Getting Started with Terraform & Digitalocean
Installing Terraform⌗
Follow Installation Instructions here.
Terraform⌗
Create a directory where you want to store the terraform configuration files. Create a file named main.tf. This is where we store all the configurations.
Adding providers block
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "2.22.2"
}
}
}
As of this writing, digitalocean’s terraform provider is of version 2.22.2
.
Initialize⌗
To Initialize the terraform and install the azure plugin, you should run
terraform init
Output should be similar to this
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding digitalocean/digitalocean versions matching "2.22.2"...
- Installing digitalocean/digitalocean v2.22.2...
- Installed digitalocean/digitalocean v2.22.2 (signed by a HashiCorp partner, key ID F82037E524B9C0E8)
Generating DigitalOcean API Token⌗
Terraform needs API Token to communicate with DigitalOcean and to deploy the infrastructure. Generate the API token by going to DigitalOcean
» API
» Tokens/Keys
.
Please copy new personal access token now. It won’t be shown again for security.
Authentication⌗
Authentication can be done either with environment variables or terraform variables.
Windows Powershell⌗
Open Powershell
and run the following to add new environment variable.
$ENV:DIGITALOCEAN_ACCESS_TOKEN = 'token'
To set the token as environment variable Persistently
[System.Environment]::SetEnvironmentVariable('DIGITALOCEAN_ACCESS_TOKEN','token')
Bash⌗
export DIGITALOCEAN_ACCESS_TOKEN='token'
To set the token as environment variable Persistently
echo 'export DIGITALOCEAN_ACCESS_TOKEN='token'' >> ~/.profile
Replace
token
with the actual token.
Using Terraform variables⌗
Create var.tf
and add following
variable "do_token" {
type = string
description = "Digital Ocean API Token"
sensitive = true
}
And add following to main.tf
provider "digitalocean" {
token = var.do_token
}
Create a Droplet⌗
To create a droplet, create a new file droplet.tf
and add following
resource "digitalocean_droplet" "terraform_droplet" {
image = "ubuntu-22-04-x64"
name = "terraform"
region = "sfo3"
size = "s-1vcpu-1gb"
}
Here i’m using Ubuntu 22.04 LTS
image and using basic size
with 1vCPU and 1GB of RAM on deploying it in the SFO3
(San Francisco region 3). You can choose whatever you like.
To add ssh key to the account add following to either separate ssh.tf
or droplet.tf
resource "digitalocean_ssh_key" "ssh_default" {
name = "terraform ssh"
public_key = file("~/.ssh/id_rsa.pub")
}
and attach newly added ssh key to the droplet. updated droplet.tf
should look like this
resource "digitalocean_droplet" "terraform_droplet" {
image = "ubuntu-22-04-x64"
name = "terraform"
region = "blr1"
size = "s-1vcpu-1gb"
ssh_keys = [digitalocean_ssh_key.ssh_default.fingerprint]
}
if the given key is already added to you account, terraform throws the error. in that case, remove ssh block and just add MD5 fingerprint of the public key to the droplet block.
To get the `MD5 fingerprint of the key run
ssh-keygen -lf ~/.ssh/id_rsa.pub -E MD5
Updated droplet.tf
should look like this
resource "digitalocean_droplet" "terraform_droplet" {
image = "ubuntu-22-04-x64"
name = "terraform"
region = "blr1"
size = "s-1vcpu-1gb"
ssh_keys = ["a0:b1:c2:3d:4e:5f:g6:h7:i8:9j:0k:1l:2m:n3:o4:p5"]
}
cloud init⌗
To pass user data run commands such as adding users, adding groups or install any tools on droplet on first launch, specify user data file init.yml
#cloud-config
users:
- default
- name: terraform
gecos: terraform
shell: /bin/bash
primary_group: terraform
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: users, admin, sudo
lock_passwd: false
ssh_authorized_keys:
- pubkey
runcmd:
- apt update
- apt upgrade -y
- apt install curl -y
Updated droplet.tf
should look something like this
resource "digitalocean_droplet" "terraform_droplet" {
image = "ubuntu-22-04-x64"
name = "terraform"
region = "blr1"
size = "s-1vcpu-1gb"
user_data = file("init.yml")
ssh_keys = [digitalocean_ssh_key.ssh_default.fingerprint]
}
Outputs⌗
After deploying the droplet, we might need it’s ip address to proceed. To capture that, we need to create a variable and pass deployed droplet ip to that variable.
Create outputs.tf
and add following
output "ip_address" {
value = digitalocean_droplet.terraform_droplet.ipv4_address
description = "The public IP address of your droplet."
}
Deploy⌗
To validate code run terraform validate
. If everything is valid and no syntactical errors are there, output should be like
$ terraform validate
Success! The configuration is valid.
To dry run the everything and to see what are the changes, run
terraform plan
If terraform variable were used to define authentication token
terraform plan -var="do_token=token"
terraform plan
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# digitalocean_droplet.terraform_droplet will be created
+ resource "digitalocean_droplet" "terraform_droplet" {
+ backups = false
+ created_at = (known after apply)
+ disk = (known after apply)
+ graceful_shutdown = false
+ id = (known after apply)
+ image = "ubuntu-22-04-x64"
+ ipv4_address = (known after apply)
+ ipv4_address_private = (known after apply)
+ ipv6 = false
+ ipv6_address = (known after apply)
+ locked = (known after apply)
+ memory = (known after apply)
+ monitoring = false
+ name = "terraform"
+ price_hourly = (known after apply)
+ price_monthly = (known after apply)
+ private_networking = (known after apply)
+ region = "blr1"
+ resize_disk = true
+ size = "s-1vcpu-1gb"
+ status = (known after apply)
+ urn = (known after apply)
+ user_data = "0743846df7e7237339701a0bd8d31d35945590cb"
+ vcpus = (known after apply)
+ volume_ids = (known after apply)
+ vpc_uuid = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ ip_address = (known after apply)
you run "terraform apply" now.
To deploy the droplet run
terraform deploy
If terraform variable were used to define authentication token
terraform deploy -var="do_token=token"
Answer yes
to the prompt to deploy
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Once completed, outputs the ip and status
terraform deploy
.
.
.
.
digitalocean_droplet.terraform_droplet: Creation complete after 1m29s [id=123456789]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
ip_address = "123.456.798.10"
Destroy⌗
To destroy the infrastructure, run
terraform destroy
Answer the prompt with yes
to destroy
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
Conclusion⌗
Everything used here is in publicly available repo on GitHub here
Check the official documentation here. Feel free to comment here or drop an email. Au Revoir.