Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

Preparing to work with Google GCP

Jump to bottom
mawinkler edited this page Feb 13, 2020 · 14 revisions

Ansible and Google have been working together on a set of auto-generated Ansible modules designed to consistently and comprehensively cover the entirety of the Google Cloud Platform. Ansible contains modules for managing Google Cloud Platform resources, including creating instances, controlling network access, working with persistent disks, managing load balancers, and a lot more.

These new modules can be found under a new consistent name scheme gcp_*. Additionally, the gcp_compute inventory plugin can discover all GCE instances and make them automatically available in your Ansible inventory.

You may see a collection of other GCP modules that do not conform to this naming convention. These are the original modules primarily developed by the Ansible community. You will find some overlapping functionality such as with the gce module and the new gcp_compute_instance module. Either can be used, but you may experience issues trying to use them together. While the community GCP modules are not going away, Google is investing effort into the new gcp_* modules. Google is committed to ensuring the Ansible community has a great experience with GCP and therefore recommends that begin adopting these new modules if possible.

Setup gcloud

The Google Cloud Platform (GCP) modules require both the requests and the google-auth libraries to be installed. Do

$ pip3 install requests google-auth --user

Create environment variable for correct distribution

$ export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"

Add the Cloud SDK distribution URI as a package source

$ echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | \
    sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

Import the Google Cloud Platform public key

$ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
    sudo apt-key add -

Update the package list and install the Cloud SDK

$ sudo apt-get update && \
    sudo apt-get install -y google-cloud-sdk

Create a Project

Now, we're connecting to your Google Cloud account and create a project.

Note: In most cases you should be logged in to your Ansible server by ssh and therefore don't have a Xsession running. If you're running your shell locally on a linux server in a Xsession, please append --console-only to the next command.

$ gcloud init

You will be asked to pick the project you're willing to use or simply create a new one

Pick cloud project to use:
 [1] erudite-variety-696969
 [2] Create a new project
Please enter numeric choice or text value (must exactly match list
item):  2

Finally configure the default GCE region name

Run

$ gcloud --help
$ gcloud compute images list

to see the Cloud Platform services you can interact with and confirm the correct installation of gcloud.

Credentials

Next, we will create a service account with owner permissions for the project.

$ gcloud iam service-accounts create ansible \
    --display-name "Ansible Account"
$ gcloud iam service-accounts keys create ~/ansible.json \
    --iam-account=ansible@<project id>.iam.gserviceaccount.com
$ gcloud projects add-iam-policy-binding <project id> \
    --member='serviceAccount:ansible@<project id>.iam.gserviceaccount.com' \
    --role='roles/owner'

Enable Billing and Compute API

Now, we need to enable billing and afterwards the compute API within our project. For that, we first need to look up available billing accounts.

$ gcloud alpha billing accounts list
ACCOUNT_ID            NAME                 OPEN  MASTER_ACCOUNT_ID
019XXX-6XXXX9-4XXXX1  My Billing Account   True

We now link that billing account to our project.

$ gcloud alpha billing projects link <project id> \
    --billing-account 019XXX-6XXXX9-4XXXX1
billingAccountName: billingAccounts/019XXX-6XXXX9-4XXXX1
billingEnabled: true
name: projects/<project id>/billingInfo
projectId: <project id>

And finally enable the API.

$ gcloud services enable compute.googleapis.com
Operation "operations/acf.6dd93cb1-644b-44a1-b85c-6388f4dd288e" finished successfully.

Now Ansible should be able to do it’s magic on Linux hosts running within GCP

Next Step

Wiki

About MOADSD-NG

Getting Started

MOADSD-NG Containerized

MOADSD-NG Manual Setup

Adapt MOADSD-NG to Your Needs

The MOADSD-NG Life-Cycle

Software Components

Tipps

Final Words

Deprecated Chapters

Clone this wiki locally