views

Search This Blog

Sunday, August 15, 2021

vRealize Automation Tenants configuration in less than 5 Minutes using vRA Terraform Provider

 In continuation to my previous blog, In this post we are going to configure tenant using  vRealize Automation  Terraform Provider, We are going to create below configuration for tenant.


 .

  1. Create a new Cloud account for the Tenant (In this blog we are going to create Vsphere cloud account )
  2. Create a new Cloud zone Tenant
  3. Create a new project for the Tenant
  4. Create a new Image mapping for the Tenant
  5. Create a new flavor mapping for the Tenant
  6. Create a new network profile 
  7. Create a new network ip range

Getting Started


1. Create a new Cloud account for the Tenant
Cloud accounts are the configured permissions that vRealize Automation Cloud Assembly uses to collect data from the regions or data centers, and to deploy cloud templates to those regions.
The collected data includes the regions that you later associate with cloud zones.

There are variables which need to be added to terraform.tfvars. The first are for connecting to the vRealize Automation (vRA) endpoint, there are credentials for connecting to the vCenter instance.

So, in this section, we are going to create a new Cloud account “tf-vsphere-account”,  this section creates a new new Cloud account by specifying the full Vcenter information  and description.

"vra_cloud_account_vsphere "
data "vra_region_enumeration_vsphere" "vca01" {
  username                = var.username
  password                = var.password
  hostname                = var.hostname
  accept_self_signed_cert = true
}
resource "vra_cloud_account_vsphere" "this" {
  name        = "tf-vsphere-account"
  description = "foobar"
  username    = var.username
  password    = var.password
  hostname    = var.hostname
  regions                      = data.vra_region_enumeration_vsphere.vca01.regions
  accept_self_signed_cert      = true
                                             

2.Create a new Cloud zone Tenant

 Cloud zones are sections of compute resources that are specific to your cloud account type such as AWS or vSphere. ( In this Blog we are going to create cloud zone for vSphere) Cloud zones are specific to a region, you must assign them to a project. There is a many to many relationships between cloud zones and projects. Cloud Assembly supports deployment to the most popular public clouds including Azure, AWS and GCP as well as to vSphere.

So, in this section, we are going to create a new Cloud account “tf-vra-zone1”,  

data "vra_cloud_account_vsphere" "this" {
  name = vra_cloud_account_vsphere.this.name
}
data "vra_region" "this" {
  cloud_account_id = data.vra_cloud_account_vsphere.this.id
  region           = var.region
}
resource "vra_zone" "this" {
  name        = "tf-vra-zone1"
  description = "my terraform test cloud zone"
  region_id   = data.vra_region.this.id
  }


3. Create a new project for the Tenant

You can create a project to which you add members and cloud zones so that the project members can deploy their cloud templates to the associated zones.

In vRA 8, there are no Reservations concept anymore, so there is need to set of underlying resources and their capabilities. 

So, in this section, we are going to create a new project “tf-vra-zone1” and set underlying resources for project.
data "vra_cloud_account_vsphere" "this" {
  name = vra_cloud_account_vsphere.this.name
}
data "vra_region" "this" {
  resource "vra_project" "this" {
  name        = var.project_name
  description = "terraform test project"
 zone_assignments {
    zone_id          = data.vra_zone.this.id
    priority         = 1
    max_instances    = 2
    cpu_limit        = 1024
    memory_limit_mb  = 8192
    storage_limit_gb = 65536
  }
  shared_resources = false
  # Deprecated, please use administrator_roles instead.
  administrators = ["randhir@vra.local"]
  administrator_roles {
    email = "randhir@vra.local"
    type = "user"
  }
resource "vra_project" "this" {
  name        = var.project_name
  description = "terraform test project"
  zone_assignments {
    zone_id          = data.vra_zone.this.id
    priority         = 1
    max_instances    = 2
    cpu_limit        = 1024
    memory_limit_mb  = 8192
    storage_limit_gb = 65536
  }
  shared_resources = false
  # Deprecated, please use administrator_roles instead.
  administrators = ["randhir@vra.local"]
  administrator_roles {
    email = "randhir@vra.local"
    type = "user"
  }


4. Create a new Image mapping for the Tenant
In this section, you map an image of operating system. Basically, a pre-created OS template from your cloud account.

