Skip to content

terraform-cisco-modules/easy-imm-comprehensive-example

Repository files navigation

License: GPL v3 Developed by: Cisco

Archived

This repository will be archived. It is superseeded by a newer, more simplified Easy IMM, based on a YAML Schema Model.

This Module will be archived in September as I am no longer maintaining it. It is surperseeded above.

The two models were so different I didn't merge them here.

Easy IMM - Comprehensive example for Intersight

Examples are Shown in the Following Directories:

  • policies
  • pools
  • profiles
  • templates

The Structure of the YAML Files is very flexible. You can have all the YAML Data in a single file or you can have it in multiple individual folders like is shown in this module. The important part is that the data.utils_yaml_merge.model is configured to read the folders that you put the Data into.

Modify variables.auto.tfvars to match environment

variables.auto.tfvars contains Terraform variables that I felt fit better outside of the YAML Data Model. These variables should be configured to be unique to the deployment environment, but examples are shown for the Richfield environemnt in the module.

Notes for the variables.auto.tfvars

  • endpoint: SaaS will by default be intersight.com. Available in the event of CVA or PVA deployments.
  • moids_policies: Consume Policies from a Data Source instead of a Resource. This is helpful if you separate the policies module from profiles/templates.
  • moids_pools: Consume Pools from a Data Source instead of a Resource. This is helpful if you seperate the pools Module from the policies module.
  • tags: Not Required, but by default the version of the script is being flagged here.

YAML Schema Notes for Autocompletion, Help, and Error Validation:

If you would like to enable Autocompletion, Help Context, and Error Validation, (HIGHLY RECOMMENDED) perform the following configuration in Visual Studio Code.

Install the YAML extension by Red Hat

Extensions: Search for YAML and Select the 'YAML Language Support by Red Hat'

Add the YAML Schema's below to the Visual Studio Code Settings

Settings » Settings: Search for YAML:Schemas.

Click: Edit in settings.json

Configure the following in yaml.schemas

"https://raw.githubusercontent.com/terraform-cisco-modules/easy-imm-comprehensive-example/main/yaml_schemas/easy_imm.json": [
    "pools/*.yaml",
    "policies/*.yaml",
    "profiles/*.yaml",
    "templates/*.yaml"
],

Environment Variables

Terraform Cloud/Enterprise - Workspace Variables

  • Add variable intersight_api_key_id with the value of [your-api-key]
  • Add variable intersight_secret_key with the value of [your-secret-file-content]

Add Other Variables as discussed below based on use cases

Command line utility to transform environment variables for use with Terraform. (e.g. HOSTNAME → TF_VAR_hostname)

Recently I adopted the tfenv runner to standardize environment variables with multiple orchestration tools. tfenv makes it so you don't need to add TF_VAR_ to the variables when you add them to the environment. But it doesn't work for windows would be the caveat.

In the export examples below, for the Linux Example, the 'TF_VAR_' is excluded because Cloud Posse tfenv is used to insert it during the run.

Aliases for .bashrc

Additionally to Save time on typing commands I use the following aliases by editing the .bashrc for my environment.

alias tfa='tfenv terraform apply main.plan'
alias tfap='tfenv terraform apply -parallelism=1 main.plan'
alias tfd='terraform destroy'
alias tff='terraform fmt'
alias tfi='terraform init'
alias tfp='tfenv terraform plan -out=main.plan'
alias tfu='terraform init -upgrade'
alias tfv='terraform validate'

IMPORTANT: ALL EXAMPLES BELOW ASSUME USING tfenv in LINUX

Linux

export intersight_api_key_id="<your-api-key>"
export intersight_secret_key="<secret-key-file-location>"

Windows

$env:TF_VAR_intersight_api_key_id="<your-api-key>"
$env:TF_VAR_intersight_secret_key="<secret-key-file-location>"

Sensitive Variables for the Policies Module:

Certificate Management - FIAttached Servers

  • cert_mgmt_certificate: Options are 1-5 for Up to 5 Certificates. Variable Should Point to the File Location of the PEM Certificate.
  • cert_mgmt_private_key: Options are 1-5 for Up to 5 Private Keys. Variable Should Point to the File Location of the PEM Private Key.

