push terraform

2023-04-12 14:54:46 +02:00 · 2023-04-12 14:54:46 +02:00 · 0ac73c6cdb
commit 0ac73c6cdb
10 changed files with 251 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,70 @@
+# TERRAFORM / GCP
+
+Demo Terraform déployant une application Flask dans un conteneur Docker sur GCP
+
+## PRE REQUIS
+
+- [COMPTE GCP](https://cloud.google.com/?hl=fr)
+- [TERRAFORM](https://www.terraform.io/)
+
+## PREPARATION
+
+### MACHINE LOCALE
+
+- Installer Terraform:
+```bash
+# LINUX INSTALL
+curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+sudo apt-get update && sudo apt-get install terraform
+```
+
+- Créer une paire de clé ssh dédiée pour Terraform dans ~/.ssh
+```bash
+# NOMMER LE CLE TERRAFORM
+ssh-keygen -t rsa -b 4096
+```
+
+### DASHBOARD GCP
+
+- Créer un projet "terraform-demo"
+- Séletionner le projet créé puis créer un compte de service dans l'onglet [IAM et administration](https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?hl=fr) de la console GCP
+- Ajouter les rôles suivant:
+    - Compute admin
+    - Compute network admin
+    - Service account admin
+- Activer les APIs nécessaires (compute engine API, storage API, cloud billing API)
+
+![SERVICES ACCOUNT](docs/service-account.png)
+
+- Créer une clé au sein du compte de service avec les droits sur le compute engine (pour créer les VMs), et télécharger le fichier json contenant la clé pour le mettre dans le dossier auth/
+
+### TERRAFORM.TFVARS
+
+- Modifier le fichier terraform.tfvars en fonction de votre environnement (gcp_project_id et gcp_auth_file)
+
+## UTILISATION
+
+- Initialiser Terraform:
+```bash
+cd terraform-demo
+terraform init
+```
+
+- Dry run:
+```bash
+terraform plan
+```
+
+- Lançer Terraform:
+```bash
+terraform apply
+# Saisir yes quand demandé
+```
+
+> Visiter l'adresse fournie en output du terraform apply (Web-server-URL = "http://SERVER_IP:5000")
+
+- Stopper Terraform:
+```bash
+terraform destroy
+```
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -0,0 +1,7 @@
+FROM python:3.8-slim-bullseye
+WORKDIR /python-docker
+COPY ./requirements.txt requirements.txt
+RUN python3 -m pip install -r requirements.txt
+COPY ./ .
+EXPOSE 5000
+CMD [ "python3", "-m" , "flask", "run", "--host=0.0.0.0"]
--- a/app/app.py
+++ b/app/app.py
@ -0,0 +1,8 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello_cloud():
+  return 'Hello Cloud!'
+
+app.run(host='0.0.0.0')
--- a/app/deploy.sh
+++ b/app/deploy.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -yq docker.io
+sudo docker build --network=host -t flaskapp .
