Provisioning Basic Instance on OpenStack using Terraform

Ach.Chusnul Chikam
6 min readJul 21, 2022

--

What is Terraform?

Terraform is a tool you can use to “sync” your infrastructure (VMs in Clouds, DNS records, etc.) with code you have written in configuration files. This is known as Infrastructure as Code. Knowing that your infrastructure is exactly what you expect it to be can simplify your operations significantly. You can have confidence that if anything changes, any images crash or are accidentally deleted, you can immediately rebuild your infrastructure.

Terraform supports many providers, allowing you to easily manage resources no matter where they are located. In this article, I would like to tell you about how to provision a basic instance on OpenStack with Terraform.

Requirements:

  • Endpoint keystone overcloud
  • Access user to openstack environment
  • Terraform project
  • OpenStack user role as admin
  • Terraform CLI (1.2.0+) installed
  • OpenStack Client installed

Provide Requirements on the OpenStack side:

Install OpenStack client on CentOS 7

sudo yum install https://rdoproject.org/repos/rdo-release.rpm
sudo yum upgrade
sudo yum install python-openstackclient
openstack --help
yum install bash-completion
openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
#Exit >< Relogin

Create RC file if needed to verify OpenStack resource from CLI

cat <<EOF> /home/stack/terraform-rc
for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done
export NOVA_VERSION=1.1
export COMPUTE_API_VERSION=1.1
export OS_USERNAME=XXXXX
export OS_PROJECT_NAME=XXXXXX
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_NO_CACHE=True
export OS_CLOUDNAME=terraform
export no_proxy=,10.1.1.100,192.168.240.50
export PYTHONWARNINGS='ignore:Certificate has no, ignore:A true SSLContext object is not available'
export OS_AUTH_TYPE=password
export OS_PASSWORD='XXXXXXXX'
export OS_AUTH_URL=http://192.168.240.50:5000
export OS_IDENTITY_API_VERSION=3
export OS_COMPUTE_API_VERSION=2.latest
export OS_IMAGE_API_VERSION=2
export OS_VOLUME_API_VERSION=3
export OS_REGION_NAME=regionOne
# Add OS_CLOUDNAME to PS1
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
export PS1=${PS1:-""}
export PS1=\${OS_CLOUDNAME:+"(\$OS_CLOUDNAME)"}\ $PS1
export CLOUDPROMPT_ENABLED=1
fi

Create a project, user and assign role as admin. This will use by Terraform to create resources.

source ~/terraform-rc
openstack project create --description 'terraform project' terraform
openstack user create --project terraform --password PASSWORD terra
openstack role add --project terraform --user terra admin

Install Terraform

Install Terraform on CentOS 7

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform
terraform -help

Create OpenStack Provider

The OpenStack provider is used to interact with the many resources supported by OpenStack. The provider needs to be configured with the proper credentials before it can be used. Let's follow this example:

Create a new directory and go into it

mkdir terraform
cd terraform

Create OpenStack provider configuration

#Create provider.tf
cat <<EOF> /home/stack/terraform/provider.tf
terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "1.47.0"
}
}
}
# Configure the OpenStack Provider credensial
provider "openstack" {
user_name = "terra"
tenant_name = "terraform"
password = "PASSWORD"
auth_url = "http://192.168.240.50:5000"
region = "regionOne"
}
EOF

Reference: https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs

When you create a new configuration or check out an existing configuration from version control you need to initialize the directory with terraform init.
Initializing a configuration directory downloads and installs the providers defined in the configuration, which in this case is the OpenStack provider.

terraform init

Write Configuration

The set of files used to describe infrastructure in Terraform is known as a Terraform configuration. You will write your first configuration to define a single OpenStack instance without public access.

