Terraform automation: Control center (Stepstone, DNS, NTP, AD, Etc.) and File:Nsx-universal-sec-11.png: Difference between pages

From Iwan
(Difference between pages)
Jump to: navigation, search
No edit summary
 
(== Summary == Uplaoding files from nsx.ninja and iwan.wiki)
Tag: Server-side upload
 
Line 1: Line 1:
The control center VM will have different functions within the nested labs.
== Summary ==
The main purpose will be that this VM will be the stepstone to perform management inside the nested lab and access all the internal lab resources and services.
Uplaoding files from nsx.ninja and iwan.wiki
Because all traffic will not be routed outside the nested lab we need to have a control point.
The control center VM will also offer AD, DNS and NTP services.
 
This VM is also pre-prepared with a Windows 2019 Server installation and various services are configured and different software is pre-installed.
 
This is the list of the services I have installed and configured together with the software installs:
 
* Enable Remote Desktop
** [https://computingforgeeks.com/how-to-enable-remote-desktop-protocol-rdp-on-windows-server-2019/ Enable RDP on Windows 2019 Server]
* Turn off all Personal Firewalls
** [https://www.faqforge.com/windows-server-2016/turn-off-firewall-windows-server-2016/ How to Turn Off Firewall in Windows Server 2016]
* Install Windows Updates
** [https://medium.com/@tkolber/patching-windows-server-2019-core-with-windows-update-e22aef78b8c9 Patching Windows Server 2019 Core with Windows Update]
* Install VMware Tools
** [https://kb.vmware.com/s/article/1018377 VMware Knowledge Base]
* Change the hostname to “control”
** [https://www.server-world.info/en/note?os=Windows_Server_2019&p=initial_conf&f=3 Windows Server 2019 : Initial Settings : Change Computer Name]
* Configure AD
** [https://www.youtube.com/watch?v=h3sxduUt5a8 Setting up Active Directory in Windows Server 2019 (Step By Step Guide)]
* Configure DNS for domain “lab.local”
** [https://computingforgeeks.com/install-and-configure-dns-server-in-windows-server/ Install and Configure DNS Server on Windows Server 2019]
** Also make sure you configure an “A” record for vcsa.lab.local -> 192.168.11.10
* Configure NTP Server
** [https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings Windows Time service tools and settings]
* Install RoyalTSX
** [https://www.royalapps.com/ts/mac/download Royal Apps]
* Install Google Chrome
** [https://www.google.com/chrome/ Google Chrome]
* Install Putty
** [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Download PuTTY]
* Install Notepad ++
** [https://notepad-plus-plus.org/downloads/ Notepad++]
* Install Visual Studio Code
** [https://code.visualstudio.com/download Download Visual Studio Code - Mac, Linux, Windows]
* Install Gitkraken
** [https://www.gitkraken.com/download/mac GitKraken]
* Install PowerCLI
** [https://www.vladan.fr/how-to-install-vmware-powercli-via-powershell/ How To Install VMware PowerCLI via PowerShell]
* Install WinSCP
** [https://winscp.net/eng/download.php WinSCP Download]
* Install DeamonTools
** [https://www.daemon-tools.cc/downloads Download DAEMON Tools]
* Install Postman
** [https://www.postman.com/downloads/ Download Postman App]
* Install RVTools
** [https://www.robware.net/rvtools/download/ RVTools - Download]
* Install Chocolatey (Windows Package Manager)
**  [https://chocolatey.org/](https://chocolatey.org/ Chocolatey Install]
* Install Terraform through the Chocolatey windows package manager
** [https://chocolatey.org/packages/terraform/0.11.14 Chocolatey Software | Terraform 0.11.14]
** [https://chocolatey.org/packages/terraform Chocolatey Software | Terraform 0.12.21]
* Change password policies and make sure passwords never expire or need to be changed
** [http://dalaris.com/how-to-change-password-complexity-policy-on-a-windows-server/ Change password policies windows server]
 
After the Windows 2019 Server VM is fully installed and the services are preconfigured and the software is pre-installed we can start cloning it using the below Terraform script:
 
{{console|body=
\❯ tree
├── main.tf   
├── terraform.tfvars
├── variables.tf
}}
 
'''terraform.tfvars'''
<div class="toccolours mw-collapsible mw-collapsed">
'''CLICK ON EXPAND ===> ON THE RIGHT ===> TO SEE THE OUTPUT (terraform.tfvars code) ===>''' :
<div class="mw-collapsible-content">{{console|body=
vsphere_user = “administrator@vsphere.local”
vsphere_password = “<my vCenter Server Password>”
vsphere_server = "vcsa-01.home.local"
vsphere_datacenter = “HOME”
vsphere_datastore = “vsanDatastore”
vsphere_resource_pool = “Lab1”
vsphere_network = “L1-APP-MGMT11”
vsphere_virtual_machine_template = “control-template”
vsphere_virtual_machine_name = “l1-control”
}}</div>
</div>
 
