Skip to main content
Create a cloud-based load balancer
Last update:

Create a cloud-based load balancer

We recommend that you create resources in order. If you create all resources at once, Terraform will take into account the dependencies between resources that you specify in the configuration file. If dependencies are not specified, resources will be created in parallel, which can cause errors. For example, a resource that is required to create another resource may not have been created yet.


  1. Optional: configure the providers.
  2. Create a private network and subnet.
  3. Create a cloud router connected to an external network.
  4. Create a cloud-based load balancer.
  5. Create a rule.
  6. Create a task force.
  7. Add the server to the target group.
  8. Create an accessibility check.
  9. Create a public IP address and connect it to the load balancer.
  10. Get the IP address of the load balancer.

Configuration files

Example file for configuring providers
terraform {
  required_providers {
    selectel  = {
      source  = "selectel/selectel"
      version = "~> 6.0"
    }
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "2.1.0"
    }
  }
}

provider "selectel" {
  domain_name = "123456"
  username    = "user"
  password    = "password"
  auth_region = "ru-9"
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
}

resource "selectel_vpc_project_v2" "project_1" {
  name = "project"
}

resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
  name         = "username"
  password     = "password"
  role {
    role_name  = "member"
    scope      = "project"
    project_id = selectel_vpc_project_v2.project_1.id 
  }
}

provider "openstack" {
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
  domain_name = "123456"
  tenant_id   = selectel_vpc_project_v2.project_1.id
  user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
  password    = selectel_iam_serviceuser_v1.serviceuser_1.password
  region      = "ru-9"
}
Example file for creating a load balancer
resource "openstack_networking_network_v2" "network_1" {
  name           = "private-network"
  admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  name       = "private-subnet"
  network_id = openstack_networking_network_v2.network_1.id
  cidr       = "192.168.199.0/24"
}

data "openstack_networking_network_v2" "external_network_1" {
  external = true
}

resource "openstack_networking_router_v2" "router_1" {
  name                = "router"
  external_network_id = data.openstack_networking_network_v2.external_network_1.id
}

resource "openstack_networking_router_interface_v2" "router_interface_1" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

resource "openstack_lb_loadbalancer_v2" "load_balancer_1" {
  name          = "load-balancer"
  vip_subnet_id = openstack_networking_subnet_v2.subnet_1.id
  flavor_id     = "ac18763b-1fc5-457d-9fa7-b0d339ffb336"
}

resource "openstack_lb_listener_v2" "listener_1" {
  name            = "listener"
  protocol        = "TCP"
  protocol_port   = "80"
  loadbalancer_id = openstack_lb_loadbalancer_v2.load_balancer_1.id
}

resource "openstack_lb_pool_v2" "pool_1" {
  name        = "pool"
  protocol    = "PROXY"
  lb_method   = "ROUND_ROBIN"
  listener_id = openstack_lb_listener_v2.listener_1.id
}

resource "openstack_lb_member_v2" "member_1" {
  name          = "member"
  subnet_id     = openstack_networking_subnet_v2.subnet_1.id
  pool_id       = openstack_lb_pool_v2.pool_1.id
  address       = "192.168.199.4"
  protocol_port = "80"
}

resource "openstack_lb_monitor_v2" "monitor_1" {
  name        = "monitor"
  pool_id     = openstack_lb_pool_v2.pool_1.id
  type        = "HTTP"
  delay       = "10"
  timeout     = "4"
  max_retries = "5"
}

resource "openstack_networking_floatingip_v2" "floatingip_1" {
  pool    = "external-network"
  port_id = openstack_lb_loadbalancer_v2.load_balancer_1.vip_port_id
}

output "public_ip_address" {
  value = openstack_networking_floatingip_v2.floatingip_1.fixed_ip
}

1. Optional: configure providers

If you have configured Selectel and OpenStack providers, skip this step.

  1. Ensure that in the Control Panel you have created a service user with the Account Administrator and User Administrator roles.