To map an image, I have created a Windows and Linux VM and converted it into a template. This template will be mapped into image mapping and thereafter into a blueprint. You can add all your applications in the template, so that the user gets all required application once the server has been deployed.

So, in this section, we are going to create a new two images “TFWindows” and “TFrhel” 


resource "vra_image_profile" "this" {
  name        = "vra-image-profile"
  description = "test image profile"
  region_id   = data.vra_region.this.id

  image_mapping {
    name     = "TFWindows"
    image_id = data.vra_image.TFWindows.id

    constraints {
      mandatory  = true
      expression = "!env:Test"
    }
    constraints {
      mandatory  = false
      expression = "foo:bar"
    }
  }

  image_mapping {
    name     = "TFrhel"
    image_id = data.vra_image.TFrhel.id

    cloud_config = "runcmd echo 'Hello'"



5.Create a new flavor mapping for the Tenant

A vRealize Automation flavor map is where you use natural language to define target deployment sizes for a specific cloud account/region.Flavor maps express the deployment sizes that make sense for your environment. One example might be small for 1 CPU and 2 GB memory and medium for 2 CPUs and 8 GB memory for a vCenter account in a named data center. 

So, in this section, we are going to create a new two flavor “TFsmall” and “TFmedium” 

resource "vra_flavor_profile" "this" {
 name        = "tf-vra-flavor-profile"
  description = "my flavor"
  region_id   = data.vra_region.this.id
  flavor_mapping {
    name          = "TFsmall"
cpu_count = 2
memory = 4
  }
  flavor_mapping {
    name          = "TFmedium"
    cpu_count = 4
memory = 8
}
  }


6. Create a new network profile

A network profile contains IP information such as gateway, subnet, and address range. vRealize Automation uses vSphere DHCP or a specified IPAM provider to assign IP addresses to the machines it provisions based on network profile settings.

So, in this section, we are going to create a new vra network profile “subnet_isolation” 
resource "vra_network_profile" "subnet_isolation" {
  name        = "isolation-with-subnet"
  description = "On-demand networks are created for outbound and private networks."
  region_id   = data.vra_region.this.id

  fabric_network_ids = [
    data.vra_fabric_network.subnet.id
  ]

  isolation_type               = "SUBNET"
  isolated_network_domain_id   = data.vra_network_domain.vpc.id
  isolated_network_cidr_prefix = var.cidr_prefix


7. Create a new network ip range 
Using network and network profile settings, you can control how network IP addresses are used in vRealize Automation Cloud Assembly blueprints and deployments.

So, in this section, we are going to create a new vra_network_ip_range “ip_range” 
resource "vra_network_ip_range" "this" {
  name              = "ip-range"
  description       = "Internal Network IP Range Example"
  start_ip_address  = var.start_ip
  end_ip_address    = var.end_ip
  ip_version        = var.ip_version
  fabric_network_id = data.vra_fabric_network.subnet.id

  tags {
    key   = "foo"
    value = "bar"


Now time  came to put all together in single file and also created a variable file, which will help providers to configure a new Tenant less than 5 minute. 

refresh_token = "l6o7415qOFHfW1wMkZD9cpxHr2wzLauR"
url = "https://vra.mylab.com"
insecure =false
username = "randhirkumar.chaubey"
password = "XXXXXXXXXXX"
hostname = "vca01.mylab.com"
cloud_account = "tf-vsphere-account"
region = "Datacenter:datacenter-2"
project_name = "tf-project"
image_name1 = "win2018"
image_name2 = "rhel7.2"
subnet_name = "vxw-dvs-800-universalwire- -VRA7- 10.1.16.0%2f23"
network_domain_name = "primary-vDS-compute"
cidr_prefix = 23
start_ip = "10.1.16.5"
end_ip = "10.1.16.30"
ip_version = "IPv4"
cidr = 10.1.16.5/23
getway =10.1.16.5
domain = mylab.com


Once you input the parameters, run terraform init, plan and Apply the plan, this  process will not take less than 5 minutes to accomplish. 

