Skip to main content

Terraform

Terraform providers openstack links:

Logo-terraform

In this guide we will see how to use Terraform to manage an OpenStack infrastructure on the UNIQCLOUD.

Prerequisites

To get started you need some prerequisites:

info

Following code has been tested in UNIQCloud with terraform 1.7 and Openstack terraform provider ~> 3.0.0

Configure Credentials in Terraform Provider for Uniqcloud

Traditionally, the OpenStack tools were configured using a set of environment variables (OS_AUTH_URL, OS_USERNAME, etc.), usually delivered in the format of a simple shell script that can be sourced into your current environment. While this works, it becomes hard to manage if you are working with multiple OpenStack environments.

The clouds.yaml configuration file was developed as an alternative mechanism for storing your OpenStack credentials. Follow the procedure according to your actual setup :

This is an example of main.tf for use Keystone v3

# Define required providers
terraform {
  required_version = ">= 1.7.0"
    required_providers {
      openstack = {
        source  = "terraform-provider-openstack/openstack"
        version = "~> 3.0.0"
      }
    }
}
# Configure the OpenStack Provider
provider "openstack" {
  auth_url         = "https://keystone.api.eu-vlc.uniccloud.org:5000/v3"
  user_name        = "name-user"
  password         = var.openstack_password
  project_id       = "id-project"
  user_domain_name = "name-domain"
}
warning

If UNICC CA is not installed in the laptop/server running terraform you must configure it in the terrform provider section. cacert_file = local-file-containing-cert.pem

If you don't have access to the certicate file, requested to support.

Use Remote Tfstate

Store your Terraform state securely in OpenStack using Rados Gateway S3 API for remote tfstate management.

  • Create a swift container as explained here
  • Create ec2 compatible credentials following this guide
  • Export credentials configured in the previous step.
export AWS_ACCESS_KEY_ID="b3..."
export AWS_SECRET_ACCESS_KEY="df..."
  • Configure your backend.tfvars file.

backend.tfvars

bucket      = "my-example-tfstate"
key         = "tfstates/mykey"
region      = "Valencia"
endpoint    = "https://radosgw.api.eu-vlc.uniccloud.org"
  • Configure the following settings in the terraform backend.
terraform {
  backend "s3" {
    skip_credentials_validation = true
    skip_region_validation      = true
    skip_requesting_account_id  = true
    skip_s3_checksum            = true
    use_path_style              = true
  }
}
  • Execute the terraform init command. terraform init --backend-config=backend.tfvars
warning

Following code has been tested in UNIQCloud with terraform 1.7 and Openstack terraform provider ~> 3.0.0 Due to a known issue in Terraform 1.11.2+, the skip_s3_checksum option may fail when using non-AWS S3 backends (like Ceph RadosGW).

To fix this, set these environment variables before running Terraform:

AWS_REQUEST_CHECKSUM_CALCULATION=when_required AWS_RESPONSE_CHECKSUM_VALIDATION=when_required

This ensures checksums are only calculated when necessary, avoiding conflicts.