In this demo and blog post I will share how I’m using Terraform to create the segments and IP pools in NSX-T to get started with deploying Edge Nodes and configuring Transport Nodes.
I’m testing a lot of NSX-T features and capabilities in the lab. With coming new releases this amount of testing will increase significantly which requires a lot of redeployment of NSX Components. VMware is working with Terraform on a NSX-T Provider which support Policy UI. This project is currently on Github and is not officially released by Terraform or VMware yet but ready to be used and tested.
I’m using Ansible for deploying the NSX-T Manager, configuring a Compute Manager (vCenter Server), Transport Zones and adding a NSX license in the NSX-Manager UI.
Once this all is done I want to create the following objects with Terraform to get started:
- TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 12
- TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 100
- TEP IP Pool for Geneve TEPs for Transport Nodes in VLAN 200
- VLAN Segment for vSphere VMkernel interfaces (VLAN 11)
- VLAN Segments for Geneve Transport Networks (VLAN 12, 100 and 200)
- VLAN Segment (VLAN 307) for connecting Edge Node Management interface (eth0)
- VLAN Trunk Segments to connect Edge Node DPDK interfaces (fp-eth0 and fp-eth1) for Collapsed Compute + Edge node topology testing.
This is the variables.tf file:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# NSX Manager variable "nsx_manager" { default = "10.10.10.10" } # Username & Password for NSX-T Manager variable "username" { default = "admin" } variable "password" { default = "yourpassword" } |
This is the main.tf file:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# Prerequisites: # 1. Add NSX-T License # Data Sources we need for reference later data "nsxt_policy_transport_zone" "overlay_tz" { display_name = "Overlay-TZ" } data "nsxt_policy_transport_zone" "vlan_tz" { display_name = "VLAN-TZ" } # NSX-T Manager Credentials provider "nsxt" { host = var.nsx_manager username = var.username password = var.password allow_unverified_ssl = true max_retries = 10 retry_min_delay = 500 retry_max_delay = 5000 retry_on_status_codes = [429] } # Create TEP IP Pools resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan12" { display_name = "TEP-IP-Pool-VLAN12" } resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan12" { display_name = "TEP-IP-Pool-VLAN12" pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan12.path cidr = "172.16.12.0/24" gateway = "172.16.12.1" allocation_range { start = "172.16.12.11" end = "172.16.12.100" } } resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan100" { display_name = "TEP-IP-Pool-VLAN100" } resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan100" { display_name = "TEP-IP-Pool-VLAN100" pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan100.path cidr = "192.168.100.0/24" gateway = "192.168.100.1" allocation_range { start = "192.168.100.11" end = "192.168.100.100" } } resource "nsxt_policy_ip_pool" "tep_ip_pool_vlan200" { display_name = "TEP-IP-Pool-VLAN200" } resource "nsxt_policy_ip_pool_static_subnet" "tep_ip_pool_vlan200" { display_name = "TEP-IP-Pool-VLAN200" pool_path = nsxt_policy_ip_pool.tep_ip_pool_vlan200.path cidr = "192.168.200.0/24" gateway = "192.168.200.1" allocation_range { start = "192.168.200.11" end = "192.168.200.100" } } # Create NSX-T VLAN Segments resource "nsxt_policy_vlan_segment" "vlan11" { display_name = "VLAN11" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["11"] } resource "nsxt_policy_vlan_segment" "vlan100" { display_name = "VLAN100" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["100"] } resource "nsxt_policy_vlan_segment" "vlan200" { display_name = "VLAN200" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["200"] } resource "nsxt_policy_vlan_segment" "trunk_a" { display_name = "Trunk-A" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["100", "101", "102", "200"] } resource "nsxt_policy_vlan_segment" "trunk_b" { display_name = "Trunk-B" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["100", "101", "102", "200"] } resource "nsxt_policy_vlan_segment" "vlan307" { display_name = "VLAN307" description = "VLAN Segment created by Terraform" transport_zone_path = data.nsxt_policy_transport_zone.vlan_tz.path vlan_ids = ["307"] } |
https://github.com/terraform-providers/terraform-provider-nsxt
