This repository is intended for use as 2nd, linked Terraform workspace. The 1st primary workspace (using the ist-dcn-vcenter GitHub repository) will share its output state to this workspace and be configured to trigger this workspace to run.
The output of the 1st workspace includes two group objects, one for each group of managed VMs. This Terraform plan will use these group details to generate host objects and network group objects dynamically.
Note: This workspace expects to be triggered from another workspace using the "ist-dcn-vcenter" GitHub repository. That workspace must be configured first and then configured to share its state with this workspace as well as trigger this workspace to run.
The Infrastructure-as-Code environment will require the following:
This example will then use the following on-premise domain managers. These will need to be fully commissioned and a suitable user account provided for Terraform to use for provisioning.
The Firepower (FMC) module makes the following assumptions:
Note: The FMC security automation component has been moved to a 2nd GitHub repository and will now be run from a 2nd, linked Terraform workspace.
https://github.com/cisco-apjc-cloud-se/ist-dcn-vcenter
https://github.com/cisco-apjc-cloud-se/ist-vm-fmc-sync
Any successful runs in the primary "ist-dcn-vcenter" workspace will trigger this workspace to run. Any future changes to pushed to thist GitHub repository or the primary workspace repository will automatically trigger a new plan deployment.
If successfully executed, the Terraform plan will result in the following configuration for each domain manager.
New network group objects for each group of VM servers
Note: The FMC provider has an issue removing objects from network groups. As a workaround, the IP addresses of the host objects will be used instead as literal objects in the group.
This repository is intended for use as 2nd, linked Terraform workspace. The 1st primary workspace (using the ist-dcn-vcenter GitHub repository) will share its output state to this workspace and be configured to trigger this workspace to run.
The output of the 1st workspace includes two group objects, one for each group of managed VMs. This Terraform plan will use these group details to generate host objects and network group objects dynamically.
Note: This workspace expects to be triggered from another workspace using the "ist-dcn-vcenter" GitHub repository. That workspace must be configured first and then configured to share its state with this workspace as well as trigger this workspace to run.
The Infrastructure-as-Code environment will require the following:
This example will then use the following on-premise domain managers. These will need to be fully commissioned and a suitable user account provided for Terraform to use for provisioning.
The Firepower (FMC) module makes the following assumptions:
Note: The FMC security automation component has been moved to a 2nd GitHub repository and will now be run from a 2nd, linked Terraform workspace.
https://github.com/cisco-apjc-cloud-se/ist-dcn-vcenter https://github.com/cisco-apjc-cloud-se/ist-vm-fmc-sync
Any successful runs in the primary "ist-dcn-vcenter" workspace will trigger this workspace to run. Any future changes to pushed to thist GitHub repository or the primary workspace repository will automatically trigger a new plan deployment.
If successfully executed, the Terraform plan will result in the following configuration for each domain manager.
New network group objects for each group of VM servers
Note: The FMC provider has an issue removing objects from network groups. As a workaround, the IP addresses of the host objects will be used instead as literal objects in the group.
When deploying applications to a data center, there are certain elements of common configuration that would be used differently by different operational teams. Traditionally, each team would rely on this information being passed manually in ad-hoc manner. In a modern Infrastructure-as-Code (IaC) approach, this configuration can be defined once but leveraged consistently across multiple domains such as networking, infrastructure and security automatically. In this example, we are using a single Terraform plan to deploy a set of new DC networks, clone and configure virtual machines to use these networks and then create matching firewall objects and rules – all from the same simplified intent defined as a minimal set of variables. Finally, we will use the Intersight Service for Terraform to provide Terraform Cloud with secure managed API access to traditionally isolated domain managers within the on-premises data center. This will allow Terraform to reach both public and private infrastructure equally and build a consistent hybrid cloud infrastructure operating model.
The Infrastructure-as-Code environment will require the following:
This example will then use the following on-premise domain managers. These will need to be fully commissioned and a suitable user account provided for Terraform to use for provisioning.
Note: The FMC security automation component has been moved to a 2nd GitHub repository and will now be run from a 2nd, linked Terraform workspace. This was required to allow the vCenter component to clone any number (count) of VMs. This prevented the FMC module from predicting the number of resources required until after the vCenter module has been executed. Instead the FMC component is now run from a 2nd linked workspace. Any updates to the main DCNM/vCenter workplace will trigger the FMC workplace to run and update as necessary.
