GSP-345 : Automating Infrastructure on Google Cloud with Terraform: Challenge Lab
Overview
Setup : Create the configuration files
Make the empty files and directories in Cloud Shell or the Cloud Shell Editor.
1touch main.tf
2touch variables.tf
3mkdir modules
4cd modules
5mkdir instances
6cd instances
7touch instances.tf
8touch outputs.tf
9touch variables.tf
10cd ..
11mkdir storage
12cd storage
13touch storage.tf
14touch outputs.tf
15touch variables.tf
16cd
Add the following to the each variables.tf file, and fill in the GCP Project ID:
1variable "region" {
2 default = "us-central1"
3}
4
5variable "zone" {
6 default = "us-central1-a"
7}
8
9variable "project_id" {
10 default = "<FILL IN PROJECT ID>"
11}
Add the following to the main.tf file :
1terraform {
2 required_providers {
3 google = {
4 source = "hashicorp/google"
5 version = "3.55.0"
6 }
7 }
8}
9
10provider "google" {
11 project = var.project_id
12 region = var.region
13
14 zone = var.zone
15}
16
17module "instances" {
18
19 source = "./modules/instances"
20
21}
Run terraform init in Cloud Shell in the root directory to initialize terraform.
Task - 1 : Import infrastructure
Navigate to Compute Engine > VM Instances. Click on tf-instance-1. Copy the Instance ID down somewhere to use later.
Navigate to Compute Engine > VM Instances. Click on tf-instance-2. Copy the Instance ID down somewhere to use later.
Next, navigate to modules/instances/instances.tf. Copy the following configuration into the file:
1resource "google_compute_instance" "tf-instance-1" {
2 name = "tf-instance-1"
3 machine_type = "n1-standard-1"
4 zone = var.zone
5
6 boot_disk {
7 initialize_params {
8 image = "debian-cloud/debian-10"
9 }
10 }
11
12 network_interface {
13 network = "default"
14 }
15}
16
17resource "google_compute_instance" "tf-instance-2" {
18 name = "tf-instance-2"
19 machine_type = "n1-standard-1"
20 zone = var.zone
21
22 boot_disk {
23 initialize_params {
24 image = "debian-cloud/debian-10"
25 }
26 }
27
28 network_interface {
29 network = "default"
30 }
31}
To import the first instance, use the following command, using the Instance ID for tf-instance-1 you copied down earlier.
1terraform import module.instances.google_compute_instance.tf-instance-1 <Instance ID - 1>
To import the second instance, use the following command, using the Instance ID for tf-instance-2 you copied down earlier.
1terraform import module.instances.google_compute_instance.tf-instance-2 <Instance ID - 2>
The two instances have now been imported into your terraform configuration. You can now optionally run the commands to update the state of Terraform. Type yes at the dialogue after you run the apply command to accept the state changes.
1terraform plan
2terraform apply
Task - 2 : Configure a remote backend
Add the following code to the modules/storage/storage.tf file:
1resource "google_storage_bucket" "storage-bucket" {
2 name = var.project_id
3 location = "US"
4 force_destroy = true
5 uniform_bucket_level_access = true
6}
Next, add the following to the main.tf file:
1module "storage" {
2 source = "./modules/storage"
3}
Run the following commands to initialize the module and create the storage bucket resource. Type yes at the dialogue after you run the apply command to accept the state changes.
1terraform init
2terraform apply
Next, update the main.tf file so that the terraform block looks like the following. Fill in your GCP Project ID for the bucket argument definition.
1terraform {
2 backend "gcs" {
3 bucket = "<FILL IN PROJECT ID>"
4 prefix = "terraform/state"
5 }
6 required_providers {
7 google = {
8 source = "hashicorp/google"
9 version = "3.55.0"
10 }
11 }
12}
Run the following to initialize the remote backend. Type yes at the prompt.
