├── .gitignore
├── Dockerfile
├── LICENSE
├── README.md
├── aws
├── Provision_Instances
│ ├── aws.tf
│ ├── cloud-init
│ │ ├── vbond.user_data
│ │ ├── vmanage.user_data
│ │ └── vsmart.user_data
│ ├── my_instances_variables.auto.tfvars.json
│ ├── output.tf
│ ├── terraform.tf
│ ├── vbond
│ │ ├── output.tf
│ │ ├── vbond.tf
│ │ └── vbond_var.tf
│ ├── vbond_master.tf
│ ├── vmanage
│ │ ├── output.tf
│ │ ├── vmanage.tf
│ │ └── vmanage_var.tf
│ ├── vmanage_master.tf
│ ├── vsmart
│ │ ├── output.tf
│ │ ├── vsmart.tf
│ │ └── vsmart_var.tf
│ └── vsmart_master.tf
└── Provision_VPC
│ ├── aws.tf
│ ├── base.tf
│ ├── base_var.tf
│ ├── my_vpc_variables.auto.tfvars.json
│ └── output.tf
├── azure
├── Provision_Instances
│ ├── azure.tf
│ ├── cloud-init
│ │ ├── vbond.user_data
│ │ ├── vmanage.user_data
│ │ └── vsmart.user_data
│ ├── output.tf
│ ├── terraform.tf
│ ├── vbond
│ │ ├── output.tf
│ │ ├── vbond.tf
│ │ └── vbond_var.tf
│ ├── vbond_master.tf
│ ├── vmanage
│ │ ├── output.tf
│ │ ├── vmanage.tf
│ │ └── vmanage_var.tf
│ ├── vmanage_master.tf
│ ├── vsmart
│ │ ├── output.tf
│ │ ├── vsmart.tf
│ │ └── vsmart_var.tf
│ └── vsmart_master.tf
└── Provision_VNET
│ ├── azure.tf
│ ├── base.tf
│ ├── base_var.tf
│ ├── my_vnet_variables.auto.tfvars.json
│ └── output.tf
└── vmware
├── cedge_vmware
├── create_iso.tf
├── main.tf
├── outputs.tf
└── variables.tf
├── cloud-init
├── cedge
│ └── ciscosdwan_cloud_init.cfg
├── vbond
│ ├── v1
│ │ ├── meta-data
│ │ └── user-data
│ └── v2
│ │ ├── meta-data
│ │ └── user-data
├── vedge
│ ├── v1
│ │ ├── meta-data
│ │ └── user-data
│ └── v2
│ │ ├── meta-data
│ │ └── user-data
├── vmanage
│ ├── v1
│ │ ├── meta-data
│ │ └── user-data
│ └── v2
│ │ ├── meta-data
│ │ └── user-data
└── vsmart
│ ├── v1
│ ├── meta-data
│ └── user-data
│ └── v2
│ ├── meta-data
│ └── user-data
├── examples
├── v19.2-day0.example
├── v19.2.example
├── v20.7-day0.example
└── v20.7.example
├── main.tf
├── outputs.tf
├── variables.tf
└── viptela_vmware
├── create_iso.tf
├── main.tf
├── outputs.tf
└── variables.tf
/.gitignore:
--------------------------------------------------------------------------------
1 | *.tfstate
2 | *.backup
3 | *.info
4 | *.iso
5 | ISO
6 | .terraform
7 | *.pem
8 | *.tfplan
9 | *.tfvars
10 | *.tfvars.json
11 | *.hcl
12 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM hashicorp/terraform:0.12.23
2 |
3 | RUN apk --update add cdrkit
4 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | CISCO SAMPLE CODE LICENSE
2 | Version 1.0
3 | Copyright (c) 2017 Cisco and/or its affiliates
4 |
5 | These terms govern this Cisco example or demo source code and its
6 | associated documentation (together, the "Sample Code"). By downloading,
7 | copying, modifying, compiling, or redistributing the Sample Code, you
8 | accept and agree to be bound by the following terms and conditions (the
9 | "License"). If you are accepting the License on behalf of an entity, you
10 | represent that you have the authority to do so (either you or the entity,
11 | "you"). Sample Code is not supported by Cisco TAC and is not tested for
12 | quality or performance. This is your only license to the Sample Code and
13 | all rights not expressly granted are reserved.
14 |
15 | 1. LICENSE GRANT: Subject to the terms and conditions of this License,
16 | Cisco hereby grants to you a perpetual, worldwide, non-exclusive, non-
17 | transferable, non-sublicensable, royalty-free license to copy and
18 | modify the Sample Code in source code form, and compile and
19 | redistribute the Sample Code in binary/object code or other executable
20 | forms, in whole or in part, solely for use with Cisco products and
21 | services. For interpreted languages like Java and Python, the
22 | executable form of the software may include source code and
23 | compilation is not required.
24 |
25 | 2. CONDITIONS: You shall not use the Sample Code independent of, or to
26 | replicate or compete with, a Cisco product or service. Cisco products
27 | and services are licensed under their own separate terms and you shall
28 | not use the Sample Code in any way that violates or is inconsistent
29 | with those terms (for more information, please visit:
30 | www.cisco.com/go/terms.
31 |
32 | 3. OWNERSHIP: Cisco retains sole and exclusive ownership of the Sample
33 | Code, including all intellectual property rights therein, except with
34 | respect to any third-party material that may be used in or by the
35 | Sample Code. Any such third-party material is licensed under its own
36 | separate terms (such as an open source license) and all use must be in
37 | full accordance with the applicable license. This License does not
38 | grant you permission to use any trade names, trademarks, service
39 | marks, or product names of Cisco. If you provide any feedback to Cisco
40 | regarding the Sample Code, you agree that Cisco, its partners, and its
41 | customers shall be free to use and incorporate such feedback into the
42 | Sample Code, and Cisco products and services, for any purpose, and
43 | without restriction, payment, or additional consideration of any kind.
44 | If you initiate or participate in any litigation against Cisco, its
45 | partners, or its customers (including cross-claims and counter-claims)
46 | alleging that the Sample Code and/or its use infringe any patent,
47 | copyright, or other intellectual property right, then all rights
48 | granted to you under this License shall terminate immediately without
49 | notice.
50 |
51 | 4. LIMITATION OF LIABILITY: CISCO SHALL HAVE NO LIABILITY IN CONNECTION
52 | WITH OR RELATING TO THIS LICENSE OR USE OF THE SAMPLE CODE, FOR
53 | DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO DIRECT, INCIDENTAL,
54 | AND CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, DATA, INFORMATION,
55 | PROFITS, BUSINESS, OR GOODWILL, HOWEVER CAUSED, EVEN IF ADVISED OF THE
56 | POSSIBILITY OF SUCH DAMAGES.
57 |
58 | 5. DISCLAIMER OF WARRANTY: SAMPLE CODE IS INTENDED FOR EXAMPLE PURPOSES
59 | ONLY AND IS PROVIDED BY CISCO "AS IS" WITH ALL FAULTS AND WITHOUT
60 | WARRANTY OR SUPPORT OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY
61 | LAW, ALL EXPRESS AND IMPLIED CONDITIONS, REPRESENTATIONS, AND
62 | WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR
63 | CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-
64 | INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, AND ACCURACY,
65 | ARE HEREBY EXCLUDED AND EXPRESSLY DISCLAIMED BY CISCO. CISCO DOES NOT
66 | WARRANT THAT THE SAMPLE CODE IS SUITABLE FOR PRODUCTION OR COMMERCIAL
67 | USE, WILL OPERATE PROPERLY, IS ACCURATE OR COMPLETE, OR IS WITHOUT
68 | ERROR OR DEFECT.
69 |
70 | 6. GENERAL: This License shall be governed by and interpreted in
71 | accordance with the laws of the State of California, excluding its
72 | conflict of laws provisions. You agree to comply with all applicable
73 | United States export laws, rules, and regulations. If any provision of
74 | this License is judged illegal, invalid, or otherwise unenforceable,
75 | that provision shall be severed and the rest of the License shall
76 | remain in full force and effect. No failure by Cisco to enforce any of
77 | its rights related to the Sample Code or to a breach of this License
78 | in a particular situation will act as a waiver of such rights. In the
79 | event of any inconsistencies with any other terms, this License shall
80 | take precedence.
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # terraform-viptela
2 |
3 | This repo contains terraform code for deploying the Cisco SD-WAN (Viptela) control plane components in various cloud environments.
4 |
5 | ## Requirements
6 |
7 | - [Terraform](https://www.terraform.io). On a Mac, install with Homebrew:
8 | ```
9 | brew install terraform
10 | ```
11 | - mkisofs is used to create the cloud-init ISOs. On a Mac, install with Homebrew:
12 | ```
13 | brew install cdrtools
14 | ```
15 |
16 | ## VMware
17 |
18 | ### Creating the SD-WAN VM templates
19 |
20 | #### vManage, vSmart and vEdge
21 | In the vCenter UI, create the Viptela VM templates:
22 |
23 | 1. Deploy the Viptela OVF for vManage, vEdge and vSmart.
24 | 1. In the "Select storage" section, set the virtual disk format to "Thin provisioned" to make more efficient use of the datastore disk space.
25 |
26 | On v19 and earlier, after all of the OVFs have been deployed, edit the settings of each Viptela VM template and:
27 | 1. Add a "SCSI Controller" of type "LSI Logic Parallel".
28 | 1. Change "Hard disk 1" "Virtual Device Node" setting from "IDE 0" to "New SCSI controller".
29 | 1. Click OK.
30 | 1. The VM is now ready to use as a template for use with terraform.
31 |
32 | > Note: Do not add a second disk to the vManage template. Terraform will do this dynamically.
33 |
34 | > Note: You do not need to do these steps for 20.x and later. These OVFs alreday use a SCSI controller.
35 |
36 | #### CSR1000v
37 | In the vCenter UI, create the VM template for CSR1000v w/SD-WAN (aka cEdge):
38 | 1. Deploy the OVF. (`csr1000v-ucmk9.16.12.1e.ova` or similar)
39 | 1. In the "Select storage" section, set the virtual disk format to "Thin provisioned" to make more efficient use of the datastore disk space.
40 | 1. In the "Customize template" section, just leave the values blank and click "Next". Terraform will set these properties when it clones the VM.
41 | 1. After the OVF is successfully deployed, go to the "Configure" section and select "vApp Options" from the menu on the left. Click "Edit..." and unselect the "Enable vApp options" checkbox at the top. Say "Yes" to the dialog box, then click "OK".
42 | 1. Power on the VM and watch the console.
43 | 1. Power off the VM immediately after the first reboot. (If you miss this and power it off after it is fully up, delete the VM and repeat this process.)
44 | 1. The VM is now ready to use as a template for use with terraform.
45 |
46 | ### Using terraform to deploy SD-WAN components
47 | There two main was to deploy on VMware. The first is to let the module build out the bootstrap configuration for you, while you simply supply IPv4 addressing info. The second way is to supply the full bootstrap configuration yourself. The second method gives you much greater control over the bootstrap configuration. The links below have examples of each method.
48 |
49 | - [v20.4 and under](vmware/examples/v19.2.example)
50 | - [v20.4 and under with bootstrap](vmware/examples/v19.2-day0.example)
51 | - [v20.5 and up](vmware/examples/v20.7.example)
52 | - [v20.5 and up with bootstrap](vmware/examples/v20.7-day0.example)
53 |
54 | To use the examples:
55 |
56 | Change to the vmware directory.
57 |
58 | ```
59 | cd vmware
60 | ```
61 |
62 | Copy the example you want to a file named `terraform.tfvars`.
63 |
64 | ```
65 | cp examples/v19.2.example terraform.tfvars
66 | ```
67 |
68 | Change the variables and/or configuration to suit your environment, or pass in these variables some other way (e.g. Ansible, environment variables, etc.) Keep in mind the following when updating the variables:
69 |
70 | - `networks` is an ordered list of VM networks to use for each interface of the device. For vManage/vSmart the order is eth0, eth1. For vBond/vEdge the order is eth0, g0/0, g0/1, g0/2, g0/3.
71 | - `*_template`, `datacenter`, `cluster`, `datastore` and `iso_datastore` values should be set to the names of the respective objects in vCenter.
72 | - `ipv4_address` is applied to VPN 0 must be set to either "dhcp" or a static IP address. Use address/prefix-length notation (i.e. 192.168.0.2/24) for Viptela components and address/netmask notation (i.e. 192.168.0.2 255.255.255.0) for CSR1000v. When specifying a static IP address, `ipv4_gateway` is also required.
73 | - `folder` is the VM folder to place all VMs. It is optional. If it is not specified then all VMs will be placed at the root of the datacenter.
74 | - `cloudinit_type` should be set to "v2" for 20.5 and later and "v1" for 20.4 and earlier.
75 | - The default password set on provisioned devices is "cisco".
