Create a fixed configuration cloud server with dedicated cores and a bootable network volume via Terraform

We recommend creating resources in order. If you create all resources at once, Terraform will account for dependencies between resources that you specified in the configuration file. If dependencies are not specified, resources will be created in parallel, which may lead to errors. For instance, a resource required for creating another resource might not have been created yet.

Optional: configure providers.
Add a public SSH key.
Create a private network and a subnet.
Create a cloud router connected to the internet.
Create a port for the cloud server.
Get an image.
Create a bootable network volume.
Create a cloud server.
Create a public IP address.
Associate the cloud server’s public and private IP addresses.
Get the cloud server IP address.

Configuration files

Example file for configuring providers

terraform {
  required_providers {
    selectel  = {
      source  = "selectel/selectel"
      version = "~> 6.0"
    }
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "2.1.0"
    }
  }
}

provider "selectel" {
  domain_name = "123456"
  username    = "user"
  password    = "password"
  auth_region = "ru-7"
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
}

resource "selectel_vpc_project_v2" "project_1" {
  name = "project"
}

resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
  name         = "username"
  password     = "password"
  role {
    role_name  = "member"
    scope      = "project"
    project_id = selectel_vpc_project_v2.project_1.id 
  }
}

provider "openstack" {
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
  domain_name = "123456"
  tenant_id   = selectel_vpc_project_v2.project_1.id
  user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
  password    = selectel_iam_serviceuser_v1.serviceuser_1.password
  region      = "ru-7"
}

Example file for creating a server with dedicated cores

resource "selectel_vpc_keypair_v2" "keypair_1" {
    name       = "keypair"
    public_key = file("~/.ssh/id_rsa.pub")
    user_id    = selectel_iam_serviceuser_v1.serviceuser_1.id
}

resource "openstack_networking_network_v2" "network_1" {
    name           = "private-network"
    admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
    network_id = openstack_networking_network_v2.network_1.id
    cidr       = "192.168.199.0/24"
}

data "openstack_networking_network_v2" "external_network_1" {
    external = true
}

resource "openstack_networking_router_v2" "router_1" {
    name                = "router"
    external_network_id = data.openstack_networking_network_v2.external_network_1.id
}

resource "openstack_networking_router_interface_v2" "router_interface_1" {
    router_id = openstack_networking_router_v2.router_1.id
    subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

resource "openstack_networking_port_v2" "port_1" {
    name       = "port"
    network_id = openstack_networking_network_v2.network_1.id

    fixed_ip {
      subnet_id = openstack_networking_subnet_v2.subnet_1.id
    }
}

data "openstack_images_image_v2" "image_1" {
    name        = "Ubuntu 20.04 LTS 64-bit"
    most_recent = true
    visibility  = "public"
}

resource "openstack_blockstorage_volume_v3" "volume_1" {
    name                 = "boot-volume-for-server"
    size                 = "5"
    image_id             = data.openstack_images_image_v2.image_1.id
    volume_type          = "fast.ru-7b"
    availability_zone    = "ru-7b"
    enable_online_resize = true

    lifecycle {
      ignore_changes = [image_id]
    }

}

resource "openstack_compute_instance_v2" "server_1" {
  name              = "server"
  flavor_id         = "1063"
  key_pair          = selectel_vpc_keypair_v2.keypair_1.name
  availability_zone = "ru-7b"

  network {
    port = openstack_networking_port_v2.port_1.id
  }

  lifecycle {
    ignore_changes = [image_id]
  }

  block_device {
    uuid             = openstack_blockstorage_volume_v3.volume_1.id
    source_type      = "volume"
    destination_type = "volume"
    boot_index       = 0
  }

  vendor_options {
    ignore_resize_confirmation = true
  }
}

resource "openstack_networking_floatingip_v2" "floatingip_1" {
    pool = "external-network"
}

resource "openstack_networking_floatingip_associate_v2" "association_1" {
    port_id     = openstack_networking_port_v2.port_1.id
    floating_ip = openstack_networking_floatingip_v2.floatingip_1.address
}

output "public_ip_address" {
    value = openstack_networking_floatingip_v2.floatingip_1.fixed_ip
}

1. Optional: configure providers

If you have already configured Selectel and OpenStack providers, skip this step.

