From 6ed64f7364580c9c6423b773e3ab5c9b78769b1f Mon Sep 17 00:00:00 2001 From: Rishi Mondal Date: Sat, 12 Jul 2025 00:57:07 +0530 Subject: [PATCH 1/2] feat: add VMware vSphere VM template with networking and datastore management --- .../coder/templates/vsphere-linux/README.md | 363 ++++++++++++++++ .../coder/templates/vsphere-linux/main.tf | 404 ++++++++++++++++++ 2 files changed, 767 insertions(+) create mode 100644 registry/coder/templates/vsphere-linux/README.md create mode 100644 registry/coder/templates/vsphere-linux/main.tf diff --git a/registry/coder/templates/vsphere-linux/README.md b/registry/coder/templates/vsphere-linux/README.md new file mode 100644 index 00000000..57890126 --- /dev/null +++ b/registry/coder/templates/vsphere-linux/README.md @@ -0,0 +1,363 @@ +--- +display_name: VMware vSphere VM (Linux) +description: Provision VMware vSphere VMs with networking and datastore management +icon: ../../../../.icons/box-emoji.svg +maintainer_github: coder +verified: true +tags: [vm, linux, vsphere, vmware, enterprise, on-premises, persistent-vm] +--- + +# Remote Development on VMware vSphere VMs (Linux) + +Provision VMware vSphere VMs as [Coder workspaces](https://coder.com/docs/workspaces) with this enterprise-ready template. This template provides comprehensive VM configuration, networking setup, and datastore management for on-premises deployments. + +## Prerequisites + +### vSphere Environment + +- VMware vSphere 6.7 or later +- vCenter Server access +- At least one ESXi host in a cluster +- A VM template with Linux OS (Ubuntu 20.04+ recommended) +- Network connectivity between Coder server and vSphere environment + +### Authentication + +This template authenticates to vSphere using the provider's [authentication methods](https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs#authentication). The recommended approach is via environment variables: + +```bash +export VSPHERE_USER="your-username@vsphere.local" +export VSPHERE_PASSWORD="your-password" +export VSPHERE_SERVER="vcenter.company.com" +export VSPHERE_ALLOW_UNVERIFIED_SSL="true" # Only for testing +``` + +Alternatively, configure the provider directly in the template or use a `.terraformrc` file. + +### Required vSphere Permissions + +The user account needs the following minimum permissions on the relevant vSphere objects: + +#### Datacenter Level +- **Virtual Machine > Configuration > All** +- **Virtual Machine > Interaction > All** +- **Virtual Machine > Inventory > All** +- **Virtual Machine > Provisioning > All** + +#### Datastore Level +- **Datastore > Allocate space** +- **Datastore > Browse datastore** +- **Datastore > Low level file operations** + +#### Network Level +- **Network > Assign network** + +#### Resource Pool/Cluster Level +- **Resource > Assign virtual machine to resource pool** + +## Configuration Parameters + +| Parameter | Description | Default | Required | +|-----------|-------------|---------|----------| +| `vsphere_server` | vSphere server hostname or IP | - | ✓ | +| `datacenter` | vSphere datacenter name | `datacenter1` | ✓ | +| `cluster` | vSphere cluster name | `cluster1` | ✓ | +| `datastore` | Datastore for VM storage | - | ✓ | +| `network` | Network/port group name | `VM Network` | ✓ | +| `template_name` | VM template to clone from | - | ✓ | +| `cpu_count` | Number of virtual CPUs | `2` | - | +| `memory` | Memory in MB | `4096` | - | +| `disk_size` | Primary disk size in GB | `50` | - | + +## Architecture + +This template provisions the following resources: + +### Infrastructure Components +- **VMware vSphere Virtual Machine** - Primary compute resource +- **Virtual Network Interface** - Connected to specified port group +- **Virtual Disk** - Thin-provisioned storage on specified datastore +- **Resource Pool Assignment** - VM assigned to cluster resource pool + +### Coder Integration +- **Coder Agent** - Installed automatically via SSH provisioner +- **Code Server** - Web-based VS Code interface +- **JetBrains Gateway** - Support for JetBrains IDEs +- **Workspace Metadata** - VM details displayed in Coder dashboard + +### Network Configuration + +The template supports various vSphere networking configurations: + +- **Standard vSwitches** - Traditional port groups +- **Distributed vSwitches** - Enterprise networking