76 |
77 | You can set the server and login credentials for vCenter in your environment if you do not want to put these in the `terraform.tfvars` file. Example:
78 |
79 | ```
80 | export TF_VAR_vsphere_user=johndoe@xyz.com
81 | export TF_VAR_vsphere_password=abc123
82 | export TF_VAR_vsphere_server=vc1.xyz.com
83 | ```
84 |
85 | Run terraform.
86 |
87 | ```
88 | $ terraform init
89 | $ terraform plan
90 | $ terraform apply
91 | ```
92 |
93 | Retreive the IP addressing assigned to all control plane components.
94 |
95 | ```
96 | $ terraform output
97 | vbond_ip_addresses = [
98 | "192.168.1.209",
99 | "192.168.1.210",
100 | ]
101 | vmanage_ip_addresses = [
102 | "192.168.1.2",
103 | "192.168.1.202"
104 | ]
105 | vsmart_ip_addresses = [
106 | "192.168.1.211",
107 | "192.168.1.213",
108 | ]
109 | vedge_ip_addresses = [
110 | "192.168.1.208"
111 | ]
112 | cedge_ip_addresses = [
113 | "192.168.1.214"
114 | ]
115 |
116 | ```
117 |
118 | Stop the VMs and delete them from vCenter.
119 |
120 | ```
121 | $ terraform destroy
122 | ```
123 |
124 | ## AWS
125 | Contact workshop lead to share AMI's with your AWS account.
126 | > Note: Ability to generate AMI's from qcow image is being developed.
127 |
128 | Deploy AWS VPC for Cisco SD-WAN controllers:
129 | Edit Provision_VPC/my_vpc_variables.auto.tfvars.json with your region and VPC cidr_block.
130 | > Note: CIDR block must have a prefix length less than 28 to cover subnets in 2 availability zones
131 | ```
132 | {
133 | "region": "us-east-1",
134 | "cidr_block": "10.100.100.0/24"
135 | }
136 | ```
137 |
138 | With Provision_VPC as your current working directory, run terraform.
139 | ```
140 | $ terraform init
141 | $ terraform plan
142 | $ terraform apply
143 | ```
144 |
145 | Deploy Controllers into VPC:
146 | Edit Provision_Instances/my_instances_variables.auto.tfvars.json with appropriate settings.
147 | ```
148 | {
149 | "vbond_instances_type": "c5.large",
150 | "vsmart_instances_type": "c5.xlarge",
151 | "vmanage_instances_type": "c5.4xlarge",
152 | "vbond_ami": "ami-085c4adc58506ad83",
153 | "vmanage_ami": "ami-06850b5d3d92800e7",
154 | "vsmart_ami": "ami-0079a97de83928496",
155 | "vbond_count": "1",
156 | "vmanage_count": "1",
157 | "vsmart_count": "1"
158 | }
159 | ```
160 |
161 | With Provision Instances as your current working directory, run terraform
162 | ```
163 | $ terraform init
164 | $ terraform plan
165 | $ terraform apply
166 | ```
167 |
168 | Retreive the IP addressing assigned to all control plane components.
169 | ```
170 | $ terraform output
171 | vbonds_vbondEth0EIP = [
172 | "3.231.238.177",
173 | ]
174 | vbonds_vbondEth0Ip = [
175 | "10.100.100.80",
176 | ]
177 | vbonds_vbondEth1EIP = [
178 | "3.231.90.13",
179 | ]
180 | vbonds_vbondEth1Ip = [
181 | [
182 | "10.100.100.7",
183 | ],
184 | ]
185 | vmanages_vmanageEth0EIP = [
186 | "3.232.23.107",
187 | ]
188 | vmanages_vmanageEth0Ip = [
189 | "10.100.100.67",
190 | ]
191 | vmanages_vmanageEth1EIP = [
192 | "3.230.210.217",
193 | ]
194 | vmanages_vmanageEth1Ip = [
195 | [
196 | "10.100.100.59",
197 | ],
198 | ]
199 | vsmarts_vsmartEth0EIP = [
200 | "3.230.217.130",
201 | "34.193.188.60",
202 | ]
203 | vsmarts_vsmartEth0Ip = [
204 | "10.100.100.52",
205 | "10.100.100.212",
206 | ]
207 | vsmarts_vsmartEth1EIP = [
208 | "3.232.82.69",
209 | "3.212.251.219",
210 | ]
211 | vsmarts_vsmartEth1Ip = [
212 | [
213 | "10.100.100.85",
214 | ],
215 | [
216 | "10.100.100.134",
217 | ],
218 | ]
219 | ```
220 |
221 | To terminate instances, go to the Provision_Instances directory and run:
222 | ```
223 | $ terraform destroy -force
224 | ```
225 |
226 | To destroy the empty controllers' VPC, go to the Provision_VPC directory and run:
227 | ```
228 | $ terraform destroy -force
229 | ```
230 |
231 | ## Azure
232 | Upload VHDs for vBond, vManage, and vSmart into an Azure Page Blob in the region in which you'd like to deploy controllers.
233 | Note - Page blob must be untarred and unzipped before upload
234 | Create images from the storage blobs.
235 |
236 | You can set your ARM credentials in your environment. See below:
237 | ```
238 | export TF_VAR_ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
239 | export TF_VAR_ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000"
240 | export TF_VAR_ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
241 | export TF_VAR_ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"
242 | ```
243 |
244 | Deploy Azure VNET for Cisco SD-WAN controllers:
245 | Edit Provision_VNET/my_vnet_variables.auto.tfvars.json with your region and VNET cidr_block.
246 | ```
247 | {
248 | "region": "eastus",
249 | "cidr_block": "10.200.200.0/24"
250 | }
251 | ```
252 | With Provision_VNET as your current working directory, run terraform.
253 | ```
254 | $ terraform init
255 | $ terraform plan
256 | $ terraform apply
257 | ```
258 | Deploy Controllers into VNET:
259 | Edit Provision_Instances/my_instances_variables.auto.tfvars.json with appropriate settings.
260 | ```
261 | {
262 | "vbond_instances_type": "Standard_DS3_v2",
263 | "vbond_image": "/subscriptions/X-X-X-X/resourceGroups/csr_test/providers/Microsoft.Compute/images/vbond19_2_0",
264 | "vbond_count": "1",
265 | "vmanage_instances_type": "Standard_DS5_v2",
266 | "vmanage_image": "/subscriptions/X-X-X-X/resourceGroups/csr_test/providers/Microsoft.Compute/images/vmanage19_2_0",
267 | "vmanage_count": "1",
268 | "vsmart_instances_type": "Standard_DS3_v2",
269 | "vsmart_image": "/subscriptions/X-X-X-X/resourceGroups/csr_test/providers/Microsoft.Compute/images/vsmart19_2_0",
270 | "vsmart_count": "1",
271 | "username": "cisco",
272 | "password": "Cisco1234512345"
273 | }
274 | ```
275 | Retreive the IP addressing assigned to all control plane components.
276 | ```
277 | $ terraform output
278 | vbonds_vbondEth0Ip = [
279 | "10.200.200.4",
280 | ]
281 | vbonds_vbondEth0PIP = [
282 | "23.96.36.204",
283 | ]
284 | vbonds_vbondEth1Ip = [
285 | "10.200.200.8",
286 | ]
287 | vbonds_vbondEth1PIP = [
288 | "23.96.46.156",
289 | ]
290 | vmanages_vmanageEth0Ip = [
291 | "10.200.200.6",
292 | ]
293 | vmanages_vmanageEth0PIP = [
294 | "23.96.46.123",
295 | ]
296 | vmanages_vmanageEth1Ip = [
297 | "10.200.200.9",
298 | ]
299 | vmanages_vmanageEth1PIP = [
300 | "23.96.46.174",
301 | ]
302 | vsmarts_vsmartEth0Ip = [
303 | "10.200.200.7",
304 | ]
305 | vsmarts_vsmartEth0PIP = [
306 | "23.96.46.20",
307 | ]
308 | vsmarts_vsmartEth1Ip = [
309 | "10.200.200.5",
310 | ]
311 | vsmarts_vsmartEth1PIP = [
312 | "23.96.39.76",
313 | ]
314 | ```
315 | To terminate instances, go to the Provision_Instances directory and run:
316 | ```
317 | $ terraform destroy -force
318 | ```
319 | To destroy the empty controllers' VNET, go to the Provision_VNET directory and run:
320 | ```
321 | $ terraform destroy -force
322 | ```
323 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/aws.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | shared_credentials_file = "~/.aws/credentials"
3 | profile = "terraform"
4 | region = "${data.terraform_remote_state.spam.outputs.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/cloud-init/vbond.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | system
9 | host-name vbond
10 | vbond ztp.viptela.com local
11 |
12 | aaa
13 | auth-order local radius tacacs
14 | usergroup basic
15 | task system read write
16 | task interface read write
17 | !
18 |
19 | usergroup netadmin
20 | !
21 |
22 | usergroup operator
23 | task system read
24 | task interface read
25 | task policy read
26 | task routing read
27 | task security read
28 | !
29 |
30 | user admin
31 | password $6$Ju0z0n7YKtLgYWlJ$38aW.MBat6e8xL2vuLdbfGVH.DAYh7lq2nA/dBdvL.rWdJyGGB2gxLeVh8jQBKTCxti8vX5RKpbtzEadiZc6J.
32 | !
33 | !
34 |
35 | logging
36 | disk
37 | enable
38 | !
39 | !
40 | !
41 |
42 | omp
43 | no shutdown
44 | graceful-restart
45 | advertise connected
46 | advertise static
47 | !
48 |
49 | security
50 | ipsec
51 | authentication-type ah-sha1-hmac sha1-hmac
52 | !
53 | !
54 |
55 | vpn 0
56 | interface eth1
57 | ip dhcp-client
58 | tunnel-interface
59 | allow-service all
60 | !
61 | no shutdown
62 | !
63 | !
64 |
65 | vpn 512
66 | interface eth0
67 | ip dhcp-client
68 | no shutdown
69 | !
70 | !
71 | --==BOUNDARY==
--------------------------------------------------------------------------------
/aws/Provision_Instances/cloud-init/vmanage.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - format-partition : 1
10 |
11 | --==BOUNDARY==
12 | Content-Type: text/cloud-boothook; charset="us-ascii"
13 |
14 | #cloud-boothook
15 | system
16 | host-name vmanage
17 |
18 | aaa
19 | auth-order local radius tacacs
20 | usergroup basic
21 | task system read write
22 | task interface read write
23 | !
24 |
25 | usergroup netadmin
26 | !
27 |
28 | usergroup operator
29 | task system read
30 | task interface read
31 | task policy read
32 | task routing read
33 | task security read
34 | !
35 |
36 | user admin
37 | password $6$u3jhmUlHRY16I1lI$OpkApAwXhGNo2xdKR.j2x7LF7OkRa9P02aSgACGMvmhidKHvxQ2poG6HTulDYp6BXfsm3clE6dz/wvOKLxA8e1
38 | !
39 | !
40 |
41 | logging
42 | disk
43 | enable
44 | !
45 | !
46 | !
47 |
48 | vpn 0
49 | interface eth1
50 | ip dhcp-client
51 | tunnel-interface
52 | allow-service dhcp
53 | allow-service dns
54 | allow-service icmp
55 | no allow-service sshd
56 | allow-service netconf
57 | no allow-service ntp
58 | no allow-service stun
59 | allow-service https
60 | !
61 | no shutdown
62 | !
63 | !
64 | vpn 512
65 | interface eth0
66 | ip dhcp-client
67 | no shutdown
68 | !
69 | !
70 | --==BOUNDARY==
--------------------------------------------------------------------------------
/aws/Provision_Instances/cloud-init/vsmart.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | system
9 | host-name vsmart
10 |
11 | aaa
12 | auth-order local radius tacacs
13 | usergroup basic
14 | task system read write
15 | task interface read write
16 | !
17 |
18 | usergroup netadmin
19 | !
20 |
21 | usergroup operator
22 | task system read
23 | task interface read
24 | task policy read
25 | task routing read
26 | task security read
27 | !
28 |
29 | user admin
30 | password $6$ZSa1yl/RYmnRIiXw$F7.lE6cHwglxBDWlbFoJEEOifm3bDuTYaGIfi61BgYgJmlswFIOrsyh5fdLs0TH998EmeUU77JECV6fXSU3uk0
31 | !
32 | !
33 |
34 | logging
35 | disk
36 | enable
37 | !
38 | !
39 | !
40 |
41 | omp
42 | no shutdown
43 | graceful-restart
44 | !
45 |
46 | vpn 0
47 | interface eth1
48 | ip dhcp-client
49 | tunnel-interface
50 | allow-service dhcp
51 | allow-service dns
52 | allow-service icmp
53 | no allow-service sshd
54 | allow-service netconf
55 | no allow-service ntp
56 | no allow-service stun
57 | allow-service https
58 | !
59 | no shutdown
60 | !
61 | !
62 |
63 | vpn 512
64 | interface eth0
65 | ip dhcp-client
66 | no shutdown
67 | !
