Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Zscaler "bc_ac" deployment type

This deployment type is intended for fully functional Zscaler Branch Connector + integrated App Connector virtual appliance deployments in a vCenter ESXi environment.

How to deploy:

Option 1 (guided):

From the examples directory, run the zsec bash script that walks to all required inputs.

  • ./zsec up
  • enter "bc_ac"
  • follow the remainder of the authentication and configuration input prompts.
  • script will detect client operating system and download/run a specific version of terraform in a temporary bin directory
  • inputs will be validated and terraform init/apply will automatically exectute.
  • verify all resources that will be created/modified and enter "yes" to confirm

Option 2 (manual):

Modify/populate any required variable input values in bc_ac/terraform.tfvars file and save.

From bc_ac directory execute:

  • terraform init
  • terraform apply

How to destroy:

Option 1 (guided):

From the examples directory, run the zsec bash script that walks to all required inputs.

  • ./zsec destroy

Option 2 (manual):

From bc_ac directory execute:

  • terraform destroy

Requirements

Name Version
terraform >= 0.13.7, < 2.0.0
local ~> 2.2.0
null ~> 3.1.0
random ~> 3.3.0
tls ~> 3.4.0
vsphere ~>2.2.0
zpa ~> 2.5.0

Providers

Name Version
local ~> 2.2.0
random ~> 3.3.0
tls ~> 3.4.0

Modules

Name Source Version
bc_vm ../../modules/terraform-zsbc-bcvm-esxi n/a
zpa_app_connector_group ../../modules/terraform-zpa-app-connector-group n/a
zpa_provisioning_key ../../modules/terraform-zpa-provisioning-key n/a

Resources

Name Type
local_file.private_key resource
local_file.testbed resource
random_string.suffix resource
tls_private_key.key resource

