In our last blog post we talked about how to deploy Zerto with Terraform. In that blog post I specifically walked through our example of how to deploy and silently install a ZCA in Azure with Zerto and Terraform. Alex Schenck and I have been working on automating the deployment of Zerto in on premise datacenters as well as public cloud. In this blog post I want to walkthrough how we deployed a ZVM in vSphere with Terraform. The objective is the same, automate the process of deploying Windows and then perform a silent installation of Zerto. How we get there though is a little different in vSphere than it is in AWS or Azure.
One of the biggest reasons why is the fact that in AWS and Azure Zerto has an image pre-staged in each marketplace. The Terraform automation we use to calls those marketplace images which already have a version of Windows Server and the Zerto installation media in a static location on them. For a vSphere environment you’ll have more flexibility over which version of Windows Server you want to use (2012r2, 2016,2019) but there will also be some additional steps you’ll need to perform before leveraging our Terraform vSphere example. And depending on which version of Windows Server the steps will be a little different.
In the example I’m going to walkthrough today I’m going to make a vSphere template out of a Windows Server 2019VM. Zerto requires a minimum version of .NET Framework 4.7.2 before installation will continue, with Windows Server 2019 .NET 4.7.2 is installed by default. I found that this Microsoft doc on determining .NET version along with this article on versions and dependencies helped me to confirm this. For those of you who are going to deploy Server2012r2 or 2016 you’ll want to review these to determine which update has the appropriate .NET install in it. Otherwise you’ll want to install .NET manually before creating your vSphere Template. Once you have your Windows Server configured the way you want it, make sure to copy the Zerto Virtual Manager.exe for VMware onto your VM and take note of where you placed the file. In my example I put the file in the Program Files directory. You don’t have to put the file in the same location, you may prefer C:\Temp, just make sure to update your main.tf file with the appropriate location in the provisioner section:
If you have any Windows updates or any additional applications, your organization requires for your Windows Server images now might be a goodtime to install those as well. You also need to make sure that from your host running Terraform you’ll be able to connect to the VM that’s deployed leveraging WinRM. Terraforms remove-exec provisioner leverages WinRM to connect to the OS and then issue the silent installation steps. For those of you who aren’t familiar with configuring WinRM I found this blog on PowerShell remoting as well as this Reddit post on WinRM with Terraform to be helpful. Out of the box Windows Server 2019 did not accept WinRM connections so my initial deployments via Terraform failed.
Once everything you want on your OS is installed you can then navigate into the vSphere UI, right click on the VM in the inventory, and select Clone to Template:
Make sure to record the name of your clone, you’ll need it later. Also note that this name is case sensitive. I learned that the hard way the first time I ran my configuration file. Once you Template operation completes in vSphere you can start configuring your main.tf and variables.tf files. In this example I have my variables in my variables.tf in plain text to show how this works. This isn’t recommended for production as these credentials can end up being recorded in your state files. This is where you may want to have Terraform call a credential manager of your choosing. We actually have an example on our GitHub that Alex created. He shows you how to use AWS secrets manager to store your vSphere credentials.
In our other example you can open the variables.tf file and see the required variables we have for running the file:
You’ll need to provide credentials for a vSphere administrator level account, as well as the vCenter IP, and the Datacenter name. These details are going to be used to call vCenter and deploy the template to the appropriate location, and then perform the silent installation of Zerto. At the top of our main.tf file in our provider we’re going to call these variables that we’ve established:
To call the appropriate resources to create the VM from the Template we’ll need to provide Terraform some additional information about the vCenter resources we’d like to leverage for the VM. Specifically, the datacenter, datastore, virtual network, resource pool, and template names. For those of you who aren’t using resource pools in vSphere you still must specify a pool. vSphere still creates a default resource pool for each ESXi host whether you configure one or not. If you aren’t using resource pools the default pool you’ll need to specify is the name of your host plus a forward slash and the word resources. If your host was called ESXiHost1 the root resource pool will be called ESXiHost1/Resources.
With the appropriate resource names filled in Terraform will gather the necessary IDs for these to then assist in creating your ZVM. A few tips from learning experiences Alex and myself went through over a few lengthy days. Make sure depending on your operating system you choose that you select the appropriate firmware. If your Windows OS needs to be configured for EFI to run make sure to update the firmware appropriately, otherwise use BIOS. If you’re looking to leverage Windows Server 2016 or 2019 vSphere has the guest OS label for these both as “windows9Server64Guest”. If you decide to run Windows Server2012r2 you’ll need to change the guest_id to “windows8Server64Guest” otherwise when you run Terraform plan it will provide you an error message informing you that you’ve selected the wrong OS type based on the OS type of the template.
In the provisioner section at the bottom of the template is where you’ll configure the WinRM details. If you’re going to leverage WinRM over HTTPs you’ll need to change https to true and know that WinRM leveraging HTTPs uses port 5986 instead of port 5985. For our demonstration we leveraged WinRM over HTTP but for obvious security reasons that may not be allowed in your environment.
The last item is the variables passed into the Zerto silent install. Those same variables that you provided earlier will be carried into the string for the silent installation.
When you’ve configured your template and your Terraform main.tf file and you’re ready go ahead and run Terraform. Once the template is successfully deployed you’ll see Terraform successfully connect to WinRM and issue the silent installation command.
Once Terraform is complete you can log into your vSphere ZVM and Zerto will be installed and running, ready for you to login and get started!!!!
If you’re interested in using this automation with Terraform and Zerto you can find the example files in the Zerto Git Hub.