Terraform

Using Terraform with Google Cloud

This is a tutorial for using terraform with google cloud.

1. Overview

Terraform was created on May 21st, 2014 by Mitchell Hashimoto. Hashimoto was Hashicorp’s founder. Terraform is used for building code and handling infrastructure security. Terraform is a popular DevOps tool in the software world.

2. Terraform with Google Cloud

2.1 Prerequisites

Terraform is necessary on the operating system in which you want to execute the code.

2.2 Download

You can download Terraform from this website.

2.3 Setup

2.3.1 Terraform Setup

You can set up the Terraform by using the command below on macOS:

Terraform Setup

brew tap hashicorp/tap
brew install hashicorp/tap/terraform

You can run this command to check if it is working:

Terraform Execution

 terraform -v

The output of the above command executed is shown below:

Terraform Execution Output

apples-MacBook-Air:~ bhagvan.kommadi$  terraform -v
Terraform v1.1.5
on darwin_amd64
apples-MacBook-Air:~ bhagvan.kommadi$

The terraform execution command has other options which are shown below:

Terraform Execution Options

$ terraform Usage: terraform [-version] [-help]  [args] ... help content omitted

2.4 Start a New Terraform Project

You can create a Terraform Project using resource definitions. Resource definitions are the files with the suffix .tf. You can use Terraform’s language for configuring the resources like EC2 instance, an Azure MariaDB, or a DNS entry. You can create a sample Terraform project with the commands shown below:

Terraform Project Creation Commands

$ cd $HOME
$ mkdir sample-terraform
$ cd sample-terraform
$ cat > main.tf <<EOF
provider "local" {
  version = "~> 1.4"
 }
resource "local_file" "sample" {
content = "sample, Terraform"
filename = "sample.txt"
}
EOF

The above main.tf file has resource and provider definitions. Local provider version 1.4 or other compatible version is used. sample of type local_file has the resource definition. You can run the terraform project by using the command below:

Terraform Project Execution

terraform init

The output of the above command when executed is shown below:

Terraform Project Execution Output

apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding hashicorp/local versions matching "~> 1.4"...
- Installing hashicorp/local v1.4.0...
- Installed hashicorp/local v1.4.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│ 
│   on main.tf line 2, in provider "local":
│    2:   version = "~> 1.4"
│ 
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Above, terraform reads the project files and downloads the required providers from public registries. The next step is to execute the plan command as shown below:

Terraform Project Execution – Plan

 terraform plan

The output of the above command when executed is shown below:

Terraform Project Execution – Plan Output

apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform plan

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # local_file.sample will be created
  + resource "local_file" "sample" {
      + content              = "sample, Terraform"
      + directory_permission = "0777"
      + file_permission      = "0777"
      + filename             = "sample.txt"
      + id                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│ 
│   on main.tf line 2, in provider "local":
│    2:   version = "~> 1.4"
│ 
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵

───────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
apples-MacBook-Air:sample-terraform bhagvan.kommadi$

The above terraform plan command helps in verifying the actions for resource creation. Terraform assumes that default values will be used where ever you have not shared them in the resource definition. You can now execute the apply command for resource creation.

Terraform Project Execution – Apply

 terraform apply

The output of the above command when executed is shown below:

Terraform Project Execution – Apply Output

apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform apply

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # local_file.sample will be created
  + resource "local_file" "sample" {
      + content              = "sample, Terraform"
      + directory_permission = "0777"
      + file_permission      = "0777"
      + filename             = "sample.txt"
      + id                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│ 
│   on main.tf line 2, in provider "local":
│    2:   version = "~> 1.4"
│ 
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

local_file.sample: Creating...
local_file.sample: Creation complete after 0s [id=37d2f5fd67a0734d5d8d1626a47ae46f5b4dee17]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
apples-MacBook-Air:sample-terraform bhagvan.kommadi$

In the above command, the execution plan is generated. You can see the sample.txt. It will have the expected content Sample, Terraform.

Terraform Project Execution – Sample.txt

sample, Terraform

You can run the apply-auto-approve command next.

Terraform Project Execution – Apply Auto Approve

terraform apply -auto-approve

The output of the above command when executed is shown below:

Terraform Project Execution – Apply Auto Approve Output

apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform apply -auto-approve
local_file.sample: Refreshing state... [id=37d2f5fd67a0734d5d8d1626a47ae46f5b4dee17]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│ 
│   on main.tf line 2, in provider "local":
│    2:   version = "~> 1.4"
│ 
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵

Apply complete! Resources: 0 added, 0 changed, 0 destroyed

You can have modules in Terraform which can have resources defined across different projects.

