{"id":16139405,"url":"https://github.com/networkop/tf-mcloud-demo","last_synced_at":"2026-01-20T14:33:35.207Z","repository":{"id":83590209,"uuid":"136640222","full_name":"networkop/tf-mcloud-demo","owner":"networkop","description":"Hybrid cloud multi-vendor orchestration with Terraform and Cloudvision Portal","archived":false,"fork":false,"pushed_at":"2018-06-18T17:41:14.000Z","size":381,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-06T17:51:56.882Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/networkop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-08T16:04:48.000Z","updated_at":"2024-03-14T22:45:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"fae5f850-b6bf-4718-a7d7-e492cde2b199","html_url":"https://github.com/networkop/tf-mcloud-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/networkop/tf-mcloud-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Ftf-mcloud-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Ftf-mcloud-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Ftf-mcloud-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Ftf-mcloud-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/networkop","download_url":"https://codeload.github.com/networkop/tf-mcloud-demo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Ftf-mcloud-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28604936,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-09T23:48:59.083Z","updated_at":"2026-01-20T14:33:35.191Z","avatar_url":"https://github.com/networkop.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hybrid cloud multi-vendor orchestration with Terraform and Cloudvision Portal\n\nCurrent repo contains a demo code to setup the following topology\n\n\u003cimg src=\"topo.png\"\u003e\n\nThe purpose of this demo is twofold:\n\n* To showcase vEOS hybrid cloud end-to-end service orchestration \n* To demonstrate Arista-specific and vendor-neutral device provisioning models\n\nThe first objective is accomplished by building the following components:\n\n* On **AWS** - a VPC with vEOS and an arbitrary number of subnets to host user VMs.\n* On **Azure** - a VNET with vEOS and a single subnet with a test VM.\n\nThe second objective is accomplished by Terraform-driven orchestration of:\n\n* **CVP** - AWS-based vEOS is added as a device, its config is reconciled and all the necessary IPsec-related configlets are pushed to the device\n* **Ansible** - simply pushes an IPsec-related config with the aim being to demonstrate multi-vendor capabilities of both Terraform and Ansible.\n\nNote that all components are provisioned from scratch to orchestrate end-to-end service between user VMs in AWS user subnets and a test VM in Azure test subnet.\n\n# 0. Installation\n\nInstall [Terraform](https://www.terraform.io/intro/getting-started/install.html), [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html), [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Go](https://golang.org/doc/install).\n\nClone the current git repo:\n\n```\ngit clone https://github.com/networkop/tf-mcloud-demo.git; cd tf-mcloud-demo\n```\n\n# 1. Authentication\n\nTerraform requires authenticaion details with enough privileges to create and delete VPC/VNET, Subnets and Virtual Machine objects on Azure, AWS and Arista CVP. At a minimum, the following environment variables must be set:\n\n```bash\nexport TF_VAR_ipsec_license=\"URL of vEOS ipsec license\"\nexport TF_VAR_veos_license=\"URL of vEOS license\"\nexport TF_VAR_ipsec_psk=\"IPsec pre-shared key\"\nexport TF_VAR_pub_ssh_key=\"public ssh key\"\nexport TF_VAR_admin_username=\"vEOS admin username\"\nexport TF_VAR_admin_password=\"vEOS admin password\"\n\nexport ARM_SUBSCRIPTION_ID=\"Azure subscription ID\"\nexport ARM_CLIENT_ID=\"Azure client ID\"\nexport ARM_CLIENT_SECRET=\"Azure client secret\"\nexport ARM_TENANT_ID=\"Azure tenant ID\"\nexport TF_VAR_azure_rg=\"Existing Azure resource group\"\n\n\nexport AWS_ACCESS_KEY_ID=\"AWS access key\"\nexport AWS_SECRET_ACCESS_KEY=\"AWS secret key\"\nexport AWS_DEFAULT_REGION=\"us-east-2\"\n\nexport CVP_ADDRESS=\"CVP IP address\"\nexport CVP_USER=\"CVP admin username\"\nexport CVP_PWD=\"CVP admin password\"\n```\n\nNote that this shows only one way of providing credentials. [Other methods](https://www.terraform.io/intro/getting-started/variables.html) are available, including more secure and re-usable [options](https://www.terraform.io/docs/state/sensitive-data.html).