diff --git a/README.md b/README.md new file mode 100644 index 0000000..d4dea19 --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ +# TERRAFORM / GCP + +## PRE REQUIS + +- [COMPTE GCP](https://cloud.google.com/?hl=fr) +- [TERRAFORM](https://www.terraform.io/) +```bash +# LINUX INSTALL +curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - +sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" +sudo apt-get update && sudo apt-get install terraform +``` + +## PREPARATION + +- Créer un projet "terraform-demo" +- Séletionner le projet créé puis créer un compte de service dans l'onglet [IAM et administration](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?hl=fr) de la console GCP +- Ajouter les rôles suivant: + - Compute admin + - Compute network admin + - Service account admin +- Activer les APIs nécessaires (compute engine API, storage API, cloud billing API) + +![SERVICES ACCOUNT](docs/service-account.png) + +- Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth +- Modifier l'id du projet dans le fichier variables.tf + +## UTILISATION + +- Lançer Terraform: + +```bash +terraform init +``` + +- Lançer Terraform: + +```bash +terraform plan +``` + +- Lançer Terraform: + +```bash +terraform apply +# Saisir yes quand demandé +``` + +> L'adresse public de la VM est fournie en output du terraform apply http://public-ip:5000 + +- Se connecter en SSH à la VM pour créer l'application Flask: + +```bash +nano app.py +from flask import Flask +app = Flask(__name__) + +@app.route('/') +def hello_cloud(): + return 'Hello Cloud!' + +app.run(host='0.0.0.0') +``` + +- Installer Flask: + +```bash +python3 -m pip install flask +``` + +- Lançer l'application: + +```bash +python3 app.py +``` + +- Visiter l'adresse fournie en output du terraform apply \ No newline at end of file diff --git a/auth/cle.json b/auth/cle.json new file mode 100644 index 0000000..e69de29 diff --git a/docs/service-account.png b/docs/service-account.png new file mode 100644 index 0000000..b32e4a8 Binary files /dev/null and b/docs/service-account.png differ diff --git a/main.tf b/main.tf index 91a831f..fc86d82 100644 --- a/main.tf +++ b/main.tf @@ -5,7 +5,7 @@ terraform { ## PROVIDER provider "google" { - project = var.gcp_project + project = var.gcp_project_id credentials = file(var.gcp_auth_file) region = var.gcp_region } @@ -28,7 +28,7 @@ resource "google_compute_subnetwork" "default" { resource "google_compute_instance" "default" { name = "flask-vm" machine_type = "e2-micro" - zone = "europe-west9-a" + zone = var.gcp_zone tags = ["ssh"] boot_disk { @@ -49,7 +49,8 @@ resource "google_compute_instance" "default" { } } -## SSH +## FIREWALL +### SSH resource "google_compute_firewall" "ssh" { name = "allow-ssh" allow { @@ -61,4 +62,21 @@ resource "google_compute_firewall" "ssh" { priority = 1000 source_ranges = ["0.0.0.0/0"] target_tags = ["ssh"] +} + +### APP +resource "google_compute_firewall" "flask" { + name = "flask-app-firewall" + network = google_compute_network.vpc_network.id + + allow { + protocol = "tcp" + ports = ["5000"] + } + source_ranges = ["0.0.0.0/0"] +} + +## GET VM PUBLIC IP +output "Web-server-URL" { + value = join("",["http://",google_compute_instance.default.network_interface.0.access_config.0.nat_ip,":5000"]) } \ No newline at end of file diff --git a/terraform.tfvars b/terraform.tfvars index 0ab279c..47f8fff 100644 --- a/terraform.tfvars +++ b/terraform.tfvars @@ -1,4 +1,5 @@ # GCP Settings -gcp_project = "terraform-demo-381114" -gcp_region = "europe-west9" +gcp_project_id = "terraform-demo-381114" +gcp_region = "europe-west9" +gcp_zone = "europe-west9-a" gcp_auth_file = "./auth/terraform-demo-381114-158cfce10778.json" \ No newline at end of file diff --git a/variables.tf b/variables.tf index 8b3d807..caa48e1 100644 --- a/variables.tf +++ b/variables.tf @@ -11,7 +11,13 @@ variable "gcp_region" { } # define GCP project name -variable "gcp_project" { +variable "gcp_project_id" { type = string - description = "GCP project name" + description = "GCP project id" +} + +# define GCP zone +variable "gcp_zone" { + type = string + description = "GCP zone" } \ No newline at end of file