vRealize Automation Tenants configuration in less than 5 Minutes using vRA Terraform Provider

 In continuation to my previous blog, In this post we are going to configure tenant using  vRealize Automation  Terraform Provider, We are going to create below configuration for tenant.

 .

1. Create a new Cloud account for the Tenant (In this blog we are going to create Vsphere cloud account )
2. Create a new Cloud zone Tenant
3. Create a new project for the Tenant
4. Create a new Image mapping for the Tenant
5. Create a new flavor mapping for the Tenant
6. Create a new network profile 
7. Create a new network ip range

Getting Started

1. Create a new Cloud account for the Tenant

Cloud accounts are the configured permissions that vRealize Automation Cloud Assembly uses to collect data from the regions or data centers, and to deploy cloud templates to those regions.

The collected data includes the regions that you later associate with cloud zones.

There are variables which need to be added to terraform.tfvars. The first are for connecting to the vRealize Automation (vRA) endpoint, there are credentials for connecting to the vCenter instance.

So, in this section, we are going to create a new Cloud account “tf-vsphere-account”,  this section creates a new new Cloud account by specifying the full Vcenter information  and description.

"vra_cloud_account_vsphere "

data "vra_region_enumeration_vsphere" "vca01" {

  username                = var.username

  password                = var.password

  hostname                = var.hostname

  accept_self_signed_cert = true

}

resource "vra_cloud_account_vsphere" "this" {

  name        = "tf-vsphere-account"

  description = "foobar"

  username    = var.username

  password    = var.password

  hostname    = var.hostname

  regions                      = data.vra_region_enumeration_vsphere.vca01.regions

  accept_self_signed_cert      = true

                                             

2.Create a new Cloud zone Tenant

 Cloud zones are sections of compute resources that are specific to your cloud account type such as AWS or vSphere. ( In this Blog we are going to create cloud zone for vSphere) Cloud zones are specific to a region, you must assign them to a project. There is a many to many relationships between cloud zones and projects. Cloud Assembly supports deployment to the most popular public clouds including Azure, AWS and GCP as well as to vSphere.

So, in this section, we are going to create a new Cloud account “tf-vra-zone1”,  

data "vra_cloud_account_vsphere" "this" {

  name = vra_cloud_account_vsphere.this.name

}

data "vra_region" "this" {

  cloud_account_id = data.vra_cloud_account_vsphere.this.id

  region           = var.region

}

resource "vra_zone" "this" {

  name        = "tf-vra-zone1"

  description = "my terraform test cloud zone"

  region_id   = data.vra_region.this.id

  }

3. Create a new project for the Tenant

You can create a project to which you add members and cloud zones so that the project members can deploy their cloud templates to the associated zones.

In vRA 8, there are no Reservations concept anymore, so there is need to set of underlying resources and their capabilities. 

So, in this section, we are going to create a new project “tf-vra-zone1” and set underlying resources for project.

data "vra_cloud_account_vsphere" "this" {

  name = vra_cloud_account_vsphere.this.name

}

data "vra_region" "this" {

  resource "vra_project" "this" {

  name        = var.project_name

  description = "terraform test project"

 zone_assignments {

    zone_id          = data.vra_zone.this.id

    priority         = 1

    max_instances    = 2

    cpu_limit        = 1024

    memory_limit_mb  = 8192

    storage_limit_gb = 65536

  }

  shared_resources = false

  # Deprecated, please use administrator_roles instead.

  administrators = ["randhir@vra.local"]

  administrator_roles {

    email = "randhir@vra.local"

    type = "user"

  }

resource "vra_project" "this" {

  name        = var.project_name

  description = "terraform test project"

  zone_assignments {

    zone_id          = data.vra_zone.this.id

    priority         = 1

    max_instances    = 2

    cpu_limit        = 1024

    memory_limit_mb  = 8192

    storage_limit_gb = 65536

  }

  shared_resources = false

  # Deprecated, please use administrator_roles instead.

  administrators = ["randhir@vra.local"]

  administrator_roles {

    email = "randhir@vra.local"

    type = "user"

  }

4. Create a new Image mapping for the Tenant

In this section, you map an image of operating system. Basically, a pre-created OS template from your cloud account.

