Context I’m just starting to play with CUE lang to assess the benefit it can bring to the automation I’m doing. This is a short memo to remember how to do dictionary key validation with CUE lang and a little bit more.
My starting point was to do naming convention validation with CUE lang. I have the following data model in my Terraform files.
subnets = { "sub-primary" = { "subnet" = ["10.
Original design
This is the starting point of the infrastructure. A classic design that lot of enterprises have or used to have. Virtual Machine (VM) and Bare Metal Server (BMS) are sharing a same vlan behind a firewall. Everything begins when the VM wants to move to a more virtual infrastructure with distributed routing and firewalling. In this case they want to move to VMware NSXT.
From a physical point of view, the migration is performed on leaf and spine infrastructure that we will call the underlay.
The need I went into some troubles when I wanted to implement NSXT rules. My aim was to keep the order of the rules as intended by the user when he wrote his data without asking him to enter a rule ID manually. If the order is kept then it’s easy to prioritize the rules according to their placement. With the NSX-T Terraform provider the rules are in the form below :
The chicken and egg problem I write a lot on Terraform because I like the tool very much. This time I thought it would be good to show a situation where Terraform is not necessarily the best tool for the job. The diagram below illustrates the problem.
A needs B and B needs A. If the relationship is mandatory it will be impossible to provision these resources because we have a chicken and egg problem.
The context This blog is to explains the scalability issue I have faced while trying to use Terraform to deploy Cisco ACI Fabric. Terraform has been developed initially to deploy Cloud infrastructure. As everything is virtual in a Cloud environment, it’s more or less easy to organize your Terraform infrastructure per application to keep the environment small enough. As a best practice it’s recommended to keep the workspaces as small as possible to avoid performance issues.
This blog is a minimalist example of a Hashicorp Sentinel policy to check the content of a string variable. I’ve struggled a bit to write my first policy and had difficulties understanding the elements required. Nico Vibert’s blog has helped a lot.
Hashicorps sentinel policy are policies as code that will allow you to control what users are pushing through Terraform Enterprise/Cloud. This is a paid feature, Open Policy Agent is the open source alternative.
In this third and last post of the serie, I will describe how to move the Sentinel policy into the production environment.
This serie is made of 3 posts:
The policy The test environment The production environment THE PRODUCTION ENVIRONMENT When your policy is ready, you need to deploy it into production. You can write a policy set that you will store to a VCS (version control system) or you can add the policy individually in the GUI and attach it to the a policy set that you would have created on the GUI.
In this second post of the serie, I will describe the steps I have done to set up the test environment to test my Sentinel policy.
This serie is made of 3 posts:
The policy The test environment The production environment THE TEST ENVIRONMENT When we develop the policy it will be very difficult to push a configuration to see if the policy behaves like we want. Hashicorp provide a test environment to ease the development of the policies.
This is a memo regarding NSX-T uplinks. I think this is the most confusing and difficult part to understand in NSX-T. This post is made of 3 sections, Diagram with a more visual approach, Component with remarks/comments on uplinks components and a Q&A section based on questions I was asking myself. You can find duplicate information but slightly rephrased in every section. I kept it that way as some time some form are easier to understand than other.
This blog is in two parts. The first part explains what is needed to start with Terraform. This second part is to go one step further but still targets beginners.
You can find more in depth articles on Gruntwork blog and the Terraform documentation is also very good.
Table of contents Terraform Bare minimum Terraform one step further
What happens in the background ?
What happens if we modify the object on GUI ?