  2. Create a directory to store the configuration files and a separate file with a .tf extension to configure the providers.

  3. Add Selectel and OpenStack providers to the file to configure the providers:

    terraform {
      required_providers {
        selectel  = {
          source  = "selectel/selectel"
          version = "~> 6.0"
        }
        openstack = {
          source  = "terraform-provider-openstack/openstack"
          version = "2.1.0"
        }
      }
    }

    Here version — versions of providers. The current version can be found in Selectel (in Terraform Registry and GitHub) and OpenStack (in Terraform Registry and GitHub) documentation.

    Learn more about the products, services, and services that can be managed with providers in the Selectel and OpenStack Providers instruction.

  4. Initialize the Selectel provider:

    provider "selectel" {
      domain_name = "123456"
      username    = "user"
      password    = "password"
      auth_region = "ru-9"
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
    }

    Here:

    • domain_name — Selectel account number. You can look it up in control panel in the upper right corner;
    • username — username service user with the roles Account Administrator and User Administrator. Can be viewed in the control panel section Access ControlUser Management → tab Service Users (the section is available only to the Account Owner and User Administrator);
    • password — password of the service user. You can view it when creating a user or change it to a new one;
    • auth_region — pool for example ru-9. All resources will be created in this pool. The list of available pools can be found in the instructions Availability matrices.

  5. Create a project:

    resource "selectel_vpc_project_v2" "project_1" {
      name = "project"
    }

    View a detailed description of the selectel_vpc_project_v2 resource.

  6. Create a service user to access the project and assign the Project Administrator role to it:

    resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
      name         = "username"
      password     = "password"
      role {
        role_name  = "member"
        scope      = "project"
        project_id = selectel_vpc_project_v2.project_1.id 
      }
    }

    Here:

    • username — username;
    • password — user password. The password must be no shorter than eight characters and contain Latin letters of different cases and digits;
    • project_id — Project ID. You can view it in control panel: section Cloud Platform → open the projects menu (the name of the current project) → in the line of the required project press .

    View a detailed description of the selectel_iam_serviceuser_v1 resource.

  7. Initialize the OpenStack provider:

    provider "openstack" {
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
      domain_name = "123456"
      tenant_id   = selectel_vpc_project_v2.project_1.id
      user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
      password    = selectel_iam_serviceuser_v1.serviceuser_1.password
      region      = "ru-9"
    }

    Here:

    • domain_name — Selectel account number. You can look it up in control panel in the upper right corner;
    • region — pool for example ru-9. All resources will be created in this pool. The list of available pools can be found in the instructions Availability matrices.

  8. If you create resources at the same time as configuring providers, add the depends_on argument for OpenStack resources . For example, for the resource openstack_networking_network_v2:

    resource "openstack_networking_network_v2" "network_1" {
      name           = "private-network"
      admin_state_up = "true"

      depends_on = [
        selectel_vpc_project_v2.project_1,
        selectel_iam_serviceuser_v1.serviceuser_1
      ]
    }

  9. Optional: if you want to use a mirror, create a separate Terraform CLI configuration file and add a block to it:

    provider_installation {
      network_mirror {
        url = "https://tf-proxy.selectel.ru/mirror/v1/"
        include = ["registry.terraform.io/*/*"]
      }
      direct {
        exclude = ["registry.terraform.io/*/*"]
      }
    }

    See the CLI Configuration File instructions in HashiCorp's CLI Configuration File documentation for more information on configuring mirrors.

  10. Open the CLI.

  11. Initialize the Terraform configuration in the directory:

    terraform init

  12. Check that the configuration files have been compiled without errors:

    terraform validate

  13. Format the configuration files:

    terraform fmt

  14. Check the resources that will be created:

    terraform plan

  15. Apply the changes and create the resources:

    terraform apply

  16. Confirm the creation — type yes and press Enter. The created resources are displayed in the control panel.

  17. If there were not enough quotas to create resources, increase the quotas.

2. Create a private network and subnet

resource "openstack_networking_network_v2" "network_1" {
  name           = "private-network"
  admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  name       = "private-subnet"
  network_id = openstack_networking_network_v2.network_1.id
  cidr       = "192.168.199.0/24"
}

Here cidr is the CIDR of the private subnet, for example 192.168.199.0/24.

