Managing network settings with a webUI can be tedious. Taking full advantage of ZeroTier means enrolling large numbers of devices, segmenting networks, and utilizing the rules engine. At scale, manual management quickly breaks down. Describing ZeroTier networks as code can make life much easier. Code lets you dynamically generate settings, keep things in version control, and integrate with automated workflows.
The HashiCorp Terraform verified provider for ZeroTier lets you do just that. It drives the ZeroTier Central API, allowing you to manipulate ZeroTier in a declarative way.
To help you get started, we have written not one, but two interactive quickstart tutorials using Github, ZeroTier Central, and Terraform Cloud. With these tutorials, you will learn how to manage ZeroTier networks with Terraform, bootstrap cloud instances with ZeroTier, and learn about ZeroTier’s Layer 2 SD-WAN capabilities.
What you need to get started:
Both tutorials use Terraform Cloud and Github’s in-browser code editor.
Hello World
The ZeroTier Terraform Quickstart is for ZeroTier users new to Terraform. It shows how to describe ZeroTier Networks as code, featuring tutorial classics, like “Hello World!”.
resource "zerotier_network" "hello" {
name = "hello"
description = "Hello World"
assignment_pool {
start = "192.168.42.1"
end = "192.168.42.254"
}
route {
target = "192.168.42.0/24"
}
}
resource "zerotier_member" "alice" {
name = "alice"
member_id = "a11c3411ce"
description = "Alice's laptop"
network_id = zerotier_network.hello.id
}
resource "zerotier_member" "bob" {
name = "bob"
member_id = "b0bd0bb0bb"
description = "Bob's laptop"
network_id = zerotier_network.hello.id
}Multi-Cloud Zero Trust Network Access
The ZeroTier Terraform Multi-Cloud quickstart goes much deeper. It contains modules for ***nine ***different cloud providers, with Just Enough Infrastructure to bring up a compute node, each bootstrapped with an ephemeral ZeroTier Identity and client. It yields a networking lab environment, using ZeroTier’s Layer 2 SD-WAN overlay to manipulate interfaces, monitor traffic with tshark, and enable dual-stacked native container routing across clouds.
The lab features ZeroNSD to serve internal DNS, and ZeroTier Systemd Manager to enable per-interface name resolution on Linux.
# ZeroTier Central
resource "zerotier_identity" "instances" {
for_each = { for k, v in var.instances : k => (v) if v.enabled }
}
resource "zerotier_network" "demolab" {
name = "demo.lab"
description = "ZeroTier Terraform Demolab"
assign_ipv6 {
zerotier = true
sixplane = true
rfc4193 = true
}
assignment_pool {
start = "10.0.0.1"
end = "10.0.0.254"
}
route {
target = "10.0.0.0/16"
}
flow_rules = templatefile("${path.module}/flow_rules.tpl", {
ethertap = zerotier_identity.instances["aws"].id
})
}
resource "zerotier_member" "devices" {
for_each = var.devices
name = each.key
member_id = each.value.member_id
description = each.value.description
network_id = zerotier_network.demolab.id
}
resource "zerotier_member" "instances" {
for_each = { for k, v in var.instances : k => (v) if v.enabled }
name = each.key
member_id = zerotier_identity.instances[each.key].id
description = each.value.description
network_id = zerotier_network.demolab.id
no_auto_assign_ips = false
ip_assignments = [each.value.ip_assignment]
}
resource "zerotier_token" "this" {
name = "demolab"
}
# Digital Ocean
module "do" {
source = "./modules/do"
for_each = { for k, v in var.instances : k => v if k == "do" && v.enabled }
name = "do"
image = "ubuntu-20-04-x64"
region = "nyc1"
size = "s-1vcpu-1gb-amd"
dnsdomain = zerotier_network.demolab.name
pod_cidr = "10.42.1.1/24"
script = "init-demolab.tpl"
svc = var.users
zeronsd = true
zt_identity = zerotier_identity.instances["do"]
zt_network = zerotier_network.demolab.id
zt_token = zerotier_token.this.token
}The full-blown Multi-Cloud environment uses:
– Vultr
We aim to add even more in the future.
Stay informed!
If you’d like to keep up to date with ZeroTier, please be sure to subscribe to our newsletter and follow us on Twitter.