33
Create and Configure Google Cloud Instance using Terraform and Chef
- This article is part of Terraform Tutorial series.
- Please read the other article in the series to know more about what is terraform and scenarios to use it.
- In this How To blog, we will will see Google Cloud resource creation using Terraform and configuration setup using Chef.
- POC demonstrating the capability of executing the Google instance resource creation using Terraform and the installation and configuration using Chef cookbook
- We are utilizing the Google cloud
metadata script
feature to invoke the installation ofchef-client
and performing the cookbook automation - GCE instance will be having below configurations set when the instances creation is completed
- Install Apache Server
- Create directory and file in the path
\tmp
- Create user
bob
underchefusers
group
- Create a project in the Google Cloud Console and set up billing on that project.
-
Adding credential
- A. In order to make requests against the GCP API, you need to authenticate to prove that it's you making the request. The preferred method of provisioning resources with Terraform is to use a GCP service account, a "robot account" that can be granted a limited set of IAM permissions.
- B. From the service account key page in the Cloud Console choose an existing account, or create a new one. Next, download the JSON key file. Name it something you can remember, and store it somewhere secure on your machine.
Refer Google Cloud documentation on creating Service account here
- Refer here for installing terraform
- Download and extract the terraform executable
- Add terraform executable path to ENV PATH variable
- In Linux flavours, Copy the terraform executable in /usr/bin path to execute it from any path.
- Main Terraform file
- The instance start up script
initscript_chef.sh
to install and configure apache server, has been mentioned and invoked usingmetadata_startup_script
terraform argument. Refer the code section below. - This is the file used to create GCP Instance with the below configuration,
- centos-7 on GCE
- Instance type "n1-standard-1 (1 vCPU and ~4GB RAM)"
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.0"
}
}
}
provider "google" {
credentials = var.creds_file
project = var.gcp_project_id
region = var.region
zone = var.zone
}
resource "google_compute_address" "static" {
name = "ipv4-address"
}
resource "google_compute_instance" "default" {
name = var.vm_name
machine_type = var.vm_type
tags = ["vm", "tf", "http-server", "https-server"]
boot_disk {
initialize_params {
image = var.vm_image
type = var.vm_image_type
}
}
network_interface {
network = "default"
subnetwork = "default"
access_config {
nat_ip = google_compute_address.static.address
}
}
metadata = {
vm = "tf"
}
metadata_startup_script = file(var.metadata_script)
service_account {
# Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
email = var.source_account_email
scopes = ["cloud-platform"]
}
}
- Terraform main variables declaration
variable "gcp_project_id" {
default = "-225805"
}
variable "region" {
default = "us-central1"
}
variable "zone" {
default = "us-central1-c"
}
variable "vm_name" {
default = "gcp_tf_vm"
}
variable "vm_type" {
default = "n1-standard-1"
}
variable "vm_image" {
default = "centos-cloud/centos-7"
}
variable "vm_image_type" {
default = "pd-standard"
}
variable "service_account_email" {
default = "dummy_service_account_email"
}
variable "metadata_script" {
default = "initscript_chef.sh"
}
variable "creds_file" {
default = ".keys/account.json"
}
- Terraform tfvars file used to pass the custom values to varibales declared in variable file
gcp_project_id = "gcp_project_id"
service_account_email = "service_account_email"
region = "us-central1"
zone = "us-central1-c"
vm_name = "tf-gcp-vm"
vm_type = "n1-standard-1"
vm_image = "centos-cloud/centos-7"
vm_image_type = "pd-standard"
- The metadata script, used to install packages while the instance is getting created and available to use when the instance is ready
#!/bin/bash
mkdir -p /data/chef_cookbooks
rm -rf /data/chef_cookbooks/*
outfile='/var/log/userdata.out'
# Install Chef client v14
if [ ! -f /usr/bin/chef-client ] ; then
echo "Installing chef client" >> $outfile
curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -v 15.8.23 >> $outfile
fi
# Install git
if [ ! -f /usr/bin/git ] ; then
yum install git -y >> $outfile
fi
# Clone Chef cookbook repo
cd /data/chef_cookbooks
echo "Cookbook Repo cloning" >> $outfile
git clone https://github.com/chefgs/cookbooks.git >> $outfile
echo "Executing chef-client" >> $outfile
cd /data/chef_cookbooks
sudo chef-client -z -o apache --chef-license accept >> /var/log/chefrun.out
##
if [ -d /var/www/html/ ] ; then
echo "Apache server created successfully, hence create sample html site" >> $outfile
cat <<'EOF' >> /var/www/html/index.html
<html><body><p>Apache server in Google Cloud</p>
<p>Created using metadata startup script from a local script file.</p></body></html>
EOF
fi
- Create the .tfvars file and edit/save the variable section to add the below variables specific to your Google cloud project,
- gcp_project_id
- service_account_email
Please note, in case if the user wants to provide customized values for any other variables, they can do so in tfvars file.
- Go to .keys directory and copy the content of GCP project service account KEY JSON, created in Pre-requisite step 2-B. File should be named as
account.json
- Run the below commands from the path where .tf is located to spin up GCE instance,
terraform init
terraform plan -var-file=gcp-vm-vars.tfvars
terraform apply -var-file=gcp-vm-vars.tfvars -auto-approve
- This completes the creation of GCE instance in Google cloud using terraform.
- As part of learning we will also cleanup the server using the command,
terraform destroy var-file=gcp-vm-vars.tfvars -auto-approve
The code has been freely available in GitHub
Here's the documentation link for Google Cloud and Terraform
Terraform Google Provider Documentation
Google Compute Instance
33