Create network.tf file for resources that relate to network, subnet, security group.

cat <<EOF> /home/stack/terraform/network.tf
resource "openstack_networking_network_v2" "tf-network1" {
name = "tf-net"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "tf-subnet1" {
name = "tf-subnet"
network_id = "${openstack_networking_network_v2.tf-network1.id}"
cidr = "10.20.20.0/24"
ip_version = 4
}
resource "openstack_compute_secgroup_v2" "tf-secgroup1" {
name = "tf-secgroup"
description = "a security group by terraform"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
EOF

Create main.tf to create resources that relate flavor, volume, keypair, and instance

cat <<EOF> /home/stack/terraform/main.tf
resource "openstack_compute_instance_v2" "tf-vm1" {
name = "tf-vm"
image_name = "ubuntu20"
flavor_id = "${openstack_compute_flavor_v2.tf_flavor1.id}"
key_pair = "${openstack_compute_keypair_v2.tf-keypair.name}"
security_groups = ["${openstack_compute_secgroup_v2.tf-secgroup1.name}"]
network {
name = "${openstack_networking_network_v2.tf-network1.name}"
}
user_data = file("user_data.yaml")
}
resource "openstack_compute_flavor_v2" "tf_flavor1" {
name = "tf-flavor"
ram = "512"
vcpus = "1"
disk = "0"
is_public = true
}
resource "openstack_compute_keypair_v2" "tf-keypair" {
name = "terra-keypair"
}
resource "openstack_blockstorage_volume_v2" "tf-vol1" {
name = "myvolume"
size = 5
}
resource "openstack_compute_volume_attach_v2" "attached" {
instance_id = "${openstack_compute_instance_v2.tf-vm1.id}"
volume_id = "${openstack_blockstorage_volume_v2.tf-vol1.id}"
}
EOF

Create user_data.yaml file to inject password via cloud-init.

cat <<EOF> /home/stack/terraform/user_data.yaml
#cloud-config
ssh_pwauth: True
chpasswd:
list: |
root:root
ubuntu:ubuntu
expire: False
EOF

A complete configuration that you write can deploy a single instance on OpenStack with Terraform.

Create Infrastructure

Apply the configuration now with the terraform apply command. Terraform will print output similar to what is shown below. We have truncated some of the output to save space.

Before it applies any changes, Terraform prints out the execution plan which describes the actions Terraform will take in order to change your infrastructure to match the configuration. In this case the plan is acceptable, so type yes at the confirmation prompt to proceed. Executing the plan will take a few minutes since Terraform waits for the OpenStack instance to become available.

You have now created infrastructure using Terraform! Inspect the current state using terraform show.

terraform show

Verify Resources

Verify resources that have already been created with Terraform on OpenStack side using OpenStack CLI.

cat <<EOF> /home/stack/terraform/verify.sh
#!/bin/bash
source ~/terraformrc
echo -e "\n===== VERIFY VM =====\n"
openstack server list --project terraform
echo -e "\n===== VERIFY VOLUME =====\n"
openstack volume list --project terraform
echo -e "\n===== VERIFY FLAVOR =====\n"
openstack flavor list -f yaml | grep tf -A2 -B4
echo -e "\n===== VERIFY NETWORK =====\n"
openstack network list -f yaml | grep tf -A2 -B1
echo -e "\n===== VERIFY SUBNET =====\n"
openstack subnet list -f yaml | grep tf -A2 -B1
echo -e "\n===== VERIFY KEYPAIR =====\n"
openstack keypair list -f yaml
echo -e "\n===== VERIFY SECGROUP =====\n"
openstack security group list -f yaml | grep tf -A2 -B2
EOF
bash ~/terraform/verify.sh

Now, crosscheck on Horizon Dashboard.
1. Network

2. Security Group

3. Volume

4. Key pair

5. Inside VM

Destroy Infrastructure

The terraform destroy command terminates resources managed by your Terraform project. This command is the inverse of terraform apply in that it terminates all the resources specified in your Terraform state. It does not destroy resources running elsewhere that are not managed by the current Terraform project.

Destroy the resources you created.

Answer yes to execute this plan and destroy the infrastructure.

See other content

References :

#CentOS #Terraform #OpenStack #IaC #Hashicorp

--

--

Ach.Chusnul Chikam
Ach.Chusnul Chikam

Written by Ach.Chusnul Chikam

Cloud Consultant | RHCSA | CKA | AWS SAA | OpenStack | OpenShift | Ceph Certified | Google Cloud ACE | LinkedIn: https://www.linkedin.com/in/achchusnulchikam

No responses yet