CD2H gitForager

pivotal-cf/terraforming-gcp

Name: terraforming-gcp

Owner: Pivotal Cloud Foundry

Description: use terraform, deploy yourself a pcf

Created: 2016-10-06 19:08:25.0

Updated: 2018-05-16 13:58:29.0

Pushed: 2018-05-03 15:52:44.0

Homepage:

Size: 200

Language: HCL

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

How Does One Use This?

Please note that the master branch is generally unstable. If you are looking for something “tested”, please consume one of our releases.

What Does This Do?

You will get a booted ops-manager VM plus some networking, just the bare bones basically.

Looking to setup a different IAAS

We have have other terraform templates to help you!

aws
azure

This list will be updated when more infrastructures come along.

Prerequisites

Your system needs the gcloud cli, as well as terraform:

 update
 install Caskroom/cask/google-cloud-sdk
 install terraform

Notes

You will need a key file for your service account to allow terraform to deploy resources. If you don't have one, you can create a service account and a key for it:

ud iam service-accounts create ACCOUNT_NAME --display-name "Some Account Name"
ud iam service-accounts keys create "terraform.key.json" --iam-account "ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com"
ud projects add-iam-policy-binding PROJECT_ID --member 'serviceAccount:ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com' --role 'roles/owner'

You will need to enable the following Google Cloud APIs:

Var File

Copy the stub content below into a file called terraform.tfvars and put it in the root of this project. These vars will be used when you run terraform apply. You should fill in the stub values with the correct content.

name         = "some-environment-name"
ect          = "your-gcp-project"
on           = "us-central1"
s            = ["us-central1-a", "us-central1-b", "us-central1-c"]
suffix       = "gcp.some-project.cf-app.com"
an_image_url = "https://storage.googleapis.com/ops-manager-us/pcf-gcp-2.0-build.264.tar.gz"

ets_location = "US"

cert = <<SSL_CERT
-BEGIN CERTIFICATE-----
 cert
-END CERTIFICATE-----
CERT

private_key = <<SSL_KEY
-BEGIN RSA PRIVATE KEY-----
 cert private key
-END RSA PRIVATE KEY-----
KEY

ice_account_key = <<SERVICE_ACCOUNT_KEY

ype": "service_account",
roject_id": "your-gcp-project",
rivate_key_id": "another-gcp-private-key",
rivate_key": "-----BEGIN PRIVATE KEY-----another gcp private key-----END PRIVATE KEY-----\n",
lient_email": "something@example.com",
lient_id": "11111111111111",
uth_uri": "https://accounts.google.com/o/oauth2/auth",
oken_uri": "https://accounts.google.com/o/oauth2/token",
uth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
lient_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/"

ICE_ACCOUNT_KEY

Var Details

env_name: (required) An arbitrary unique name for namespacing resources. Max 23 characters.
project: (required) ID for your GCP project.
region: (required) Region in which to create resources (e.g. us-central1)
zones: (required) Zones in which to create resources. Must be within the given region. Currently you must specify exactly 3 Zones for this terraform configuration to work. (e.g. [us-central1-a, us-central1-b, us-central1-c])
opsman_image_url (required) Source URL of the Ops Manager image you want to boot.
service_account_key: (required) Contents of your service account key file generated using the gcloud iam service-accounts keys create command.
dns_suffix: (required) Domain to add environment subdomain to (e.g. foo.example.com)
buckets_location: (optional) Loction in which to create buckets. Defaults to US.
ssl_cert: (optional) SSL certificate for HTTP load balancer configuration. Required unless ssl_ca_cert is specified.
ssl_private_key: (optional) Private key for above SSL certificate. Required unless ssl_ca_cert is specified.
ssl_ca_cert: (optional) SSL CA certificate used to generate self-signed HTTP load balancer certificate. Required unless ssl_cert is specified.
ssl_ca_private_key: (optional) Private key for above SSL CA certificate. Required unless ssl_cert is specified.
opsman_storage_bucket_count: (optional) Google Storage Bucket for BOSH's Blobstore.
create_iam_service_account_members: (optional) Create IAM Service Account project roles. Default to true.

DNS Records

pcf.$env_name.$dns_suffix: Points at the Ops Manager VM's public IP address.
*.sys.$env_name.$dns_suffix: Points at the HTTP/S load balancer in front of the Router.
doppler.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address is used to send websocket traffic to the Doppler server.
loggregator.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address is used to send websocket traffic to the Loggregator Trafficcontroller.
*.apps.$env_name.$dns_suffix: Points at the HTTP/S load balancer in front of the Router.
*.ws.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address can be used for application websocket traffic.
ssh.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Diego brain.
tcp.$env_name.$dns_suffix: Points at the TCP load balancer in front of the TCP router.

Isolation Segments (optional)

isolation_segment: (optional) When set to “true” creates HTTP load-balancer across 3 zones for isolation segments.
iso_seg_ssl_cert: (optional) SSL certificate for Iso Seg HTTP load balancer configuration. Required unless iso_seg_ssl_ca_cert is specified.
iso_seg_ssl_private_key: (optional) Private key for above SSL certificate. Required unless iso_seg_ssl_ca_cert is specified.
iso_seg_ssl_ca_cert: (optional) SSL CA certificate used to generate self-signed Iso Seg HTTP load balancer certificate. Required unless iso_seg_ssl_cert is specified.
iso_seg_ssl_ca_private_key: (optional) Private key for above SSL CA certificate. Required unless iso_seg_ssl_cert is specified.

Cloud SQL Configuration (optional)

external_database: (optional) When set to “true”, a cloud SQL instance will be deployed for the Ops Manager and PAS.

Ops Manager (optional)

opsman_sql_db_host: (optional) The host the user can connect from. Can be an IP address. Changing this forces a new resource to be created.

PAS (optional)

pas_sql_db_host: (optional) The host the user can connect from. Can be an IP address. Changing this forces a new resource to be created.

PAS Cloud Controller's Google Cloud Storage Buckets (optional)

create_gcs_buckets: (optional) When set to “false”, buckets will not be created for PAS Cloud Controller. Defaults to “true”.

PKS (optional)

pks: (optional) When set to “true” creates a tcp load-balancer for PKS api, dedicated subnets and allows access on Port 8443 to masters external IP address for kubectl access

Running

Note: please make sure you have created the terraform.tfvars file above as mentioned.

Standing up environment

aform init
aform plan -out=plan
aform apply plan

Tearing down environment

aform destroy

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.