- uses tags for instance selection (webserver for instance and http-server/https-server/ssh-server for firewall)
- export GCPSERVICEACCOUNTFILE, GCPPROJECT, SSHPUBKEY, and USER environment variables
---
# Provision free gce instance:
- name: Create instance(s)
hosts: localhost
gather_facts: no
connection: local
vars_files:
- group_vars/all
- group_vars/gce
vars:
credentials_file: "{{ lookup('env', 'GCP_SERVICE_ACCOUNT_FILE') }}"
project_id: "{{ lookup('env', 'GCP_PROJECT') }}"
ssh_pub_key_file: "{{ lookup('env','SSH_PUB_KEY') }}"
ssh_pub_key: "{{ lookup('file', ssh_pub_key_file) }}"
user: "{{ lookup('env', 'USER') }}"
metadata: "{'sshKeys': '{{ user }}:{{ ssh_pub_key }}'}"
tasks:
- name: create a disk
gcp_compute_disk:
name: "{{ disk_name }}"
size_gb: "{{ disk_size }}"
source_image: "{{ image }}"
zone: "{{ zone }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present
register: disk
- name: create a network
gcp_compute_network:
name: "{{ network_name }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present
register: network
- name: create a firewall rule
gcp_compute_firewall:
name: "{{ ssh_firewall_name }}"
allowed:
- ip_protocol: tcp
ports:
- 22
target_tags:
- ssh-server
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
network: "{{ network.selfLink }}"
source_ranges: '0.0.0.0/0'
state: present
- name: create a address
gcp_compute_address:
name: "{{ address_name }}"
region: "{{ region }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present
register: address
- name: create a instance
gcp_compute_instance:
state: present
metadata: "{{ metadata }}"
name: "{{ instance_name_1 }}"
machine_type: "{{ machine_type }}"
disks:
- auto_delete: true
boot: true
source: "{{ disk }}"
network_interfaces:
- network: "{{ network }}"
access_configs:
- name: 'External NAT'
nat_ip: "{{ address }}"
type: 'ONE_TO_ONE_NAT'
zone: "{{ zone }}"
tags:
items:
- webserver
- http-server
- https-server
- ssh-server
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
register: instance
post_tasks:
- name: Wait for SSH to come up
wait_for: host={{ address.address }} port=22 delay=10 timeout=60
---
# Destroys free gce instance.
- name: Remove instance(s)
hosts: localhost
gather_facts: no
connection: local
vars_files:
- group_vars/all
- group_vars/gce
vars:
credentials_file: "{{ lookup('env', 'GCP_SERVICE_ACCOUNT_FILE') }}"
project_id: "{{ lookup('env', 'GCP_PROJECT') }}"
tasks:
- name: delete the instance
gcp_compute_instance:
state: absent
name: "{{ instance_name_1 }}"
zone: "{{ zone }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
tags: delete
- name: delete address free-address-instance
gcp_compute_address:
name: "{{ address_name }}"
region: "{{ region }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent
- name: delete firewall rule for https
gcp_compute_firewall:
name: "{{ network_name }}-allow-https"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
state: absent
- name: delete firewall rule for http
gcp_compute_firewall:
name: "{{ network_name }}-allow-http"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
state: absent
- name: delete firewall rule for ssh
gcp_compute_firewall:
name: "{{ ssh_firewall_name }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
state: absent
- name: delete network
gcp_compute_network:
name: "{{ network_name }}"
project: "{{ project_id }}"
auth_kind: "{{ auth }}"
service_account_file: "{{ credentials_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent
- hosts: tag_webserver
serial: 1
become: true
# These are the tasks to run before applying updates:
#pre_tasks:
#- name: clear directory
#- file: path=/opt state=absent
#- file: path=/opt state=directory
roles:
- common
- web
# These tasks run after the roles:
#post_tasks:
#- name: wait for webserver to come up
# wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80'
group_vars/gce, group_vars/all
machine_type: f1-micro
image: projects/debian-cloud/global/images/family/debian-9
zone: us-east1-b
instance_name_1: free-1
auth: serviceaccount
region: us-east1
network_name: free-network-instance
address_name: free-address-instance
ssh_firewall_name: free-ssh-instance
disk_size: 30
disk_name: free-disk-instance
inventory/gce-inventory.gcp.yml
plugin: gcp_compute
projects:
- jamin-42069
auth_kind: serviceaccount
service_account_file: ~/.gcloud/jam.json
scopes:
- https://www.googleapis.com/auth/compute
keyed_groups:
- prefix: tag
key: tags['items']
filters:
[inventory]
enable_plugins = auto
#host_list, script, yaml, ini, auto
roles/common/tasks/main.yml, roles/web/tasks/main.yml
---
# This role contains common plays that will run on all nodes.
- name: System update
apt: name=* state=latest force_apt_get=true
---
# This role contains web plays that will run on all nodes.
- name: Install web server deps
apt: name={{ item }} state=present force_apt_get=true
with_items:
- git
- curl