.
├── README.md
├── ansible
├── ansible-provisioner-remote
├── terraform-dynamic
└── terraform-inline- Create SSH key and add public part to Digital Ocean SSH keys
ssh-keygen -t rsa -f ~/.ssh/someuser -C someuser -P ""- Create API token and Space API secrets for backend
- Create SSH key and add public part to GCP VM metadata
ssh-keygen -t rsa -f ~/.ssh/tfuser -C tfuser -P ""-
Configure gcloud settings at ~/.config/gcloud/configurations/config_default
-
Test manual VM creation
gcloud compute instances create \
--boot-disk-size=10GB \
--image-family=centos-7 \
--image-project=centos-cloud \
--machine-type=g1-small \
--tags webserver \
--restart-on-failure \
--zone=europe-west1-b webserver
gcloud compute instances list
ssh tfuser@$(gcloud compute instances list | awk '{print $5}' | tail -1) -i ~/.ssh/tfuser
gcloud compute instances delete --zone=europe-west1-b webserver- Create service account with needed permissions and save key file in safe place, export it before terraform run:
export GOOGLE_CLOUD_KEYFILE_JSON={{path_to_key.json}}- terraform >= 0.12
- Terraform Cloud account with access token (https://app.terraform.io)
- terraform-inventory plugin >=0.9
- terraform-provisioner-ansible >=2.3.0
https://www.terraform.io/docs/providers/google/getting_started.html https://www.terraform.io/docs/providers/do/index.html
-
Ansible >= 2.7.10
-
geerlingguy.nginx role is used with a little template customization
-
simple webserver role is used for testing static http site:
- static html could be downloaded from GoogleDrive tables format or your direct link (google_drive variable set true or false)
- docs_direct_url variable is getting from vault and .vault_pass file should be located at the ansible folder
- GCP provider
- Terraform Cloud remote backend
- 1 webserver instance is being provisioned
- Ansible executed as Terraform local-provisioner after terraform apply
Initialize providers:
cd terraform-inline
terraform initWorking in direct mode:
terraform plan
terraform apply -auto-approve
<HTTP at displayed webserver_nat_ip>
terraform destroy -forceWorking with plan files:
terraform plan -out=apply.tfplan
terraform apply apply.tfplan
<HTTP at displayed webserver_nat_ip>
terraform plan -destroy -out=destroy.tfplan
terraform apply destroy.tfplan
rm -f *.tfplanInventory script was changed for Terraform v0.12 However it is not working with GCP currently
- GCP provider
- Terraform Cloud remote backend
- 3 webservers with 1 LoadBalancer
- Ansible executed separately with custom dynamic inventory pulling from Terraform tfstate
- Terraform dynamic inventory is being used from - https://github.com/nbering/terraform-inventory
cd terraform-dynamic
terraform init
terraform plan
terraform apply -auto-approve
cd ../ansible
ansible-playbook provision_dynamic.yml --vault-password-file .vault_pass
<HTTP at displayed loadbalancer_nat_ip>
terraform destroy -forceScript cannot fetch correct inventory from tfstate, fetch hosts/groups as vars
- GCP provider
- GCP service account key file
- Terraform Cloud remote backend
- 3 webservers with 1 LoadBalancer
- Ansible executed separately with Terraform-inventory
cd terraform-dynamic
export GOOGLE_CLOUD_KEYFILE_JSON={{path_to_key.json}}
terraform init
terraform plan
terraform apply -auto-approve
ansible-playbook --inventory-file=$(which terraform-inventory) ../ansible/provision_tf_inventory.yml --vault-password-file ../ansible/.vault_pass
<HTTP at LoadBalancer IP>
terraform destroy -forceNeed to fix hosts interpolation for Local execution
- Digital Ocean provider
- AWS S3 remote backend
- 1 webserver instance is being provisioned (Remote execution)
- 3 webserver instances and 1 LB is being provisioned (Local execution)
- Ansible executed as 3rd party provisioner
curl -sL \
https://raw.githubusercontent.com/radekg/terraform-provisioner-ansible/master/bin/deploy-release.sh \
--output deploy-release.sh
chmod +x deploy-release.sh
./deploy-release.sh -v 2.3.0
rm deploy-release.shcd ansible-provisioner-remote
terraform init
terraform plan
terraform apply -auto-approve
<HTTP at Droplet Public IP>
terraform destroy -forcecd ansible-provisioner-local
terraform init
terraform plan
terraform apply -auto-approve
<HTTP at Load Balancer IP>
terraform destroy -force
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent