You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Portal:Cloud VPS/terraform

From Wikitech-static
Jump to navigation Jump to search

Using terraform is not officially supported but here are some instructions in case you want to try it.

These instructions are non-inclusive and the reader is advised to learn more about terraform best practices in the official documentation.

Warnings

Endpoints are inaccessible externally

The OpenStack endpoints are not accessible from the Internet. You have to run terrafrom from within Cloud VPS itself.

Using an SSH tunnel from your computer is also not a viable option. That's because even though you can override the endpoints in terraform (endpoint_overrides), OpenStack will return a list of regions that include URLs that won't be accessible externally.

With this in mind, you may want to create an initial VM manually first and use it to bootstrap the rest of your cluster using terraform.

Certain resources are not configurable

Specifically, the Puppet configuration available through Horizon has no counterpart in Terraform so it can't be automated.

The same goes for the Web Proxies.

Provider Configuration

You have to configure your username, password and project name.

At the time of this writing, there was only one region (eqiad1-r).

Add this to a *.tf file:

provider "openstack" {
  version     = "~> 1.14"
  user_name   = "dev_username"
  password    = "dev_password"
  tenant_name = "project_name"
  region      = "eqiad1-r"
  auth_url    = "http://cloudcontrol1003.wikimedia.org:5000/v3"
}

Creating a VM

To create a VM, you will first have to figure out certain values for:

  • OS Image
$ openstack image show "debian-9.6-stretch"
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 1cb98ad74ad804f96a300130265c78c9                     |
| container_format | ovf                                                  |
| created_at       | 2019-01-22T14:25:12Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/d620d77c-c023-41ae-944c-2f10063bfc77/file |
| id               | d620d77c-c023-41ae-944c-2f10063bfc77                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | debian-9.6-stretch                                   |
| owner            | admin                                                |
| properties       | default='true', show='true'                          |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 2237267968                                           |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-01-22T14:27:41Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
  • Instance flavor
$ openstack flavor list
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| ID                                   | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| 2                                    | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 21e9047d-a60f-499d-b7f5-51f83ddf3611 | bigdisk2  | 24576 |  300 |         0 |     4 | True      |
| 3                                    | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 3fbb962d-86c1-40a6-a712-e744d4622635 | bigdisk   | 24576 |  300 |         0 |     4 | False     |
| 4                                    | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5                                    | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
| e48a8d9d-e735-4742-981f-b55f293d4115 | bigram    | 36864 |   80 |         0 |     8 | True      |
| e7261773-a931-4a72-b725-3ccf71580b18 | largedb   | 65536 | 3481 |         0 |    16 | False     |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
  • Network name
$ openstack network show lan-flat-cloudinstances2b
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2018-07-12T12:11:27                  |
| description               |                                      |
| id                        | 7425e328-560c-4f00-8e99-706f3fb90bb4 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| mtu                       | 1500                                 |
| name                      | lan-flat-cloudinstances2b            |
| port_security_enabled     | True                                 |
| project_id                | admin                                |
| provider:network_type     | flat                                 |
| provider:physical_network | cloudinstances2b                     |
| provider:segmentation_id  | None                                 |
| router_external           | Internal                             |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | a69bdfad-d7d2-4cfa-8231-3d6d3e0074c9 |
| tags                      | []                                   |
| updated_at                | 2018-07-12T12:11:27                  |
+---------------------------+--------------------------------------+

Next, configure the VM:

resource "openstack_compute_instance_v2" "testserver" {
  name      = "testserver"
  image_id  = "d620d77c-c023-41ae-944c-2f10063bfc77"
  flavor_id = "2"
  network {
    id  = "7425e328-560c-4f00-8e99-706f3fb90bb4"
  }
}

Run terraform plan to see what will be done:

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + openstack_compute_instance_v2.testserver
      id:                       <computed>
      access_ip_v4:             <computed>
      access_ip_v6:             <computed>
      all_metadata.%:           <computed>
      availability_zone:        <computed>
      flavor_id:                "2"
      flavor_name:              <computed>
      force_delete:             "false"
      image_id:                 "d620d77c-c023-41ae-944c-2f10063bfc77"
      image_name:               <computed>
      name:                     "testserver"
      network.#:                "1"
      network.0.access_network: "false"
      network.0.fixed_ip_v4:    <computed>
      network.0.fixed_ip_v6:    <computed>
      network.0.floating_ip:    <computed>
      network.0.mac:            <computed>
      network.0.name:           "lan-flat-cloudinstances2b"
      network.0.port:           <computed>
      network.0.uuid:           <computed>
      power_state:              "active"
      region:                   <computed>
      security_groups.#:        <computed>
      stop_before_destroy:      "false"

Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

If everything looks as expected, run terraform apply:

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + openstack_compute_instance_v2.testserver
      id:                       <computed>
      access_ip_v4:             <computed>
      access_ip_v6:             <computed>
      all_metadata.%:           <computed>
      availability_zone:        <computed>
      flavor_id:                "2"
      flavor_name:              <computed>
      force_delete:             "false"
      image_id:                 "d620d77c-c023-41ae-944c-2f10063bfc77"
      image_name:               <computed>
      name:                     "testserver"
      network.#:                "1"
      network.0.access_network: "false"
      network.0.fixed_ip_v4:    <computed>
      network.0.fixed_ip_v6:    <computed>
      network.0.floating_ip:    <computed>
      network.0.mac:            <computed>
      network.0.name:           "lan-flat-cloudinstances2b"
      network.0.port:           <computed>
      network.0.uuid:           <computed>
      power_state:              "active"
      region:                   <computed>
      security_groups.#:        <computed>
      stop_before_destroy:      "false"


Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

openstack_compute_instance_v2.testserver: Creating...
  access_ip_v4:             "" => "<computed>"
  access_ip_v6:             "" => "<computed>"
  all_metadata.%:           "" => "<computed>"
  availability_zone:        "" => "<computed>"
  flavor_id:                "" => "2"
  flavor_name:              "" => "<computed>"
  force_delete:             "" => "false"
  image_id:                 "" => "d620d77c-c023-41ae-944c-2f10063bfc77"
  image_name:               "" => "<computed>"
  name:                     "" => "testserver"
  network.#:                "" => "1"
  network.0.access_network: "" => "false"
  network.0.fixed_ip_v4:    "" => "<computed>"
  network.0.fixed_ip_v6:    "" => "<computed>"
  network.0.floating_ip:    "" => "<computed>"
  network.0.mac:            "" => "<computed>"
  network.0.name:           "" => "lan-flat-cloudinstances2b"
  network.0.port:           "" => "<computed>"
  network.0.uuid:           "" => "<computed>"
  power_state:              "" => "active"
  region:                   "" => "<computed>"
  security_groups.#:        "" => "<computed>"
  stop_before_destroy:      "" => "false"
openstack_compute_instance_v2.testserver: Still creating... (10s elapsed)
openstack_compute_instance_v2.testserver: Creation complete after 16s (ID: b3bde3cc-9e04-443e-8d82-303af75a65b8)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.