Terraform Providers

One of the foundational components of automation is being able to speak in the language of your target. With AWS, for example, CloudFormation is a good tool to define what a deployment in AWS should look like and ensures conformity to the design definition. The main problem is that CloudFormation only works on AWS and does not work on other deployment platforms. Terraform, on the other hand, performs the same automation from a configuration definition and creates the desired components onto a variety of platforms. The mechanism used to perform this function is the inclusion of a provider definition. If you think in terms of Java or C programming a provider is a set of library functions that can be called and including a provider definition is similar to a include statement to pull in a library header.

Some good blogs that compare and contrast Terraform vs CloudFormation include:

If you look at the definition of a provider from HashiCorp on their Providers page it defines a provider as a way to expose the API interface of the backend system as well as tasks that might be needed like random number generation utilities to generate names. The Terraform Registry includes a list of providers and systems that Terraform can interface with. Checking the public cloud box provides us with a list of various cloud hosting targets that we will focus on in later blogs.

For the purpose of this blog we will dive into the VMware vSphere provider to get an understanding of how to call it, what happens when you call it, and what constructs are needed when you call it. In a previous blog we compared the vSphere provider to the AWS provider on a very high level to talk about the format differences between providers. In this blog we will dive deeper into the vSphere provider to help understand how to deploy it in a development, production, and disaster recovery scenario.

Selecting the vsphere provider and clicking on the USE PROVIDER button at the top right it shows that you can call the provider with either the required_providers or provider command structures. We will use the simplest example by calling only

provider “vsphere” { }

Looking at the documentation there are a variety of optional and required parameters that are needed inside the curly brackets.

The parameter options that we need for the provider definition include (taken straight from the hashicorp page):

  • user – (Required) This is the username for vSphere API operations. Can also be specified with the VSPHERE_USER environment variable.
  • password – (Required) This is the password for vSphere API operations. Can also be specified with the VSPHERE_PASSWORD environment variable.
  • vsphere_server – (Required) This is the vCenter server name for vSphere API operations. Can also be specified with the VSPHERE_SERVER environment variable.
  • allow_unverified_ssl – (Optional) Boolean that can be set to true to disable SSL certificate verification. This should be used with care as it could allow an attacker to intercept your auth token. If omitted, default value is false. Can also be specified with the VSPHERE_ALLOW_UNVERIFIED_SSL environment variable.
  • vim_keep_alive – (Optional) Keep alive interval in minutes for the VIM session. Standard session timeout in vSphere is 30 minutes. This defaults to 10 minutes to ensure that operations that take a longer than 30 minutes without API interaction do not result in a session timeout. Can also be specified with the VSPHERE_VIM_KEEP_ALIVE environment variable.

For security sake it is recommended to hide user and password information in a different file from the definition or have it as environment variables in the shell to pass into terraform. In this example we will create two files, variables.tf and main.tf to simple call the provider definition and look at the constructs that are created by terraform.

The main.tf file looks like

provider “vsphere” {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
version = “1.12.0”

allow_unverified_ssl = true
}

Note the use of var.<something> to pull in the definition of an externally defined variable. This could be done with a second file or with environment variables. For a variables.tf file we could enter

variable “vsphere_user” {
type = string
default = “administrator@vsphere.local”
}

variable “vsphere_password” {
type = string
default = “NotTheRIghtPassword”
}

variable “vsphere_server” {
type = string
default = “10.0.0.72”
}

In the variables.tf file we define three string values and include a default value to pre-define what the variable should be defined as. If we open up a PowerShell windows (or Terminal on Linux) we can see that there are only the variables.tf and main.tf files in the directory.

Note that we are using PowerShell 7 as the command line interface so that we can test out the connection to our vSphere server using PowerCLI commands to verify variable definitions.

If we type

terraform init

The hashicorp/vsphere provider data is pulled from the web and placed in the .terraform subdirectory.

Looking at the .terraform directory it contains a grouping of libraries that we can call from our main.tf definition file.