'''variables.tf'''
<div class="toccolours mw-collapsible mw-collapsed">
'''CLICK ON EXPAND ===> ON THE RIGHT ===> TO SEE THE OUTPUT (variables.tf code) ===>''' :
<div class="mw-collapsible-content">{{console|body=
# vsphere login account. defaults to admin account
variable “vsphere_user" {
  default = "administrator@vsphere.local"
}
 
# vsphere account password. empty by default.
variable “vsphere_password” {
  default = “<my vCenter Server Password>”
}
 
# vsphere server, defaults to localhost
variable “vsphere_server” {
  default = “vcsa-01.home.local”
}
 
# vsphere datacenter the virtual machine will be deployed to. empty by default.
variable “vsphere_datacenter” {}
 
# vsphere resource pool the virtual machine will be deployed to. empty by default.
variable “vsphere_resource_pool” {}
 
# vsphere datastore the virtual machine will be deployed to. empty by default.
variable “vsphere_datastore” {}
 
# vsphere network the virtual machine will be connected to. empty by default.
variable “vsphere_network” {}
 
# vsphere virtual machine template that the virtual machine will be cloned from. empty by default.
variable “vsphere_virtual_machine_template” {}
 
# the name of the vsphere virtual machine that is created. empty by default.
variable “vsphere_virtual_machine_name” {}
}}</div>
</div>
 
'''main.tf'''
<div class="toccolours mw-collapsible mw-collapsed">
'''CLICK ON EXPAND ===> ON THE RIGHT ===> TO SEE THE OUTPUT (main.tf code) ===>''' :
<div class="mw-collapsible-content">{{console|body=
provider “vsphere” {
  user          = “${var.vsphere_user}”
  password      = "${var.vsphere_password}"
  vsphere_server = "${var.vsphere_server}”
  allow_unverified_ssl = true
}
 
data “vsphere_datacenter” “dc” {
  name = “${var.vsphere_datacenter}”
}
 
data “vsphere_datastore” “datastore” {
  name          = “${var.vsphere_datastore}”
  datacenter_id = “${data.vsphere_datacenter.dc.id}”
}
 
data “vsphere_resource_pool” “pool” {
  name          = “${var.vsphere_resource_pool}”
  datacenter_id = “${data.vsphere_datacenter.dc.id}”
}
 
data “vsphere_network” “network” {
  name          = “${var.vsphere_network}”
  datacenter_id = “${data.vsphere_datacenter.dc.id}”
}
 
data “vsphere_virtual_machine” “template” {
  name          = “${var.vsphere_virtual_machine_template}”
  datacenter_id = “${data.vsphere_datacenter.dc.id}”
}
 
resource “vsphere_virtual_machine” “cloned_virtual_machine” {
  name            = “${var.vsphere_virtual_machine_name}”
 
  wait_for_guest_net_routable = false
  wait_for_guest_net_timeout = 0
 
  # Important of Terraform will set BIOS by default - Fix below
  firmware = “efi”
 
  resource_pool_id = “${data.vsphere_resource_pool.pool.id}”
  datastore_id    = “${data.vsphere_datastore.datastore.id}”
  num_cpus = 2
  memory  = 8192
 
  #num_cpus = “${data.vsphere_virtual_machine.template.num_cpus}”
  #memory  = “${data.vsphere_virtual_machine.template.memory}”
 
  guest_id = “${data.vsphere_virtual_machine.template.guest_id}”
 
  scsi_type = “${data.vsphere_virtual_machine.template.scsi_type}”
 
  network_interface {
    network_id  = “${data.vsphere_network.network.id}”
    adapter_type = “${data.vsphere_virtual_machine.template.network_interface_types[0]}”
  }
 
  disk {
    label = “disk0”
    size  = “80”
#  unit_number = 0
  }
  clone {
    template_uuid = “${data.vsphere_virtual_machine.template.id}”
  }
}
}}</div>
</div>
 
So we are ready to execute the terraform code on a per-directory basis.
 
Validate your code:
{{console|body=
ihoogendoor-a01:#Test iwanhoogendoorn$ tfenv use 0.11.14
[INFO] Switching to v0.11.14
[INFO] Switching completed
ihoogendoor-a01:Test iwanhoogendoorn$ terraform validate
}}
 
Plan your code:
{{console|body=
ihoogendoor-a01:Test iwanhoogendoorn$ terraform plan
}}
 
Execute your code to implement the Segments:
{{console|body=
ihoogendoor-a01:Test iwanhoogendoorn$ terraform apply
}}
 
When the segments need to be removed again you can revert the implementation:
{{console|body=
ihoogendoor-a01:Test iwanhoogendoorn$ terraform destroy
}}
 
[[Category:Articles]]
[[Category:VMware]]
[[Category:NSX-T]]
[[Category:Networking]]
[[Category:Terraform]]

Latest revision as of 14:14, 12 January 2024

Summary

Uplaoding files from nsx.ninja and iwan.wiki