DEV Community

Cover image for Automating FreeIPA with Terraform
Raphaël Pinson for Camptocamp Infrastructure Solutions

Posted on • Updated on • Originally published at

Automating FreeIPA with Terraform

Terraform is great for cloud provisioning and has now become a standard tool to deploy infrastructures as code, in a DevOps fashion.

Many plugins exist to cover specific needs, from major cloud providers (AWS, GCP, Azure, etc.) to specific app APIs (Grafana, GitHub, or even PostgreSQL). The community provides and maintains additional providers which can be installed and used in any Terraform project as plugins.
Camptocamp developed several providers over the last few years. Besides
the official Rancher provider which was co-developed by our team and contributed to the community, we maintain providers to integrate Terraform with the PuppetCA, the PuppetDB, as well as the gopass password vault.

More recently, we started having a need to automate FreeIPA resources using Terraform, so we started a new provider.


Installing additional Terraform providers is rather straightforward.
You can simply download the binary from the releases page and
drop it in your ~/.terraform.d/plugins directory.


Like all other Terraform providers, you first need to configure the provider. You can do that using either hardcoded parameters or environment variables. In this second case, we strongly encourage you to make use of summon as a wrapper to dynamically expose the environment variables at call time.

provider freeipa {
  host = "ipa.example.test" # or set $FREEIPA_HOST
  username = "admin" # or set $FREEIPA_USERNAME
  password = "P@S5sw0rd" # or set $FREEIPA_PASSWORD
  insecure = true
Enter fullscreen mode Exit fullscreen mode

Next, you can start writing resources to manage FreeIPA hosts and DNS records:

resource freeipa_host "foo" {
  fqdn = "foo.example.test"
  description = "This is my foo host"
  force = true
  random = true
  userpassword = "abcde"

resource freeipa_dns_record "bar" {
  idnsname = "bar"
  dnszoneidnsname = "myzone"
  dnsttl = 20
  records = [""]
Enter fullscreen mode Exit fullscreen mode

At the moment, this FreeIPA provider only features 2 resource types, to manage FreeIPA hosts and DNS records. Don't hesitate to contribute to it by providing more resource types!

This post was originally published on

Discussion (0)