with advanced features +- **NSX Networks** - Software-defined networking integration +- **DHCP or Static IP** - Configurable via guest customization + +### Datastore Management + +Supports multiple datastore types: +- **VMFS** - Traditional vSphere datastores +- **NFS** - Network-attached storage +- **vSAN** - Software-defined storage +- **Datastore Clusters** - Storage DRS for automated placement + +## VM Template Requirements + +Your vSphere VM template should meet these requirements: + +### Operating System +- Ubuntu 20.04 LTS or later (recommended) +- CentOS 8+ or RHEL 8+ +- Other Linux distributions with SSH and cloud-init support + +### Required Software +- **SSH server** - For Coder agent installation +- **Cloud-init** (recommended) - For guest customization +- **VMware Tools** - For better guest integration +- **sudo access** - For the default user account + +### User Account +Create a user account (e.g., `coder`) with: +- sudo privileges without password prompt +- SSH key-based authentication (optional but recommended) +- Home directory with appropriate permissions + +### Example cloud-init Configuration +```yaml +#cloud-config +users: + - name: coder + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + groups: sudo, docker + home: /home/coder + +packages: + - curl + - wget + - git + - vim + - htop + - docker.io + +runcmd: + - systemctl enable docker + - usermod -aG docker coder +``` + +## Security Considerations + +### Network Security +- Ensure proper firewall rules between Coder server and vSphere environment +- Use VPNs or private networks for sensitive environments +- Configure network segmentation for workspace isolation + +### Access Control +- Use dedicated service accounts with minimal required permissions +- Implement vSphere role-based access control (RBAC) +- Enable audit logging for vSphere operations + +### VM Security +- Keep VM templates updated with latest security patches +- Use encrypted datastores for sensitive workloads +- Implement guest-level security controls + +## Customization Examples + +### Custom VM Specifications +```hcl +# Add to data "coder_parameter" blocks for custom sizing +data "coder_parameter" "custom_cpu" { + name = "cpu_count" + display_name = "CPU Count" + default = "4" + option { + name = "High Performance (16 vCPUs)" + value = "16" + } +} +``` + +### Multiple Network Interfaces +```hcl +# Add additional network interfaces +network_interface { + network_id = data.vsphere_network.management.id + adapter_type = "vmxnet3" +} + +network_interface { + network_id = data.vsphere_network.storage.id + adapter_type = "vmxnet3" +} +``` + +### Additional Datastores +```hcl +# Add data disk on different datastore +disk { + label = "data-disk" + size = 500 + thin_provisioned = true + unit_number = 1 + datastore_id = data.vsphere_datastore.fast_storage.id +} +``` + +### GPU Passthrough +```hcl +# Enable GPU for AI/ML workloads +resource "vsphere_virtual_machine" "vm" { + # ... other configuration ... + + pci_device_id = [data.vsphere_pci_device.gpu.id] + memory_reservation = tonumber(data.coder_parameter.memory.value) +} +``` + +## Troubleshooting + +### Common Issues + +#### 1. Template Clone Failures +``` +Error: error cloning virtual machine: The operation is not supported on the object +``` +**Solution**: Ensure the VM template is properly configured and not powered on. + +#### 2. Network Configuration Issues +``` +Error: network interface not found +``` +**Solution**: Verify the network/port group name exists in the specified datacenter. + +#### 3. Insufficient Permissions +``` +Error: permission denied +``` +**Solution**: Review and assign the required vSphere permissions listed above. + +#### 4. Agent Connection Timeouts +``` +Error: timeout waiting for agent to connect +``` +**Solution**: +- Check SSH connectivity between Coder and the VM +- Verify firewall rules allow traffic on required ports +- Ensure the VM template has SSH server enabled + +### Debugging Steps + +1. **Verify vSphere Connectivity** + ```bash + # Test vSphere API access + curl -k "https://$VSPHERE_SERVER/rest/com/vmware/cis/session" \ + -X POST -u "$VSPHERE_USER:$VSPHERE_PASSWORD" + ``` + +2. **Check VM Power State** + - Verify VMs power on/off correctly based on workspace state + - Check vSphere events