Before starting, let's make sure that branch 'stage' is the current working branch.
git branch --show-current
We'll base our fabric configuration on the modules we created in the previous tasks, and add a few new interfaces, plus another VRF and network. Our main.tf is similar to previous tasks. The most significant difference is the backend. We are triggering terraform apply within the pipeline, which is executed on an ephemeral GitLab runner container instance. Hence, the terraform state can't be stored locally on the runner, as the environment is destroyed after each pipeline run. Also, the Terraform state needs to be synchronized across different pipeline runs. For these reasons, we need to store the Terraform state where it can persist across pipeline runs. There are several backend storage options available for this purpose, including http, etcd, cloud storage, etc. We'll use the http backend provided by GitLab as our backend to store the Terraform state and lock.
Review the main terraform config: main.tf
code -r /home/cisco/CiscoLive/DEVWKS-3320/main.tf
terraform {
required_providers {
dcnm = {
source = "CiscoDevNet/dcnm"
version = "1.2.7"
}
}
backend "http" {
}
}
provider "dcnm" {
username = var.nd_username
password = var.nd_password
url = var.ndfc.url
platform = var.ndfc.platform
}
module "interfaces" {
source = "./modules/interface"
inventory = var.inventory
fabric_name = var.fabric_name
loopbacks = var.loopbacks
vpcs = var.vpcs
}
module "overlay" {
depends_on = [module.interfaces]
source = "./modules/overlay"
fabric_name = var.fabric_name
inventory = var.inventory
vrfs = var.vrfs
networks = var.networks
}
The variables.tf file is a little bit different from previous tasks. As a best practice, sensitive data like username and password should not be stored in the repository. We could choose a Secret Management System like Hashicorp Vault, or store our sensitive data as environment variables in within the VCS. In this lab we'll use the latter option. Below is the data we'll store as GitLab environment variables:
Here are the variables pre-configured in the GitLab group which will be used in the rest of this task:
Review the fabric variables in variables.tf:
code -r /home/cisco/CiscoLive/DEVWKS-3320/variables.tf
variable "ndfc" {
type = object({
url = string
platform = string
})
}
variable "nd_username" {
type = string
sensitive = true
}
variable "nd_password" {
type = string
sensitive = true
}
variable "fabric_name" {
type = string
}
variable "inventory" {
type = map(any)
}
variable "loopbacks" {
type = list(object({
switch_id = string
loopback_id = number
loopback_ipv4 = string
vrf = string
route_tag = number
}))
}
variable "vpcs" {
type = list(object({
vpc_id = number
switch1_id = string
switch2_id = string
mode = string
bpdu_guard_flag = string
mtu = string
peer1_members = list(string)
peer2_members = list(string)
}))
}
variable "vrfs" {
type = list(object({
name = string
vlan_id = number
segment_id = number
description = string
attachments = list(object({
switch_id = string
}))
}))
}
variable "networks" {
type = list(object({
name = string
vlan_id = number
network_id = number
vrf_name = string
ipv4_gateway = string
description = string
attachments = list(object({
switch_id = string
switch_ports = list(string)
}))
}))
}