Linux

export cert_mgmt_certificate_1='<cert_mgmt_certificate_file_location>'
export cert_mgmt_private_key_1='<cert_mgmt_private_key_file_location>'

Windows

$env:TF_VAR_cert_mgmt_certificate_1='<cert_mgmt_certificate_file_location>'
$env:TF_VAR_cert_mgmt_private_key_1='<cert_mgmt_private_key_file_location>'

Drive Security - KMIP Sensitive Variables

  • drive_security_password: If Authentication is supported/used by the KMIP Server, This is the User Password to Configure.
  • drive_security_server_ca_certificate: KMIP Server CA Certificate Contents.

Linux

export drive_security_password='<drive_security_password>'
export drive_security_server_ca_certificate='<drive_security_server_ca_certificate_file_location>'

Windows

$env:TF_VAR_drive_security_password='<drive_security_password>'
$env:TF_VAR_drive_security_server_ca_certificate='<drive_security_server_ca_certificate_file_location>'

Firmware - CCO Credentials

  • cco_user: If Configuring Firmware Policies, the CCO User for Firmware Downloads.
  • cco_password: If Configuring Firmware Policies, the CCO Password for Firmware Downloads.

Linux

export cco_user='<cco_user>'
export cco_password='<cco_password>'

Windows

$env:TF_VAR_cco_user='<cco_user>'
$env:TF_VAR_cco_password='<cco_password>'

IPMI/iSCSI/LDAP/Local Users/SNMP/Virtual Media

  • ipmi_key_1: Currently IPMI isn't Working, I would Skip this for Now.
  • iscsi_boot_password: If Configuring CHAP or MSCHAP Authentication, this is the User Password to Use.
  • binding_parameters_password: Although You can use a binding password, highly recommend using login user credentials instead in the module.
  • local_user_password_1-5: If Configuring Multiple Users, increment the Password based on number of configured Users.
  • access_community_string_1-5: Used to Configure 1 or More Community Strings. Only used if assigned.
  • snmp_auth_password_1-5: If Configuring 1 or More SNMP Users. Only used if assigned.
  • snmp_privacy_password_1-5: If Configuring SNMP Users and security_level set to AuthPriv. Only used if assigned.
  • snmp_trap_community_1-5: Used by SNMP Trap Servers if using v2c instead of v3.
  • vmedia_password_1-5: If Configuring vMedia Mappings and method uses authentication.

Linux

export cco_user='<cco_user>'
export cco_password='<cco_password>'

Windows

$env:TF_VAR_cco_user='<cco_user>'
$env:TF_VAR_cco_password='<cco_password>'

Requirements

Name Version
terraform >=1.3.0
intersight >=1.0.36
utils >= 0.1.3

Providers

Name Version
intersight 1.0.36
utils 0.2.5
time 0.9.1

Modules

Name Source Version
pools terraform-cisco-modules/pools/intersight 2.1.5
policies terraform-cisco-modules/policies/intersight 2.1.5
domain_profiles terraform-cisco-modules/profiles-domain/intersight 2.1.6
profiles terraform-cisco-modules/profiles/intersight 2.1.5

NOTE:

When the Data is merged from the YAML files, it will run through the modules using for_each loop(s). Sensitive Variables cannot be added to a for_each loop, instead use the variables below to add sensitive values for policies.

