CD2H gitForager

pivotal-cf/pcf-bosh-terraforming-gcp

Name: pcf-bosh-terraforming-gcp

Owner: Pivotal Cloud Foundry

Description: null

Created: 2016-12-01 22:21:19.0

Updated: 2017-06-06 20:20:54.0

Pushed: 2017-02-01 18:03:52.0

Homepage: null

Size: 44

Language: HCL

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

How Does One Use This?

Please note that the master branch is generally unstable. If you are looking for something “tested”, please consume one of our releases.

What Does This Do?

You will get some networking, just the bare bones basically.

Prerequisites

Your system needs the gcloud cli, as well as terraform:

 install Caskroom/cask/google-cloud-sdk
 install terraform

You will also want to setup a “project-wide” SSH key to allow SSH access to the VMs in your deployment. You can follow the directions here to set up a key.

Notes

This repository requires at least v0.7.7 of terraform

You will also need a key file for your service account to allow terraform to deploy resources. If you don't have one, you can create a service account and a key for it:

ud iam service-accounts create some-account-name
ud iam service-accounts keys create "terraform.key.json" --iam-account "some-account-name@yourproject.iam.gserviceaccount.com"
ud projects add-iam-policy-binding PROJECT_ID --member 'serviceAccount:some-account-name@PROJECT_ID.iam.gserviceaccount.com' --role 'roles/editor'

You will also need to enable the Google Cloud DNS API on your GCP account. The Google Cloud DNS API provides methods for creating, reading, and updating project DNS entries.

Var File

Copy the stub content below into a file called terraform.tfvars and put it in the root of this project. These vars will be used when you run terraform apply. You should fill in the stub values with the correct content.

name = "some-environment-name"
on = "us-central1"
s = ["us-central1-a", "us-central1-b", "us-central1-c"]
ect = "your-gcp-project"
suffix = "gcp.some-project.cf-app.com"
cert = "-----BEGIN CERTIFICATE-----some cert-----END CERTIFICATE-----\n"
cert_private_key = "-----BEGIN RSA PRIVATE KEY-----fake private key-----END RSA PRIVATE KEY-----\n"
ice_account_key = <<SERVICE_ACCOUNT_KEY

ype": "service_account",
roject_id": "your-gcp-project",
rivate_key_id": "another-gcp-private-key",
rivate_key": "-----BEGIN PRIVATE KEY-----fake gcp private key-----END PRIVATE KEY-----\n",
lient_email": "something@example.com",
lient_id": "11111111111111",
uth_uri": "https://accounts.google.com/o/oauth2/auth",
oken_uri": "https://accounts.google.com/o/oauth2/token",
uth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
lient_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/"

ICE_ACCOUNT_KEY

Var Details

project: (required) ID for your GCP project.
env_name: (required) An arbitrary unique name for namespacing resources.
region: (required) Region in which to create resources (e.g. us-central1)
zones: (required) Zones in which to create resources. Must be within the given region. (e.g. [us-central1-a, us-central1-b, us-central1-c])
service_account_key: (required) Contents of your service account key file generated using the gcloud iam service-accounts keys create command.
dns_suffix: (required) Domain to add environment subdomain to (e.g. foo.example.com)
ssl_cert: (required) SSL certificate for HTTP load balancer configuration. Can be either trusted or self-signed.
ssl_cert_private_key: (required) Private key for above SSL certificate.
sql_db_tier: (optional) DB tier

DNS Records

*.sys.$env_name.$dns_suffix: Points at the HTTP/S load balancer in front of the Router.
doppler.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address is used to send websocket traffic to the Doppler server.
loggregator.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address is used to send websocket traffic to the Loggregator Trafficcontroller.
*.apps.$env_name.$dns_suffix: Points at the HTTP/S load balancer in front of the Router.
*.ws.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Router. This address can be used for application websocket traffic.
ssh.sys.$env_name.$dns_suffix: Points at the TCP load balancer in front of the Diego brean.
tcp.$env_name.$dns_suffix: Points at the TCP load balancer in front of the TCP router.

Cloud SQL Configuration

ERT

ert_sql_db_host: (optional) The host the user can connect from. Can be an IP address. Changing this forces a new resource to be created.
ert_sql_db_username: (optional) Username for database.
ert_sql_db_password: (optional) Password for database.
ert_sql_instance_count: (optional) Number of instances, defaults to 0.

Running

Note: please make sure you have created the terraform.tfvars file above as mentioned.

Standing up environment

aform apply

Tearing down environment

aform destroy

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.