Terraform is an essential tool for managing infrastructure "as code".
This article will cover the following topics:
Initializing a Terraform project
Ogo provider statement
Added the main Ogo data sources that may be necessary for creating a site
Creating a website from a resource
ogo_shield_siteImporting an existing dashboard site into the Terraform configuration
Initializing a Terraform project
Create a folder containing the Terraform configuration for managing site configuration:
$ mkdir ogoCreate the Terraform configuration file main.tf with the following content:
# Provider
terraform {
required_providers {
ogo = {
source = "ogosecurity/ogo"
version = "~> 0.2"
}
}
}
# Provider configuration
provider "ogo" {
endpoint = "https://api.ogosecurity.com"
email = "your-mail@example.com"
apikey = "your-api-key"
organization = "your-organization-id"
}This configuration tells Terraform to use the Ogo provider and also allows you to declare the information needed to authenticate on the Ogo dashboard.
Therefore, the following information needs to be adapted in the Ogo provider configuration :
email: email address used to authenticate on the Ogo dashboardapikey: API key is available from the dashboard menuMy account>My profile>Authentication>API Keyorganization: Organization code is available from dashboard menuMy account> Myorganization>Parameters>Organization code
Initialize the project allowing Terraform to download the Ogo provider and prepare the environment:
$ terraform initUse of datasources
Now that the environment has been initialized, it may be useful to declare the datasources that contain certain information that will be needed to create a new site, including the UID of the cluster on which the new site will be declared.
To do this, create a file datasources.tf with the following content:
data "ogo_shield_clusters" "shield" {}
data "ogo_shield_tlsoptions" "tlsoptions" {}This file now allows Terraform to access information from the dashboard regarding clusters and TLS options.
Run the plan Terraform command that will validate that authentication with the dashboard is working:
$ terraform planNext, if no error is returned, apply the configuration using the apply Terraform command to retrieve information about the previously declared datasources:
$ terraform applyList the new datasources using the command:
$ terraform state listFor example, to display information about your clusters, use the following command, passing the name of the datasource data.ogo_shield_clusters.shield listed in the previous command as a parameter:
$ terraform state show data.ogo_shield_clusters.shieldIn the command output, it is then possible to retrieve, among other things, the value of cluster UID available in the attribute uid of the datasource, which will be necessary for the creation of a site in the following section.
Other datasources exist and can be consulted in the official Ogo provider documentation: https://registry.terraform.io/providers/OGOSecurity/ogo/latest/docs
Creating a website
The next step allows provisioning a new site on the cluster whose UID was retrieved through the ogo_shield_clusters datasource in the previous step.
Create the file sites.tf with the following content:
# Simple example with only required attributes
resource "ogo_shield_site" "foo_example_com" {
domain_name = "foo.example.com"
cluster_uid = "cluster-uid"
origin_server = "195.154.168.43"
}You need to adjust the following elements in your configuration:
Terraform resource name
ogo_shield_sitenamedfoo_example_comin the example abovedomain_name: DNS name of the site to provision on the Ogo clustercluster_uid: Ogo cluster UID retrieved in the previous steporigin_server: IP address or DNS domain name of the origin server that will be used by the Ogo Shield to connect to your site.
Check the actions that will be taken by Terraform following the declaration of our new configuration:
$ terraform planIf the action plan proposed by Terraform is what you expect, apply the new configuration which will allow provisioning the new site on the Shield cluster:
$ terraform applyThe new site must now be provisioned on the Shield cluster and visible from the Ogo Dashboard in the list of your sites accessible from the menu My sites.
In this example, we used a minimal configuration containing only the site attributes strictly necessary for its creation, but any site configuration can be modified. For this, refer to the documentation in the ogo_shield_site official Ogo provider resource: https://registry.terraform.io/providers/OGOSecurity/ogo/latest/docs/resources/shield_site
Importing a site into the Terraform configuration
This section details the procedure for importing a site previously created in the Ogo Dashboard into the Terraform configuration. The goal is to be able to manage its configuration directly from Terraform without needing to log in to the Ogo Dashboard.
In the following example, we will import the site bar.example.com, which already exists in the Ogo Dashboard configuration. To do this, it is necessary to first declare the empty prototype of the ogo_shield_site resource in the Terraform sites.tf configuration file, following the existing site declarations:
# Simple example with only required attributes
resource "ogo_shield_site" "foo_example_com" {
domain_name = "foo.example.com"
cluster_uid = "cluster-uid"
origin_server = "195.154.168.43"
}
resource "ogo_shield_site" "bar_example_com" {}Next, execute the following command to import the site into the Terraform state file:
$ terraform import "ogo_shield_site.bar_example_com" bar.example.comDisplay the site configuration that was imported by Terraform into its state file:
$ terraform state show ogo_shield_site.bar_example_comYou can now update the Terraform sites.tf configuration file by replacing the previously declared prototype ogo_shield_site.bar_example_com with the content of the resource returned by the previous command terraform state show and run the plan Terraform command to verify that the configuration is up to date:
$ terraform planSome attributes (such as cluster_entrypoint_4 , cluster_entrypoint_6, cluster_entrypoint_cdn and status) are read-only, the Terraform plan command will report them as errors if they are present in your configuration. You will simply need to remove them from the Terraform resource configuration.