VMware NSX-T CI/CD Pipeline

The user will add a new NSX-T DFW configuration to GitLab

Jenkins will Pull Configuration code from the GIT LAB repo

Jenkins integrated with terraform

Terraform will apply the configuration to NSX-T

CI/CD Setup requirements: –

Git LAB

Jenkins

NSX/NSX-T

In My Deployment – NSX-T, GitLab, and Jenkins have already been deployed.

If your environment GitLab, Jenkins is already not deployed, you can check the online doc and deploy.

Jenkins URL – 172.90.0.12:8080

GitLab URL – 172.90.0.11

Configuration Steps: –

1. GitLab – Create a new project and create nsx terraform configuration files.
2. Jenkins – Configure Jenkins and create a pipeline.
3. Integrate Git LAB with Jenkins.
4. Commit new changes in GitLab and check Pipeline Execution.

GitLab – Create a new project and create nsx terraform configuration files: –

Log in to Git LAB > Click on Create a project.

Click on Create a blank Project.

Enter a project name, and select visibility level as private. Click on Create Project.

Project Created Successfully. Click on + Symbol to create terraform files based on your requirements. I am creating NSX- groups, Services, DFW Policies& rules in my Env.

You can download files using the following Link – https://github.com/Dineshk1205/Nsx

Provider.tf – contain provider details – vmware/nsxt

Service.tf – create nsx services – Zabbix_TCP-10051

Group.tf –create new groups – AD, JIRA, ZABBIX, ZABBIX_ Client.

DFW_Policies_and_Rules.tf – Create NSX DFW Polices and rules – Polices – AD, ZABBIX, Rules – In AD – AD to JIRA and JIRA to AD.IN Zabbix – Zabbix to ZABBIX_Client.

Variable.tf & terraform.tf – For passing NSX details – URL, credentials. (Production environment does not recommend storing passwords as plain text. For securing sensitive information – You can check – https://developer.hashicorp.com/terraform/tutorials/configuration-language/sensitive-variables)

Jenkins – Configure Jenkins and create a pipeline: –

Log in to Jenkins. Click on Manage Jenkins.

Click on Manage Credentials – Add GitLAB username, password, and API token.

Select Kind as Username with Password, and enter a username, password, and ID. Click on create.

Similarly, you can add GitLab APi

In GitLab, create a token and copy it.

Kind select a GitLab API token. Paste copied token m API token filed. Click on create.

GitLab username, password, and API key Credentials were added to Jenkins successfully.

Next, Click on Configure System option.

Enter the connection name and URL, Select the API Key, and test the connection. Save.

Install Terraform on the Jenkins machine

wget -O- https://apt.releases.hashicorp.com/gpg | gpg –dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

echo “deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update && sudo apt install terraform

After terraform installation.

In Jenkins Global Tool Configuration – Enter Terraform name and Installation directory as – /usr/local/bin. Save.

Click on create a job.

Enter the Item name, select the pipeline option, and click ok.

Enter the Git Lab repository name, and Select build when a change is pushed to GitLab option.

Add pipeline script. You can download it from the following link and update it based on your infra.

https://github.com/Dineshk1205/Nsx/blob/main/nsxpipelin

Save pipeline.

Integrate Git LAB with Jenkins: –

In GitLab > integration > select Jenkins.

Enter Jenkins Details. Save.

You check on Jenkins 1^st build will start.

Using the Jenkins job console, you can check Build status – Failure/success.

NSX-T DFW section – New firewall policies and rules configured based on DFW_Policies_and_Rules.tf file code. Also, you can check groups and services.

Commit new changes in GitLab and check Pipeline Execution: –

Next, We can add a new rule in DFW_Policies_and_Rules.tf file. GitLab will push a new commit event to Jenkins, and Jenkins will start a new build.

Click on the Open in Web IDE option for editing files directly in GitLab.

I added a new inbound rule to the existing Zabbix policy. Click on the create commit.

Once the commit is completed in GitLab, Jenkins will start a new build.

ZABBIX inbound rule created successfully.

If you want to learn more about Terraform and NSX-T. You can check the following Doc – https://registry.terraform.io/providers/vmware/nsxt/latest/docs