Generating and authorizing Terraform using Keycloak user

Clicking in Horizon and entering CLI commands are two main ways of using an OpenStack system. They are well suited to interactively executing one command at a time but do not scale up easily. A tool such as Terraform, by HashiCorp corporation, provides an alternative to manual ways of introducing cascading changes. Here is how you could, say, create several instances at once:

Define parameters for the creation of one instance,

save them in a Terraform configuration file and

let Terraform automatically repeat it the prescribed number of times.

The plan is to install Terraform, get OpenStack token, enter it into the configuration file and execute. You will then be able to effectively use Terraform within the Destination Earth cloud. For instance, with Terraform you can

automate creation of a multitude of virtual machines, each with their own floating IPs, DNS and network functions or

automate creation of Kubernetes clusters

and so on.

What We Are Going To Do

Install Terraform as a root user

Reconnect to the cloud

Download OpenStack token

Set up the configuration file and initialize Terraform

Create Terraform code

Explain the meaning of the variables used

Execute the Terraform script

Prerequisites

No. 1 Account

You need a Destination Earth hosting account with access to the Horizon interface: https://cloud.central.data.destination-earth.eu. In particular, you will need the password for the account so have it ready in advance.

Use command Compute –> Overview too learn about the state of available resources. If your quota for the number of instances is, say, 10, then it does not make much sense to use the procedure described in this article to automatically create 11 instances in one go.

No. 2 Installed version of Linux

You can use your current Linux installation on a desktop or create a new instance in the cloud, by following the article

How to create a Linux VM and access it from Linux command line

No. 3 Installed OpenStackClient for Linux

The following article will show you how to install Python, create and activate a virtual environment, and then connect to the cloud by downloading and activating the proper RC file from the Destination Earth cloud.

How to install OpenStackClient for Linux

No. 4 Connect to the cloud via an RC file

Another article, How to activate OpenStack CLI access to the cloud, deals with connecting to the cloud and is covering either of the one- or two-factor authentication procedures that are enabled on your account. It also covers all the main platforms: Linux, MacOS and Windows.

You will use both the Python virtual environment and the downloaded RC file after Terraform has been installed.

Step 1 Install Terraform

Install the required dependencies using the following command:

sudo apt-get install wget curl nano unzip software-properties-common gnupg2 -y

Download and add the HashiCorp signed gpg keys to your system.

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

The concept of keyring (or keychain) is to group one or more keys (passwords) so that they are easy to manipulate. Usually, they are grouped into one file, called keyring or something similar.

The above command uses hashicorp archive keyring, which is a file that may or may not already exist on your operating system. If it already exists and needs no change, just press Enter twice for default values; otherwise, create a new name for the keyring.

Add the HashiCorp repository to the APT:

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

../../../../_images/terraform_install_gpg.png

The following commands will update Ubuntu, install Terraform and check its version:

apt-get update -y            #update Ubuntu
apt-get install terraform -y # install Terraform
terraform -v                 # check the version

Step 2 Download OpenStack token

Make sure you are connected to the cloud, by following Prerequisites Nos. 3 and 4, if you aren’t already.

You are now ready to receive token from the cloud you are working with. The “token” is actually a very long string of characters which serves as kind of password for your code. The command is:

openstack token issue -f shell -c id

This is the result:

id="gAAAAABlduJARx2dj0N2x6Qd4uS0KvERzrKkPNmYtmBXmLsdKx7MYIaaGYieWuPUKJm-RcuCzCyNfI4lds_F6CWFbk44VSfVXhW3Js49JqNzV6edXOgT03QEF2IVj0je9X88p6cqieZv_fypDTr5_lBTDP-7ZZE-0eITzm-kXsvIvZnkt2kGePGa1LJlAfrMAkih17zhJAXv"

Value of variable id is the token you need. Copy and save it so that you can enter it into the configuration file for Terraform.

Each execution of the above command will yield another value for id. Always use the latest in yourconffile.tf (see below).

Step 3 Set up the configuration file and initialize Terraform

Create new directory where your Terraform files will be stored and switch to it:

mkdir terraform-dir # Name it as you want
cd terraform-dir

Create configuration file, yourconffile.tf, and open it in text editor. Here we use nano:

sudo nano yourconffile.tf # Name it as you want

Paste the following into the file:

# Configure the OpenStack Provider
     terraform {
       required_providers {
             openstack = {
               source = "terraform-provider-openstack/openstack"
             }
       }
     }

Save the file (for Nano, use Ctrl-X and Y).

These commands inform Terraform it will work with OpenStack.

Now initialize Terraform:

terraform init

It will read yourconffile.tf file from the current folder. The actual name does not matter as long as it is the only .tf file in the folder.