for error messages + +3. **Network Troubleshooting** + - Ping test between Coder server and VM + - Verify DNS resolution if using hostnames + - Check vSphere port group configuration + +4. **Agent Logs** + ```bash + # On the VM, check Coder agent logs + journalctl -u coder-agent -f + ``` + +## Performance Optimization + +### Resource Allocation +- Enable CPU and memory hot-add for dynamic scaling +- Use thin-provisioned disks to optimize storage utilization +- Configure appropriate CPU/memory reservations for guaranteed resources + +### Storage Performance +- Use SSD-backed datastores for better I/O performance +- Enable Storage DRS for automatic load balancing +- Consider vSAN for software-defined storage benefits + +### Network Performance +- Use VMXNET3 network adapters for best performance +- Configure distributed vSwitches for advanced networking features +- Implement network I/O control for bandwidth management + +## Integration Examples + +### CI/CD Integration +This template works well with CI/CD pipelines: + +```yaml +# Example GitHub Actions workflow +name: Deploy Development Environment +on: + push: + branches: [develop] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Create Coder Workspace + run: | + coder create --template=vsphere-linux \ + --parameter datacenter=prod-dc \ + --parameter cluster=dev-cluster \ + --parameter datastore=dev-storage \ + dev-${{ github.sha }} +``` + +### Monitoring Integration +```hcl +# Add monitoring agent to startup script +resource "coder_agent" "dev" { + startup_script = <<-EOT + # Install monitoring agent + curl -sSL https://monitoring.company.com/install.sh | bash + + # Configure workspace-specific monitoring + echo "workspace.name=${data.coder_workspace.me.name}" >> /etc/monitoring/config + EOT +} +``` + +## Best Practices + +1. **Template Management** + - Regularly update VM templates with security patches + - Use automation tools like Packer for template creation + - Maintain separate templates for different use cases + +2. **Resource Management** + - Set appropriate resource limits to prevent over-allocation + - Use resource pools to organize and limit workspace resources + - Monitor resource utilization across workspaces + +3. **Backup and Recovery** + - Implement regular VM snapshots for data protection + - Use vSphere backup solutions for workspace data + - Document recovery procedures + +4. **Cost Optimization** + - Automatically power off idle workspaces + - Use thin provisioning to optimize storage usage + - Implement resource quotas and governance policies + +## Support + +For issues specific to this template: +- Check the [Coder documentation](https://coder.com/docs) +- Visit [Coder Community](https://github.com/coder/coder/discussions) +- Review [vSphere provider documentation](https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs) + +For vSphere-specific issues: +- Consult VMware documentation +- Contact your vSphere administrator +- Check VMware support resources \ No newline at end of file diff --git a/registry/coder/templates/vsphere-linux/main.tf b/registry/coder/templates/vsphere-linux/main.tf new file mode 100644 index 00000000..93943a1b --- /dev/null +++ b/registry/coder/templates/vsphere-linux/main.tf @@ -0,0 +1,404 @@ +terraform { + required_providers { + coder = { + source = "coder/coder" + } + vsphere = { + source = "vmware/vsphere" + } + } +} + +# vSphere server configuration +data "coder_parameter" "vsphere_server" { + name = "vsphere_server" + display_name = "vSphere Server" + description = "The vSphere server hostname or IP address" + type = "string" + mutable = false +} + +data "coder_parameter" "datacenter" { + name = "datacenter" + display_name = "Datacenter" + description = "The vSphere datacenter name" + type = "string" + default = "datacenter1" + mutable = false +} + +data "coder_parameter" "cluster" { + name = "cluster" + display_name = "Cluster" + description = "The vSphere cluster name" + type = "string" + default = "cluster1" + mutable = false +} + +data "coder_parameter" "datastore" { + name = "datastore" + display_name = "Datastore" + description = "The vSphere datastore name for VM storage" + type = "string" + mutable = false +} + +data "coder_parameter" "network" { + name = "network" + display_name = "Network" + description = "The vSphere network/port group name" + type = "string" + default = "VM Network" + mutable = false +} + +data "coder_parameter" "template_name" { + name = "template_name" + display_name = "VM Template" + description = "The vSphere VM template name to clone from" + type = "string" + mutable = false +} + +data "coder_parameter" "cpu_count" { + name = "cpu_count" + display_name = "CPU Count" + description = "Number of virtual CPUs for the VM" + default = "2" + mutable = false + option { + name = "2 vCPUs" + value = "2" + } + option { + name = "4 vCPUs" + value = "4" + } + option { + name = "8 vCPUs" + value = "8" + } + option { + name = "16 vCPUs" + value = "16" + } +} + +data "coder_parameter" "memory" { + name = "memory" + display_name = "Memory (MB)" + description = "Amount of memory in MB for the VM" + default = "4096" + mutable = false + option { + name = "2 GB" + value = "2048" + } + option { + name = "4 GB" + value = "4096" + } + option { + name = "8 GB" + value = "8192" + } + option { + name = "16 GB" + value = "16384" + } + option { + name = "32 GB" + value = "32768" + } +} + +data "coder_parameter" "disk_size" { + name = "disk_size" + display_name = "Disk Size (GB)" + description = "Size of the primary disk in GB" + default = "50" + mutable = false + option { + name = "50 GB" + value = "50" + } + option { + name = "100 GB" + value = "100" + } + option { + name = "200 GB" + value = "200" + } + option { + name = "500 GB" + value = "500" + } +} + +# Variables for provider configuration (can be set via environment variables) +variable "vsphere_user" { + description = "vSphere username" + type = string + default = "" + sensitive = true +} + +variable "vsphere_password" { + description = "vSphere password" + type = string + default = "" + sensitive = true +} + +# vSphere provider configuration +provider "vsphere" { + # vSphere server will be provided via environment variable VSPHERE_SERVER + # or can be set directly here for testing + vsphere_server = "localhost:8989" # For Docker simulator + user = var.vsphere_user != "" ? var.vsphere_user : null + password = var.vsphere_password != "" ? var.vsphere_password : null + + # Allow unverified SSL (set to false in production) + allow_unverified_ssl = true +} + +# Coder workspace and owner data +data "coder_workspace" "me" {} +data "coder_workspace_owner" "me" {} + +# vSphere data sources +data "vsphere_datacenter" "dc" { + name = data.coder_parameter.datacenter.value +} + +data "vsphere_compute_cluster" "cluster" { + name = data.coder_parameter.cluster.value + datacenter_id = data.vsphere_datacenter.dc.id +} + +data "vsphere_datastore" "datastore" { + name = data.coder_parameter.datastore.value + datacenter_id = data.vsphere_datacenter.dc.id +} + +data "vsphere_network" "network" { + name = data.coder_parameter.network.value + datacenter_id = data.vsphere_datacenter.dc.id +} + +data "vsphere_virtual_machine" "template" { + name = data.coder_parameter.template_name.value + datacenter_id = data.vsphere_datacenter.dc.id +} + +# Coder agent for workspace connectivity +resource "coder_agent" "dev" { + count = data.coder_workspace.me.start_count + arch = "amd64" + os = "linux" + startup_script = <<-EOT + set -e + + # Install basic development tools + sudo apt-get update + sudo apt-get install -y curl wget git vim htop + + # Add any additional startup commands here + EOT + + metadata { + key = "cpu" + display_name = "CPU Usage" + interval = 5 + timeout = 5 + script = "coder stat cpu" + } + metadata { + key = "memory" + display_name = "Memory Usage" + interval = 5 + timeout = 5 + script = "coder stat mem" + } + metadata { + key = "disk" + display_name = "Disk Usage" + interval = 600 + timeout = 30 + script = "coder stat disk --path $HOME" + } +} + +# Code Server module for web-based IDE +module "code-server" { + count = data.coder_workspace.me.start_count + source = "registry.coder.com/modules/code-server/coder" + + version = "~> 1.0" + + agent_id = coder_agent.dev[0].id + order = 1 +} + +# JetBrains Gateway module for IDE support +module "jetbrains_gateway" { + count = data.coder_workspace.me.start_count + source = "registry.coder.com/modules/jetbrains-gateway/coder" + + jetbrains_ides = ["IU", "PY", "WS", "PS", "RD", "CL", "GO", "RM"] + default = "IU" + folder = "/home/coder" + version = "~> 1.0" + + agent_id = coder_agent.dev[0].id + agent_name = "dev" + order = 2 +} + +# Local variables for VM configuration +locals { + vm_name = "coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}" +} + +# vSphere Virtual Machine +resource "vsphere_virtual_machine" "vm" { + name = local.vm_name + resource_pool_id = data.vsphere_compute_cluster.cluster.resource_pool_id + datastore_id = data.vsphere_datastore.datastore.id + folder = "coder-workspaces" + + # VM specifications + num_cpus = tonumber(data.coder_parameter.cpu_count.value) + memory = tonumber(data.coder_parameter.memory.value) + + # Guest OS configuration + guest_id = data.vsphere_virtual_machine.template.guest_id + firmware = data.vsphere_virtual_machine.template.firmware + scsi_type = data.vsphere_virtual_machine.template.scsi_type + + # Network interface configuration + network_interface { + network_id = data.vsphere_network.network.id + adapter_type = data.vsphere_virtual_machine.template.network_interface_types[0] + } + + # Disk configuration + disk { + label = "disk0" + size = tonumber(data.coder_parameter.disk_size.value) + thin_provisioned = true + unit_number = 0 + } + + # Clone configuration from template + clone { + template_uuid = data.vsphere_virtual_machine.template.id + + customize { + linux_options { + host_name = local.vm_name + domain = "local" + } + + network_interface { + ipv4_address = "" # Use DHCP + ipv4_netmask = 0 # Use DHCP + } + } + } + + # VM will be powered on by default during creation + + # Extra configuration for better performance + enable_disk_uuid = true + cpu_hot_add_enabled = true + memory_hot_add_enabled = true + + # VM tools configuration + wait_for_guest_net_timeout = 5 + wait_for_guest_ip_timeout = 5 + + # Connection for agent initialization + connection { + type = "ssh" + host = self.default_ip_address + user = "coder" # Adjust based on your template + timeout = "15m" + } + + # Install Coder agent + provisioner "remote-exec" { + inline = [ + "sudo mkdir -p /opt/coder", + "echo '${try(coder_agent.dev[0].init_script, "")}' | sudo tee /opt/coder/init.sh", + "sudo chmod +x /opt/coder/init.sh", + "sudo /opt/coder/init.sh" + ] + } + + tags = [ + "coder.workspace:${data.coder_workspace.me.name}", + "coder.workspace_id:${data.coder_workspace.me.id}", + "coder.owner:${data.coder_workspace_owner.me.name}", + "coder.provisioned:true" + ] + + lifecycle { + ignore_changes = [ + clone[0].template_uuid, + clone[0].customize[0].network_interface[0].ipv4_address, + clone[0].customize[0].network_interface[0].ipv6_address, + ] + } +} + +# Note: VM power management in vSphere requires additional setup +# For production use, consider implementing power management via: +# 1. vSphere API calls using local-exec provisioner +# 2. External automation tools (Ansible, PowerCLI) +# 3. Custom Terraform provider modules + +# Workspace metadata display +resource "coder_metadata" "workspace_info" { + count = data.coder_workspace.me.start_count + resource_id = vsphere_virtual_machine.vm.id + + item { + key = "datacenter" + value = data.coder_parameter.datacenter.value + } + item { + key = "cluster" + value = data.coder_parameter.cluster.value + } + item { + key = "datastore" + value = data.coder_parameter.datastore.value + } + item { + key = "network" + value = data.coder_parameter.network.value + } + item { + key = "cpu_count" + value = data.coder_parameter.cpu_count.value + } + item { + key = "memory_mb" + value = data.coder_parameter.memory.value + } + item { + key = "disk_size_gb" + value = data.coder_parameter.disk_size.value + } + item { + key = "vm_name" + value = local.vm_name + } + item { + key = "ip_address" + value = vsphere_virtual_machine.vm.default_ip_address + } +} \ No newline at end of file From b006e9db8f02080f8665c47ee700c2133dc8f2d6 Mon Sep 17 00:00:00 2001 From: Rishi Mondal Date: Sat, 12 Jul 2025 03:12:21 +0530 Subject: [PATCH 2/2] lint fix --- .../coder/templates/vsphere-linux/README.md | 74 ++++++++++++++----- 1 file changed, 55 insertions(+), 19 deletions(-) diff --git a/registry/coder/templates/vsphere-linux/README.md b/registry/coder/templates/vsphere-linux/README.md index 57890126..042a9f08 100644 --- a/registry/coder/templates/vsphere-linux/README.md +++ b/registry/coder/templates/vsphere-linux/README.md @@ -29,7 +29,7 @@ This template authenticates to vSphere using the provider's [authentication meth export VSPHERE_USER="your-username@vsphere.local" export VSPHERE_PASSWORD="your-password" export VSPHERE_SERVER="vcenter.company.com" -export VSPHERE_ALLOW_UNVERIFIED_SSL="true" # Only for testing +export VSPHERE_ALLOW_UNVERIFIED_SSL="true" # Only for testing ``` Alternatively, configure the provider directly in the template or use a `.terraformrc` file. @@ -39,47 +39,53 @@ Alternatively, configure the provider directly in the template or use a `.terraf The user account needs the following minimum permissions on the relevant vSphere objects: #### Datacenter Level + - **Virtual Machine > Configuration > All** - **Virtual Machine > Interaction > All** - **Virtual Machine > Inventory > All** - **Virtual Machine > Provisioning > All** #### Datastore Level + - **Datastore > Allocate space** - **Datastore > Browse datastore** - **Datastore > Low level file operations** #### Network Level + - **Network > Assign network** #### Resource Pool/Cluster Level + - **Resource > Assign virtual machine to resource pool** ## Configuration Parameters -| Parameter | Description | Default | Required | -|-----------|-------------|---------|----------| -| `vsphere_server` | vSphere server hostname or IP | - | ✓ | -| `datacenter` | vSphere datacenter name | `datacenter1` | ✓ | -| `cluster` | vSphere cluster name | `cluster1` | ✓ | -| `datastore` | Datastore for VM storage | - | ✓ | -| `network` | Network/port group name | `VM Network` | ✓ | -| `template_name` | VM template to clone from | - | ✓ | -| `cpu_count` | Number of virtual CPUs | `2` | - | -| `memory` | Memory in MB | `4096` | - | -| `disk_size` | Primary disk size in GB | `50` | - | +| Parameter | Description | Default | Required | +| ---------------- | ----------------------------- | ------------- | -------- | +| `vsphere_server` | vSphere server hostname or IP | - | ✓ | +| `datacenter` | vSphere datacenter name | `datacenter1` | ✓ | +| `cluster` | vSphere cluster name | `cluster1` | ✓ | +| `datastore` | Datastore for VM storage | - | ✓ | +| `network` | Network/port group name | `VM Network` | ✓ | +| `template_name` | VM template to clone from | - | ✓ | +| `cpu_count` | Number of virtual CPUs | `2` | - | +| `memory` | Memory in MB | `4096` | - | +| `disk_size` | Primary disk size in GB | `50` | - | ## Architecture This template provisions the following resources: ### Infrastructure Components + - **VMware vSphere Virtual Machine** - Primary compute resource - **Virtual Network Interface** - Connected to specified port group - **Virtual Disk** - Thin-provisioned storage on specified datastore - **Resource Pool Assignment** - VM assigned to cluster resource pool ### Coder Integration + - **Coder Agent** - Installed automatically via SSH provisioner - **Code Server** - Web-based VS Code interface - **JetBrains Gateway** - Support for JetBrains IDEs @@ -97,6 +103,7 @@ The template supports various vSphere networking configurations: ### Datastore Management Supports multiple datastore types: + - **VMFS** - Traditional vSphere datastores - **NFS** - Network-attached storage - **vSAN** - Software-defined storage @@ -107,23 +114,28 @@ Supports multiple datastore types: Your vSphere VM template should meet these requirements: ### Operating System + - Ubuntu 20.04 LTS or later (recommended) - CentOS 8+ or RHEL 8+ - Other Linux distributions with SSH and cloud-init support ### Required Software + - **SSH server** - For Coder agent installation - **Cloud-init** (recommended) - For guest customization - **VMware Tools** - For better guest integration - **sudo access** - For the default user account ### User Account + Create a user account (e.g., `coder`) with: + - sudo privileges without password prompt - SSH key-based authentication (optional but recommended) - Home directory with appropriate permissions ### Example cloud-init Configuration + ```yaml #cloud-config users: @@ -132,7 +144,7 @@ users: shell: /bin/bash groups: sudo, docker home: /home/coder - + packages: - curl - wget @@ -140,7 +152,7 @@ packages: - vim - htop - docker.io - + runcmd: - systemctl enable docker - usermod -aG docker coder @@ -149,16 +161,19 @@ runcmd: ## Security Considerations ### Network Security + - Ensure