-
Notifications
You must be signed in to change notification settings - Fork 4
Preparing to work with Google GCP
Ansible and Google have been working together on a set of auto-generated Ansible modules designed to consistently and comprehensively cover the entirety of the Google Cloud Platform. Ansible contains modules for managing Google Cloud Platform resources, including creating instances, controlling network access, working with persistent disks, managing load balancers, and a lot more.
These new modules can be found under a new consistent name scheme “gcp_*”. Additionally, the gcp_compute inventory plugin can discover all GCE instances and make them automatically available in your Ansible inventory.
You may see a collection of other GCP modules that do not conform to this naming convention. These are the original modules primarily developed by the Ansible community. You will find some overlapping functionality such as with the “gce” module and the new “gcp_compute_instance” module. Either can be used, but you may experience issues trying to use them together. While the community GCP modules are not going away, Google is investing effort into the new “gcp_*” modules. Google is committed to ensuring the Ansible community has a great experience with GCP and therefore recommends that begin adopting these new modules if possible.
The Google Cloud Platform (GCP) modules require both the requests and the google-auth libraries to be installed. Depending on the python version you're going to use either do
pip install requests google-auth --user
or
pip3 install requests google-auth --user
Create environment variable for correct distribution
export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"
Add the Cloud SDK distribution URI as a package source
echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
Import the Google Cloud Platform public key
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
Update the package list and install the Cloud SDK
sudo apt-get update && sudo apt-get install google-cloud-sdk
Now, we're connecting to your Google Cloud account and create a project.
gcloud init
You will be asked to pick the project you're willing to use or simply create a new one
Pick cloud project to use:
[1] erudite-variety-696969
[2] Create a new project
Please enter numeric choice or text value (must exactly match list
item): 2
Finally configure the default GCE region name
Run
gcloud --help
gcloud compute images list
to see the Cloud Platform services you can interact with and confirm the correct installation of gcloud.
Next, we will create a service account with owner permissions for the project.
gcloud iam service-accounts create ansible --display-name "Ansible Account"
gcloud iam service-accounts keys create ansible.json --iam-account=ansible@<project id>.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding <project id> --member='serviceAccount:ansible@<project id>.iam.gserviceaccount.com' --role='roles/owner'
Now, we need to enable billing and afterwards the compute API within our project. For that, we first need to look up available billing accounts.
gcloud alpha billing accounts list
ACCOUNT_ID NAME OPEN MASTER_ACCOUNT_ID
019XXX-6XXXX9-4XXXX1 My Billing Account True
We now link that billing account to our project.
gcloud alpha billing projects link <project id> --billing-account 019XXX-6XXXX9-4XXXX1
billingAccountName: billingAccounts/019XXX-6XXXX9-4XXXX1
billingEnabled: true
name: projects/<project id>/billingInfo
projectId: <project id>
And finally enable the API.
gcloud services enable compute.googleapis.com
Operation "operations/acf.6dd93cb1-644b-44a1-b85c-6388f4dd288e" finished successfully.
Now Ansible should be able to do it’s magic on Linux hosts running within GCP
The best way to interact with your hosts is to use the gcp_compute inventory plugin, which dynamically queries GCE and tells Ansible what nodes can be managed. Within MoadDSD-NG we already have such an inventory file named gcp_inventory.gcp.yml. You need to adapt the values in <> to your specific environment.
plugin: gcp_compute
zones:
- <zone>
projects:
- <project id>
keyed_groups:
- prefix: tag
separator: '_'
key: tags['items']
hostnames:
- public_ip
- private_ip
- name
groups:
filters:
scopes:
- https://www.googleapis.com/auth/compute
auth_kind: serviceaccount
service_account_file: <FULL PATH TO YOUR SERVICE ACCOUNT JSON>
Executing
ansible-inventory --list -i gcp_inventory.gcp.yml
will create a list of GCP instances that are ready to be configured using Ansible.
Wiki
About MOADSD-NG
Getting Started
MOADSD-NG Containerized
MOADSD-NG Manual Setup
- Configure your Server
- Preparing to work with Google GCP
- Preparing to work with Amazon AWS
- Preparing to work with VMware ESXi
Adapt MOADSD-NG to Your Needs
The MOADSD-NG Life-Cycle
- Setup the Environment
- Deploy the Software Stack
- Deploy the Endpoints
- Pause the Environment
- Resume the Environment
- Terminate the Environment
- Update the Environment
Software Components
- [Deep Security]
- [Deep Security Smart Check]
- Container Orchestration
- Container Registry
- Cluster Storage
- Jenkins
- GitLab
- Linkerd
- [Prometheus]
- [Grafana]
Tipps
Final Words
Deprecated Chapters