Use Terraform to manage OpenStack clusters-Safety-php.cn

Home

Operation and Maintenance

Safety

Use Terraform to manage OpenStack clusters

PHPz

Jun 09, 2023 pm 12:20 PM

Operation and maintenance

使用 Terraform 来管理 OpenStack 集群

After having an OpenStack production environment and home lab for a while, I can say with certainty that provisioning workloads and management from both an admin and tenant perspective It is very important.

Terraform is an open source Infrastructure as Code (IaC) software tool for provisioning networks, servers, cloud platforms, etc. Terraform is a declarative language that serves as a blueprint for the infrastructure you are building. You can use Git to manage it, which has a powerful GitOps usage scenario.

This article introduces the basics of using Terraform to manage OpenStack clusters. I recreated the OpenStack demo project using Terraform.

Installing Terraform

I use CentOS as a springboard to run Terraform. According to the official documentation, the first step is to add the Hashicorp repository:

$ sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

Next, install Terraform:

$ sudo dnf install terraform -y

Verify the installation:

$ terraform –version

If you see the version number returned , then you have Terraform installed.

Create a Terraform script for the OpenStack provider

In Terraform, you need a provider, which is a converter that Terraform calls your .tf Converts to an API call to the platform you are coordinating.

There are three types of providers: official, partner and community:

Official providers are maintained by Hashicorp.
Partner providers are maintained by technology companies that work with Hashicorp.
Community providers are maintained by open source community members.

There is a good community provider of OpenStack in this link. To use this provider, create a .tf file and name it main.tf.

$ vi main.tf

Add the following content in main.tf:

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “OS_TENANT”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}

You need to modify OS_USERNAME, OS_TENANT, OS_PASSWORD, OS_AUTH_URL and OS_REGION variables To work.

Create a Terraform management file

The focus of the OpenStack management file is to provision external networks, routes, users, images, tenant profiles, and quotas.

This example provides styles, routes to external networks, test images, tenant profiles and users.

First, create an AdminTF directory for provisioning resources:

$ mkdir AdminTF
$ cd AdminTF

In main.tf, add The following:

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “admin”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}
resource "openstack_compute_flavor_v2" "small-flavor" {
name= "small"
ram = "4096"
vcpus = "1"
disk= "0"
flavor_id = "1"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "medium-flavor" {
name= "medium"
ram = "8192"
vcpus = "2"
disk= "0"
flavor_id = "2"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "large-flavor" {
name= "large"
ram = "16384"
vcpus = "4"
disk= "0"
flavor_id = "3"
is_public = "true"
}
resource "openstack_compute_flavor_v2" "xlarge-flavor" {
name= "xlarge"
ram = "32768"
vcpus = "8"
disk= "0"
flavor_id = "4"
is_public = "true"
}
resource "openstack_networking_network_v2" "external-network" {
name = "external-network"
admin_state_up = "true"
external = "true"
segments {
network_type = "flat"
physical_network = "physnet1"
}
}
resource "openstack_networking_subnet_v2" "external-subnet" {
name= "external-subnet"
network_id= openstack_networking_network_v2.external-network.id
cidr= "10.0.0.0/8"
gateway_ip= "10.0.0.1"
dns_nameservers = ["10.0.0.254", "10.0.0.253"]
allocation_pool {
start = "10.0.0.1"
end = "10.0.254.254"
}
}
resource "openstack_networking_router_v2" "external-router" {
name= "external-router"
admin_state_up= true
external_network_id = openstack_networking_network_v2.external-network.id
}
resource "openstack_images_image_v2" "cirros" {
name = "cirros"
image_source_url = "https://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img"
container_format = "bare"
disk_format= "qcow2"
properties = {
key = "value"
}
}
resource "openstack_identity_project_v3" "demo-project" {
name = "Demo"
}
resource "openstack_identity_user_v3" "demo-user" {
name = "demo-user"
default_project_id = openstack_identity_project_v3.demo-project.id
password = "demo"
}

Creating a Tenant Terraform File

As a Tenant, you would typically create virtual machines. You also create network and security groups for these virtual machines.

This example uses the user created by the Admin file above.

First, create a TenantTF directory for tenant-related provisioning:

$ mkdir TenantTF
$ cd TenantTF

在 main.tf 中，添加以下内容：

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}
provider "openstack" {
user_name = “demo-user”
tenant_name = “demo”
password= “demo”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}
resource "openstack_compute_keypair_v2" "demo-keypair" {
name = "demo-key"
public_key = "ssh-rsa ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
}
resource "openstack_networking_network_v2" "demo-network" {
name = "demo-network"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "demo-subnet" {
network_id = openstack_networking_network_v2.demo-network.id
name = "demo-subnet"
cidr = "192.168.26.0/24"
}
resource "openstack_networking_router_interface_v2" "demo-router-interface" {
router_id = “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”
subnet_id = openstack_networking_subnet_v2.demo-subnet.id
}
resource "openstack_compute_instance_v2" "demo-instance" {
name= "demo"
image_id= "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
flavor_id = "3"
key_pair= "demo-key"
security_groups = ["default"]
metadata = {
this = "that"
}
network {
name = "demo-network"
}
}

初始化你的 Terraform

创建 Terraform 文件后，你需要初始化 Terraform。

对于管理员：

$ cd AdminTF
$ terraform init
$ terraform fmt

对于租户：

$ cd TenantTF
$ terraform init
$ terraform fmt

命令解释：

terraform init 从镜像源下载提供者用于置备此项目。
terraform fmt 格式化文件，以便在仓库中使用。

创建一个 Terraform 计划

接下来，为你创建一个计划plan，看看将创建哪些资源。

对于管理员：

$ cd AdminTF
$ terraform validate
$ terraform plan

对于租户：

$ cd TenantTF
$ terraform validate
$ terraform plan

命令解释：

terraform validate 验证 .tf 语法是否正确。
terraform plan 在缓存中创建一个计划文件，所有管理的资源在创建和销毁时都可以被跟踪。

应用你的第一个 TF

要部署资源，使用 terraform apply 命令。该命令应用计划文件中的所有资源状态。

对于管理员：

$ cd AdminTF
$ terraform apply

对于租户：

$ cd TenantTF
$ terraform apply

接下来的步骤

之前，我写了一篇关于在树莓派上部署最小 OpenStack 集群的文章。你可以找到更详细的 Terraform 和 Ansible 配置，并通过 GitLab 实现一些 CI/CD。

The above is the detailed content of Use Terraform to manage OpenStack clusters. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:51CTO.COM. If there is any infringement, please contact admin@php.cn delete

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.