Terraform is a declarative language that serves as a blueprint for the infrastructure you are building.
After having an OpenStack production environment and a home lab for some time, I have confirmed the importance of deploying and managing workloads from both an administrator and tenant perspective.
Terraform is an open source software tool for managing infrastructure as code, creating infrastructure blueprints through a declarative language. It supports Git management and is suitable for GitOps.
This article introduces the basics of using Terraform to manage OpenStack clusters. I recreated the OpenStack demo project using Terraform.
I use CentOS as a springboard to run Terraform. According to the official documentation, the first step is to add the Hashicorp repository:
$ sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
Next, install Terraform:
$ sudo dnf install terraform -y
Verify installation:
$ terraform –version
If you see the version number returned, then you have Terraform installed.
In Terraform, you need a provider, which is a converter that Terraform calls to convert your .tf into an API call to the platform you are coordinating.
There are three types of providers: official, partner and community:
There is a good community provider of OpenStack at this link. To use this provider, create a .tf file and name it main.tf.
$ vi main.tf
Add the following content in main.tf:
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “OS_TENANT”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}
You need to modify the OS_USERNAME, OS_TENANT, OS_PASSWORD, OS_AUTH_URL and OS_REGION variables to work.
OpenStack management files focus on provisioning external networks, routing, users, images, tenant profiles and quotas.
This example provides styles, routes to external networks, test images, tenant profiles and users.
First, create a AdminTF directory for provisioning resources:
$ mkdir AdminTF $ cd AdminTF
In main.tf, add the following content:
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “admin”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}
resource "openstack_compute_flavor_v2" "small-flavor" {
name= "small"
ram = "4096"
vcpus = "1"
disk= "0"
flavor_id = "1"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "medium-flavor" {
name= "medium"
ram = "8192"
vcpus = "2"
disk= "0"
flavor_id = "2"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "large-flavor" {
name= "large"
ram = "16384"
vcpus = "4"
disk= "0"
flavor_id = "3"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "xlarge-flavor" {
name= "xlarge"
ram = "32768"
vcpus = "8"
disk= "0"
flavor_id = "4"
is_public = "true"
}
resource "openstack_networking_network_v2" "external-network" {
name = "external-network"
admin_state_up = "true"
external = "true"
segments {
network_type = "flat"
physical_network = "physnet1"
}
}
resource "openstack_networking_subnet_v2" "external-subnet" {
name= "external-subnet"
network_id= openstack_networking_network_v2.external-network.id
cidr= "10.0.0.0/8"
gateway_ip= "10.0.0.1"
dns_nameservers = ["10.0.0.254", "10.0.0.253"]
allocation_pool {
start = "10.0.0.1"
end = "10.0.254.254"
}
}
resource "openstack_networking_router_v2" "external-router" {
name= "external-router"
admin_state_up= true
external_network_id = openstack_networking_network_v2.external-network.id
}
resource "openstack_images_image_v2" "cirros" {
name = "cirros"
image_source_url = "https://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img"
container_format = "bare"
disk_format= "qcow2"
properties = {
key = "value"
}
}
resource "openstack_identity_project_v3" "demo-project" {
name = "Demo"
}
resource "openstack_identity_user_v3" "demo-user" {
name = "demo-user"
default_project_id = openstack_identity_project_v3.demo-project.id
password = "demo"
}
As a tenant, you usually create virtual machines. You also create network and security groups for these virtual machines.
This example uses the user created by the Admin file above.
First, create a TenantTF directory for tenant-related provisioning:
$ mkdir TenantTF $ cd TenantTF
In main.tf, add the following content:
terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “demo-user”
tenant_name = “demo”
password= “demo”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}
resource "openstack_compute_keypair_v2" "demo-keypair" {
name = "demo-key"
public_key = "ssh-rsa ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
}
resource "openstack_networking_network_v2" "demo-network" {
name = "demo-network"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "demo-subnet" {
network_id = openstack_networking_network_v2.demo-network.id
name = "demo-subnet"
cidr = "192.168.26.0/24"
}
resource "openstack_networking_router_interface_v2" "demo-router-interface" {
router_id = “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”
subnet_id = openstack_networking_subnet_v2.demo-subnet.id
}
resource "openstack_compute_instance_v2" "demo-instance" {
name= "demo"
image_id= "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
flavor_id = "3"
key_pair= "demo-key"
security_groups = ["default"]
metadata = {
this = "that"
}
network {
name = "demo-network"
}
}
After creating the Terraform file, you need to initialize Terraform.
For Admins:
$ cd AdminTF $ terraform init $ terraform fmt
For tenants:
$ cd TenantTF $ terraform init $ terraform fmt
Command explanation:
terraform initDownload the provider from the mirror source to provision this project. terraform fmtFormat files for use in the warehouse. Next, create a plan for you to see what resources will be created.
For Admins:
$ cd AdminTF $ terraform validate $ terraform plan
For tenants:
$ cd TenantTF $ terraform validate $ terraform plan
Command explanation:
terraform validateVerify that .tf syntax is correct. terraform planCreate a plan file in the cache so that all managed resources can be tracked as they are created and destroyed. To deploy resources, use the terraform apply command. This command applies all resource states in the plan file.
For Admins:
$ cd AdminTF $ terraform apply
For tenants:
$ cd TenantTF $ terraform apply
之前,我写了一篇关于在树莓派上部署最小 OpenStack 集群的 文章。你可以找到更详细的Terraform 和 Ansible配置,并通过 GitLab 实现一些 CI/CD。
The above is the detailed content of Use Terraform to manage OpenStack clusters. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
