Skip to content

This project is a Terraform module that creates an Avi (NSX ALB) Controller on vSphere. This module can create all of the day 0 Cloud prerequisites (IAM, networks, Firewall policy), initial Avi configuration, and additional configuration for GSLB, DNS, and IPAM/DNS profiles.

License

Notifications You must be signed in to change notification settings

vmware/terraform-vsphere-avi-alb-deployment-vsphere

Avi Load Balancer Controller Deployment on vSphere Terraform module

This Terraform module creates and configures an Avi Advanced Load-Balancer Controller on vSphere

Module Functions

The module is meant to be modular and can create all or none of the prerequiste resources needed for the Avi vSphere Deployment including:

  • vSphere Roles for Avi (optional with create_role variable)
  • vSphere virtual machines for Avi Controller(s)
  • Cluster Anti-Affinity rules for HA Avi Controller Deployment

During the creation of the Controller instance the following initialization steps are performed:

  • Change default password to user specified password
  • Copy Ansible playbook to controller using the assigned IP Address
  • Run Ansible playbook to configure initial settings for a vCenter or NSX Full Access Cloud

Optionally the following Avi configurations can be created:

  • Avi IPAM Profile (configure_ipam_profile variable)
  • Avi DNS Profile (configure_dns_profile variable)
  • DNS Virtual Service (configure_dns_vs variable)

Environment Requirements

vSphere

The following are vSphere prerequisites for running this module:

  • vSphere Account with permissions to create VMs and any other vSphere resources created by this module
  • Port Groups indentified for Management

vSphere Authentication

For authenticating to vSphere both the vsphere_username and vsphere_password variables will be used. The credentials must have the following permissions in vSphere:

By default this module will use the same credentials (vsphere_username and vsphere_password) for the Avi Controller to connect to vCenter and deploy resources. To change this behavior set the "vsphere_avi_user" and "vsphere_avi_password" variables.

Controller Image

The AVI Controller image for vSphere should be uploaded to a vSphere Content Library before running this module with the content library name and image name specified in the respective content_library and vm_template variables.

Host OS

The following packages must be installed on the host operating system:

  • curl

Usage

vCenter Full Access Cloud Deployment

terraform {
  backend "local" {
  }
}
provider "vsphere" {
  user                 = "administrator@vsphere.local"
  password             = "PASSWORD"
  vsphere_server       = "URLorIP"
  allow_unverified_ssl = true
}
module "avi-controller-vsphere" {
  source  = "slarimore02/avi-controller-vsphere/vsphere"
  version = "1.0.x"
  
  controller_default_password = "PASSWORD"
  avi_version                 = "22.1.2"
  controller_password         = "NEWPASSWORD"
  controller_ha               = "true"
  create_roles                = "true"
  vsphere_datacenter          = "DATACENTER"
  content_library             = "CONTENT_LIBRARY_NAME"
  vm_template                 = "controller-22.1.2"
  vm_datastore                = "DATASTORE"
  name_prefix                 = "PREFIX"
  dns_servers                 = [{ addr = "8.8.4.4", type = "V4" }, { addr = "8.8.8.8", type = "V4" }]
  dns_search_domain           = "vmware.com"
  ntp_servers                 = [{ "addr": "0.us.pool.ntp.org","type": "DNS" },{ "addr": "1.us.pool.ntp.org","type": "DNS" },{ "addr": "2.us.pool.ntp.org", "type": "DNS" },{ "addr": "3.us.pool.ntp.org", "type": "DNS" }]
  se_mgmt_portgroup           = "SE_PORTGROUP"
  se_mgmt_network             = { network = "192.168.110.0/24", gateway = "192.168.110.1", type = "V4", static_pool = ["192.168.110.100", "192.168.110.200"] }
  controller_mgmt_portgroup   = "MGMT_PORTGROUP"
  compute_cluster             = "CLUSTER"
  vm_folder                   = "FOLDER"
  vsphere_user                = "USERNAME"
  vsphere_avi_user            = "USERNAME"
  vsphere_avi_password        = "PASSWORD"
  vsphere_password            = "PASSWORD"
  vsphere_server              = "VCENTER_ADDRESS"
  controller_ip               = ["192.168.110.10"]
  controller_netmask          = "24"
  controller_gateway          = "192.168.110.1"
  configure_ipam_profile      = { enabled = "true", networks = [{ portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4", static_pool = ["100.64.220.20", "100.64.220.45"] }]
  configure_dns_profile       = { enabled = "true", usable_domains = ["domain.net"] }
  configure_dns_vs            = { enabled = "true", auto_allocate_ip = "true", vs_ip = "", portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4" }
}


