| This article is outdated! |
| Unfortunately, this article is outdated, so please be careful when you will implement this solution! |
Do you know when infrastructure deploying was revolutionized? It was the day when the world saw the Terraform for the first time. Yes, Infrastructure as a Code is a great idea which can simplify our infrastructure provisioning. We can see the full power of the Terraform just with an AWS, but it can be also used with another Cloud Providers. In the Terraform documentation, you can find Google Cloud, Digital Ocean, Microsoft Azure, but also private and on-premise providers like Openstack or VMware vSphere. I work with VMware vSphere and VMware vCloud Director, so Terraform is designed for me too!
What is Terraform?
If you have never heard about Terraform, I need to write a few words about it. It’s a tool for deploying, versioning and controlling the infrastructure. Terraform has a client-side architecture. It means that it do not need any agent installed anywhere. The entire communication is conducted by the providers API requests. One of the most important features of this tool is a declarative code. You can write a set of instructions for Terraform, and it will do everything for you! All you need to do is declare the end state of your infrastructure. It’s pretty convenient, isn’t it?
| Maybe you can find it interesting! |
| Deploying multiple vSphere VMs with Terraform |
But what about deploying vSphere VM with Terraform?
Now, vSphere Provider is not as expanded as AWS Provider, but has enough functionality for most cases. You can use it for single VM deploying as well as for multiple VMs. If you want to have complete builds, you may meld Terraform and Ansible together. Please notice that Terraform has ability to make OS customization, so once the build is completed, you have a full operational Virtual Machine! Deploying vSphere VM with Terraform is easy – there are only few variables and you can split config into the three files.
- provider.tf
- instance.tf
- vars.tf
Of course I do not want to explain how the entire Terraform works. You can check First Steps in the official documentation or another blogs. I also recommend Learn DevOps: Infrastructure Automation With Terraform on the Udemy. The whole mentioned pages are focusing on basics and explain it better than I. I just want to show you how to deploy vSphere VM with Terraform.
Finally, how to use Terraform with vSphere?
I use Terraform with a few cases, but but honestly – just two basic build templates are enough for me. Today I am presenting you the first example – deploying a single VM. You can clone from GitHub my Git repository containing something I called template.
As you can see, there are only three files (excluding README). You do not need to change provider.tf (unless you want to disable “allow_unverified_ssl” variable – it is useful with self-signed certificates). If you list the vars.tf file, you see that I defined every important variable with default values. For example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
variable "viuser" {} variable "vipassword" {} variable "viserver" { default = "vcs1.local.domain" } // default VM name in vSphere and its hostname variable "vmname" { default = "test-vm" } // default Resource Pool variable "vmrp" { default = "YOUR_RP" } // default VM domain for guest customization variable "vmdomain" { default = "local.domain" } // default datastore to deploy vmdk variable "vmdatastore" { default = "DS_SILVER_01" } // default VM Template variable "vmtemp" { default = "CENTOS-TEMP" } // map of the datastore clusters (vmdatastore = "vmdscluster") variable "vmdscluster" { type = "map" default = { DS_SILVER_01 = "DS_CLUSTER_SILVER" DS_SILVER_02 = "DS_CLUSTER_SILVER" DS_GOLD_01 = "DS_CLUSTER_GOLD" DS_GOLD_02 = "DS_CLUSTER_GOLD" } } |
Every variable is described, every map has a short instruction how mapping works. Of course values in the repository are fake – you need to change values on your own. Yup, every single value. But don’t worry – it’s just one-time operation. When you suplement the vars.tf file, you can use it many times, changing only that variables, which should be modified.
Example of vars.tf
Let’s assume that you have infrastructure like this:
In that case your vars.tf file will look like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
variable "viuser" {} variable "vipassword" {} variable "viserver" { default = "your-vcs.local.domain" } // default VM name in vSphere and its hostname variable "vmname" { default = "test-vm" } // default Resource Pool variable "vmrp" { default = "FIRST_RP" } // default VM domain for guest customization variable "vmdomain" { default = "local.domain" } // default datastore to deploy vmdk variable "vmdatastore" { default = "SILVER_01" } // default VM Template variable "vmtemp" { default = "CENTOS-TEMP" } // map of the datastore clusters (vmdatastore = "vmdscluster") variable "vmdscluster" { type = "map" default = { SILVER_01 = "SILVER_DSCLUSTER" SILVER_02 = "SILVER_DSCLUSTER" GOLD_01 = "GOLD_DSCLUSTER" GOLD_02 = "GOLD_DSCLUSTER" } } // map of the compute clusters (vmrp = "vmcluster") variable vmcluster { type = "map" default = { FIRST_RP = "FIRST_CLUSTER" SECOND_RP = "FIRST_CLUSTER" ANOTHER_RP = "SECOND_CLUSTER" SOME_RP = "SECOND_CLUSTER" } } // map of the first three octets of the IP address (with netmask /24, vmdomain = "vmaddrbase") variable "vmaddrbase" { type = "map" default = { local.domain = "192.168.0." second.domain = "192.168.1." } } // host octet in the IP address variable "vmaddroctet" { default = "200" } // map of the IP gateways (vmdomain = "vmgateway") variable "vmgateway" { type = "map" default = { local.domain = "192.168.0.1" second.domain = "192.168.1.1" } } // map of the DNS1 addresses (vmdomain = "vmdns1") variable "vmdns1" { type = "map" default = { local.domain = "192.168.0.5" second.domain = "192.168.1.5" } } // map of the DNS2 addresses (vmdomain = "vmdns2") variable "vmdns2" { type = "map" default = { local.domain = "192.168.0.6" second.domain = "192.168.1.6" } } // map of the VM Network (vmdomain = "vmnetlabel") variable "vmnetlabel" { type = "map" default = { local.domain = "NET_Backend_01" } } |
Yes, I know it’s pretty long but, despite appearances, it’s obvious.
