From f8ec19049bae2580f6bd145f0f8463a1b6c9f2af Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Thu, 15 Dec 2016 13:28:57 -0800 Subject: [PATCH 1/4] Add example for internal load balancing --- .../google-internal-load-balancing/.gitignore | 3 + .../google-internal-load-balancing/main.tf | 274 ++++++++++++++++++ .../variables.tf | 20 ++ 3 files changed, 297 insertions(+) create mode 100644 examples/google-internal-load-balancing/.gitignore create mode 100644 examples/google-internal-load-balancing/main.tf create mode 100644 examples/google-internal-load-balancing/variables.tf diff --git a/examples/google-internal-load-balancing/.gitignore b/examples/google-internal-load-balancing/.gitignore new file mode 100644 index 0000000000..16791642b1 --- /dev/null +++ b/examples/google-internal-load-balancing/.gitignore @@ -0,0 +1,3 @@ +terraform.tfstate +terraform.tfstate.backup +terraform.tfvars diff --git a/examples/google-internal-load-balancing/main.tf b/examples/google-internal-load-balancing/main.tf new file mode 100644 index 0000000000..9702a3bd1d --- /dev/null +++ b/examples/google-internal-load-balancing/main.tf @@ -0,0 +1,274 @@ +provider "google" { + region = "${var.region}" + project = "${var.project_name}" + credentials = "${file("${var.credentials_file_path}")}" +} + +resource "google_compute_network" "my-custom-network" { + name = "my-custom-network" +} + +resource "google_compute_subnetwork" "my-custom-subnet" { + name = "my-custom-subnet" + ip_cidr_range = "10.128.0.0/20" + network = "${google_compute_network.my-custom-network.self_link}" + region = "${var.region}" +} + +resource "google_compute_firewall" "allow-all-internal" { + name = "allow-all-10-128-0-0-20" + network = "${google_compute_network.my-custom-network.name}" + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } + + allow { + protocol = "icmp" + } + + source_ranges = ["10.128.0.0/20"] +} + +resource "google_compute_firewall" "allow-ssh-rdp-icmp" { + name = "allow-tcp22-tcp3389-icmp" + network = "${google_compute_network.my-custom-network.name}" + + allow { + protocol = "tcp" + ports = ["22", "3389",] + } + + allow { + protocol = "icmp" + } +} + +resource "google_compute_instance" "ilb-instance-1" { + name = "ilb-instance-1" + machine_type = "n1-standard-1" + zone = "${var.region_zone}" + + tags = ["int-lb"] + + disk { + image = "debian-cloud/debian-8" + } + + network_interface { + subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = <

ilb-instance-1

' | tee /var/www/html/index.html +EOF +} + +resource "google_compute_instance" "ilb-instance-2" { + name = "ilb-instance-2" + machine_type = "n1-standard-1" + zone = "${var.region_zone}" + + tags = ["int-lb"] + + disk { + image = "debian-cloud/debian-8" + } + + network_interface { + subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = <

ilb-instance-2

' | tee /var/www/html/index.html +EOF +} + +resource "google_compute_instance" "ilb-instance-3" { + name = "ilb-instance-3" + machine_type = "n1-standard-1" + zone = "${var.region_zone_2}" + + tags = ["int-lb"] + + disk { + image = "debian-cloud/debian-8" + } + + network_interface { + subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = <

ilb-instance-3

' | tee /var/www/html/index.html +EOF +} + +resource "google_compute_instance" "ilb-instance-4" { + name = "ilb-instance-4" + machine_type = "n1-standard-1" + zone = "${var.region_zone_2}" + + tags = ["int-lb"] + + disk { + image = "debian-cloud/debian-8" + } + + network_interface { + subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" + access_config { + // Ephemeral IP + } + } + + metadata_startup_script = <

