Preparing to work with Google GCP

Ansible and Google have been working together on a set of auto-generated Ansible modules designed to consistently and comprehensively cover the entirety of the Google Cloud Platform. Ansible contains modules for managing Google Cloud Platform resources, including creating instances, controlling network access, working with persistent disks, managing load balancers, and a lot more.

These new modules can be found under a new consistent name scheme “gcp_*”. Additionally, the gcp_compute inventory plugin can discover all GCE instances and make them automatically available in your Ansible inventory.

You may see a collection of other GCP modules that do not conform to this naming convention. These are the original modules primarily developed by the Ansible community. You will find some overlapping functionality such as with the “gce” module and the new “gcp_compute_instance” module. Either can be used, but you may experience issues trying to use them together. While the community GCP modules are not going away, Google is investing effort into the new “gcp_*” modules. Google is committed to ensuring the Ansible community has a great experience with GCP and therefore recommends that begin adopting these new modules if possible.

Setup gcloud

The Google Cloud Platform (GCP) modules require both the requests and the google-auth libraries to be installed. Depending on the python version you're going to use either do

pip install requests google-auth --user

or

pip3 install requests google-auth --user

Create environment variable for correct distribution

export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"

Add the Cloud SDK distribution URI as a package source

echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

Import the Google Cloud Platform public key

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

Update the package list and install the Cloud SDK

sudo apt-get update && sudo apt-get install google-cloud-sdk

Create a Project

Now, we're connecting to your Google Cloud account and create a project.

gcloud init

You will be asked to pick the project you're willing to use or simply create a new one

Pick cloud project to use:
 [1] erudite-variety-696969
 [2] Create a new project
Please enter numeric choice or text value (must exactly match list
item):  2

Finally configure the default GCE region name

Run

gcloud --help
gcloud compute images list

to see the Cloud Platform services you can interact with and confirm the correct installation of gcloud.

Credentials

Next, we will create a service account with owner permissions for the project.

gcloud iam service-accounts create ansible --display-name "Ansible Account"
gcloud iam service-accounts keys create ansible.json --iam-account=ansible@<project id>.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding <project id> --member='serviceAccount:ansible@<project id>.iam.gserviceaccount.com' --role='roles/owner'

Enable Billing and Compute API

Now, we need to enable billing and afterwards the compute API within our project. For that, we first need to look up available billing accounts.

gcloud alpha billing accounts list

ACCOUNT_ID            NAME                 OPEN  MASTER_ACCOUNT_ID
019XXX-6XXXX9-4XXXX1  My Billing Account   True

We now link that billing account to our project.

gcloud alpha billing projects link <project id> --billing-account 019XXX-6XXXX9-4XXXX1

billingAccountName: billingAccounts/019XXX-6XXXX9-4XXXX1
billingEnabled: true
name: projects/<project id>/billingInfo
projectId: <project id>

And finally enable the API.

gcloud services enable compute.googleapis.com

Operation "operations/acf.6dd93cb1-644b-44a1-b85c-6388f4dd288e" finished successfully.

Now Ansible should be able to do it’s magic on Linux hosts running within GCP

Dynamic Inventory

The best way to interact with your hosts is to use the gcp_compute inventory plugin, which dynamically queries GCE and tells Ansible what nodes can be managed. Within MoadDSD-NG we already have such an inventory file named gcp_inventory.gcp.yml. You need to adapt the values in <> to your specific environment.

plugin: gcp_compute
zones:
  - <zone>
projects:
  - <project id>
keyed_groups:
  - prefix: tag
    separator: '_'
    key: tags['items']
hostnames:
  - public_ip
  - private_ip
  - name
groups:
filters:
scopes:
  - https://www.googleapis.com/auth/compute
auth_kind: serviceaccount
service_account_file: <FULL PATH TO YOUR SERVICE ACCOUNT JSON>

Executing

ansible-inventory --list -i gcp_inventory.gcp.yml

will create a list of GCP instances that are ready to be configured using Ansible.

Next Step

• Google GCP