Inputs

Name Description Type Default Required
deploy_profiles Flag to Determine if Profiles Should be deployed. string false no
endpoint Intersight Endpoint Hostname. string "intersight.com" no
intersight_api_key_id Intersight API Key. string n/a yes
intersight_secret_key Intersight Secret Key. string "blah.txt" no
moids_policies Flag to Determine if Policies Should be associated using resource or data object. bool false no
moids_pools Flag to Determine if Pools Should be associated using data object or from var.pools. bool false no
operating_system Type of Operating System.
* Linux
* Windows
string "Linux" no
tags List of Key/Value Pairs to Assign as Attributes to the Policy. list(map(string)) [] no
cert_mgmt_certificate_1 The Server Certificate, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_certificate_2 The Server Certificate, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_certificate_3 The Server Certificate, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_certificate_4 The Server Certificate, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_certificate_5 The Server Certificate, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_private_key_1 The Server Private Key, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_private_key_2 The Server Private Key, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_private_key_3 The Server Private Key, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_private_key_4 The Server Private Key, in PEM Format, File Location. string "blah.txt" no
cert_mgmt_private_key_5 The Server Private Key, in PEM Format, File Location. string "blah.txt" no
drive_security_password Drive Security User Password. string "" no
drive_security_server_ca_certificate Drive Security Server CA Certificate, in PEM Format, File Location. string "blah.txt" no
cco_password CCO User Account Password. string "" no
cco_user CCO User Account Email for Firmware Policies. string "cco_user" no
ipmi_key Encryption key 1 to use for IPMI communication. It should have an even number of hexadecimal characters and not exceed 40 characters. string "" no
iscsi_boot_password Password to Assign to the iSCSI Boot Policy if doing Authentication. string "" no
binding_parameters_password The password of the user for initial bind process with an LDAP Policy. It can be any string that adheres to the following constraints. It can have character except spaces, tabs, line breaks. It cannot be more than 254 characters. string "" no
local_user_password_1 Password to assign to a Local User Policy -> user. string "" no
local_user_password_2 Password to assign to a Local User Policy -> user. string "" no
local_user_password_3 Password to assign to a Local User Policy -> user. string "" no
local_user_password_4 Password to assign to a Local User Policy -> user. string "" no
local_user_password_5 Password to assign to a Local User Policy -> user. string "" no
persistent_passphrase Secure passphrase to be applied on the Persistent Memory Modules on the server. The allowed characters are:
- a-z, A-Z, 0-9 and special characters: \u0021, &, #, $, %, +, ^, @, _, *, -.
string "" no
access_community_string_1 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_2 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_3 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_4 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
access_community_string_5 The default SNMPv1, SNMPv2c community name or SNMPv3 username to include on any trap messages sent to the SNMP host. The name can be 18 characters long. string "" no
snmp_auth_password_1 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_2 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_3 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_4 SNMPv3 User Authentication Password. string "" no
snmp_auth_password_5 SNMPv3 User Authentication Password. string "" no
snmp_privacy_password_1 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_2 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_3 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_4 SNMPv3 User Privacy Password. string "" no
snmp_privacy_password_5 SNMPv3 User Privacy Password. string "" no
snmp_trap_community_1 Community for a Trap Destination. string "" no
snmp_trap_community_2 Community for a Trap Destination. string "" no
snmp_trap_community_3 Community for a Trap Destination. string "" no
snmp_trap_community_4 Community for a Trap Destination. string "" no
snmp_trap_community_5 Community for a Trap Destination. string "" no
vmedia_password_1 Password for a Virtual Media Policy -> mapping target. string "" no
vmedia_password_2 Password for a Virtual Media Policy -> mapping target. string "" no
vmedia_password_3 Password for a Virtual Media Policy -> mapping target. string "" no
vmedia_password_4 Password for a Virtual Media Policy -> mapping target. string "" no
vmedia_password_5 Password for a Virtual Media Policy -> mapping target. string "" no

Outputs

Name Description
domain_profiles Domain Profile Outputs: including cluster and switch Moids, policy assignments.
policies The Name of Each Policy Created with it's respective Moid.
pools The Name of Each Pool Created with it's respective Moid.
profiles The Name of Each Profile Created with it's respective Moid.

Sub Modules

If you want to see documentation on Variables for Submodules use the links below:

Terraform Registry

Policies

Policies

Pools

Pools

Profiles

Domain

Chassis and Server + Server Templates

About

Infrastructure as Code - Intersight - Comprehensive Example

Resources

License

Stars

Watchers

Forks

Packages

No packages published