Intersight Module - Easy Intersight Managed Mode

published

Use Cases

  • Build Workspaces in TFCB to support Infrastructure as Code Provisioning.
  • Use Terraform/TFCB to provision Intersight Pools.
  • Use Terraform/TFCB to provision Intersight UCS Policies.
  • Use Terraform/TFCB to provision UCS Chassis Profiles in IMM Mode.
  • Use Terraform/TFCB to provision UCS Domains in IMM Mode.
  • Use Terraform/TFCB to provision UCS Server Profiles in IMM Mode.
  • Use Terraform/TFCB to provision Operation Systems on Baremetal UCS Servers.

Pools - module/pools

  • Fibre-Channel Pools (WWNN/WWPN)
  • IP Pools
  • IQN Pools
  • MAC Pools
  • UUID Pools

Intersight Policies - Folder modules/policies

  • Adapter Configuration (Standalone Servers)
  • BIOS
  • Boot Order
  • Certificate Management
  • Device Connector
  • Ethernet Adapter (vnIC Adapter Policy)
  • Ethernet Network (Standalone Servers)
  • Ethernet Network Control (CDP/LLDP)
  • Ethernet Network Group (VLAN Groups)
  • Ethernet QoS (vNIC QoS)
  • FC Zone (Fibre-Channel Zoning Policy)
  • Fibre Channel Adapter (vHBA Adapter Policy)
  • Fibre Channel Network
  • Fibre Channel QoS (vHBA QoS)
  • Ethernet Network Control (CDP/LLDP)
  • Ethernet Network Group (VLAN Groups)
  • Flow Control
  • IMC Access
  • IPMI Over LAN
  • iSCSI Adapter
  • iSCSI Boot
  • iSCSI Static Target
  • LAN Connectivity
  • LDAP (Standalone Servers)
  • Link Aggregation
  • Link Control
  • Local User
  • Multicast
  • Network Connectivity (DNS)
  • NTP
  • Persistent Memory
  • Port
  • Power
  • SAN Connectivity
  • SD Card - Depricated
  • Serial Over LAN
  • SMTP
  • SNMP
  • SSH
  • Storage
  • Switch Control
  • Syslog
  • System QoS
  • Thermal
  • Virtual KVM
  • Virtual Media
  • VLAN
  • VSAN

UCS Chassis Profiles - module/profiles

  • ucs_chassis_profiles

UCS Domain Profiles - module/ucs_domain_profiles

  • ucs_domain_profiles

UCS Server Profiles - module/profiles

  • ucs_server_profiles

Pre-requisites and Guidelines

  1. Sign up for a user account on Intersight.com. You will need at least one Advantage Tier license as well as a Intersight Workload Optimizer license to complete this use case. Log in to intersight.com and generate API/Secret Keys. Both licensing requirements can utilize the available demo licensing if you don't have the subscription levels.

  2. Sign up for a TFCB (Terraform for Cloud Business) at https://app.terraform.io/. Log in and generate the User API Key. You will need this when you create the TF Cloud Target in Intersight. If not a paid version, you will need to enable the trial account.

  3. Clone this repository to your own VCS Repository for the VCS Integration with Terraform Cloud.

  4. Integrate your VCS Repository into the TFCB Orgnization following these instructions: https://www.terraform.io/docs/cloud/vcs/index.html. Be sure to copy the OAth Token which you will use later on for Workspace provisioning.

VERY IMPORTANT NOTE: The Terraform Cloud provider stores terraform state in plain text. Do not remove the .gitignore that is protecting you from uploading the state files to a public repository in this base directory. The rest of the modules don't have this same risk

Obtain tokens and keys

Terraform Cloud Variables

Intersight Variables

Import the Variables into your Environment before Running the Terraform Cloud Provider module(s) in this directory

Modify the terraform.tfvars file to the unique attributes of your environment for your domain and server profiles and policies.

Once finished with the modification commit the changes to your reposotiry.

The Following examples are for a Linux based Operating System. Note that the TF_VAR_ prefix is used as a notification to the terraform engine that the environment variable will be consumed by terraform.

  • Terraform Cloud Variables - Linux
export TF_VAR_terraform_cloud_token="your_cloud_token"
export TF_VAR_tfc_oauth_token="your_oath_token"
  • Terraform Cloud Variables - Windows
$env:TF_VAR_terraform_cloud_token="your_cloud_token"
$env:TF_VAR_tfc_oauth_token="your_oath_token"
  • Intersight apikey and secretkey - Linux
export TF_VAR_apikey="your_api_key"
export TF_VAR_secretkey=`cat ~/Downloads/SecretKey.txt`
  • Intersight apikey and secretkey - Windows
$env:TF_VAR_apikey="your_api_key"
$env:TF_VAR_secretkey="$HOME\Downloads\SecretKey.txt"

IPMI over LAN Secure Variables

Use the following environment variable, based on your deployment, for IPMI over LAN Settings if you want to configure encryption for the IPMI communication.