68 | !
69 | --==BOUNDARY==
--------------------------------------------------------------------------------
/aws/Provision_Instances/my_instances_variables.auto.tfvars.json:
--------------------------------------------------------------------------------
1 | {
2 | "vbond_instances_type": "c5.large",
3 | "vsmart_instances_type": "c5.xlarge",
4 | "vmanage_instances_type": "c5.4xlarge",
5 | "vbond_ami": "ami-085c4adc58506ad83",
6 | "vmanage_ami": "ami-06850b5d3d92800e7",
7 | "vsmart_ami": "ami-0079a97de83928496",
8 | "vbond_count": "1",
9 | "vmanage_count": "1",
10 | "vsmart_count": "1"
11 | }
12 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/output.tf:
--------------------------------------------------------------------------------
1 | output "vbonds_vbondEth0Ip" {
2 | value = "${module.vbond.vbonds_vbondEth0Ip}"
3 | }
4 |
5 | output "vbonds_vbondEth0EIP" {
6 | value = "${module.vbond.vbonds_vbondEth0EIP}"
7 | }
8 |
9 | output "vbonds_vbondEth1Ip" {
10 | value = "${module.vbond.vbonds_vbondEth1Ip}"
11 | }
12 |
13 | output "vbonds_vbondEth1EIP" {
14 | value = "${module.vbond.vbonds_vbondEth1EIP}"
15 | }
16 |
17 | output "vmanages_vmanageEth0Ip" {
18 | value = "${module.vmanage.vmanages_vmanageEth0Ip}"
19 | }
20 |
21 | output "vmanages_vmanageEth0EIP" {
22 | value = "${module.vmanage.vmanages_vmanageEth0EIP}"
23 | }
24 |
25 | output "vmanages_vmanageEth1Ip" {
26 | value = "${module.vmanage.vmanages_vmanageEth1Ip}"
27 | }
28 |
29 | output "vmanages_vmanageEth1EIP" {
30 | value = "${module.vmanage.vmanages_vmanageEth1EIP}"
31 | }
32 |
33 | output "vsmarts_vsmartEth0Ip" {
34 | value = "${module.vsmart.vsmarts_vsmartEth0Ip}"
35 | }
36 |
37 | output "vsmarts_vsmartEth0EIP" {
38 | value = "${module.vsmart.vsmarts_vsmartEth0EIP}"
39 | }
40 |
41 | output "vsmarts_vsmartEth1Ip" {
42 | value = "${module.vsmart.vsmarts_vsmartEth1Ip}"
43 | }
44 |
45 | output "vsmarts_vsmartEth1EIP" {
46 | value = "${module.vsmart.vsmarts_vsmartEth1EIP}"
47 | }
--------------------------------------------------------------------------------
/aws/Provision_Instances/terraform.tf:
--------------------------------------------------------------------------------
1 | variable "vbond_ami" {}
2 | variable "vbond_count" {}
3 | variable "vmanage_ami" {}
4 | variable "vmanage_count" {}
5 | variable "vsmart_ami" {}
6 | variable "vsmart_count" {}
7 | variable "vbond_instances_type" {}
8 | variable "vmanage_instances_type" {}
9 | variable "vsmart_instances_type" {}
10 |
11 | data "terraform_remote_state" "spam" {
12 | backend = "local"
13 |
14 | config = {
15 | path = "../Provision_VPC/terraform.tfstate"
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vbond/output.tf:
--------------------------------------------------------------------------------
1 | output "vbonds_vbondEth0Ip" {
2 | value = aws_instance.vbond[*].private_ip
3 | }
4 |
5 | output "vbonds_vbondEth0EIP" {
6 | value = aws_eip.vbond_1[*].public_ip
7 | }
8 |
9 | output "vbonds_vbondEth1Ip" {
10 | value = aws_network_interface.vbond[*].private_ips
11 | }
12 |
13 | output "vbonds_vbondEth1EIP" {
14 | value = aws_eip.vbond_2[*].public_ip
15 | }
16 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vbond/vbond.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "vbond" {
2 | count = "${var.counter}"
3 | ami = "${var.vbond_ami}"
4 | instance_type = "${var.viptela_instances_type}"
5 | vpc_security_group_ids = ["${var.Vipela_Control_Plane}"]
6 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
7 | associate_public_ip_address = true
8 | source_dest_check = true
9 | user_data = "${file("cloud-init/vbond.user_data")}"
10 | tags = {
11 | Name = "${format("vbond-%02d", count.index)}"
12 | }
13 | }
14 |
15 | resource "aws_network_interface" "vbond" {
16 | count = "${var.counter}"
17 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
18 | security_groups = ["${var.Vipela_Control_Plane}"]
19 | source_dest_check = true
20 |
21 | attachment {
22 | instance = "${aws_instance.vbond[count.index].id}"
23 | device_index = 1
24 | }
25 | }
26 |
27 | resource "aws_eip" "vbond_1" {
28 | count = "${var.counter}"
29 | network_interface = "${aws_instance.vbond[count.index].primary_network_interface_id}"
30 | vpc = true
31 | tags = {
32 | Name = "${format("eip1_vbond-%02d", count.index)}"
33 | }
34 | }
35 |
36 | resource "aws_eip" "vbond_2" {
37 | count = "${var.counter}"
38 | network_interface = "${aws_network_interface.vbond[count.index].id}"
39 | vpc = true
40 | tags = {
41 | Name = "${format("eip_2vbond-%02d", count.index)}"
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vbond/vbond_var.tf:
--------------------------------------------------------------------------------
1 | variable "vbond_ami" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnets" {}
--------------------------------------------------------------------------------
/aws/Provision_Instances/vbond_master.tf:
--------------------------------------------------------------------------------
1 | module "vbond" {
2 | source = "./vbond"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
5 | vbond_ami = "${var.vbond_ami}"
6 | viptela_instances_type = "${var.vbond_instances_type}"
7 | counter = "${var.vbond_count}"
8 | subnets = "${data.terraform_remote_state.spam.outputs.subnets}"
9 | }
--------------------------------------------------------------------------------
/aws/Provision_Instances/vmanage/output.tf:
--------------------------------------------------------------------------------
1 | output "vmanages_vmanageEth0Ip" {
2 | value = aws_instance.vmanage[*].private_ip
3 | }
4 |
5 | output "vmanages_vmanageEth0EIP" {
6 | value = aws_eip.vmanage_1[*].public_ip
7 | }
8 |
9 | output "vmanages_vmanageEth1Ip" {
10 | value = aws_network_interface.vmanage[*].private_ips
11 | }
12 |
13 | output "vmanages_vmanageEth1EIP" {
14 | value = aws_eip.vmanage_2[*].public_ip
15 | }
16 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vmanage/vmanage.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "vmanage" {
2 | count = "${var.counter}"
3 | ami = "${var.vmanage_ami}"
4 | instance_type = "${var.viptela_instances_type}"
5 | vpc_security_group_ids = ["${var.Vipela_Control_Plane}"]
6 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
7 | associate_public_ip_address = true
8 | source_dest_check = true
9 | user_data = "${file("cloud-init/vmanage.user_data")}"
10 | tags = {
11 | Name = "${format("vmanage-%02d", count.index)}"
12 | }
13 | }
14 |
15 | resource "aws_network_interface" "vmanage" {
16 | count = "${var.counter}"
17 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
18 | security_groups = ["${var.Vipela_Control_Plane}"]
19 | source_dest_check = true
20 |
21 | attachment {
22 | instance = "${aws_instance.vmanage[count.index].id}"
23 | device_index = 1
24 | }
25 | }
26 |
27 | resource "aws_eip" "vmanage_1" {
28 | count = "${var.counter}"
29 | network_interface = "${aws_instance.vmanage[count.index].primary_network_interface_id}"
30 | vpc = true
31 | tags = {
32 | Name = "${format("eip1_vmanage-%02d", count.index)}"
33 | }
34 | }
35 |
36 | resource "aws_eip" "vmanage_2" {
37 | count = "${var.counter}"
38 | network_interface = "${aws_network_interface.vmanage[count.index].id}"
39 | vpc = true
40 | tags = {
41 | Name = "${format("eip2_vmanage-%02d", count.index)}"
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vmanage/vmanage_var.tf:
--------------------------------------------------------------------------------
1 | variable "vmanage_ami" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnets" {}
--------------------------------------------------------------------------------
/aws/Provision_Instances/vmanage_master.tf:
--------------------------------------------------------------------------------
1 | module "vmanage" {
2 | source = "./vmanage"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
5 | vmanage_ami = "${var.vmanage_ami}"
6 | viptela_instances_type = "${var.vmanage_instances_type}"
7 | counter = "${var.vmanage_count}"
8 | subnets = "${data.terraform_remote_state.spam.outputs.subnets}"
9 | }
10 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vsmart/output.tf:
--------------------------------------------------------------------------------
1 | output "vsmarts_vsmartEth0Ip" {
2 | value = aws_instance.vsmart[*].private_ip
3 | }
4 |
5 | output "vsmarts_vsmartEth0EIP" {
6 | value = aws_eip.vsmart_1[*].public_ip
7 | }
8 |
9 | output "vsmarts_vsmartEth1Ip" {
10 | value = aws_network_interface.vsmart[*].private_ips
11 | }
12 |
13 | output "vsmarts_vsmartEth1EIP" {
14 | value = aws_eip.vsmart_2[*].public_ip
15 | }
16 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vsmart/vsmart.tf:
--------------------------------------------------------------------------------
1 | resource "aws_instance" "vsmart" {
2 | count = "${var.counter}"
3 | ami = "${var.vsmart_ami}"
4 | instance_type = "${var.viptela_instances_type}"
5 | vpc_security_group_ids = ["${var.Vipela_Control_Plane}"]
6 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
7 | associate_public_ip_address = true
8 | source_dest_check = true
9 | user_data = "${file("cloud-init/vsmart.user_data")}"
10 | tags = {
11 | Name = "${format("vsmart-%02d", count.index)}"
12 | }
13 | }
14 |
15 | resource "aws_network_interface" "vsmart" {
16 | count = "${var.counter}"
17 | subnet_id = "${var.subnets[ count.index % length(var.subnets) ]}"
18 | security_groups = ["${var.Vipela_Control_Plane}"]
19 | source_dest_check = true
20 |
21 | attachment {
22 | instance = "${aws_instance.vsmart[count.index].id}"
23 | device_index = 1
24 | }
25 | }
26 |
27 | resource "aws_eip" "vsmart_1" {
28 | count = "${var.counter}"
29 | network_interface = "${aws_instance.vsmart[count.index].primary_network_interface_id}"
30 | vpc = true
31 | tags = {
32 | Name = "${format("eip1_vsmart-%02d", count.index)}"
33 | }
34 | }
35 |
36 | resource "aws_eip" "vsmart_2" {
37 | count = "${var.counter}"
38 | network_interface = "${aws_network_interface.vsmart[count.index].id}"
39 | vpc = true
40 | tags = {
41 | Name = "${format("eip2_vsmart-%02d", count.index)}"
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/aws/Provision_Instances/vsmart/vsmart_var.tf:
--------------------------------------------------------------------------------