output "controllers" {
  value = module.avi-controller-vsphere.controllers
}

NSX Full Access Cloud Deployment

terraform {
  backend "local" {
  }
}
provider "vsphere" {
  user                 = "administrator@vsphere.local"
  password             = "PASSWORD"
  vsphere_server       = "URLorIP"
  allow_unverified_ssl = true
}
module "avi-controller-vsphere" {
  source  = "slarimore02/avi-controller-vsphere/vsphere"
  version = "1.0.x"
  
  controller_default_password = "PASSWORD"
  avi_version                 = "22.1.2"
  controller_password         = "NEWPASSWORD"
  controller_ha               = "true"
  create_roles                = "true"
  vsphere_datacenter          = "DATACENTER"
  content_library             = "CONTENT_LIBRARY_NAME"
  vm_template                 = "controller-22.1.2"
  vm_datastore                = "DATASTORE"
  name_prefix                 = "PREFIX"
  dns_servers                 = [{ addr = "8.8.4.4", type = "V4" }, { addr = "8.8.8.8", type = "V4" }]
  dns_search_domain           = "vmware.com"
  ntp_servers                 = [{ "addr": "0.us.pool.ntp.org","type": "DNS" },{ "addr": "1.us.pool.ntp.org","type": "DNS" },{ "addr": "2.us.pool.ntp.org", "type": "DNS" },{ "addr": "3.us.pool.ntp.org", "type": "DNS" }]
  se_mgmt_portgroup           = "SE_PORTGROUP"
  se_mgmt_network             = { network = "192.168.110.0/24", gateway = "192.168.110.1", type = "V4", static_pool = ["192.168.110.100", "192.168.110.200"] }
  controller_mgmt_portgroup   = "MGMT_PORTGROUP"
  compute_cluster             = "CLUSTER"
  vm_folder                   = "FOLDER"
  vsphere_user                = "USERNAME"
  vsphere_avi_user            = "USERNAME"
  vsphere_avi_password        = "PASSWORD"
  vsphere_password            = "PASSWORD"
  vsphere_server              = "VCENTER_ADDRESS"
  nsx_password                = "PASSWORD"
  configure_nsx_cloud         = { enabled = true, username = "admin", nsx_mgr_url = "IP or DOMAIN_NAME", mgmt_segment = { name = "avi-mgmt", t1_name = "t1-gateway-mgmt"}, mgmt_tz = { id = "1b3a2f36-bfd1-443e-a0f6-4de01abc963e", type = "OVERLAY"}, data_tz = { id = "1b3a2f36-bfd1-443e-a0f6-4de01abc963e", type = "OVERLAY"}, data_segments = [{ segment_name = "Avi-VIP-Segment", t1_name = "t1-avi-virtual-services" }] }
  configure_nsx_vcenter       = [{ name = "nsx-vsphere1", url = "IP or DOMAIN_NAME", content_library = "avi"}]
  controller_ip               = ["192.168.110.10"]
  controller_netmask          = "24"
  controller_gateway          = "192.168.110.1"
  configure_ipam_profile      = { enabled = "true", networks = [{ portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4", static_pool = ["100.64.220.20", "100.64.220.45"] }]
  configure_dns_profile       = { enabled = "true", usable_domains = ["domain.net"] }
  configure_dns_vs            = { enabled = "true", auto_allocate_ip = "true", vs_ip = "", portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4" }
}


output "controllers" {
  value = module.avi-controller-vsphere.controllers
}

GSLB Deployment

For GSLB to be configured successfully the configure_gslb and configure_dns_vs variables must be configured. By default a new Service Engine Group (g-dns) and user (gslb-admin) will be created for the configuration.