  • IPMI over LAN Encryption Key
export TF_VAR_ipmi_key_1="your_password"
$env:TF_VAR_ipmi_key_1="your_password"

LDAP Secure Variables

Use the following environment variable, based on your deployment, for LDAP Policy Binding Settings.

  • LDAP Binding user Password
export TF_VAR_ldap_password="your_password"
$env:TF_VAR_ldap_password="your_password"

Local User Secure Variables

Use the following environment variable, based on your deployment, for Local User Policy Users. This would allow you to configure up to 5 unique users in an organization for CIMC Access.

  • Local user Password
export TF_VAR_local_user_password_1="your_password"
export TF_VAR_local_user_password_2="your_password"
export TF_VAR_local_user_password_3="your_password"
export TF_VAR_local_user_password_4="your_password"
export TF_VAR_local_user_password_5="your_password"
$env:TF_VAR_local_user_password_1="your_password"
$env:TF_VAR_local_user_password_2="your_password"
$env:TF_VAR_local_user_password_3="your_password"
$env:TF_VAR_local_user_password_4="your_password"
$env:TF_VAR_local_user_password_5="your_password"

Persistent Memory Secure Variables

Use the following environment variable, based on your deployment, for Persistent Memory Encryption.

  • Persistent Memory Encryption Password
export TF_VAR_persistent_passphrase="your_password"
$env:TF_VAR_persistent_passphrase="your_password"

SNMP Secure Variables

Use the following environment variables, based on your deployment, for SNMP Settings. There are 5 values for each variable type. This allows for creating up to 5 snmp users or 5 community strings. You only need to configure these variables if you want to use them. For instance you want to add an SNMP user with AuthPriv. You would configure snmp_auth_password_1 and snmp_privacy_password_1. The rest can be unused unless you were going to configure 5 different SNMP users with different passwords. The same holds true with community strings.

  • SNMP User Passwords
export TF_VAR_snmp_auth_password_1="your_password"
export TF_VAR_snmp_auth_password_2="your_password"
export TF_VAR_snmp_auth_password_3="your_password"
export TF_VAR_snmp_auth_password_4="your_password"
export TF_VAR_snmp_auth_password_5="your_password"
export TF_VAR_snmp_privacy_password_1="your_password"
export TF_VAR_snmp_privacy_password_2="your_password"
export TF_VAR_snmp_privacy_password_3="your_password"
export TF_VAR_snmp_privacy_password_4="your_password"
export TF_VAR_snmp_privacy_password_5="your_password"
$env:TF_VAR_snmp_auth_password_1="your_password"
$env:TF_VAR_snmp_auth_password_2="your_password"
$env:TF_VAR_snmp_auth_password_3="your_password"
$env:TF_VAR_snmp_auth_password_4="your_password"
$env:TF_VAR_snmp_auth_password_5="your_password"
$env:TF_VAR_snmp_privacy_password_1="your_password"
$env:TF_VAR_snmp_privacy_password_2="your_password"
$env:TF_VAR_snmp_privacy_password_3="your_password"
$env:TF_VAR_snmp_privacy_password_4="your_password"
$env:TF_VAR_snmp_privacy_password_5="your_password"
  • SNMP Communities
export TF_VAR_access_community_string_1="your_community"
export TF_VAR_access_community_string_2="your_community"
export TF_VAR_access_community_string_3="your_community"
export TF_VAR_access_community_string_4="your_community"
export TF_VAR_access_community_string_5="your_community"
export TF_VAR_snmp_trap_community_1="your_community"
export TF_VAR_snmp_trap_community_2="your_community"
export TF_VAR_snmp_trap_community_3="your_community"
export TF_VAR_snmp_trap_community_4="your_community"
export TF_VAR_snmp_trap_community_5="your_community"
$env:TF_VAR_access_community_string_1="your_community"
$env:TF_VAR_access_community_string_2="your_community"
$env:TF_VAR_access_community_string_3="your_community"
$env:TF_VAR_access_community_string_4="your_community"
$env:TF_VAR_access_community_string_5="your_community"
$env:TF_VAR_snmp_trap_community_1="your_community"
$env:TF_VAR_snmp_trap_community_2="your_community"
$env:TF_VAR_snmp_trap_community_3="your_community"
$env:TF_VAR_snmp_trap_community_4="your_community"
$env:TF_VAR_snmp_trap_community_5="your_community"

Execute the Terraform Plan

Once all Variables have been imported into your environment, run the plan in the tfe folder:

Terraform Cloud

When running in Terraform Cloud with VCS Integration the first Plan will need to be run from the UI but subsiqent runs should trigger automatically

Terraform CLI

  • Execute the Plan
terraform plan -out=main.plan
terraform apply main.plan

When run, this module will Create the Terraform Cloud Workspace(s) and Assign the Variables to the workspace(s).

