Skip to main content

Terraform Quick Start

Last update:
  1. Install Terraform.
  2. Create a service user.
  3. Set up providers.

All resources created with Terraform are charged according to the service payment model. Charging for a resource starts after the resource is created.

The cost of resources created using Terraform does not differ from the cost of resources created using the dashboard.

1. Install Terraform

  1. Download the Terraform distribution for your operating system from the HashiCorp website or from the mirror. We recommend downloading Terraform 1.9.

  2. If you downloaded the Terraform distribution from a mirror, export the path to it in the PATH environment variable:

    export PATH=$PATH:<path>

    Specify <path> — the path to the Terraform binary file.

  3. Install Terraform. For Linux and macOS, use the Install Terraform instructions in the HashiCorp documentation.

2. Create a service user

To work with the examples, you need to create a service user with two roles:

  • member in the Account access area — the role is needed to initialize the Selectel provider and create resources;
  • и iam_admin — to create additional users and differentiate access in projects.

  1. In the control panel, on the top menu, click Account.

  2. Go to the Service Users section.

  3. Click Add Service User.

  4. In the Service User Data block:

    4.1 Enter a user name. This will be used for authorization.

    4.2 Enter a password for the user or generate one.Once a user is created, you cannot view the password — you can only change it.The password must be no shorter than 20 characters and include a minimum:

    • one uppercase and one lowercase Latin letter (A-Z, a-z);
    • one digit (0-9);
    • one special character from the ASCII Printable 7-Bit Special Characters list:
      !"#$%&'()*+,-./:;<=>?@[]^_{|}~.

  5. In the Account Access block:

    5.1 Set the resolution by selecting:

    5.2 Optional: To assign another permission to the user, click Add Permission and repeat step 5.1.

    5.3 Optional: select a group for the user.

  6. Click Add User. It will be added to the list on the Service Users page . The account will be active immediately.

3. Set up the ISPs

If the version of Terraform Selectel Provider you are using is lower than 6.0.0, you can upgrade it. For more information, see Upgrading Terraform Selectel Provider to version 6.0.0 on the Terraform Registry.

  1. Make sure that in the control panel you have created a service user with the following roles member in the Account and iam_admin.

  2. Create a directory to store the configuration files and a separate file with a .tf extension to configure the providers.

  3. Add Selectel and OpenStack providers to the file to configure the providers:

    terraform {
      required_providers {
        selectel  = {
          source  = "selectel/selectel"
          version = "~> 6.0"
        }
        openstack = {
          source  = "terraform-provider-openstack/openstack"
          version = "2.1.0"
        }
      }
    }

    Here version — versions of providers. The current version can be found in Selectel (in Terraform Registry and GitHub) and OpenStack (in Terraform Registry and GitHub) documentation.

    Learn more about the products, services, and services that can be managed with providers in the Selectel and OpenStack Providers instruction.

  4. Initialize the Selectel provider:

    provider "selectel" {
      domain_name = "123456"
      username    = "user"
      password    = "password"
      auth_region = "ru-9"
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
    }

    Here:

    • domain_name — Selectel account number. You can look it up in control panel in the upper right corner;
    • username — username service user with roles member in the access area Account and iam_admin. Can be viewed in the control panel: in the top menu, click Account → section Service Users (this section is only available to the Account Owner and the user with the role of iam_admin);
    • password — password of the service user. You can view it when creating a user or change it to a new one;
    • auth_region — pool for example ru-9. All resources will be created in this pool. The list of available pools can be found in the instructions Availability matrices.

  5. Create a project:

    resource "selectel_vpc_project_v2" "project_1" {
      name = "project"
    }

    View a detailed description of the selectel_vpc_project_v2 resource.

  6. Create a service user to access the project and assign it the role of member role in the Project access area:

    resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
      name         = "username"
      password     = "password"
      role {
        role_name  = "member"
        scope      = "project"
        project_id = selectel_vpc_project_v2.project_1.id
      }
    }

    Here:

    • username — username;
    • password — user password. The password must be no shorter than eight characters and contain Latin letters of different cases and digits;
    • project_id — Project ID. You can view it in control panel: in the top menu click Products and select Cloud Servers → open the projects menu → in the row of the desired project, click .

    View a detailed description of the selectel_iam_serviceuser_v1 resource.

  7. Initialize the OpenStack provider:

    provider "openstack" {
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
      domain_name = "123456"
      tenant_id   = selectel_vpc_project_v2.project_1.id
      user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
      password    = selectel_iam_serviceuser_v1.serviceuser_1.password
      region      = "ru-9"
    }

    Here:

    • domain_name — Selectel account number. You can look it up in control panel in the upper right corner;
    • region — pool for example ru-9. All resources will be created in this pool. The list of available pools can be found in the instructions Availability matrices.

  8. If you create resources at the same time as configuring providers, add the depends_on argument for OpenStack resources . For example, for the resource openstack_networking_network_v2:

    resource "openstack_networking_network_v2" "network_1" {
      name           = "private-network"
      admin_state_up = "true"

      depends_on = [
        selectel_vpc_project_v2.project_1,
        selectel_iam_serviceuser_v1.serviceuser_1
      ]
    }

  9. Optional: if you want to use a mirror, create a separate Terraform CLI configuration file and add a block to it:

    provider_installation {
      network_mirror {
        url = "https://tf-proxy.selectel.ru/mirror/v1/"
        include = ["registry.terraform.io/*/*"]
      }
      direct {
        exclude = ["registry.terraform.io/*/*"]
      }
    }

    See the CLI Configuration File instructions in HashiCorp's CLI Configuration File documentation for more information on configuring mirrors.

  10. Open the CLI.

  11. Initialize the Terraform configuration in the directory:

    terraform init

  12. Check that the configuration files have been compiled without errors:

    terraform validate

  13. Format the configuration files:

    terraform fmt

  14. Check the resources that will be created:

    terraform plan

  15. Apply the changes and create the resources:

    terraform apply

  16. Confirm the creation — type yes and press Enter. The created resources are displayed in the control panel.

  17. If there were not enough quotas to create resources, increase the quotas.