If we use the tree command we can see the nested structure and note that there is a selections.json file at the plugins and a terraform-provider-vsphere_v1.12.0_x4.exe at the windows_amd64 subdirectory

What the init command did was find out what platform we are running on and pulled down the appropriate binary to translate terraform modules and resource calls into API calls into vSphere. For our example we will make API calls into our vSphere server located at 10.0.0.72 as administrator@vsphere.local with the given password. The selections.json file contains a hash value that is used to test the binary integrity of the terraform-provider-vsphere_v1.12.0_x4.exe and download a new version if needed next time the init command is issued.

At this point we can call the

terraform plan

command to test our main.tf and variables.tf configurations. Everything should work because the syntax is simple so far.

Note that we don’t have a state file defined yet. This should happen when we type

terraform apply

Once we execute this command we get a terraform.tfstate file locally that contains the state information of the current server. Given that we have not made any resource definitions, data declarations, or module calls we don’t have any need to connect to the server. The tfstate file generated is relatively simple.

{
“version”: 4,
“terraform_version”: “0.13.3”,
“serial”: 1,
“lineage”: “f35a4048-4cee-63e0-86b2-e699165efbe5”,
“outputs”: {},
“resources”: []
}

If we included something simple like a datacenter definition the connection will fail with the wrong password.

Putting in the right password but the wrong datacenter will return a different value

To get the right datacenter we can go to the vSphere html5 user interface or use the Connect-VIserver command to look for the datacenter name.

In this example we should use the Home-Datacenter as the Datacenter name.

It is important to note that the tfstate file changes with the successful apply and the resources section now contains valid data about our server.

{
“version”: 4,
“terraform_version”: “0.13.3”,
“serial”: 2,
“lineage”: “f35a4048-4cee-63e0-86b2-e699165efbe5”,
“outputs”: {},
“resources”: [
{
“mode”: “data”,
“type”: “vsphere_datacenter”,
“name”: “dc”,
“provider”: “provider[\”registry.terraform.io/hashicorp/vsphere\”]”,
“instances”: [
{
“schema_version”: 0,
“attributes”: {
“id”: “datacenter-3”,
“name”: “Home-Datacenter”
}
}
]
}
]
}

In summary, we have looked at how to find various providers to use with terraform, how to call a sample provider and what constructs are created when the init, plan, and apply functions are used with the local terraform binary. Fortunately, none of this changes if you are using Windows, Linux, or any other operating system. The provider directory under the .terraform tree contains the binary to translate from local API calls to API calls on the target system. This is a simple example but gives a good overview of what a good and bad connection into a vSphere server looks like and how to troubleshoot the connection. This construct should also work for a direct connection into an ESXi server without having to spin up a vSphere management instance.

117 thoughts on “Terraform Providers”

  1. Thanks so much for providing individuals with a very superb opportunity to read critical reviews from this site. It is usually very excellent plus stuffed with amusement for me and my office friends to visit the blog minimum 3 times per week to read the latest issues you have got. And lastly, we are certainly amazed with your cool advice served by you. Selected 1 points in this posting are in fact the very best I’ve had.

  2. I in addition to my guys were actually studying the best items located on your website and unexpectedly I got an awful suspicion I had not thanked the web site owner for those strategies. My boys are already for this reason very interested to see all of them and already have really been using them. Appreciation for simply being so kind and for picking out some essential resources most people are really wanting to be informed on. Our own sincere regret for not saying thanks to you earlier.

  3. I wanted to send you a little bit of word so as to say thank you again on the awesome solutions you have documented here. It was simply wonderfully open-handed of people like you in giving publicly just what many individuals could possibly have made available for an e-book in order to make some bucks on their own, primarily since you could have tried it in the event you wanted. Those ideas likewise acted to be a fantastic way to fully grasp other individuals have the same dream much like my very own to grasp lots more with reference to this issue. I’m certain there are some more pleasurable occasions up front for individuals that read carefully your blog.

  4. I have to show some appreciation to the writer just for bailing me out of this type of instance. As a result of surfing throughout the world wide web and finding tips which were not pleasant, I believed my entire life was over. Existing without the approaches to the problems you have sorted out through your entire article is a serious case, and those which may have in a negative way affected my career if I had not noticed your web page. Your main expertise and kindness in maneuvering almost everything was important. I don’t know what I would have done if I had not come upon such a step like this. I’m able to at this moment look ahead to my future. Thank you so much for your reliable and sensible help. I won’t think twice to refer your site to anyone who ought to have direction about this area.