Terraform init




Terraform Plan










Terraform apply









Above all tasks (7 Tasks) which belong to Tenant configuration has been successfully completed, everything’s has completed in less than 1 minutes. 

If you wanna see my code, please left comment here.

I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.

Thursday, August 5, 2021

Configure vRealize Automation using Terraform


 You probably are aware of the VMware has a HashiCorp Terraform provider. which we can be used to configure our vRealize Automation (vRA) infrastructure as well requesting deployments. In this blog I am going to cover, how to configure cloud account for Vsphere .

 

In upcoming blog, I will cover how to configure below resource using Terraform .

 Cloud account for AWS,

Cloud account for Azure

Cloud account for google. 

Cloud Zone

Project

Images

Flavors

Create a vRA Cloud Account for Vsphere :-

I have created a  folder to hold my Terraform configuration files:

main.tf – this is my main terraform file in which I am describing the desired state of my environment

terraform.tfvars – used for setting variable values

variables.tf – used for declaring variables

Create a new file called “main.tf” and define the required providers block to be used, in this blog, we are not going to define any version but by defult going to use latest version. Following this, create a provider block called “vra” and Second block to be created as a data source and for this we will pull vSphere information for cloud account. The third block is a resource block, meaning that something will be created, in this case we have a resource  “vra_cloud_account_vsphere.



.  provider "vra" {
  url           = var.url
  refresh_token = var.refresh_token
  insecure      = var.insecure // false for vRA Cloud and true for vRA 8.0
}


data "vra_region_enumeration_vsphere" "vca01" {
  username                = var.username
  password                = var.password
  hostname                = var.hostname
  accept_self_signed_cert = true
}

resource "vra_cloud_account_vsphere" "this" {
  name        = "tf-vsphere-account"
  description = "foobar"
  username    = var.username
  password    = var.password
  hostname    = var.hostname
  
regions                      = data.vra_region_enumeration_vsphere.inprmvca01.regions
  accept_self_signed_cert      = true

  tags {
    key   = "Cloud"
    value = "Vsphere"
  }
}


The next file is “variable.tf” and  where the variables are defined. Each variable block is created with the variable name. below are the example. 


variable "refresh_token" {
}

variable "url" {
}

variable "insecure" {
}

variable "username" {
}

variable "password" {
}

variable "hostname" {
}

Generating an API token 

 Terraform to authenticate with the vRealize Automation API we need have API token – this can either be an access token or a refresh token. In my lab I have generated refresh_token. Access and Refresh tokens are based on your login credentials and expire in 8 hours or 6 months respectively but share the scope and permissions as your user account and cannot be revoked without disabling the account. For vRealize Automation 8 (on-premises) you will need to use the instructions or scripts provided to retrieve a refresh token.


In Final step need to define the values of each variable. Let’s create a “variables.tfvars” file and enter your environmental details in the file, as per the below example.

refresh_token = "7wq3LMUWCARyEbcGaQUj6hb14gv7w2XE"
url = "https://vra08.mylabs.com"
insecure =false
username = "randhirkumar.chaubey"
password = "XXXXXXXXXXXXXX"
hostname = "vca01. mylabs.com"

The provider vra definition references the two variables we’ve configured in the terraform.tfvars file through the “var” keyword. Now we can run terraform init to see if the provider configures successfully.


The provider is initialized and is ready to start configuring vRealize Automation! 

 

Now we can see at first glance what this will going to  create a new Cloud Account named “tf-vsphere-account”, using the variables declared in variables.tf.  Executing terraform plan will describe what will happen if we run the code: 


Once you run the “terraform plan” and confirm everything looks correct then after run “terraform apply” to create resource (Cloud account for Vsphere).  

 

When command has been finished successfully without error, then you will see new Cloud account for Vsphere in vRA with the properties configured as we set in the “Main.tf” file. 


I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.





Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0 In this post I am going to describe ...