\n\n# 2. Input parameters\n\nIn addition to authenctication details, the following variables must be defined in `terraform.tfvars`:\n\n* **aws_cidr** - RFC1918 prefix to assign to AWS VPC\n* **azure_cidr** - RFC1918 prefix to assign to Azure VNET\n* **aws_asn** - BGP ASN to be assigned to vEOS in AWS\n* **azure_asn** - BGP ASN to be assigned to vEOS in Azure\n* **aws_tunnel_ip** - IPsec tunnel IP to be assigned to vEOS in AWS\n* **azure_tunnel_ip** - IPsec tunnel IP to be assigned to vEOS in Azure\n* **aws_user_subnets** - a list of user subnets to create inside AWS VPC\n\nSome of the variables like default VM user, Azure location, VM sizes and version of vEOS are hard-coded into modules for the sake of simplicity and brevity. It is up to the user of Terraform to decide which variables to expose and which to hide.\n\n# 3. Building the Terraform CVP plugin\n\nIn order to manage the Cloudvision Portal, Terraform requires a custom-built plugin. The following command will build the plugin, assuming that the operating system is Linux x86_64\n\n```\ngo get -u github.com/networkop/cvpgo\ngo get -u github.com/networkop/terraform-cvp\ngo build -o terraform.d/plugins/linux_amd64/terraform-provider-cvp github.com/networkop/terraform-cvp\n```\n\nTo build it for MacOS replace the last command with\n\n```\ngo build -o terraform.d/plugins/darwin_amd64/terraform-provider-cvp github.com/networkop/terraform-cvp\n```\n\n# 4. Initialising Terraform\n\nThis step will ensure that all plugins required by the code are available locally and if necessary download them:\n\n```\nterraform init\n```\n\n# 5. Building the demo\n\n\n```\nterraform apply\n```\n\n# 6. Verification\n\nUse values provided by the `terraform output` command to login and verify the end-to-end connectivity. The steps and values below are just an example:\n\n```\nOutputs:\n\naws_user_public_ips = \ncentos@18.218.48.142\ncentos@18.188.226.120\naws_user_subnets = [\n    10.123.1.0/24,\n    10.123.2.0/24\n]\naws_veos = ec2-user@18.222.3.208\nazure_test_vm = ec2-user@51.140.9.16\nazure_user_subnets = 10.234.1.0/24\nazure_veos = ec2-user@51.140.6.115\nveos_password = AristaAdmin12345\nveos_username = cvpadmin\n```\n\nNow let's see what private IP was assigned to Azure test vm:\n\n```\nssh ec2-user@51.140.14.162\n$ ssh ec2-user@51.140.9.16\n[ec2-user@MCLOUD-AZURE-TEST ~]$ ip a | grep inet\n    inet 127.0.0.1/8 scope host lo\n    inet6 ::1/128 scope host \n    inet 10.234.1.4/24 brd 10.234.1.255 scope global eth0\n```\n\nNow we can verify connectivity to it from either one of the AWS subnets:\n\n```\n$ ssh centos@18.218.48.142\n[centos@ip-10-123-1-44 ~]$ ip a | grep inet\n    inet 127.0.0.1/8 scope host lo\n    inet 10.123.1.44/24 brd 10.123.1.255 scope global dynamic eth0\n[centos@ip-10-123-1-44 ~]$ ping 10.234.1.4\nPING 10.234.1.4 (10.234.1.4) 56(84) bytes of data.\n4 bytes from 10.234.1.4: icmp_seq=1 ttl=62 time=86.1 ms\n64 bytes from 10.234.1.4: icmp_seq=2 ttl=62 time=85.9 ms\n^C\n--- 10.234.1.4 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1001ms\nrtt min/avg/max/mdev = 85.961/86.072/86.183/0.111 ms\n```\n\n# 7. Destroying the demo\n\n```\nTF_WARN_OUTPUT_ERRORS=1 terraform destroy\n```\n\n# Graph of dependencies\n\n\u003cimg src=\"graph.svg\"\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Ftf-mcloud-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetworkop%2Ftf-mcloud-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Ftf-mcloud-demo/lists"}