1 | variable "vsmart_ami" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnets" {}
--------------------------------------------------------------------------------
/aws/Provision_Instances/vsmart_master.tf:
--------------------------------------------------------------------------------
1 | module "vsmart" {
2 | source = "./vsmart"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
5 | vsmart_ami = "${var.vsmart_ami}"
6 | viptela_instances_type = "${var.vsmart_instances_type}"
7 | counter = "${var.vsmart_count}"
8 | subnets = "${data.terraform_remote_state.spam.outputs.subnets}"
9 | }
10 |
--------------------------------------------------------------------------------
/aws/Provision_VPC/aws.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | shared_credentials_file = "~/.aws/credentials"
3 | profile = "terraform"
4 | region = "${var.region}"
5 | }
6 |
--------------------------------------------------------------------------------
/aws/Provision_VPC/base.tf:
--------------------------------------------------------------------------------
1 | /*
2 | Requires:
3 | - AWS Region
4 | - CIDR block with <= 28 bit prefix length
5 |
6 | Provisions:
7 | - VPC,
8 | - iGW,
9 | - public route table,
10 | - 2 subnets in different availability zones,
11 | - security group for the Viptela controllers
12 | */
13 |
14 | /*
15 | Gather Availability Zone Information
16 | */
17 | data "aws_availability_zones" "available" {
18 | state = "available"
19 | }
20 |
21 | /*
22 | VPC
23 | */
24 | resource "aws_vpc" "viptela" {
25 | cidr_block = "${var.cidr_block}"
26 | enable_dns_hostnames = true
27 |
28 | tags = {
29 | Name = "Viptela Controllers"
30 | }
31 | }
32 |
33 | /*
34 | Internet Gateway
35 | */
36 | resource "aws_internet_gateway" "viptela" {
37 | vpc_id = "${aws_vpc.viptela.id}"
38 |
39 | tags = {
40 | Name = "Viptela Controllers"
41 | }
42 | }
43 |
44 | /*
45 | Public Subnets
46 | */
47 | resource "aws_subnet" "public_subnet_az_1" {
48 | vpc_id = "${aws_vpc.viptela.id}"
49 | cidr_block = cidrsubnet("${var.cidr_block}", 1, 0)
50 | availability_zone = "${data.aws_availability_zones.available.names[0]}"
51 |
52 | tags = {
53 | Name = "subnet_public_az_1"
54 | VPC = "${data.aws_availability_zones.available.names[0]}_viptela"
55 | }
56 | }
57 |
58 | resource "aws_subnet" "public_subnet_az_2" {
59 | vpc_id = "${aws_vpc.viptela.id}"
60 | cidr_block = cidrsubnet("${var.cidr_block}", 1, 1)
61 | availability_zone = "${data.aws_availability_zones.available.names[1]}"
62 |
63 | tags = {
64 | Name = "subnet_public_az_2"
65 | VPC = "${data.aws_availability_zones.available.names[1]}_viptela"
66 | }
67 | }
68 |
69 | /*
70 | Public Route Table
71 | */
72 | resource "aws_route_table" "public" {
73 | vpc_id = "${aws_vpc.viptela.id}"
74 |
75 | route {
76 | cidr_block = "0.0.0.0/0"
77 | gateway_id = "${aws_internet_gateway.viptela.id}"
78 | }
79 |
80 | tags = {
81 | Name = "Public Subnets"
82 | VPC = "Viptela_Public_RT"
83 | }
84 | }
85 |
86 | /*
87 | Public Route Table Associations
88 | */
89 | resource "aws_route_table_association" "subnet_p1_to_rt_public" {
90 | subnet_id = "${aws_subnet.public_subnet_az_1.id}"
91 | route_table_id = "${aws_route_table.public.id}"
92 | }
93 |
94 | resource "aws_route_table_association" "subnet_p2_to_rt_public" {
95 | subnet_id = "${aws_subnet.public_subnet_az_2.id}"
96 | route_table_id = "${aws_route_table.public.id}"
97 | }
98 |
99 | /*
100 | Security Groups
101 | */
102 | resource "aws_security_group" "Vipela_Control_Plane" {
103 | name = "Vipela_Control_Plane"
104 | description = "Allow Viptela Control Plane and Management Traffic"
105 |
106 | ingress {
107 | from_port = 23456
108 | to_port = 24156
109 | protocol = "tcp"
110 | cidr_blocks = ["0.0.0.0/0"]
111 | }
112 |
113 | ingress {
114 | from_port = 12346
115 | to_port = 13046
116 | protocol = "udp"
117 | cidr_blocks = ["0.0.0.0/0"]
118 | }
119 |
120 | ingress {
121 | from_port = 22
122 | to_port = 22
123 | protocol = "tcp"
124 | cidr_blocks = ["0.0.0.0/0"]
125 | }
126 |
127 | ingress {
128 | from_port = 443
129 | to_port = 443
130 | protocol = "tcp"
131 | cidr_blocks = ["0.0.0.0/0"]
132 | }
133 |
134 | ingress {
135 | from_port = 8443
136 | to_port = 8443
137 | protocol = "tcp"
138 | cidr_blocks = ["0.0.0.0/0"]
139 | }
140 |
141 | ingress {
142 | from_port = 830
143 | to_port = 830
144 | protocol = "tcp"
145 | cidr_blocks = ["0.0.0.0/0"]
146 | }
147 |
148 | ingress {
149 | from_port = 8
150 | to_port = -1
151 | protocol = "icmp"
152 | cidr_blocks = ["0.0.0.0/0"]
153 | }
154 |
155 | egress {
156 | from_port = 0
157 | to_port = 0
158 | protocol = "-1"
159 | cidr_blocks = ["0.0.0.0/0"]
160 | }
161 |
162 | vpc_id = "${aws_vpc.viptela.id}"
163 |
164 | tags = {
165 | Name = "Viptela Control and Management"
166 | }
167 | }
168 |
--------------------------------------------------------------------------------
/aws/Provision_VPC/base_var.tf:
--------------------------------------------------------------------------------
1 | variable "region" {}
2 | variable "cidr_block" {}
3 |
--------------------------------------------------------------------------------
/aws/Provision_VPC/my_vpc_variables.auto.tfvars.json:
--------------------------------------------------------------------------------
1 | {
2 | "region": "us-east-1",
3 | "cidr_block": "10.100.100.0/24"
4 | }
5 |
--------------------------------------------------------------------------------
/aws/Provision_VPC/output.tf:
--------------------------------------------------------------------------------
1 | output "region" {
2 | value = "${var.region}"
3 | }
4 |
5 | output "viptela_vpc_id" {
6 | value = "${aws_vpc.viptela.id}"
7 | }
8 |
9 | output "cidr_block" {
10 | value = "${var.cidr_block}"
11 | }
12 |
13 | output "Vipela_Control_Plane" {
14 | value = "${aws_security_group.Vipela_Control_Plane.id}"
15 | }
16 |
17 | output "subnets" {
18 | value = ["${aws_subnet.public_subnet_az_1.id}", "${aws_subnet.public_subnet_az_2.id}"]
19 | }
20 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/azure.tf:
--------------------------------------------------------------------------------
1 | variable "ARM_SUBSCRIPTION_ID" {}
2 | variable "ARM_CLIENT_ID" {}
3 | variable "ARM_CLIENT_SECRET" {}
4 | variable "ARM_TENANT_ID" {}
5 |
6 | provider "azurerm" {
7 | subscription_id = "${var.ARM_SUBSCRIPTION_ID}"
8 | client_id = "${var.ARM_CLIENT_ID}"
9 | client_secret = "${var.ARM_CLIENT_SECRET}"
10 | tenant_id = "${var.ARM_TENANT_ID}"
11 | }
12 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/cloud-init/vbond.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | system
9 | host-name vbond
10 | vbond ztp.viptela.com local
11 |
12 | aaa
13 | auth-order local radius tacacs
14 | usergroup basic
15 | task system read write
16 | task interface read write
17 | !
18 |
19 | usergroup netadmin
20 | !
21 |
22 | usergroup operator
23 | task system read
24 | task interface read
25 | task policy read
26 | task routing read
27 | task security read
28 | !
29 |
30 | user admin
31 | password $6$Ju0z0n7YKtLgYWlJ$38aW.MBat6e8xL2vuLdbfGVH.DAYh7lq2nA/dBdvL.rWdJyGGB2gxLeVh8jQBKTCxti8vX5RKpbtzEadiZc6J.
32 | !
33 | !
34 |
35 | logging
36 | disk
37 | enable
38 | !
39 | !
40 | !
41 |
42 | omp
43 | no shutdown
44 | graceful-restart
45 | advertise connected
46 | advertise static
47 | !
48 |
49 | security
50 | ipsec
51 | authentication-type ah-sha1-hmac sha1-hmac
52 | !
53 | !
54 |
55 | vpn 0
56 | interface eth1
57 | ip dhcp-client
58 | tunnel-interface
59 | allow-service all
60 | !
61 | no shutdown
62 | !
63 | !
64 |
65 | vpn 512
66 | interface eth0
67 | ip dhcp-client
68 | no shutdown
69 | !
70 | !
71 | --==BOUNDARY==
--------------------------------------------------------------------------------
/azure/Provision_Instances/cloud-init/vmanage.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - format-partition : 1
10 |
11 | --==BOUNDARY==
12 | Content-Type: text/cloud-boothook; charset="us-ascii"
13 |
14 | #cloud-boothook
15 | system
16 | host-name vmanage
17 |
18 | aaa
19 | auth-order local radius tacacs
20 | usergroup basic
21 | task system read write
22 | task interface read write
23 | !
24 |
25 | usergroup netadmin
26 | !
27 |
28 | usergroup operator
29 | task system read
30 | task interface read
31 | task policy read
32 | task routing read
33 | task security read
34 | !
35 |
36 | user admin
37 | password $6$u3jhmUlHRY16I1lI$OpkApAwXhGNo2xdKR.j2x7LF7OkRa9P02aSgACGMvmhidKHvxQ2poG6HTulDYp6BXfsm3clE6dz/wvOKLxA8e1
38 | !
39 | !
40 |
41 | logging
42 | disk
43 | enable
44 | !
45 | !
46 | !
47 |
48 | vpn 0
49 | interface eth1
50 | ip dhcp-client
51 | tunnel-interface
52 | allow-service dhcp
53 | allow-service dns
54 | allow-service icmp
55 | no allow-service sshd
56 | allow-service netconf
57 | no allow-service ntp
58 | no allow-service stun
59 | allow-service https
60 | !
61 | no shutdown
62 | !
63 | !
64 | vpn 512
65 | interface eth0
66 | ip dhcp-client
67 | no shutdown
68 | !
69 | !
70 | --==BOUNDARY==
--------------------------------------------------------------------------------
/azure/Provision_Instances/cloud-init/vsmart.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | system
9 | host-name vsmart
10 |
11 | aaa
12 | auth-order local radius tacacs
13 | usergroup basic
14 | task system read write
15 | task interface read write
16 | !
17 |
18 | usergroup netadmin
19 | !
20 |
21 | usergroup operator
22 | task system read
23 | task interface read
24 | task policy read
25 | task routing read
26 | task security read
27 | !
28 |
29 | user admin
30 | password $6$ZSa1yl/RYmnRIiXw$F7.lE6cHwglxBDWlbFoJEEOifm3bDuTYaGIfi61BgYgJmlswFIOrsyh5fdLs0TH998EmeUU77JECV6fXSU3uk0
31 | !
32 | !
33 |
34 | logging
35 | disk
36 | enable
37 | !
38 | !
39 | !
40 |
41 | omp
42 | no shutdown
43 | graceful-restart
44 | !
45 |
46 | vpn 0
47 | interface eth1
48 | ip dhcp-client
49 | tunnel-interface
50 | allow-service dhcp
51 | allow-service dns
52 | allow-service icmp
53 | no allow-service sshd
54 | allow-service netconf
55 | no allow-service ntp
56 | no allow-service stun
57 | allow-service https
58 | !
59 | no shutdown
60 | !
61 | !
62 |
63 | vpn 512
64 | interface eth0
65 | ip dhcp-client
66 | no shutdown
67 | !
68 | !
