Use Terraform to manage OpenStack clusters

Terraform is a declarative language that serves as a blueprint for the infrastructure you are building.

After having an OpenStack production environment and a home lab for some time, I have confirmed the importance of deploying and managing workloads from both an administrator and tenant perspective.

Terraform is an open source software tool for managing infrastructure as code, creating infrastructure blueprints through a declarative language. It supports Git management and is suitable for GitOps.

This article introduces the basics of using Terraform to manage OpenStack clusters. I recreated the OpenStack demo project using Terraform.

Install Terraform

I use CentOS as a springboard to run Terraform. According to the official documentation, the first step is to add the Hashicorp repository:

$ sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

Next, install Terraform:

$ sudo dnf install terraform -y

Verify installation:

$ terraform –version

If you see the version number returned, then you have Terraform installed.

Create a Terraform script for the OpenStack provider

In Terraform, you need a provider, which is a converter that Terraform calls to convert your .tf into an API call to the platform you are coordinating.

There are three types of providers: official, partner and community:

• The official provider is maintained by Hashicorp.
• Partner providers are maintained by technology companies that work with Hashicorp.
• Community providers are maintained by open source community members.

There is a good community provider of OpenStack at this link. To use this provider, create a .tf file and name it main.tf.

$ vi main.tf

Add the following content in main.tf:

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}

provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “OS_TENANT”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}

You need to modify the OS_USERNAME, OS_TENANT, OS_PASSWORD, OS_AUTH_URL and OS_REGION variables to work.

Create a Terraform management file

OpenStack management files focus on provisioning external networks, routing, users, images, tenant profiles and quotas.

This example provides styles, routes to external networks, test images, tenant profiles and users.

First, create a AdminTF directory for provisioning resources:

$ mkdir AdminTF

$ cd AdminTF

In main.tf, add the following content:

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}

provider "openstack" {
user_name = “OS_USERNAME”
tenant_name = “admin”
password= “OS_PASSWORD”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}

resource "openstack_compute_flavor_v2" "small-flavor" {
name= "small"
ram = "4096"
vcpus = "1"
disk= "0"
flavor_id = "1"
is_public = "true"
}

resource "openstack_compute_flavor_v2" "medium-flavor" {
name= "medium"
ram = "8192"
vcpus = "2"
disk= "0"
flavor_id = "2"
is_public = "true"
}

resource "openstack_compute_flavor_v2" "large-flavor" {
name= "large"
ram = "16384"
vcpus = "4"
disk= "0"
flavor_id = "3"
is_public = "true"
}

resource "openstack_compute_flavor_v2" "xlarge-flavor" {
name= "xlarge"
ram = "32768"
vcpus = "8"
disk= "0"
flavor_id = "4"
is_public = "true"
}

resource "openstack_networking_network_v2" "external-network" {
name = "external-network"
admin_state_up = "true"
external = "true"
segments {
network_type = "flat"
physical_network = "physnet1"
}
}

resource "openstack_networking_subnet_v2" "external-subnet" {
name= "external-subnet"
network_id= openstack_networking_network_v2.external-network.id
cidr= "10.0.0.0/8"
gateway_ip= "10.0.0.1"
dns_nameservers = ["10.0.0.254", "10.0.0.253"]
allocation_pool {
start = "10.0.0.1"
end = "10.0.254.254"
}
}

resource "openstack_networking_router_v2" "external-router" {
name= "external-router"
admin_state_up= true
external_network_id = openstack_networking_network_v2.external-network.id
}

resource "openstack_images_image_v2" "cirros" {
name = "cirros"
image_source_url = "https://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img"
container_format = "bare"
disk_format= "qcow2"

properties = {
key = "value"
}
}

resource "openstack_identity_project_v3" "demo-project" {
name = "Demo"
}

resource "openstack_identity_user_v3" "demo-user" {
name = "demo-user"
default_project_id = openstack_identity_project_v3.demo-project.id
password = "demo"
}

Create a tenant Terraform file

As a tenant, you usually create virtual machines. You also create network and security groups for these virtual machines.

This example uses the user created by the Admin file above.

First, create a TenantTF directory for tenant-related provisioning:

$ mkdir TenantTF
$ cd TenantTF

In main.tf, add the following content:

terraform {
required_version = ">= 0.14.0"
required_providers {
openstack = {
source= "terraform-provider-openstack/openstack"
version = "1.49.0"
}
}
}

provider "openstack" {
user_name = “demo-user”
tenant_name = “demo”
password= “demo”
auth_url= “OS_AUTH_URL”
region= “OS_REGION”
}

resource "openstack_compute_keypair_v2" "demo-keypair" {
name = "demo-key"
public_key = "ssh-rsa ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
}


resource "openstack_networking_network_v2" "demo-network" {
name = "demo-network"
admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "demo-subnet" {
network_id = openstack_networking_network_v2.demo-network.id
name = "demo-subnet"
cidr = "192.168.26.0/24"
}

resource "openstack_networking_router_interface_v2" "demo-router-interface" {
router_id = “XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”
subnet_id = openstack_networking_subnet_v2.demo-subnet.id
}

resource "openstack_compute_instance_v2" "demo-instance" {
name= "demo"
image_id= "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
flavor_id = "3"
key_pair= "demo-key"
security_groups = ["default"]

metadata = {
this = "that"
}

network {
name = "demo-network"
}
}

Initialize your Terraform

After creating the Terraform file, you need to initialize Terraform.

For Admins:

$ cd AdminTF

$ terraform init

$ terraform fmt

For tenants:

$ cd TenantTF

$ terraform init

$ terraform fmt

Command explanation:

• terraform initDownload the provider from the mirror source to provision this project.
• terraform fmtFormat files for use in the warehouse.

Create a Terraform plan

Next, create a plan for you to see what resources will be created.

For Admins:

$ cd AdminTF

$ terraform validate

$ terraform plan

For tenants:

$ cd TenantTF

$ terraform validate

$ terraform plan

Command explanation:

• terraform validateVerify that .tf syntax is correct.
• terraform planCreate a plan file in the cache so that all managed resources can be tracked as they are created and destroyed.

Apply your first TF

To deploy resources, use the terraform apply command. This command applies all resource states in the plan file.

For Admins:

$ cd AdminTF

$ terraform apply

For tenants:

$ cd TenantTF

$ terraform apply

接下来的步骤

之前，我写了一篇关于在树莓派上部署最小 OpenStack 集群的 文章。你可以找到更详细的Terraform 和 Ansible配置，并通过 GitLab 实现一些 CI/CD。

The above is the detailed content of Use Terraform to manage OpenStack clusters. For more information, please follow other related articles on the PHP Chinese website!