+sudo docker run -d -p 5000:5000 flaskapp:latest
--- a/app/requirements.txt
+++ b/app/requirements.txt
@ -0,0 +1 @@
+flask
--- a/auth/cle.json
+++ b/auth/cle.json
--- a/docs/service-account.png
+++ b/docs/service-account.png
--- a/main.tf
+++ b/main.tf
@ -0,0 +1,113 @@
+## TERRAFORM
+terraform {
+  required_version = ">= 0.12"
+}
+
+## PROVIDER
+provider "google" {
+  project     = var.gcp_project_id
+  credentials = file(var.gcp_auth_file)
+  region      = var.gcp_region
+}
+
+## NETWORK
+resource "google_compute_network" "vpc_network" {
+  name                    = "my-custom-network"
+  auto_create_subnetworks = false
+  mtu                     = 1460
+}
+
+resource "google_compute_subnetwork" "default" {
+  name          = "my-custom-subnet"
+  ip_cidr_range = "10.0.1.0/24"
+  region        = var.gcp_region
+  network       = google_compute_network.vpc_network.id
+}
+
+## FIREWALL
+### SSH
+resource "google_compute_firewall" "ssh" {
+  name = "allow-ssh"
+  allow {
+    ports    = ["22"]
+    protocol = "tcp"
+  }
+  direction     = "INGRESS"
+  network       = google_compute_network.vpc_network.id
+  priority      = 1000
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["ssh"]
+}
+
+### APP
+resource "google_compute_firewall" "flask" {
+  name    = "flask-app-firewall"
+  network = google_compute_network.vpc_network.id
+
+  allow {
+    protocol = "tcp"
+    ports    = ["5000"]
+  }
+  source_ranges = ["0.0.0.0/0"]
+}
+
+
+## VM
+resource "google_compute_instance" "default" {
+  name         = "flask-vm"
+  machine_type = "e2-micro"
+  zone         = var.gcp_zone
+  tags         = ["ssh"]
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-11"
+    }
+  }
+
+  metadata = {
+    ssh-keys = "${var.gcp_ssh_user}:${file(var.gcp_ssh_pub_key_file)}"
+  }
+
+  network_interface {
+    subnetwork = google_compute_subnetwork.default.id
+
+    access_config {
+      #### TO HAVE A PUBLIC IP ADRESS
+    }
+  }
+
+  ### COPY DES FICHIERS
+  provisioner "file" {
+    source      = "app/"
+    destination = "./"
+    connection {
+      host        = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
+      type        = "ssh"
+      user        = var.gcp_ssh_user
+      timeout     = "500s"
+      private_key = file(var.gcp_ssh_priv_key_file)
+    }
+  }
+
+  ### START DEPLOY.SH
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x ~/deploy.sh",
+      "cd ~",
+      "./deploy.sh"
+    ]
+    connection {
+      host        = google_compute_instance.default.network_interface.0.access_config.0.nat_ip
+      type        = "ssh"
+      user        = var.gcp_ssh_user
+      timeout     = "500s"
+      private_key = file(var.gcp_ssh_priv_key_file)
+    }
+  }
+}
+
+## GET VM PUBLIC IP
+output "Web-server-URL" {
+  value = join("", ["http://", google_compute_instance.default.network_interface.0.access_config.0.nat_ip, ":5000"])
+}
--- a/terraform.tfvars
+++ b/terraform.tfvars
@ -0,0 +1,8 @@
+# GCP Settings
+gcp_project_id        = "terraform-demo-381114"                          # A MODIFIER
+gcp_region            = "europe-west9"
+gcp_zone              = "europe-west9-a"
+gcp_auth_file         = "./auth/terraform-demo-381114-158cfce10778.json" # A MODIFIER
+gcp_ssh_user          = "devops"                                         # A MODIFIER OU PAS
+gcp_ssh_pub_key_file  = "~/.ssh/terraform.pub"
+gcp_ssh_priv_key_file = "~/.ssh/terraform"
--- a/variables.tf
+++ b/variables.tf
@ -0,0 +1,38 @@
+# GCP authentication file
+variable "gcp_auth_file" {
+  type        = string
+  description = "GCP authentication file"
+}
+
+# define GCP region
+variable "gcp_region" {
+  type        = string
+  description = "GCP region"
+}
+
+# define GCP project name
+variable "gcp_project_id" {
+  type        = string
+  description = "GCP project id"
+}
+
+# define GCP zone
+variable "gcp_zone" {
+  type        = string
+  description = "GCP zone"
+}
+
+variable "gcp_ssh_user" {
+  type        = string
+  description = "SSH user"
+}
+
+variable "gcp_ssh_pub_key_file" {
+  type        = string
+  description = "SSH public key file path"
+}
+
+variable "gcp_ssh_priv_key_file" {
+  type        = string
+  description = "SSH private key file path"
+}