This repository will be archived. It is superseeded by a newer, more simplified Easy IMM, based on a YAML Schema Model.
This Module will be archived in September as I am no longer maintaining it. It is surperseeded above.
The two models were so different I didn't merge them here.
Examples are Shown in the Following Directories:
policies
pools
profiles
templates
The Structure of the YAML Files is very flexible. You can have all the YAML Data in a single file or you can have it in multiple individual folders like is shown in this module. The important part is that the data.utils_yaml_merge.model
is configured to read the folders that you put the Data into.
variables.auto.tfvars
contains Terraform variables that I felt fit better outside of the YAML Data Model. These variables should be configured to be unique to the deployment environment, but examples are shown for the Richfield environemnt in the module.
- endpoint: SaaS will by default be
intersight.com
. Available in the event of CVA or PVA deployments. - moids_policies: Consume Policies from a Data Source instead of a Resource. This is helpful if you separate the
policies
module fromprofiles/templates
. - moids_pools: Consume Pools from a Data Source instead of a Resource. This is helpful if you seperate the
pools
Module from thepolicies
module. - tags: Not Required, but by default the version of the script is being flagged here.
If you would like to enable Autocompletion, Help Context, and Error Validation, (HIGHLY RECOMMENDED
) perform the following configuration in Visual Studio Code.
Extensions
: Search for YAML and Select the 'YAML Language Support by Red Hat'
Settings
» Settings
: Search for YAML:Schemas
.
Click: Edit in settings.json
Configure the following in yaml.schemas
"https://raw.githubusercontent.com/terraform-cisco-modules/easy-imm-comprehensive-example/main/yaml_schemas/easy_imm.json": [
"pools/*.yaml",
"policies/*.yaml",
"profiles/*.yaml",
"templates/*.yaml"
],
- Add variable intersight_api_key_id with the value of [your-api-key]
- Add variable intersight_secret_key with the value of [your-secret-file-content]
Command line utility to transform environment variables for use with Terraform. (e.g. HOSTNAME → TF_VAR_hostname)
Recently I adopted the tfenv
runner to standardize environment variables with multiple orchestration tools. tfenv makes it so you don't need to add TF_VAR_ to the variables when you add them to the environment. But it doesn't work for windows would be the caveat.
In the export examples below, for the Linux Example, the 'TF_VAR_' is excluded because Cloud Posse tfenv is used to insert it during the run.
Additionally to Save time on typing commands I use the following aliases by editing the .bashrc
for my environment.
alias tfa='tfenv terraform apply main.plan'
alias tfap='tfenv terraform apply -parallelism=1 main.plan'
alias tfd='terraform destroy'
alias tff='terraform fmt'
alias tfi='terraform init'
alias tfp='tfenv terraform plan -out=main.plan'
alias tfu='terraform init -upgrade'
alias tfv='terraform validate'
export intersight_api_key_id="<your-api-key>"
export intersight_secret_key="<secret-key-file-location>"
$env:TF_VAR_intersight_api_key_id="<your-api-key>"
$env:TF_VAR_intersight_secret_key="<secret-key-file-location>"
cert_mgmt_certificate
: Options are 1-5 for Up to 5 Certificates. Variable Should Point to the File Location of the PEM Certificate.cert_mgmt_private_key
: Options are 1-5 for Up to 5 Private Keys. Variable Should Point to the File Location of the PEM Private Key.
export cert_mgmt_certificate_1='<cert_mgmt_certificate_file_location>'
export cert_mgmt_private_key_1='<cert_mgmt_private_key_file_location>'
$env:TF_VAR_cert_mgmt_certificate_1='<cert_mgmt_certificate_file_location>'
$env:TF_VAR_cert_mgmt_private_key_1='<cert_mgmt_private_key_file_location>'
drive_security_password
: If Authentication is supported/used by the KMIP Server, This is the User Password to Configure.drive_security_server_ca_certificate
: KMIP Server CA Certificate Contents.
export drive_security_password='<drive_security_password>'
export drive_security_server_ca_certificate='<drive_security_server_ca_certificate_file_location>'
$env:TF_VAR_drive_security_password='<drive_security_password>'
$env:TF_VAR_drive_security_server_ca_certificate='<drive_security_server_ca_certificate_file_location>'
cco_user
: If Configuring Firmware Policies, the CCO User for Firmware Downloads.cco_password
: If Configuring Firmware Policies, the CCO Password for Firmware Downloads.
export cco_user='<cco_user>'
export cco_password='<cco_password>'
$env:TF_VAR_cco_user='<cco_user>'
$env:TF_VAR_cco_password='<cco_password>'
ipmi_key_1
: Currently IPMI isn't Working, I would Skip this for Now.iscsi_boot_password
: If Configuring CHAP or MSCHAP Authentication, this is the User Password to Use.binding_parameters_password
: Although You can use a binding password, highly recommend using login user credentials instead in the module.local_user_password
_1-5: If Configuring Multiple Users, increment the Password based on number of configured Users.access_community_string
_1-5: Used to Configure 1 or More Community Strings. Only used if assigned.snmp_auth_password
_1-5: If Configuring 1 or More SNMP Users. Only used if assigned.snmp_privacy_password
_1-5: If Configuring SNMP Users and security_level set toAuthPriv
. Only used if assigned.snmp_trap_community
_1-5: Used by SNMP Trap Servers if using v2c instead of v3.vmedia_password
_1-5: If Configuring vMedia Mappings and method uses authentication.
