Skip to main content

Terraform: Quick Start

Last update:
  1. Install Terraform.
  2. Create a service user.
  3. Configure providers.

All resources created with Terraform are billed according to the service payment model. Resource billing begins after resource creation.

The cost of resources created with Terraform is the same as the cost of resources created via the control panel.

1. Install Terraform

  1. Download the Terraform distribution for your operating system from the HashiCorp website or from the mirror. We recommend downloading Terraform version 1.9.

  2. If you downloaded the Terraform distribution from the mirror, export the path to it to the PATH environment variable:

    export PATH=$PATH:<path>

    Specify <path> — the path to the Terraform binary.

  3. Install Terraform. For Linux and macOS, follow the Install Terraform instructions in the HashiCorp documentation.

2. Create a service user

To work with the examples, you need to create a service user with two roles:

  • member in the Account access scope — the role is required to initialize the Selectel provider and create resources; ;
  • and iam.admin — for creating additional users and restricting access within projects.

  1. In the control panel, on the top menu, click IAM.

  2. Go to the Service Users section.

  3. Click Add service user.

  4. In the Service User Details block:

    4.1. Enter the username. It will be used for authorization.

    4.2. Enter a password for the user or generate one. Once the user is created, the password cannot be viewed, only changed. The password must be at least 20 characters long and include at least:

    • one uppercase and one lowercase Latin letter (A-Z, a-z);
    • one digit (0-9);
    • one special character from the ASCII Printable 7-Bit Special Characters list:
      !"#$%&'()*+,-./:;<=>?@[]^_{|}~.

  5. In the Account Access block:

    5.1. Configure the permission; to do this, select:

    5.2. Optional: to assign an additional permission to the user, click Add permission and repeat step 5.1.

    5.3. Optional: select a group for the user.

  6. Click Add user. They will be added to the list on the Service users page. The account will be active immediately.

3. Configure providers

If you are using a Selectel Terraform provider version earlier than 6.0.0, you can upgrade it. For more information, see the Upgrading Terraform Selectel Provider to version 6.0.0 guide in the Terraform Registry.

  1. Make sure that in the control panel you have created a service user with the member role in the Account access scope and iam.admin.

  2. Create a directory to store configuration files and a separate file with the .tf extension to configure providers.

  3. Add the Selectel and OpenStack providers to the file for provider configuration:

    terraform {
      required_providers {
        selectel  = {
          source  = "selectel/selectel"
          version = "~> 7.1.0"
        }
        openstack = {
          source  = "terraform-provider-openstack/openstack"
          version = "2.1.0"
        }
      }
    }

    Here version is the provider version. The current version can be found in the Selectel documentation (in Terraform Registry and GitHub) and OpenStack (in Terraform Registry and GitHub).

    For more information about products, services, and features that can be managed using providers, see the Selectel and OpenStack Providers guide.

  4. Initialize the Selectel provider:

    provider "selectel" {
      domain_name = "123456"
      username    = "user"
      password    = "password"
      auth_region = "ru-9"
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3/"
    }

    Where:

    • domain_name — Selectel account number. You can find it in the control panel in the top-right corner;
    • username — name of the service user with the member role in the Account access scope and iam.admin. You can view it in the control panel: in the top menu, click IAMService Users section (the section is only available to the Account Owner and a user with the iam.admin role);
    • password — service user password. You can view it when creating the user or change it to a new one;
    • auth_regionpool for authorization, for example, ru-9. You can create resources in other pools. A list of available pools can be found in the Availability Matrix guide.

  5. Create a project:

    resource "selectel_vpc_project_v2" "project_1" {
      name = "project"
    }

    See a detailed description of the selectel_vpc_project_v2 resource.

  6. Create a service user to access the project and assign them the member role in the Project access scope:

    resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
      name         = "username"
      password     = "password"
      role {
        role_name  = "member"
        scope      = "project"
        project_id = selectel_vpc_project_v2.project_1.id
      }
    }

    Where:

    • username — username;

    • password — user password. The password must be at least 20 characters long and include at least:

      • one uppercase and one lowercase Latin letter (A-Z, a-z);
      • one digit (0-9);
      • one special character from the ASCII Printable 7-Bit Special Characters list:
        !"#$%&'()*+,-./:;<=>?@[]^_{|}~;

    • project_id — project ID. You can find it in the control panel: in the top menu, click Products and select Cloud Servers → open the projects menu → in the row of the target project, click .

    See a detailed description of the selectel_iam_serviceuser_v1 resource.

  7. Initialize the OpenStack provider:

    provider "openstack" {
      auth_url    = "https://cloud.api.selcloud.ru/identity/v3"
      domain_name = "123456"
      tenant_id   = selectel_vpc_project_v2.project_1.id
      user_name   = selectel_iam_serviceuser_v1.serviceuser_1.name
      password    = selectel_iam_serviceuser_v1.serviceuser_1.password
      region      = "ru-9"
    }

    Where:

    • domain_name — Selectel account number. You can find it in the control panel in the top-right corner;
    • regionpool, for example, ru-9. All resources will be created in this pool. A list of available pools can be found in the Availability Matrix guide.

  8. If you are creating resources while configuring providers, add the depends_on argument for OpenStack resources. For example, for the openstack_networking_network_v2 resource:

    resource "openstack_networking_network_v2" "network_1" {
      name           = "private-network"
      admin_state_up = "true"

      depends_on = [
        selectel_vpc_project_v2.project_1,
        selectel_iam_serviceuser_v1.serviceuser_1
      ]
    }

  9. Optional: if you want to use a mirror, create a separate Terraform CLI configuration file and add the following block to it:

    provider_installation {
      network_mirror {
        url = "https://tf-proxy.selectel.ru/mirror/v1/"
        include = ["registry.terraform.io/*/*"]
      }
      direct {
        exclude = ["registry.terraform.io/*/*"]
      }
    }

    Read more about mirror settings in the CLI Configuration File guide in the HashiCorp documentation.

  10. Open the CLI.

  11. Initialize the Terraform configuration in the directory:

    terraform init

  12. Verify that the configuration files are syntactically correct:

    terraform validate

  13. Format the configuration files:

    terraform fmt

  14. Check which resources will be created:

    terraform plan

  15. Apply the changes and create the resources:

    terraform apply

  16. Confirm creation — enter yes and press Enter. The created resources will appear in the control panel.

  17. If quotas were insufficient to create the resources, increase the quotas.