Terraform | panticz.de

Install
https://www.terraform.io/downloads.html

# sudo apt install -y jq
 
URL=$(wget https://checkpoint-api.hashicorp.com/v1/check/terraform -qO- | jq  -r '.current_download_url + .product + "_" + .current_version + "_linux_amd64.zip"')
wget ${URL} -qP /tmp
unzip -d /tmp /tmp/${URL##*/}
sudo cp /tmp/terraform /usr/local/bin/
 
terraform  version

Debug
https://www.terraform.io/docs/internals/debugging.html

# enable
export TF_LOG=DEBUG
# disable
export TF_LOG=ERROR

CLI

# deploy
terraform init
terraform plan
terraform apply -auto-approve
 
# destroy
terraform destroy -auto-approve

Install with Ansible

---
- name: Request Terraform API
  uri:
    url: "{{ terraform_api_url }}"
    return_content: yes
  register: content

- set_fact:
    terraform_download_url: "{{ content.json.current_download_url }}"
    terraform_version: "{{ content.json.current_version }}"

- name: Download Terraform {{ terraform_version }}
  unarchive:
    src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system|lower}}_amd64.zip"
    remote_src: yes
    dest: /usr/local/bin
    creates: /usr/local/bin/terraform
    mode: 0755
    owner: root
    group: root
>

cat <<EOF> /tmp/install-terraform.yml 
---
- hosts: localhost
  tasks:
    - name: Get latest Terraform version
      uri:
        url: https://checkpoint-api.hashicorp.com/v1/check/terraform
      register: response
 
    - set_fact:
        terraform_download_url: "{{ response.json.current_download_url }}"
        terraform_version: "{{ response.json.current_version }}"
 
    - name: Download Terraform {{ terraform_version }}
      unarchive:
        src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip"
        remote_src: yes
        dest: ~/bin
        creates: ~/bin/terraform
        mode: 0550
EOF

Providers
https://www.terraform.io/docs/providers/index.html

ansible-playbook /tmp/install-terraform.yml

https://github.com/panticz/ansible/tree/master/roles/terraform
- hosts: localhost
  roles:
    - role: terraform
      tags: terraform

OpenStack module
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs

Output

output "fqdn" {
  value = "${var.environment}-${var.name}.${var.domain}"
}
 
output "vpc" {
  value = {
    vpc_id         = "${module.my_vpc.vpc_id}"
    public_subnet  = "${module.my_vpc.public_subnets_ids}"
    private_subnet = "${module.my_vpc.private_subnets_ids}"
  }  
}

OpenStack security groups
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/compute_secgroup_v2

rule {
    from_port   = 1
    to_port     = 65535
    ip_protocol = "tcp"
    self        = true
}
 
rule {
    from_port   = -1
    to_port     = -1
    ip_protocol = "icmp"
    cidr        = "0.0.0.0/0"
}

for_each
https://stackoverflow.com/questions/58343258/iterate-over-nested-data-with-for-for-each-at-resource-level

provider "openstack" {
  user_name     = var.os_user_name
  tenant_name   = var.os_tenant_name
  password      = var.os_password
  auth_url      = var.os_auth_url
  region        = var.os_region
  endpoint_type = var.os_endpoint_type
  use_octavia   = true
}

Terraform/
https://www.terraform.io/
https://www.youtube.com/watch?v=TFLQcgZr0no#t=1318.264795
https://releases.hashicorp.com/index.json
https://releases.hashicorp.com/
https://github.com/diodonfrost/terraform-openstack-examples