Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

More docs

  • Loading branch information...
commit 3d98e4f41b7898c80ef055ed20cd866891f6d6fd 1 parent 357a0ae
@franckcuny authored
Showing with 93 additions and 2 deletions.
  1. +93 −2 docsite/rst/guide_gce.rst
View
95 docsite/rst/guide_gce.rst
@@ -17,11 +17,56 @@ The GCE modules require the libcloud module, which you can install from pip:
Credentials
```````````
-To work with the GCE modules, you'll first need some credentials. You can get them from the console by going to the "APIs and Auth" section.
+To work with the GCE modules, you'll first need some to get some credentials. You can create new one from the console by going to the "APIs and Auth" section. Create a new client ID and download the generated private key (in the pkcs2 format).
+
+Run the following command on the downloaded p12 file:
+
+.. code-block:: bash
+
+ $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out pkey.pem
+
+There's three different ways to provide credentials to Ansible when you want to talk to Google Cloud:
+
+* with a ``secrets.py`` file
+* with a ``gce.ini`` file, when using the inventory script.
+* inside the playbooks
+
+secrets.py
+``````````
+
+Create a file ``secrets.py`` looking like following, and put it in some folder which is in your ``$PYTHONPATH``:
+
+.. code-block:: python
+
+ GCE_PARAMS = ('i...@project.googleusercontent.com', 'secret')
+ GCE_KEYWORD_PARAMS = {'project': 'project-name'}
+
+
+gce.ini
+```````
+
+When using the inventory script ``gce.py``:
+
+playbook
+````````
+
+For the gce module you can specify the credentials as argument:
+
+* ``service_account_email``:
+* ``pem_file``:
+* ``project_id``:
+
+# TODO https://speakerdeck.com/erjohnso/ansible-with-google
+
+# TODO caveat with the cert.pem
+
+# TODO more notes : https://groups.google.com/forum/#!topic/ansible-project/tl0QSTWj9mQ
Provisioning
````````````
+.. note:: There's a caveat while using libcloud, you need to provide a valid certificate chain.
+
The gce module provides the ability to provision instances within Google Compute Engine. The provisioning task is typically performed from your Ansible control server against the GCE Api.
A playbook would looks like this:
@@ -42,7 +87,9 @@ A playbook would looks like this:
local_action: gce instance_names=dev machine_type={{ machine_type }} image={{ image }} service_account_email={{ service_account_email }} pem_file={{ pem_file }} project_id={{ project_id }}
register: gce
-It is now possible to add the host to a new inventory group. blablabla
+It is now possible to add the host to a new inventory group.
+
+# TODO: how to run this script and configuration
Host Inventory
``````````````
@@ -59,3 +106,47 @@ Let's test our inventory script to see if it can talk to Google Cloud.
.. code-block:: bash
$ GCE_INI_PATH=~/.gce.ini ansible all -i gce.py -m setup
+
+# TODO: test this setup
+
+The recommended way to use the inventory is to create an ``inventory`` directory, and place both the ``gce.py`` script and a file containing ``localhost`` in it.
+
+Executing ``ansible`` or ``ansible-playbook`` and specifying the ``inventory`` directory instead of an individual file will cause ansible to evaluate each file in that directory for inventory.
+
+Let's test our inventory script to see if it can talk to Google Cloud:
+
+.. code-block:: bash
+
+ $ ansible all -i inventory/ -m setup
+
+# TODO: test this setup
+
+Load Balancer
+`````````````
+
+Let's start by creating a firewall rule to allow HTTP traffic
+
+# TODO: https://asciinema.org/a/5996
+
+.. code-block:: yaml
+
+ - name: Create a firewall rule to allow HTTP
+ hosts: localhost
+ gather_facts: no
+ tasks:
+ - name: Allow HTTP
+ local_action: gce_net fwname=all-http name=default allowed=tcp:80
+
+ - name: Set-up the load balancer
+ hosts: localhost
+ gather_facts: no
+ tasks:
+ - name: Create LB
+ local_action: gce_lb httphealthcheck_name=hc httphealthcheck_path=/isup.html
+ name=lb region=us-central2
+ members="{{ gce.zone }}/www1, {{ gce.zone }}/www2"
+
+Persistent Disk
+```````````````
+
+# TODO do some tests
Please sign in to comment.
Something went wrong with that request. Please try again.