We begin a new year with a new Terraform VMware Cloud Director Provider release – 3.5.0 with support for tenant operations for the NSX-T Advanced Load Balancer (ALB) and many other features. (Note: the provider part of the ALB has been introduced in the previous release.)
Additional way of connecting to VCD with API Token
VCD 10.3.1 adds the capability of generating an API access token for provider and tenant. These tokens cannot be used directly to authenticate against a VCD: users should first exchange the token for a bearer token using a REST API call and then connect as usual with the new token. The VCD Terraform plugin 3.5.0, however, makes things simpler by exchanging the API token for a bearer token and use it transparently. All users need to do is providing the following in the provider
block:
1 2 3 4 5 6 7 8 |
provider "vcd" { user = "none" password = "none" api_token = "NsqWSrgFCHFWMdZJO1t3hmt9SwlOajAJ" # token received from administrator auth_type = "api_token" # [...] } |
Ability to set Lease for a vApp
The vcd_vapp
resource and corresponding data source add the ability of setting the lease period for run time and storage. The lease is indicated in seconds. A lease of 0
means that the vApp takes the default lease as it was set in the parent organization.
1 2 3 4 5 6 7 8 9 |
resource "vcd_vapp" "my-vapp" { name = "my-vapp" # [...] lease { runtime_lease_in_sec = 60 * 60 * 24 * 30 # extends the runtime lease to 30 days storage_lease_in_sec = 60 * 60 * 24 * 7 # extends the storage lease to 7 days } } |
Initial VDC Group support
This release adds ability for providers and Org users (with certain rights) to create and manage NSX-T VDC Groups. Here is a quick example on how to configure one using Terraform:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
data "vcd_org_vdc" "startVdc" { name = "existingVdc" } data "vcd_org_vdc" "additionalVdc" { name = "oneMoreVdc" } resource "vcd_vdc_group" "new-vdc-group" { org = "myOrg" name = "newVdcGroup" description = "my description" starting_vdc_id = data.vcd_org_vdc.startVdc.id participating_vdc_ids = [data.vcd_org_vdc.startVdc.id, data.vcd_org_vdc.additionalVdc.id] dfw_enabled = true default_policy_status = true } |
Only System Administrator and Org Users with rights View VDC Group, Configure VDC Group, vDC Group: Configure Logging, Organization vDC Distributed Firewall: Enable/Disable can manage VDC groups using this resource.
NSX-T Advanced Load Balancer
Terraform provider VCD release 3.4.0 introduced resources to configure NSX-T ALB infrastructure for
providers. The latest release 3.5.0 continued to evolve the NSX-T ALB support, but this time it focused
on NSX-T Edge Gateway side of configuration. It is now complete with 4 new resources and data sources in 3.5.0:
- vcd_nsxt_alb_settings
- vcd_nsxt_alb_edgegateway_service_engine_group
- vcd_nsxt_alb_pool
- vcd_nsxt_alb_virtual_service
vcd_nsxt_alb_settings
and vcd_nsxt_alb_edgegateway_service_engine_group
still require provider
interaction to enable ALB on a particular Edge Gateway, but vcd_nsxt_alb_pool
and vcd_nsxt_alb_virtual_service
are made for tenants and this is where actual load balancer configuration happens.
Have a look at a new page in our Guides section dedicated for NSX-T ALB for a complete
overview and example.
Here is a brief example demonstrating how tenants can define an NSX-T ALB Pool and then consume it
in virtual service:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
data "vcd_nsxt_edgegateway" "existing" { org = "my-org" vdc = "nsxt-vdc" name = "nsxt-gw" } data "vcd_nsxt_alb_edgegateway_service_engine_group" "assigned" { org = "my-org" vdc = "nsxt-vdc" edge_gateway_id = data.vcd_nsxt_edgegateway.existing.id # This name comes from prerequisite setup (can be looked up in the UI by tenants) service_engine_group_name = "assigned-service-engine-group-name" } resource "vcd_nsxt_alb_pool" "test" { org = "my-org" vdc = "nsxt-vdc" name = "first-pool" edge_gateway_id = data.vcd_nsxt_edgegateway.existing.id default_port = "9000" member { ip_address = "192.168.1.1" } } resource "vcd_nsxt_alb_virtual_service" "test" { org = "my-org" vdc = "nsxt-vdc" name = "first-virtual-service" edge_gateway_id = data.vcd_nsxt_edgegateway.existing.id pool_id = vcd_nsxt_alb_pool.test.id service_engine_group_id = data.vcd_nsxt_alb_edgegateway_service_engine_group.assigned.service_engine_group_id virtual_ip_address = tolist(data.vcd_nsxt_edgegateway.existing.subnet)[0].primary_ip application_profile_type = "HTTP" service_port { start_port = 80 type = "TCP_PROXY" } } |
Ability to configure Certificates
Certificates in the Certificates library can be used when creating secured services.
This is how easy it is to add one:
1 2 3 4 5 6 7 8 9 |
resource "vcd_library_certificate" "new-certificate" { org = "myOrg" alias = "SAML certificate" description = "my description" certificate = file("/home/user/cert.pem") private_key = file("/home/user/key.pem") private_key_passphrase = "passphrase" } |
Please see examples how to reference them in the new Load Balancer resources here:
More information
As usual, there is more than that – please see complete changelog for the full picture.
Also, documentation:
https://registry.terraform.io/providers/vmware/vcd/latest/docs
And, as always with the new Terraform VCD Provider release, we have released a new version of the govcd library (Go language library for VCD). If you’re developing a VCD client with Go, please update:
https://github.com/vmware/go-vcloud-director/releases/tag/v2.14.0
https://github.com/vmware/go-vcloud-director/blob/v2.14.0/CHANGELOG.md