This deployment type is intended for fully functional Zscaler Branch Connector + integrated App Connector virtual appliance deployments in a vCenter ESXi environment.
From the examples directory, run the zsec bash script that walks to all required inputs.
- ./zsec up
- enter "bc_ac"
- follow the remainder of the authentication and configuration input prompts.
- script will detect client operating system and download/run a specific version of terraform in a temporary bin directory
- inputs will be validated and terraform init/apply will automatically exectute.
- verify all resources that will be created/modified and enter "yes" to confirm
Modify/populate any required variable input values in bc_ac/terraform.tfvars file and save.
From bc_ac directory execute:
- terraform init
- terraform apply
From the examples directory, run the zsec bash script that walks to all required inputs.
- ./zsec destroy
From bc_ac directory execute:
- terraform destroy
Name | Version |
---|---|
terraform | >= 0.13.7, < 2.0.0 |
local | ~> 2.2.0 |
null | ~> 3.1.0 |
random | ~> 3.3.0 |
tls | ~> 3.4.0 |
vsphere | ~>2.2.0 |
zpa | ~> 2.5.0 |
Name | Version |
---|---|
local | ~> 2.2.0 |
random | ~> 3.3.0 |
tls | ~> 3.4.0 |
Name | Source | Version |
---|---|---|
bc_vm | ../../modules/terraform-zsbc-bcvm-esxi | n/a |
zpa_app_connector_group | ../../modules/terraform-zpa-app-connector-group | n/a |
zpa_provisioning_key | ../../modules/terraform-zpa-provisioning-key | n/a |
Name | Type |
---|---|
local_file.private_key | resource |
local_file.testbed | resource |
random_string.suffix | resource |
tls_private_key.key | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
ac_enabled | True/False to determine how many VM network interfaces should be provisioned | bool |
true |
no |
app_connector_group_country_code | Optional: Country code of this App Connector Group. example 'US' | string |
"" |
no |
app_connector_group_description | Optional: Description of the App Connector Group | string |
"This App Connector Group belongs to: " |
no |
app_connector_group_dns_query_type | Whether to enable IPv4 or IPv6, or both, for DNS resolution of all applications in the App Connector Group | string |
"IPV4_IPV6" |
no |
app_connector_group_enabled | Whether this App Connector Group is enabled or not | bool |
true |
no |
app_connector_group_latitude | Latitude of the App Connector Group. Integer or decimal. With values in the range of -90 to 90 | string |
"37.3382082" |
no |
app_connector_group_location | location of the App Connector Group in City, State, Country format. example: 'San Jose, CA, USA' | string |
"San Jose, CA, USA" |
no |
app_connector_group_longitude | Longitude of the App Connector Group. Integer or decimal. With values in the range of -90 to 90 | string |
"-121.8863286" |
no |
app_connector_group_name | Custom name for App Connector Group created | string |
"" |
no |
app_connector_group_override_version_profile | Optional: Whether the default version profile of the App Connector Group is applied or overridden. Default: false | bool |
false |
no |
app_connector_group_upgrade_day | Optional: App Connectors in this group will attempt to update to a newer version of the software during this specified day. Default value: SUNDAY. List of valid days (i.e., SUNDAY, MONDAY, etc) | string |
"SUNDAY" |
no |
app_connector_group_upgrade_time_in_secs | Optional: App Connectors in this group will attempt to update to a newer version of the software during this specified time. Default value: 66600. Integer in seconds (i.e., 66600). The integer should be greater than or equal to 0 and less than 86400, in 15 minute intervals | string |
"66600" |
no |
app_connector_group_version_profile_id | Optional: ID of the version profile. To learn more, see Version Profile Use Cases. https://help.zscaler.com/zpa/configuring-version-profile | string |
"2" |
no |
bc_api_key | Branch Connector Portal API Key | string |
"" |
no |
bc_count | Default number of Branch Connector appliances to create | number |
1 |
no |
bc_instance_size | Branch Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration | string |
"small" |
no |
bc_password | Admin Password for Branch Connector Portal authentication | string |
"" |
no |
bc_username | Admin Username for Branch Connector Portal authentication | string |
"" |
no |
bc_vm_prov_url | Zscaler Branch Connector Provisioning URL | list(string) |
[ |
no |
byo_provisioning_key | Bring your own App Connector Provisioning Key. Setting this variable to true will effectively instruct this module to not create any resources and only reference data resources from values provided in byo_provisioning_key_name | bool |
