Posted in OpenTofu, Terraform, vmware

Inštalácia vCenter servera pomocou Terraformu

   Published Date: 20. December 2025

V decembri 2023 som písal o inštalácii VMware vCenter servera pomocou šablóny JSON. Dnes by som chcel túto tému rozšíriť o postup, ako tento typ inštalácie zapracovať do Terraformu.

V princípe ide o to, že si embedded_vCSA_on_ESXi.json šablónu mierne upravím tak, aby sme si na základe parametrov z terraformu vyrobili šablonu, ktorú potom použijeme pri vcsa-deploy.exe install …

Postup

Vyrobíme si jeden nový adresár (napr. “NewVMCA”) s podadresárom napr. “Template” a 3 súbormi: main.tf, vars.tf a terraform.tfvars. Do adresára “Template” si nakopírujeme predvolenú embedded_vCSA_on_ESXi.json z inštalačného ISO súboru.

Upravíme ju tak, aby hodnoty, ktoré chceme vypĺňať, boli zapísané ako premenne. Napr. “name”: “${vcsa_name}

{
    "__version": "2.13.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
    "new_vcsa": {
        "esxi": {
            "hostname": "${esxi_IP}",
            "username": "root",
            "password": "${esxi_pass}",
            "deployment_network": "${esxi_portgroup}",
            "datastore": "${esxi_datastore}"
        },
        "appliance": {
            "__comments": [
                "You must provide the 'deployment_option' key with a value, which will affect the vCenter Server Appliance's configuration parameters, such as the vCenter Server Appliance's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
            ],
            "thin_disk_mode": true,
            "deployment_option": "${vc_deploy_option}",
            "name": "${vcsa_name}"
        },
        "network": {
            "ip_family": "ipv4",
            "mode": "static",
            "system_name": "${vcsa_fqdn}",
            "ip": "${vcsa_IP}",
            "prefix": "${vcsa_prefix}",
            "gateway": "${vcsa_gw}",
            "dns_servers": [
                "${dns}"
            ]
        },
        "os": {
            "password": "${vcsa_root_pass}",
            "time_tools_sync": true,
            "ssh_enable": false
        },
        "sso": {
            "password": "${vcsa_sso_pass}",
            "domain_name": "vsphere.local"
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++",
                "VMware's Customer Experience Improvement Program (CEIP) ",
                "provides VMware with information that enables VMware to ",
                "improve its products and services, to fix problems, ",
                "and to advise you on how best to deploy and use our ",
                "products. As part of CEIP, VMware collects technical ",
                "information about your organization's use of VMware ",
                "products and services on a regular basis in association ",
                "with your organization's VMware license key(s). This ",
                "information does not personally identify any individual. ",
                "",
                "Additional information regarding the data collected ",
                "through CEIP and the purposes for which it is used by ",
                "VMware is set forth in the Trust & Assurance Center at ",
                "http://www.vmware.com/trustvmware/ceip.html . If you ",
                "prefer not to participate in VMware's CEIP for this ",
                "product, you should disable CEIP by setting ",
                "'ceip_enabled': false. You may join or leave VMware's ",
                "CEIP for this product at any time. Please confirm your ",
                "acknowledgement by passing in the parameter ",
                "--acknowledge-ceip in the command line.",
                "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
            ]
        },
        "settings": {
            "ceip_enabled": false
        }
    }
}

