Terraform Provider to manage rancher resources

blackjid · July 12, 2016, 12:24pm

Hi!,

I’ve been working on a terraform provider for rancher. I think there are some pieces in the rancher infrastructure that fit well in terraform declaration files.

It’s a work in progress but I plan to add more resources as I need them. But you are welcome to contribute with yours.

I hope this is useful for someone else.

seb2411 · July 12, 2016, 12:47pm

Really nice. I’m working with Terraform to bootstrap my Rancher cluster.

polysign · July 22, 2016, 10:56am

I like this. I do too use Terraform to bootstrap our infrastructure for Rancher. The only thing I still miss is to be able to add Hosts automatically to the default environment.

I will definitely use this in the future to create our environments.

Thanks

blackjid · July 22, 2016, 8:52pm

I would really love to hear some feedback about the design of this provider.

tl;dr

Right now I have a provider that hits the rancher api at /v1 and you can set the credentials for that.

provider "rancher" {
     api_url = "http://rancher.my-domain.com/v1"
  access_key = "${var.rancher_access_key}"
  secret_key = "${var.rancher_secret_key}"
}

With this provider I should be able to implement any resource that hits the api at the root level. For example environments.

resource "rancher_environment" "default" {
           name = "staging"
    description = "The staging environment"
  orchestration = "cattle"
}

But then I want to implement resources that depend on an environment. For example: registries, stacks, etc (most of the resources will hit the api to v1/projects/<project_id> (projects = environment in the api).

So here is where I don’t know if the design of the provider should follow the design of the api or not.

The first options is to pass the environment to the resources, like this:

resource "rancher_registry" "foo" {
            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
  environment_id = "1a26"
}

But what happens if I want to use environment credentials instead of the global ones?? Should I pass the credentials to every resource?

The other option is that the provider can define an environment, it would look something like this.

provider "rancher" {
         api_url = "http://rancher.my-domain.com/v1"
  environment_id = "1a26"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

resource "rancher_registry" "foo" {
            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
}

The problem is how I create the environment in the first place…

One alternative would be to leverage the alias features for providers so I can define multiple providers.

# Provider to hit the global api
provider "rancher" {
         api_url = "http://rancher.my-domain.com/v1"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

# create an environment
resource "rancher_environment" "staging" {
           name = "staging"
    description = "The staging environment"
  orchestration = "cattle"
}

# provider to hit the environment api
provider "rancher" {
           alias = "staging"

         api_url = "http://rancher.my-domain.com/v1"
  environment_id = "${rancher_environment.staging.id}"
      access_key = "${var.rancher_access_key}"
      secret_key = "${var.rancher_secret_key}"
}

resource "rancher_registry" "foo" {
        provider = "rancher.staging"

            name = "foo"
     description = "registry test"
  server_address = "http://foo.com:8080"
}

I don’t really know it terraform let me initialize a provider interpolating a variable from a resource of other providers.

thanks for the feedback!

seb2411 · December 27, 2016, 3:46pm

@blackjid I just did a first test about using the rancher provider. But I think I have a problem.

I setup the provider like that:

provider "rancher" {
  api_url = "http://${scaleway_server.rancher.private_ip}:8080"
  access_key = "${var.rancherAccessKey}"
  secret_key = "${var.rancherSecretKey}"
}

The API URL reference to the private IP of one of my server. But this server is also in my terraform and so is not live. And so when I execute Terraform plan I got this error message:

Get /v1: unsupported protocol scheme ""

I have the impression is trying to connect to the API on “plan”. But what I expected was to do it on “apply”

blackjid · December 27, 2016, 6:27pm

I’m not sure why is that… I realize now that haven’t tried the provider using a port in the url. That might be it, but is weird.

In any case, this provider plugin was merged into terraform in version 0.8.0 https://github.com/hashicorp/terraform/issues/9173

You might want to start an issue there, so more people involved in the could take a look at it.

seb2411 · December 28, 2016, 3:51pm

Thx,

I just created an issue: https://github.com/hashicorp/terraform/issues/10945

jmreicha · January 2, 2017, 8:43pm

It looks like this provider requires a rancher server to already be configured? This looks pretty cool, is there an example of using Terraform to create the server?

Topic		Replies	Views
How to set environment variables with Terraform provider Rancher 1.x	2	4218	April 24, 2018
Go-rancher client project id Rancher 1.x	1	1041	July 13, 2016
Rancher2 and EKS Rancher	0	362	June 4, 2020
[RANCHER 1.6] Add label via host rancher-agent startup? Rancher 1.x	2	958	May 11, 2018
Deployment of Rancher catalog apps with Terraform? Rancher	0	710	February 27, 2019

Terraform Provider to manage rancher resources

tl;dr

Related Topics