Code Monkey home page Code Monkey logo

ansible-role-gce's Introduction

Google Compute Engine (GCE)

An Ansible role ables to manage GCE resources and simplify the integration process in other Ansible projects that require Google Cloud support.

Requirements

  • python3
  • ansible >= 2.9
  • requests >= 2.18.4
  • google-auth >= 1.3.0

Role Variables

You can manage (create / update / remove) GCE resources through role variables instead of writing tasks.

Defaults variables are include in defaults/main.yml, you can create your custom version in the Ansible project that includes this role.

Display GCP debug info

gcp_debug: yes

GCP Project configuration is included as environment variables:

  • GCP_PROJECT_ID The ID of your Google Project
  • GCP_SERVICE_ACCOUNT_FILE Path of your service account files

Before running the Playbook you should set environment variables

export GCP_PROJECT_ID=my-project-id
export GCP_SERVICE_ACCOUNT_FILE=/path/to/my/service-account.json

Alternatively, you could override this behavior and define a custom project id and service account file using Ansible variables

gcp_project_id: "my-project-if"
gcp_service_account_file: "{{ lookup('env','GCP_SERVICE_ACCOUNT_FILE') }}"

To create a new service account please refer to official Google documentation:
https://cloud.google.com/iam/docs/creating-managing-service-accounts

Instance Configuration The definition below configure a new GCP instance with all required properties.
You must specify an available service account to assign to the instance, usually there is a default service account for GCP instances.
Please check IAM accounts in Google Cloud Console, default service account has a pattern like [email protected].

You have also to define Google API permissions for the new instance, a partial list of available access scopes is included at the of this section.

Create a new GCE instance

Required resource properties to create a new instance:

Machine Configuration

gce_instance:
  name: my-ansible-instance
  zone: europe-west1-b
  state: present
  type: n1-standard-1
  delete_protection: no
  service_account: [email protected]
  api_auth:
    - "{{ gcp_api_scopes.STORAGE_READ_WRITE }}"
  labels:
    team: devops
    application: ansible
    env: production

Disks Configuration

gce_disk:
  name: "my-ansible-disk"
  zone: "europe-west1-b"
  device:
    d0:
      size: 50
      type: pd-standard
      image: projects/debian-cloud/global/images/debian-10-buster-v20200910
      state: present
      labels:
        team: devops
        application: awx
        env: production
    d1:
       size: 50
       type: pd-standard
       state: present
       labels:
         team: devops
         application: awx
         env: production

VPC Network

gce_network:
  n0:
    name: default
    create_subnet: no
    state: present

External IP Address

gce_ip:
  name: "{{ gce_resource_name }}"
  state: present
  region: "{{ gce_resource_region }}"

Google API Scopes

gcp_api_scopes:
  COMPUTE: https://www.googleapis.com/auth/compute
  MONITORING: https://www.googleapis.com/auth/monitoring
  LOGGING_WRITE: https://www.googleapis.com/auth/logging.write
  MONITORING_WRITE: https://www.googleapis.com/auth/monitoring.write
  SERVICECONTROL: https://www.googleapis.com/auth/servicecontrol
  SERVICE_MANAGEMENT_READONLY: https://www.googleapis.com/auth/service.management.readonly
  TRACE_APPEND: https://www.googleapis.com/auth/trace.append
  STORAGE_READ_WRITE: https://www.googleapis.com/auth/devstorage.read_write

Include in an Ansible project

Create a new Playbook and include the role and your custom configuration file (all required variables are in defaults/main.yml file):

Folders and files structure:

ansible-project
├── create.yml
├── terminate.yml
├── roles
│   └── gce
│       ├── defaults
│       │   └── main.yml
│       ├── handlers
│       ├── meta
│       ├── README.md
│       ├── tasks
│       ├── tests
│       └── vars
└── vars
    └── gce-config.yml

Create a new running instance

In the example below an example how to create a new instance (create.yml) as defined in vars/gce-config.yml file.

- name: Create a new GCE instance
  hosts: localhost
  gather_facts: no
  vars_files:
    - vars/gce-config.yml

  roles:
    - role: ansible-role-gce

Terminate (stop) the GCP instance

Define gce_instance dictionary and leave undefined other ones, execute the role and instance my-ansible-instance will be stopped

gce_instance:
  name: my-ansible-instance
  state: stopped
  zone: us-central1-a
gce_disk:
gce_network:
gce_ip:

License

MIT

Author Information

Fabio Ferrari - Cloud Architect and DevOps Engineer
https://particles.io

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.