69 | --==BOUNDARY==
--------------------------------------------------------------------------------
/azure/Provision_Instances/output.tf:
--------------------------------------------------------------------------------
1 | output "vbonds_vbondEth0Ip" {
2 | value = "${module.vbond.vbonds_vbondEth0Ip}"
3 | }
4 |
5 | output "vbonds_vbondEth0PIP" {
6 | value = "${module.vbond.vbonds_vbondEth0PIP}"
7 | }
8 |
9 | output "vbonds_vbondEth1Ip" {
10 | value = "${module.vbond.vbonds_vbondEth1Ip}"
11 | }
12 |
13 | output "vbonds_vbondEth1PIP" {
14 | value = "${module.vbond.vbonds_vbondEth1PIP}"
15 | }
16 |
17 | output "vmanages_vmanageEth0Ip" {
18 | value = "${module.vmanage.vmanages_vmanageEth0Ip}"
19 | }
20 |
21 | output "vmanages_vmanageEth0PIP" {
22 | value = "${module.vmanage.vmanages_vmanageEth0PIP}"
23 | }
24 |
25 | output "vmanages_vmanageEth1Ip" {
26 | value = "${module.vmanage.vmanages_vmanageEth1Ip}"
27 | }
28 |
29 | output "vmanages_vmanageEth1PIP" {
30 | value = "${module.vmanage.vmanages_vmanageEth1PIP}"
31 | }
32 |
33 | output "vsmarts_vsmartEth0Ip" {
34 | value = "${module.vsmart.vsmarts_vsmartEth0Ip}"
35 | }
36 |
37 | output "vsmarts_vsmartEth0PIP" {
38 | value = "${module.vsmart.vsmarts_vsmartEth0PIP}"
39 | }
40 |
41 | output "vsmarts_vsmartEth1Ip" {
42 | value = "${module.vsmart.vsmarts_vsmartEth1Ip}"
43 | }
44 |
45 | output "vsmarts_vsmartEth1PIP" {
46 | value = "${module.vsmart.vsmarts_vsmartEth1PIP}"
47 | }
--------------------------------------------------------------------------------
/azure/Provision_Instances/terraform.tf:
--------------------------------------------------------------------------------
1 | variable "vbond_image" {}
2 | variable "vbond_count" {}
3 | variable "vmanage_image" {}
4 | variable "vmanage_count" {}
5 | variable "vsmart_image" {}
6 | variable "vsmart_count" {}
7 | variable "vbond_instances_type" {}
8 | variable "vmanage_instances_type" {}
9 | variable "vsmart_instances_type" {}
10 | variable "username" {}
11 | variable "password" {}
12 |
13 |
14 | data "terraform_remote_state" "spam" {
15 | backend = "local"
16 |
17 | config = {
18 | path = "../Provision_VNET/terraform.tfstate"
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vbond/output.tf:
--------------------------------------------------------------------------------
1 | output "vbonds_vbondEth0Ip" {
2 | value = azurerm_network_interface.vbond_1[*].private_ip_address
3 | }
4 |
5 | output "vbonds_vbondEth0PIP" {
6 | value = azurerm_public_ip.vbond_1[*].ip_address
7 | }
8 |
9 | output "vbonds_vbondEth1Ip" {
10 | value = azurerm_network_interface.vbond_2[*].private_ip_address
11 | }
12 |
13 | output "vbonds_vbondEth1PIP" {
14 | value = azurerm_public_ip.vbond_2[*].ip_address
15 | }
16 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vbond/vbond.tf:
--------------------------------------------------------------------------------
1 | resource "azurerm_public_ip" "vbond_1" {
2 | count = "${var.counter}"
3 | name = "${format("pip1_vbond-%02d", count.index)}"
4 | location = "${var.region}"
5 | resource_group_name = "${var.resource_group_name}"
6 | allocation_method = "Static"
7 |
8 | tags = {
9 | Name = "${format("vbond-%02d", count.index)}"
10 | }
11 | }
12 |
13 | resource "azurerm_public_ip" "vbond_2" {
14 | count = "${var.counter}"
15 | name = "${format("pip2_vbond-%02d", count.index)}"
16 | location = "${var.region}"
17 | resource_group_name = "${var.resource_group_name}"
18 | allocation_method = "Static"
19 |
20 | tags = {
21 | Name = "${format("vbond-%02d", count.index)}"
22 | }
23 | }
24 |
25 | resource "azurerm_network_interface" "vbond_1" {
26 | count = "${var.counter}"
27 | name = "${format("nic1_vbond-%02d", count.index)}"
28 | location = "${var.region}"
29 | resource_group_name = "${var.resource_group_name}"
30 | network_security_group_id = "${var.Vipela_Control_Plane}"
31 |
32 | ip_configuration {
33 | name = "${format("nic1_vbond-%02d", count.index)}"
34 | subnet_id = "${var.subnet}"
35 | private_ip_address_allocation = "Dynamic"
36 | public_ip_address_id = "${azurerm_public_ip.vbond_1[count.index].id}"
37 | }
38 | }
39 |
40 | resource "azurerm_network_interface" "vbond_2" {
41 | count = "${var.counter}"
42 | name = "${format("nic2_vbond-%02d", count.index)}"
43 | location = "${var.region}"
44 | resource_group_name = "${var.resource_group_name}"
45 | network_security_group_id = "${var.Vipela_Control_Plane}"
46 |
47 | ip_configuration {
48 | name = "${format("nic2_vbond-%02d", count.index)}"
49 | subnet_id = "${var.subnet}"
50 | private_ip_address_allocation = "Dynamic"
51 | public_ip_address_id = "${azurerm_public_ip.vbond_2[count.index].id}"
52 | }
53 | }
54 |
55 | resource "azurerm_virtual_machine" "vbond" {
56 | count = "${var.counter}"
57 | name = "${format("vbond-%02d", count.index)}"
58 | location = "${var.region}"
59 | resource_group_name = "${var.resource_group_name}"
60 | vm_size = "${var.viptela_instances_type}"
61 | availability_set_id = "${var.avsetvbond}"
62 | primary_network_interface_id = "${azurerm_network_interface.vbond_1[count.index].id}"
63 | network_interface_ids = ["${azurerm_network_interface.vbond_1[count.index].id}", "${azurerm_network_interface.vbond_2[count.index].id}"]
64 | storage_os_disk {
65 | name = "${format("vbond-os-disk-%02d", count.index)}"
66 | os_type = "Linux"
67 | create_option = "FromImage"
68 | managed_disk_type = "Premium_LRS"
69 | }
70 | storage_image_reference {
71 | id = "${var.vbond_image}"
72 | }
73 | os_profile {
74 | computer_name = "${format("vbond-%02d", count.index)}"
75 | admin_username = "${var.username}"
76 | admin_password = "${var.password}"
77 | custom_data = "${file("cloud-init/vbond.user_data")}"
78 | }
79 |
80 | os_profile_linux_config {
81 | disable_password_authentication = false
82 | }
83 | }
--------------------------------------------------------------------------------
/azure/Provision_Instances/vbond/vbond_var.tf:
--------------------------------------------------------------------------------
1 | variable "vbond_image" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnet" {}
7 | variable "resource_group_name" {}
8 | variable "username" {}
9 | variable "password" {}
10 | variable "avsetvbond" {}
--------------------------------------------------------------------------------
/azure/Provision_Instances/vbond_master.tf:
--------------------------------------------------------------------------------
1 | module "vbond" {
2 | source = "./vbond"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | avsetvbond = "${data.terraform_remote_state.spam.outputs.avsetvbond}"
5 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
6 | vbond_image = "${var.vbond_image}"
7 | viptela_instances_type = "${var.vbond_instances_type}"
8 | counter = "${var.vbond_count}"
9 | subnet = "${data.terraform_remote_state.spam.outputs.subnet}"
10 | resource_group_name = "${data.terraform_remote_state.spam.outputs.resource_group_name}"
11 | username = "${var.username}"
12 | password = "${var.password}"
13 | }
14 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vmanage/output.tf:
--------------------------------------------------------------------------------
1 | output "vmanages_vmanageEth0Ip" {
2 | value = azurerm_network_interface.vmanage_1[*].private_ip_address
3 | }
4 |
5 | output "vmanages_vmanageEth0PIP" {
6 | value = azurerm_public_ip.vmanage_1[*].ip_address
7 | }
8 |
9 | output "vmanages_vmanageEth1Ip" {
10 | value = azurerm_network_interface.vmanage_2[*].private_ip_address
11 | }
12 |
13 | output "vmanages_vmanageEth1PIP" {
14 | value = azurerm_public_ip.vmanage_2[*].ip_address
15 | }
16 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vmanage/vmanage.tf:
--------------------------------------------------------------------------------
1 | resource "azurerm_public_ip" "vmanage_1" {
2 | count = "${var.counter}"
3 | name = "${format("pip1_vmanage-%02d", count.index)}"
4 | location = "${var.region}"
5 | resource_group_name = "${var.resource_group_name}"
6 | allocation_method = "Static"
7 |
8 | tags = {
9 | Name = "${format("vmanage-%02d", count.index)}"
10 | }
11 | }
12 |
13 | resource "azurerm_public_ip" "vmanage_2" {
14 | count = "${var.counter}"
15 | name = "${format("pip2_vmanage-%02d", count.index)}"
16 | location = "${var.region}"
17 | resource_group_name = "${var.resource_group_name}"
18 | allocation_method = "Static"
19 |
20 | tags = {
21 | Name = "${format("vmanage-%02d", count.index)}"
22 | }
23 | }
24 |
25 | resource "azurerm_network_interface" "vmanage_1" {
26 | count = "${var.counter}"
27 | name = "${format("nic1_vmanage-%02d", count.index)}"
28 | location = "${var.region}"
29 | resource_group_name = "${var.resource_group_name}"
30 | network_security_group_id = "${var.Vipela_Control_Plane}"
31 |
32 | ip_configuration {
33 | name = "${format("nic1_vmanage-%02d", count.index)}"
34 | subnet_id = "${var.subnet}"
35 | private_ip_address_allocation = "Dynamic"
36 | public_ip_address_id = "${azurerm_public_ip.vmanage_1[count.index].id}"
37 | }
38 | }
39 |
40 | resource "azurerm_network_interface" "vmanage_2" {
41 | count = "${var.counter}"
42 | name = "${format("nic2_vmanage-%02d", count.index)}"
43 | location = "${var.region}"
44 | resource_group_name = "${var.resource_group_name}"
45 | network_security_group_id = "${var.Vipela_Control_Plane}"
46 |
47 | ip_configuration {
48 | name = "${format("nic2_vmanage-%02d", count.index)}"
49 | subnet_id = "${var.subnet}"
50 | private_ip_address_allocation = "Dynamic"
51 | public_ip_address_id = "${azurerm_public_ip.vmanage_2[count.index].id}"
52 | }
53 | }
54 |
55 | resource "azurerm_virtual_machine" "vmanage" {
56 | count = "${var.counter}"
57 | name = "${format("vmanage-%02d", count.index)}"
58 | location = "${var.region}"
59 | resource_group_name = "${var.resource_group_name}"
60 | vm_size = "${var.viptela_instances_type}"
61 | availability_set_id = "${var.avsetvmanage}"
62 | primary_network_interface_id = "${azurerm_network_interface.vmanage_1[count.index].id}"
63 | network_interface_ids = ["${azurerm_network_interface.vmanage_1[count.index].id}", "${azurerm_network_interface.vmanage_2[count.index].id}"]
64 | storage_os_disk {
65 | name = "${format("vmanage-os-disk-%02d", count.index)}"
66 | os_type = "Linux"
67 | create_option = "FromImage"
68 | managed_disk_type = "Premium_LRS"
69 | }
70 | storage_image_reference {
71 | id = "${var.vmanage_image}"
72 | }
73 | os_profile {
74 | computer_name = "${format("vmanage-%02d", count.index)}"
75 | admin_username = "${var.username}"
76 | admin_password = "${var.password}"
77 | custom_data = "${file("cloud-init/vmanage.user_data")}"
78 | }
79 |
80 | os_profile_linux_config {
81 | disable_password_authentication = false
82 | }
83 | }
--------------------------------------------------------------------------------
/azure/Provision_Instances/vmanage/vmanage_var.tf:
--------------------------------------------------------------------------------
1 | variable "vmanage_image" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnet" {}
7 | variable "resource_group_name" {}
8 | variable "username" {}
9 | variable "password" {}
10 | variable "avsetvmanage" {}
--------------------------------------------------------------------------------
/azure/Provision_Instances/vmanage_master.tf:
--------------------------------------------------------------------------------
1 | module "vmanage" {
2 | source = "./vmanage"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | avsetvmanage = "${data.terraform_remote_state.spam.outputs.avsetvmanage}"
5 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
6 | vmanage_image = "${var.vmanage_image}"
7 | viptela_instances_type = "${var.vmanage_instances_type}"
8 | counter = "${var.vmanage_count}"
9 | subnet = "${data.terraform_remote_state.spam.outputs.subnet}"
10 | resource_group_name = "${data.terraform_remote_state.spam.outputs.resource_group_name}"
11 | username = "${var.username}"
12 | password = "${var.password}"
13 | }
14 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vsmart/output.tf:
--------------------------------------------------------------------------------
1 | output "vsmarts_vsmartEth0Ip" {
2 | value = azurerm_network_interface.vsmart_1[*].private_ip_address
3 | }
4 |
5 | output "vsmarts_vsmartEth0PIP" {
6 | value = azurerm_public_ip.vsmart_1[*].ip_address
7 | }
8 |
9 | output "vsmarts_vsmartEth1Ip" {
10 | value = azurerm_network_interface.vsmart_2[*].private_ip_address
11 | }
12 |
13 | output "vsmarts_vsmartEth1PIP" {
14 | value = azurerm_public_ip.vsmart_2[*].ip_address
15 | }
16 |
--------------------------------------------------------------------------------
/azure/Provision_Instances/vsmart/vsmart.tf:
--------------------------------------------------------------------------------
1 | resource "azurerm_public_ip" "vsmart_1" {
2 | count = "${var.counter}"
3 | name = "${format("pip1_vsmart-%02d", count.index)}"
4 | location = "${var.region}"
5 | resource_group_name = "${var.resource_group_name}"
6 | allocation_method = "Static"
7 |
8 | tags = {
9 | Name = "${format("vsmart-%02d", count.index)}"
10 | }
11 | }
12 |