See a detailed description of the resources:

3. Create a cloud router connected to an external network

A cloud router connected to an external network acts as a 1:1 NAT for access from a private network to the Internet through the public IP address of the router.

data "openstack_networking_network_v2" "external_network_1" {
  external = true
}

resource "openstack_networking_router_v2" "router_1" {
  name                = "router"
  external_network_id = data.openstack_networking_network_v2.external_network_1.id
}

resource "openstack_networking_router_interface_v2" "router_interface_1" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

See a detailed description of the resources:

4. Create a cloud-based load balancer

resource "openstack_lb_loadbalancer_v2" "load_balancer_1" {
  name          = "load-balancer"
  vip_subnet_id = openstack_networking_subnet_v2.subnet_1.id
  flavor_id     = "ac18763b-1fc5-457d-9fa7-b0d339ffb336"
}

Here flavor_id is the ID of the flavor. The flavors correspond to load balancer types and define the number of vCPUs, RAM, and the number of load balancer instances. For example, ac18763b-1fc5-457d-9fa7-b0d339ffb336 is the ID to create a balancer with the Advanced type with redundancy in the ru-9 pool. The list of flavorings can be viewed in the table List of load balancer flavorings in all pools.

Check out the detailed resource description of openstack_lb_loadbalancer_v2.

5. Create a rule

resource "openstack_lb_listener_v2" "listener_1" {
  name            = "listener"
  protocol        = "TCP"
  protocol_port   = "80"
  loadbalancer_id = openstack_lb_loadbalancer_v2.load_balancer_1.id
}

Here:

Check out the detailed resource description of openstack_lb_listener_v2.

6. Create a task force

resource "openstack_lb_pool_v2" "pool_1" {
  name        = "pool"
  protocol    = "PROXY"
  lb_method   = "ROUND_ROBIN"
  listener_id = openstack_lb_listener_v2.listener_1.id
}

Here:

View a detailed description of the openstack_lb_pool_v2 resource.

7. Add the server to the target group

resource "openstack_lb_member_v2" "member_1" {
  name          = "member"
  subnet_id     = openstack_networking_subnet_v2.subnet_1.id
  pool_id       = openstack_lb_pool_v2.pool_1.id
  address       = "192.168.199.4"
  protocol_port = "80"
}

Here:

  • address — private IP address of the server, e.g. 192.168.199.4;
  • protocol_port — port for the servers in the rule.

View a detailed description of the openstack_lb_member_v2 resource.

8. Create an availability check

resource "openstack_lb_monitor_v2" "monitor_1" {
  name        = "monitor"
  pool_id     = openstack_lb_pool_v2.pool_1.id
  type        = "HTTP"
  delay       = "10"
  timeout     = "4"
  max_retries = "5"
}

Here:

  • type — validation type for example HTTP;
  • delay — interval in seconds at which the balancer sends checking requests to servers;
  • timeout — connection timeout (time waiting for a response);
  • max_retries — number of successful requests in a row, after which the server is switched to the operational state (success threshold).

View a detailed description of the openstack_lb_monitor_v2 resource.

9. Create a public IP address and connect to the balancer

The public IP address will be connected to the load balancer port and associated with the private IP.

resource "openstack_networking_floatingip_v2" "floatingip_1" {
  pool    = "external-network"
  port_id = openstack_lb_loadbalancer_v2.load_balancer_1.vip_port_id
}

View a detailed description of the openstack_networking_floatingip_v2 resource.

12. Get the IP address of the load balancer

output "public_ip_address" {
  value = openstack_networking_floatingip_v2.floatingip_1.fixed_ip
}