You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

User:Majavah/Terraform: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Majavah
No edit summary
imported>Majavah
Line 11: Line 11:
Since Cloud VPS uses [[:w:OpenStack|OpenStack]], the standard [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs OpenStack terraform provider] can be used to manage some resources. Note that not all OpenStack features are available on Cloud VPS.
Since Cloud VPS uses [[:w:OpenStack|OpenStack]], the standard [https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs OpenStack terraform provider] can be used to manage some resources. Note that not all OpenStack features are available on Cloud VPS.


There is also a [https://gitlab.wikimedia.org/repos/cloud/cloud-vps/terraform-cloudvps custom Cloud VPS provider] for managing Cloud VPS specific features.
There is also a [https://gitlab.wikimedia.org/repos/cloud/cloud-vps/terraform-cloudvps custom Cloud VPS provider] for managing Cloud VPS specific features. It can be installed with setting the provider <code>source</code> attribute to <code>terraform.wmcloud.org/registry/cloudvps</code>.


=== Authentication ===
=== Authentication ===
Line 17: Line 17:


=== Example setup ===
=== Example setup ===
First, create a file called <code>terraform.tfvars</code> and add your project name and application credential details:
TODO: something about secret storage best practices here?
<syntaxhighlight lang="terraform">
os_auth_url                      = "https://openstack.eqiad1.wikimediacloud.org:25000"
os_project_id                    = "[replace me]"
os_application_credential_id    = "[replace me]"
os_application_credential_secret = "[replace me]"
</syntaxhighlight>
Then, you can install and configure the required providers in your <code>main.tf</code> file:
<syntaxhighlight lang="terraform">
terraform {
  required_version = ">= 1.3.0"
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "~> 1.48.0"
    }
    cloudvps = {
      source  = "terraform.wmcloud.org/registry/cloudvps"
      version = "~> 0.1.0"
    }
  }
}
variable "os_auth_url" { type = string }
variable "os_project_id" { type = string }
variable "os_application_credential_id" { type = string }
variable "os_application_credential_secret" { type = string }
provider "openstack" {
  auth_url                      = var.os_auth_url
  tenant_id                    = var.os_project_id
  application_credential_id    = var.os_application_credential_id
  application_credential_secret = var.os_application_credential_secret
}
provider "cloudvps" {
  os_auth_url                      = var.os_auth_url
  os_project_id                    = var.os_project_id
  os_application_credential_id    = var.os_application_credential_id
  os_application_credential_secret = var.os_application_credential_secret
}
</syntaxhighlight>


== Communication and support ==
== Communication and support ==

Revision as of 15:53, 22 September 2022

Overview

This page contains instructions and best practices for using Terraform to manage Cloud VPS resources.

This page is heavily in progress and some parts of it requires features that are only available on the Cloud VPS testing environment (also known as codfw1dev). Please be in touch with Taavi if you're interested in being an early tester.

Setting up Terraform to work with Cloud VPS

Terraform provider

Since Cloud VPS uses OpenStack, the standard OpenStack terraform provider can be used to manage some resources. Note that not all OpenStack features are available on Cloud VPS.

There is also a custom Cloud VPS provider for managing Cloud VPS specific features. It can be installed with setting the provider source attribute to terraform.wmcloud.org/registry/cloudvps.

Authentication

For security reasons, direct access to the Cloud VPS APIs using a developer account username and password is disabled. Instead, you should create an application credential to work with the APIs.

Example setup

First, create a file called terraform.tfvars and add your project name and application credential details: TODO: something about secret storage best practices here?

os_auth_url                      = "https://openstack.eqiad1.wikimediacloud.org:25000"
os_project_id                    = "[replace me]"
os_application_credential_id     = "[replace me]"
os_application_credential_secret = "[replace me]"

Then, you can install and configure the required providers in your main.tf file:

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "~> 1.48.0"
    }

    cloudvps = {
      source  = "terraform.wmcloud.org/registry/cloudvps"
      version = "~> 0.1.0"
    }
  }
}

variable "os_auth_url" { type = string }
variable "os_project_id" { type = string }
variable "os_application_credential_id" { type = string }
variable "os_application_credential_secret" { type = string }

provider "openstack" {
  auth_url                      = var.os_auth_url
  tenant_id                     = var.os_project_id
  application_credential_id     = var.os_application_credential_id
  application_credential_secret = var.os_application_credential_secret
}

provider "cloudvps" {
  os_auth_url                      = var.os_auth_url
  os_project_id                    = var.os_project_id
  os_application_credential_id     = var.os_application_credential_id
  os_application_credential_secret = var.os_application_credential_secret
}

Communication and support

Terraform is not currently officially supported by the Cloud VPS administration team as a first-class management tool. This page and related tooling (such as the Cloud VPS Terraform provider) are maintained by community volunteers, some of which also have administrative access to the Cloud VPS platform itself. If you need help, you can still use the cloud mailing list and related channels.