Automate OpenStack with Terraform

On By insidepacketIn OpenStack, Terraform

Terraform can be used with Openstack for auto-provisioing.

Today, I will shows a working Terraform example in Openstack.

Firstly, define a Openstack provider for Terraform.

Provider:

provider “openstack” {
user_name = “${var.openstack_user_name}”
password = “${var.openstack_password}”
tenant_name = “project1”
auth_url = “http://keystone.openstack.com.au:5000/v3
domain_name = “DOMAINNAME”
}

Terraform currently support the following Openstack resource type: Compute, Network, Load Balancer, Firewall, Block Storage and Object Storage.

Here, we create a few of basic resources including Compute and Network (network (VXLAN here, but can be VLAN or any other kind of networks), subnet and security group)

Network:

Create a network named “tf-net2

resource “openstack_networking_network_v2” “tf-net2” {
region = “region1”
name = “tf-net2”
admin_state_up = “true”
}

create a subnet “tf_net_sub2” and associate with network tf-net2

resource “openstack_networking_subnet_v2” “tf_net_sub2” {
name = “tf_net_sub2”
region = “region1”
network_id = “${openstack_networking_network_v2.tf-net2.id}”
cidr = “172.16.50.0/24”
ip_version = 4
enable_dhcp = “false”
}

Security Group:

create a security group “secgroup_1” , then add 2 rules

resource “openstack_networking_secgroup_v2” “secgroup_1” {
name = “secgroup_1”
description = “Terraform security group”
}
resource “openstack_networking_secgroup_rule_v2” “secgroup_rule_1” {
direction = “egress”
ethertype = “IPv4”
protocol = “tcp”
port_range_min = 22
port_range_max = 22
remote_ip_prefix = “10.41.129.12/32”
security_group_id = “${openstack_networking_secgroup_v2.secgroup_1.id}”
}

resource “openstack_networking_secgroup_rule_v2” “secgroup_rule_2” {
direction = “ingress”
ethertype = “IPv4”
protocol = “tcp”
port_range_min = 22
port_range_max = 22
remote_ip_prefix = “10.41.129.12/32”
security_group_id = “${openstack_networking_secgroup_v2.secgroup_1.id}”
}

Compute:

create 1 virtual instance using network tf-net2 and security group secgroup_1 which just created.

resource “openstack_compute_instance_v2” “vm_terraform” {

region = “region1”
availability_zone = “az1”
name = “nsx_terraform”
image_id = “b5d00e5c-ab30-4fb4-9ed0-1d99c7ff864b”
flavor_id = “10”
security_groups = [“${openstack_networking_secgroup_v2.secgroup_1.id}”]

metadata {
this = “that”
}

network {
name = “tf-net2”
}
stop_before_destroy = “true”
}

Result:

Openstack Network:

openstack-network

Security Group:

securitygroup

VM:

vm

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s