ilb-instance-4

' | tee /var/www/html/index.html +EOF +} + +resource "google_compute_instance_group" "us-ig1" { + name = "us-ig1" + + instances = [ + "${google_compute_instance.ilb-instance-1.self_link}", + "${google_compute_instance.ilb-instance-2.self_link}" + ] + + zone = "${var.region_zone}" +} + +resource "google_compute_instance_group" "us-ig2" { + name = "us-ig2" + + instances = [ + "${google_compute_instance.ilb-instance-3.self_link}", + "${google_compute_instance.ilb-instance-4.self_link}" + ] + + zone = "${var.region_zone_2}" +} + +resource "google_compute_health_check" "my-tcp-health-check" { + name = "my-tcp-health-check" + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "my-int-lb" { + name = "my-int-lb" + health_checks = ["${google_compute_health_check.my-tcp-health-check.self_link}"] + region = "${var.region}" + + backend { + group = "${google_compute_instance_group.us-ig1.self_link}" + } + + backend { + group = "${google_compute_instance_group.us-ig2.self_link}" + } +} + +resource "google_compute_forwarding_rule" "my-int-lb-forwarding-rule" { + name = "my-int-lb-forwarding-rule" + load_balancing_scheme = "INTERNAL" + ports = ["80"] + network = "${google_compute_network.my-custom-network.self_link}" + subnetwork = "${google_compute_subnetwork.my-custom-subnet.self_link}" + backend_service = "${google_compute_region_backend_service.my-int-lb.self_link}" +} + +resource "google_compute_firewall" "allow-internal-lb" { + name = "allow-internal-lb" + network = "${google_compute_network.my-custom-network.name}" + + allow { + protocol = "tcp" + ports = ["80", "443"] + } + + source_ranges = ["10.128.0.0/20"] + target_tags = ["int-lb"] +} + +resource "google_compute_firewall" "allow-health-check" { + name = "allow-health-check" + network = "${google_compute_network.my-custom-network.name}" + + allow { + protocol = "tcp" + } + + source_ranges = ["130.211.0.0/22","35.191.0.0/16"] + target_tags = ["int-lb"] +} + +resource "google_compute_instance" "standalone-instance-1" { + name = "standalone-instance-1" + machine_type = "n1-standard-1" + zone = "${var.region_zone}" + + tags = ["standalone"] + + disk { + image = "debian-cloud/debian-8" + } + + network_interface { + subnetwork = "${google_compute_subnetwork.my-custom-subnet.name}" + access_config { + // Ephemeral IP + } + } +} + +resource "google_compute_firewall" "allow-ssh-to-standalone" { + name = "allow-ssh-to-standalone" + network = "${google_compute_network.my-custom-network.name}" + + allow { + protocol = "tcp" + ports = ["22"] + } + + target_tags = ["standalone"] +} diff --git a/examples/google-internal-load-balancing/variables.tf b/examples/google-internal-load-balancing/variables.tf new file mode 100644 index 0000000000..eabe00ab95 --- /dev/null +++ b/examples/google-internal-load-balancing/variables.tf @@ -0,0 +1,20 @@ +variable "region" { + default = "us-central1" +} + +variable "region_zone" { + default = "us-central1-b" +} + +variable "region_zone_2" { + default = "us-central1-c" +} + +variable "project_name" { + description = "The ID of the Google Cloud project" +} + +variable "credentials_file_path" { + description = "Path to the JSON file used to describe your account credentials" + default = "~/.gcloud/Terraform.json" +} From af8ef21c54918a268d5852d1f5c86b42479a7978 Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Mon, 19 Dec 2016 11:49:49 -0800 Subject: [PATCH 2/4] Add README/output/example vars to ILB example --- .../google-internal-load-balancing/README.md | 38 +++++++++++++++++++ .../google-internal-load-balancing/output.tf | 3 ++ .../terraform.tfvars.example | 5 +++ 3 files changed, 46 insertions(+) create mode 100644 examples/google-internal-load-balancing/README.md create mode 100644 examples/google-internal-load-balancing/output.tf create mode 100644 examples/google-internal-load-balancing/terraform.tfvars.example diff --git a/examples/google-internal-load-balancing/README.md b/examples/google-internal-load-balancing/README.md new file mode 100644 index 0000000000..732e3eebdc --- /dev/null +++ b/examples/google-internal-load-balancing/README.md @@ -0,0 +1,38 @@ +# Internal Load Balancing in Google Cloud + +This provides a template for setting up internal load balancing in Google Cloud. It directly mirrors the tutorial in the [GCP Internal Load Balancing Documentation](https://cloud.google.com/compute/docs/load-balancing/internal/). + +To run the example, you'll need to [download your credentials from Google Cloud Console](https://www.terraform.io/docs/providers/google/#credentials). A suggested path for the downloaded file is `~/.gcloud/Terraform.json`. + +Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables. + +After you run `terraform apply` on this configuration, it will +automatically output the internal IP address of the load balancer. + +Since the load balancer is only reachable from within the network, ssh into the standalone instance using + +``` +gcloud compute ssh --zone us-central1-b standalone-instance-1 +``` + + +Using `curl` on the IP address given, the LB should respond with a simple header: + +```html +