proper firewall rules between Coder server and vSphere environment - Use VPNs or private networks for sensitive environments - Configure network segmentation for workspace isolation ### Access Control + - Use dedicated service accounts with minimal required permissions - Implement vSphere role-based access control (RBAC) - Enable audit logging for vSphere operations ### VM Security + - Keep VM templates updated with latest security patches - Use encrypted datastores for sensitive workloads - Implement guest-level security controls @@ -166,6 +181,7 @@ runcmd: ## Customization Examples ### Custom VM Specifications + ```hcl # Add to data "coder_parameter" blocks for custom sizing data "coder_parameter" "custom_cpu" { @@ -180,6 +196,7 @@ data "coder_parameter" "custom_cpu" { ``` ### Multiple Network Interfaces + ```hcl # Add additional network interfaces network_interface { @@ -194,6 +211,7 @@ network_interface { ``` ### Additional Datastores + ```hcl # Add data disk on different datastore disk { @@ -206,11 +224,12 @@ disk { ``` ### GPU Passthrough + ```hcl # Enable GPU for AI/ML workloads resource "vsphere_virtual_machine" "vm" { # ... other configuration ... - + pci_device_id = [data.vsphere_pci_device.gpu.id] memory_reservation = tonumber(data.coder_parameter.memory.value) } @@ -221,28 +240,37 @@ resource "vsphere_virtual_machine" "vm" { ### Common Issues #### 1. Template Clone Failures + ``` Error: error cloning virtual machine: The operation is not supported on the object ``` + **Solution**: Ensure the VM template is properly configured and not powered on. #### 2. Network Configuration Issues + ``` Error: network interface not found ``` + **Solution**: Verify the network/port group name exists in the specified datacenter. #### 3. Insufficient Permissions + ``` Error: permission denied ``` + **Solution**: Review and assign the required vSphere permissions listed above. #### 4. Agent Connection Timeouts + ``` Error: timeout waiting for agent to connect ``` -**Solution**: + +**Solution**: + - Check SSH connectivity between Coder and the VM - Verify firewall rules allow traffic on required ports - Ensure the VM template has SSH server enabled @@ -250,6 +278,7 @@ Error: timeout waiting for agent to connect ### Debugging Steps 1. **Verify vSphere Connectivity** + ```bash # Test vSphere API access curl -k "https://$VSPHERE_SERVER/rest/com/vmware/cis/session" \ @@ -274,16 +303,19 @@ Error: timeout waiting for agent to connect ## Performance Optimization ### Resource Allocation + - Enable CPU and memory hot-add for dynamic scaling - Use thin-provisioned disks to optimize storage utilization - Configure appropriate CPU/memory reservations for guaranteed resources ### Storage Performance + - Use SSD-backed datastores for better I/O performance - Enable Storage DRS for automatic load balancing - Consider vSAN for software-defined storage benefits ### Network Performance + - Use VMXNET3 network adapters for best performance - Configure distributed vSwitches for advanced networking features - Implement network I/O control for bandwidth management @@ -291,6 +323,7 @@ Error: timeout waiting for agent to connect ## Integration Examples ### CI/CD Integration + This template works well with CI/CD pipelines: ```yaml @@ -299,7 +332,7 @@ name: Deploy Development Environment on: push: branches: [develop] - + jobs: deploy: runs-on: ubuntu-latest @@ -315,13 +348,14 @@ jobs: ``` ### Monitoring Integration + ```hcl # Add monitoring agent to startup script resource "coder_agent" "dev" { startup_script = <<-EOT # Install monitoring agent curl -sSL https://monitoring.company.com/install.sh | bash - + # Configure workspace-specific monitoring echo "workspace.name=${data.coder_workspace.me.name}" >> /etc/monitoring/config EOT @@ -353,11 +387,13 @@ resource "coder_agent" "dev" { ## Support For issues specific to this template: + - Check the [Coder documentation](https://coder.com/docs) - Visit [Coder Community](https://github.com/coder/coder/discussions) - Review [vSphere provider documentation](https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs) For vSphere-specific issues: + - Consult VMware documentation - Contact your vSphere administrator -- Check VMware support resources \ No newline at end of file +- Check VMware support resources