Quick post about Terraform

Terraform w/ OpenStack provider

It's been a while since I posted to this blog so thought I'd revive it by putting up a quick update on what I've experienced with Terraform using the OpenStack provider recently.

At work, I've been the owner of the deployment of FortiSwitch Cloud in new regions. The platform that the application is running on is Kubernetes which itself is running on VMware Integrated OpenStack (VIO). We might discuss them in further detail in future posts. 

One of the steps in the deployment entailed creating a new network in OpenStack (project network specifically, you can read more about OpenStack networking here). I tried creating a network by defining a Terraform Resource block, a simplified version is shown below:

resource "openstack_networking_network_v2" "network_1" {
  name           = "network_1"
  admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  name       = "subnet_1"
  network_id = "${openstack_networking_network_v2.network_1.id}"
  cidr       = "192.168.1.0/24"
  ip_version = 4
}

While the above block of code ended up creating the network and subnet that I required, whenever I tried creating a VM and assigning a port from the above Subnet, my VM was unreachable from the outside network and I couldn't ping outside the network from the VM as well despite Port Security feature being turned off.

After some initial troubleshooting, I figured it might be an issue with the underlying Physical Network options and checked with the OpenStack networking team who gave me a trace log from the Gateway which showed that my Subnet was on a certain VLAN. This was an aha moment for me and I quickly updated my code to include  'segmentation_id'. But when I tried to plan and apply the terraform file now, I had issues. So, having access to the GUI, I tried to manually create the network with the VLAN to see if there was any more information on the error message. Turns out there was no VLAN (aka segmentation_id) field at all!

This is when I was perplexed and opened a ticket with the OpenStack team asking them for help with my network creation, they then mentioned that since I only had had 'tenant administrator' privileges and not 'cloud administrator' privileges, I could not see the segmentation ID and that they had to create the network for me with the right VLAN ID information.

Once they created the network, then there was a matter of importing that information into my Terraform files, I initially tried to use a data block as below

data "openstack_networking_network_v2" "network" {
  name = "tf_test_network"
}

But despite my best attempts, I could not get this to work so I resolved to use the following import command which worked beautifully.

terraform import openstack_networking_network_v2.network_1 d90ce693-5ccf-4136-a0ed-152ce412b6b9

Another issue that I had with OpenStack was when I was trying to import the keypairs that my colleagues had created for deployments, turns out every user has their own keypairs which in hindsight makes sense but I had to perform some troubleshooting to realize.

Thank you for reading this post! Looking forward to updating this blog more regularly.


Comments

Post a Comment

Popular posts from this blog

Playing around with Dell R520 server

Image
After I got my first major tech job, I learned that a major part of the job would be working with Dell servers, setting up ESXi hosts, vCenter installation, etc. so I thought it would be a good idea to practice this at home in my own lab environment so I went and bought a Dell R520 server from the Facebook marketplace for around 300 CAD$. Let me explain how I set up the server. We'll go over the installation of ESXi in detail in another post. For now, let's assume that our server comes with ESXi pre-installed. Let's start by ensuring that the server is plugged in. Most servers come with 2 different PSUs (Power Supply Units). These are meant to go on different Power Strips for power outage redundancy. Once the server is plugged in, try to get your hands on an old monitor with a VGA cable, should cost about 20 CAD$ used. We also need a keyboard. In my case, ESXi was pre-installed so all I had to do was set up the hostname and IP address. Since the internal IP address in my ne
Read more

Experience Interviewing for an Infrastructure Engineer - Continuous Delivery position

Been a while since I got to write to this blog. Recently, I had the pleasure of interviewing for an Infrastructure Engineer - Continuous Delivery position for a company based in Dallas, Texas. I wanted to pen down my experience while the memory is fresh and possibly help others in the same pursuits. The first round was the typical HR round where the interviewer requested to know more about my experience in the DevOps / Infrastructure engineering field and gauge my interest in the position / learn about my background. It included a lot of open-ended questions such as can you please explain your role in your current position. The next round was considerably more interesting and included more pointed questions about my experience in particular tools and working platforms. The interviewer also took the time to explain the role and the need for this position.  After passing this round, I received a take-home exam, the exam question is as follows: Hi Srikar, We're excited to continue our
Read more

2023 Summer Reading List Summary

Image
This blogpost is going to be quite different from my regular posts. I would like to write something down by myself instead of just being a proxy for chatGPT like I did in the past few posts. Books I've read this summer: Thinking in Systems by Donella Meadows Extreme Ownership by Jockco Wilink and Leif Basin Financial Intelligence by Karen Berman Zero to One by Peter Thiel Stillness Is The Key by Ryan Holiday Let's talk about my takeaways book by book: Thinking In Systems , after reading this book, I try to think of everything happening around me in terms of a simple flow chart, on the one side is a 'source', then the other side is the 'output', & in the middle is a box that is an effect which acts on the source to produce the output. Here's an example from the book: Most systems along with having a 'source' and an output, also have feedback loops, they can broadly be classified into 2 types. One is a corrective loop, e.g. a thermostat on a an Air
Read more