Before proceeding with ops manager installation, the following cloud infrastructure resources are to be created:
- load balancers
- external IP addresses
- firewall rules
- dns entries
Terraform is used to automate the provisioning of these resources. In GCP, we obtain permission to perform these actions by creating a service account with appropriate roles.
Connect to jumpbox using cloud shell or by taking ssh to jumpbox directly from local workstation. I have used ssh from my local desktop and ran below commands, if you have any Q connecting through cloud shell, please put in comment section below:
Add three new environment variables to your environment file, ~/.env, as follows:
Run the command: gcloud services list to list the currently enabled APIs, if it is not listing any output or incase failing with authorization errors, then try below:
The required APIs, which are not enabled by default in new projects, can be activated by running the following:
A service account with authorization to create resources in your GCP project is necessary to allow Terraform to pave your infrastructure
Generate a wildcard SSL certificate:
Create an OpenSSL configuration file.
Use the OpenSSL utility to generate a key and a certificate signed with that key:
Note: Ensure to install terraform version < “0.12.0”, I have used 0.11.14
- Unzip the terraform templates zip file (terraforming-gcp-0.98.0.zip) you downloaded from the Tanzu Network in earlier post
- Navigate to directory terraforming-pas
Create a file named terraform.tfvars by resolving it from the following template:
Navigate to terraforming-pas directory and execute the following:
Note: Above commands will take few minutes to complete and post that a terraform.tfstate file will be created into your current working directory which will be used later.
Review the resources from cloud console:
Login into Cloud console UI > VPC Network – which shows 3 newly created subnets each for management vm’s, platform components and services vm’s. Also, take a look at external IP addresses, firewall rules, routes, load balancing and Cloud DNS.