To map an image, I have created a Windows and Linux VM and converted it into a template. This template will be mapped into image mapping and thereafter into a blueprint. You can add all your applications in the template, so that the user gets all required application once the server has been deployed.

So, in this section, we are going to create a new two images “TFWindows” and “TFrhel” 

resource "vra_image_profile" "this" {

  name        = "vra-image-profile"

  description = "test image profile"

  region_id   = data.vra_region.this.id

  image_mapping {

    name     = "TFWindows"

    image_id = data.vra_image.TFWindows.id

    constraints {

      mandatory  = true

      expression = "!env:Test"

    }

    constraints {

      mandatory  = false

      expression = "foo:bar"

    }

  }

  image_mapping {

    name     = "TFrhel"

    image_id = data.vra_image.TFrhel.id

    cloud_config = "runcmd echo 'Hello'"

5.Create a new flavor mapping for the Tenant

A vRealize Automation flavor map is where you use natural language to define target deployment sizes for a specific cloud account/region.Flavor maps express the deployment sizes that make sense for your environment. One example might be small for 1 CPU and 2 GB memory and medium for 2 CPUs and 8 GB memory for a vCenter account in a named data center. 

So, in this section, we are going to create a new two flavor “TFsmall” and “TFmedium” 

resource "vra_flavor_profile" "this" {

 name        = "tf-vra-flavor-profile"

  description = "my flavor"

  region_id   = data.vra_region.this.id

  flavor_mapping {

    name          = "TFsmall"

cpu_count = 2

memory = 4

  }

  flavor_mapping {

    name          = "TFmedium"

    cpu_count = 4

memory = 8

}

  }

6. Create a new network profile

A network profile contains IP information such as gateway, subnet, and address range. vRealize Automation uses vSphere DHCP or a specified IPAM provider to assign IP addresses to the machines it provisions based on network profile settings.

So, in this section, we are going to create a new vra network profile “subnet_isolation” 

resource "vra_network_profile" "subnet_isolation" {

  name        = "isolation-with-subnet"

  description = "On-demand networks are created for outbound and private networks."

  region_id   = data.vra_region.this.id

  fabric_network_ids = [

    data.vra_fabric_network.subnet.id

  ]

  isolation_type               = "SUBNET"

  isolated_network_domain_id   = data.vra_network_domain.vpc.id

  isolated_network_cidr_prefix = var.cidr_prefix

7. Create a new network ip range 

Using network and network profile settings, you can control how network IP addresses are used in vRealize Automation Cloud Assembly blueprints and deployments.

So, in this section, we are going to create a new vra_network_ip_range “ip_range” 

resource "vra_network_ip_range" "this" {

  name              = "ip-range"

  description       = "Internal Network IP Range Example"

  start_ip_address  = var.start_ip

  end_ip_address    = var.end_ip

  ip_version        = var.ip_version

  fabric_network_id = data.vra_fabric_network.subnet.id

  tags {

    key   = "foo"

    value = "bar"

Now time  came to put all together in single file and also created a variable file, which will help providers to configure a new Tenant less than 5 minute. 

refresh_token = "l6o7415qOFHfW1wMkZD9cpxHr2wzLauR"

url = "https://vra.mylab.com"

insecure =false

username = "randhirkumar.chaubey"

password = "XXXXXXXXXXX"

hostname = "vca01.mylab.com"

cloud_account = "tf-vsphere-account"

region = "Datacenter:datacenter-2"

project_name = "tf-project"

image_name1 = "win2018"

image_name2 = "rhel7.2"

subnet_name = "vxw-dvs-800-universalwire- -VRA7- 10.1.16.0%2f23"

network_domain_name = "primary-vDS-compute"

cidr_prefix = 23

start_ip = "10.1.16.5"

end_ip = "10.1.16.30"

ip_version = "IPv4"

cidr = 10.1.16.5/23

getway =10.1.16.5

domain = mylab.com

Once you input the parameters, run terraform init, plan and Apply the plan, this  process will not take less than 5 minutes to accomplish. 

