Setting up and managing infrastructure.
The main repository now exists on GitLab (https://gitlab.com/mwguy/infrastructure), GitHub will be a mirror.
Install terraform at https://www.terraform.io/downloads.html and put it into your path.
Install the google cloud sdk at https://cloud.google.com/sdk/.
Install go
at https://golang.org/dl/.
git clone git@gitlab.com:mwguy/infrastructure.git
cd infrastructure
Environment credentials will allow some steps to be skipped such as creating a service account though it is still advisable.
These are the credentials that can be used for ease of use:
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
for gcs credentialsexport INFRA_PROJECT="[PROJECT_ID]
the project ID to useexport INFRA_BUCKET=[BUCKET]
the name of the bucketexport TF_VAR_do_token=[DO_TOKEN]
the Digital Ocean token
The backend is used to store terraform state data.
- Log into google cloud by executing
gcloud init
- Execute the following shell command to set up the storage (this only needs to be run once)
- if the project has not been created yet run:
./scripts/backend-init.sh --help
- if the project has already been created run:
./scripts/backend-init.sh [PROJECT_ID] [UNIQUE_BUCKET_NAME]
- if the project has not been created yet run:
- Install third party plugins with
./scripts/install-plugins.sh
- Now your service account credentials should be output, do not store this in git.
- Create or use an existing DigitalOcean token
cd terraform
- Initialize the backend with the bucket name
terraform init -input=true
- input the
[UNIQUE_BUCKET_NAME]
- input the
- The storage and permissions for the backend are provisioned in a separate script so the backend can access it.
- Permissions on the backend service account is limited to operations within the terraform bucket for security purposes.