Skip to content

Terraform - Getting Started

OPENSTACK CLOUD

In this guide we will see how to use Terraform with Infomaniak Public Cloud infrastructure.

To get started you need some prerequisites:

  • Download your Openstack configuration from the Infomaniak Manager or Openstack Dashboard
  • The Terraform binary must be installed on your system
  • An existing SSH keypair

Create Terraform file and configure Openstack provider

Create a folder named like you want to contain all data generated by Terraform for your deployment

mkdir web-server

In this folder create a new file named main.tf

touch main.tf

Edit this file and copy the content bellow.

# Define required providers
terraform {
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "1.44.0"
    }
  }
}

# Configure the OpenStack Provider
provider "openstack" {
  auth_url = "https://api.pub1.infomaniak.cloud/identity"
  region = "dc3-a"
  user_name = "PCU-XXXXXXX"
  password = "your_password"
  user_domain_name = "Default"
  project_domain_id = "default"
  tenant_id = "your_tenant_id"
  tenant_name = "PCP-XXXXXXX"
}

The first section defined the provider used by Terraform for this deployment, you don't need to do any change in this section.

The second section is the configuration of the provider. In this section you need to perform changes to use Infomaniak Public Cloud.

To complete informations on this section, open your Openstack configuration file and use values in this one to complete Openstack provider fields based on the matrix bellow.

Terraform provider field Openstack configuration Field
auth_url OS_AUTH_URL
region OS_REGION_NAME
user_name OS_USERNAME
password OS_PASSWORD
user_domain_name OS_USER_DOMAIN_NAME
project_domain_id OS_PROJECT_DOMAIN_ID
tenant_id OS_PROJECT_ID
tenant_name OS_PROJECT_NAME

Once you have completed all informations for the proviver you can begin deploy ressources.

Deploy your first instance with Terraform

Now we will deploy a simple web server using Terraform.

Create a key pair

To create a key pair you have two choices using your own public key or generate a new one.

Using my own public key

Using your own public key is simple just add the content bellow at the end of main.tf file. Replace "keypair_name" with a name of your choice. To define the "public_key" value you must copy your entire public key on one line.

# Upload public key
resource "openstack_compute_keypair_v2" "keypair_name" {
  name = "keypair_name"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1MvU9Df0n2UBaII35aFuM9pQaQd1NEJOrB6xLNs43Ca6OoL7+7mv8C2pTr4DvqNhGoCEZuZULo8ArBixZtqFYgJHZY0a5FtjqO8azyFycUcNK7QSM265tiN6CJwyepcw0P6Ucsvjeu5wLwyylUInYH7qzYKV2F85vMIkWA+r1a5xLA8M/DDw/jwIGnuU9GxDMmB/hIbj4A5tOpppyPhQxJX8BJlyiXF2PDzVTKjVEB3TWcnHRAUqFu/0V2Gft5ZCqXwiNpboms6AVJYKPbNWmVf+JrEjVcaOEwZnzyB0tcpeIbW/bwIEJmygHLttHDsfsLZN1El/nO/SZFOZ8/K02QE8h4hCjjHmffK2CEqToGaMhwnCZWGrQq+Q1tQnISZ6uNYLotklRkHh8889knIrLGL2x0q811pbFE7pMe3TTdcs+N+ZPdmMLkJhHai91rwfVtYsKFaRomp8RNMDKOic3U2wQJ4qAf2cqs084ird/tMsCYedZfx5rAqT3TyDB8JDNEVd1ie+9m5K2xQqVVOYUCtbemF6g99F6AqfsYAGpLC4BGGk2mbZCg3baDfJh8n2e6wgM8+eb9kQP5ExGDow7NahSlP+uuAgncCRE8AEpSQPrfpiW207IGI2MLo2iFCjuhwRSdhYzy3mYlUIJvectuO9wMcLsMGBrYuaomPiyCw== cardno:000605009830"
}

Generate a new keypair

To generate a new keypair just paste the content bellow and defined the name of the new keypair.

resource "openstack_compute_keypair_v2" "keypair_name" {
  name = "keypair_name"
}

Create a security group

By default Infomaniak Public Cloud block all traffic for new instances. To allow traffic you must add rules in the default security group or create a new one. In this tutorial we will create a new security group will allowing traffic on port 22 (SSH), 80 (HTTP) and 443 (HTTPS).

To create the new security group just add the content bellow after the keypair section, and define the name and the descprition.