13 | resource "azurerm_public_ip" "vsmart_2" {
14 | count = "${var.counter}"
15 | name = "${format("pip2_vsmart-%02d", count.index)}"
16 | location = "${var.region}"
17 | resource_group_name = "${var.resource_group_name}"
18 | allocation_method = "Static"
19 |
20 | tags = {
21 | Name = "${format("vsmart-%02d", count.index)}"
22 | }
23 | }
24 |
25 | resource "azurerm_network_interface" "vsmart_1" {
26 | count = "${var.counter}"
27 | name = "${format("nic1_vsmart-%02d", count.index)}"
28 | location = "${var.region}"
29 | resource_group_name = "${var.resource_group_name}"
30 | network_security_group_id = "${var.Vipela_Control_Plane}"
31 |
32 | ip_configuration {
33 | name = "${format("nic1_vsmart-%02d", count.index)}"
34 | subnet_id = "${var.subnet}"
35 | private_ip_address_allocation = "Dynamic"
36 | public_ip_address_id = "${azurerm_public_ip.vsmart_1[count.index].id}"
37 | }
38 | }
39 |
40 | resource "azurerm_network_interface" "vsmart_2" {
41 | count = "${var.counter}"
42 | name = "${format("nic2_vsmart-%02d", count.index)}"
43 | location = "${var.region}"
44 | resource_group_name = "${var.resource_group_name}"
45 | network_security_group_id = "${var.Vipela_Control_Plane}"
46 |
47 | ip_configuration {
48 | name = "${format("nic2_vsmart-%02d", count.index)}"
49 | subnet_id = "${var.subnet}"
50 | private_ip_address_allocation = "Dynamic"
51 | public_ip_address_id = "${azurerm_public_ip.vsmart_2[count.index].id}"
52 | }
53 | }
54 |
55 | resource "azurerm_virtual_machine" "vsmart" {
56 | count = "${var.counter}"
57 | name = "${format("vsmart-%02d", count.index)}"
58 | location = "${var.region}"
59 | resource_group_name = "${var.resource_group_name}"
60 | vm_size = "${var.viptela_instances_type}"
61 | availability_set_id = "${var.avsetvsmart}"
62 | primary_network_interface_id = "${azurerm_network_interface.vsmart_1[count.index].id}"
63 | network_interface_ids = ["${azurerm_network_interface.vsmart_1[count.index].id}", "${azurerm_network_interface.vsmart_2[count.index].id}"]
64 | storage_os_disk {
65 | name = "${format("vsmart-os-disk-%02d", count.index)}"
66 | os_type = "Linux"
67 | create_option = "FromImage"
68 | managed_disk_type = "Premium_LRS"
69 | }
70 | storage_image_reference {
71 | id = "${var.vsmart_image}"
72 | }
73 | os_profile {
74 | computer_name = "${format("vsmart-%02d", count.index)}"
75 | admin_username = "${var.username}"
76 | admin_password = "${var.password}"
77 | custom_data = "${file("cloud-init/vsmart.user_data")}"
78 | }
79 |
80 | os_profile_linux_config {
81 | disable_password_authentication = false
82 | }
83 | }
--------------------------------------------------------------------------------
/azure/Provision_Instances/vsmart/vsmart_var.tf:
--------------------------------------------------------------------------------
1 | variable "vsmart_image" {}
2 | variable "viptela_instances_type" {}
3 | variable "region" {}
4 | variable "Vipela_Control_Plane" {}
5 | variable "counter" {}
6 | variable "subnet" {}
7 | variable "resource_group_name" {}
8 | variable "username" {}
9 | variable "password" {}
10 | variable "avsetvsmart" {}
--------------------------------------------------------------------------------
/azure/Provision_Instances/vsmart_master.tf:
--------------------------------------------------------------------------------
1 | module "vsmart" {
2 | source = "./vsmart"
3 | region = "${data.terraform_remote_state.spam.outputs.region}"
4 | avsetvsmart = "${data.terraform_remote_state.spam.outputs.avsetvsmart}"
5 | Vipela_Control_Plane = "${data.terraform_remote_state.spam.outputs.Vipela_Control_Plane}"
6 | vsmart_image = "${var.vsmart_image}"
7 | viptela_instances_type = "${var.vsmart_instances_type}"
8 | counter = "${var.vsmart_count}"
9 | subnet = "${data.terraform_remote_state.spam.outputs.subnet}"
10 | resource_group_name = "${data.terraform_remote_state.spam.outputs.resource_group_name}"
11 | username = "${var.username}"
12 | password = "${var.password}"
13 | }
14 |
--------------------------------------------------------------------------------
/azure/Provision_VNET/azure.tf:
--------------------------------------------------------------------------------
1 | provider "azurerm" {
2 | subscription_id = "${var.ARM_SUBSCRIPTION_ID}"
3 | client_id = "${var.ARM_CLIENT_ID}"
4 | client_secret = "${var.ARM_CLIENT_SECRET}"
5 | tenant_id = "${var.ARM_TENANT_ID}"
6 | }
7 |
--------------------------------------------------------------------------------
/azure/Provision_VNET/base.tf:
--------------------------------------------------------------------------------
1 | /*
2 | Requires:
3 | - Azure Region
4 | - CIDR block with <= 28 bit prefix length
5 |
6 | Provisions:
7 | - VNET,
8 | - Availability Sets
9 | - public route table,
10 | - subnet,
11 | - security group for the Viptela controllers
12 | */
13 |
14 | /*
15 | VNET
16 | */
17 | resource "azurerm_resource_group" "ViptelaControllers" {
18 | name = "ViptelaControllers"
19 | location = "${var.region}"
20 | }
21 |
22 | /*
23 | Security Group
24 | */
25 | resource "azurerm_network_security_group" "ViptelaControllers" {
26 | name = "ViptelaControllers"
27 | location = "${var.region}"
28 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
29 |
30 | security_rule {
31 | name = "ControlTCP"
32 | priority = 100
33 | direction = "Inbound"
34 | access = "Allow"
35 | protocol = "Tcp"
36 | source_port_range = "*"
37 | destination_port_range = "23456-24156"
38 | source_address_prefix = "*"
39 | destination_address_prefix = "*"
40 | }
41 |
42 | security_rule {
43 | name = "ControlUDP"
44 | priority = 101
45 | direction = "Inbound"
46 | access = "Allow"
47 | protocol = "Udp"
48 | source_port_range = "*"
49 | destination_port_range = "12346-13046"
50 | source_address_prefix = "*"
51 | destination_address_prefix = "*"
52 | }
53 |
54 | security_rule {
55 | name = "SSH"
56 | priority = 102
57 | direction = "Inbound"
58 | access = "Allow"
59 | protocol = "Tcp"
60 | source_port_range = "*"
61 | destination_port_range = "22"
62 | source_address_prefix = "*"
63 | destination_address_prefix = "*"
64 | }
65 |
66 | security_rule {
67 | name = "HTTPS"
68 | priority = 103
69 | direction = "Inbound"
70 | access = "Allow"
71 | protocol = "Tcp"
72 | source_port_range = "*"
73 | destination_port_range = "443"
74 | source_address_prefix = "*"
75 | destination_address_prefix = "*"
76 | }
77 |
78 | security_rule {
79 | name = "vManageWebServer"
80 | priority = 104
81 | direction = "Inbound"
82 | access = "Allow"
83 | protocol = "Tcp"
84 | source_port_range = "*"
85 | destination_port_range = "8443"
86 | source_address_prefix = "*"
87 | destination_address_prefix = "*"
88 | }
89 |
90 | security_rule {
91 | name = "NETCONF"
92 | priority = 106
93 | direction = "Inbound"
94 | access = "Allow"
95 | protocol = "Tcp"
96 | source_port_range = "*"
97 | destination_port_range = "830"
98 | source_address_prefix = "*"
99 | destination_address_prefix = "*"
100 | }
101 |
102 | tags = {
103 | environment = "ViptelaControllers"
104 | }
105 | }
106 |
107 | /*
108 | VNET
109 | */
110 | resource "azurerm_virtual_network" "ViptelaControllers" {
111 | name = "ViptelaControllers"
112 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
113 | address_space = ["${var.cidr_block}"]
114 | location = "${var.region}"
115 | dns_servers = ["208.67.222.222"]
116 |
117 | tags = {
118 | Name = "ViptelaControllers"
119 | }
120 | }
121 |
122 | /*
123 | Route Table
124 | */
125 | resource "azurerm_route_table" "ViptelaControllers" {
126 | name = "ViptelaControllers"
127 | location = "${var.region}"
128 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
129 |
130 | route {
131 | name = "DefaultInternet"
132 | address_prefix = "0.0.0.0/0"
133 | next_hop_type = "Internet"
134 | }
135 |
136 | tags = {
137 | Name = "ViptelaControllers"
138 | }
139 | }
140 |
141 | /*
142 | Subnet
143 | */
144 | resource "azurerm_subnet" "ViptelaControllers" {
145 | name = "ViptelaControllers"
146 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
147 | virtual_network_name = "${azurerm_virtual_network.ViptelaControllers.name}"
148 | address_prefix = "${var.cidr_block}"
149 | }
150 |
151 | resource "azurerm_subnet_route_table_association" "test" {
152 | subnet_id = "${azurerm_subnet.ViptelaControllers.id}"
153 | route_table_id = "${azurerm_route_table.ViptelaControllers.id}"
154 | }
155 |
156 | /*
157 | Availability Sets
158 | */
159 | resource "azurerm_availability_set" "avsetvmanage" {
160 | name = "avsetvmanage"
161 | managed = true
162 | location = "${var.region}"
163 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
164 |
165 | tags = {
166 | Name = "avsetvmanage"
167 | }
168 | }
169 |
170 | resource "azurerm_availability_set" "avsetvbond" {
171 | name = "avsetvbond"
172 | managed = true
173 | location = "${var.region}"
174 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
175 |
176 | tags = {
177 | Name = "avsetvbond"
178 | }
179 | }
180 |
181 | /*
182 | Availability Sets
183 | */
184 | resource "azurerm_availability_set" "avsetvsmart" {
185 | name = "avsetvsmart"
186 | managed = true
187 | location = "${var.region}"
188 | resource_group_name = "${azurerm_resource_group.ViptelaControllers.name}"
189 |
190 | tags = {
191 | Name = "avsetvsmart"
192 | }
193 | }
--------------------------------------------------------------------------------
/azure/Provision_VNET/base_var.tf:
--------------------------------------------------------------------------------
1 | variable "ARM_SUBSCRIPTION_ID" {}
2 | variable "ARM_CLIENT_ID" {}
3 | variable "ARM_CLIENT_SECRET" {}
4 | variable "ARM_TENANT_ID" {}
5 |
6 | variable "region" {}
7 | variable "cidr_block" {}
8 |
--------------------------------------------------------------------------------
/azure/Provision_VNET/my_vnet_variables.auto.tfvars.json:
--------------------------------------------------------------------------------
1 | {
2 | "region": "eastus",
3 | "cidr_block": "10.200.200.0/24"
4 | }
5 |
--------------------------------------------------------------------------------
/azure/Provision_VNET/output.tf:
--------------------------------------------------------------------------------
1 | output "region" {
2 | value = "${var.region}"
3 | }
4 |
5 | output "resource_group_name" {
6 | value = "${azurerm_resource_group.ViptelaControllers.name}"
7 | }
8 |
9 | output "cidr_block" {
10 | value = "${var.cidr_block}"
11 | }
12 |
13 | output "Vipela_Control_Plane" {
14 | value = "${azurerm_network_security_group.ViptelaControllers.id}"
15 | }
16 |
17 | output "subnet" {
18 | value = "${azurerm_subnet.ViptelaControllers.id}"
19 | }
20 |
21 | output "avsetvsmart" {
22 | value = "${azurerm_availability_set.avsetvsmart.id}"
23 | }
24 |
25 | output "avsetvmanage" {
26 | value = "${azurerm_availability_set.avsetvmanage.id}"
27 | }
28 |
29 | output "avsetvbond" {
30 | value = "${azurerm_availability_set.avsetvbond.id}"
31 | }
32 |
--------------------------------------------------------------------------------
/vmware/cedge_vmware/create_iso.tf:
--------------------------------------------------------------------------------
1 | resource "template_dir" "cloudinit" {
2 | for_each = var.device_list
3 | source_dir = var.cloudinit_path
4 | destination_dir = "${path.cwd}/ISO/${each.key}"
5 |
6 | vars = {
7 | ipv4_address = lookup(each.value, "ipv4_address", "dhcp")
8 | ipv4_gateway = lookup(each.value, "ipv4_gateway", "")
9 | day0 = lookup(each.value, "day0", "")
10 | otp = lookup(each.value, "otp", "")
11 | vbond = lookup(each.value, "vbond", "")
12 | uuid = lookup(each.value, "uuid", "")
13 | org = lookup(each.value, "org", "")
14 | hostname = "${each.key}"
15 | }
16 | }
17 |
18 | resource "null_resource" "iso" {
19 | for_each = var.device_list
20 |
21 | triggers = {
22 | cloudinit = fileexists("${var.cloudinit_path}/ciscosdwan_cloud_init.cfg") ? filemd5("${var.cloudinit_path}/ciscosdwan_cloud_init.cfg") : ""
23 | data_dir = "${path.cwd}/ISO/${each.key}"
24 | iso_file = "${path.cwd}/ISO/${each.key}.iso"
25 | }
26 |
27 | provisioner "local-exec" {
28 | command = "mkisofs -output ${self.triggers.iso_file} -volid cidata -joliet -rock ${self.triggers.data_dir}/ciscosdwan_cloud_init.cfg"
29 | }
30 |
31 | # Requires terraform 0.12.23+ for issue #24139 fix (for_each destroy provisioner in module)
32 | provisioner "local-exec" {
33 | when = destroy
34 | command = "rm ${self.triggers.iso_file}"
35 | on_failure = continue
36 | }
37 |
38 | depends_on = [
39 | template_dir.cloudinit
40 | ]
41 | }
42 |
43 | resource "vsphere_file" "iso" {
44 | for_each = var.device_list
45 |
46 | datacenter = var.datacenter
47 | datastore = var.iso_datastore
48 | source_file = "${path.cwd}/ISO/${each.key}.iso"
49 | destination_file = "${var.iso_path}/${var.folder}/${each.key}.iso"
50 |
51 | depends_on = [
52 | null_resource.iso,
53 | template_dir.cloudinit
54 | ]
55 | }
--------------------------------------------------------------------------------
/vmware/cedge_vmware/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | # flatten ensures that this local value is a flat list of objects, rather
3 | # than a list of lists of objects.
