Ansible, Terraform, both?
Hi Community, I wanted to start a chat around some dev ops tools that we know many of our customers use. I'll throw a few questions below to get us started but feel free to go off topic if you want to discuss something outside of these questions. Does your organization use Ansible, Terraform, or both? Are there other automation tools that you use or prefer? What do you like/dislike about each of these tools? How can we improve the user experience when using these tools with Platform Equinix?Equinix Provider for Terraform v1.14.0 Release
The 1.14.0 release of terraform-provider-equinix includes code and documentation to help users identify and update Terraform configurations that are impacted by the deprecation of facilities in the Equinix Metal platform. In addition, this release adds support for the DSA key type in the equinix_network_ssh_key resource, which makes it possible to provision routers in Network Edge with Terraform.OpenShift on Baremetal v0.5.0
A Terraform module that quickly installs OpenShift for use on Equinix Metal. First off, v0.4.0 aligned with thesupport of metros and deprecated the use of facilities; see the announcement here. The default location was changed fromSJC1 to DA, the default size is c3.small vs the previous c2.medium, and Terraform version 1 or higher isrequired. Underlying this is also a switch from our Metal specific Terraform provider to the full Equinix Terraform provider (v.1.14.1). This allows more configurability for node plans and better default node plans. Newer versions of OpenShift are used. This also includes several outstanding bug and CI fixes that were preventing the project from successfully functioning.It is recommended to rebuild any existing deployments. Migration should be possible by converting the state files as described in theMigrating from equinix/metal to equinix/equinix. v0.5.0 does all the above but includes minor update to the install instructions and provides us with module_name visibility that we use to gauge usage as an indicator of audience value.Ansible-Collection-Equinix v0.1.0 Release
This is the firstrelease of the Equinix Ansible Collection. This collection will mature to succeed the Ansible Equinix Metal collection. The big difference with this collection is that the goal of the project is to cover all Equinix APIs over time, starting with Metal, Fabric, and Network Edge. If you are just getting started with Ansible on Equinix, this is the project to use. Let us know which features you’ll need for your playbooks.We’ve stubbed out issues for all of the resources that will be needed to put this provider on parity with the Equinix Terraform provider which has thethe most complete IaC coverage today. Broader API coverage is being facilitated by the move away from legacy, hand-crafted, Python SDKs (packet-python). We will favor (and produce) SDKs generated from the OpenAPI spec for each Equinix API that will be supported. Metal Python is the first of these, an SDK built for wide adoption. Its readiness to simplify the API developer experience in Pythonis demonstrated throughout the Equinix Ansible collection. Additionally, this collection is applying some of the best practices seen in other Cloud Provider Ansible modules. This is most visible in the name of the module and how it is imported. See the project's E2E tests for working examples of how this collection can be used.Equinix Provider for Terraform v1.14.3 Release
The 1.14.3 release of the Equinix Terraform provider includes bug fixes and documentation improvements to provide a more consistent experience. The spot market request resource and data source have been updated to avoid unnecessary changes when the order of `facilities` changes for a spot market request, the virtual circuit resource has been updated to reduce the occurrence of API errors due to invalid requests, and the documentation for the `equinix_metal_device` resource has been updated to more accurately describe the `user_ssh_key_ids` and `project_ssh_key_ids` fields.Building microservices using Github Actions
Wamaitha Nyamu shows us microservices in this livestream. We'll discuss how to use IaC to build microservices, why they're more efficient, and the software that makes it all possible. If you want to learn about Terraform, Ansible, Docker, and Github Actions then come join us.Terraform-Provider-Equinix v1.16.0 Release
Equinix Terraform Provider v1.16.0not only has the ability to createFabric Cloud Routerresources directly, but also layer 2 connections to AWS, GCP, and specific fabric ports in Equinix. Connections to Azure and Oracle via Terraform are coming soon! FCR is a great option for those who want to quickly route between clouds using BGP or static networks without worrying about specific OS, vendor requirements, or advanced configuration. For those who use Network Edge, this Terraform release allows you to disable the default internet connectivity before provisioning specific firewalls (Palo Alto Networks NGFW, CiscoFTDv, and AviatrixFireNet)just like you can in the console.Running Terraform from a restricted environment
When running Terraform to provision and manage Equinix Fabric, Metal, and Network Edge, you may want to run Terraform from a restricted environment. Network filtering ACLs will need a predictable set of IP ranges to permit. This discussion will help you discover the IP services, ports, and address ranges your Terraform runner environment will need access to. We'll also discuss alternative ways to run Terraform configuration. If your ACLs permit the Terraform runner environment outbound HTTPS (TCP 443) and responses, that would cover everything Terraform needs to start provisioning infrastructure on Equinix. We'll assume we don't have unrestricted access and dig in a little further. Upon running, `terraform init`, Terraform will attempt to use DNS (UDP/TCP 53) services and HTTPS services to download provider plugins, such as the Equinix Terraform provider. The default host for fetching these plugins is registry.terraform.io, managed by Hashicorp. This is the defacto hub for public providers and published Terraform modules, although you may run your own local registry service. DNS for the Terraform registry points to CloudFront, a CDN whose addresses may change. If this presents a problem, there are options to download (or mirror) the necessary plugins in advance and use locally distributed copies. https://developer.hashicorp.com/terraform/cli/plugins Similarly, the DNS service for api.equinix.com, the one base domain that the Terraform Equinix provider will need for API access, resolves to Akamai, another CDN whose addresses may change or depend on where the request originates. As a Terraform configuration grows, you'll likely want to enable SSH access to the Metal and NE nodes being provisioned to automate OS provisioning. The SSH addresses will vary depending on the Metro where services are deployed. One way to ensure that the addresses are predictable in Metal is to provision the servers usingElastic IP addresses. A good follow-up question to this discussion is which ranges are assigned to NE devices and whether these IP addresses can be drawn from a predefined pool like Metal's Elastic IP Addresses. Terraform configurations typically include resources from multiple cloud providers. The node where the configuration is run would need to permit access to the APIs of these other providers. We'll leave the network filters needed by provisioned nodes to another discussion. Depending on your needs, cloud service providers offer managed services for Terraform or OpenTofu (a fork of Terraform persisting the original open-source license). These services can run your Terraform configuration predictably and reliably from a central location. Hashicorp provides the HCP service. https://developer.hashicorp.com/terraform/cloud-docs/run/run-environment Alternatives include: https://spacelift.io/ https://upbound.io https://www.env0.com/ https://www.scalr.com/ You can run similar CI/CD Terraform configuration control planes in your own backend with opensource tools such as: https://argoproj.github.io/cd/ https://www.crossplane.io/ https://docs.tofutf.io/ These SaaS providers or local solutions will also need access to the cloud provider APIs and nodes. With these providers you have full control of the configuration that is run and you can work these into a GitOps workflow. There are even more alternatives outside of the Terraform ecosystem. However, the Terraform ecosystem is your best option for the richest IaC integration experience with Equinix digital services. Equinix provides several Terraform modules to make it easy to get started. That extended ecosystem includes IaC tools that take advantage of the robust Equinix Terraform provider. These tools includePulumi and Crossplane. TLDR; You'll want to expose select DNS, HTTPS, and SSH access from your Terraform runners. What alternative deployment strategies did I miss? What other network restrictions should be considered?Nutanix Terraform Cluster Provisioning
Come join Equinix's Chris Privitere! Nutanix Terraform Cluster Provisioning simplifies the process of setting up cloud environments. By using a few lines of code, you can efficiently configure and deploy clusters. This method ensures a streamlined and consistent setup, reducing manual errors. It's a reliable solution for managing complex IT infrastructures.
