Posted by The next release of Terraform’s NSX-T provider will add support for the NSX-T policy API. I know many people (including myself) have been waiting for this so it’s kind of a big thing within that space.
While the new NSX-T provider is not released yet (it’s still being tested), the source code is available on GitHub and can be compiled by anybody that wants to play around with the new functionality.
In today’s article I’ll do a quick demonstration of how to build a piece of NSX-T infrastructure using the new Terraform NSX-T provider leveraging the policy API.
Diagram
The diagram below shows the NSX-T infrastructure we’re going to deploy:
To keep things simple we will focus on building the NSX-T infrastructure for the tenant: A Tier-1 gateway and three connected segments.
The “Provider” infrastructure is already in place. Let’s get started!
Terraform files
The following files are used for this deployment:
\❯ tree ├── main.tf ├── terraform.tfvars ├── variables.tf
I’ve uploaded them to GitHub in case you want to have a look.
- main.tf – contains the instructions that will build the NSX-T infrastructure
- terraform.tfvars – contains the values for variables used
- variables.tf – contains the variable definitions
Let’s have a quick look at some of the content in main.tf.
The Tier-1 gateway resource is defined like this:
#
# Create Tier-1 Gateway
#
resource "nsxt_policy_tier1_gateway" "tier1-01" {
description = "Tier-1 gateway created by Terraform"
display_name = "tf-tier-1"
edge_cluster_path = data.nsxt_policy_edge_cluster.edge_cluster-01.path
tier0_path = data.nsxt_policy_tier0_gateway.tier0_gateway.path
enable_standby_relocation = "false"
enable_firewall = false
failover_mode = "NON_PREEMPTIVE"
route_advertisement_types = [
"TIER1_LB_VIP",
"TIER1_NAT",
"TIER1_CONNECTED",
"TIER1_STATIC_ROUTES"]
#
#
As you can see we define the resource as “nsxt_policy_tier1_gateway”. This instructs Terraform’s NSX-T provider that the object is to be created/managed using the NSX-T policy API.
The same goes for segments which are defined as “nsxt_policy_segment”:
#
# Create segment web
#
resource "nsxt_policy_segment" "segment1" {
description = "Web segment"
display_name = "tf-web"
transport_zone_path = data.nsxt_policy_transport_zone.overlay_tz.path
connectivity_path = nsxt_policy_tier1_gateway.tier1-01.path
subnet {
cidr = "172.16.1.1/24"
}
tag {
scope = var.nsx_tag_scope
tag = var.nsx_tag
}
tag {
scope = "tier"
tag = "web"
}
}
#
#
Terraform plan
Time to run a “terraform plan” which does a sanity check of our code and generates an execution plan:
terraform plan
According to the execution plan four new objects will be added which seems to be correct (one Tier-1 and three segments).
Terraform apply
With an execution plan in place we can continue with applying it. This effectively creates the NSX-T infrastructure as defined in main.tf:
terraform apply
No issues here. Terraform tells us that the 4 resources have been added.
Verify
See is believe so let’s have a look in NSX Manager’s simplified UI:
The Tier-1 gateway is indeed there. Connected to the Tier-0 and all.
And there are the three segments connected to the Tier-1 with subnets defined. It seems that Terraform was successful in deploying our small tenant infrastructure.
Summary
This looks promising. I’ve always liked Terraform and now that it (soon officially) supports the NSX-T policy API it might very well become my go-to tool for managing NSX-T infrastructure.
Thanks for reading.
rutgerblom.com 
One comment