This is a “simple” cheat sheet, how to create a single virtual server instance (VSI) in the virtual private cloud (VPC) infrastructure on IBM Cloud using Terraform.
“Terraform is to write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions.” resource Terraform.
There is an awesome documentation on IBM Cloud to do this:
- Install terraform
- Install IBM Cloud Terraform plugin
- Provisioning an IBM Cloud virtual server for VPC
That blog post reuses a lot of the content in the IBM Cloud documentation. You need to install Terraform and and clone the example GitHub project as your example terraform project folder.
Architecture
The diagram shows the target architecture for this cheat sheet. We will create:
- one
virtual private cloud(VPC) - one
virtual server instance(VSI) - one
security groupwith asecurity group access control rule - one
subnet - one
floating IP(to access thevirtual server instance)
Using Terraform
In that example we use the four usual major steps for working with Terraform and we will automate them with our bash script.
- Init
Initialize Terraform to access IBM Cloud - Plan
Generate a Terraform execution plan for the VPC infrastructure resources on IBM Cloud - Apply
Apply the execution plan to create the VPC infrastructure resources - Destroy
Clean up the VPC infrastructure resources
Be aware that it worked when I created that blog post, but there can be changes in the Terraform models made by IBM or other providers.
Please verify the latest IBM Cloud modules in the Terraform Registry for the IBM Cloud provider.
Step 1: Install Terraform, Golang and on you local MacOS
Just follow the steps in the IBM Cloud documentation to install Terraform.
Step 2: Clone the GitHub Project¶
git clone https://github.com/thomassuedbroecker/terraform-vpc-project-example.git
cd terraform-vpc-project-example
The example GitHub project contains two Terraform files and one bash script that we will use to automate the Terraform CLI and IBM Cloud CLI commands.
That file contains all we need in our example. The terraform cloud provider configurations and the VPC and VSI configuration definition for the IBM Cloud.
This file contains variables and values we use in the provider.tf file.
Step 3: Verify the required_providers definition in the provider.tf file
First let us take a look into the definition for our IBM Cloud provider. When we run the terraform init command automatically the needed provider will be installed into our project folder.
terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.26.2"
}
}
}
Step 4: Verify the variables definition in the terraform.tfvars file and provider.tf Terraform configuration file
- Definition of the variables for the the
*.tfconfiguration file
In our case we upload the SSH Key with the IBM Cloud infrastructure CLI
ibmcloud_api_key = "YOUR_CLOUD_API_KEY"
iaas_classic_username = "YOUR_IBM_CLOUD_USERNAME"
iaas_classic_api_key = "YOUR_CLASSIC_INFRASTRUCTURE_API_KEY"
region = "us-south"
my_ssh_key_name = "vpcvsisamplekey"
- Consumn the values of the
*.tfvarsfile.
############################
# Variables
############################
variable "ibmcloud_api_key" {}
variable "iaas_classic_username" {}
variable "iaas_classic_api_key" {}
variable "region" {}
variable "my_ssh_key_name" {}
Step 5: Define internal variables in the *.tf Terraform configuration file
locals: Use this block to specify variables that you want to use multiple times throughout this configuration file. Resources IBM Cloud Documentation. Resource IBM Cloud Documentation
# Locals and variables
locals {
BASENAME = "example"
ZONE = "us-south-1"
}
# Existing SSH key can be provided
data "ibm_is_ssh_key" "ssh_key_id" {
name = var.my_ssh_key_name
}
Step 6: Define the Virtual Private Cloud configuration
resource:Every resource block specifies the IBM Cloud resource that you want to provision. To find more information about supported configurations for each resource, see the IBM Cloud provider plug-in reference. Resource IBM Cloud Documentation
############################
# Virtual Private Cloud
############################
# Virtual Private Cloud
resource "ibm_is_vpc" "vpc-instance" {
name = "${local.BASENAME}-vpc"
}
# Security group
resource "ibm_is_security_group" "sg1" {
name = "${local.BASENAME}-sg1"
vpc = ibm_is_vpc.vpc-instance.id
}
# allow all incoming network traffic on port 22
resource "ibm_is_security_group_rule" "example-ingress_ssh_all" {
group = ibm_is_security_group.sg1.id
direction = "inbound"
remote = "0.0.0.0/0"
tcp {
port_min = 22
port_max = 22
}
}
# Subnet
resource "ibm_is_subnet" "subnet1" {
name = "${local.BASENAME}-subnet1"
vpc = ibm_is_vpc.vpc-instance.id
zone = local.ZONE
total_ipv4_address_count = 256
}
Step 7: Define the Virtual Server Instance configuration
This part for the configuration in the Terraform file contains all relevant information for the Virtual Server Instance.