# Create a web security group
resource "openstack_compute_secgroup_v2" "security_group_name" {
  name        = "security_group_name"
  description = "Security Group Description"

  rule {
    from_port   = 22
    to_port     = 22
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }

  rule {
    from_port   = 80
    to_port     = 80
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }

  rule {
    from_port   = 443
    to_port     = 443
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }
}

Create an instance

To launch a new instance you need the following informations: - Image ID - Flavor Name - Network Name

All of the informations can be retrieve on Openstack Dashboard or by Openstack CLI client

Add the following content after the security group section and replace:

  • instance_name: Name of your instance (example: web-server)
  • image_id: ID of the image you want use (example: 9be06f9c-a8e8-4f33-b41e-d35f29667fcb)
  • flavor_name: Name of the flavor you want use (example: a1-ram2-disk80-perf1)
  • keypair_name: Name of the keypair define previously
  • security_group_name: Name of the security group define previously
# Create a web server
resource "openstack_compute_instance_v2" "instance_name" {
  name            = "instance_name"
  image_id        = "image_id"
  flavor_name     = "flavor_name"
  key_pair        = "keypair_name"
  security_groups = ["security_group_name"]

  metadata = {
    application = "web-app"
  }

  network {
    name = "ext-net1"
  }
}

Once you have finish to editing the file, main.tf should be seem like this:

# Define required providers
terraform {
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "1.44.0"
    }
  }
}

# Configure the OpenStack Provider
provider "openstack" {
  auth_url = "https://api.pub1.infomaniak.cloud/identity"
  region = "dc3-a"
  user_name = "PCU-XXXXXXX"
  password = "your_password"
  user_domain_name = "Default"
  project_domain_id = "default"
  tenant_id = "your_tenant_id"
  tenant_name = "PCP-XXXXXXX"
}

# Upload public key
resource "openstack_compute_keypair_v2" "web-keypair" {
  name = "web-keypair"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1MvU9Df0n2UBaII35aFuM9pQaQd1NEJOrB6xLNs43Ca6OoL7+7mv8C2pTr4DvqNhGoCEZuZULo8ArBixZtqFYgJHZY0a5FtjqO8azyFycUcNK7QSM265tiN6CJwyepcw0P6Ucsvjeu5wLwyylUInYH7qzYKV2F85vMIkWA+r1a5xLA8M/DDw/jwIGnuU9GxDMmB/hIbj4A5tOpppyPhQxJX8BJlyiXF2PDzVTKjVEB3TWcnHRAUqFu/0V2Gft5ZCqXwiNpboms6AVJYKPbNWmVf+JrEjVcaOEwZnzyB0tcpeIbW/bwIEJmygHLttHDsfsLZN1El/nO/SZFOZ8/K02QE8h4hCjjHmffK2CEqToGaMhwnCZWGrQq+Q1tQnISZ6uNYLotklRkHh8889knIrLGL2x0q811pbFE7pMe3TTdcs+N+ZPdmMLkJhHai91rwfVtYsKFaRomp8RNMDKOic3U2wQJ4qAf2cqs084ird/tMsCYedZfx5rAqT3TyDB8JDNEVd1ie+9m5K2xQqVVOYUCtbemF6g99F6AqfsYAGpLC4BGGk2mbZCg3baDfJh8n2e6wgM8+eb9kQP5ExGDow7NahSlP+uuAgncCRE8AEpSQPrfpiW207IGI2MLo2iFCjuhwRSdhYzy3mYlUIJvectuO9wMcLsMGBrYuaomPiyCw== cardno:000605009830"
}

# Create a web security group
resource "openstack_compute_secgroup_v2" "sg-web-front" {
  name        = "sg-web-front"
  description = "Security group for web front instances"

  rule {
    from_port   = 22
    to_port     = 22
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }

  rule {
    from_port   = 80
    to_port     = 80
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }

  rule {
    from_port   = 443
    to_port     = 443
    ip_protocol = "tcp"
    cidr        = "0.0.0.0/0"
  }
}

# Create a web server
resource "openstack_compute_instance_v2" "web-server" {
  name            = "web-server"
  image_id        = "9be06f9c-a8e8-4f33-b41e-d35f29667fcb"
  flavor_name     = "a1-ram2-disk80-perf1"
  key_pair        = "web-keypair"
  security_groups = ["sg-web-front"]

  metadata = {
    application = "web-app"
  }

  network {
    name = "ext-net1"
  }
}

Deploy the new infrastructure

To finish we just need to deploy the new configuration on the public cloud. To do this initialize Terraform with the command bellow the project folder (near main.tf)

terraform init
You should obtain a result like this:

Initializing the backend...