4 | networks = flatten([
5 | for device_key, device in var.device_list : [
6 | for network_key, network in device.networks : {
7 | device_key = device_key
8 | network_key = network_key
9 | network_name = network
10 | }
11 | ]
12 | ])
13 | }
14 |
15 | data "vsphere_datacenter" "dc" {
16 | name = var.datacenter
17 | }
18 |
19 | data "vsphere_compute_cluster" "compute_cluster" {
20 | name = var.cluster
21 | datacenter_id = data.vsphere_datacenter.dc.id
22 | }
23 |
24 | data "vsphere_resource_pool" "resource_pool" {
25 | count = var.resource_pool == "" ? 0 : 1
26 |
27 | name = var.resource_pool
28 | datacenter_id = data.vsphere_datacenter.dc.id
29 | }
30 |
31 | data "vsphere_datastore" "datastore" {
32 | name = var.datastore
33 | datacenter_id = data.vsphere_datacenter.dc.id
34 | }
35 |
36 | data "vsphere_datastore" "iso_datastore" {
37 | name = var.iso_datastore
38 | datacenter_id = data.vsphere_datacenter.dc.id
39 | }
40 |
41 | data "vsphere_network" "network" {
42 | for_each = {
43 | for network in local.networks : "${network.device_key}.${network.network_key}" => network
44 | }
45 |
46 | name = each.value.network_name
47 | datacenter_id = data.vsphere_datacenter.dc.id
48 | }
49 |
50 | data "vsphere_virtual_machine" "template" {
51 | count = var.template == "" ? 0 : 1
52 |
53 | name = var.template
54 | datacenter_id = data.vsphere_datacenter.dc.id
55 | }
56 |
57 | resource "vsphere_virtual_machine" "vm" {
58 | for_each = var.device_list
59 |
60 | name = each.key
61 | resource_pool_id = var.resource_pool == "" ? data.vsphere_compute_cluster.compute_cluster.resource_pool_id : data.vsphere_resource_pool.resource_pool[0].id
62 | folder = var.folder
63 | datastore_id = data.vsphere_datastore.datastore.id
64 |
65 | num_cpus = var.vm_num_cpus
66 | memory = var.vm_memory
67 | guest_id = data.vsphere_virtual_machine.template[0].guest_id
68 | scsi_type = data.vsphere_virtual_machine.template[0].scsi_type
69 |
70 | ignored_guest_ips = ["192.168.1.1", "0.0.0.0"]
71 | wait_for_guest_net_routable = false
72 |
73 | cdrom {
74 | datastore_id = data.vsphere_datastore.iso_datastore.id
75 | path = "${var.iso_path}/${var.folder}/${each.key}.iso"
76 | }
77 |
78 | disk {
79 | label = "disk0"
80 | size = data.vsphere_virtual_machine.template[0].disks.0.size
81 | eagerly_scrub = data.vsphere_virtual_machine.template[0].disks.0.eagerly_scrub
82 | thin_provisioned = data.vsphere_virtual_machine.template[0].disks.0.thin_provisioned
83 | }
84 |
85 | # Add additional data disks
86 | dynamic "disk" {
87 | for_each = var.vm_add_disks
88 |
89 | content {
90 | label = format("disk%d", disk.key + 1)
91 | size = disk.value
92 | thin_provisioned = var.vm_thin_provisioned
93 | unit_number = disk.key + 1
94 | }
95 | }
96 |
97 | dynamic "network_interface" {
98 | for_each = each.value.networks
99 |
100 | content {
101 | network_id = data.vsphere_network.network["${each.key}.${network_interface.key}"].id
102 | adapter_type = data.vsphere_virtual_machine.template[0].network_interface_types[0]
103 | }
104 | }
105 |
106 | clone {
107 | template_uuid = data.vsphere_virtual_machine.template[0].id
108 | }
109 |
110 | depends_on = [
111 | vsphere_file.iso,
112 | null_resource.iso,
113 | template_dir.cloudinit
114 | ]
115 | }
116 |
--------------------------------------------------------------------------------
/vmware/cedge_vmware/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ip_addresses" {
2 | value = [for v in vsphere_virtual_machine.vm : {name = v.name, default_ip_address = v.default_ip_address}]
3 | }
4 |
--------------------------------------------------------------------------------
/vmware/cedge_vmware/variables.tf:
--------------------------------------------------------------------------------
1 | variable "datacenter" {
2 | type = string
3 | }
4 | variable "cluster" {
5 | type = string
6 | }
7 | variable "datastore" {
8 | type = string
9 | }
10 | variable "folder" {
11 | type = string
12 | }
13 | variable "iso_datastore" {
14 | type = string
15 | }
16 | variable "iso_path" {
17 | type = string
18 | }
19 | variable "resource_pool" {
20 | type = string
21 | }
22 | variable "template" {
23 | type = string
24 | }
25 | variable "vm_num_cpus" {
26 | type = number
27 | }
28 | variable "vm_memory" {
29 | type = number
30 | }
31 | variable "vm_add_disks" {
32 | type = list(number)
33 | }
34 | variable "vm_thin_provisioned" {
35 | type = bool
36 | }
37 | variable "device_list" {
38 | type = any
39 | }
40 | variable "cloudinit_path" {
41 | type = string
42 | }
43 |
--------------------------------------------------------------------------------
/vmware/cloud-init/cedge/ciscosdwan_cloud_init.cfg:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }Content-Type: multipart/mixed; boundary="===============3067523750048488884=="
2 | MIME-Version: 1.0
3 |
4 | --===============3067523750048488884==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 | MIME-Version: 1.0
7 | Content-Transfer-Encoding: 7bit
8 | Content-Disposition: attachment; filename="cloud-config"
9 |
10 | #cloud-config
11 | vinitparam:
12 | %{ if otp != "" }- otp : ${otp}%{ else }- otp : none%{ endif }
13 | %{ if vbond != "" }- vbond : ${vbond}%{ else }- vbond : 1.1.1.1%{ endif }
14 | %{ if uuid != "" }- uuid : ${uuid}%{ else }- uuid : none%{ endif }
15 | %{ if org != "" }- org : ${org}%{ else }- org : none%{ endif }
16 | - rcc : false
17 |
18 | --===============3067523750048488884==
19 | Content-Type: text/cloud-boothook; charset="us-ascii"
20 | MIME-Version: 1.0
21 | Content-Transfer-Encoding: 7bit
22 | Content-Disposition: attachment; filename="config-CSR-725caea2-41a4-497c-821d-a2e280be40a0.txt"
23 |
24 | #cloud-boothook
25 | hostname ${hostname}
26 | username admin privilege 15 secret 0 cisco
27 | logging persistent immediate filesize 8192 size 1000000
28 | aaa authentication login default local
29 | aaa authorization exec default local none
30 | interface GigabitEthernet1
31 | no shutdown
32 | %{ if ipv4_address != "dhcp" }ip address ${ipv4_address}%{ else }ip address dhcp client-id GigabitEthernet1%{ endif }
33 | exit
34 | %{ if ipv4_gateway != "" }ip route 0.0.0.0 0.0.0.0 ${ipv4_gateway}%{ else }!%{ endif }
35 | --===============3067523750048488884==
36 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vbond/v1/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vbond
2 | local-hostname: vbond
--------------------------------------------------------------------------------
/vmware/cloud-init/vbond/v1/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | !
9 | viptela-system:system
10 | host-name ${hostname}
11 | aaa
12 | user admin
13 | password cisco
14 | !
15 | vpn 0
16 | %{ if ipv4_gateway != ""}
17 | ip route 0.0.0.0/0 ${ipv4_gateway}
18 | %{ endif }
19 |
20 | interface ge0/0
21 | %{ if ipv4_address != "dhcp" }
22 | ip address ${ipv4_address}
23 | %{ else }
24 | ip dhcp-client
25 | %{ endif }
26 |
27 | tunnel-interface
28 | allow-service all
29 | !
30 | no shutdown
31 | !
32 | !
33 | vpn 512
34 | interface eth0
35 | ip dhcp-client
36 | shutdown
37 | !
38 | !
39 | --==BOUNDARY==
40 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vbond/v2/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vbond
2 | local-hostname: vbond
--------------------------------------------------------------------------------
/vmware/cloud-init/vbond/v2/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }
2 | #cloud-config
3 | write_files:
4 | - path: /etc/default/personality
5 | content: "vedge\n"
6 | - path: /etc/default/inited
7 | content: "1\n"
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vedge
13 | ${hostname}
14 |
15 |
16 | admin
17 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
18 |
19 |
20 |
21 |
22 |
23 | 0
24 | %{ if ipv4_gateway != "" }
25 |
26 |
27 | 0.0.0.0/0
28 |
29 | ${ipv4_gateway}
30 |
31 |
32 |
33 | %{ endif }
34 |
35 | ge0/0
36 | %{ if ipv4_address == "dhcp" }
37 |
38 | true
39 |
40 | %{ else }
41 |
42 | ${ipv4_address}
43 |
44 | %{ endif }
45 |
46 |
47 | ipsec
48 |
49 |
50 | true
51 |
52 |
53 | false
54 |
55 |
56 |
57 | 512
58 |
59 | eth0
60 |
61 | true
62 |
63 | true
64 |
65 |
66 |
67 |
68 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vedge/v1/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vedge
2 | local-hostname: vedge
--------------------------------------------------------------------------------
/vmware/cloud-init/vedge/v1/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | !
9 | viptela-system:system
10 | host-name ${hostname}
11 | aaa
12 | user admin
13 | password cisco
14 | !
15 | vpn 0
16 | %{ if ipv4_gateway != ""}
17 | ip route 0.0.0.0/0 ${ipv4_gateway}
18 | %{ endif }
19 |
20 | interface ge0/0
21 | %{ if ipv4_address != "dhcp" }
22 | ip address ${ipv4_address}
23 | %{ else }
24 | ip dhcp-client
25 | %{ endif }
26 |
27 | tunnel-interface
28 | allow-service all
29 | !
30 | no shutdown
31 | !
32 | !
33 | vpn 512
34 | interface eth0
35 | ip dhcp-client
36 | shutdown
37 | !
38 | !
39 | --==BOUNDARY==
40 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vedge/v2/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vedge
2 | local-hostname: vedge
--------------------------------------------------------------------------------
/vmware/cloud-init/vedge/v2/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }
2 | #cloud-config
3 | write_files:
4 | - path: /etc/default/personality
5 | content: "vedge\n"
6 | - path: /etc/default/inited
7 | content: "1\n"
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vedge
13 | ${hostname}
14 |
15 |
16 | admin
17 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
18 |
19 |
20 |
21 |
22 |
23 | 0
24 | %{ if ipv4_gateway != "" }
25 |
26 |
27 | 0.0.0.0/0
28 |
29 | ${ipv4_gateway}
30 |
31 |
32 |
33 | %{ endif }
34 |
35 | ge0/0
36 | %{ if ipv4_address == "dhcp" }
37 |
38 | true
39 |
40 | %{ else }
41 |
42 | ${ipv4_address}
43 |
44 | %{ endif }
45 |
46 |
47 | ipsec
48 |
49 |
50 | true
51 |
52 |
53 | false
54 |
55 |
56 |
57 | 512
58 |
59 | eth0
60 |
61 | true
62 |
63 | true
64 |
65 |
66 |
67 |
68 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vmanage/v1/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vmanage
2 | local-hostname: vmanage
--------------------------------------------------------------------------------
/vmware/cloud-init/vmanage/v1/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 | MIME-Version: 1.0
7 | Content-Transfer-Encoding: 7bit
8 | Content-Disposition: attachment; filename="cloud-config.txt"
9 |
10 | #cloud-config
11 | vinitparam:
12 | - format-partition : 1
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 | MIME-Version: 1.0
17 | Content-Transfer-Encoding: 7bit
18 | Content-Disposition: attachment; filename="init-config.txt"
19 |
20 | #cloud-boothook
21 | !
22 | system
23 | host-name ${hostname}
24 | aaa
25 | user admin
26 | password cisco
27 | !
28 | vpn 0
29 | %{ if ipv4_gateway != ""}
30 | ip route 0.0.0.0/0 ${ipv4_gateway}
31 | %{ endif }
32 |
33 | interface eth1
34 | %{ if ipv4_address == "dhcp" }
35 | ip dhcp-client
36 | %{ else }
37 | ip address ${ipv4_address}
38 | %{ endif }
39 |
40 | tunnel-interface
41 | allow-service all
42 | !
