Deploy a Secure Device Connector to vSphere Using Terraform

Before you begin

This procedure details how you can use the CDO SDC Terraform module for vSphere in conjunction with the CDO Terraform Provider to deploy an SDC to your vSphere. Ensure you review the following prerequisites before attempting to perform this task procedure:

  • You require a vSphere datacenter version 7 and above

  • You require an admin account on the datacenter with permissions to do the following:

    • Create VMs

    • Create folders

    • Create content libraries

    • Upload files to content libraries

  • Terraform knowledge

Procedure

Step 1

Create an API-only user in CDO and copy the API token. To know how to create an API-only user, see Create API Only Users.

Step 2

Configure the CDO Terraform provider in your Terraform repository by following the instructions in CDO Terraform Provider.

Example:

terraform { 
  required_providers { 
    cdo = { 
      source = "CiscoDevNet/cdo" 
      version = "0.7.0" 
    } 
  } 
} 
 
provider "cdo" { 
  base_url = “<the CDO URL you use to access CDO>” 
  api_token = “<the API Token generated in step 1>” 
}

Step 3

Write Terraform code to create a cdo_sdc resource using the CDO Terraform provider. See the Terraform registry for cdo-sdc resource for more information.

Example:

Resource “cdo_sdc” “my-sdc” { 
  name = “my-sdc-in-vsphere” 
}

The bootstrap_data attribute of this resource is populated with the value of the CDO bootstrap data and is provided to the cdo_sdc Terraform module in the next step.

Step 4

Write Terraform code to create the SDC in vSphere using cdo_sdc Terraform module.

Example:

data "cdo_tenant" "current" {} 
 
module "vsphere-cdo-sdc" { 
  source               = "CiscoDevNet/cdo-sdc/vsphere" 
  version              = "1.0.0" 
  vsphere_username     = "<replace-with-username-with-admin-privileges>" 
  vsphere_password     = "<super-secure-password>" 
  vsphere_server       = "<replace-with-address-of-vsphere-server>" 
  datacenter           = "<replace-with-datacenter-name>" 
  resource_pool        = "<replace-with-resource-pool-name>" 
  cdo_tenant_name      = data.cdo_tenant.current.human_readable_name 
  datastore            = "<replace-with-name-of-datastore-to-deploy-vm-in>" 
  network              = "<replace-with-name-of-network-to-deploy-vm-in>" 
  host                 = "<replace-with-esxi-host-address>" 
  allow_unverified_ssl = <boolean; set to true if your vsphere server does not have a valid SSL certificate> 
  ip_address           = "<sdc-vm-ip-address; must be in the subnet of the assigned network for the VM>" 
  gateway              = "<replace-with-network-gateway-address>" 
  cdo_user_password    = "<replace-with-password-for-cdo-user-in-sdc-vm>" 
  root_user_password   = "<replace-with-password-for-root-user-in-sdc-vm>" 
  cdo_bootstrap_data   = cdo_sdc.sdc-in-vsphere.bootstrap_data 
}

Note that the VM created has two users—a root user and a user called cdo—and the IP Address of the VM is configured statically. The cdo_bootstrap_data attribute is given the value of the bootstrap_data attribute generated when the cdo_sdc resource is created.

Step 5

Plan and apply your Terraform using terraform plan and terraform apply, as you would normally.

See the CDO Automation Repository in the CiscoDevNet for a complete example.

If your SDC stays in the onboarding state, connect to the vSphere VM using remote console, log in as the CDO user, and execute the following command:

sudo su 
/opt/cdo/configure.sh startup
Note

The CDO Terraform modules are published as Open Source Software under the Apache 2.0 license. You can file issues on GitHub if you require support.