-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4004d25
commit a7aa563
Showing
2 changed files
with
142 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
JAAS: Using Terraform | ||
===================== | ||
|
||
Introduction | ||
------------ | ||
|
||
In this howto we will be showing you how to use Terraform with JAAS. | ||
|
||
Prerequisites | ||
------------- | ||
|
||
For this howto you will need the following: | ||
|
||
- An identity provider that can be used to create OAuth2 client credentials | ||
- Client credentials (`client_id` and `client_secret`) generated by the above identity provider. | ||
- A deployed JIMM configured to trust the identity provider. For instructions on | ||
how to deploy JIMM follow the :doc:`deploy_jimm` howto. | ||
- A Juju 3.5 controller added to JIMM that can be used to control your chosen cloud. For instructions | ||
on how to add one follow the :doc:`add_controller` howto. | ||
- A Juju 3.5 client | ||
- Cloud credentials for the chosen cloud. | ||
- Basic knowledge of Terraform, Juju Terraform provider and Juju. | ||
|
||
Registering client credentials | ||
------------------------------ | ||
|
||
Before we can use client credentials generated by your chosen identity provider we need | ||
to register them. | ||
|
||
1. Install the JAAS snap: | ||
|
||
``sudo snap install jaas --channel latest/candidate`` | ||
|
||
2. Register the cloud credential: | ||
|
||
``juju jaas add-service-account <client ID>`` | ||
|
||
3. Update cloud credentials for the service account: | ||
|
||
``juju jaas update-service-account-credentials <client ID> <cloud> <credential name>`` | ||
|
||
|
||
Juju Terraform provider | ||
----------------------- | ||
|
||
To authenticate with JIMM the provider section in your Terraform plan needs to include | ||
the `client_id` and `client_secret` generated by your identity provider. Please note that | ||
we need to use a version of the `Juju Terraform provider <https://registry.terraform.io/providers/juju/juju/latest/docs>` | ||
higher than `0.12.0`. | ||
|
||
For this howtow we will be deploying the `juju-qa-test` charm. | ||
|
||
Let's create a temporary folder. Run: | ||
|
||
``mkdir terraform_tutorial`` | ||
|
||
and: | ||
|
||
``cd terraform_tutorial`` | ||
|
||
Now create a file called `main.tf` with the following content: | ||
|
||
.. code:: | ||
terraform { | ||
required_providers { | ||
juju = { | ||
version = "0.11.0" | ||
source = "juju/juju" | ||
} | ||
} | ||
} | ||
provider "juju" { | ||
controller_addresses = "<address of your controller>" | ||
client_id = "<clientID>" | ||
client_secret = "<clientSecret>" | ||
ca_certificate = "<CA certificate>" | ||
} | ||
resource "juju_model" "qa" { | ||
name = "qa" | ||
cloud { | ||
name = "localhost" | ||
} | ||
} | ||
resource "juju_application" "qa" { | ||
name = "qa" | ||
model = juju_model.qa.name | ||
charm { | ||
name = "juju-qa-test" | ||
} | ||
units = 1 | ||
} | ||
Run: | ||
|
||
``terraform init`` | ||
|
||
Then: | ||
|
||
``terraform plan`` | ||
|
||
and verify the proposed changes. | ||
If everything seems ok, run: | ||
|
||
``terraform apply`` | ||
|
||
You can now switch to the created `qa` model and see the deployed `qa` application. | ||
|
||
.. code:: | ||
Model Controller Cloud/Region Version SLA Timestamp | ||
qa localhost-localhost localhost/localhost 3.5-beta1.1 unsupported 12:02:40+02:00 | ||
App Version Status Scale Charm Channel Rev Exposed Message | ||
qa active 1 juju-qa-test latest/stable 25 no hello | ||
Unit Workload Agent Machine Public address Ports Message | ||
qa/0* active idle 0 10.221.163.152 hello | ||
Machine State Address Inst id Base AZ Message | ||
To destroy the created model, run: | ||
|
||
``juju destroy-model qa`` |