Skip to main content

Launch an OpenStack Instance Automatically with HashiCorp Terraform


Terraform allows you to write out your cloud's infrastructure as code, commonly referred to as IaC. Using an IaC model allows software development practices to be applied to your cloud's infrastructure. A cloud's infrastructure as code can then be shared and iterated over as needed. In this guide, we demonstrate how to use Terraform to spin up an instance within a OpenMetal Private Cloud.


  • An OpenStack user account. The account does not have to have the administrator role.
  • Linux command line experience
  • A Terraform installation

How to Create an Instance Using Terraform

Step 1: Prepare Terraform Directory

Terraform should be installed to a machine that has Internet access to your Private Cloud. This could be your own machine or one of your cloud's hardware nodes, for example.

When working with Terraform, we suggest creating a folder to manage your Terraform plans and execution files. For example:

mkdir ~/terraform

Step 2: Specify Terraform Provider

When working with Terraform, you must specify a provider. There are a number of providers to choose from located in Terraform's Providers website. For our case, we need to use Terraform's OpenStack Provider because our clouds are powered by OpenStack.

To specify the OpenStack provider, create a file called in your Terraform directory containing:

terraform {
required_providers {
openstack = {
source = "terraform-provider-openstack/openstack"
version = "1.46.0"

Step 3: Initialize Terraform

With a provider defined, Terraform must be initialized.

To initialize Terraform, execute:

terraform init

When Terraform has been successfully initialized, the following message is returned:

Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Step 4: Create OpenStack Application Credentials

To point Terraform to the appropriate cloud and authenticate, you can generate a set of OpenStack Application Credentials. To do so, log in to your cloud and navigate to the section Identity -> Application Credentials.


Figure 1: Application Credentials

Click Create Application Credential to create a new set of credentials. Fill out the details as needed and submit the form. Another pop up form appears providing you the relevant details, like the ID, Name, and Secret.. Additionally, you can download either an openrc file or a clouds.yaml with this information pre-defined for you. For this demonstration, we are using clouds.yaml. When using clouds.yaml, download this file to the same folder in which you have initialized Terraform.

The contents of clouds.yaml appears similar to:

application_credential_id: "7442c72c56c34d8780e83ca69b4f2a73"
application_credential_secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
region_name: "iad3"
interface: "public"
identity_api_version: 3
auth_type: "v3applicationcredential"

Step 5: Create Main Terraform File

Everything is now in place to launch an instance. To do so, we must create a template, define the openstack provider, and define a compute resource.

Configure OpenStack Provider

Within your Terraform directory, create a file called Then, for the OpenStack provider, configure the cloud to point to, like so:

provider "openstack" {
cloud = "openstack"

The value for cloud can be variable. For our case the value should be set to openstack. This is determined by examining the clouds.yaml downloaded in the previous section. The line immediately following clouds: is the name of your cloud. For this example, the start of clouds.yaml appears as:


The line immediately following clouds: is openstack:, indicating the name of this cloud is openstack and thus the value for cloud is set as cloud = "openstack".

Configure Compute Resource

With the provider section configured, you can now define a compute resource. This compute resource is defined in the same file. You will need to collect a number of details from your cloud, such as an image UUID, a list of flavors, a key pair, and any other items needed when spawning an instance.

To define a compute resource, we use the following template:

resource "openstack_compute_instance_v2" "<resource-name>" {
name = ""
image_id = ""
flavor_id = ""
key_pair = ""
security_groups = []

network {
name = ""

With the OpenStack Terraform provider, openstack_compute_instance_v2 is a resource we can use to create an instance. For more details about this resource and its configuration options, see Terraform's Registry and search for openstack_compute_instance_v2.

A description of variables used for the resource block:

  • name: Defines the instance's name
  • image_id: UUID for an operating system image hosted in your cloud
  • flavor_id: The value for an instance flavor
  • key_pair: The value for a key pair hosted in your cloud
  • security_groups: The value in list format for security groups to set

Then within the resource block, we also configure a network with which the instance will be associated by creating a network block.

A description of the variable used for the network block:

  • name: This is the name of a network available to your project

As an example, here is the above template filled out using details from a Private Cloud:

resource "openstack_compute_instance_v2" "terraform-demo-instance" {
name = "demo-instance"
image_id = "c786deab-3fc6-4a92-9a1e-54bcab32e2c2"
flavor_id = "m1.small"
key_pair = "demo-key"
security_groups = ["default"]

network {
name = "Private"

The template name can be changed to suit your purposes but must include the .tf extension.

Step 6: Create Terraform Plan

Terraform needs to create a plan based on the current configuration. This plan provides the changes Terraform will make to your cloud prior to making them, giving an operator a chance for review.

The command to create a Terraform plan is:

terraform plan

By default terraform plan does not save the plan to disk. To have the plan written to disk, use:

terraform plan -out <path>

Replacing <path> with where you want to store the Terraform plan.

For this example, we will have Terraform create the plan and write the plan to disk using:

terraform plan -out ~/terraform/plan

This creates a Terraform plan in the location ~/terraform/plan.

Step 7: Deploy Terraform Plan

After reviewing the plan and ensuring the changes to be made meet your expectations, use Terraform to deploy the plan.

The command to deploy a Terraform plan is:

terraform apply [PLAN]

Where [PLAN] is an optional variable. For this example, since we saved the plan to disk, we will use that plan when applying Terraform.

For example:

terraform apply ~/terraform/plan

Results of a successful plan application:

$ terraform apply ~/terraform/plan
openstack_compute_instance_v2.terraform-demo-instance: Creating...
openstack_compute_instance_v2.terraform-demo-instance: Still creating... [10s elapsed]
openstack_compute_instance_v2.terraform-demo-instance: Still creating... [20s elapsed]
openstack_compute_instance_v2.terraform-demo-instance: Creation complete after 24s [id=3a126456-bea5-4bc6-8ef8-d3375d35f7c8]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

This concludes using Terraform to spin up an instance in your Private Cloud.

View Instance Created by Terraform

To view your created instance, navigate in Horizon to Project -> Compute -> Instances, where you can view the instance created by Terraform.


Figure 2: Newly Created Terraform Instance