43 | no shutdown
44 | !
45 | !
46 | vpn 512
47 | interface eth0
48 | ip dhcp-client
49 | shutdown
50 | !
51 | !
52 | --==BOUNDARY==
53 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vmanage/v2/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vmanage
2 | local-hostname: vmanage
--------------------------------------------------------------------------------
/vmware/cloud-init/vmanage/v2/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }
2 | #cloud-config
3 | fs_setup:
4 | - device: "/dev/sdb"
5 | partition: "none"
6 | filesystem: "ext4"
7 | mounts:
8 | - [ sdb, /opt/data ]
9 | write_files:
10 | - path: /opt/web-app/etc/persona
11 | owner: vmanage:vmanage-admin
12 | permissions: '0644'
13 | content: '{"persona":"COMPUTE_AND_DATA"}'
14 | - path: /etc/default/personality
15 | content: "vmanage\n"
16 | - path: /etc/default/inited
17 | content: "1\n"
18 | - path: /etc/confd/init/zcloud.xml
19 | content: |
20 |
21 |
22 | vmanage
23 | ${hostname}
24 |
25 |
26 | admin
27 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
28 |
29 |
30 |
31 |
32 |
33 | 0
34 | %{ if ipv4_gateway != "" }
35 |
36 |
37 | 0.0.0.0/0
38 |
39 | ${ipv4_gateway}
40 |
41 |
42 |
43 | %{ endif }
44 |
45 | eth1
46 | %{ if ipv4_address == "dhcp" }
47 |
48 | true
49 |
50 | %{ else }
51 |
52 | ${ipv4_address}
53 |
54 | %{ endif }
55 |
56 |
57 | true
58 |
59 |
60 | false
61 |
62 |
63 |
64 | 512
65 |
66 | eth0
67 |
68 | true
69 |
70 | true
71 |
72 |
73 |
74 |
75 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vsmart/v1/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vsmart
2 | local-hostname: vsmart
--------------------------------------------------------------------------------
/vmware/cloud-init/vsmart/v1/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-boothook; charset="us-ascii"
6 |
7 | #cloud-boothook
8 | !
9 | system
10 | host-name ${hostname}
11 | aaa
12 | user admin
13 | password cisco
14 | !
15 | vpn 0
16 | %{ if ipv4_gateway != ""}
17 | ip route 0.0.0.0/0 ${ipv4_gateway}
18 | %{ endif }
19 |
20 | interface eth1
21 | %{ if ipv4_address != "dhcp" }
22 | ip address ${ipv4_address}
23 | %{ else }
24 | ip dhcp-client
25 | %{ endif }
26 |
27 | tunnel-interface
28 | allow-service all
29 | !
30 | no shutdown
31 | !
32 | !
33 | vpn 512
34 | interface eth0
35 | ip dhcp-client
36 | shutdown
37 | !
38 | !
39 | --==BOUNDARY==
40 | %{ endif }
--------------------------------------------------------------------------------
/vmware/cloud-init/vsmart/v2/meta-data:
--------------------------------------------------------------------------------
1 | instance-id: vsmart
2 | local-hostname: vsmart
--------------------------------------------------------------------------------
/vmware/cloud-init/vsmart/v2/user-data:
--------------------------------------------------------------------------------
1 | %{ if day0 != "" }${day0}%{ else }
2 | #cloud-config
3 | write_files:
4 | - path: /etc/default/personality
5 | content: "vsmart\n"
6 | - path: /etc/default/inited
7 | content: "1\n"
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vsmart
13 | ${hostname}
14 |
15 |
16 | admin
17 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
18 |
19 |
20 |
21 |
22 |
23 | 0
24 | %{ if ipv4_gateway != "" }
25 |
26 |
27 | 0.0.0.0/0
28 |
29 | ${ipv4_gateway}
30 |
31 |
32 |
33 | %{ endif }
34 |
35 | eth1
36 | %{ if ipv4_address == "dhcp" }
37 |
38 | true
39 |
40 | %{ else }
41 |
42 | ${ipv4_address}
43 |
44 | %{ endif }
45 |
46 |
47 | true
48 |
49 |
50 | false
51 |
52 |
53 |
54 | 512
55 |
56 | eth0
57 |
58 | true
59 |
60 | true
61 |
62 |
63 |
64 |
65 | %{ endif }
--------------------------------------------------------------------------------
/vmware/examples/v19.2-day0.example:
--------------------------------------------------------------------------------
1 | # vsphere_user = ""
2 | # vsphere_password = ""
3 | # vsphere_server = ""
4 | datacenter = "my-datacenter"
5 | cluster = "my-cluster"
6 | datastore = "my-datastore"
7 | folder = "my-sdwan"
8 | iso_datastore = "my-datastore"
9 | iso_path = "cloud-init"
10 | vmanage_template = "viptela-manage-19.2.4"
11 | vbond_template = "viptela-edge-19.2.4"
12 | vsmart_template = "viptela-smart-19.2.4"
13 | vedge_template = "viptela-edge-19.2.4"
14 | cedge_template = "csr1000v-16.12.02r"
15 |
16 | vmanage_device_list = {
17 | "vmanage1" = {
18 | networks = ["my-vmnetwork","my-vmnetwork","my-vmnetwork"]
19 | day0 = <
39 |
40 | vmanage
41 | vmanage1
42 |
43 |
44 | admin
45 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
46 |
47 |
48 |
49 |
50 |
51 | 0
52 |
53 |
54 | 0.0.0.0/0
55 |
56 | 192.168.1.1
57 |
58 |
59 |
60 |
61 | eth0
62 |
63 | 192.168.1.51/22
64 |
65 |
66 |
67 | true
68 |
69 |
70 | false
71 |
72 |
73 |
74 | 512
75 |
76 | eth1
77 |
78 | true
79 |
80 | true
81 |
82 |
83 |
84 |
85 | EOF
86 | }
87 | }
88 |
89 | vsmart_device_list = {
90 | "vsmart1" = {
91 | networks = ["my-vmnetwork","my-vmnetwork"]
92 | day0 = <
102 |
103 | vsmart
104 | vsmart1
105 |
106 |
107 | admin
108 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
109 |
110 |
111 |
112 |
113 |
114 | 0
115 |
116 |
117 | 0.0.0.0/0
118 |
119 | 192.168.1.1
120 |
121 |
122 |
123 |
124 | eth0
125 |
126 | 192.168.1.52/22
127 |
128 |
129 |
130 | true
131 |
132 |
133 | false
134 |
135 |
136 |
137 | 512
138 |
139 | eth1
140 |
141 | true
142 |
143 | true
144 |
145 |
146 |
147 |
148 | EOF
149 | }
150 | }
151 |
152 | vbond_device_list = {
153 | "vbond1" = {
154 | networks = ["my-vmnetwork","my-vmnetwork"]
155 | day0 = <
165 |
166 | vedge
167 | vbond1
168 |
169 |
170 | admin
171 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
172 |
173 |
174 |
175 |
176 |
177 | 0
178 |
179 |
180 | 0.0.0.0/0
181 |
182 | 192.168.1.1
183 |
184 |
185 |
186 |
187 | ge0/0
188 |
189 | 192.168.1.53/22
190 |
191 |
192 |
193 | ipsec
194 |
195 |
196 | true
197 |
198 |
199 | false
200 |
201 |
202 |
203 | 512
204 |
205 | eth0
206 |
207 | true
208 |
209 | true
210 |
211 |
212 |
213 |
214 | EOF
215 | }
216 | }
217 |
218 | vedge_device_list = {
219 | "vedge1" = {
220 | networks = ["my-vmnetwork","my-vmnetwork","my-vmnetwork", "my-vmnetwork"]
221 | day0 = <
231 | vedge
232 |
233 | vedge1
234 |
235 |
236 | admin
237 | $6$329577c85ea66998$tTtlYqQIpfCGvqNZ2nICRWOSfyIV0/RO0ZWtFwpSJ0bBvlQoCowl6fO9SjzerDwmKYutIbPMAub7B4K/JG4c/0
238 |
239 |
240 |
241 |
242 |
243 | 0
244 |
245 | ge0/0
246 |
247 | true
248 |
249 |
250 |
251 | ipsec
252 |
253 |
254 | true
255 |
256 |
257 | false
258 |
259 |
260 |
261 | 512
262 |
263 | eth0
264 |
265 | true
266 |
267 | true
268 |
269 |
270 |
271 |
272 | EOF
273 | }
274 | }
275 |
276 | cedge_device_list = {
277 | "cedge1" = {
278 | networks = ["my-vmnetwork", "my-vmnetwork"]
279 | day0 = < network
45 | }
46 |
47 | name = each.value.network_name
48 | datacenter_id = data.vsphere_datacenter.dc.id
49 | }
50 |
51 | data "vsphere_virtual_machine" "template" {
52 | count = var.template == "" ? 0 : 1
53 |
54 | name = var.template
55 | datacenter_id = data.vsphere_datacenter.dc.id
56 | }
57 |
58 | resource "vsphere_virtual_machine" "vm" {
59 | for_each = var.device_list
60 |
61 | name = each.key
62 | resource_pool_id = var.resource_pool == "" ? data.vsphere_compute_cluster.compute_cluster.resource_pool_id : data.vsphere_resource_pool.resource_pool[0].id
63 | folder = var.folder
64 | datastore_id = data.vsphere_datastore.datastore.id
65 |
66 | num_cpus = var.vm_num_cpus
67 | memory = var.vm_memory
68 | guest_id = data.vsphere_virtual_machine.template[0].guest_id
69 | scsi_type = data.vsphere_virtual_machine.template[0].scsi_type
70 |
71 | ignored_guest_ips = ["127.1.0.1"]
72 | wait_for_guest_net_routable = false
73 |
74 | disk {
75 | label = "disk0"
76 | size = data.vsphere_virtual_machine.template[0].disks.0.size
77 | eagerly_scrub = data.vsphere_virtual_machine.template[0].disks.0.eagerly_scrub
78 | thin_provisioned = data.vsphere_virtual_machine.template[0].disks.0.thin_provisioned
79 | }
80 |
81 | # Add additional data disks
82 | dynamic "disk" {
83 | for_each = var.vm_add_disks
84 |
85 | content {
86 | label = format("disk%d", disk.key + 1)
87 | size = disk.value
88 | thin_provisioned = var.vm_thin_provisioned
89 | unit_number = disk.key + 1
90 | }
91 | }
92 |
93 | cdrom {
94 | datastore_id = data.vsphere_datastore.iso_datastore.id
95 | path = "${var.iso_path}/${var.folder}/${each.key}.iso"
96 | }
97 |
98 | dynamic "network_interface" {
99 | for_each = each.value.networks
100 |
101 | content {
102 | network_id = data.vsphere_network.network["${each.key}.${network_interface.key}"].id
103 | adapter_type = data.vsphere_virtual_machine.template[0].network_interface_types[0]
104 | }
105 | }
106 |
107 | clone {
108 | template_uuid = data.vsphere_virtual_machine.template[0].id
109 | }
110 |
111 | depends_on = [
112 | vsphere_file.iso,
113 | null_resource.iso,
114 | template_dir.cloudinit
115 | ]
116 | }
117 |
--------------------------------------------------------------------------------
/vmware/viptela_vmware/outputs.tf:
--------------------------------------------------------------------------------
1 | output "ip_addresses" {
2 | value = [for v in vsphere_virtual_machine.vm : {name = v.name, default_ip_address = v.default_ip_address}]
3 | }
4 |
--------------------------------------------------------------------------------
/vmware/viptela_vmware/variables.tf:
--------------------------------------------------------------------------------
1 | variable "datacenter" {
2 | type = string
3 | }
4 | variable "cluster" {
5 | type = string
6 | }
7 | variable "resource_pool" {
8 | type = string
9 | }
10 | variable "datastore" {
11 | type = string
12 | }
13 | variable "folder" {
14 | type = string
15 | }
16 | variable "iso_datastore" {
17 | type = string
18 | }
19 | variable "iso_path" {
20 | type = string
21 | }
22 | variable "template" {
23 | type = string
24 | }
25 | variable "vm_num_cpus" {
26 | type = number
27 | }
28 | variable "vm_memory" {
29 | type = number
30 | }
31 | variable "vm_add_disks" {
32 | type = list(number)
33 | }
34 | variable "vm_thin_provisioned" {
35 | type = bool
36 | }
37 |
38 | # The device_list object keys should have type constraints, but ipv4_gateway is optional
39 | # and terraform doesn't currently have a way to match multiple object signatures
40 | #
41 | # type = map(object({
42 | # networks = list(string)
43 | # ipv4_address = string
44 | # ipv4_gateway = string
45 | # }))
46 |
47 | variable "device_list" {
48 | type = any
49 | }
50 | variable "cloudinit_path" {
51 | type = string
52 | }
53 |
--------------------------------------------------------------------------------