Terraform Provider to manage rancher resources

Hi!,

I’ve been working on a terraform provider for rancher. I think there are some pieces in the rancher infrastructure that fit well in terraform declaration files.

It’s a work in progress but I plan to add more resources as I need them. But you are welcome to contribute with yours.

I hope this is useful for someone else.

1 Like

Really nice. I’m working with Terraform to bootstrap my Rancher cluster.

I like this. I do too use Terraform to bootstrap our infrastructure for Rancher. The only thing I still miss is to be able to add Hosts automatically to the default environment.

I will definitely use this in the future to create our environments.

Thanks

I would really love to hear some feedback about the design of this provider.

tl;dr

Right now I have a provider that hits the rancher api at /v1 and you can set the credentials for that.

provider "rancher" {
     api_url = "http://rancher.my-domain.com/v1"
  access_key = "${var.rancher_access_key}"
  secret_key = "${var.rancher_secret_key}"
}

With this provider I should be able to implement any resource that hits the api at the root level. For example environments.

resource "rancher_environment" "default" {
           name = "staging"
    description = "The staging environment"
  orchestration = "cattle"
}

But then I want to implement resources that depend on an environment. For example: registries, stacks, etc (most of the resources will hit the api to v1/projects/<project_id> (projects = environment in the api).

So here is where I don’t know if the design of the provider should follow the design of the api or not.

The first options is to pass the environment to the resources, like this:

resource "rancher_registry" "foo" {
            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
  environment_id = "1a26"
}

But what happens if I want to use environment credentials instead of the global ones?? Should I pass the credentials to every resource?

The other option is that the provider can define an environment, it would look something like this.

provider "rancher" {
         api_url = "http://rancher.my-domain.com/v1"
  environment_id = "1a26"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

resource "rancher_registry" "foo" {
            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
}

The problem is how I create the environment in the first place…

One alternative would be to leverage the alias features for providers so I can define multiple providers.

# Provider to hit the global api
provider "rancher" {
         api_url = "http://rancher.my-domain.com/v1"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

# create an environment
resource "rancher_environment" "staging" {
           name = "staging"
    description = "The staging environment"
  orchestration = "cattle"
}

# provider to hit the environment api
provider "rancher" {
           alias = "staging"

         api_url = "http://rancher.my-domain.com/v1"
  environment_id = "${rancher_environment.staging.id}"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

resource "rancher_registry" "foo" {
        provider = "rancher.staging"

            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
}

I don’t really know it terraform let me initialize a provider interpolating a variable from a resource of other providers.

thanks for the feedback!

@blackjid I just did a first test about using the rancher provider. But I think I have a problem.

I setup the provider like that:

provider "rancher" {
  api_url = "http://${scaleway_server.rancher.private_ip}:8080"
  access_key = "${var.rancherAccessKey}"
  secret_key = "${var.rancherSecretKey}"
}

The API URL reference to the private IP of one of my server. But this server is also in my terraform and so is not live. And so when I execute Terraform plan I got this error message:

Get /v1: unsupported protocol scheme ""

I have the impression is trying to connect to the API on “plan”. But what I expected was to do it on “apply”

I’m not sure why is that… I realize now that haven’t tried the provider using a port in the url. That might be it, but is weird.

In any case, this provider plugin was merged into terraform in version 0.8.0 https://github.com/hashicorp/terraform/issues/9173

You might want to start an issue there, so more people involved in the could take a look at it.

Thx,

I just created an issue: https://github.com/hashicorp/terraform/issues/10945

It looks like this provider requires a rancher server to already be configured? This looks pretty cool, is there an example of using Terraform to create the server?