In continuation to my previous blog, In this post we are going to configure tenant using vRealize Automation Terraform Provider, We are going to create below configuration for tenant.
.
- Create a new Cloud account for the Tenant (In this blog we are going to create Vsphere cloud account )
- Create a new Cloud zone Tenant
- Create a new project for the Tenant
- Create a new Image mapping for the Tenant
- Create a new flavor mapping for the Tenant
- Create a new network profile
- Create a new network ip range
Getting Started
1. Create a new Cloud account for the Tenant
Cloud accounts are the configured permissions that vRealize Automation Cloud Assembly uses to collect data from the regions or data centers, and to deploy cloud templates to those regions.
The collected data includes the regions that you later associate with cloud zones.
There are variables which need to be added to terraform.tfvars. The first are for connecting to the vRealize Automation (vRA) endpoint, there are credentials for connecting to the vCenter instance.
So, in this section, we are going to create a new Cloud account “tf-vsphere-account”, this section creates a new new Cloud account by specifying the full Vcenter information and description.
"vra_cloud_account_vsphere "
data "vra_region_enumeration_vsphere" "vca01" {
username = var.username
password = var.password
hostname = var.hostname
accept_self_signed_cert = true
}
resource "vra_cloud_account_vsphere" "this" {
name = "tf-vsphere-account"
description = "foobar"
username = var.username
password = var.password
hostname = var.hostname
regions = data.vra_region_enumeration_vsphere.vca01.regions
accept_self_signed_cert = true
2.Create a new Cloud zone Tenant
Cloud zones are sections of compute resources that are specific to your cloud account type such as AWS or vSphere. ( In this Blog we are going to create cloud zone for vSphere) Cloud zones are specific to a region, you must assign them to a project. There is a many to many relationships between cloud zones and projects. Cloud Assembly supports deployment to the most popular public clouds including Azure, AWS and GCP as well as to vSphere.
So, in this section, we are going to create a new Cloud account “tf-vra-zone1”,
data "vra_cloud_account_vsphere" "this" {
name = vra_cloud_account_vsphere.this.name
}
data "vra_region" "this" {
cloud_account_id = data.vra_cloud_account_vsphere.this.id
region = var.region
}
resource "vra_zone" "this" {
name = "tf-vra-zone1"
description = "my terraform test cloud zone"
region_id = data.vra_region.this.id
}
3. Create a new project for the Tenant
You can create a project to which you add members and cloud zones so that the project members can deploy their cloud templates to the associated zones.
In vRA 8, there are no Reservations concept anymore, so there is need to set of underlying resources and their capabilities.
So, in this section, we are going to create a new project “tf-vra-zone1” and set underlying resources for project.
data "vra_cloud_account_vsphere" "this" {
name = vra_cloud_account_vsphere.this.name
}
data "vra_region" "this" {
resource "vra_project" "this" {
name = var.project_name
description = "terraform test project"
zone_assignments {
zone_id = data.vra_zone.this.id
priority = 1
max_instances = 2
cpu_limit = 1024
memory_limit_mb = 8192
storage_limit_gb = 65536
}
shared_resources = false
# Deprecated, please use administrator_roles instead.
administrators = ["randhir@vra.local"]
administrator_roles {
email = "randhir@vra.local"
type = "user"
}
resource "vra_project" "this" {
name = var.project_name
description = "terraform test project"
zone_assignments {
zone_id = data.vra_zone.this.id
priority = 1
max_instances = 2
cpu_limit = 1024
memory_limit_mb = 8192
storage_limit_gb = 65536
}
shared_resources = false
# Deprecated, please use administrator_roles instead.
administrators = ["randhir@vra.local"]
administrator_roles {
email = "randhir@vra.local"
type = "user"
}
4. Create a new Image mapping for the Tenant
In this section, you map an image of operating system. Basically, a pre-created OS template from your cloud account.
To map an image, I have created a Windows and Linux VM and converted it into a template. This template will be mapped into image mapping and thereafter into a blueprint. You can add all your applications in the template, so that the user gets all required application once the server has been deployed.
So, in this section, we are going to create a new two images “TFWindows” and “TFrhel”
resource "vra_image_profile" "this" {
name = "vra-image-profile"
description = "test image profile"
region_id = data.vra_region.this.id
image_mapping {
name = "TFWindows"
image_id = data.vra_image.TFWindows.id
constraints {
mandatory = true
expression = "!env:Test"
}
constraints {
mandatory = false
expression = "foo:bar"
}
}
image_mapping {
name = "TFrhel"
image_id = data.vra_image.TFrhel.id
cloud_config = "runcmd echo 'Hello'"
5.Create a new flavor mapping for the Tenant
A vRealize Automation flavor map is where you use natural language to define target deployment sizes for a specific cloud account/region.Flavor maps express the deployment sizes that make sense for your environment. One example might be small for 1 CPU and 2 GB memory and medium for 2 CPUs and 8 GB memory for a vCenter account in a named data center.
So, in this section, we are going to create a new two flavor “TFsmall” and “TFmedium”
resource "vra_flavor_profile" "this" {
name = "tf-vra-flavor-profile"
description = "my flavor"
region_id = data.vra_region.this.id
flavor_mapping {
name = "TFsmall"
cpu_count = 2
memory = 4
}
flavor_mapping {
name = "TFmedium"
cpu_count = 4
memory = 8
}
}
6. Create a new network profile
A network profile contains IP information such as gateway, subnet, and address range. vRealize Automation uses vSphere DHCP or a specified IPAM provider to assign IP addresses to the machines it provisions based on network profile settings.
So, in this section, we are going to create a new vra network profile “subnet_isolation”
resource "vra_network_profile" "subnet_isolation" {
name = "isolation-with-subnet"
description = "On-demand networks are created for outbound and private networks."
region_id = data.vra_region.this.id
fabric_network_ids = [
data.vra_fabric_network.subnet.id
]
isolation_type = "SUBNET"
isolated_network_domain_id = data.vra_network_domain.vpc.id
isolated_network_cidr_prefix = var.cidr_prefix
7. Create a new network ip range
Using network and network profile settings, you can control how network IP addresses are used in vRealize Automation Cloud Assembly blueprints and deployments.
So, in this section, we are going to create a new vra_network_ip_range “ip_range”
resource "vra_network_ip_range" "this" {
name = "ip-range"
description = "Internal Network IP Range Example"
start_ip_address = var.start_ip
end_ip_address = var.end_ip
ip_version = var.ip_version
fabric_network_id = data.vra_fabric_network.subnet.id
tags {
key = "foo"
value = "bar"
Now time came to put all together in single file and also created a variable file, which will help providers to configure a new Tenant less than 5 minute.
refresh_token = "l6o7415qOFHfW1wMkZD9cpxHr2wzLauR"
url = "https://vra.mylab.com"
insecure =false
username = "randhirkumar.chaubey"
password = "XXXXXXXXXXX"
hostname = "vca01.mylab.com"
cloud_account = "tf-vsphere-account"
region = "Datacenter:datacenter-2"
project_name = "tf-project"
image_name1 = "win2018"
image_name2 = "rhel7.2"
subnet_name = "vxw-dvs-800-universalwire- -VRA7- 10.1.16.0%2f23"
network_domain_name = "primary-vDS-compute"
cidr_prefix = 23
start_ip = "10.1.16.5"
end_ip = "10.1.16.30"
ip_version = "IPv4"
cidr = 10.1.16.5/23
getway =10.1.16.5
domain = mylab.com
Once you input the parameters, run terraform init, plan and Apply the plan, this process will not take less than 5 minutes to accomplish.
Terraform init
Terraform apply
Above all tasks (7 Tasks) which belong to Tenant configuration has been successfully completed, everything’s has completed in less than 1 minutes.
If you wanna see my code, please left comment here.
I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.
No comments:
Post a Comment