Initializing provider plugins...
- Finding terraform-provider-openstack/openstack versions matching "1.44.0"...
- Installing terraform-provider-openstack/openstack v1.44.0...
- Installed terraform-provider-openstack/openstack v1.44.0 (self-signed, key ID 4F80527A391BEFD2)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Validate the main.tf file

terraform validate
You should obtain a result like this:
Success! The configuration is valid.
And to finish deploy the ressources on the cloud:
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # openstack_compute_instance_v2.web-server will be created
  + resource "openstack_compute_instance_v2" "web-server" {
      + access_ip_v4        = (known after apply)
      + access_ip_v6        = (known after apply)
      + all_metadata        = (known after apply)
      + all_tags            = (known after apply)
      + availability_zone   = (known after apply)
      + flavor_id           = (known after apply)
      + flavor_name         = "a1-ram2-disk80-perf1"
      + force_delete        = false
      + id                  = (known after apply)
      + image_id            = "9be06f9c-a8e8-4f33-b41e-d35f29667fcb"
      + image_name          = (known after apply)
      + key_pair            = "web-keypair"
      + metadata            = {
          + "application" = "web-app"
        }
      + name                = "web-server"
      + power_state         = "active"
      + region              = (known after apply)
      + security_groups     = [
          + "sg-web-front",
        ]
      + stop_before_destroy = false

      + network {
          + access_network = false
          + fixed_ip_v4    = (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          + mac            = (known after apply)
          + name           = "ext-net1"
          + port           = (known after apply)
          + uuid           = (known after apply)
        }
    }

  # openstack_compute_keypair_v2.web-keypair will be created
  + resource "openstack_compute_keypair_v2" "web-keypair" {
      + fingerprint = (known after apply)
      + id          = (known after apply)
      + name        = "web-keypair"
      + private_key = (known after apply)
      + public_key  = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1MvU9Df0n2UBaII35aFuM9pQaQd1NEJOrB6xLNs43Ca6OoL7+7mv8C2pTr4DvqNhGoCEZuZULo8ArBixZtqFYgJHZY0a5FtjqO8azyFycUcNK7QSM265tiN6CJwyepcw0P6Ucsvjeu5wLwyylUInYH7qzYKV2F85vMIkWA+r1a5xLA8M/DDw/jwIGnuU9GxDMmB/hIbj4A5tOpppyPhQxJX8BJlyiXF2PDzVTKjVEB3TWcnHRAUqFu/0V2Gft5ZCqXwiNpboms6AVJYKPbNWmVf+JrEjVcaOEwZnzyB0tcpeIbW/bwIEJmygHLttHDsfsLZN1El/nO/SZFOZ8/K02QE8h4hCjjHmffK2CEqToGaMhwnCZWGrQq+Q1tQnISZ6uNYLotklRkHh8889knIrLGL2x0q811pbFE7pMe3TTdcs+N+ZPdmMLkJhHai91rwfVtYsKFaRomp8RNMDKOic3U2wQJ4qAf2cqs084ird/tMsCYedZfx5rAqT3TyDB8JDNEVd1ie+9m5K2xQqVVOYUCtbemF6g99F6AqfsYAGpLC4BGGk2mbZCg3baDfJh8n2e6wgM8+eb9kQP5ExGDow7NahSlP+uuAgncCRE8AEpSQPrfpiW207IGI2MLo2iFCjuhwRSdhYzy3mYlUIJvectuO9wMcLsMGBrYuaomPiyCw== cardno:000605009830"
      + region      = (known after apply)
    }

  # openstack_compute_secgroup_v2.sg-web-front will be created
  + resource "openstack_compute_secgroup_v2" "sg-web-front" {
      + description = "Security group for web front instances"
      + id          = (known after apply)
      + name        = "sg-web-front"
      + region      = (known after apply)

      + rule {
          + cidr        = "0.0.0.0/0"
          + from_port   = 22
          + id          = (known after apply)
          + ip_protocol = "tcp"
          + self        = false
          + to_port     = 22
        }
      + rule {
          + cidr        = "0.0.0.0/0"
          + from_port   = 443
          + id          = (known after apply)
          + ip_protocol = "tcp"
          + self        = false
          + to_port     = 443
        }
      + rule {
          + cidr        = "0.0.0.0/0"
          + from_port   = 80
          + id          = (known after apply)
          + ip_protocol = "tcp"
          + self        = false
          + to_port     = 80
        }
    }

Plan: 3 to add, 0 to change, 0 to destroy.
Type yes to confirm the deployment:

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

During the deployment you should obtain a result like this:

openstack_compute_keypair_v2.web-keypair: Creating...
openstack_compute_secgroup_v2.sg-web-front: Creating...
openstack_compute_instance_v2.web-server: Creating...
openstack_compute_keypair_v2.web-keypair: Creation complete after 0s [id=web-keypair]
openstack_compute_secgroup_v2.sg-web-front: Creation complete after 1s [id=fe0eb17d-9f2d-4117-a9eb-730951d68108]
openstack_compute_instance_v2.web-server: Still creating... [10s elapsed]
openstack_compute_instance_v2.web-server: Creation complete after 13s [id=5babb72a-8ccd-4f41-bdff-2476c3903e66]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Your ressources are now successfully deployed with Terrafom on Infomaniak Public Cloud.

Back to top