ilb-instance-X

+``` + +To run, configure your Google Cloud provider as described in + +https://www.terraform.io/docs/providers/google/index.html + +Run with a command like this: + +``` +terraform apply \ + -var="region=us-central1" \ + -var="region_zone=us-central1-b" \ + -var="region_zone_2=us-central1-c" \ + -var="project_name=my-project-id-123" \ + -var="credentials_file_path=~/.gcloud/Terraform.json" +``` \ No newline at end of file diff --git a/examples/google-internal-load-balancing/output.tf b/examples/google-internal-load-balancing/output.tf new file mode 100644 index 0000000000..97d64fbd58 --- /dev/null +++ b/examples/google-internal-load-balancing/output.tf @@ -0,0 +1,3 @@ +output "internal_load_balancer_ip" { + value = "${google_compute_forwarding_rule.my-int-lb-forwarding-rule.ip_address}" +} diff --git a/examples/google-internal-load-balancing/terraform.tfvars.example b/examples/google-internal-load-balancing/terraform.tfvars.example new file mode 100644 index 0000000000..647b8e4034 --- /dev/null +++ b/examples/google-internal-load-balancing/terraform.tfvars.example @@ -0,0 +1,5 @@ +region = "us-central1" +region_zone = "us-central1-b" +region_zone2 = "us-central1-c" +project_name = "my-project-id-123" +credentials_file_path = "~/.gcloud/Terraform.json" From f0dec4c56434dbd6ffe8aa4fb4b9af994abb7afc Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Tue, 20 Dec 2016 15:47:49 -0800 Subject: [PATCH 3/4] Run example using credentials from gcloud init --- .../google-internal-load-balancing/README.md | 30 ++++++++----------- .../google-internal-load-balancing/main.tf | 1 - .../variables.tf | 5 ---- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/examples/google-internal-load-balancing/README.md b/examples/google-internal-load-balancing/README.md index 732e3eebdc..14ca7fd987 100644 --- a/examples/google-internal-load-balancing/README.md +++ b/examples/google-internal-load-balancing/README.md @@ -2,9 +2,20 @@ This provides a template for setting up internal load balancing in Google Cloud. It directly mirrors the tutorial in the [GCP Internal Load Balancing Documentation](https://cloud.google.com/compute/docs/load-balancing/internal/). -To run the example, you'll need to [download your credentials from Google Cloud Console](https://www.terraform.io/docs/providers/google/#credentials). A suggested path for the downloaded file is `~/.gcloud/Terraform.json`. +To run the example, + +* Log in to gcloud with an account that has permission to create the necessary resources using `gcloud init`. +* Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables. +* Run with a command like this: + +``` +terraform apply \ + -var="region=us-central1" \ + -var="region_zone=us-central1-b" \ + -var="region_zone_2=us-central1-c" \ + -var="project_name=my-project-id-123" \ +``` -Optionally update `variables.tf` to specify a default value for the `project_name` variable, and check other variables. After you run `terraform apply` on this configuration, it will automatically output the internal IP address of the load balancer. @@ -21,18 +32,3 @@ Using `curl` on the IP address given, the LB should respond with a simple header ```html