Make sure that in the control panel you have created a service user with the member role in the Account access scope and iam.admin role.
Create a directory to store configuration files and a separate file with the .tf extension for configuring providers.
Add the Selectel and OpenStack providers to the provider configuration file:
```
terraform {
  required_providers {
    selectel  = {
      source  = "selectel/selectel"
      version = "~> 6.0"
    }
    openstack = {
      source  = "terraform-provider-openstack/openstack"
      version = "2.1.0"
    }
  }
}
```
Where version is the provider version. The current version can be found in the Selectel documentation (in Terraform Registry and GitHub) and OpenStack (in Terraform Registry and GitHub).

For more information about products, services, and features that can be managed using providers, see the Selectel and OpenStack Providers guide.
Initialize the Selectel provider:
```
provider "selectel" {
  domain_name = "123456"
  username    = "user"
  password    = "password"
  auth_region = "ru-7"
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
}
```
Where:
- domain_name — Selectel account ID. It can be found in the control panel in the top-right corner;
- username — name of the service user with the member role in the Account access scope and iam.admin role. It can be found in the control panel: in the top menu click IAM → Service Users (this section is only available to the Account Owner and users with the iam.admin role);
- password — service user password. You can view it when creating the user or change it to a new one;
- auth_region — pool for authorization, e.g. ru-7. Resources can be created in other pools. A list of available pools can be found in the Availability Matrix guide.
Create a project:
```
resource "selectel_vpc_project_v2" "project_1" {
  name = "project"
}
```
See the detailed description of the selectel_vpc_project_v2 resource.
Create a service user for project access and assign them the member role in the Project access scope:
```
resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
  name         = "username"
  password     = "password"
  role {
    role_name  = "member"
    scope      = "project"
    project_id = selectel_vpc_project_v2.project_1.id
  }
}
```
Where:
- username — username;
- password — user password. The password must be at least eight characters long and include Latin letters in different cases and numbers;
- project_id — project ID. It can be found in the control panel: in the top menu click Products and select Cloud Servers → open the projects menu → in the line of the required project click .
See the detailed description of the selectel_iam_serviceuser_v1 resource.

Initialize the OpenStack provider:

provider "openstack" {
  auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
  domain_name = "123456"
  tenant_id   = selectel_vpc_project_v2.project_1.id
  user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
  password    = selectel_iam_serviceuser_v1.serviceuser_1.password
  region      = "ru-7"
}

Where:

domain_name — Selectel account ID. It can be found in the control panel in the top-right corner;
region — pool, e.g. ru-7. All resources will be created in this pool. A list of available pools can be found in the Availability Matrix guide.

If you are creating resources simultaneously with provider configuration, add the depends_on argument for OpenStack resources. For example, for the openstack_networking_network_v2 resource:

resource "openstack_networking_network_v2" "network_1" {
  name           = "private-network"
  admin_state_up = "true"

  depends_on = [
    selectel_vpc_project_v2.project_1,
    selectel_iam_serviceuser_v1.serviceuser_1
  ]
}

Optional: if you want to use a mirror, create a separate Terraform CLI configuration file and add the following block to it:
```
provider_installation {
  network_mirror {
    url = "https://tf-proxy.selectel.ru/mirror/v1/"
    include = ["registry.terraform.io/*/*"]
  }
  direct {
    exclude = ["registry.terraform.io/*/*"]
  }
}
```
For more information on mirror configuration, see CLI Configuration File in the HashiCorp documentation.
Open the CLI.
Initialize the Terraform configuration in the directory:
```
terraform init
```
Verify that the configuration files are syntactically correct:
```
terraform validate
```
Format the configuration files:
```
terraform fmt
```
Check which resources will be created:
```
terraform plan
```
Apply the changes and create the resources:
```
terraform apply
```
Confirm creation by entering yes and pressing Enter. The created resources will appear in the control panel.
If you do not have enough quotas to create the resources, increase your quotas.

2. Create an SSH key pair

resource "selectel_vpc_keypair_v2" "keypair_1" {
  name       = "keypair"
  public_key = file("~/.ssh/id_rsa.pub")
  user_id    = selectel_iam_serviceuser_v1.serviceuser_1.id
}

Here public_key is the path to the public SSH key. If SSH keys are not generated, create them.