The following is a description of the configure_gslb variable parameters and their usage:

Parameter Description Type
enabled Must be set to "true" for Active GSLB sites bool
leader Must be set to "true" for only one GSLB site that will be the leader bool
site_name Name of the GSLB site string
domains List of GSLB domains that will be configured list(string)
create_se_group Determines whether a g-dns SE group will be created bool
se_size The CPU, Memory, Disk Size of the Service Engines. The default is 2 vCPU, 8 GB RAM, and a 30 GB Disk per Service Engine list(number)
additional_sites Additional sites that will be configured. This parameter should only be set for the primary GSLB site string

The example below shows a GSLB deployment with 2 regions utilized.

terraform {
  backend "local" {
  }
}
provider "vsphere" {
  user                 = "administrator@vsphere.local"
  password             = "PASSWORD"
  vsphere_server       = "URLorIP"
  allow_unverified_ssl = true
  alias                = "west"
}
provider "vsphere" {
  user                 = "administrator@vsphere.local"
  password             = "PASSWORD"
  vsphere_server       = "URLorIP"
  allow_unverified_ssl = true
  alias                = "east"
}
module "avi_controller_west" {
  source  = "slarimore02/avi-controller-vsphere/vsphere"
  version = "1.0.x"
  providers = {
    vsphere = vsphere.west
  }
  
  controller_default_password     = "PASSWORD"
  avi_version                     = "22.1.2"
  controller_password             = "NEWPASSWORD"
  controller_ha                   = "true"
  create_roles                    = "true"
  vsphere_datacenter              = "DATACENTER"
  content_library                 = "CONTENT_LIBRARY_NAME"
  vm_template                     = "controller-22.1.2"
  vm_datastore                    = "DATASTORE"
  name_prefix                     = "PREFIX"
  dns_servers                     = [{ addr = "8.8.4.4", type = "V4" }, { addr = "8.8.8.8", type = "V4" }]
  dns_search_domain               = "vmware.com"
  ntp_servers                     = [{ "addr": "0.us.pool.ntp.org","type": "DNS" },{ "addr": "1.us.pool.ntp.org","type": "DNS" },{ "addr": "2.us.pool.ntp.org", "type": "DNS" },{ "addr": "3.us.pool.ntp.org", "type": "DNS" }]
  se_mgmt_portgroup               = "SE_PORTGROUP"
  se_mgmt_network                 = { network = "192.168.110.0/24", gateway = "192.168.110.1", type = "V4", static_pool = ["192.168.110.100", "192.168.110.200"] }
  controller_mgmt_portgroup       = "MGMT_PORTGROUP"
  compute_cluster                 = "CLUSTER"
  vm_folder                       = "FOLDER"
  vsphere_user                    = "USERNAME"
  vsphere_avi_user                = "USERNAME"
  vsphere_avi_password            = "PASSWORD"
  vsphere_password                = "PASSWORD"
  vsphere_server                  = "VCENTER_ADDRESS"
  controller_ip                   = ["192.168.110.10"]
  controller_netmask              = "24"
  controller_gateway              = "192.168.110.1"
  configure_ipam_profile          = { enabled = "true", networks = [{ portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4", static_pool = ["100.64.220.20", "100.64.220.45"] }] }
  configure_dns_profile           = { enabled = "true", usable_domains = ["demowest.net"] }
  configure_dns_vs                = { enabled = "true", auto_allocate_ip = "true", vs_ip = "", portgroup = "PORTGROUP", network = "100.64.220.0/24", type = "V4" }
  configure_gslb                  = { enabled = "true", site_name = "West1", domains = ["gslb.avidemo.net"], additional_sites = [{name = "East1", ip_address_list = module.avi_controller_east.controllers[*].private_ip_address , dns_vs_name = "DNS-VS"}] }
}

module "avi_controller_east" {
  source  = "slarimore02/avi-controller-vsphere/vsphere"
  version = "1.0.x"
  providers = {
    vsphere = vsphere.east
  }
  
