Terraform VMC provider update with SDDC Grouping

-

Gilles Chekroun

Lead VMware Cloud on AWS Solutions Architect
---

With the recent release of VMC terraform provider 1.12, we have now the SDDC Grouping function that will allow us to create SDDC group and attach SDDC.

Code example

/*==============
SDDC Group
===============*/

resource "vmc_sddc_group" "TF_Group" {
    name            = "TF_Group"
    description     = "SDDC Group Terraform"
    sddc_member_ids = [vmc_sddc.Terraform_SDDC1.id]
}

Just add the sddc_group resource. Give it a name and description and a list of SDDCs you want to attach. Here only one.

Add some outputs you want to get like:
output "vTGW_ID"                    {value = vmc_sddc_group.TF_Group.tgw_id}
output "vTGW_Region"                {value = vmc_sddc_group.TF_Group.tgw_region}

terraform apply

Terraform will perform the following actions:


  # module.SDDC.vmc_sddc_group.TF_Group will be created

  + resource "vmc_sddc_group" "TF_Group" {

      + creator                          = (known after apply)

      + deleted                          = (known after apply)

      + description                      = "SDDC Group Terraform"

      + dxgw_allowed_prefixes            = (known after apply)

      + dxgw_id                          = (known after apply)

      + dxgw_owner                       = (known after apply)

      + dxgw_status                      = (known after apply)

      + external_tgw_configured_prefixes = (known after apply)

      + external_tgw_id                  = (known after apply)

      + external_tgw_owner               = (known after apply)

      + external_tgw_region              = (known after apply)

      + id                               = (known after apply)

      + name                             = "TF_Group"

      + org_id                           = (known after apply)

      + sddc_member_ids                  = [

          + "1c64119c-2166-465c-99b0-24a22c8b63b3",

        ]

      + tgw_id                           = (known after apply)

      + tgw_region                       = (known after apply)

      + timestamp                        = (known after apply)

      + vpc_attachment_status            = (known after apply)

      + vpc_aws_account                  = (known after apply)

      + vpc_ram_share_id                 = (known after apply)


      + vpc_attachments {

          + attach_id           = (known after apply)

          + configured_prefixes = (known after apply)

          + state               = (known after apply)

          + vpc_id              = (known after apply)

        }

    }


Plan: 1 to add, 0 to change, 0 to destroy.


Changes to Outputs:

  + vTGW_ID     = (known after apply)

  + vTGW_Region = (known after apply)


Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.


  Enter a value: 



Note the various parameters we will get after deployment. Enter YES.

module.SDDC.vmc_sddc_group.TF_Group: Creating...

module.SDDC.vmc_sddc_group.TF_Group: Still creating... [10s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Still creating... [20s elapsed]


It will take about 4 to 5 mins to create the vTGW and attach the SDDC to it.

module.SDDC.vmc_sddc_group.TF_Group: Still creating... [4m0s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Still creating... [4m10s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Creation complete after 4m15s [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3]


Apply complete! Resources: 1 added, 0 changed, 0 destroyed.


Outputs:


Windows_IP = "35.xxx.xxx.xxx"

cloud_password = <sensitive>

cloud_username = "cloudadmin@vmc.local"

nsxt_cloudadmin = "cloud_admin"

nsxt_cloudadmin_password = <sensitive>

nsxt_private_IP = "10.xx.xx.xx"

proxy_url = "nsx-34-xx-xx-xx.rp.vmwarevmc.com/vmc/reverse-proxy/api/orgs/7421a286-f7bf-xxxx-xxxx-779b83d75fb5/sddcs/1c64119c-xxxx-xxxx-99b0-24a22c8b63b3"

sddc_subnet = "subnet-0cccxxxxxx"

vTGW_ID = "tgw-039c8eab775398450"

vTGW_Region = "us-west-2"

vc_public_IP = "34.xxx.xxx.xxx"

vc_url = "vcenter.sddc-34-xxx-xxx-xxx.vmwarevmc.com"

