Only Ansible? This is boring!
I want to use Terraform to deploy my LPARs!
Hashicorp is, meanwhile, an IBM company. You can see it on their site. They develop several interesting products. One of them is Terraform. If you have never heard about it, you were in a stone cave for the last 10 years, probably. I think this is the most popular deployment tool in the modern IT world.
But there are some problems with Terraform and IBM Power.
First, it doesn’t run on IBM Power. You can download it for the x86 CPUs for almost every operating system. You can download it for ARM64 CPUs for Linux. You can even download it for Solaris. But you can’t find it for Linux on IBM Power (ppc64le) or for AIX.
OK, I ported it several times in the past, and you can find an older version of Terraform on my site.
But we have the second problem. Terraform works with plugins. Terraform itself is a configuration language plus a runner for the plugins. The plugins do the work.
No, there are no Terraform plugins to deploy an LPAR on IBM Power.
Or better to say, there was no Terraform plugin till today.
I think Friday the 13th is a good date to publish something new.
Let me introduce…
Terraform provider for IBM Power HMC
Here it is. You need Terraform for x86_64 (yes, no Power support right now), an IBM Power HMC, and the plugin. Then you write some code and deploy an LPAR.
What can it look like?
terraform {
required_providers {
ibmpower = {
source = "registry.terraform.io/power-devops/hmc"
version = "0.0.1"
}
dns = {
source = "hashicorp/dns"
}
}
}
variable "hmc_host" {
description = "HMC hostname or IP address"
type = string
}
variable "hmc_username" {
description = "HMC username"
type = string
}
variable "hmc_password" {
description = "HMC password"
type = string
sensitive = true
}
variable "system_name" {
description = "Managed system name where the LPAR will be created"
type = string
}
variable "lpar_name" {
description = "Name of the LPAR to create"
type = string
default = "test-lpar"
}
provider "ibmpower" {
host = var.hmc_host
username = var.hmc_username
password = var.hmc_password
insecure = true
}
data "ibmpower_vios_list" "all" {
system_name = var.system_name
sort = true
}
resource "ibmpower_lpar" "example" {
system_name = var.system_name
name = var.lpar_name
desired_mem = 8192
desired_procs = 2
sharing_mode = "uncap"
max_virtual_slots = 20
boot_mode = "norm"
virtual_eth_adapters = [
{
is_required = true
port_vlan_id = 1
}
]
virtual_fc_adapters = [
{
remote_lpar_id = data.ibmpower_vios_list.all.vios[0].lpar_id
remote_slot_number = data.ibmpower_vios_list.all.vios[0].next_virtual_slot
is_required = true
physical_fcs = "fcs0"
},
{
remote_lpar_id = data.ibmpower_vios_list.all.vios[1].lpar_id
remote_slot_number = data.ibmpower_vios_list.all.vios[1].next_virtual_slot
is_required = true
physical_fcs = "fcs1"
}
]
}
resource "ibmpower_lpar_action" "example_install" {
system_name = ibmpower_lpar.example.system_name
name = ibmpower_lpar.example.name
action = "netboot"
wait_for_state = "Running"
timeout = 900
netboot_server_ip = "10.10.2.4"
netboot_gateway_ip = "10.10.2.1"
netboot_client_ip = "10.10.2.20"
netboot_subnet_mask = "255.255.255.0"
}
resource "terraform_data" "wait_for_boot" {
depends_on = [ibmpower_lpar_action.example_install]
provisioner "local-exec" {
command = <<-EOT
for i in $(seq 1 120); do
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no ${var.lpar_name} "echo ready" 2>/dev/null && exit 0
echo "Waiting for ${var.lpar_name}... ($i/120)"
sleep 30
done
echo "Timeout waiting for ${var.lpar_name}"
exit 1
EOT
}
}What does it all mean?
If you have never worked with Terraform, you can check the Terraform tutorials to learn the basics of Terraform’s language.
If you worked with Terraform before and know how to use it, you will find the documentation for the plugin in the plugin’s package.
BUT. There is one gotcha with the plugin. It is not published on the official Terraform registry, and no, I don’t have plans to publish it there.
If you want to use it, use the link to download it directly.
You must create a file called terraformrc for your project with the following contents:
provider_installation {
dev_overrides {
"registry.terraform.io/power-devops/hmc" = "/home/myuser/dir-with-the-plugin"
}
direct {}
}
and export the environment variable:
export TF_CLI_CONFIG_FILE=/home/myuser/path/to/terraformrcThen you can start terraform apply and the LPAR will be created.
But… I use NIM, and before I install an LPAR, I must create a NIM definition
So what? Let me introduce my second Terraform plugin.
Terraform provider for IBM AIX NIM
Yes, I use NIM too. I must also create a NIM definition for each AIX LPAR and assign resources to it.
Even more, I want to configure my NIM server using Terraform.
Now it is possible!
The NIM plugin is also available for download.
The same conditions apply. The documentation is in the archive.
