Create OpenStack VPC
698 views
Skip to first unread message
MB
Jul 12, 2016, 2:43:42 PM7/12/16
to Terraform
Not sure if I'm missing anything and just wanted to verify or ask of any workarounds. Is there a way to create a VPC via Terraform (0.7.0 rc2)?
Chris Jefferies
Sep 29, 2017, 7:03:46 PM9/29/17
to Terraform
I've looked around and I cannot find a reasonable answer to this question.
Using Terraform:
- I've figured out how to deploy a system into AWS with terraform; vpc, private and public subnets, elastic IPs, instances with extra volumes. Working.
- I've tested creating an instance into a project on Openstack. Working.
Now how to build an equivalent pattern in Openstack?
Anybody?
Joe Topjian
Sep 30, 2017, 12:24:31 AM9/30/17
to terrafo...@googlegroups.com
Hi Chris,
I'm not too familiar with AWS to fully understand what you mean by VPC, but the OpenStack provider supports everything you've mention: virtual networks, subnets, elastic (floating) IPs, instances, and block storage volumes:https://www.terraform.io/docs/providers/openstack/index.html
If you're looking for more complete references, you might have some luck searching github:
One thing to keep in mind is that the ability to deploy different OpenStack resources is dependent on the OpenStack cloud you have access to. For example, there are some users who deploy to OpenStack clouds which prohibit the use of the virtual networking resources. Some clouds do not support block storage, etc.
I hope that helps,
Joe
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/16e78cc8-3801-477d-a464-65573f74932b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Chris Jefferies
Oct 4, 2017, 2:34:43 PM10/4/17
to Terraform
Joe,
The basic comparable nomenclature and definition is what I'm looking for.
If I've defined a VPC in AWS, what is the equivalent on Openstack?
A VPC seems to be equivalent to a Project in Openstack. A VPC is limited to one router and one IP block. A VPC also has aspects of networking like what's available in Neutron.
Accounts in AWS = Domains in Openstack - collection of users, groups, and projects?
Elastic IP = Floating IP
Along with the above, I'm trying to understand how one might structure modules to deploy the same Instance/network infrastructure on AWS or Openstack.
I have modules which reference source .tf file collections (even though module is defined on the front side - strange to me). How could we create a DRY approach to a common deployment, switchable based on a handful of variables that would minimize duplication.
Thanks,
Chris.
On Friday, September 29, 2017 at 9:24:31 PM UTC-7, Joe Topjian wrote:
Hi Chris,I'm not too familiar with AWS to fully understand what you mean by VPC, but the OpenStack provider supports everything you've mention: virtual networks, subnets, elastic (floating) IPs, instances, and block storage volumes:
https://www.terraform.io/docs/providers/openstack/index.htmlIf you're looking for more complete references, you might have some luck searching github:One thing to keep in mind is that the ability to deploy different OpenStack resources is dependent on the OpenStack cloud you have access to. For example, there are some users who deploy to OpenStack clouds which prohibit the use of the virtual networking resources. Some clouds do not support block storage, etc.I hope that helps,Joe
On Fri, Sep 29, 2017 at 5:03 PM, Chris Jefferies <chr...@gmail.com> wrote:
I've looked around and I cannot find a reasonable answer to this question.Using Terraform:
- I've figured out how to deploy a system into AWS with terraform; vpc, private and public subnets, elastic IPs, instances with extra volumes. Working.
- I've tested creating an instance into a project on Openstack. Working.
Now how to build an equivalent pattern in Openstack?Anybody?
On Tuesday, July 12, 2016 at 11:43:42 AM UTC-7, MB wrote:Not sure if I'm missing anything and just wanted to verify or ask of any workarounds. Is there a way to create a VPC via Terraform (0.7.0 rc2)?
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
Joe Topjian
Oct 4, 2017, 2:50:41 PM10/4/17
to terrafo...@googlegroups.com
Hi Chris,
The basic comparable nomenclature and definition is what I'm looking for.If I've defined a VPC in AWS, what is the equivalent on Openstack?
Unfortunately I can't confidently answer that question. I seem to be in the opposite situation as you where I understand the OpenStack components, but do not understand the AWS components.
From doing a cursory review of VPC:
The rough openstack equivalent would be an `openstack_networking_network_v2`, `openstack_networking_subnet_v2`, and `openstack_networking_router_v2`.
It seems that VPC also offers options to tunnel on-prem networks into the VPC network. This roughly exists in OpenStack under the VPNaaS project, which is not supported in the Terraform OpenStack provider at this time.
A VPC seems to be equivalent to a Project in Openstack. A VPC is limited to one router and one IP block. A VPC also has aspects of networking like what's available in Neutron.Accounts in AWS = Domains in Openstack - collection of users, groups, and projects?
