CloudCIX Terraform Guide¶
This guide will walk you through the steps required to set up and use Terraform with CloudCIX.
Step 1: Choose Your Region¶
Note
For the “region_id”, please contact the region provider.
For this example, we’ll use the test_region region which has an ID of 123456.
Region Name |
Region ID |
|---|---|
test_region |
123456 |
Note
You can find available regions in your CloudCIX dashboard.
Step 2: Obtain Your API Keys¶
Go to https://saas.cloudcix.com.
Log in with your CloudCIX credentials.
Open Membership.
Go to My Membership → Member Details.
Locate your API Key.
Step 3: Install Terraform¶
Follow the instructions on the official Terraform website to install Terraform on your system:
Step 4: Clone and configure the CloudCIX Terraform Template¶
Clone the CloudCIX Terraform template repository from GitHub:
https://github.com/CloudCIX/Terraform-Template
git clone https://github.com/CloudCIX/Terraform-Template.git
cd Terraform-Template/cloudcix-terraform
1. Configure Credentials¶
Copy the example variables file and fill in your CloudCIX credentials:
cp terraform.tfvars.example terraform.tfvars
Edit terraform.tfvars with your credentials:
cloudcix_api_url = "https://api.cloudcix.com/"
cloudcix_username = "user@example.com"
cloudcix_password = "your-password"
cloudcix_api_key = "your-api-key"
Note
Credentials can also be supplied via environment variables
(CLOUDCIX_API_URL, CLOUDCIX_API_USERNAME, CLOUDCIX_API_PASSWORD,
CLOUDCIX_API_KEY, CLOUDCIX_REGION_ID) instead of terraform.tfvars.
2. Initialize Terraform¶
terraform init
This will download the CloudCIX provider (version ~> 0.15.0) from the Terraform Registry.
3. Configure Terraform Variables¶
Edit terraform.tfvars to customize your infrastructure:
cloudcix_api_url = "https://api.cloudcix.com/"
cloudcix_username = "user@example.com"
cloudcix_password = "your-password"
cloudcix_api_key = "your-api-key"
region_id = 1234 # Replace with your region ID from above steps
project_name = "my-project"
project_note = ""
# Network Configuration
cidr = "10.0.0.0/24"
network_name = "My Network"
nameservers = "1.1.1.1,8.8.8.8"
# Instance Configuration
instance_name = "my-instance"
instance_type = "virtual-machine" # "virtual-machine" or "container"
hypervisor_type = "lxd" # hypervisor/runtime: "lxd", etc.
# Cloud-init user data
# Generate a SHA-512 password hash with: openssl passwd -6 yourpassword
userdata = "#cloud-config\nusers:\n - name: administrator\n groups: sudo\n shell: /bin/bash\n lock_passwd: false\n passwd: $6$rounds=4096$...<YOUR_HASHED_PASSWORD>\n ssh_authorized_keys:\n - ssh-ed25519 <YOUR_SSH_KEY>\nchpasswd:\n expire: false\nssh_pwauth: true\n"
# Instance Specifications
instance_specs = {
cpu = {
sku = "vCPU_001"
quantity = 2
}
ram = {
sku = "RAM_001"
quantity = 4
}
storage = {
sku = "SSD_001"
quantity = 32
}
image = {
sku = "SURF001"
quantity = 1
}
}
# Firewall Rules
firewall_rules = [
"in tcp 22 22 203.0.113.0/24 10.0.0.0/24", # SSH from trusted range only
"in tcp 80 80 0.0.0.0/0 10.0.0.0/24",
"in tcp 443 443 0.0.0.0/0 10.0.0.0/24",
]
# Storage Volume
storage_volume_name = "my-volume"
storage_volume_type = "cephfs" # "cephfs" or "cephrbd"
storage_volume_specs = {
sku = "CEPH_001"
quantity = 5
}
storage_volume_mount_path = "/mnt/data" # only used when storage_volume_type is "cephfs"
This configuration creates the following CloudCIX resources:
1. Project (cloudcix_project)¶
Creates a CloudCIX project in the specified region. Accepts an optional project_note for a
human-readable description of the project.
2. Network Router (cloudcix_network_router)¶
Creates a virtual router with:
NAT enabled
Custom IPv4 network (CIDR)
Network isolation
3. Firewall (cloudcix_network_firewall)¶
Creates firewall rules to control inbound/outbound traffic to your project’s networks.
Each project can have up to two firewalls:
Project Firewall (
type = "project") — Fine-grained rules based on IP address, port, and protocolGeo Firewall (
type = "geo") — Country-based filtering using global IP Address Groups
Warning
When updating firewall rules, you must include all rules you want to keep. The update operation replaces the entire rule list — any rule not included will be permanently deleted.
The template uses a compact string syntax for rules:
"{direction} {protocol} {port_start} {port_end} {source_cidr} {destination_cidr}"
direction:
in(inbound) orout(outbound)protocol:
tcp,udp,icmp, oranyport_start / port_end: Port range (0–65535). Use the same value for a single port.
source_cidr: Source IP or CIDR (e.g.
0.0.0.0/0for anywhere)destination_cidr: Destination IP or CIDR (typically your private network CIDR)
Example rules:
firewall_rules = [
# Allow SSH from a trusted IP range only (recommended)
"in tcp 22 22 203.0.113.0/24 10.0.0.0/24",
# Allow HTTP and HTTPS from anywhere
"in tcp 80 80 0.0.0.0/0 10.0.0.0/24",
"in tcp 443 443 0.0.0.0/0 10.0.0.0/24",
# Allow a port range
"in tcp 8000 8100 0.0.0.0/0 10.0.0.0/24",
]
Note
Avoid opening SSH (port 22) to 0.0.0.0/0 in production.
Restrict it to a known trusted IP range wherever possible.
4. Compute Instance (cloudcix_compute_instance)¶
Creates a virtual machine with:
Custom CPU, RAM, and storage specifications
Network interface with NAT
Public and private IP addresses
Cloud-init userdata support
5. Storage Volume (cloudcix_storage_volume)¶
Creates a storage volume and attaches it to the compute instance. Two types are supported:
cephfs: Shared file system storage, mounted at the specified pathcephrbd: Block storage device
Deploy & Remove Infrastructure¶
To deploy the infrastructure defined in your Terraform configuration, run the following commands:
# Preview changes
terraform plan
# Apply configuration
terraform apply
# Auto-approve (skip confirmation)
terraform apply -auto-approve
To destroy the created resources, run:
terraform destroy
View Outputs¶
terraform output
Example output:
instance_id = "12345"
private_ip = "10.0.0.10"
private_subnet = "10.0.0.0/24"
project_id = "67890"
public_ip = "203.0.113.42"
storage_volume_id = "11111"