  controller_default_password = "PASSWORD"
  avi_version                 = "22.1.2"
  controller_password         = "NEWPASSWORD"
  controller_ha               = "true"
  create_roles                = "true"
  vsphere_datacenter          = "DATACENTER"
  content_library             = "CONTENT_LIBRARY_NAME"
  vm_template                 = "controller-22.1.2"
  vm_datastore                = "DATASTORE"
  name_prefix                 = "PREFIX"
  dns_servers                 = [{ addr = "8.8.4.4", type = "V4" }, { addr = "8.8.8.8", type = "V4" }]
  dns_search_domain           = "vmware.com"
  ntp_servers                 = [{ "addr": "0.us.pool.ntp.org","type": "DNS" },{ "addr": "1.us.pool.ntp.org","type": "DNS" },{ "addr": "2.us.pool.ntp.org", "type": "DNS" },{ "addr": "3.us.pool.ntp.org", "type": "DNS" }]
  se_mgmt_portgroup           = "SE_PORTGROUP"
  se_mgmt_network             = { network = "192.168.120.0/24", gateway = "192.168.120.1", type = "V4", static_pool = ["192.168.120.100", "192.168.120.200"] }
  controller_mgmt_portgroup   = "MGMT_PORTGROUP"
  compute_cluster             = "CLUSTER"
  vm_folder                   = "FOLDER"
  vsphere_user                = "USERNAME"
  vsphere_avi_user            = "USERNAME"
  vsphere_avi_password        = "PASSWORD"
  vsphere_password            = "PASSWORD"
  vsphere_server              = "VCENTER_ADDRESS"
  controller_ip               = ["192.168.120.10"]
  controller_netmask          = "24"
  controller_gateway          = "192.168.120.1"
  configure_ipam_profile      = { enabled = "true", networks = [{ portgroup = "PORTGROUP", network = "100.64.230.0/24", type = "V4", static_pool = ["100.64.230.20", "100.64.230.45"] }] }
  configure_dns_profile       = { enabled = "true", usable_domains = ["demoeast.net"] }
  configure_dns_vs            = { enabled = "true", auto_allocate_ip = "true", portgroup = "PORTGROUP", network = "100.64.230.0/24" }
  configure_gslb              =  { enabled = "true", site_name = "East" }
}

output "controllers_west" {
  value = module.avi_controller_west.controllers
}
output "gslb_leader_ip" {
  value = module.avi_controller_west.gslb_ip
}
output "controllers_east" { 
  value = module.avi_controller_east.controllers
}

VMware User Role for Avi

Optionally the vSphere Roles detailed in https://avinetworks.com/docs/latest/vmware-user-role can be created and associated with an vSphere Account. To enable this feature set the create_roles variable to "true". If set to "false" these roles should have already been created and assigned to the account that Avi will use.

When the create_roles variable is set to "true" the following command should be ran to remove the avi_root role and permissions before running a terraform destroy. The avi_root role can be cleaned up manually by navigating to the Administration > Access Control > Roles section and selecting delete for the avi_root role. This is due to a bug in the vSphere provider - hashicorp/terraform-provider-vsphere#1400

terraform state rm vsphere_entity_permissions.avi_root vsphere_role.avi_root

Controller Sizing

The controller_size variable can be used to determine the vCPU and Memory resources allocated to the Avi Controller. There are 3 available sizes for the Controller as documented below:

Size vCPU Cores Memory (GB)
small 6 32
medium 10 32
large 16 48

Additional resources on sizing the Avi Controller:

https://docs.vmware.com/en/VMware-NSX-Advanced-Load-Balancer/30.1/Installation-Guide/GUID-6366FAA5-8FDF-4B0F-B170-1D846B6CAF86.html https://docs.vmware.com/en/VMware-NSX-Advanced-Load-Balancer/30.1/Installation-Guide/GUID-EDCC0BE7-C694-477E-B445-8EAA684792B9.html

Day 1 Ansible Configuration and Avi Resource Cleanup

The module copies and runs an Ansible play for configuring the initial day 1 Avi config. The plays listed below can be reviewed by connecting to the Avi Controller by SSH. In an HA setup the first controller will have these files.

avi-controller-aws-all-in-one-play.yml

This play will configure the Avi Cloud, Network, IPAM/DNS profiles, DNS Virtual Service, GSLB depending on the variables used. The initial run of this play will output into the ansible-playbook.log file which can be reviewed to determine what tasks were ran.

