Terraform for automating NC2 and FVN
Introduction
This guide introduces a collection of Terraform and OpenTofu scripts designed to automate the post-deployment configuration of Nutanix Cloud Clusters (NC2) on AWS, with a particular focus on Flow Virtual Networking (FVN). These scripts help streamline the process of setting up complex networking configurations and VM deployments in NC2 environments.
Benefits of automation
Automation with Terraform and OpenTofu brings several significant advantages:
- Time Efficiency: Manual configuration of NC2 environments can be time-consuming. These scripts automate the process, reducing deployment time from hours to minutes.
- Cost Optimization: Since NC2 on AWS bills bare-metal hosts hourly, faster deployments directly translate to cost savings.
- Consistency: Automated deployments ensure consistent configurations across different environments.
- Reproducibility: The infrastructure can be easily recreated or modified using the same code.
- Version Control: Infrastructure changes can be tracked and managed through version control systems.
Terraform and OpenTofu
These samples have been thoroughly tested on NC2 on AWS using OpenTofu but are fully compatible with Terraform. While primarily developed for AWS environments, the scripts should work on NC2 on Azure as well, though this hasn’t been part of the testing during development.
Features of the Terraform samples
The provided samples are designed with flexibility and ease of use in mind:
Environment Configuration
- All samples assume Prism Central and other variables are exported as environment variables
- Each folder includes a
set-env.shscript for easy environment setup - Variables can be customized to match your specific environment
Networking
The samples cover various networking scenarios:
- NAT and no-NAT configurations for Flow Virtual Networking
- Multi-subnet VPC setups
- Transit VPC configurations
- Floating IP assignments
- External Route Propagation (ERP) settings
VM Management
Some samples extend beyond networking to include:
- VM image downloads and registration
- VM creation and configuration
- Cloud-init script execution for software installation
- Automated VM deployment across different network configurations
Download
The samples can be downloaded / cloned from the following GitHub repository: https://github.com/jonas-werner/nc2-fvn-terraform
1
git clone https://github.com/jonas-werner/nc2-fvn-terraform.git
Script Overview
1. nc2-os-images
- Populates the Prism Central image library with a number of Ubuntu and CentOS images from public repositories
2. nc2-fvn_nonat-only
- Creates the “overlay-external-subnet-nonat” subnet in the Flow “transit-vpc”
3. nc2-fvn_nat-vpcs
- Deploys two Flow VPCs with NAT egress and two subnets each
4. nc2-fvn_nonat-vpcs
- Creates the “overlay-external-subnet-nonat” subnet in the Flow “transit-vpc”
- Creates two Flow VPCs with no-NAT egress
- Creates subnets in each Flow VPC
- Adds the subnets CIDR ranges as Externally Routable Prefixes (ERP) to the Flow VPCs
- Modify the “terraform.tfvars” file to customize the VPCs and subnets
5. nc2-fvn_nat-vms-simple
- Deploys one VPC with NAT egress and two subnets
- Downloads and OS image
- Deploys VMs initiated with cloud-init scripts from the OS image (customize the cloud-init YAML in the “templates” subfolder as desired)
- Creates and associates Floating IPs from the AWS VPC CIDR range to each VM
6. nc2-fvn_nat-nonat-vms
- Creates the “overlay-external-subnet-nonat” subnet in the Flow “transit-vpc”
- Creates two Flow VPCs: One with NAT and another with no-NAT egress
- Creates subnets in each Flow VPC
- Downloads an Ubuntu image
- Deploys VMs from the Ubuntu image, including cloud-init scripts (customize them in the “templates” folder)
- Creates and associates Floating IPs from the AWS VPC CIDR range to each VM on the NAT VPC
- Adds the subnets CIDR ranges as Externally Routable Prefixes (ERP) to the Flow no-NAT VPCs
Detail for the nc2-fvn_nat-nonat-vms sample
This comprehensive script demonstrates a complex deployment scenario that combines both NAT and no-NAT configurations:
Network Setup
- Creates no-NAT network in the transit-vpc
- Creates two Flow VPCs:
- One configured for NAT
- One configured for no-NAT
- Routing between networks will be done via the transit-vpc
VM Deployment
- Downloads an Ubuntu image and registers it with the Prism Central image repository
- Deploys VMs across different network configurations
- Configures networking for each VM:
- NAT networks: Assigns floating IPs from AWS VPC CIDR range
- No-NAT VPCs: Configures ERP entries for subnets
Floating IP assignment:
Important Notes
- ERP configuration is only applied to newly created Flow VPCs. The pre-existing transit-vpc requires manual ERP configuration.
- This step is left to the user as adding networks here automatically updates also the AWS VPC default route table
ERPs added to the Flow VPCs
These are added automatically by the TF script:
ERPs added to the Flow transit-vpc resulting in AWS VPC route table update:
These need to be added manually as to the Flow transit-vpc (deployed by default if Flow is selected during cluster creation)
Best Practices
When using these scripts, consider the following best practices:
- Environment Variables: For convenience, refer to the provided
set-env.shscript to set up your environment - Testing: Test configurations in a non-production environment first
- Backup: Keep backups of your Terraform state files
Conclusion
This guide has introduced a comprehensive collection of Terraform scripts for automating overlay networking and VM creation on NC2 on AWS. These scripts provide a solid foundation for deploying and managing complex NC2 environments while saving time and reducing the potential for configuration errors.