Using HashiCorp Terraform Resources with VMware vRealize Automation Cloud

September 29, 2020

Tweet This:
Share on LinkedIn:

By Dana Gertsch, Kovarus Senior Consultant

The most recent release of VMware vRealize Automation Cloud (8.20) introduced the ability to include HashiCorp Terraform Configuration as a Cloud Template Resource (AKA Blueprint).

I’ve been anxiously waiting for this capability for the past few months, hoping to address a customer use case. Specifically, the customer needed the following:

  1. An AWS Auto Scaling Group.
  2. An AWS Application Load Balancer (not available in vRAC).
  3. An SSL installed on the ALB (not available in vRAC).

Two of the three requirements are not available out of the box. Terraform Resources will be used to fill in gaps with vRA Cloud. The two gaps here are the Application Load Balancer and the assigned SSL.

I’m not going to explain how to set up vRA Cloud for Terraform Configurations. VMware has this well documented here.

Now to create the new Cloud Template. (They changed the name in 8.20.)

  1. In vRA, create a new Cloud Template. Select Terraform from the dropdown menu.
  2. Enter a Name and select your Project. Then click Next.
  3. Select the repo, then select the correct Commit name.
  4. Select the folder with the configuration, then click Next.
  5. Review the settings, then click Create.

This will generate the following code.

inputs:
  region:
    type: string
    default: us-east-2
  image_id:
    type: string
    default: ami-02ccb28830b645a41
  flavor:
    type: string
    default: t2.micro
  ec2_instance_port:
    type: number
    default: '80'
  alb_certificate_arn:
    type: string
    default: changeMe
  ssh_key_name:
    type: string
    default: changeMe
resources:
  terraform:
    type: Cloud.Terraform.Configuration
    properties:
      variables:
        region: '${input.region}'
        image_id: '${input.image_id}'
        flavor: '${input.flavor}'
        ec2_instance_port: '${input.ec2_instance_port}'
        alb_certificate_arn: '${input.alb_certificate_arn}'
        ssh_key_name: '${input.ssh_key_name}'
      providers:
        - name: aws
          # List of available cloud zones: Resident US-EAST-2/us-east-2
          cloudZone: Resident US-EAST-2/us-east-2
      terraformVersion: 0.12.26
      configurationSource:
        repositoryId: 7fbe8b49-2205-40ab-a5f5-561f774b9888
        commitId: 0d671b270079573244a27486dfbb9ab81e30545c
        sourceDirectory: /blog

The sourceDirectory needs to match the directory structure of your repo. In this example ‘blog’ is off the root. However, if you move ‘blog’ into a subdirectory called ‘terraform’ sourceDirectory would need to be sourceDirectory: /terraform/blog.

Now to test it out. Click Deploy, give the deployment a Name, then click Next. Enter the inputs on the next page. In this example I’m entering the ARN for an SSL stored in AWS as well as an existing SSH key name.  Finally click Deploy.

You can monitor the various terraform logs by clicking on the history tab of your deployment. To view the terraform plan, click Show Logs at the end of the PLAN_IN_PROGRESS Status line. This view may refresh as the plan is validated.

Optionally, to view the entire log, click View as plain text. This opens a new browser tab.

To view the terraform apply log, expand Show Logs at the end of the CREATE_IN_PROGRESS Status line.

This deployment took about 15 minutes to complete.

The last step is to make sure I can reach the web servers behind the ALB.

As you can see, this new Resource option will allow you to meet some unique customer use cases using VMware vRealize Automation Cloud and HashiCorp Terraform configurations.

The Terraform configuration and vRA Cloud blueprint is available in Kovarus/vrac-terraform-configuration github repo.


Looking to learn more about modernizing and automating IT? We created the Kovarus Proven Solutions Center (KPSC) to let you see what’s possible and learn how we can help you succeed. To learn more about the KPSC go to the KPSC page.

Also, follow Kovarus on LinkedIn for technology updates from our experts along with updates on Kovarus news and events.