[#]: subject: "Use Terraform to manage an OpenStack cluster" [#]: via: "https://opensource.com/article/23/1/terraform-manage-openstack-cluster" [#]: author: "AJ Canlas https://opensource.com/users/ajscanlas" [#]: collector: "lkxed" [#]: translator: "geekpi" [#]: reviewer: " " [#]: publisher: " " [#]: url: " " Use Terraform to manage an OpenStack cluster ====== After having an OpenStack production and home lab for a while, I can definitively say that provisioning a workload and managing it from an Admin and Tenant perspective is important. Terraform is an open source Infrastructure-as-Code (IaC) software tool used for provisioning networks, servers, cloud platforms, and more. Terraform is a declarative language that can act as a blueprint of the infrastructure you're working on. You can manage it with Git, and it has a strong [GitOps][1] use case. This article covers the basics of managing an OpenStack cluster using Terraform. I recreate the OpenStack Demo project using Terraform. ### Install Terraform I use CentOS as a jump host, where I run Terraform. Based on the official documentation, the first step is to add the Hashicorp repository: ``` $ sudo dnf config-manager \ --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo ``` Next, install Terraform: ``` $ sudo dnf install terraform -y ``` Verify the installation: ``` $ terraform –version ``` If you see a version number in return, you have installed Terraform. ### Create a Terraform script for the OpenStack provider In Terraform, you need a provider. A provider is a converter that Terraform calls to convert your `.tf` into API calls to the platform you are orchestrating. There are three types of providers: Official, Partner, and Community: - Official providers are Hashicorp maintained. - Partner providers are maintained by technology companies that partner with Hashicorp. - Community providers are maintained by open source community members. There is a good Community provider for OpenStack in this [link][2]. To use this provider, create a `.tf` file and call it `main.tf`. ``` $ vi main.tf ``` Add the following content to `main.tf`: ``` terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = “OS_USERNAME” tenant_name = “OS_TENANT” password = “OS_PASSWORD” auth_url = “OS_AUTH_URL” region = “OS_REGION” } ``` You need to change the **OS_USERNAME**, **OS_TENANT**, **OS_PASSWORD**, **OS_AUTH_URL**, and **OS_REGION** variables for it to work. ### Create an Admin Terraform file OpenStack Admin files focus on provisioning external networks, routers, users, images, tenant profiles, and quotas. This example provisions flavors, a router connected to an external network, a test image, a tenant profile, and a user. First, create an `AdminTF` directory for the provisioning resources: ``` $ mkdir AdminTF $ cd AdminTF ``` In the `main.tf`, add the following: ``` terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = “OS_USERNAME” tenant_name = “admin” password = “OS_PASSWORD” auth_url = “OS_AUTH_URL” region = “OS_REGION” } resource "openstack_compute_flavor_v2" "small-flavor" { name = "small" ram = "4096" vcpus = "1" disk = "0" flavor_id = "1" is_public = "true" } resource "openstack_compute_flavor_v2" "medium-flavor" { name = "medium" ram = "8192" vcpus = "2" disk = "0" flavor_id = "2" is_public = "true" } resource "openstack_compute_flavor_v2" "large-flavor" { name = "large" ram = "16384" vcpus = "4" disk = "0" flavor_id = "3" is_public = "true" } resource "openstack_compute_flavor_v2" "xlarge-flavor" { name = "xlarge" ram = "32768" vcpus = "8" disk = "0" flavor_id = "4" is_public = "true" } resource "openstack_networking_network_v2" "external-network" { name = "external-network" admin_state_up = "true" external = "true" segments { network_type = "flat" physical_network = "physnet1" } } resource "openstack_networking_subnet_v2" "external-subnet" { name = "external-subnet" network_id = openstack_networking_network_v2.external-network.id cidr = "10.0.0.0/8" gateway_ip = "10.0.0.1" dns_nameservers = ["10.0.0.254", "10.0.0.253"] allocation_pool { start = "10.0.0.1" end = "10.0.254.254" } } resource "openstack_networking_router_v2" "external-router" { name = "external-router" admin_state_up = true external_network_id = openstack_networking_network_v2.external-network.id } resource "openstack_images_image_v2" "cirros" { name = "cirros" image_source_url = "https://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img" container_format = "bare" disk_format = "qcow2" properties = { key = "value" } } resource "openstack_identity_project_v3" "demo-project" { name = "Demo" } resource "openstack_identity_user_v3" "demo-user" { name = "demo-user" default_project_id = openstack_identity_project_v3.demo-project.id password = "demo" } ``` ### Create a Tenant Terraform file As a Tenant, you usually create VMs. You also create network and security groups for the VMs. This example uses the user created above by the Admin file. First, create a `TenantTF` directory for Tenant-related provisioning: ``` $ mkdir TenantTF $ cd TenantTF ``` In the `main.tf`, add the following: ``` terraform { required_version = ">= 0.14.0" required_providers { openstack = { source = "terraform-provider-openstack/openstack" version = "1.49.0" } } } provider "openstack" { user_name = “demo-user” tenant_name = “demo” password = “demo” auth_url = “OS_AUTH_URL” region = “OS_REGION” } resource "openstack_compute_keypair_v2" "demo-keypair" { name = "demo-key" public_key = "ssh-rsa ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" } resource "openstack_networking_network_v2" "demo-network" { name = "demo-network" admin_state_up = "true" } resource "openstack_networking_subnet_v2" "demo-subnet" { network_id = openstack_networking_network_v2.demo-network.id name = "demo-subnet" cidr = "192.168.26.0/24" } resource "openstack_networking_router_interface_v2" "demo-router-interface" { router_id = “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX” subnet_id = openstack_networking_subnet_v2.demo-subnet.id } resource "openstack_compute_instance_v2" "demo-instance" { name = "demo" image_id = "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY" flavor_id = "3" key_pair = "demo-key" security_groups = ["default"] metadata = { this = "that" } network { name = "demo-network" } } ``` ### Initialize your Terraform After creating the Terraform files, you need to initialize Terraform. For Admin: ``` $ cd AdminTF $ terraform init $ terraform fmt ``` For Tenants: ``` $ cd TenantTF $ terraform init $ terraform fmt ``` Command explanation: - `terraform init` downloads the provider from the registry to use in provisioning this project. - `terraform fmt` formats the files for use in repositories. ### Create a Terraform plan Next, create a plan for you to see what resources will be created. For Admin: ``` $ cd AdminTF $ terraform validate $ terraform plan ``` For Tenants: ``` $ cd TenantTF $ terraform validate $ terraform plan ``` Command explanation: - `terraform validate` validates whether the `.tf` syntax is correct. - `terraform plan` creates a plan file in the cache where all managed resources can be tracked in creation and destroy. ### Apply your first TF To deploy the resources, use the `terraform apply` command. This command applies all resource states in the plan file. For Admin: ``` $ cd AdminTF $ terraform apply ``` For Tenants: ``` $ cd TenantTF $ terraform apply ``` ### Next steps Previously, I wrote an [article][3] on deploying a minimal OpenStack cluster on a Raspberry Pi. You can discover how to have more detailed [Terraform and Ansible][4] configurations and implement some CI/CD with GitLab. -------------------------------------------------------------------------------- via: https://opensource.com/article/23/1/terraform-manage-openstack-cluster 作者:[AJ Canlas][a] 选题:[lkxed][b] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 [a]: https://opensource.com/users/ajscanlas [b]: https://github.com/lkxed [1]: https://opensource.com/article/21/3/gitops [2]: https://registry.terraform.io/providers/terraform-provider-openstack/openstack/1.49.0 [3]: https://opensource.com/article/20/12/openstack-raspberry-pi [4]: https://www.ansible.com/blog/ansible-vs.-terraform-demystified?intcmp=7013a000002qLH8AAM