How to manage CDN with Terraform



Terraform makes it possible to set up and manage infrastructure via creation of configuration files. Several months ago, we launched our own Terraform provider and issued an article about how to manage Gcore Cloud resources with it.

Now, Terraform can be used to control not only the cloud but also CDN. In this article, we will tell you how.

Few words about Terraform

Terraform is an open-source Infrastructure-as-Code instrument, which allows you to describe the entire infrastructure with a set of configuration files, thereby establishing the rules for all the settings.

• You write code.
• Terraform calls the API and sets up the situation up as described.

The Terraform programming language is HashiCorp Configuration Language, but JSON can be used as well.

Advantages of CDN management via Terraform:

• You don’t have to create resources and adjust settings manually in your account.
• Terraform is based on the unchangeable infrastructure concept: by changing code, you create a new configuration, which means it is very easy to roll back any changes by simply selecting the previous version.
• To manage CDN, you only have to describe how things should work, and Terraform will then find the optimal ways and bring the network to the required state.

How to work with Terraform in Gcore CDN

With our Terraform provider, you will be able to manage:

• origin groups
• CDN resources
• rules
• user certificates

You can create settings for resources and rules. At the moment, Terraform supports:

• Caching (edge_cache_settings)—this option determines how long the content is to be stored in CDN server cache.
• Host Header (host_header)—sets up a header that CDN servers will use when requesting content from an origin. If this option is not set, Host Header value will be the same as the first CNAME.

You can also add a user certificate to a resource.

How to install and set up Terraform

To install Terraform, download the distribution package for your OS, unarchive the binary file, and make sure the binary is available on your Path. The HashiCorp website has detailed installation manuals for all operating systems.

After that, you’ll need to create a configuration file with the .tf extension. Such files are used to write code.

To make sure Terraform can work with Gcore services, you’ll need to specify the provider and the settings.

terraform {
required_version = ">= 0.13.0"
required_providers {
gcore = {
source = "Gcore/gcorelabs"
version = "~>0.1.17"
}
}
}

If you’re only going to use Terraform for work with CDN, the next portion of the code should look as follows:

provider gcore {
user_name = "test"
password = "test"
gcore_platform = "https://api.gcore.com/id"
gcore_cdn_api = "https://api.gcore.com/id"
}

And if you want to manage both CDN and clouds with it, the code should be like this:

provider gcore {
user_name = "test"
password = "test"
gcore_platform = "https://api.gcore.com/id"
gcore_api = "https://api.gcore.com/cloud"
gcore_cdn_api = "https://api.gcore.com/id"
}

Next, you’ll need to run the terraform init command. This command initializes the provider and downloads the set of modules required to work with our resources.

After that, you’ll be able to create resources and run different commands.

How to use Terraform

After setting up the provider, you’ll be able to set up resource configurations and rules.

Origin groups

For example, this is how origin groups are created:

resource "gcore_cdn_origingroup" "origin_group_1" {
name = "origin_group_1"
use_next = true
origin {
source = "example.com"
enabled = false
}
origin {
source = "mirror.example.com"
enabled = true
backup = false
}
}

CDN resources

And this is the code to create a CDN resource:

resource "gcore_cdn_resource" "cdn_example_com" {
cname = "cdn.example.com"
origin_group = gcore_cdn_origingroup.origin_group_1.id
origin_protocol = "MATCH"
secondary_hostnames = ["cdn2.example.com"]
}

In the origin_protocol box, you specify what protocol CDN servers will use when requesting content from an origin. Besides MATCH, it can also be HTTPS or HTTP.

You can add to the resource one of the available options: caching (edge_cache_settings) or Host Header (host_header). For instance, here’s how resource description will look with Host Header option on:

resource "gcore_cdn_resource" "cdn_example_com" {
cname = "cdn.example.com"
origin_group = gcore_cdn_origingroup.origin_group_1.id
origin_protocol = "MATCH"
secondary_hostnames = ["cdn2.example.com"]
options {
host_header {
enabled = true
value = "mirror.example.com"
}
}
}

User certificates

SSL certificates are created as follows:

variable "cert" {
type = string
sensitive = true
}
variable "private_key" {
type = string
sensitive = true
}
resource "gcore_cdn_sslcert" "cdnopt_cert" {
name = "Test cert for cdnopt_bookatest_by"
cert = var.cert
private_key = var.private_key
}


In the name box, you’ll need to write the SSL certificate name that must be unique. In the cert box, specify the public part of the SSL certificate, and in the private_key box, its private key.

To add a certificate to a resource, you’ll need the following code:

resource "gcore_cdn_resource" "cdn_example_com" {
cname = "cdn.example.com"
origin_group = gcore_cdn_origingroup.origin_group_1.id
origin_protocol = "MATCH"
secondary_hostnames = ["cdn2.example.com"]
ssl_enabled = true
ssl_data = gcore_cdn_sslcert.cdnopt_cert.id
}

Rules

Rules are set up after all resources and origin groups have been created.

Code example:

resource "gcore_cdn_rule" "cdn_example_com_rule_1" {
resource_id = gcore_cdn_resource.cdn_example_com.id
name = "All images"
rule = "/folder/images/*.png"
rule_type = 0
}

In the name box, you can write the rule name, and in the rule box, a pattern that determines when the rule will work.

Just like for resources, you can also set up caching or Host Header options for rules.

Commands

After you’ve described all the infrastructure, you’ll need two commands:

• terraform plan—shows what changes Terraform is going to introduce. Points out code errors if you made any.
• terraform apply—changes the infrastructure. Use this command after testing and correcting the errors. After that, Terraform will ask you to confirm the action: enter “yes”.

You can read more about useful commands and tools in our previous article about Terraform. These commands and tools can be used both for cloud and CDN management.

Find out more details about working with our Terraform provider in our documents.

Not signed up for Gcore CDN yet? Use our powerful and reliable network to deliver heavy content to any point of the globe, quickly and safely.

Sign up for CDN for free or consult our experts to select the best solution for your goals.

More about Gcore CDN

Get a free consultation