Do main.tf zapíšeme, že pomocou resource “local_file” sa má vyrobiť upravená šablona a následne sa má použiť v príkaze vcsa-deploy install…

resource "local_file" "vcsa_json" {
    content = templatefile (
            var.template_file_path, 
            { 
             esxi_IP = var.esxi_IP,
             esxi_pass = var.esxi_pass,
             esxi_portgroup = var.esxi_portgroup,
             esxi_datastore = var.esxi_datastore,
             vc_deploy_option = var.vc_deploy_option,
             vcsa_name = element(split(".", var.vcsa_fqdn),0),
             vcsa_fqdn = var.vcsa_fqdn,
             vcsa_IP = var.vcsa_IP,
             vcsa_prefix = var.vcsa_prefix,
             vcsa_gw = var.vcsa_gw,
             dns = var.dns,
             vcsa_root_pass = var.vcsa_root_pass,
             vcsa_sso_pass = var.vcsa_sso_pass
            }
            )
    filename = var.config_file_path
}

resource "null_resource" "vcsa_install" {
  provisioner "local-exec" {
    command = "${var.vcsadeploy_file_path}\\vcsa-deploy install --accept-eula --acknowledge-ceip --no-esx-ssl-verify --log-dir=${var.vcsadeploy_logs_folder_path} ${var.config_file_path} "
  }
}

Vo vars.tf zadefinujeme všetky vstupné premenné.

variable "template_file_path" {
  description = "JSON template file path"
  type = string
}

variable "config_file_path" {
  description = "vcsa configuration JSON file path"
  type = string
}

variable "vcsadeploy_file_path" {
  description = "command line file path"
  type = string
}

variable "vcsadeploy_logs_folder_path" {
  description = "command line file path"
  type = string
}

variable "esxi_IP" {
  description = "IP address of ESXi"
}

variable "esxi_pass" {
  description = "ESXi password"
}

variable "esxi_portgroup" {
  description = "ESXi portgroup"
}

variable "esxi_datastore" {
  description = "ESXi datastore"
}

variable "vc_deploy_option" {
  description = "vcsa deployment option"
  default = "tiny"
}

variable "vcsa_fqdn" {
  description = "vcsa fqdn"
}

variable "vcsa_IP" {
  description = "vcsa network IP"
}

variable "vcsa_prefix" {
  description = "vcsa pnetwork refix"
}

variable "vcsa_gw" {
  description = "vcsa network GW"
}

variable "dns" {
  description = "dns server"
}

variable "vcsa_root_pass" {
  description = "vcsa OS pass"
}

variable "vcsa_sso_pass" {
  description = "administrator@vsphre.local pass"
}

A v terraform.tfvars zapíšeme ich hodnoty.

template_file_path = "C:\\Automation\\Terraform\\NewVCSA\\Template\\embedded_vCSA_on_ESXi.json"
config_file_path = "C:\\Automation\\Terraform\\NewVCSA\\Template\\vcsa_embedded_vCSA_on_ESXi.json"
vcsadeploy_logs_folder_path = "C:\\Automation\\Terraform\\NewVCSA\\Template\\logs_vcsa_embedded_vCSA_on_ESXi"
vcsadeploy_file_path = "F:\\vcsa-cli-installer\\win32"

esxi_IP = "10.100.2.2"
esxi_pass = "UltraStrongPassword123!"
esxi_portgroup = "sPG-3"
esxi_datastore = "vsanDatastore"

vc_deploy_option = "tiny"
vcsa_fqdn = "vcsa01.company.local"
vcsa_IP = "10.100.3.10"
vcsa_prefix = "24"
vcsa_gw = "10.100.3.1"
dns = "10.100.3.5"

vcsa_root_pass = "UltraStrongPassword123!!"
vcsa_sso_pass = "UltraStrongPassword1234!"

Teraz už iba init, plan, apply a počkať, kým sa vCenter postaví.

Záver

Krátky vstup do Terraformu sme absolvovali v minulom článku. V ďalších článkoch si ukážeme konfiguráciu vCenter servera, kde budeme vysvetlovať aj niektoré pravidlá a syntax Terraformu.

 

Author: Martin

Infrastructure engineer | virtualization & cloud enthusiast | vSphere specialist | blogger | Veeam Vanguard 2021,2022,2023 | VMware vExpert 2017 - 2025 | VMCE | VCP-VCF Architect, VCP-DCV, NV, TKO, VCAP-DCV, CompTIA Security+ | Slovak VMUG Leader | Slovak VUG Leader | husband&father