Create a Virtual Private Cloud (VPC), Virtual Server Instance (VSI) on IBM Cloud with Terraform

This is a “simple” cheat sheet, how to create a single virtual server instance (VSI) in the virtual private cloud (VPC) infrastructure on IBM Cloud using Terraform.

Terraform is to write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions.” resource Terraform

There is an awesome documentation on IBM Cloud to do this:

That blog post reuses a lot of the content in the IBM Cloud documentation. You need to install Terraform and and clone the example GitHub project as your example terraform project folder.

Architecture

The diagram shows the target architecture for this cheat sheet. We will create:

Using Terraform

In that example we use the four usual major steps for working with Terraform and we will automate them with our bash script.

  • Init
    Initialize Terraform to access IBM Cloud
  • Plan
    Generate a Terraform execution plan for the VPC infrastructure resources on IBM Cloud
  • Apply
    Apply the execution plan to create the VPC infrastructure resources
  • Destroy
    Clean up the VPC infrastructure resources

Step 1: Install Terraform, Golang and on you local MacOS

Just follow the steps in the IBM Cloud documentation to install Terraform.

Step 2: Clone the GitHub Project

git clone https://github.com/thomassuedbroecker/terraform-vpc-project-example.git
cd terraform-vpc-project-example

The example GitHub project contains two Terraform files and one bash script that we will use to automate the Terraform CLI and IBM Cloud CLI commands.

That file contains all we need in our example. The terraform cloud provider configurations and the VPC and VSI configuration definition for the IBM Cloud.

This file contains variables and values we use in the provider.tf file.

Step 3: Verify the required_providers definition in the provider.tf file

First let us take a look into the definition for our IBM Cloud provider. When we run the terraform init command automatically the needed provider will be installed into our project folder.

terraform {
 required_providers {
   ibm = {
      source = "IBM-Cloud/ibm"
      version = "1.26.2"
    }
  }
}

Step 4: Verify the variables definition in the terraform.tfvars file and provider.tf Terraform configuration file

  • Definition of the variables for the the *.tf configuration file

In our case we upload the SSH Key with the IBM Cloud infrastructure CLI

ibmcloud_api_key = "YOUR_CLOUD_API_KEY"
iaas_classic_username = "YOUR_IBM_CLOUD_USERNAME"
iaas_classic_api_key = "YOUR_CLASSIC_INFRASTRUCTURE_API_KEY"
region = "us-south"
my_ssh_key_name = "vpcvsisamplekey"

  • Consumn the values of the *.tfvars file.
############################
# Variables
############################

variable "ibmcloud_api_key" {}
variable "iaas_classic_username" {}
variable "iaas_classic_api_key" {}
variable "region" {}
variable "my_ssh_key_name" {}

Step 5: Define internal variables in the *.tf Terraform configuration file

locals: Use this block to specify variables that you want to use multiple times throughout this configuration file. Resources IBM Cloud Documentation. Resource IBM Cloud Documentation

# Locals and variables
locals {
   BASENAME = "example"
   ZONE     = "us-south-1"
}

# Existing SSH key can be provided
data "ibm_is_ssh_key" "ssh_key_id" {
   name = var.my_ssh_key_name
}

Step 6: Define the Virtual Private Cloud configuration

resource: Every resource block specifies the IBM Cloud resource that you want to provision. To find more information about supported configurations for each resource, see the IBM Cloud provider plug-in reference. Resource IBM Cloud Documentation

############################
# Virtual Private Cloud
############################

# Virtual Private Cloud
resource "ibm_is_vpc" "vpc-instance" {
  name = "${local.BASENAME}-vpc"
}

# Security group
resource "ibm_is_security_group" "sg1" {
   name = "${local.BASENAME}-sg1"
   vpc  = ibm_is_vpc.vpc-instance.id
}

# allow all incoming network traffic on port 22
resource "ibm_is_security_group_rule" "example-ingress_ssh_all" {
   group     = ibm_is_security_group.sg1.id
   direction = "inbound"
   remote    = "0.0.0.0/0"

   tcp {
     port_min = 22
     port_max = 22
   }
}

# Subnet 
resource "ibm_is_subnet" "subnet1" {
   name                     = "${local.BASENAME}-subnet1"
   vpc                      = ibm_is_vpc.vpc-instance.id
   zone                     = local.ZONE
   total_ipv4_address_count = 256
}

Step 7: Define the Virtual Service Instance configuration

This part for the configuration in the Terraform file contains all relevant information for the Virtual Server Instance.

  • Image
  • SSH Key
  • Network
  • Floating IP

data: Use this block to retrieve information for an existing resource in your IBM Cloud account.
output: This block specifies commands that you want to run after your resources are provisioned.
Resource IBM Cloud Documentation

############################
# Virtual Servicer Instance
############################

# Image for Virtual Server Insance
data "ibm_is_image" "centos" {
   name = "ibm-centos-7-6-minimal-amd64-1"
}

# Virtual Server Insance
resource "ibm_is_instance" "vsi1" {
   name    = "${local.BASENAME}-vsi1"
   vpc     = ibm_is_vpc.vpc-instance.id
   keys    = [data.ibm_is_ssh_key.ssh_key_id.id]
   zone    = local.ZONE
   image   = data.ibm_is_image.centos.id
   profile = "cx2-2x4"

   # References to the subnet and security groups
   primary_network_interface {
     subnet          = ibm_is_subnet.subnet1.id
     security_groups = [ibm_is_security_group.sg1.id]
   }
}

# Request a foaling ip 
resource "ibm_is_floating_ip" "fip1" {
   name   = "${local.BASENAME}-fip1"
   target = ibm_is_instance.vsi1.primary_network_interface[0].id
}

# Try to logon to the Virtual Service Instance
output "sshcommand" {
   value = "ssh root@ibm_is_floating_ip.fip1.address"
}

Automation with a bash script

The bash script create_vpc_with_terraform.sh automates all steps with Terraform and some of the configuration with the IBM Cloud CLI.

The major sections are:

  • Logon with IBM Cloud CLI
  • Upload an existing SSH Key to VPC on IBM Cloud
  • Init with Terraform CLI
  • Plan with Terraform CLI
  • Apply with Terraform CLI
  • Verify instances with IBM Cloud CLI
  • Verify instances with IBM Cloud console
  • Destroy with Terraform CLI
bash create_vpc_with_terraform.sh

Summary

The IBM Cloud documentation is very helpful and very detailed. That “simple” cheat sheet just contains the major simplified steps in a row to create a VPC and VSI and it includes a GitHub project as a simple starting point.


Additional useful information



I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#ibmcloud, #vpc, #vsi, #terrraform

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.