Requirements

Name Version
tfe 0.25.3

Providers

No providers.

Modules

Name Source Version
sensitive_intersight_variables terraform-cisco-modules/modules/tfe//modules/tfc_variables 0.6.2
sensitive_server_variables terraform-cisco-modules/modules/tfe//modules/tfc_variables 0.6.2
sensitive_snmp_variables terraform-cisco-modules/modules/tfe//modules/tfc_variables 0.6.2
workspaces terraform-cisco-modules/modules/tfe//modules/tfc_workspace 0.6.2

Resources

No resources.

Inputs

Name Description Type Default Required
access_community_string_1 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_2 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_3 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_4 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_5 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
apikey Intersight API Key. string n/a yes
binding_parameters_password The password of the user for initial bind process. It can be any string that adheres to the following constraints. It can have character except spaces, tabs, line breaks. It cannot be more than 254 characters. string "" no
ipmi_key_1 Encryption key to use for IPMI communication. It should have an even number of hexadecimal characters and not exceed 40 characters. string "" no
local_user_password_1 Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. string "" no
local_user_password_2 Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. string "" no
local_user_password_3 Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. string "" no
local_user_password_4 Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. string "" no
local_user_password_5 Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. string "" no
secretkey Intersight Secret Key. string n/a yes
secure_passphrase Secure passphrase to be applied on the Persistent Memory Modules on the server. The allowed characters are a-z, A to Z, 0-9, and special characters =, !, &, #, $, %, +, ^, @, _, *, -. string "" no
snmp_auth_password_1 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_2 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_3 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_4 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_5 SNMPv3 User Authentication Password. string "" no
snmp_privacy_password_1 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_2 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_3 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_4 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_5 SNMPv3 User Privacy Password. string "" no
snmp_trap_community_1 Community for a Trap Destination. string "" no
snmp_trap_community_2 Community for a Trap Destination. string "" no
snmp_trap_community_3 Community for a Trap Destination. string "" no
snmp_trap_community_4 Community for a Trap Destination. string "" no
snmp_trap_community_5 Community for a Trap Destination. string "" no
terraform_cloud_token Token to Authenticate to the Terraform Cloud. string n/a yes
terraform_version Terraform Target Version. string "1.0.3" no
tfc_oauth_token Terraform Cloud OAuth Token for VCS_Repo Integration. string n/a yes
tfc_organization Terraform Cloud Organization Name. string n/a yes
trap_community_string_1 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
trap_community_string_2 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
trap_community_string_3 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
trap_community_string_4 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
trap_community_string_5 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
vcs_repo Version Control System Repository. string n/a yes
workspaces Map of Workspaces to create in Terraform Cloud.
key - Name of the Workspace to Create.
* allow_destroy_plan - Default is true.
* auto_apply - Defualt is false. Automatically apply changes when a Terraform plan is successful. Plans that have no changes will not be applied. If this workspace is linked to version control, a push to the default branch of the linked repository will trigger a plan and apply.
* branch - Default is "master". The repository branch that Terraform will execute from. Default to master.
* description - A Description for the Workspace.
* global_remote_state - Whether the workspace allows all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state (remote_state_consumer_ids)..
* queue_all_runs - needs description.
* remote_state_consumer_ids - The set of workspace IDs set as explicit remote state consumers for the given workspace.
* working_directory - The Directory of the Version Control Repository that contains the Terraform code for UCS Domain Profiles for this Workspace.
* workspace_type - What Type of Workspace will this Create. Options are:
- chassis
- domain
- pool
- server
- vlan
map(object(
{
allow_destroy_plan = optional(bool)
auto_apply = optional(bool)
branch = optional(string)
description = optional(string)
global_remote_state = optional(bool)
queue_all_runs = optional(bool)
remote_state_consumer_ids = optional(list(string))
speculative_enabled = optional(bool)
working_directory = string
workspace_type = string
}
))
{
"default": {
"allow_destroy_plan": true,
"auto_apply": false,
"branch": "master",
"description": "",
"global_remote_state": false,
"queue_all_runs": false,
"remote_state_consumer_ids": [],
"speculative_enabled": true,
"working_directory": "",
"workspace_type": ""
}
}
no

Outputs

Name Description
workspaces Terraform Cloud Workspace IDs and Names.
View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.