- Build Workspaces in TFCB to support Infrastructure as Code Provisioning.
- Use Terraform/TFCB to provision Intersight Pools.
- Use Terraform/TFCB to provision Intersight UCS Policies.
- Use Terraform/TFCB to provision UCS Chassis Profiles in IMM Mode.
- Use Terraform/TFCB to provision UCS Domains in IMM Mode.
- Use Terraform/TFCB to provision UCS Server Profiles in IMM Mode.
- Use Terraform/TFCB to provision Operation Systems on Baremetal UCS Servers.
- Fibre-Channel Pools (WWNN/WWPN)
- IP Pools
- IQN Pools
- MAC Pools
- UUID Pools
- Adapter Configuration (Standalone Servers)
- BIOS
- Boot Order
- Certificate Management
- Device Connector
- Ethernet Adapter (vnIC Adapter Policy)
- Ethernet Network (Standalone Servers)
- Ethernet Network Control (CDP/LLDP)
- Ethernet Network Group (VLAN Groups)
- Ethernet QoS (vNIC QoS)
- FC Zone (Fibre-Channel Zoning Policy)
- Fibre Channel Adapter (vHBA Adapter Policy)
- Fibre Channel Network
- Fibre Channel QoS (vHBA QoS)
- Ethernet Network Control (CDP/LLDP)
- Ethernet Network Group (VLAN Groups)
- Flow Control
- IMC Access
- IPMI Over LAN
- iSCSI Adapter
- iSCSI Boot
- iSCSI Static Target
- LAN Connectivity
- LDAP (Standalone Servers)
- Link Aggregation
- Link Control
- Local User
- Multicast
- Network Connectivity (DNS)
- NTP
- Persistent Memory
- Port
- Power
- SAN Connectivity
- SD Card - Depricated
- Serial Over LAN
- SMTP
- SNMP
- SSH
- Storage
- Switch Control
- Syslog
- System QoS
- Thermal
- Virtual KVM
- Virtual Media
- VLAN
- VSAN
- ucs_chassis_profiles
- ucs_domain_profiles
- ucs_server_profiles
-
Sign up for a user account on Intersight.com. You will need at least one Advantage Tier license as well as a Intersight Workload Optimizer license to complete this use case. Log in to intersight.com and generate API/Secret Keys. Both licensing requirements can utilize the available demo licensing if you don't have the subscription levels.
-
Sign up for a TFCB (Terraform for Cloud Business) at https://app.terraform.io/. Log in and generate the User API Key. You will need this when you create the TF Cloud Target in Intersight. If not a paid version, you will need to enable the trial account.
-
Clone this repository to your own VCS Repository for the VCS Integration with Terraform Cloud.
-
Integrate your VCS Repository into the TFCB Orgnization following these instructions: https://www.terraform.io/docs/cloud/vcs/index.html. Be sure to copy the OAth Token which you will use later on for Workspace provisioning.
VERY IMPORTANT NOTE: The Terraform Cloud provider stores terraform state in plain text. Do not remove the .gitignore that is protecting you from uploading the state files to a public repository in this base directory. The rest of the modules don't have this same risk
-
terraform_cloud_token
instructions: https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
-
tfc_oath_token
instructions: https://www.terraform.io/docs/cloud/vcs/index.html
-
tfc_organization (TFCB Organization Name)
-
tfc_email (Must be an Email Assigned to the TFCB Account)
-
agent_pool (The Name of the Agent Pool in the TFCB Account)
-
vcs_repo (The Name of your Version Control Repository. i.e. CiscoDevNet/intersight-tfb-iks)
-
apikey
-
secretkey
instructions: https://community.cisco.com/t5/data-center-documents/intersight-api-overview/ta-p/3651994
Import the Variables into your Environment before Running the Terraform Cloud Provider module(s) in this directory
Modify the terraform.tfvars file to the unique attributes of your environment for your domain and server profiles and policies.
Once finished with the modification commit the changes to your reposotiry.
The Following examples are for a Linux based Operating System. Note that the TF_VAR_ prefix is used as a notification to the terraform engine that the environment variable will be consumed by terraform.
