We have launched the official Terraform provider to work with Selectel. This product allows users to fully implement resource management through the Infrastructure-as-code methodology (infrastructure as code).
The provider currently supports service resource management "Virtual Private Cloud" (hereinafter VPC). In the future, we plan to add resource management of other services provided by Selectel to it.
As you already know, the VPC service is built on top of OpenStack. However, due to the fact that OpenStack does not provide native tools for serving the public cloud, we have implemented the missing functionality in a set of additional APIs that simplify the management of complex composite objects and make work more convenient. Part of the functionality available in OpenStack is closed from direct use, but is available through our API.
The Selectel Terraform provider now has the ability to manage the following VPC resources:
projects and their quotas;
users, their roles and tokens;
public subnets, including cross-regional and VRRP;
software licenses.
The provider uses our public Go library to work with the VPC API. Both the library and the provider itself are open-source, they are being developed on Github:
To manage the rest of the cloud resources, such as virtual machines, disks, Kubernetes clusters, you can use the OpenStack Terraform provider. Official documentation for both providers is available at the following links:
To get started, you need to install Terraform (instructions and links to installation packages can be found at the official website).
To work, the provider needs a Selectel API key, which is created in account control panel.
Manifests for working with Selectel are created using Terraform or using a set of ready-made examples that are available in our Github repository: terraform-examples.
The repository with examples is divided into two directories:
modules, containing small reusable modules that take a set of parameters as input and manage a small set of resources;
examples, containing examples of a complete set of interconnected modules.
After installing Terraform, creating a Selectel API key, and reviewing the examples, let's move on to practical examples.
In file vars.tf all parameters that will be used when calling modules are described. Some of them have default values, for example, the server will be created in the zone en-3a with the following configuration:
If necessary, you can specify a different public key. The key does not need to be specified as a path to the file, you can also add the value as a string.
Further in this file modules are launched project_with_user и server_local_root_diskthat manage the required resources.
Argument ignore_changes allows to ignore attribute change id for the image used to create the virtual machine. In the VPC service, most public images are updated automatically once a week and at the same time they are id also changes. This is due to the peculiarities of the operation of the OpenStack component - Glance, in which images are considered immutable entities.
If you create or modify an existing server or disk that has as an argument image_id used id public image, then after that image is updated, running the Terraform manifest again will recreate the server or disk. Using an argument ignore_changes avoids such a situation.
note: argument ignore_changes appeared in Terraform a long time ago: pull#2525.
Argument ignore_resize_confirmation needed to successfully resize the local disk, cores, or memory of the server. Such changes are made through the OpenStack Nova component using the request resize. Default Nova upon request resize puts the server in status verify_resize and waits for additional confirmation from the user. However, this behavior can be changed so that Nova does not have to wait for the user to take additional action.
The specified argument allows Terraform not to wait for the status verify_resize for the server and be prepared for the fact that the server will be in active status after changing its parameters. The argument is available since version 1.10.0 of the OpenStack Terraform provider: pull#422.
Resource Creation
Before launching the manifests, it should be noted that in our example two different providers are launched, and the OpenStack provider depends on the resources of the Selectel provider, since without creating a user in the project, it is impossible to manage objects belonging to him. Unfortunately, for the same reason, we cannot simply run the command terraform apply inside our example. We need to first do Apply for module project_with_user and after that for everything else.
Note: The reported issue is not yet resolved in Terraform, you can follow the discussion on Github at issue#2430 и issue#4149.
After running the command, Terraform will show what resources it wants to create and require confirmation:
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Once the project, user, and role are created, you can start creating the rest of the resources:
You can work with the created virtual machine via SSH using the specified IP.
Editing Resources
In addition to creating resources through Terraform, they can also be modified.
For example, let's increase the number of cores and memory for our server by changing the values for the parameters server_vcpus и server_ram_mb in file examples/vpc/server_local_root_disk/main.tf:
In our example repositories You can also see manifests for creating virtual machines with network drives.
An example of creating a Kubernetes cluster
Before moving on to the next example, we'll clean up the resources we created earlier. To do this, in the root of the project terraform-examples/examples/vpc/server_local_root_disk run the command to delete OpenStack objects:
In both cases, you will need to confirm the deletion of all objects:
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
This example creates a project, a user with a role in the project, and raises one Kubernetes cluster. In file vars.tf you can see the default values, such as the number of nodes, their characteristics, Kubernetes version, and more.
To create resources, similarly to the first example, first of all, let's start the initialization of modules and the creation of module resources project_with_userand then creating everything else:
Let's transfer the creation and management of Kubernetes clusters through the OpenStack Magnum component. You can learn more about how to work with a cluster in one of our previous articles, and so in knowledge base.
When preparing the cluster, disks, virtual machines will be created and all necessary components will be installed. Preparation takes about 4 minutes, during which time Terraform will display messages like:
module.kubernetes_cluster.openstack_containerinfra_cluster_v1.cluster_1: Still creating... (3m0s elapsed)
After the installation is complete, Terraform will report that the cluster is ready and display its ID:
To manage the created Kubernetes cluster through the utility kubectl you need to get the cluster access file. To do this, go to the project created via Terraform in the list of projects in your account:
Next follow the link xxxxxx.selvpc.ru, which is displayed below the project name:
Use the username and password that were created through Terraform as the login information. If you haven't changed vars.tf or main.tf for our example, the user will have the name tf_user. The value of the variable must be used as the password TF_VAR_user_password, which was specified at startup terraform apply earlier.
Inside the project, you need to go to the tab Kubernetes:
Here is a cluster created through Terraform. Download file for kubectl you can on the "Access" tab:
This tab contains installation instructions. kubectl and use the downloaded config.yaml.
After starting the kubectl and setting the environment variable KUBECONFIG you can use Kubernetes:
If the number of nodes changes, the cluster will remain available. After adding a node via Terraform, you can use it without additional configuration:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
tf-cluster-rz6nggvs4va7-master-0 Ready,SchedulingDisabled master 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-0 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-1 Ready <none> 8m v1.12.4
tf-cluster-rz6nggvs4va7-minion-2 Ready <none> 3m v1.12.4
Conclusion
In this article, we got acquainted with the main ways of working with "Virtual Private Cloud" via Terraform. We will be glad if you use the official Selectel Terraform provider and provide feedback.
All found bugs of the Selectel Terraform provider can be reported via Github Issues.