time when testing .
File Table:
| File Name | Description |
| Providers.tf | Contains the terraform provider for NSX-T and VCD can add a version here if needed |
| VCD-Auth.tf | User and connection details for VCD endpoint |
| VCD-Org.tf | Creates the VCD Organisation and Org and tenant users |
| VCD-OrgVDC1.tf | Organisation Virtual Datacenter settings |
| NSX-T-VRF.tf | Creates a new VRF Lite with interface and adds it to VCD |
| NSX-T-VRF-Create Segment.tf | Creates a overlay based external segment to be used on the VRF Lite |
| VCD-OrgVDC1-RoutedNetwork.tf | Tenant routed network connected to the edge gateway (T1) |
| VCD-OrgVDC1-EdgeGW.tf | Creates tenant edge gateway (T1) in VCD |
| VCD-OrgVCD1-vApp.tf | Creates x1 vApp and adds network to vAPP and x2 VMs Web01 and Web 02 |
| VCD-OrgVDC1-EdgeGW-ALB.tf | Used to set ALB settings on the tenant edge gateway |
| NSX-T-Auth.tf | User and connection details for NSX-T endpoint |
| pwd.txt | Password for Org admin and customer tenant admin (VCD-Org.tf) |
| variables.tf | All bespoke configurations |
| VCD-OrgVDC1-EdgeGW-DC-Grp.tf | Creates VDC network group will OrgVDC’s |
| VCD-ORGVCD1-EdgeGW-ALB-Config.tf | Assigns NSX ALB SE Grp to Edge and creates NSX ALB, pool, virtual service |
Running the build:
terraform initThe init switch initialises the the directory and downloads the terraform providers needed to execute the code. The providers.tf and also in the vSphere.tf file can be used to declare a certain version or if not set will grab the latest one.
terraform PlanThe terraform plan command can be used to see what is going to be executed. Plan is good if you are making changes to your code and you need to check what these changes will do before committing.
terraform apply --auto-approveTo commit the code and create the infrastructure use the apply command, the --auto-approve switch will not ask for approval and after it runs the pre check and will just start creating.
terraform destroy --auto-approveTo remove all the deployed configuration run the destroy command this will reverse all that was deployed.