- Terraform Cloud Variables - Linux
export TF_VAR_terraform_cloud_token="your_cloud_token"
export TF_VAR_tfc_oauth_token="your_oath_token"
- Terraform Cloud Variables - Windows
$env:TF_VAR_terraform_cloud_token="your_cloud_token"
$env:TF_VAR_tfc_oauth_token="your_oath_token"
- Intersight apikey and secretkey - Linux
export TF_VAR_apikey="your_api_key"
export TF_VAR_secretkey=`cat ~/Downloads/SecretKey.txt`
- Intersight apikey and secretkey - Windows
$env:TF_VAR_apikey="your_api_key"
$env:TF_VAR_secretkey="$HOME\Downloads\SecretKey.txt"
Use the following environment variable, based on your deployment, for IPMI over LAN Settings if you want to configure encryption for the IPMI communication.
- IPMI over LAN Encryption Key
export TF_VAR_ipmi_key_1="your_password"
$env:TF_VAR_ipmi_key_1="your_password"
Use the following environment variable, based on your deployment, for LDAP Policy Binding Settings.
- LDAP Binding user Password
export TF_VAR_ldap_password="your_password"
$env:TF_VAR_ldap_password="your_password"
Use the following environment variable, based on your deployment, for Local User Policy Users. This would allow you to configure up to 5 unique users in an organization for CIMC Access.
- Local user Password
export TF_VAR_local_user_password_1="your_password"
export TF_VAR_local_user_password_2="your_password"
export TF_VAR_local_user_password_3="your_password"
export TF_VAR_local_user_password_4="your_password"
export TF_VAR_local_user_password_5="your_password"
$env:TF_VAR_local_user_password_1="your_password"
$env:TF_VAR_local_user_password_2="your_password"
$env:TF_VAR_local_user_password_3="your_password"
$env:TF_VAR_local_user_password_4="your_password"
$env:TF_VAR_local_user_password_5="your_password"
Use the following environment variable, based on your deployment, for Persistent Memory Encryption.
- Persistent Memory Encryption Password
export TF_VAR_persistent_passphrase="your_password"
$env:TF_VAR_persistent_passphrase="your_password"
Use the following environment variables, based on your deployment, for SNMP Settings. There are 5 values for each variable type. This allows for creating up to 5 snmp users or 5 community strings. You only need to configure these variables if you want to use them. For instance you want to add an SNMP user with AuthPriv. You would configure snmp_auth_password_1 and snmp_privacy_password_1. The rest can be unused unless you were going to configure 5 different SNMP users with different passwords. The same holds true with community strings.
- SNMP User Passwords
export TF_VAR_snmp_auth_password_1="your_password"
export TF_VAR_snmp_auth_password_2="your_password"
export TF_VAR_snmp_auth_password_3="your_password"
export TF_VAR_snmp_auth_password_4="your_password"
export TF_VAR_snmp_auth_password_5="your_password"
export TF_VAR_snmp_privacy_password_1="your_password"
export TF_VAR_snmp_privacy_password_2="your_password"
export TF_VAR_snmp_privacy_password_3="your_password"
export TF_VAR_snmp_privacy_password_4="your_password"
export TF_VAR_snmp_privacy_password_5="your_password"
$env:TF_VAR_snmp_auth_password_1="your_password"
$env:TF_VAR_snmp_auth_password_2="your_password"
$env:TF_VAR_snmp_auth_password_3="your_password"
$env:TF_VAR_snmp_auth_password_4="your_password"
$env:TF_VAR_snmp_auth_password_5="your_password"
$env:TF_VAR_snmp_privacy_password_1="your_password"
$env:TF_VAR_snmp_privacy_password_2="your_password"
$env:TF_VAR_snmp_privacy_password_3="your_password"
$env:TF_VAR_snmp_privacy_password_4="your_password"
$env:TF_VAR_snmp_privacy_password_5="your_password"
- SNMP Communities
export TF_VAR_access_community_string_1="your_community"
export TF_VAR_access_community_string_2="your_community"
export TF_VAR_access_community_string_3="your_community"
export TF_VAR_access_community_string_4="your_community"
export TF_VAR_access_community_string_5="your_community"
export TF_VAR_snmp_trap_community_1="your_community"
export TF_VAR_snmp_trap_community_2="your_community"
export TF_VAR_snmp_trap_community_3="your_community"
export TF_VAR_snmp_trap_community_4="your_community"
export TF_VAR_snmp_trap_community_5="your_community"
$env:TF_VAR_access_community_string_1="your_community"
$env:TF_VAR_access_community_string_2="your_community"
$env:TF_VAR_access_community_string_3="your_community"
$env:TF_VAR_access_community_string_4="your_community"
$env:TF_VAR_access_community_string_5="your_community"
$env:TF_VAR_snmp_trap_community_1="your_community"
$env:TF_VAR_snmp_trap_community_2="your_community"
$env:TF_VAR_snmp_trap_community_3="your_community"
$env:TF_VAR_snmp_trap_community_4="your_community"
$env:TF_VAR_snmp_trap_community_5="your_community"
Once all Variables have been imported into your environment, run the plan in the tfe folder:
When running in Terraform Cloud with VCS Integration the first Plan will need to be run from the UI but subsiqent runs should trigger automatically
- Execute the Plan
terraform plan -out=main.plan
terraform apply main.plan
When run, this module will Create the Terraform Cloud Workspace(s) and Assign the Variables to the workspace(s).