A domain in OpenStack consists of a collection of users, groups, and projects. Though I am not sure how that translates into Amazon's IAM.
Elastic IP = Floating IP
That is correct.
Along with the above, I'm trying to understand how one might structure modules to deploy the same Instance/network infrastructure on AWS or Openstack.I have modules which reference source .tf file collections (even though module is defined on the front side - strange to me). How could we create a DRY approach to a common deployment, switchable based on a handful of variables that would minimize duplication.
I would imagine this would be something along the lines of setting up two modules, one for each provider, with the same inputs. These modules would set up the equivalent resources of the respective clouds.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/070f53f0-0ac9-4c0a-ab39-d3e10b912eb2%40googlegroups.com.
Jonathan Proulx
Oct 4, 2017, 3:02:12 PM10/4/17
to terrafo...@googlegroups.com
On Wed, Oct 04, 2017 at 11:34:43AM -0700, Chris Jefferies wrote:
:Joe,
it.
Projects are probably closest. Standard caveat that different
OpenStack clouds can be built in and allow different things...
Projects can contain multiple networks and routers. Some networks
maybe "public" and shared among all projects on a cloud depending on
how it's architected.
Project is also the level that quota and resource allocation comes
into play.
Users have "roles" in projects in the default setup any user with the
"member" role can basically do anything wihtin that project, but
behind the scenes it's possible to do a lot more fine graned RBAC for
each API call and for users to have multiple roles with a project this
is by far the exception to the simpler "if you're a member you can do
all the the things" deploy. AFAIK there's no user accesibilty to
creating roles and you get what the cloud deployer built.
:Accounts in AWS = Domains in Openstack - collection of users, groups, and
:Along with the above, I'm trying to understand how one might structure
perhaps the opposite experience to you.
I manually setup one VPC in AWS so I'm not managin that with
terraform.
At the simple instance level I use packer to build by base images for
OpenStack and AWS then have a terraform module that leverages userdata
and cloud-init to go from my common base to a particular service role.
OpenSatck provides (well usually provides) an AWS compatible metadata
service at the sanme http://169.254.169.254 address so this is pretty
simple & I can feed the exact same userdata to each.
If you have an example AWS config I might beable to help translate to
OpenStack-ese for you and maybe I learn something about stucturing the
AWS side of my house in the process.
-Jon
:Joe,
:The basic comparable nomenclature and definition is what I'm looking for.
:
:If I've defined a VPC in AWS, what is the equivalent on Openstack?
:
:A VPC seems to be equivalent to a Project in Openstack. A VPC is limited
:to one router and one IP block. A VPC also has aspects of networking like
:what's available in Neutron.
So there's not a direct mapping to VPC in OpenStack as I understand
:
:If I've defined a VPC in AWS, what is the equivalent on Openstack?
:
:A VPC seems to be equivalent to a Project in Openstack. A VPC is limited
:to one router and one IP block. A VPC also has aspects of networking like
:what's available in Neutron.
it.
Projects are probably closest. Standard caveat that different
OpenStack clouds can be built in and allow different things...
Projects can contain multiple networks and routers. Some networks
maybe "public" and shared among all projects on a cloud depending on
how it's architected.
Project is also the level that quota and resource allocation comes
into play.
Users have "roles" in projects in the default setup any user with the
"member" role can basically do anything wihtin that project, but
behind the scenes it's possible to do a lot more fine graned RBAC for
each API call and for users to have multiple roles with a project this
is by far the exception to the simpler "if you're a member you can do
all the the things" deploy. AFAIK there's no user accesibilty to
creating roles and you get what the cloud deployer built.
:Accounts in AWS = Domains in Openstack - collection of users, groups, and
:projects?
:
:Elastic IP = Floating IP
Yup.
:
:Elastic IP = Floating IP
:Along with the above, I'm trying to understand how one might structure
:modules to deploy the same Instance/network infrastructure on AWS or
:Openstack.
My AWS infrastructure is a toy compared to my OpenStack so I have
:Openstack.
perhaps the opposite experience to you.
I manually setup one VPC in AWS so I'm not managin that with
terraform.
At the simple instance level I use packer to build by base images for
OpenStack and AWS then have a terraform module that leverages userdata
and cloud-init to go from my common base to a particular service role.
OpenSatck provides (well usually provides) an AWS compatible metadata
service at the sanme http://169.254.169.254 address so this is pretty
simple & I can feed the exact same userdata to each.
If you have an example AWS config I might beable to help translate to
OpenStack-ese for you and maybe I learn something about stucturing the
AWS side of my house in the process.
-Jon
Reply all
Reply to author
Forward
0 new messages