cancel
Showing results for 
Search instead for 
Did you mean: 

Automate vTM GSLB configuration with Terraform

Regular Visitor

Automate vTM GSLB configuration with Terraform

Hello everyone,

GSLB is one of these things that is a bit involved to configure, which is why it was in front of our mind once we've released Terraform Provider for vTM.

The template is now ready for its first trial flight, and you're very welcome to give it a go and let us know what you think:

 

https://github.com/dkalintsev/Terraform-vTM-GSLB

The link above should automatically display the contents of the README file that covers why's, what's, and how's. Please sound off in comments if you get lost, or if it's missing something obvious.

Note: by default, health check is configured for Pulse PCS (Full HTTPS, reading path "/dana-na/auth/url_default/welcome.cgi" on port TCP/443 on all nodes at all locations). This fairly easy to change - see if you can figure out how! Smiley Happy

In brief summary, you'll need:
-    One, but better two vTM clusters for your Primary and Secondary
-    Some traffic IPs that these vTMs can use for TIP Groups
-    Info for two locations:
    o    Endpoint IP address(es) at each for our global endpoint
    o    Geo coordinates

README very briefly covers how to set up Terraform and the provider (it's as simple as literally downloading and copying two executable binary files) in the "Example use" section, but if this is your first rub with Terraform, you may want to start here:

https://community.pulsesecure.net/t5/Pulse-Secure-vADC/Let-s-Terraform-the-vTM-Part-1-4/ta-p/38617

After you've applied your template to your vTM(s), you can edit the template or change input parameters (e.g., change, add, or remove IPs associated with a particular Location) and then simply re-run "terraform apply".

Terraform will calculate the necessary changes and update it all for you, as needed - Locations, Monitors, and contents of the DNS zone, without the need to tear anything down or clicking through any dialogs.

Hope you find this useful!

 

P.S. Template's README file has a Disclaimer that hopefully clarifies its purpose and support status, but it's probably worth repeating - as it stands, this is not an artefact that carries Pulse TAC support. For any issues please leave a comment here, and we'll address as soon as we can. Thanks Smiley Happy