After having an OpenStack production and home lab for a while, I can definitively say that provisioning a workload and managing it from an Admin and Tenant perspective is important.
Terraform is an open source Infrastructure-as-Code (IaC) software tool used for provisioning networks, servers, cloud platforms, and more. Terraform is a declarative language that can act as a blueprint of the infrastructure you're working on. You can manage it with Git, and it has a strong [GitOps][1] use case.
This article covers the basics of managing an OpenStack cluster using Terraform. I recreate the OpenStack Demo project using Terraform.
### Install Terraform
I use CentOS as a jump host, where I run Terraform. Based on the official documentation, the first step is to add the Hashicorp repository:
If you see a version number in return, you have installed Terraform.
### Create a Terraform script for the OpenStack provider
In Terraform, you need a provider. A provider is a converter that Terraform calls to convert your `.tf` into API calls to the platform you are orchestrating.
There are three types of providers: Official, Partner, and Community:
- Official providers are Hashicorp maintained.
- Partner providers are maintained by technology companies that partner with Hashicorp.
- Community providers are maintained by open source community members.
There is a good Community provider for OpenStack in this [link][2]. To use this provider, create a `.tf` file and call it `main.tf`.
```
$ vi main.tf
```
Add the following content to `main.tf`:
```
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “OS_TENANT”
password = “OS_PASSWORD”
auth_url = “OS_AUTH_URL”
region = “OS_REGION”
}
```
You need to change the **OS_USERNAME**, **OS_TENANT**, **OS_PASSWORD**, **OS_AUTH_URL**, and **OS_REGION** variables for it to work.
### Create an Admin Terraform file
OpenStack Admin files focus on provisioning external networks, routers, users, images, tenant profiles, and quotas.
This example provisions flavors, a router connected to an external network, a test image, a tenant profile, and a user.
First, create an `AdminTF` directory for the provisioning resources:
After creating the Terraform files, you need to initialize Terraform.
For Admin:
```
$ cd AdminTF
$ terraform init
$ terraform fmt
```
For Tenants:
```
$ cd TenantTF
$ terraform init
$ terraform fmt
```
Command explanation:
-`terraform init` downloads the provider from the registry to use in provisioning this project.
-`terraform fmt` formats the files for use in repositories.
### Create a Terraform plan
Next, create a plan for you to see what resources will be created.
For Admin:
```
$ cd AdminTF
$ terraform validate
$ terraform plan
```
For Tenants:
```
$ cd TenantTF
$ terraform validate
$ terraform plan
```
Command explanation:
-`terraform validate` validates whether the `.tf` syntax is correct.
-`terraform plan` creates a plan file in the cache where all managed resources can be tracked in creation and destroy.
### Apply your first TF
To deploy the resources, use the `terraform apply` command. This command applies all resource states in the plan file.
For Admin:
```
$ cd AdminTF
$ terraform apply
```
For Tenants:
```
$ cd TenantTF
$ terraform apply
```
### Next steps
Previously, I wrote an [article][3] on deploying a minimal OpenStack cluster on a Raspberry Pi. You can discover how to have more detailed [Terraform and Ansible][4] configurations and implement some CI/CD with GitLab.