Example run (appropriate variable values should be used):

~$ ansible-playbook avi-controller-aws-all-in-one-play.yml -e password=${var.controller_password} -e aws_access_key_id=${var.aws_access_key} -e aws_secret_access_key=${var.aws_secret_key} > ansible-playbook-run.log

avi-upgrade.yml

This play will upgrade or patch the Avi Controller and SEs depending on the variables used. When ran this play will output into the ansible-playbook.log file which can be reviewed to determine what tasks were ran. This play can be ran during the initial Terraform deployment with the avi_upgrade variable as shown in the example below:

avi_upgrade = { enabled = "true", upgrade_type = "patch", upgrade_file_uri = "URL Copied From portal.avipulse.vmware.com"}

An full version upgrade can be done by changing changing the upgrade_type to "system". It is recommended to run this play in a lower environment before running in a production environment and is not recommended for a GSLB setup at this time.

Example run (appropriate variable values should be used):

~$ ansible-playbook avi-upgrade.yml -e password=${var.controller_password} -e upgrade_type=${var.avi_upgrade.upgrade_type} -e upgrade_file_uri=${var.avi_upgrade.upgrade_file_uri} > ansible-playbook-run.log

avi-cloud-services-registration.yml

This play will register the Controller with Avi Cloud Services. This can be done to enable centralized licensing, live security threat updates, and proactive support. When ran this play will output into the ansible-playbook.log file which can be reviewed to determine what tasks were ran. This play can be ran during the initial Terraform deployment with the register_controller variable as shown in the example below:

register_controller = { enabled = "true", jwt_token = "TOKEN", email = "EMAIL", organization_id = "LONG_ORG_ID" }

The organization_id can be found as the Long Organization ID field from https://console.cloud.vmware.com/csp/gateway/portal/#/organization/info.

The jwt_token can be retrieved at https://portal.avipulse.vmware.com/portal/controller/auth/cspctrllogin.

Example run (appropriate variable values should be used):

~$ ansible-playbook avi-cloud-services-registration.yml -e password=${var.controller_password} -e register_controller.jwt_token=${var.register_controller.jwt_token} > ansible-playbook-run.log

avi-cleanup.yml

This play will disable all Virtual Services, delete all existing Avi service engines, and de-register the controller from Cloud Services. This playbook should be ran before deleting the controller with terraform destroy to clean up the resources created by the Avi Controller. Note that additional items created by the controller may be created and need to be manually removed.

Example run (appropriate variable values should be used and -e register_controller.jwt_token is only needed when register_controller.enabled is set to true):

~$ ansible-playbook avi-cleanup.yml -e password=${var.controller_password} -e register_controller.jwt_token=${var.register_controller.jwt_token}

Contributing

The terraform-vsphere-avi-alb-deployment-vsphere project team welcomes contributions from the community. Before you start working with this project please read and sign our Contributor License Agreement (https://cla.vmware.com/cla/1/preview). If you wish to contribute code and you have not signed our Contributor Licence Agreement (CLA), our bot will prompt you to do so when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. For more detailed information, refer to CONTRIBUTING.md.

Requirements

Name Version
terraform >= 1.3.0
null 3.1.1
vsphere ~> 2.2.0

Providers

Name Version
null 3.1.1
vsphere 2.2.0

Modules

No modules.