  5. I wish to point out my respect for your kind-heartedness in support of all those that absolutely need help on this particular area. Your very own dedication to getting the solution all-around ended up being really informative and have all the time enabled employees like me to attain their pursuits. The interesting publication implies a lot a person like me and additionally to my office colleagues. Many thanks; from all of us.

  6. I precisely desired to thank you very much once more. I do not know the things that I might have tried in the absence of the actual concepts provided by you regarding such a field. It has been the difficult crisis for me, but taking a look at your well-written tactic you solved that made me to cry with happiness. Now i’m thankful for this guidance and hope that you recognize what a great job you are always providing training the mediocre ones using your web page. Most likely you haven’t encountered all of us.

  7. I simply desired to appreciate you again. I am not sure what I might have used in the absence of the entire tips revealed by you concerning my situation. It truly was an absolute traumatic matter in my position, however , noticing the very specialised way you solved it forced me to jump with delight. I am just thankful for the information and as well , hope that you really know what a great job you have been undertaking training most people using your web blog. I’m certain you’ve never met all of us.

  8. I want to express my thanks to this writer just for rescuing me from this particular setting. As a result of surfing around throughout the world-wide-web and seeing methods which are not beneficial, I was thinking my entire life was over. Existing devoid of the approaches to the issues you have sorted out by means of this website is a crucial case, and those which might have negatively damaged my entire career if I hadn’t come across your web site. Your own understanding and kindness in controlling all areas was vital. I’m not sure what I would’ve done if I hadn’t discovered such a stuff like this. I am able to at this moment look forward to my future. Thanks for your time so much for this specialized and sensible help. I will not hesitate to endorse your blog post to any person who will need counselling about this subject.

  9. My husband and i were quite delighted when Raymond could do his investigation from the precious recommendations he got out of the web pages. It is now and again perplexing to just choose to be releasing guides people might have been trying to sell. So we understand we have the website owner to give thanks to for that. The main illustrations you’ve made, the easy site navigation, the friendships your site make it possible to foster – it’s got all overwhelming, and it’s assisting our son in addition to the family reason why this content is enjoyable, which is certainly unbelievably serious. Many thanks for all!

  10. I am glad for commenting to let you be aware of what a brilliant encounter my friend’s daughter had going through your blog. She learned so many pieces, which included what it is like to possess an incredible coaching nature to have other people really easily comprehend a number of complicated things. You truly exceeded visitors’ desires. Thank you for displaying such helpful, safe, educational and even fun tips about this topic to Kate.

  11. My husband and i were now cheerful Peter managed to deal with his reports via the ideas he acquired while using the site. It is now and again perplexing to just continually be giving away strategies that the rest have been trying to sell. We take into account we now have you to give thanks to for that. Most of the explanations you have made, the straightforward site navigation, the relationships you can give support to engender – it’s mostly astounding, and it’s really helping our son in addition to us recognize that that idea is cool, which is certainly truly indispensable. Thank you for the whole lot!

  12. I wish to express my thanks to you for rescuing me from this crisis. Just after surfing around through the the net and meeting solutions which are not helpful, I figured my entire life was well over. Living minus the strategies to the difficulties you’ve resolved by means of the short post is a crucial case, and the ones which could have in a wrong way affected my entire career if I hadn’t encountered your website. Your training and kindness in taking care of all the stuff was useful. I am not sure what I would have done if I had not come upon such a subject like this. I am able to at this point look ahead to my future. Thanks so much for the specialized and result oriented help. I will not think twice to propose the sites to any individual who should get support on this situation.

  13. Thanks so much for giving everyone an extraordinarily terrific possiblity to read critical reviews from this web site. It can be so superb plus full of a lot of fun for me and my office colleagues to search your web site at the very least thrice in a week to read the latest items you have got. Not to mention, I’m just actually pleased with all the unique advice you give. Selected 4 ideas in this post are rather the simplest I’ve ever had.

Leave a Reply

Your email address will not be published. Required fields are marked *