cunnie
commented
5 years ago @aegershman: I like what you're suggesting, but the terraform provider isn't there yet: it can't replace many of the Ansible tasks:
- Terraform can't install the NSX-T manager VM. Nor the Edge VMs
- Terraform can't install the VIBs on the ESXi hosts
Terraform can't create & configure the T0 or T1 routers (they're Terraform data sources, but not Terraform resources)
Maybe Terraform is the right solution to create the T0 & T1 routers, but there is a shortcoming with the T0 router creation — we can't seem to find a way to configure the uplink (a very necessary component of a T0 router), so our current plan is to let these pipelines configure everything up to the T1 routers, which we'll configure ourselves via Terraform.
Side note: the Terraform provider is focused on traditional SDN (software defined networking): firewall rules, IP address management (DHCP servers), subnets, routes, elastic IPs. In addition, it also enables configuration of NSX-T artifacts such as T0 & T1 routers.
[Edited]
xyloman
In order to maintain infrastructure as code, could the creation & configuration of NSX-T components be deferred to the nsxt terraform provider rather than a tool like ansible? It feels like there's a lot of "magic" happening in in some of these tasks and I wonder if a better abstraction layer would be terraform.
This could make day-2 operations safer and more reliable. Terraform could be better suited for handling changes and upgrades.
Thoughts?