Resources

Name Type
null_resource.ansible_provisioner resource
vsphere_compute_cluster_vm_anti_affinity_rule.avi resource
vsphere_entity_permissions.avi_folder resource
vsphere_entity_permissions.avi_root resource
vsphere_folder.avi resource
vsphere_role.avi_folder resource
vsphere_role.avi_root resource
vsphere_role.nsx_avi_folder resource
vsphere_role.nsx_avi_global resource
vsphere_virtual_machine.avi_controller resource
vsphere_compute_cluster.avi data source
vsphere_content_library.library data source
vsphere_content_library_item.item data source
vsphere_datacenter.dc data source
vsphere_datastore.datastore data source
vsphere_folder.root data source
vsphere_network.avi data source
vsphere_resource_pool.pool data source

Inputs

Name Description Type Default Required
avi_upgrade This variable determines if a patch upgrade is performed after install. The enabled key should be set to true and the url from the Avi Cloud Services portal for the should be set for the upgrade_file_uri key. Valid upgrade_type values are patch or system
object({
enabled = bool,
upgrade_type = string,
upgrade_file_uri = string
})
{
"enabled": "false",
"upgrade_file_uri": "",
"upgrade_type": "patch"
}
no
avi_version The version of Avi that will be deployed string n/a yes
boot_disk_size The boot disk size for the Avi controller number 128 no
ca_certificates Import one or more Root or Intermediate Certificate Authority SSL certificates for the controller. The certificate must be in the PEM format and base64 encoded without line breaks. An example command for generating the proper format is 'base64 -w 0 ca.pem > ca.base64'
list(object({
name = string,
certificate = string
}))
[
{
"certificate": "",
"name": ""
}
]
no
cluster_ip Sets the IP address of the Avi Controller cluster. This address must be in the same subnet as the Avi Controller VMs. string null no
compute_cluster The name of the vSphere cluster that the Avi Controllers will be deployed to string null no
configure_controller Configure the Avi Cloud via Ansible after controller deployment. If not set to true this must be done manually with the desired config bool "true" no
configure_dns_profile Configure a DNS Profile for DNS Record Creation for Virtual Services. The usable_domains is a list of domains that Avi will be the Authoritative Nameserver for and NS records may need to be created pointing to the Avi Service Engine addresses. Supported profiles for the type parameter are AWS or AVI
object({
enabled = bool,
type = optional(string, "AVI"),
usable_domains = list(string),
ttl = optional(string, "30"),
aws_profile = optional(object({
iam_assume_role = string,
region = string,
vpc_id = string,
access_key_id = string,
secret_access_key = string
}))
})
{
"enabled": false,
"type": "AVI",
"usable_domains": []
}
no
configure_dns_vs Create Avi DNS Virtual Service. The subnet_name parameter must be an existing AWS Subnet. If the allocate_public_ip parameter is set to true a EIP will be allocated for the VS. The VS IP address will automatically be allocated via the AWS IPAM
object({
enabled = bool,
portgroup = string,
network = string,
auto_allocate_ip = optional(bool, true),
vs_ip = optional(string),
type = optional(string, "V4")
})
{
"enabled": "false",
"network": "",
"portgroup": ""
}
no
configure_gslb Configures GSLB. In addition the configure_dns_vs variable must also be set for GSLB to be configured. See the GSLB Deployment README section for more information.
object({
enabled = bool,
leader = optional(bool, false),
site_name = string,
domains = optional(list(string)),
create_se_group = optional(bool, true),
se_size = optional(list(number), [2, 8, 30]),
additional_sites = optional(list(object({
name = string,
ip_address_list = list(string)
})))
})
{
"domains": [
""
],
"enabled": "false",
"site_name": ""
}
no
configure_ipam_profile Configure Avi IPAM Profile for Virtual Service Address Allocation. Example: { enabled = "true", networks = [{ network = "192.168.1.0/24" , static_pool = ["192.168.1.10","192.168.1.30"]}] }
object({
enabled = bool,
networks = list(object({
portgroup = string,
network = string,
type = string,
static_pool = list(string)
}))
})
{
"enabled": "false",
"networks": [
{
"network": "",
"portgroup": "",
"static_pool": [
""
],
"type": ""
}
]
}
no
configure_nsx_cloud Configure the Cloud type as NSX. The nsx_password and configure_nsx_vcenter variables should also be configured
object({
enabled = bool,
username = string,
nsx_mgr_url = string,
cloud_name = optional(string, "NSX")