false |
no |
byo_provisioning_key_name | Existing App Connector Provisioning Key name | string |
"provisioning-key-tf" |
no |
byo_ssh_key | user entered SSH Public Key | string |
"" |
no |
compute_cluster_enabled | True/False to tell VM creation that the resource pool is or is not part of a compute cluster. Default is false | bool |
false |
no |
compute_cluster_name | Name of Compute Cluster in order to location the resource pool to deploy VM. All clusters and standalone hosts have a default root resource pool. This resource argument does not directly accept the cluster or standalone host resource. For more information, see the section on Specifying the Root Resource Pool in the vsphere_resource_pool data source documentation on using the root resource pool. | list(string) |
[ |
no |
control_gateway | Default gateway for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP | string |
"" |
no |
control_ip | IP address for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP | list(string) |
[ |
no |
control_netmask | Network mask for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP | string |
"" |
no |
datacenter | The name of the vSphere datacenter you want to deploy the VM to | string |
n/a | yes |
datastore | Datastore to deploy the VM. One of datastore_id or datastore_cluster_id must be specified. | list(string) |
[ |
no |
datastore_cluster | Datastore cluster to deploy the VM. Use of datastore_cluster_id requires vSphere Storage DRS to be enabled on the specified datastore cluster. | list(string) |
[ |
no |
datastore_cluster_enabled | True/False to tell VM creation that the datastore is or is not part of a cluster. Default is false | bool |
false |
no |
disk_provisioning | The disk provisioning policy. If set, all the disks included in the OVF/OVA will have the same specified policy. One of thin, flat, thick, or sameAsSource | string |
"thin" |
no |
dns_servers | Primary/Secondary DNS servers for BC management interface if statically setting via provisioning url. Leave blank if using DHCP | list(string) |
[ |
no |
dns_suffix | Primary DNS suffix for BC management interface if statically setting via provisioning url. Leave blank if using DHCP | string |
"" |
no |
enrollment_cert | Get name of ZPA enrollment cert to be used for App Connector provisioning | string |
"Connector" |
no |
host_name | (Optional) The managed object reference ID of a host on which to place the virtual machine. See the section on virtual machine migration for more information on modifying this value. When using a vSphere cluster, if a host_system_id is not supplied, vSphere will select a host in the cluster to place the virtual machine, according to any defaults or vSphere DRS placement policies | list(string) |
n/a | yes |
mgmt_gateway | Default gateway for BC management interface if statically setting via provisioning url. Leave blank if using DHCP | string |
"" |
no |
mgmt_ip | IP address for BC management interface if statically setting via provisioning url. Leave blank if using DHCP | list(string) |
[ |
no |
mgmt_netmask | Network mask for BC management interface if statically setting via provisioning url. Leave blank if using DHCP | string |
"" |
no |
name_prefix | The name prefix for all your resources | string |
"zs-bc" |
no |
network_adapter_type | The network interface type. Supported types are e1000 or vmxnet3. Default is vmxnet3 | string |
"e1000" |
no |
network_name | Name of the vSphere network to deploy to | string |
n/a | yes |
ova_name | Name of the Branch Connector OVA file | string |
"branchconnector.ova" |
no |
provisioning_key_association_type | Specifies the provisioning key type for App Connectors or ZPA Private Service Edges. The supported values are CONNECTOR_GRP and SERVICE_EDGE_GRP | string |
"CONNECTOR_GRP" |
no |
provisioning_key_enabled | Whether the provisioning key is enabled or not. Default: true | bool |
true |
no |
provisioning_key_max_usage | The maximum number of instances where this provisioning key can be used for enrolling an App Connector or Service Edge | number |
10 |
no |
provisioning_key_name | Custom name for App Connector Provisioning Key created | string |
"" |
no |
resource_pool_name | Name of ESXi host resource group. If one is not specified, the VMware default name of 'Resources' is used | list(string) |
[ |
no |
tls_key_algorithm | algorithm for tls_private_key resource | string |
"RSA" |
no |
Name | Description |
---|---|
testbedconfig | Output of of all exported attributes to be written to a local file |