1terraform init
Task - 3 : Modify and update infrastructure
Navigate to modules/instances/instance.tf. Replace the entire contents of the file with the following:
1resource "google_compute_instance" "tf-instance-1" {
2 name = "tf-instance-1"
3 machine_type = "n1-standard-2"
4 zone = var.zone
5 allow_stopping_for_update = true
6
7 boot_disk {
8 initialize_params {
9 image = "debian-cloud/debian-10"
10 }
11 }
12
13 network_interface {
14 network = "default"
15 }
16}
17
18resource "google_compute_instance" "tf-instance-2" {
19 name = "tf-instance-2"
20 machine_type = "n1-standard-2"
21 zone = var.zone
22 allow_stopping_for_update = true
23
24 boot_disk {
25 initialize_params {
26 image = "debian-cloud/debian-10"
27 }
28 }
29
30 network_interface {
31 network = "default"
32 }
33}
34
35resource "google_compute_instance" "tf-instance-3" {
36 name = "tf-instance-3"
37 machine_type = "n1-standard-2"
38 zone = var.zone
39 allow_stopping_for_update = true
40
41 boot_disk {
42 initialize_params {
43 image = "debian-cloud/debian-10"
44 }
45 }
46
47 network_interface {
48 network = "default"
49 }
50}
Run the following commands to initialize the module and create/update the instance resources. Type yes at the dialogue after you run the apply command to accept the state changes.
1terraform init
2terraform apply
Task - 4 : Taint and destroy resources
Taint the tf-instance-3 resource by running the following command:
1terraform taint module.instances.google_compute_instance.tf-instance-3
Run the following commands to apply the changes:
1terraform init
2terraform apply
Remove the tf-instance-3 resource from the instances.tf file. Delete the following code chunk from the file.
1resource "google_compute_instance" "tf-instance-3" {
2 name = "tf-instance-3"
3 machine_type = "n1-standard-2"
4 zone = var.zone
5 allow_stopping_for_update = true
6
7 boot_disk {
8 initialize_params {
9 image = "debian-cloud/debian-10"
10 }
11 }
12
13 network_interface {
14 network = "default"
15 }
16}
Run the following commands to apply the changes. Type yes at the prompt.
1terraform apply
Task - 5 : Use a module from the Registry
Copy and paste the following into the main.tf file:
1module "vpc" {
2 source = "terraform-google-modules/network/google"
3 version = "~> 3.2.2"
4
5 project_id = var.project_id
6 network_name = "terraform-vpc"
7 routing_mode = "GLOBAL"
8
9 subnets = [
10 {
11 subnet_name = "subnet-01"
12 subnet_ip = "10.10.10.0/24"
13 subnet_region = "us-central1"
14 },
15 {
16 subnet_name = "subnet-02"
17 subnet_ip = "10.10.20.0/24"
18 subnet_region = "us-central1"
19 subnet_private_access = "true"
20 subnet_flow_logs = "true"
21 description = "This subnet has a description"
22 }
23 ]
24}
Run the following commands to initialize the module and create the VPC. Type yes at the prompt.
1terraform init
2terraform apply
Navigate to modules/instances/instances.tf. Replace the entire contents of the file with the following:
1resource "google_compute_instance" "tf-instance-1" {
2 name = "tf-instance-1"
3 machine_type = "n1-standard-2"
4 zone = var.zone
5 allow_stopping_for_update = true
6
7 boot_disk {
8 initialize_params {
9 image = "debian-cloud/debian-10"
10 }
11 }
12
13 network_interface {
14 network = "terraform-vpc"
15 subnetwork = "subnet-01"
16 }
17}
18
19resource "google_compute_instance" "tf-instance-2" {
20 name = "tf-instance-2"
21 machine_type = "n1-standard-2"
22 zone = var.zone
23 allow_stopping_for_update = true
24
25 boot_disk {
26 initialize_params {
27 image = "debian-cloud/debian-10"
28 }
29 }
30
31 network_interface {
32 network = "terraform-vpc"
33 subnetwork = "subnet-02"
34 }
35}
Run the following commands to initialize the module and update the instances. Type yes at the prompt.
1terraform init
2terraform apply
Task - 6 : Configure a firewall
Add the following resource to the main.tf file and fill in the GCP Project ID:
1resource "google_compute_firewall" "tf-firewall" {
2 name = "tf-firewall"
3 network = "projects/<PROJECT_ID>/global/networks/terraform-vpc"
4
5 allow {
6 protocol = "tcp"
7 ports = ["80"]
8 }
9
10 source_tags = ["web"]
11 source_ranges = ["0.0.0.0/0"]
12}
Run the following commands to configure the firewall. Type yes at the prompt.
1terraform init
2terraform apply
Congratulations, you're all done with the lab 😄