mgmt_segment = object({ name = string, t1_name = string }),
mgmt_tz = object({ id = string, type = string }),
data_tz = object({ id = string, type = string }),
data_segments = list(object({ segment_name = string, t1_name = string }))
})
{
"data_segments": [
{
"segment_name": "",
"t1_name": ""
}
],
"data_tz": {
"id": "",
"type": "OVERLAY"
},
"enabled": false,
"mgmt_segment": {
"name": "",
"t1_name": ""
},
"mgmt_tz": {
"id": "",
"type": "OVERLAY"
},
"nsx_mgr_url": "",
"username": ""
}
no
configure_nsx_vcenter Configure the vCenters used for the NSX Cloud configuration. The vsphere_avi_user and vsphere_avi_password variables must also be set and will be used for authenticating to all vCenters configured with this variable
list(object({
name = string,
url = string,
content_library = string
}))
[
{
"content_library": "",
"name": "",
"url": ""
}
]
no
configure_se_mgmt_network When true the se_mgmt_network_address variable must be configured. If set to false, DHCP is enabled on the vSphere portgroup that the Avi Service Engines will use for management. bool "true" no
content_library The name of the Content Library that has the Avi Controller Image string n/a yes
controller_default_password This is the default password for the Avi controller image and can be found in the image download page. string n/a yes
controller_gateway The IP Address of the gateway for the controller mgmt network string n/a yes
controller_ha If true a HA controller cluster is deployed and configured bool "false" no
controller_ip A list of IP Addresses that will be assigned to the Avi Controller(s). For a full HA deployment the list should contain 3 IP addresses. Optionally the cluster_ip variable can be used to specify the IP Address of the cluster. list(string) n/a yes
controller_mgmt_portgroup The vSphere portgroup name that the Avi Controller will use for management string n/a yes
controller_netmask The subnet mask of the controller mgmt network string n/a yes
controller_password The password that will be used authenticating with the Avi Controller. This password be a minimum of 8 characters and contain at least one each of uppercase, lowercase, numbers, and special characters string n/a yes
controller_size This value determines the number of vCPUs and memory allocated for the Avi Controller. Possible values are small, medium, or large. string "small" no
create_roles This variable controls the creation of Avi specific vSphere Roles for the Avi Controller to use. When set to false these roles should already be created and assigned to the vSphere account used by the Avi Controller. bool "false" no
dns_search_domain The optional DNS search domain that will be used by the controller string null no
dns_servers The optional DNS servers that will be used for local DNS resolution by the controller. The server should be a valid IP address (v4 or v6) and valid options for type are V4 or V6. Example: [{ addr = "8.8.4.4", type = "V4"}, { addr = "8.8.8.8", type = "V4"}]
list(object({
addr = string,
type = string
}))
null no
email_config The Email settings that will be used for sending password reset information or for trigged alerts. The default setting will send emails directly from the Avi Controller
object({
smtp_type = string,
from_email = string,
mail_server_name = string,
mail_server_port = string,
auth_username = string,
auth_password = string
})
{
"auth_password": "",
"auth_username": "",
"from_email": "admin@avicontroller.net",
"mail_server_name": "localhost",
"mail_server_port": "25",
"smtp_type": "SMTP_LOCAL_HOST"
}
no
license_key The license key that will be applied when the tier is set to ENTERPRISE with the license_tier variable string "" no
license_tier The license tier to use for Avi. Possible values are ENTERPRISE_WITH_CLOUD_SERVICES or ENTERPRISE string "ENTERPRISE_WITH_CLOUD_SERVICES" no
name_prefix This prefix is appended to the names of the Controller and SEs string n/a yes
nsx_password The NSX Manager password for the user account that will be used for the NSX Cloud configured with the configure_nsx_cloud variable string "" no
ntp_servers The NTP Servers that the Avi Controllers will use. The server should be a valid IP address (v4 or v6) or a DNS name. Valid options for type are V4, DNS, or V6
list(object({
addr = string,
type = string
}))
[
{
"addr": "0.us.pool.ntp.org",
"type": "DNS"
},
{
"addr": "1.us.pool.ntp.org",
"type": "DNS"
},
{
"addr": "2.us.pool.ntp.org",
"type": "DNS"
},
{
"addr": "3.us.pool.ntp.org",
"type": "DNS"
}
]
no