See the detailed description of the selectel_vpc_keypair_v2 resource.

3. Create a private network and a subnet

resource "openstack_networking_network_v2" "network_1" {
  name           = "private-network"
  admin_state_up = "true"
}

resource "openstack_networking_subnet_v2" "subnet_1" {
  name       = "private-subnet"
  network_id = openstack_networking_network_v2.network_1.id
  cidr       = "192.168.199.0/24"
}

Here cidr is the private subnet CIDR, for example 192.168.199.0/24.

See the detailed resource description:

4. Create a cloud router connected to the internet

A cloud router connected to the internet performs 1:1 NAT for traffic from a private network to the internet via the router's public IP address.

data "openstack_networking_network_v2" "external_network_1" {
  external = true
}

resource "openstack_networking_router_v2" "router_1" {
  name                = "router"
  external_network_id = data.openstack_networking_network_v2.external_network_1.id
}

resource "openstack_networking_router_interface_v2" "router_interface_1" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

See the detailed resource description:

5. Create a port for the cloud server

resource "openstack_networking_port_v2" "port_1" {
  name       = "port"
  network_id = openstack_networking_network_v2.network_1.id

  fixed_ip {
    subnet_id = openstack_networking_subnet_v2.subnet_1.id
  }
}

See the detailed description of the openstack_networking_port_v2 resource.

6. Get an image

data "openstack_images_image_v2" "image_1" {
  name        = "Ubuntu 20.04 LTS 64-bit"
  most_recent = true
  visibility  = "public"
}

See the detailed description of the openstack_images_image_v2 data source.

7. Create a bootable network volume

resource "openstack_blockstorage_volume_v3" "volume_1" {
    name                 = "boot-volume-for-server"
    size                 = "5"
    image_id             = data.openstack_images_image_v2.image_1.id
    volume_type          = "fast.ru-7b"
    availability_zone    = "ru-7b"
    enable_online_resize = true

    lifecycle {
      ignore_changes = [image_id]
    }

}

8. Create a cloud server

resource "openstack_compute_instance_v2" "server_1" {
  name              = "server"
  flavor_id         = "1063"
  key_pair          = selectel_vpc_keypair_v2.keypair_1.name
  availability_zone = "ru-7b"

  network {
    port = openstack_networking_port_v2.port_1.id
  }

  lifecycle {
    ignore_changes = [image_id]
  }

  block_device {
    uuid             = openstack_blockstorage_volume_v3.volume_1.id
    source_type      = "volume"
    destination_type = "volume"
    boot_index       = 0
  }

  vendor_options {
    ignore_resize_confirmation = true
  }
}

Where:

availability_zone — pool segment where the cloud server will be created, e.g. ru-7b. Cloud servers with dedicated cores are only available in the ru-3b, ru-7a, and ru-7b pool segments.
flavor_id — ID of the flavor with dedicated cores. Flavors correspond to cloud server configurations and determine the number of vCPU, RAM, and local disk size. For example, 1063 — a flavor for a fixed configuration in the Standard lineup with 12 vCPU and 48 GB RAM for creating a cloud server with dedicated cores. Flavors with dedicated core support are available in the Standard and HighFreq lineups. A list of available flavors can be found in the Fixed configuration flavors list for all pools subsection of the Cloud Server Configurations guide.

See the detailed description of the openstack_compute_instance_v2 resource.

9. Create a public IP address

resource "openstack_networking_floatingip_v2" "floatingip_1" {
  pool = "external-network"
}

See the detailed description of the openstack_networking_floatingip_v2 resource.

10. Associate the cloud server’s public and private IP addresses

The public IP address will be connected to the cloud server port and associated with the private IP.

resource "openstack_networking_floatingip_associate_v2" "association_1" {
  port_id     = openstack_networking_port_v2.port_1.id
  floating_ip = openstack_networking_floatingip_v2.floatingip_1.address
}

See the detailed description of the openstack_networking_floatingip_associate_v2 resource.

11. Get the cloud server’s IP address

output "public_ip_address" {
  value = openstack_networking_floatingip_v2.floatingip_1.fixed_ip
}