Terraform for VMware SD-WAN by VeloCloud

My favourite tech trends of the past 5-10 years would probably be (in no particular order):

  • Serverless & Function-As-A-Service
  • Infrastructure-As-Code
  • Software-Defined WAN

So when my buddy Antoine told me he had written his own custom Terraform provider with VMware SD-WAN (by VeloCloud), I had to try out: not only it combines some of my favourite technologies but I am very impressed by Antoine’s ability to self-learn Go and write his own Terraform provider.

Antoine published his provider on the Terraform Registry (I talked extensively about it there) and at time of writing, he’s already had 800 downloads of the provider.


Why would you use Terraform for this use case? Well, VeloCloud and SD-WAN in general are all about optimal experience for remote users, wherever they are. It abstracts circuits (whether private circuits like MPLS or public Internet access such as broadband, 4G or 5G) and provides resiliency and optimal performance over these multiple links.

Setting up a couple of remote sites with SD-WAN manually for a couple of users – fine.

Doing it for hundreds of branches (like I had to do when I worked at Cisco for a UK bank) – not as easy. You really have to prefer an automated way. One of the automated ways would be to leverage Terraform.


The process when deploying a remote site with VeloCloud is to create an edge on the VeloCloud Orchestrator (the portal where you configure and monitor VeloCloud).

When you create an edge on the orchestrator, like you do below, you get an activation key. When you install the VeloCloud box in your site, input the key so that it can register itself with VeloCloud and pick up the right configuration and profile (I’m keeping it simple here).

Your VeloCloud is not just in remote sites or on campuses – it can also be extended to the Cloud.

For example, if you extend your VeloCloud to AWS, you also need to deploy a Virtual Edge from the AWS Marketplace. And ideally you would push the activation key within the deployment of the edge (using cloudinit).

And this is another great use case for automation and using something like Terraform providers: with a single “terraform apply” command, you can create a edge in the VeloCloud portal, export the activation key as part of the activation and leverage it with the AWS Terraform provider to deploy the EC2 VeloCloud instance and input directly the activation key with cloudinit. A single command would avoid logging in across multiple portals and given that it is code, you can reuse the code for every new branch you’re configuring.

You could also use the provider alongside a platform like vRealize Automation to provide a self-service portal, like Vincent and Antoine demo in this video:

Let’s go and get started with Terraform for VeloCloud.


Configuration

The only thing you will need is:

  • Terraform installed on your client (or vRealize Automation or Terraform Cloud)
  • Access to a VeloCloud Orchestrator

Clone my GitHub repo for a simple example.

Our Terraform configuration file – where you describe the VeloCloud configuration – is below:

terraform {
  required_providers {
    velocloud = {
      source = "adeleporte/velocloud"
    }
  }
}


data "velocloud_profile" "nvibert_profile" {
    name = "nvibert-profile"
}

resource "velocloud_edge" "nvibert_edge" {

  configurationid               = data.velocloud_profile.nvibert_profile.id
  modelnumber                   = "virtual"

  name                          = "nvibert_edge"

  site {
    name                        = "nvibert_"
    contactname                 = "Nico"
    contactphone                = "+331010101010"
    contactmobile               = "+336010101010"
    contactemail                = "nico@nico.com"
    streetaddress               = "none_of_your_business"
    city                        = "I won't tell you"
    country                     = "UK"

    shippingstreetaddress       = "It's somewhere in the cloud"
    shippingcity                = "Cloud City"
    shippingcountry             = "VMC"

    lat                         = 53.397
    lon                         = -2

    shippingsameaslocation      = true
  }
}

output "nvibert_edge_key" {value = velocloud_edge.nvibert_edge.activationkey}

Let’s review this. The first block refers to the required provider.

As it’s not an official HashiCorp-built provider, we need to specify which provider by using the command below. We’re using the one Antoine built.

terraform {
  required_providers {
    velocloud = {
      source = "adeleporte/velocloud"
    }
  }
}

Next, we refer to an existing VeloCloud profile. I have pre-created a profile on the UI. Update the profile accordingly.

data "velocloud_profile" "nvibert_profile" {
    name = "nvibert-profile"
}

Then I can create a new velocloud_edge, with the name “nvibert_edge” with the site details (address, latitude and longitude).

resource "velocloud_edge" "nvibert_edge" {

  configurationid               = data.velocloud_profile.nvibert_profile.id
  modelnumber                   = "virtual"

  name                          = "nvibert_edge"

  site {
    name                        = "nvibert_"
    contactname                 = "Nico"
    contactphone                = "+331010101010"
    contactmobile               = "+336010101010"
    contactemail                = "nico@nico.com"
    streetaddress               = "none_of_your_business"
    city                        = "I won't tell you"
    country                     = "UK"

    shippingstreetaddress       = "It's somewhere in the cloud"
    shippingcity                = "Cloud City"
    shippingcountry             = "VMC"

    lat                         = 53.397
    lon                         = -2

    shippingsameaslocation      = true
  }
}

output "nvibert_edge_key" {value = velocloud_edge.nvibert_edge.activationkey}

Once the edge is created, I get an activation key back. I could use it with subsequent automation scripts

output "nvibert_edge_key" {value = velocloud_edge.nvibert_edge.activationkey}

You just need an API token from the VeloCloud Orchestrator (you can get one in Administrator > System Settings > Authentication) and the address of the vCO in a terraform.tfvars file:

vco       = "https://vcoXXXX.velocloud.net/portal/rest"
token     = "xxxxxxxxx"

And that’s it!

A quick Terraform apply deploys my edge:

And my Edge can be found in the Orchestrator (and you can see roughly where I live 😁):

And the VeloCloud Activation Key is here for you to leverage during the activation (just run a terraform show):

bash-3.2$ terraform show

# module.VeloCloud.data.velocloud_profile.nvibert_profile:
data "velocloud_profile" "nvibert_profile" {
    id   = "15321"
    name = "nvibert-profile"
}

# module.VeloCloud.velocloud_edge.nvibert_edge:
resource "velocloud_edge" "nvibert_edge" {
    activationkey       = "XXXX-XXXX-XXXX-XXXX"
    activationstate     = "PENDING"
    configurationid     = 15321
    edgeprofileid       = 19578
    edgestate           = "NEVER_ACTIVATED"
    generatecertificate = false
    haenabled           = false
    hastate             = "UNCONFIGURED"
    id                  = "22395"
    islive              = 0
    modelnumber         = "virtual"
    name                = "nvibert_edge"
    servicestate        = "IN_SERVICE"

    site {
        city                   = "I won't tell you"
        contactemail           = "nico@nico.com"
        contactmobile          = "+336010101010"
        contactname            = "Nico"
        contactphone           = "+331010101010"
        country                = "UK"
        lat                    = 53.397
        lon                    = -2
        name                   = "nvibert_"
        shippingcity           = "Cloud City"
        shippingcountry        = "VMC"
        shippingsameaslocation = true
        shippingstreetaddress  = "It's somewhere in the cloud"
        streetaddress          = "none_of_your_business"
    }
}

This was just a brief intro to the provider – go and check the documentation that Antoine has published here.

Thanks for reading.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s