How to Create Infrastructure as Code with Terraform in GCP: Your first step towards DevOps automation
Infrastructure as Code (IaC) has gotten a lot of attention recently. It uses code to manage the configuration and automation of your application’s infrastructure in order to free up resources and reduce risk, technical debt, and mistakes. IaC is becoming more and more important for successful DevOps practices. As a cross-platform infrastructure tool, HashiCorp’s Terraform enables you to automate your infrastructure using the same tooling over multiple platforms. Ansible can be used to build and manage remote application configurations and VM installations on top of your Terraform infrastructure deployment.
As a self-proclaimed Terraform junkie, I’m really excited about its potential to push IaC and DevOps practices further. I’m writing this blog post to explain how to use Terraform to deploy an instance inside GCP, while using Ansible to provision HashiCorp’s Consul. I got the idea at the HashiCorp User Group (HUG) meetup in Montreal on January 16th that Cloudops, as a HashiCorp partner, hosted. After speaking to someone who was trying to build a proof of concept inside GCP, I realised how much of a good fit it would be to use Terraform or Packer with some Ansible on GCP.
Terraform is idempotent, meaning you’re going to get the same result every time you run the script allowing you to build a fully immutable infrastructure to support configurations. These steps will show you how to have a fully automated process for spinning instances in GCP. This process involves launching an instance on GCP via Terraform that then triggers an Ansible playbook that installs version 1.0.6 of Consul in the instance for you. When you log back to your instance, the process is already there and you are presented with a blank canvas to configure however you want.
Workflow
Step 1 – Make sure you have a GCP project and project-wide SSH Key, which you will need to access your instance in GCP. The instructions for this can be found here, which should take you to a page that looks something like this.
Step 2 – Go to IAM & admin on the GCP console to start creating a Service Account in your GCP Project.
Step 3 – Create the service account. Make sure that the Compute Instance Admin (v1) and Service Account User roles are selected. The box labelled Furnish a new private key must be checked off, and be sure to select JSON as the Key type. Then click Create.
This will create your Service account and download a JSON file locally onto your machine. You need to keep this file.
Step 4 – Download and install Terraform and Ansible.
Step 5 – Clone my GitHub repository or download it as a Zip file.
Step 6 – Adapt the code from my repo according to your environment by changing the following values from the file gcp/consul/consul.tf:
Within provider “Google”, change the credentials to “${file(“/path_to/gcp_service_account.json“)}” and the project to “your_gcp_project“.
In resource “google_compute_instance” “ansible”, change the project to “your_gcp_project” and run the command “sleep 90; ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u your_ssh_key_username (from step 1) –private-key /path_to/my_private_key -i ‘${google_compute_instance.ansible.network_interface.0.access_config.0.assigned_nat_ip}’, master.yml”.
Step 7 – From the command line, enable the GCP provider by running terraform init gcp/consul
Step 8 – Run the script!!
terraform plan gcp/consul and terraform apply gcp/consul
Be patient, this can take up to two minutes. Once everything is spun up, go back to Compute Engine/VM Instances where you will find your Consul instance. From there, you can click the ‘Connect SSH’ button to log into your instance.
This is what you’ll see when you’re inside your instance. It shows that the process is working and Consul is running in the background.
Congratulations!!! You have deployed Consul using Terraform and Ansible on GCP.
Remember to clean the deployment up by running terraform destroy gcp/consul before you run Terraform again. I’ve seen enough people anger the demo-gods by forgetting to do so.
The script you have here is one simple example of deploying Consul into GCP. You could also use this process to automate the deployment of any other tool, like Apache Web Server or, if you want to stay within the CI/CD pipeline, Jenkins. Terraform truly is an awesome tool for automating your infrastructure. It’s cross-platform nature and easy integration with Ansible mean that automation is only going to get easier for integrating Infrastructure as Code into a DevOps business.
Take it to the next level – Try using HashiCorp’s Packer to bake Consul into a GCP images so that you don’t have to do it every time. You can then, via Terraform, create an instance based on that baked image without Ansible. As a final step towards a production deployment, from your baked image, you can create an instance template and a managed instance group to monitor your new Consul cluster and attach it to a GCP Load Balancer.
Now go forth and Automate All The Things!
CloudOps offers DevOps solutions and has a wide range of expertise. Check out our hands-on workshops on Infrastructure as Code, and contact us to learn more about our expertise and what we can do for your organization.
Check out these sites and repos to get you going:
http://docs.ansible.com/ansible/latest/guide_gce.html
https://github.com/sveronneau/gcp
https://www.terraform.io/docs/providers/google/
https://github.com/GoogleCloudPlatform?utf8=✓&q=terraform
Get more involved with the HashiCorp community. We hope to see you at the HUG meetups that are hosted in Montreal, Toronto, and Quebec City.
A Senior Cloud Architect at CloudOps, Stacy Véronneau also works closely with Google Cloud Platform (GCP) and OpenStack. He’s currently working with Google to help customers migrate to GCP, and fully leverage its power. Additionally, he is an official OpenStack Ambassador, and has spoken at OpenStack Summits and runs meetups throughout Canada.