Name | Version |
---|---|
tfe | 0.25.3 |
No providers.
Name | Source | Version |
---|---|---|
sensitive_intersight_variables | terraform-cisco-modules/modules/tfe//modules/tfc_variables | 0.6.2 |
sensitive_server_variables | terraform-cisco-modules/modules/tfe//modules/tfc_variables | 0.6.2 |
sensitive_snmp_variables | terraform-cisco-modules/modules/tfe//modules/tfc_variables | 0.6.2 |
workspaces | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | 0.6.2 |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_community_string_1 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_2 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_3 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_4 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_5 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
apikey | Intersight API Key. | string |
n/a | yes |
binding_parameters_password | The password of the user for initial bind process. It can be any string that adheres to the following constraints. It can have character except spaces, tabs, line breaks. It cannot be more than 254 characters. | string |
"" |
no |
ipmi_key_1 | Encryption key to use for IPMI communication. It should have an even number of hexadecimal characters and not exceed 40 characters. | string |
"" |
no |
local_user_password_1 | Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. | string |
"" |
no |
local_user_password_2 | Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. | string |
"" |
no |
local_user_password_3 | Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. | string |
"" |
no |
local_user_password_4 | Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. | string |
"" |
no |
local_user_password_5 | Password to assign to a local user. Sensitive Variables cannot be added to a for_each loop so these are added seperately. | string |
"" |
no |
secretkey | Intersight Secret Key. | string |
n/a | yes |
secure_passphrase | Secure passphrase to be applied on the Persistent Memory Modules on the server. The allowed characters are a-z, A to Z, 0-9, and special characters =, !, &, #, $, %, +, ^, @, _, *, -. | string |
"" |
no |
snmp_auth_password_1 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_2 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_3 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_4 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_5 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_privacy_password_1 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_2 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_3 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_4 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_5 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_trap_community_1 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_2 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_3 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_4 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_5 | Community for a Trap Destination. | string |
"" |
no |
terraform_cloud_token | Token to Authenticate to the Terraform Cloud. | string |
n/a | yes |
terraform_version | Terraform Target Version. | string |
"1.0.3" |
no |
tfc_oauth_token | Terraform Cloud OAuth Token for VCS_Repo Integration. | string |
n/a | yes |
tfc_organization | Terraform Cloud Organization Name. | string |
n/a | yes |
trap_community_string_1 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
trap_community_string_2 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
trap_community_string_3 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
trap_community_string_4 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
trap_community_string_5 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
vcs_repo | Version Control System Repository. | string |
n/a | yes |
workspaces | Map of Workspaces to create in Terraform Cloud. key - Name of the Workspace to Create. * allow_destroy_plan - Default is true. * auto_apply - Defualt is false. Automatically apply changes when a Terraform plan is successful. Plans that have no changes will not be applied. If this workspace is linked to version control, a push to the default branch of the linked repository will trigger a plan and apply. * branch - Default is "master". The repository branch that Terraform will execute from. Default to master. * description - A Description for the Workspace. * global_remote_state - Whether the workspace allows all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state (remote_state_consumer_ids).. * queue_all_runs - needs description. * remote_state_consumer_ids - The set of workspace IDs set as explicit remote state consumers for the given workspace. * working_directory - The Directory of the Version Control Repository that contains the Terraform code for UCS Domain Profiles for this Workspace. * workspace_type - What Type of Workspace will this Create. Options are: - chassis - domain - pool - server - vlan |
map(object( |
{ |
no |
Name | Description |
---|---|
workspaces | Terraform Cloud Workspace IDs and Names. |