Another changes you should make are IP addresses variables. In my template you can use multiple domains within one vCenter Server. You just need to specify DNS servers for each domain and be sure that you use the right “vmdomain” variable. I assumed that VMs would be in the same subnet as domain controllers, but of course it’s only the simplification. You can specify another subnets with another subnet masks.
How to specify VM – instance.tf
Information you see above is only a definition of your infrastructure. It’s important, but you cannot deploy a vSphere VM with Terraform if you do not code an instance definition. Terraform uses a resource block for it. It’s recommended to use a separate file (for example instance.tf) for code clarity.
In my template, instance.tf file contains only one block with two subblocks. Terraform allows you to create additional disks, network cards, but this case describes the simplest example. Only one base disk and one network adapter.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
resource "vsphere_virtual_machine" "TEST-VM" { name = "${var.vmname}" vcpu = 2 memory = 4096 domain = "${var.vmdomain}" datacenter = "YOUR_DC" cluster = "${lookup(var.vmcluster,var.vmrp)}" resource_pool = "${lookup(var.vmcluster, var.vmrp)}/Resources/${var.vmrp}" dns_servers = ["${lookup(var.vmdns1,var.vmdomain)}, ${lookup(var.vmdns2,var.vmdomain)}"] network_interface { label = "${lookup(var.vmnetlabel, var.vmdomain)}" ipv4_address = "${lookup(var.vmaddrbase,var.vmdomain)}${var.vmaddroctet}" ipv4_gateway = "${lookup(var.vmgateway,var.vmdomain)}" ipv4_prefix_length = "24" } disk { template = "Linux_templates/${var.vmtemp}" type = "thin" datastore = "${lookup(var.vmdscluster, var.vmdatastore)}/${var.vmdatastore}" } } |
As you can see almost everything is defined as a variable. You don’t need to change every variable when you want to deploy a VM in – for example – another Datastore. You only need to specify few vars and the variable maps will do work for you. And here the entire magic begins!
Use a .tfvars file to protect your secrets
It’s not recommend to store your secrets in the version control systems. This rule concerns a vSphere Provider as well as another Providers. There is a special file with a .tfvar extension in which you can put your credentials and also overwrite default variables from the vars.tf file. By design, this file is used by Terraform to populate variables in the build, so you can use it for both options.
You should not add a .tfvars file to your repository. Please take a look at my .gitignore file in the terraform-vsphere-single-vm repository. Git will ignore these files and that’s the point, because I put credentials inside them. Apart from the credentials, you should put every variable you want to overwrite a default value. If you want to deploy vSphere VM with Terraform using my template, it should be at least:
- vmdomain – domain name for OS customization; some maps are based on that value
- vmrp – Resource Pool in which you want to deploy your VM
Rest of variables you can leave with default values. I highly recommend you to set your defaults with the resources you can use for testing purposes. Then if you forget to change defaults, nothing bad will happen.
Example of the .tfvars file:
|
1 2 3 4 5 |
viuser = "testuser" vipassword = "Qwertyuiop" vidomain = "second.domain" virp = "ANOTHER_RP" vmtemp = "DEBIAN8-TEMP" |
When you make required changes, you can build your vSphere VM with Terraform, using terraform plan and terraform apply command (look here for more details). That’s all!
Technical Notes
During the constructing your infrastructure code, you should pay attention to the following things:
- ensure the resource_pool variable in the instance.tf file has a full path, for example CLUSTER_NAME/Resources/RP_NAME
- ensure the template variable in the instance.tf file has a full path to the VM template (based on folders), for example Templates/Linux_Templates/TEMPLATE_NAME
- ensure the name variable in the instance.tf file is compatible with the following requirements (more details here):
- variable doesn’t contain any underscores
- variable length is less than 15 characters
- this template works only with Linux machines
Summary
With this template you can easily create a vSphere VM with Terraform. It has only basic options, but Terraform vSphere Provider contains many more possibilities. You can deploy multiple VM at the same time, create additional disks and network adapters, customize Linux and Windows OS, run scripts after successfull deployment, upload .vmdk files etc. You can check all of the possibilities in the Terraform Documentation, especially vSphere Provider section.
I will certainly create another post (and GitHub repository) with template that allow deploying multiple vSphere VM with Terraform, but you can try to play with this tool in your own labs. The greatest fun begins with using Terraform, Ansible and Jenkins together, but I will write about it next time. 🙂
Bibliography:
Nice intro but the most important part would be how to go on after you deployed the basic infrastructure. There has to be some adjustment on the DHCP/DNS-Server to make it work with Ansible (or another configuration management tool). I was missing that area …
Hi! Thanks a lot for your feedback. To be honest, it’s quite outdated post… I have not been working with VMware for about a year, so it’s hard for me to update and add some more topics. But anyway thank you very much, because I recalled this article. And I should mark it (and similar articles) as outdated. 🙂
Hi Emil,
Thank you for your write-up.
It is quite good! But how do you mean that it’s out-dated?
Hi!
I just wanted to inform all of you, that I am not able to update this article. 🙂 Basically, it’s up-to-date (in theory), because most part of this article is valid. But I know that vSphere Provider is growing very fast, and if there is new functionality in the provider, I don’t know about it (I have not been working with vSphere anymore). Also, if such functionality is marked as “required” in the .tf file, my article can be misleading. But I don’t want to remove this post – it still has some helpful information, but I want to be honest with all readers, so I’ve added this annotation.