export cco_user='<cco_user>'
export cco_password='<cco_password>'
$env:TF_VAR_cco_user='<cco_user>'
$env:TF_VAR_cco_password='<cco_password>'
Name | Version |
---|---|
terraform | >=1.3.0 |
intersight | >=1.0.36 |
utils | >= 0.1.3 |
Name | Version |
---|---|
intersight | 1.0.36 |
utils | 0.2.5 |
time | 0.9.1 |
Name | Source | Version |
---|---|---|
pools | terraform-cisco-modules/pools/intersight | 2.1.5 |
policies | terraform-cisco-modules/policies/intersight | 2.1.5 |
domain_profiles | terraform-cisco-modules/profiles-domain/intersight | 2.1.6 |
profiles | terraform-cisco-modules/profiles/intersight | 2.1.5 |
When the Data is merged from the YAML files, it will run through the modules using for_each loop(s). Sensitive Variables cannot be added to a for_each loop, instead use the variables below to add sensitive values for policies.
Name | Description | Type | Default | Required |
---|---|---|---|---|
deploy_profiles | Flag to Determine if Profiles Should be deployed. | string |
false |
no |
endpoint | Intersight Endpoint Hostname. | string |
"intersight.com" |
no |
intersight_api_key_id | Intersight API Key. | string |
n/a | yes |
intersight_secret_key | Intersight Secret Key. | string |
"blah.txt" |
no |
moids_policies | Flag to Determine if Policies Should be associated using resource or data object. | bool |
false |
no |
moids_pools | Flag to Determine if Pools Should be associated using data object or from var.pools. | bool |
false |
no |
operating_system | Type of Operating System. * Linux * Windows |
string |
"Linux" |
no |
tags | List of Key/Value Pairs to Assign as Attributes to the Policy. | list(map(string)) |
[] |
no |
cert_mgmt_certificate_1 | The Server Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_certificate_2 | The Server Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_certificate_3 | The Server Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_certificate_4 | The Server Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_certificate_5 | The Server Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_private_key_1 | The Server Private Key, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_private_key_2 | The Server Private Key, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_private_key_3 | The Server Private Key, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_private_key_4 | The Server Private Key, in PEM Format, File Location. | string |
"blah.txt" |
no |
cert_mgmt_private_key_5 | The Server Private Key, in PEM Format, File Location. | string |
"blah.txt" |
no |
drive_security_password | Drive Security User Password. | string |
"" |
no |
drive_security_server_ca_certificate | Drive Security Server CA Certificate, in PEM Format, File Location. | string |
"blah.txt" |
no |
cco_password | CCO User Account Password. | string |
"" |
no |
cco_user | CCO User Account Email for Firmware Policies. | string |
"cco_user" |
no |
ipmi_key | Encryption key 1 to use for IPMI communication. It should have an even number of hexadecimal characters and not exceed 40 characters. | string |
"" |
no |
iscsi_boot_password | Password to Assign to the iSCSI Boot Policy if doing Authentication. | string |
"" |
no |
binding_parameters_password | The password of the user for initial bind process with an LDAP Policy. It can be any string that adheres to the following constraints. It can have character except spaces, tabs, line breaks. It cannot be more than 254 characters. | string |
"" |
no |
local_user_password_1 | Password to assign to a Local User Policy -> user. | string |
"" |
no |
local_user_password_2 | Password to assign to a Local User Policy -> user. | string |
"" |
no |
local_user_password_3 | Password to assign to a Local User Policy -> user. | string |
"" |
no |
local_user_password_4 | Password to assign to a Local User Policy -> user. | string |
"" |
no |
local_user_password_5 | Password to assign to a Local User Policy -> user. | string |
"" |
no |
persistent_passphrase | Secure passphrase to be applied on the Persistent Memory Modules on the server. The allowed characters are: - a-z, A-Z, 0-9 and special characters: \u0021, &, #, $, %, +, ^, @, _, *, -. |
string |
"" |
no |
access_community_string_1 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_2 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_3 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_4 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
access_community_string_5 | The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. | string |
"" |
no |
snmp_auth_password_1 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_2 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_3 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_4 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_auth_password_5 | SNMPv3 User Authentication Password. | string |
"" |
no |
snmp_privacy_password_1 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_2 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_3 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_4 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_privacy_password_5 | SNMPv3 User Privacy Password. | string |
"" |
no |
snmp_trap_community_1 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_2 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_3 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_4 | Community for a Trap Destination. | string |
"" |
no |
snmp_trap_community_5 | Community for a Trap Destination. | string |
"" |
no |
vmedia_password_1 | Password for a Virtual Media Policy -> mapping target. | string |
"" |
no |
vmedia_password_2 | Password for a Virtual Media Policy -> mapping target. | string |
"" |
no |
vmedia_password_3 | Password for a Virtual Media Policy -> mapping target. | string |
"" |
no |
vmedia_password_4 | Password for a Virtual Media Policy -> mapping target. | string |
"" |
no |
vmedia_password_5 | Password for a Virtual Media Policy -> mapping target. | string |
"" |
no |
Name | Description |
---|---|
domain_profiles | Domain Profile Outputs: including cluster and switch Moids, policy assignments. |
policies | The Name of Each Policy Created with it's respective Moid. |
pools | The Name of Each Pool Created with it's respective Moid. |
profiles | The Name of Each Profile Created with it's respective Moid. |
If you want to see documentation on Variables for Submodules use the links below: