September 5, 2016

Scaleway on terraform: remote-exec provisioners

In this blog post I want to explore two options of using terraform and the remote-exec provisioner with the new Scaleway cloud provider.

using Scaleway

First, signup for Scaleway. Once you have a Scaleway account, export the required credentials to your environment like this:

export SCALEWAY_ACCESS_KEY=<your-access-key> 
export SCALEWAY_ORGANIZATION=<your-organization-id>

You can find out both information easily by using the scw cli; it’ll write the information to the ~/.scwrc file.

Now you can use the scaleway provider like this:

provider "scaleway" {}

resource "scaleway_server" "server" {
  name = "my-server"
  type = "C1"
  image = "eeb73cbf-78a9-4481-9e38-9aaadaf8e0c9" # ubuntu 16.06
}

You’re now ready to manage your scaleway infrastructure with terraform!

public hosts

By default, the scaleway_server resource will create internal servers only, meaning the servers won’t have a public ip. In order to use remote-exec however, the server must be accessible.

The easiest way to achieve this is by exposing your server using the dynamic_ip_required attribute:

provider "scaleway" {}

resource "scaleway_server" "server" {
  name  = "my-server"
  type  = "C1"
  image = "eeb73cbf-78a9-4481-9e38-9aaadaf8e0c9" # ubuntu 16.06

  dynamic_ip_required = true

  provisioner "remote-exec" {
    inline = "echo hello world"
  }
}

Now your server will get a public ip assigned and remote-exec will work out of the box!

jump hosts

When you don’t want to expose your servers you can setup a publicly accessible jump host, which then can be used to access your internal servers:

provider "scaleway" {}

resource "scaleway_server" "jump-host" {
  name  = "my-jump-host"
  type  = "C1"
  image = "eeb73cbf-78a9-4481-9e38-9aaadaf8e0c9" # ubuntu 16.06

  dynamic_ip_required = true
}

resource "scaleway_server" "server" {
  type  = "C1"
  image = "eeb73cbf-78a9-4481-9e38-9aaadaf8e0c9" # ubuntu 16.06

  connection {
    type         = "ssh"
    user         = "root"
    host         = "${self.private_ip}"
    bastion_host = "${scaleway_server.jump-host.public_ip}"
    bastion_user = "root"
    agent        = true
  }

  provisioner "remote-exec" {
    inline = "echo hello world"
  }
}

this way, only your jump host is publicly accessible and all other servers will remain internal.

That’s it for now. Enjoy Scaleway on terraform :)