portal_certificate Import a SSL certificate for the controller's web portal. The key and certificate must be in the PEM format and base64 encoded without line breaks. An example command for generating the proper format is 'base64 -w 0 certificate.pem > cert.base64'
object({
key = string,
certificate = string,
key_passphrase = optional(string)
})
{
"certificate": "",
"key": ""
}
no
register_controller If enabled is set to true the controller will be registered and licensed with Avi Cloud Services. The Long Organization ID (organization_id) can be found from https://console.cloud.vmware.com/csp/gateway/portal/#/organization/info. The jwt_token can be retrieved at https://portal.avipulse.vmware.com/portal/controller/auth/cspctrllogin. Optionally the controller name and description used during the registration can be set; otherwise, the name_prefix and configure_gslb.site_name variables will be used.
object({
enabled = bool,
jwt_token = string,
email = string,
organization_id = string,
name = optional(string),
description = optional(string)
})
{
"email": "",
"enabled": "false",
"jwt_token": "",
"organization_id": ""
}
no
se_content_lib_name The name the Content Library used for the SE image. If se_use_content_lib is true and this variable is not set the content_library variable will be used string null no
se_ha_mode The HA mode of the Service Engine Group. Possible values active/active, n+m, or active/standby string "active/active" no
se_mgmt_network This variable configures the SE management network. Example: { network = "192.168.10.0/24" , gateway = "192.168.10.1", type = "V4", static_pool = ["192.168.10.10","192.168.10.30"]}
object({
network = string,
gateway = string,
type = string,
static_pool = list(string)
})
{
"gateway": "",
"network": "",
"static_pool": [
""
],
"type": ""
}
no
se_mgmt_portgroup The vSphere portgroup that the Avi Service Engines will use for management string null no
se_size The CPU, Memory, Disk Size of the Service Engines. The default is 2 vCPU, 4 GB RAM, and a 20 GB Disk per Service Engine. Syntax ["cpu_cores", "memory_in_GB", "disk_size_in_GB"] list(number)
[
2,
4,
20
]
no
se_use_content_lib Determines if a Content Libary will be used to store the Avi SE Image. Only applies to 22.1.1 and above. bool "true" no
securechannel_certificate Import a SSL certificate for the controller's secure channel communication. Only if there is strict policy that requires all SSL certificates to be signed a specific CA should this variable be used otherwise the default generated certificate is recommended. The full cert chain is necessary and can be provided within the certificate PEM file or separately with the ca_certificates variable. The key and certificate must be in the PEM format and base64 encoded without line breaks. An example command for generating the proper format is 'base64 -w 0 certificate.pem > cert.base64'
object({
key = string,
certificate = string,
key_passphrase = optional(string)
})
{
"certificate": "",
"key": ""
}
no
vm_datastore The vSphere Datastore that will back the Avi Controller VMs string n/a yes
vm_folder The folder that the Avi Controller(s) will be placed in. This will be the full path and name of the folder that will be created string n/a yes
vm_resource_pool The Resource Pool that the Avi Controller(s) will be deployed to string "" no
vm_template The name of the Avi Controller Image that is hosted in a Content Library string n/a yes
vsphere_avi_password The password for the user account that will be used for accessing vCenter from the Avi Controller(s) string null no
vsphere_avi_user The user account that will be used for accessing vCenter from the Avi Controller(s) string null no
vsphere_datacenter The vSphere Datacenter that the Avi Controller(s) will be deployed string n/a yes
vsphere_password The password for the user account that will be used for creating vSphere resources string n/a yes
vsphere_server The IP Address or FQDN of the VMware vCenter server string n/a yes
vsphere_user The user account that will be used to create the Avi Controller(s) string n/a yes

Outputs

Name Description
controllers AVI Controller Information
gslb_ip The IP Address of AVI Controller Information

About

This project is a Terraform module that creates an Avi (NSX ALB) Controller on vSphere. This module can create all of the day 0 Cloud prerequisites (IAM, networks, Firewall policy), initial Avi configuration, and additional configuration for GSLB, DNS, and IPAM/DNS profiles.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published