Implement Terraform via SSH in vRealize Automation

Why would I want to use Terraform via SSH in vRealize Automation and how I end up doing so, that’s what you will find out in this article.

When you start looking at how to implement Terraform in vRealize Automation you will soon end up looking at this page. Well that is not how I would like to implement Terraform within vRealize Automation. I would like to setup my own terraform server (linux + terraform CLI) and use that instead. Since Terraform CLI is basically sending some SSH commands to a linux server that shouldn’t be that hard.

Setting up the Linux Server

1. Install Terraform (link)
2. Create folder structure
   1. /opt/terraform/github
      In here I’ll setup a Git Repository containing the Terraform Projects
   2. /opt/terraform/providers
      In here I’ll place the providers
3. Create user account:
   [elementor-template id=”475″]
4. Create a group:
   [elementor-template id=”478″]
5. Put user in group:
   [elementor-template id=”481″]
6. Set user and group as owner of the previous folders:
   [elementor-template id=”484″]
7. Allow user to connect via SSH
   1. Edit the config file via:
      [elementor-template id=”487″]
   2. In the end of the file add the following:
      [elementor-template id=”490″]
8. To make use of the offline providers you must make some changes under the user account (read also here and here):
   1. Log in as user vratf
   2. Create and edit a custom config file in the home directory:
      [elementor-template id=”493″]
   3. Add the following inside:
      [elementor-template id=”502″]
   4. Edit the users profile (.bashrc)
      [elementor-template id=”496″]
   5. Add below to create an environmental variable:
      [elementor-template id=”505″]

For now I use the command “terraform providers mirror” to get the offline files in the right format. Which I then copy to the /opt/terraform/providers folder.

Well that was most that there is about to say about setting up the Linux Server with Terraform (I’m not going to point out how to setup the Github Repository, that outside the scope of this article).

How to use Terraform via SSH?

I have looked at some possibilities to use it:

1. SSH Host
2. vRO SSH Script Host workflow
3. Powershell

SSH Host

When I tried to use this plugin I had an issue with the password. That will be “VCOencrypted” which makes connecting to the server a bit complicated. I was hoping it was more like the Powershell host, but this plugin doesn’t have “connect” or “opensession” functions. When looking into the encryption I have found some articles (1, 2 and 3), but I stopped further exploring this option at this point.

vRO SSH Script Host workflow

This is based on this article. You’ll end up with a workflow which uses a Configuration Element in which the host details (username, password, port number, server name, …) are available.

It works like a charm! Just run the workflow, specify the command to run and it will execute the command and return the output.

Powershell

Since I work a lot with Powershell, I would like to use the powershell host, which is also setup with an internal Git repository. 

To use Terraform via SSH  I wrote the following PowerShell function:
[elementor-template id=”499″]

tfFolder will be the project which is used
tfCommand will be the command to execute (terraform init, plan, …)
tfEnvironment will be used to determine in which DTAP environment we need to run the command.

I recently started using the secretmanagement and secretstore modules for handling secrets on the Powershell host. I’ll soon write an article about that, I really enjoy using these modules. Because of a naming format, I can easily use the environment to get the appropriate inputs:

• SSHUsername
• SSHPassword
• SSHBaseFolder (/opt/terraform/github/)

Conclusion