03.04.2023
Reading time: 2 min.
It is in general very good idea to manage infra configuration as a code. Unfortunately, Mirkotik terrafrom support is basic, as OSS driven.
Nevertheless, I appreciate author for effors.
Here is an example how to use it with Hashicorp Vault.
Commands
export VAULT_ADDR=http://vault_address:8200
export VAULT_TOKEN=<token>
terraform init
terraform plan
Example
main.tf
provider "vault" {}
data "vault_generic_secret" "main" {
path = "common/mikrotik/nexus-home"
}
provider "mikrotik" {
host = data.vault_generic_secret.main.data["address"] # Or set MIKROTIK_HOST environment variable
username = data.vault_generic_secret.main.data["username"] # Or set MIKROTIK_USER environment variable
password = data.vault_generic_secret.main.data["password"] # Or set MIKROTIK_PASSWORD environment variable
tls = false # Or set MIKROTIK_TLS environment variable
ca_certificate = "/path/to/ca/certificate.pem" # Or set MIKROTIK_CA_CERTIFICATE environment variable
insecure = true # Or set MIKROTIK_INSECURE environment variable
}
// /ip address
// :put [find where address="192.168.88.1/24"]
// *1
// terraform import mikrotik_ip_address.lan '*1'
resource "mikrotik_ip_address" "lan" {
address = "192.168.88.1/24"
comment = "LAN Network"
interface = "ether2"
}
// uncomment on release https://github.com/ddelnano/terraform-provider-mikrotik
# resource "mikrotik_firewall_filter_rule" "https" {
# action = "accept"
# chain = "forward"
# comment = "Web access to local HTTP server"
# connection_state = ["new"]
# dst_port = "443"
# in_interface = "ether1"
# in_interface_list = "local_lan"
# out_interface_list = "ether3"
# protocol = "tcp"
# }
terraform.tf
terraform {
required_providers {
mikrotik = {
source = "ddelnano/mikrotik"
version = "0.10.0"
}
}
}