2.5 GCP Setup

You need to create a Google Cloud project using the console. The project ID can be terraform. You can enable the google compute engine from the console by clicking the enable button. Create a service account for the project and enable access to Google cloud project account. Download the key as JSON without granting users access. You need to have the service account key as secret credentials. Please do not check this into source control system. Please ensure that the service account has the following roles assigned first :

  • Compute Engine Service Agent
  •  Kubernetes Engine Service Agent 
  • Security Admin 
  • Service Account Admin 
  • Service Account User

Create a new role mservice_admin from IAM & admin -> Roles. Assign the permission compute.networks.create to the mservice_admin role. Go to IAM and assign this role to the service account. If you encounter errors for permissions, use this role to add permissions from IAM& admin-> Roles.

  • compute.networks.create
  • compute.networks.delete
  • compute.networks.get

2.6 Terraform Configuration

Let us create the terraform configuration by creating a separate directory terraform-gcp. In the directory terraform-gcp, copy the json file downloaded from the google cloud project. Now you can create the main.tf as shown below.

Terraform Project Execution on GCP – main.tf

terraform {
  required_providers {
    google = {
      source = "hashicorp/google"
      version = "3.5.0"
    }
  }
}

provider "google" {
  credentials = file("terraform-344017-057709fcba5d.json")

  project = "terraform"
  region  = "us-central1"
  zone    = "us-central1-c"
}

resource "google_compute_network" "vpc" {
  name = "terraform-network"
  auto_create_subnetworks         = false
}

Please ensure that you have google service account json name and google cloud project mentioned as credentials and project name respectively. You can initialize the configuration by using the command terraform init and you can see the output of the command below.

Terraform Project Execution on GCP – initialize command

apples-MacBook-Air:terraform-gcp bhagvan.kommadi$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding hashicorp/google versions matching "3.5.0"...
- Installing hashicorp/google v3.5.0...
- Installed hashicorp/google v3.5.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

You can format the configuration using terraform fmt and validate the configuration using terraform validate. The output of the validate command is shown below

Terraform Project Execution on GCP – terraform validate output

apples-MacBook-Air:terraform-gcp bhagvan.kommadi$ terraform validate
Success! The configuration is valid.

You can apply the configuration using the command terraform apply. Errors might come related to permissions here. Please add them to the mservice_admin role. The output will be as below:

Terraform Project Execution on GCP – terraform apply output

apples-MacBook-Air:terraform-gcp bhagvan.kommadi$ terraform apply

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_compute_network.vpc_network will be created
  + resource "google_compute_network" "vpc" {
      + auto_create_subnetworks         = false
      + delete_default_routes_on_create = false
      + gateway_ipv4                    = (known after apply)
      + id                              = (known after apply)
      + ipv4_range                      = (known after apply)
      + name                            = "terraform-network"
      + project                         = (known after apply)
      + routing_mode                    = (known after apply)
      + self_link                       = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_compute_network.vpc: Destroying... [id=projects/terraform-344017/global/networks/terraform-network]
google_compute_network.vpc: Still destroying... [id=projects/terraform-344017/global/networks/terraform-network, 10s elapsed]
google_compute_network.vpc: Still destroying... [id=projects/terraform-344017/global/networks/terraform-network, 20s elapsed]
google_compute_network.vpc: Destruction complete after 28s
google_compute_network.vpc: Creating...
google_compute_network.vpc: Still creating... [10s elapsed]
google_compute_network.vpc: Creation complete after 17s [id=projects/terraform-344017/global/networks/terraform-network]

Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

Please go to the GCP console and search for resource terraform-network. It is created.

3. Download the Source Code

Download
You can download the full source code of this example here: Using Terraform with Google Cloud

Bhagvan Kommadi

Bhagvan Kommadi is the Founder of Architect Corner & has around 20 years’ experience in the industry, ranging from large scale enterprise development to helping incubate software product start-ups. He has done Masters in Industrial Systems Engineering at Georgia Institute of Technology (1997) and Bachelors in Aerospace Engineering from Indian Institute of Technology, Madras (1993). He is member of IFX forum,Oracle JCP and participant in Java Community Process. He founded Quantica Computacao, the first quantum computing startup in India. Markets and Markets have positioned Quantica Computacao in ‘Emerging Companies’ section of Quantum Computing quadrants. Bhagvan has engineered and developed simulators and tools in the area of quantum technology using IBM Q, Microsoft Q# and Google QScript. He has reviewed the Manning book titled : "Machine Learning with TensorFlow”. He is also the author of Packt Publishing book - "Hands-On Data Structures and Algorithms with Go".He is member of IFX forum,Oracle JCP and participant in Java Community Process. He is member of the MIT Technology Review Global Panel.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button