Terraform init

Terraform Plan

Terraform apply

Above all tasks (7 Tasks) which belong to Tenant configuration has been successfully completed, everything’s has completed in less than 1 minutes. 

If you wanna see my code, please left comment here.

I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.

Configure vRealize Automation using Terraform

 You probably are aware of the VMware has a HashiCorp Terraform provider. which we can be used to configure our vRealize Automation (vRA) infrastructure as well requesting deployments. In this blog I am going to cover, how to configure cloud account for Vsphere .

 

In upcoming blog, I will cover how to configure below resource using Terraform .

 Cloud account for AWS,

Cloud account for Azure

Cloud account for google. 

Cloud Zone

Project

Images

Flavors

Create a vRA Cloud Account for Vsphere :-

I have created a  folder to hold my Terraform configuration files:

⦁ main.tf – this is my main terraform file in which I am describing the desired state of my environment

⦁ terraform.tfvars – used for setting variable values

⦁ variables.tf – used for declaring variables

Create a new file called “main.tf” and define the required providers block to be used, in this blog, we are not going to define any version but by defult going to use latest version. Following this, create a provider block called “vra” and Second block to be created as a data source and for this we will pull vSphere information for cloud account. The third block is a resource block, meaning that something will be created, in this case we have a resource  “vra_cloud_account_vsphere.

.  provider "vra" {

  url           = var.url

  refresh_token = var.refresh_token

  insecure      = var.insecure // false for vRA Cloud and true for vRA 8.0

}

data "vra_region_enumeration_vsphere" "vca01" {

  username                = var.username

  password                = var.password

  hostname                = var.hostname

  accept_self_signed_cert = true

}

resource "vra_cloud_account_vsphere" "this" {

  name        = "tf-vsphere-account"

  description = "foobar"

  username    = var.username

  password    = var.password

  hostname    = var.hostname

  

regions                      = data.vra_region_enumeration_vsphere.inprmvca01.regions

  accept_self_signed_cert      = true

  tags {

    key   = "Cloud"

    value = "Vsphere"

  }

}

The next file is “variable.tf” and  where the variables are defined. Each variable block is created with the variable name. below are the example. 

variable "refresh_token" {

}

variable "url" {

}

variable "insecure" {

}

variable "username" {

}

variable "password" {

}

variable "hostname" {

}

Generating an API token 

 Terraform to authenticate with the vRealize Automation API we need have API token – this can either be an access token or a refresh token. In my lab I have generated refresh_token. Access and Refresh tokens are based on your login credentials and expire in 8 hours or 6 months respectively but share the scope and permissions as your user account and cannot be revoked without disabling the account. For vRealize Automation 8 (on-premises) you will need to use the instructions or scripts provided to retrieve a refresh token.

In Final step need to define the values of each variable. Let’s create a “variables.tfvars” file and enter your environmental details in the file, as per the below example.

refresh_token = "7wq3LMUWCARyEbcGaQUj6hb14gv7w2XE"

url = "https://vra08.mylabs.com"

insecure =false

username = "randhirkumar.chaubey"

password = "XXXXXXXXXXXXXX"

hostname = "vca01. mylabs.com"

The provider vra definition references the two variables we’ve configured in the terraform.tfvars file through the “var” keyword. Now we can run terraform init to see if the provider configures successfully.

The provider is initialized and is ready to start configuring vRealize Automation! 

 

Now we can see at first glance what this will going to  create a new Cloud Account named “tf-vsphere-account”, using the variables declared in variables.tf.  Executing terraform plan will describe what will happen if we run the code: 

Once you run the “terraform plan” and confirm everything looks correct then after run “terraform apply” to create resource (Cloud account for Vsphere).  

 

When command has been finished successfully without error, then you will see new Cloud account for Vsphere in vRA with the properties configured as we set in the “Main.tf” file. 

I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.