Terraform Live Repository for the Production environment
Create a Google Cloud Platform project through the web console. Make a note of the project ID.
Create a service account for the project through the IAM section of the web console.
The service account must have the following roles:
- Compute Instances Admin (v1)
- Compute Network Admin
- Compute Security Admin
- Storage Admin
Download the credentials of the service account as a JSON file and
place it in gcloud/credentials.json
Create an SSH key by running: ssh-keygen -f gcloud/ubuntu
Create an environment file located at gcloud/.env with the following
contents:
export TF_VAR_engineer_cidrs="[\"$(dig +short myip.opendns.com @resolver1.opendns.com)/32\"]"
export GOOGLE_APPLICATION_CREDENTIALS="../credentials.json"
export GCLOUD_PROJECT="<project-id>"
export GCLOUD_REGION="us-west1"The environment file must be sourced before working with Terraform:
source gcloud/.envCreates the bucket that will hold the Terraform state.
cd gcloud/state_bucket
terraform init
terraform get -update
terraform applyChange the content in the state.tf to a gcs backend:
terraform {
backend "gcs" {
bucket = "acme-terraform-live-prod"
prefix = "gcloud/state_bucket/terraform.tfstate"
}
}Re-run terraform init and agree to the proposition of copying the
existing local state to the newly configured GCS backend.
Creates a vpc network and subnetworks to deploy servers into.
cd ../network
terraform init
terraform get -update
terraform applyCreates a database server, which holds the data for the client.
cd ../db
terraform init
terraform get -update
terraform applyCreates a jobs server, which inputs data into the database.
cd ../job
terraform init
terraform get -update
terraform applyCreates an application server to present the data from the database.
cd ../app
terraform init
terraform get -update
terraform apply