Terraform
The need I went into some troubles when I wanted to implement NSXT rules. My aim was to keep the order of the rules as intended by the user when he wrote his data without asking him to enter a rule ID manually. If the order is kept then it’s easy to prioritize the rules according to their placement. With the NSX-T Terraform provider the rules are in the form below :
The chicken and egg problem I write a lot on Terraform because I like the tool very much. This time I thought it would be good to show a situation where Terraform is not necessarily the best tool for the job. The diagram below illustrates the problem.
A needs B and B needs A. If the relationship is mandatory it will be impossible to provision these resources because we have a chicken and egg problem.
This blog is in two parts. The first part explains what is needed to start with Terraform. This second part is to go one step further but still targets beginners.
You can find more in depth articles on Gruntwork blog and the Terraform documentation is also very good.
Table of contents Terraform Bare minimum Terraform one step further
What happens in the background ?
What happens if we modify the object on GUI ?
This blog is in two parts. This first part explains what is needed to start with Terraform, the second part is to go one step further but still targets beginners.
Table of content Terraform bare minimum
Terraform, what is it ?
What do I need to provision something with Terraform ?
How do I know what to create ? The configuration is made of 3 blocks
The big picture This blog post is a memo for the ACI Terraform policy model. I have struggled to find equivalences between ACI REST API Call / Classes and Terraform resources. Below you can find the full diagram. The diagram is not exhaustive but I think I have reached a point where I can published something. I will probably modify or add things if I use more resources or if people correct me but I think it is a good start.
This article is to show an example of how to manage NSX-T firewall rules as a code through Terraform. You can find the project on my github account : nsxt-frac-tf-cm and nsxt-frac-tf-rm
I will describe the structure of the project, how it works, the data model, the Terraform code explanation and finish with an example.
Structure of the project The diagram below shows a summary of how I organized the project in order to fully use infrastructre as code.
The post below shows how to create security policy groups for NSX-T with Terraform nested for_each loop and dynamic.
The variables are made from one map of list. Each list represents one group composed of tags.
https://www.hashicorp.com/blog/hashicorp-terraform-0-12-preview-for-and-for-each
variable "mapgroups" { type = map default = { NBO = ["NBO"] NBO-PROD = ["NBO","PROD"] } } resource "nsxt_policy_group" "nbogroups" { for_each = var.mapgroups display_name = each.key criteria { dynamic "condition" { for_each = each.
The steps below are what I have followed to create a terraform-bundle to use terraform with non default providers on a server that doesn’t have access to Internet. You can find the tool explanation in the below link.
https://github.com/hashicorp/terraform/tree/master/tools/terraform-bundle
installation of golang with msi downloaded here
https://golang.org/doc/install
Clone the terraform repository to get the tool
https://github.com/hashicorp/terraform.git
cd terraform-master go install .\tools\terraform-bundle Check the terraform version C:\Users\noyel\Desktop\tfforeach\nsxt>terraform version Terraform v0.
An extended explanation of the differences between for_each, for and count can be find on the link below https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9
The two main drawbacks of using count are :
- Can’t be used to loop over inline blocks
- Difficult to remove entry from a list because it changes the index and those Terraform may want to destroy the resource because it has a different index
Below is an example of the variables used to create subnets within AWS VPCs and the main file with the for_each.