VMC Console

SDDC Group Tab inventory


TF_Group details


Terraform show

# module.SDDC.vmc_sddc_group.TF_Group:

resource "vmc_sddc_group" "TF_Group" {

    creator         = "gchekroun@vmware.com"

    deleted         = false

    description     = "SDDC Group Terraform"

    id              = "1ed64cde-da72-623e-b5d3-29ff705e3ff3"

    name            = "TF_Group"

    org_id          = "7421a286-f7bf-4f34-8567-779b83d75fb5"

    sddc_member_ids = [

        "1c64119c-2166-465c-99b0-24a22c8b63b3",

    ]

    tgw_id          = "tgw-039c8eab775398450"

    tgw_region      = "us-west-2"

    timestamp       = "2022-11-15T10:11:53.652809Z"

}


Note the Group ID, SDDC ID, ORG ID and vTGW ID and Region parameters

Removing SDDC

Clear or comment the SDDC Group code and outputs

Terraform will perform the following actions:


  # module.SDDC.vmc_sddc_group.TF_Group will be destroyed

  # (because vmc_sddc_group.TF_Group is not in configuration)

  - resource "vmc_sddc_group" "TF_Group" {

      - creator         = "gchekroun@vmware.com" -> null

      - deleted         = false -> null

      - description     = "SDDC Group Terraform" -> null

      - id              = "1ed64cde-da72-623e-b5d3-29ff705e3ff3" -> null

      - name            = "TF_Group" -> null

      - org_id          = "7421a286-f7bf-4f34-8567-779b83d75fb5" -> null

      - sddc_member_ids = [

          - "1c64119c-2166-465c-99b0-24a22c8b63b3",

        ] -> null

      - tgw_id          = "tgw-039c8eab775398450" -> null

      - tgw_region      = "us-west-2" -> null

      - timestamp       = "2022-11-15T10:11:53.652809Z" -> null

    }


Plan: 0 to add, 0 to change, 1 to destroy.


Changes to Outputs:

  - vTGW_ID     = "tgw-039c8eab775398450" -> null

  - vTGW_Region = "us-west-2" -> null


Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.


  Enter a value: 



module.SDDC.vmc_sddc_group.TF_Group: Destroying... [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3]

module.SDDC.vmc_sddc_group.TF_Group: Still destroying... [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3, 10s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Still destroying... [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3, 20s elapsed]



After 4 - 5 mins the SDDC Group is deleted

module.SDDC.vmc_sddc_group.TF_Group: Still destroying... [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3, 4m0s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Still destroying... [id=1ed64cde-da72-623e-b5d3-29ff705e3ff3, 4m10s elapsed]

module.SDDC.vmc_sddc_group.TF_Group: Destruction complete after 4m12s


Apply complete! Resources: 0 added, 0 changed, 1 destroyed.



We will plan to add more features in the future.

Thanks for reading.

Comments

Post a Comment

Populars

Egress VPC and AWS Transit Gateway (Part1)

-
Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
Read more

Build a VMware Cloud on AWS Content Library using AWS S3

-
Image
Gilles Chekroun Lead NSX Systems Engineer - VMware Europe --- What is a Content Library? DISCLAIMER: External content libraries are not supported by VMware GSS ! vSphere Content Library is a repository where you can store VM templates, vApp templates and other kind of files like ISO.  Administrators can use the templates to deploy VMs and vApps. Each item library can contain multiple files. The basis is  .ovf   together with the description files like .mf and .vmdk If you have .ova files, you can simply un-compress them using the linux command:  tar -xvf SomeFile.ova There are two kind of Libraries: Local and Subscribed. Local Library Local Library stores items in a single vCenter. VM and vApp templates are stored as OVF file format. Subscribed Library You can create a Subscribed Library in the same vCenter and to ensure the content is up-to-date, the library can automatically sync with the source on a regular basis. You can also use the option to download co
Read more

AWS Transitive routing with Transit Gateways in the same region

-
Image
Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
Read more