Inputs

Name Description Type Default Required
ac_enabled True/False to determine how many VM network interfaces should be provisioned bool true no
app_connector_group_country_code Optional: Country code of this App Connector Group. example 'US' string "" no
app_connector_group_description Optional: Description of the App Connector Group string "This App Connector Group belongs to: " no
app_connector_group_dns_query_type Whether to enable IPv4 or IPv6, or both, for DNS resolution of all applications in the App Connector Group string "IPV4_IPV6" no
app_connector_group_enabled Whether this App Connector Group is enabled or not bool true no
app_connector_group_latitude Latitude of the App Connector Group. Integer or decimal. With values in the range of -90 to 90 string "37.3382082" no
app_connector_group_location location of the App Connector Group in City, State, Country format. example: 'San Jose, CA, USA' string "San Jose, CA, USA" no
app_connector_group_longitude Longitude of the App Connector Group. Integer or decimal. With values in the range of -90 to 90 string "-121.8863286" no
app_connector_group_name Custom name for App Connector Group created string "" no
app_connector_group_override_version_profile Optional: Whether the default version profile of the App Connector Group is applied or overridden. Default: false bool false no
app_connector_group_upgrade_day Optional: App Connectors in this group will attempt to update to a newer version of the software during this specified day. Default value: SUNDAY. List of valid days (i.e., SUNDAY, MONDAY, etc) string "SUNDAY" no
app_connector_group_upgrade_time_in_secs Optional: App Connectors in this group will attempt to update to a newer version of the software during this specified time. Default value: 66600. Integer in seconds (i.e., 66600). The integer should be greater than or equal to 0 and less than 86400, in 15 minute intervals string "66600" no
app_connector_group_version_profile_id Optional: ID of the version profile. To learn more, see Version Profile Use Cases. https://help.zscaler.com/zpa/configuring-version-profile string "2" no
bc_api_key Branch Connector Portal API Key string "" no
bc_count Default number of Branch Connector appliances to create number 1 no
bc_instance_size Branch Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration string "small" no
bc_password Admin Password for Branch Connector Portal authentication string "" no
bc_username Admin Username for Branch Connector Portal authentication string "" no
bc_vm_prov_url Zscaler Branch Connector Provisioning URL list(string)
[
""
]
no
byo_provisioning_key Bring your own App Connector Provisioning Key. Setting this variable to true will effectively instruct this module to not create any resources and only reference data resources from values provided in byo_provisioning_key_name bool false no
byo_provisioning_key_name Existing App Connector Provisioning Key name string "provisioning-key-tf" no
byo_ssh_key user entered SSH Public Key string "" no
compute_cluster_enabled True/False to tell VM creation that the resource pool is or is not part of a compute cluster. Default is false bool false no
compute_cluster_name Name of Compute Cluster in order to location the resource pool to deploy VM. All clusters and standalone hosts have a default root resource pool. This resource argument does not directly accept the cluster or standalone host resource. For more information, see the section on Specifying the Root Resource Pool in the vsphere_resource_pool data source documentation on using the root resource pool. list(string)
[
""
]
no
control_gateway Default gateway for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP string "" no
control_ip IP address for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP list(string)
[
""
]
no
control_netmask Network mask for BC/AC control interface if statically setting via provisioning url. Leave blank if using DHCP string "" no
datacenter The name of the vSphere datacenter you want to deploy the VM to string n/a yes
datastore Datastore to deploy the VM. One of datastore_id or datastore_cluster_id must be specified. list(string)
[
""
]
no
datastore_cluster Datastore cluster to deploy the VM. Use of datastore_cluster_id requires vSphere Storage DRS to be enabled on the specified datastore cluster. list(string)
[
""
]
no
datastore_cluster_enabled True/False to tell VM creation that the datastore is or is not part of a cluster. Default is false bool false no
disk_provisioning The disk provisioning policy. If set, all the disks included in the OVF/OVA will have the same specified policy. One of thin, flat, thick, or sameAsSource string "thin" no
dns_servers Primary/Secondary DNS servers for BC management interface if statically setting via provisioning url. Leave blank if using DHCP list(string)
[
""
]
no
dns_suffix Primary DNS suffix for BC management interface if statically setting via provisioning url. Leave blank if using DHCP string "" no
enrollment_cert Get name of ZPA enrollment cert to be used for App Connector provisioning string "Connector" no
host_name (Optional) The managed object reference ID of a host on which to place the virtual machine. See the section on virtual machine migration for more information on modifying this value. When using a vSphere cluster, if a host_system_id is not supplied, vSphere will select a host in the cluster to place the virtual machine, according to any defaults or vSphere DRS placement policies list(string) n/a yes
mgmt_gateway Default gateway for BC management interface if statically setting via provisioning url. Leave blank if using DHCP string "" no
mgmt_ip IP address for BC management interface if statically setting via provisioning url. Leave blank if using DHCP list(string)
[
""
]
no
mgmt_netmask Network mask for BC management interface if statically setting via provisioning url. Leave blank if using DHCP string "" no
name_prefix The name prefix for all your resources string "zs-bc" no
network_adapter_type The network interface type. Supported types are e1000 or vmxnet3. Default is vmxnet3 string "e1000" no
network_name Name of the vSphere network to deploy to string n/a yes
ova_name Name of the Branch Connector OVA file string "branchconnector.ova" no
provisioning_key_association_type Specifies the provisioning key type for App Connectors or ZPA Private Service Edges. The supported values are CONNECTOR_GRP and SERVICE_EDGE_GRP string "CONNECTOR_GRP" no
provisioning_key_enabled Whether the provisioning key is enabled or not. Default: true bool true no
provisioning_key_max_usage The maximum number of instances where this provisioning key can be used for enrolling an App Connector or Service Edge number 10 no
provisioning_key_name Custom name for App Connector Provisioning Key created string "" no
resource_pool_name Name of ESXi host resource group. If one is not specified, the VMware default name of 'Resources' is used list(string)
[
""
]
no
tls_key_algorithm algorithm for tls_private_key resource string "RSA" no

Outputs

Name Description
testbedconfig Output of of all exported attributes to be written to a local file