Get startedGet started for free

Lab Review: Automating the Deployment of Infrastructure Using Terraform

1. Lab Review: Automating the Deployment of Infrastructure Using Terraform

In this lab, you created a Terraform configuration with a module to automate the deployment of GCP infrastructure. As your configuration changes, Terraform can create incremental execution plans, which allocates you to build your overall configuration step-by-step. The Instance module allowed you to reuse the same resource configuration for multiple resources while providing properties as input variables. You can leverage the configuration and module that you created as a starting point for future deployments. You can stay for a lab walk through, but remember that GCP's user interface can change. So your environment might look slightly different. So here I am in the GCP console, and the first thing we want to do is configure our Cloud Shell environment to use Terraform. Terraform is actually now integrated into Cloud Shell, so let's just start by verifying which version is installed. So I'm going to click and activate Cloud Shell, and then start Cloud Shell. And then we're going to run the Terraform version command to verify the version. Let me run that here, and then we'll see that this is the current version that is configured. You see that there's an even newer version here. That's fine. You could go, download that and their instructions in the lab on how to do that, but the lab instructions will work with the 12.2 or anything later. So we're ready to go. I'm going to set up a folder for us, and then we're going to launch the code editor, which is this little pencil icon up here. And we're going to use the code editor now to work in that folder that we just created and place all of our files in there. And that's going to be a much more interactive experience rather than using a command-line editor like Nano, so let's just wait for that to come up. In the meantime, I can clear this, and the first thing we're going to do once we're in here is, we're going to create a file called Provider TF, and this is going to help us initialize Terraform because Terraform uses a plug-in-based architecture to support many different infrastructure and service providers, so the provider file will specify that we're using Google as the provider. So let me right-click on TF Infra, create a new file. Plug in Provider TF, and then we're just going to copy in that the provider is Google. And I can save that, and autosave is actually enabled, so I won't have to click save all the time. And then within Cloud Shell, I'm going to navigate to that folder, and then I'm going to run the Terraform init command. And this is going to now initialize the provider, so we can see here this is the provider version. It's been initialized, so now we're ready to work with Terraform and Cloud Shell. So let's start off by configuring my network. I'm just going to now create a new file in this folder, call it My Network TF, and I'm going to copy the base code that we have in the lab instructions. So in here we have a comment. We have the resource, the type along with the name, and then we will also have resource properties. And this is a base template that's great for starting any resources in GCP, and we'll use the name and the field -- the name field as well as the type field and properties to really define what each of these resources do. So first things first, I want to replace the type with Google_compute_network, and what's important here is to also include these quotes for all of the resources that we're going to define. And this is just ABPC network. You can find more out about this in the two documentation links that are in the lab. One link is to the Google's hot platform documentation, and the other link is to the Terraform documentation. Now I also want to replace the name, so we're going to replace the resource name with My Network, again, quotes are important. And then we're going to create some properties. This is going to be an auto mode network, which means that all of these subnets are automatically created. I need to define that. Properties are optional for some resources, but in this case it's required for us to say that auto-create subnetworks is true, right? Now, I can verify that my file looks exactly like what's provided in the lab, and that seems to be true. It has moved around and spaced out some of these properties. There's a command we'll run later that will actually do that for us as well, so that's not really critical right now. I can go ahead and save this. Now next I want to configure the firewall rule. I have again some base code for that, so let me just paste that below my network resource. And we're going to create a file rule that will allow HTTP, SSH, RDP and ICMP, so I want to obviously find the right type. Now, you could look that up in the Terraform documentation or use what's in the lab instructions, and that is Google Compute Firewall. And again, we need to place the quotes around that and have a space between these two. I'm also going to have a name that's going to be the name of the firewall rule, the one that we'll actually see within GCP when we create this. And now a couple of different resource properties that I need to provide. If you think of a firewall rule, there are a couple of key things. There is the network to which the firewall rule applies. There are the source IP ranges and the protocols and ports. If you don't define the source IP ranges, it's just going to take 0.0.0/0, so in our case we're going to define the network. So let me paste that in here, and because this firewall rule depends on its network, we're using this self link reference here. And this instructs Terraform to resolve these resources in a dependent order, so in this case the network needs to be created before the firewall rule is created. We're going to do the same when we create the VM instances, so let me also now add the properties to allow and -- to allow a certain combination of protocols and ports. Specifically, I'm going to allow TCP22 for SSH, 80 for HTTP, 33 for RDP, and then the whole ICMP protocol. And then I can verify that this looks just like the instructions that are given to me, and that is the case. So I can go ahead and save that, but it's really being autosaved, so no need to hit save all the time in here. So now we're going to configure DVM instances, and what we're going to do is, we're going to create an instance module. And a module is just something that's a reusable configuration inside a folder, so we'll create one module. And we'll use it for both of the VM instances that we're going to create. To do that, we need to create a folder for the module, so let me create a new folder here, call it Instance Within the TF Infra Folder. And you see it created it outside, so I'm going to drag it in this folder. Alternatively, I could have right-clicked and created it, and the lab does show the hierarchy of these folders. And now within this folder, I'm going to create a file and call it Main TF. All right. And now within this file, we're going to again copy some base code to get us started. We have the resource type, the resource name and the type it's going to be a Google Compute instance, so let me replace that with the quotes. Now, rather than giving it a name and kind of hard-coding that, I'm going to now use a variable because I want to be able to create multiple instances with multiple different names, so I'm going to replace TF name with this construct. And then we'll later have to define from the parent configuration how to affect this module. We're also going to add some properties, which are the zone and machine type, and here again we are using variables that we'll have to define. We will also add a boot disk, and now the boot disk will just sort of hard code. We'll give it an image, and they'll be used for all of the instances that we create. And then we're also going to add a network interface, and in there we have to define a subnetwork. So where does this instance live? And if I just provide this construct here, it's going to allocate an external IP address or a public IP address to my instance. So now I need to define some input variables, right, so I'm using an input variable for name, zone, the type and the subnetwork. So let me add some stuff on top of my resource, and specifically I'm going to add a variable for the name and zone. I'm also going to define the instance type, and if I provide a value in these brackets, then that's going to be the default value. So if I don't provide another value from my configuration, it will just use this type, and that's kind of the default anyway. So that may be a good thing to do. We could have done something similar with the image, and that way we could control the image through an input variable. So now I'm just going to verify that my configuration, or I should say this module, looks exactly like the lab instructions, and that is true. So now I can go on and save this. And the next thing we need to do is we've defined the module, but now we need to use the module within my configuration. So in here I have a network and a file rule, but I also now need to say, "I want to create VM instances. I'm going to provide these input variables, and this is the module that I want you to use." So I'm just going to copy the lab instructions. Here I'm defining the module. I'm giving it the name, and then I'm defining the source. This lives in the instance folder, and then I'm just providing three of the four input variables because I already have a default value for one of them. Now, important again is I'm going to use the self link reference here because I cannot create these instances, nor the firewall rule, until the network is created. After that, all of these resources can and will be created in parallel , and we'll see that in a second, so let's go ahead and set this all up. I'm going to now just work from Cloud Shell. Let me clear this up here. We're going to run the Terraform FMT command, and this just rewrites the files into a canonical format and style. And if I do that, you might have just seen that everything got indented a little bit here and there. That's not really that critical, it's just telling us it did that, and specifically it touched the My Network TF file. And if you get an error here, you want to, you know, make sure that your configuration looks similar to the ones that we have so far. We also link the configuration to all of the three TS files the provider might not recommend in the lab instructions, so you can always refer to them and make sure that they align with what you have, and if not, you know, fix what's different. Now I'm going to need to run the Terraform init command again, and I need to mainly do that because I now have a module. It's going to say, "Oh, there's some modules that need to be used. Let me initialize those." So we've done that, and now we can go ahead and plan our configuration. We can say, "Okay, we're ready to go. Tell me what you would create when I run this command." So Terraform plan is going to run through this. It's going to tell me it's going to create these resources here. It's telling me that a lot of the values are provided, but some of the values won't be known until after it's created. And specifically it's going to add four different things, the VPC network, the firewall rule and the two instance, so if we're all good with that, we can run the Terraform apply command. It's actually going to walk us through those resources one more time, but now it's going to ask us if we're ready. So we just type yes in here. And it's going to start creating the resources, and you can see the network is the first resource that is being created here. And once the network is created, it's going to start creating all the other resources in parallel. It also gives us an update every 10 seconds saying it's still working on this, and that's pretty interesting. That way you can see that at least it's still working on this and it didn't get stuck on something. So let's wait for this to complete, and then we'll check back in. So here we can see that all of the resources were created. As I mentioned, the network gets created first, and once that's completed you can see one of the instances, the firewall rule and the other instances are starting to be created. Instances were created really quickly, and then we're just waiting for the firewall rule to be created. Now let's actually verify that all of these resources were created by navigating back to the GCP console, so is going to switch tabs here and go to the navigation menu. And first go to VPC network, and every network comes by default with a default network that is here. And here we can see the My Network that we created, which is an auto mode network. I can also go to the firewall rules, and I'll see that my custom firewall rule with the non-default firewall rule has been created. And that should allow me to ping between the two instances that I have in a network. I have ICMP traffic allowed, so I should be able to ping both in the external IP address, but even the internal IP address because both of these instances are on the same network. So let's try that out. I'm going to go back to the navigation menu, go to Compute Engine, and I'm going to grab the IP address of this first VM, and then SSH to this other VM. And then we'll try to ping that instance. So here I am. Let me run ping three times on that IP address, and we can see that all the packets were transmitted. So this should work again because both VM instances are in the same network, and the firewall rule that we created allows ICMP traffic. And that's the end of the lab.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.