ilb-instance-X

``` - -To run, configure your Google Cloud provider as described in - -https://www.terraform.io/docs/providers/google/index.html - -Run with a command like this: - -``` -terraform apply \ - -var="region=us-central1" \ - -var="region_zone=us-central1-b" \ - -var="region_zone_2=us-central1-c" \ - -var="project_name=my-project-id-123" \ - -var="credentials_file_path=~/.gcloud/Terraform.json" -``` \ No newline at end of file diff --git a/examples/google-internal-load-balancing/main.tf b/examples/google-internal-load-balancing/main.tf index 9702a3bd1d..0cdc32da7a 100644 --- a/examples/google-internal-load-balancing/main.tf +++ b/examples/google-internal-load-balancing/main.tf @@ -1,7 +1,6 @@ provider "google" { region = "${var.region}" project = "${var.project_name}" - credentials = "${file("${var.credentials_file_path}")}" } resource "google_compute_network" "my-custom-network" { diff --git a/examples/google-internal-load-balancing/variables.tf b/examples/google-internal-load-balancing/variables.tf index eabe00ab95..450a24240e 100644 --- a/examples/google-internal-load-balancing/variables.tf +++ b/examples/google-internal-load-balancing/variables.tf @@ -13,8 +13,3 @@ variable "region_zone_2" { variable "project_name" { description = "The ID of the Google Cloud project" } - -variable "credentials_file_path" { - description = "Path to the JSON file used to describe your account credentials" - default = "~/.gcloud/Terraform.json" -} From 0bd27f068d02ccb839bdeeb0d858c243979a7371 Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Wed, 21 Dec 2016 15:10:01 -0800 Subject: [PATCH 4/4] ILB example instances no longer have external IPs --- .../google-internal-load-balancing/main.tf | 56 +++++++------------ .../google-internal-load-balancing/startup.sh | 10 ++++ 2 files changed, 30 insertions(+), 36 deletions(-) create mode 100644 examples/google-internal-load-balancing/startup.sh diff --git a/examples/google-internal-load-balancing/main.tf b/examples/google-internal-load-balancing/main.tf index 0cdc32da7a..f19d5d97bc 100644 --- a/examples/google-internal-load-balancing/main.tf +++ b/examples/google-internal-load-balancing/main.tf @@ -65,15 +65,11 @@ resource "google_compute_instance" "ilb-instance-1" { } } - metadata_startup_script = <

ilb-instance-1

' | tee /var/www/html/index.html -EOF + service_account { + scopes = ["compute-rw"] + } + + metadata_startup_script = "${file("startup.sh")}" } resource "google_compute_instance" "ilb-instance-2" { @@ -94,15 +90,11 @@ resource "google_compute_instance" "ilb-instance-2" { } } - metadata_startup_script = <

ilb-instance-2

' | tee /var/www/html/index.html -EOF + service_account { + scopes = ["compute-rw"] + } + + metadata_startup_script = "${file("startup.sh")}" } resource "google_compute_instance" "ilb-instance-3" { @@ -123,15 +115,11 @@ resource "google_compute_instance" "ilb-instance-3" { } } - metadata_startup_script = <

ilb-instance-3

' | tee /var/www/html/index.html -EOF + service_account { + scopes = ["compute-rw"] + } + + metadata_startup_script = "${file("startup.sh")}" } resource "google_compute_instance" "ilb-instance-4" { @@ -152,15 +140,11 @@ resource "google_compute_instance" "ilb-instance-4" { } } - metadata_startup_script = <

ilb-instance-4

' | tee /var/www/html/index.html -EOF + service_account { + scopes = ["compute-rw"] + } + + metadata_startup_script = "${file("startup.sh")}" } resource "google_compute_instance_group" "us-ig1" { diff --git a/examples/google-internal-load-balancing/startup.sh b/examples/google-internal-load-balancing/startup.sh new file mode 100644 index 0000000000..d2b099f556 --- /dev/null +++ b/examples/google-internal-load-balancing/startup.sh @@ -0,0 +1,10 @@ +#! /bin/bash +apt-get update +apt-get install apache2 -y +a2ensite default-ssl +a2enmod ssl +service apache2 restart +INSTANCE_NAME=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/hostname | awk -F "." '{print $1}'` +ZONE=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone | awk -F "/" '{print $NF}'` +echo '

'$INSTANCE_NAME'

' | tee /var/www/html/index.html +gcloud compute instances delete-access-config $INSTANCE_NAME --zone $ZONE