Skip to content

Terraform

You can use our Terraform or OpenTofu provider to automate the configuration of your application on Nexaa.

Both Terraform an OpenTofu have all features we provide on our platform. We made the source code of the provider open source for maximum transparenty. But also to allow you to help us improve the provider. If you found a bug simply report it in our github repo.

Getting started

To start using Terraform/OpenTofu you need to install their binaries on your deployment system. You can consult their docs to read how to do this for your system.

Note

You can select one of the tools, depending on your needs. Terraform is a commercial product provided by Hashicorp. OpenTofu is an opensource alternative compatible with Terraform. The right tool matches with your experience and license needs.

Once you have your tool installed you can start to create your first resources.

Create a file named main.tf in your project directory with the following content.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
terraform {
  required_providers {
    nexaa = {
      source = "nexaa-cloud/nexaa"
      version = "~> 0.1"
    }
  }
}

provider "nexaa" {
  username = var.nexaa_username
  password = var.nexaa_password
}

In this example we use variables to make sure we never commit our secrets, so we need to create a variables.tf file as well. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
variable "nexaa_username" {
  description = "Username for Nexaa authentication"
  type        = string
  sensitive   = true
}

variable "nexaa_password" {
  description = "Password for Nexaa authentication"
  type        = string
  sensitive   = true
}

Once this is done you can initialize the project and create your first resource. Initializing will download the nexaa provider to your system.

1
tofu init

1
terraform init

Store state

Terraform and OpenTofu use a state file to keep track of the resources it manages. By default, this file is stored locally, but for production use we recommend using a remote backend to store the state file. This allows you to share the state file between team members and also provides better security for your state file.

In Nexaa you can use the s3Proxy to store your state in a bucket. You can use the curl command below to create a container with the s3Proxy image. Or use the portal to create a container. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
curl --request POST \
    --url https://graphql.tilaa.com/graphql/platform \
    --header 'authorization: Bearer <token>' \
    --header 'content-type: application/json' \
    --data '{
      "query": "mutation ($containerInput: ContainerCreateInput!) { containerCreate(containerInput: $containerInput) { name }}",
      "variables": {
        "containerInput": {
             "namespace":"terraform",
             "name":"object-storage",
             "image":"andrewgaul/s3proxy",
             "resources":"CPU_250_RAM_500",
             "ports":["80"],
             "mounts":[{"path":"/data","state":"PRESENT","volume":{"autoCreate":true,"size":1,"name":"storage","path":"/data","usage":0}}],
             "ingresses":[{"domainName":"my-object-storage.tilaa.cloud","enableTLS":true,"port":80,"state":"PRESENT","whitelist":[]}]}
             "environmentVariables":[
                 {"name":"S3PROXY_IDENTITY","value":"local-identity","secret":false,"isNew":true},
                 {"name":"S3PROXY_CREDENTIAL","value":"local-credential","secret":false,"isNew":true}
             ]
           }
      }
    }'

In your main.tf file you can then add the following backend configuration to use the s3Proxy as a remote backend for your state file. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
terraform {
  required_version = ">= 1.0"
  required_providers {
    nexaa = {
      source  = "nexaa-cloud/nexaa"
      version = "~> 0.1"
    }
  }

  backend "s3" {
    bucket = "terraform-bucket"
    key    = "your-project/terraform.tfstate"
    region = "eu-west-1"

    endpoints = {
      s3 = "https://my-object-storage.tilaa.cloud"
    }

    skip_credentials_validation = true
    skip_metadata_api_check     = true
    skip_region_validation      = true
    skip_requesting_account_id  = true
    use_path_style              = true
    skip_s3_checksum = true
  }
}

Now the setup is ready to use. The state file will be stored in the object-storage container. 

1
2
3
4
export AWS_ACCESS_KEY_ID="local-identity"
export AWS_SECRET_ACCESS_KEY="local-credential"
tofu init -reconfigure
tofu plan

1
2
3
4
export AWS_ACCESS_KEY_ID="local-identity"
export AWS_SECRET_ACCESS_KEY="local-credential"
terraform init -reconfigure
terraform plan