You can add something like this to the previous code:
terraform {
required_providers {
ibmpower = {
source = "registry.terraform.io/power-devops/hmc"
version = "0.0.1"
}
nim = {
source = "registry.terraform.io/power-devops/nim"
version = "0.0.1"
}
dns = {
source = "hashicorp/dns"
}
}
}
variable "nim_host" {
description = "NIM hostname or IP address"
type = string
}
variable "nim_username" {
description = "NIM username"
type = string
}
variable "nim_pkey_path" {
description = "Path to the user's private key"
type = string
sensitive = true
}
provider "nim" {
host = var.nim_host
username = var.nim_username
use_agent = true
}
data "dns_a_record_set" "nim" {
host = var.nim_host
}
resource "nim_standalone" "example" {
name = ibmpower_lpar.example.name
ssl = true
}
resource "nim_bos_inst" "example" {
standalone = nim_standalone.example.name
lpp_source = "7300-03-01-2520-lpp_source"
spot = "7300-03-01-2520-spot"
resolv_conf = "resolv_conf_default"
bosinst_data = "bosinst_data_default"
image_data = "image_data_default"
fb_script = "fb_rootkeys"
}
resource "ibmpower_lpar_action" "example_install" {
depends_on = [nim_bos_inst.example]
system_name = ibmpower_lpar.example.system_name
name = ibmpower_lpar.example.name
action = "netboot"
wait_for_state = "Running"
timeout = 900
netboot_server_ip = "10.10.2.4"
netboot_gateway_ip = "10.10.2.1"
netboot_client_ip = "10.10.2.20"
netboot_subnet_mask = "255.255.255.0"
}Or if you wish to configure a new NIM server:
resource "nim_bosinst_data" "bos" {
name = "bosinst_data_default"
content = file("${path.module}/files/bosinst_data_default")
destination = "/nim/rsrc/bosinst_data_default"
}
resource "nim_image_data" "img" {
name = "image_data_default"
content = file("${path.module}/files/image_data_default")
destination = "/nim/rsrc/image_data_default"
}
resource "nim_resolv_conf" "resolv_conf_default" {
name = "resolv_conf_default"
content = file("${path.module}/files/resolv_conf_default")
destination = "/nim/rsrc/resolv_conf_default"
}
resource "nim_script" "nim_pwreset" {
name = "pwreset"
content = file("${path.module}/files/pwreset.sh")
destination = "/nim/scripts/pwreset"
}
resource "nim_script" "nim_authkeys" {
name = "authkeys"
content = file("${path.module}/files/authkeys.sh")
destination = "/nim/scripts/authkeys"
}
resource "nim_fb_script" "nim_fbscript" {
name = "fb_rootkeys"
content = file("${path.module}/files/fb_rootkeys.sh")
destination = "/nim/scripts/fb_rootkeys"
}
resource "nim_lpp_source" "_7300-03-01-2520-lpp_source" {
name = "7300-03-01-2520-lpp_source"
location = "/nim/lpp/7300-03-01-2520-lpp_source"
source = "/nim/dist/AIX_v7.3_Install_7300-03-01-2520_flash_122025_LCD8265308.iso"
iso_fs_type = "udfs"
}
resource "nim_spot" "_7300-03-01-2520-spot" {
name = "7300-03-01-2520-spot"
location = "/nim/spot"
source = nim_lpp_source._7300-03-01-2520-lpp_source.name
}
Support the Power DevOps Newsletter!
If you like reading technical articles about IBM Power, AIX, and Linux on IBM Power, consider upgrading to the paid tier to show your support. As a paid subscriber, you not only get regular posts, but you will get additional posts with the full code and further explanations, access to the whole archive of the blog, and take part in our monthly calls where you can ask your questions and propose topics for future newsletters. Be an active member of our community!
Some final words
These are beta version software. You can use it for free, but there is no guarantee that it works in your environment. And of course, no liability. The providers provided “AS IS”.
The providers work with both Terraform and OpenTofu, the free implementation of Terraform.
If you have any problems using them, feel free to drop an email to me. Simply answer the newsletter, and the email should come to me. I will check if I can help you and answer as soon as I can do it.
If you need official support, do the same. Write an email to me, and we will discuss what I can do for you.
Because this is beta software and I am actively developing it, the archives can be updated without any notice. The version can be the same, but the providers will be different ;-)
No, I don’t plan to make the source code available.
No, I don’t know if the providers will always be freely available.
It always depends on how many customers I have and how many of them are interested in these plugins.
Anyway, you can download the plugins right now and use them! If you have downloaded them, nobody can take them away from your computer.
Have fun deploying LPARs with Terraform!
Andrey
Hi, I am Andrey Klyachkin, IBM Champion and IBM AIX Community Advocate. This means I don’t work for IBM. Over the last twenty years, I have worked with many different IBM Power customers all over the world, both on-premise and in the cloud. I specialize in automating IBM Power infrastructures, making them even more robust and agile. I co-authored several IBM Redbooks and IBM Power certifications. I am an active Red Hat Certified Engineer and Instructor.
Follow me on LinkedIn, Twitter and YouTube.
You can meet me at events like IBM TechXchange, the Common Europe Congress, and GSE Germany’s IBM Power Working Group sessions.