The DC Networking module makes the following assumptions:
The vCenter module makes the following assumptions:
Note: The FMC security automation component has been moved to a 2nd GitHub repository and will now be run from a 2nd, linked Terraform workspace.
https://github.com/cisco-apjc-cloud-se/ist-dcn-vcenter https://github.com/cisco-apjc-cloud-se/ist-vm-fmc-sync
In Terraform Cloud for Business, queue a new plan to trigger the initial deployment. Any future changes to pushed to the GitHub repository will automatically trigger a new plan deployment.
If successfully executed, the Terraform plan will result in the following configuration for each domain manager.
Changes to the variables defined in the JSON files will result in dynamic, stateful updates across all domains. For example,
"vm_group_a": {
"group_size": 4,
"name": "ist-svr-a",
"host_name": "ist-svr-a",
"num_cpus": 2,
"memory": 1024,
"network_id": "ist-network-a",
"domain": "mel.ciscolabs.com",
"dns_list": [
"64.104.123.245",
"171.70.168.183"
]
},
"svr_cluster": {
"DC3-N9K1": {
"name": "DC3-N9K1",
"attach": true,
"switch_ports": [
"Ethernet1/1", # Host 1 Uplink Port 1
"Ethernet1/2" # Host 2 Uplink Port 1
]
},
"DC3-N9K2": {
"name": "DC3-N9K2",
"attach": true,
"switch_ports": [
"Ethernet1/1", # Host 1 Uplink Port 2
"Ethernet1/2" # Host 2 Uplink Port 2
]
}
},
"svr_cluster": {
"DC3-N9K1": {
"name": "DC3-N9K1",
"attach": true,
"switch_ports": [
"Ethernet1/1" # Host 1 Uplink Port 1
]
},
"DC3-N9K2": {
"name": "DC3-N9K2",
"attach": true,
"switch_ports": [
"Ethernet1/1" # Host 1 Uplink Port 2
]
},
"DC3-N9K3": {
"name": "DC3-N9K3",
"attach": true,
"switch_ports": [
"Ethernet1/1" # Host 2 Uplink Port 1
]
},
"DC3-N9K4": {
"name": "DC3-N9K2",
"attach": true,
"switch_ports": [
"Ethernet1/1" # Host 2 Uplink Port 2
]
}
},
"vpc_interfaces": {
"vpc5": {
"name": "vPC5",
"vpc_id": 5,
"switch1": {
"name": "DC3-LEAF-1",
"ports": ["Eth1/5"]
},
"switch2": {
"name": "DC3-LEAF-2",
"ports": ["Eth1/5"]
}
}
},
This repository is intended for use as 2nd, linked Terraform workspace. The 1st primary workspace (using the ist-dcn-vcenter GitHub repository) will share its output state to this workspace and be configured to trigger this workspace to run.
The output of the 1st workspace includes two group objects, one for each group of managed VMs. This Terraform plan will use these group details to generate host objects and network group objects dynamically.
Note: This workspace expects to be triggered from another workspace using the "ist-dcn-vcenter" GitHub repository. That workspace must be configured first and then configured to share its state with this workspace as well as trigger this workspace to run.
The Infrastructure-as-Code environment will require the following:
This example will then use the following on-premise domain managers. These will need to be fully commissioned and a suitable user account provided for Terraform to use for provisioning.
The Firepower (FMC) module makes the following assumptions:
Note: The FMC security automation component has been moved to a 2nd GitHub repository and will now be run from a 2nd, linked Terraform workspace.
https://github.com/cisco-apjc-cloud-se/ist-dcn-vcenter https://github.com/cisco-apjc-cloud-se/ist-vm-fmc-sync
Any successful runs in the primary "ist-dcn-vcenter" workspace will trigger this workspace to run. Any future changes to pushed to thist GitHub repository or the primary workspace repository will automatically trigger a new plan deployment.
If successfully executed, the Terraform plan will result in the following configuration for each domain manager.
New network group objects for each group of VM servers
Note: The FMC provider has an issue removing objects from network groups. As a workaround, the IP addresses of the host objects will be used instead as literal objects in the group.
Owner
Contributors
Categories
Products
Nexus DashboardSecure FirewallProgramming Languages
HCLLicense
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community