NSXT
Original design
This is the starting point of the infrastructure. A classic design that lot of enterprises have or used to have. Virtual Machine (VM) and Bare Metal Server (BMS) are sharing a same vlan behind a firewall. Everything begins when the VM wants to move to a more virtual infrastructure with distributed routing and firewalling. In this case they want to move to VMware NSXT.
From a physical point of view, the migration is performed on leaf and spine infrastructure that we will call the underlay.
This article is to show an example of how to manage NSX-T firewall rules as a code through Terraform. You can find the project on my github account : nsxt-frac-tf-cm and nsxt-frac-tf-rm
I will describe the structure of the project, how it works, the data model, the Terraform code explanation and finish with an example.
Structure of the project The diagram below shows a summary of how I organized the project in order to fully use infrastructre as code.
https://www.terraform.io/docs/cli/commands/state/mv.html
On windows :
terraform state mv nsxt_policy_security_policy.policy1 nsxt_policy_security_policy.policies[\“policy1\“] It move resources from a construct like this
locals { policy1= { rule1 = { source = ["src1","src2"] } } policy2 = { rule1 = { source = ["src3","src4"] } } } To a structure like this
locals { policies = { policy1 = { rule1 = { source = ["src1","src2"] } } policy2 = { rule2 = { source = ["src3","src4"] } } } } The main moving from
The steps below are what I have followed to create a terraform-bundle to use terraform with non default providers on a server that doesn’t have access to Internet. You can find the tool explanation in the below link.
https://github.com/hashicorp/terraform/tree/master/tools/terraform-bundle
installation of golang with msi downloaded here
https://golang.org/doc/install
Clone the terraform repository to get the tool
https://github.com/hashicorp/terraform.git
cd terraform-master go install .\tools\terraform-bundle Check the terraform version C:\Users\noyel\Desktop\tfforeach\nsxt>terraform version Terraform v0.