- Image
- SSH Key
- Network
- Floating IP
data:Use this block to retrieve information for an existing resource in your IBM Cloud account.output:This block specifies commands that you want to run after your resources are provisioned.
Resource IBM Cloud Documentation
############################
# Virtual Servicer Instance
############################
# Image for Virtual Server Insance
data "ibm_is_image" "centos" {
name = "ibm-centos-7-6-minimal-amd64-1"
}
# Virtual Server Insance
resource "ibm_is_instance" "vsi1" {
name = "${local.BASENAME}-vsi1"
vpc = ibm_is_vpc.vpc-instance.id
keys = [data.ibm_is_ssh_key.ssh_key_id.id]
zone = local.ZONE
image = data.ibm_is_image.centos.id
profile = "cx2-2x4"
# References to the subnet and security groups
primary_network_interface {
subnet = ibm_is_subnet.subnet1.id
security_groups = [ibm_is_security_group.sg1.id]
}
}
# Request a foaling ip
resource "ibm_is_floating_ip" "fip1" {
name = "${local.BASENAME}-fip1"
target = ibm_is_instance.vsi1.primary_network_interface[0].id
}
# Try to logon to the Virtual Service Instance
output "sshcommand" {
value = "ssh root@ibm_is_floating_ip.fip1.address"
}
Automation with a bash script
The bash script create_vpc_with_terraform.sh automates all steps with Terraform and some of the configuration with the IBM Cloud CLI.
The major sections are:
- Logon with IBM Cloud CLI
- Upload an existing SSH Key to VPC on IBM Cloud
- Init with Terraform CLI
- Plan with Terraform CLI
- Apply with Terraform CLI
- Verify instances with IBM Cloud CLI
- Verify instances with IBM Cloud console
- Destroy with Terraform CLI
bash create_vpc_with_terraform.sh
Summary
The IBM Cloud documentation is very helpful and very detailed. That “simple” cheat sheet just contains the major simplified steps in a row to create a VPC and VSI and it includes a GitHub project as a simple starting point.
Additional useful information¶
- Useful information on
stackoverflow:
Here is a useful link to an automated creation of a Red Hat OpenShift cluster on IBM Cloud with the Cloud Native Toolkit. Here you find some Terraform modules at this link https://modules.cloudnativetoolkit.dev/ . This is my related blog post to the topics: Start with CICD using the Cloud Native Toolkit from the IBM Garage.
In addition maybe this is also useful “Architecture and Security Controls Enterprise Tool” (ASCET) https://ascent.openfn.co.
“ASCENT is a tool created by IBM to accelerate partner’s journey to the IBM Cloud. Through automation and integration, ASCENT enables enterprises to deliver compliant cloud architectures which can be clearly evidenced and communicated with Governance, Risk and Compliance teams. Click on the links below to learn more about how ASCENT automates and integrates Security Controls, Reference Architectures and Cloud Services.” source https://ascent.openfn.co
I hope this was useful for you and let’s see what’s next?
Greetings,
Thomas
#ibmcloud, #vpc, #vsi, #terrraform
Thomas Suedbroecker's Blog 