The VMware NSX provider is used to interact with the resources supported by VMware NSX. The provider needs to be configured with the proper credentials and manager before it can be used.
Note: This provider is experimental and not full-featured
Example Usage
variable "vm_count" {
type = "string"
default = "2"
}
# Configure the VMware NSX Provider
provider "nsx" {
user = "${var.user}"
password = "${var.password}"
nsx_manager = "${var.nsx_manager}"
allow_unverified_ssl = "${var.allow_unverified_ssl}"
}
# Configure vSphere Provider
provider "vsphere" {
user = "${var.user}"
password = "${var.password}"
vsphere_server = "${var.vsphere_server}"
}
# Create or lookup a Security Tag
resource "nsx_security_tag" "tag1" {
name = "Application.web"
description = "Opens port 80"
}
# Create or lookup a second Security Tag
resource "nsx_security_tag" "tag2" {
name = "Application.secure"
description = "Opens port 443"
}
# Provision some VMs
resource "vsphere_virtual_machine" "vms" {
count = "${var.vm_count}"
vcpu = 2
memory = 4096
name = "vm${count.index}"
folder = "Terraform"
datacenter = "Datacenter1"
cluster = "Cluster1"
network_interface {
label = "test"
}
disk {
template = "UBUNTU"
datastore = "datastore1"
}
}
# Assign Security Tags to a Virtual Machine
resource "nsx_vm" "web" {
count = "${var.vm_count}"
vm_id = "${element(vsphere_virtual_machine.vms.*.moid, count.index)}"
security_tags = [
"${nsx_security_tag.tag1.id}",
"${nsx_security_tag.tag2.id}"
]
}
Argument Reference
The following arguments are used to configure the VMware NSX Provider:
user- (Required) This is the username for NSX API operations. Can also be specified with the NSX_USER environment variable.password- (Required) This is the password for NSX API operations. Can also be specified with the NSX_PASSWORD environment variable.nsx_manager- (Required) This is the NSX manager name for NSX API operations. Can also be specified with the NSX_MANAGER environment variable.nsx_version- (Optional) This is the version of the NSX manager. It is used for determining what API features are available and defaults to6.3. Can also be specified with the NSX_VERSION environment variable.allow_unverified_ssl- (Optional) Boolean that can be set to true to disable SSL certificate verification. This should be used with care as it could allow an attacker to intercept your auth token. If omitted, default value is false. Can also be specified with the NSX_ALLOW_UNVERIFIED_SSL environment variable.
Looks up an nsx tag by name using a regex search
Example Usage
data "nsx_security_tag" "tag1" {
name_regex = "(?i)web"
}
Argument Reference
The following arguments are supported:
name_regex- The regex string to use when searching for a tag
Attributes Reference
id is set to the ID of the first matching security tag. In addition, the following attributes are exported:
name- The name of the security tagis_universal- Boolean. Tag is universal when truetype_name- NSX type name for the SecurityTagdescription- Tags descriptionvm_count- Number of vms the tag is attached to
Looks up vm by id
Example Usage
data "nsx_vm" "vm1" {
vm_id = "vm-123"
}
Argument Reference
The following arguments are supported
vm_id- Virtual Machine id
Attributes Reference
id is set to the ID of the vm. In addition, the following attributes are exported:
vm_id- The id passed insecurity_tag_ids- A list of the security tag ids attached to the vmsecurity_tag_names- A list of the security tag names attached to the vm
Provides an NSX security tag resource. This can be used to create, modify, delete, and lookup security tags.
Example Usage
resource "nsx_security_tag" "tag1" {
tag = "Application.web"
description = "Opens port 80"
}
Argument Reference
The following arguments are supported:
name- (Optional) The name of the NSX security tag to applydescription- (Optional) The description of the NSX security tagis_universal- (Optional) Boolean that creates the NSX security as a universal security tag. NSX 6.3 and higher required. Defaults to falsepersistent- (Optional) Boolean that prevents the NSX security tag from being destroyed when true during a destroy operation. This is useful when using this resource for lookup in thensx_vmresource. Defaults to falsesafe_destroy- (Optional) Boolean that prevents the NSX security tag from being destroyed when one or more virtual machines are attached to it. Default to true
Provides an NSX virtual machine resource. This can be used to attach and detach security tags
Example Usage
resource "nsx_vm" "web01" {
vm_id = "${var.vm_id}"
security_tags = [
"${nsx_tag.tag1.id}",
"${nsx_tag.tag2.id}"
]
}
Argument Reference
The following arguments are supported:
vm_id- (Required) The vSphere managed object reference id or BIOS uuid of the virtual machinesecurity_tags(Optional) A list of NSX security tag ids or names. Can be used to attach and detach security tags to the virtual machine
- For use on the local machine run
make binfrom the root directory of this project - For specific os/architecture set the environment variable
GOX_OS_ARCHusing gox os/arch combinations like "darwin/amd64" usemake dist. This also requires that docker is installed on the machine building the distributions
Dependencies on resty result in dynamic bindings to net in glibc. (guessing)
This will cause Terraform to fail to exec the provider in alpine containers like hashicorp/terraform.
Use stealthybox/infra for an alpine terraform with glibc:
docker run -v/$PWD://terra -w//terra stealthybox/infra terraform plan... or just run terraform on your local machine like a normal person.