Deploying Zerto with Terraform
– Read the original blog post on vexception.com –
I realized its been almost two years since I’ve blogged about anything automation related. Time flies but that’s far too long to not talk about some exciting news around things I’ve been working on with colleagues. Over the last year or so I’ve moved into a new role at Zerto as a Solutions Architect. One of the things I’ve been talking to customers about more and more recently is how they can further automate their deployment of Zerto. Automation is always at the top of everyone’s minds in IT and will only continue to grow in importance with emerging technologies.
My coworker Alex Schenck introduced me to one such new technology called Terraform by HashiCorp. We’ve heard about Terraform a few times from customers of ours looking for Zerto to help them streamline their deployment. After a quick tutorial on HashiCorp’s website on how to use Terraform with Azure I decided I wanted leverage Terraform to automate the deployment of a Zerto ZCA in Azure.
The first thing I needed to was review Zerto’s Azure installation requirements. To be able to deploy a ZCA successfully in Azure my Terraform deployment was going to need a few things:
- Zerto ZCA Marketplace Image
- With vNet, Subnet, Network Security Group, and remote access
- Azure Resource Group
- Azure Managed Identity
- Appropriate Roles Assigned
- Azure Subscription
- Azure Storage Account
- Method to perform Zerto silent install
I reviewed Terraforms online documentation and was able to find most of the basic configuration options I needed for my Azure VM. Lets walk through a few of them. First for a Zerto 8.0 or higher ZCA to deploy successfully the ZCA VM needs to be associated with an Azure Managed Identity. Here’s an example of how I created one in Terraform:
Now that the managed identity has been created Zerto requires 3 roles be attached to the Managed identity before the installation will be allowed to proceed. In my example I used the Contributor role instead of Owner, but either can be used. To be able to assign these roles successfully Terraform requires the scope of the role, the name, and the subscription id. For Zerto the role needs to be at the Subscription level.
To get the subscription id I created a data object to return the ID:
When using the Zerto silent installer for Azure ZCA’s I also found that you need to specific the storage account that Zerto will be allowed to leverage for replication data. This account can be a standard storage account in Azure and doesn’t necessarily need to be geo-replicated.
In addition to these settings there are also a handful of Terraform resources to construct the VM itself but I’m going to skip over talking about them for now. For my example I’m leveraging Zerto’s Azure marketplace image for Zerto 8.0. The image info can be found within the VM resource in my Terraform example:
Now that I have everything needed to deploy the virtual machine itself I wanted to see if Terraform would allow me to also run the silent installation command to start the Zerto installation. I went through the Azure Portal to see what options were available in the UI and if they had accompanying APIs. I looked at the Run Command option, as well as local-exec but these seemed to require me passing a script to the local VM and then running the script.
Ideally, I wanted to have a single file do the entire deployment and not have to rely on additional ps1 files or network requirements for a script host to communicate to the VM. With the help of my colleague Wes Carroll I was able to leverage Terraforms azure virtual machine extensions resource:
It took me more time than I’m willing to admit to get the syntax right but with Wes’ help I was able to escape the installer file location (C:\Temp) and our required install switches (SiteName, RegionId, ResourceGroup, StorageAccount).
To successfully run the file you’ll need to configure some of the options to your environments specifications. Things like Windows username and password, as well as the local IP subnet, and whether you’d prefer public IP (optional) for the VM will need to be configuration. Once these are set you can run your Terraform file. I like to start with Terraform plan to make sure I don’t have any syntax issues:
Terraform plan will display the output of all the configuration changes that will be made. When your ready go ahead and run Terraform Apply:
You will be prompted to type the word “yes” before Terraform will proceed with creating any objects:
Once you type yes and hit enter Terraform will begin creating the resources you’ve outlined. After running for a few minutes Terraform will complete and inform you all of the resources were created successfully:
To confirm your Zerto installation completed you can connect to the VM and open the ZCA UI:
And there you have it! After a few clicks and a few minutes, you now have a fully deployed and installed Zerto ZCA in Azure via Terraform! If you are interested in trying this out yourself, you can find the code on GitHub.