Using the Terraform AVI Provider can be quite challenging because it required you to understand complex object definitions. All resources in the AVI Provider are mapped directly to the corresponding Avi Vantage API which you can find here. The problem is that some objects have a huge amount of attributes, some of them even have a nested depth of 5.
I'll show you a little trick to quickly get the required information to write NSX-ALB / AVI resources.
Four reasons that made working with the AVI Provider challenging
Number of Arguments
A good example is the resource to manage Service Engine Groups: avi_serviceenginegroup. With over 250 arguments that are listed in alphabetical order, it is nearly impossible to define the object just from the documentation (which I usually do when writing resources). On top of that, many arguments do only work in conjunction with others or are dependent on product versions or the Cloud type. The API documentation itself isn't less challenging.
Nested Arguments
The documentation of nested arguments is limited in Terraform. Arguments with a depth deeper than one are completely unreadable in the documentation. The AVI provider doesn't even list the content of nested arguments, which you can see in the Avi Cloud Resource: avi_cloud. The full definition in only visible in the API documentation.
Dependent Resources
The configuration workflow for some objects differs from the UI. The NSX-T Cloud configuration for example is one configuration step in the UI but requires two resources in Terraform: avi_cloud and avi_vcenterserver.
Different Names for Options
Names and options in arguments are sometimes completely different from the UI. The "Elastic HA - N+M Buffer" configuration in Service Engine Groups for example is called "HA_MODE_SHARED" and the "VS Placement across SE: Compact" configuration is configured with "algo = PLACEMENT_ALGO_PACKED".
Grab NSX-ALB API Calls with Chrome Dev Tools
The method is not new and works with many modern API-driven web configuration interfaces. With NSX-ALB just using a 1:1 mapping from the API in its Terraform Provider, writing resources is very close to copy-paste.
- Open NSX-ALB Webinterface in Chrome
- Navigate to the configuration option you want to write the Resource for
- Press F12 to open Dev Tools.
- In Dev Tools, navigate to "Network".
- It should automatically start recording
While Dev Tools is capturing, just start with the configuration.
Example - Create NSX-T Cloud in NSX-ALB with Terraform
I'm creating "my-cloud" using NSX-ALB UI while recording with Dev Tools. The moment when you press "SAVE", quickly change to DevTools and search the request. For the NSX-T Cloud, you should find a request named "macrostack". If you can't find the request, just press "CTRL+F" and search for some names that you've configured. In the corresponding POST request, copy the Request Payload JSON.
With the JSON you can easily identify how you have to configure the resource in Terraform:
resource "avi_cloudconnectoruser" "vcenter" {
name = var.vsphere_server
vcenter_credentials {
username = var.vsphere_user
password = var.vsphere_password
}
lifecycle { ignore_changes = [vcenter_credentials] }
}
resource "avi_cloudconnectoruser" "nsx" {
name = var.nsx_manager
nsxt_credentials {
username = var.nsx_user
password = var.nsx_password
}
lifecycle { ignore_changes = [nsxt_credentials] }
}
resource "avi_cloud" "nsx" {
name = var.nsx_manager
vtype = "CLOUD_NSXT"
dhcp_enabled = true
obj_name_prefix = split(".", var.nsx_manager)[0]
nsxt_configuration {
nsxt_url = var.nsx_manager
nsxt_credentials_ref = avi_cloudconnectoruser.nsx.id
management_network_config {
transport_zone = data.nsxt_policy_transport_zone.overlay.path
tz_type = "OVERLAY"
overlay_segment {
tier1_lr_id = nsxt_policy_tier1_gateway.alb.path
segment_id = nsxt_policy_segment.alb_se.path
}
}
data_network_config {
transport_zone = data.nsxt_policy_transport_zone.overlay.path
tz_type = "OVERLAY"
tier1_segment_config {
segment_config_mode = "TIER1_SEGMENT_MANUAL"
manual {
tier1_lrs {
tier1_lr_id = nsxt_policy_tier1_gateway.dummy.path
segment_id = nsxt_policy_segment.dummy.path
}
}
}
}
}
}
resource "avi_vcenterserver" "vcenter" {
name = var.vsphere_server
content_lib {
id = vsphere_content_library.library.id
}
vcenter_url = var.vsphere_server
vcenter_credentials_ref = avi_cloudconnectoruser.vcenter.id
cloud_ref = avi_cloud.nsx.id
}See GitHub for a working example.
Example - Create Service Engine Group in NSX-ALB with Terraform
The Request to look for when creating Service Engine Groups is POST /api/serviceenginegroup
There is a lot of information in the payload. However, I've just copied the values that I've configured in the GUI.
resource "avi_serviceenginegroup" "sseg_01" {
name = "${split(".", var.nsx_manager)[0]}-seg-01"
se_name_prefix = split(".", var.nsx_manager)[0]
ha_mode = "HA_MODE_SHARED" # (Elastic HA N+M Buffer)
algo = "PLACEMENT_ALGO_PACKED"
max_se = 10
max_vs_per_se = 10
cloud_ref = avi_cloud.nsx.id
vcenters {
vcenter_ref = avi_vcenterserver.vcenter.id
nsxt_datastores {
include = true
ds_ids = [data.vsphere_datastore.datastore.id]
}
nsxt_clusters {
include = true
cluster_ids = [data.vsphere_compute_cluster.cluster.id]
}
}
}See GitHub for a working example.
Hi Florian,
love your blog articles and use/mention these always in my VMware classes (i'm a VCI).
I do have one ALB related question:
- are you aware of a way to provide custom certificates for virtual servers (for instance: Workload Cluster API access)?
Thanks
Erich