Do you want to maintain your network and security infrastructure as a code? Do you want to automate NSX-T? One more option has been just added for you!
Following my previous post about NSX-T: OpenAPI and SDKs you might have figured out how easy it is to generate different language bindings for NSX-T. Thankfully to this, we have generated Go Lang NSX-T SDK that we use as a foundation of the new NSX-T Terraform provider.
Terraform is an open-source infrastructure as a code software by HashiCorp. It allows creation, modification, and deletion of an infrastructure using a high-level configuration files that can be shared between team members, treated as a code, edited, reviewed, and versioned. These configuration files are written in HCL(HashiCorp Configuration Language) which is actually JSON with some fine-tuning. Plain JSON can be also used.
There are several important components in Terraform:
1. Providers are responsible for managing the lifecycle of the resources: create, read, update, delete. The Providers usually require some sort of configuration to provide authentication, endpoint URLs, etc. By default, resources are matched with the provider with the start of the name. For example, a resource nsxt_logical_switch is associated with provider called nsxt.
Example of configuring NSX-T provider:
2. Data sources allow data to be fetched or computed for use elsewhere in Terraform configuration. They present read-only views into pre-existing data. Every data source is mapped to a provider based on the prefix matching. For example, the nsxt_transport_zone data source maps to the nsxt provider.
Data Source Example:
Currently supported data sources:
3. Resources are the most important thing we will configure. They are the components that we would like to create, read, update, delete.
Currently supported resources:
In the example below we create logical switch based on an overlay transport zone as well as a T1 router connected to both upstream T0 router and the newly created logical switch.
There are several CLI command that you might want to use within the folder where you have your terraform configuration file(s)/.
1. terraform init is used to initialise a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration. It is safe to run this command multiple times, to bring the working directory up to date.
2. terraform plan is used to create an execution plan. This command is a convenient way to check whether the execution plan matches your expectations specified in the configuration files without making any changes to real resources or to the state.
3. terraform apply is used to apply the changes required to reach the desired state. You may run this command for initial creation of resources as well modification of existing resources in order to achieve the desired state.
4. terraform destroy will destroy the Terraform-managed infrastructure
5. terraform graph can be used to generate a visual representation of either a configuration or an execution plan. The output is in DOT format, which can be used by GraphViz to generate charts. Once GraphViz is installed you can use the following command:
If we use terraform graph for the example above we will get an image like this:
In order to attach Virtual Machines to the newly created Logical Switches we need to combine it with the vSphere Provider. The only specific part is we need vsphere_network data source with the name of the created Logical Switch to be referred in the network_interface section of the vsphere_virtual_machine resource.
Please check the Youtube video below where I demo a complete example for deploying and securing a three-tier application including firewall section, NAT, and connecting(cloning) Virtual Machines to NSX-T logical switches.
I hope you enjoy automating NSX-T. Stay tuned, there is more to come.
Three-Tier Demo Application: https://github.com/yasensim/nsxt-terraform-three-tier-app
Terraform Documentation: https://www.terraform.io/docs/providers/nsxt/index.html
vSphere Terraform Provider: https://www.terraform.io/docs/providers/vsphere/index.html
VMware NSX-T Documentation: https://docs.vmware.com/en/VMware-NSX-T/index.html
Go lang bindings: https://github.com/vmware/go-vmware-nsxt