You can, of course, use many other .tf files such as

main.tf for the main Terraform program,

variable.tf to define variables

but further explanations are out of scope of this article.

The screen after initialization would look like this:

../../../../_images/terraform_init_apply.png

Terraform has been initialized and is working properly with your OpenStack cloud. Now add code to perform some useful tasks.

Step 4 Create Terraform code

Let us generate four virtual machines as specified in the value of variable count.

Append code to the contents of file yourconffile.tf so that it looks like this:

# Configure the OpenStack Provider
terraform {
  required_providers {
        openstack = {
          source = "terraform-provider-openstack/openstack"
        }
  }
}

provider "openstack" {
          user_name="[email protected]"
          tenant_name="cloud_dusko_1"
          auth_url="https://keystone.cloud.central.data.destination-earth.eu:443/v3"
          domain_name="cloud_dusko_1"
          token="gAAAAABlduJARx2dj0N2x6Qd4uS0KvERzrKkPNmYtmBXmLsdKx7MYIaaGYieWuPUKJm-RcuCzCyNfI4lds_F6CWFbk44VSfVXhW3Js49JqNzV6edXOgT03QEF2IVj0je9X88p6cqieZv_fypDTr5_lBTDP-7ZZE-0eITzm-kXsvIvZnkt2kGePGa1LJlAfrMAkih17zhJAXv"
          }

    resource "openstack_compute_instance_v2" "host" {
    count = 4
    name = "test-instance-${count.index}"
    image_id = "233656c2-2625-4b4f-a99f-d0663458e45a"
    flavor_id = "eo2a.medium"
    key_pair  = "sshkey"
    security_groups  = [
    "default", "allow_ping_ssh_rdp" ]
    network {
      name = "cloud_dusko_1"
      }
    }

Always use the latest value of image id

From time to time, the default images of operating systems in the Destination Earth cloud are upgraded to the new versions. As a consequence, their image id will change. Let’s say that the image id for Ubuntu 22.04 LTS was 233656c2-2625-4b4f-a99f-d0663458e45a at the time of writing of this article. While working through the article, you would normally take the current value of image id, and would use it to replace 233656c2-2625-4b4f-a99f-d0663458e45a throughout the text.

Now, suppose you wanted to automate processes under OpenStack, perhaps using Heat, Terraform, Ansible or any other tool for OpenStack automation; if you use the value of 233656c2-2625-4b4f-a99f-d0663458e45a for image id, it would remain hardcoded and once this value gets changed during the upgrade, the automated process may stop to execute.

Warning

Make sure that your automation code is using the current value of an OS image id, not the hardcoded one.

The meaning of the variables used

The meaning of the variables used is as follows:

user_name: User name with which you log in into the Destination Earth account. You can use email address here as well.
tenant_name: Starts with cloud_. You can see it in the upper left corner of the Horizon window.
domain_name: If you have only one project in the domain, this will be identical to the tenant_name from above.
token: The id value you got from command openstack token issue.
count: How many times to repeat the operation (in this case, four new virtual machines to create)
name: The name of each VM; here it is differentiated by adding an ordinal number at the end of the name, for example, test-instance-1, test-instance-0, test-instance-2, test-instance-3.
image_id: The name or ID code for an operating systems image you get with command Compute -> Images. For example, if you choose Ubuntu 22.04 LTS image, its ID is 233656c2-2625-4b4f-a99f-d0663458e45a.
flavor_id: Name of the flavor that each VM will have. You get these names from command openstack flavor list.
security_groups: Here, it is an array of two security groups – default and allow_ping_ssh_rdp. These are the basic security groups that should be used as a start for all VMs.
network: Name of the network to use. You can use several networks if you want to.

Step 5 Execute the Terraform script

Here is how Terraform will create four instances of Ubuntu 22.04 LTS. Command apply will execute the script; when asked for confirmation to proceed, type yes to start the operation:

terraform apply

Type

yes

It will create four VMs as defined by variable count.

You should see output similar to this:

../../../../_images/terraform_process_of_creating.png

This is how you would see those virtual machines in Horizon:

../../../../_images/terraform_created_test_instances.png

If you wanted to revert the actions, that is, delete the VMs you have just created, the command would be:

terraform destroy

Again, type yes to start the operations.

CLI commands for Terraform

Of particular interest would be the following CLI commands for Terraform:

plan: Shows what changes Terraform is going to apply for you to approve.
validate: Check whether the configuration is valid.
show: Show the current state or a saved plan.

Use command

terraform -help

to learn other commands Terraform can offer.

What To Do Next

Article How to create a set of VMs using OpenStack Heat Orchestration uses orchestration capabilities of OpenStack to automate creation of virtual machines. It is a different approach compared to Terraform but both can lead to automation under OpenStack.