Google Compute Engine and Ansible

Transcript

1. Sharif Salah Google Developer Expert 2014 Google+ profile @sharif_salah about.me/sharif.salah

   Google Compute Engine and Ansible

2. Image courtesy of Google/Connie Zhou

3. Agenda Cloud Platform and Compute Engine overview Demo of included

   tools Walkthrough of setting up Ansible on Compute Engine Resources

4. Compute Compute Engine App Engine

5. Storage Cloud Datastore Cloud Storage Cloud SQL

6. Services Cloud Endpoints BigQuery

7. Compute Engine IaaS Compute, Storage & Network Sub-hour billing Hugely

   scalable Consistent performance Live migration Automatic restart

8. instance zone region project network firewall load balancer disk

9. Storage Differential snapshots Create a new Persistent Disk based on

   a snapshot Point in time snapshot stored on Google Cloud Storage Google Cloud Storage globally replicaticated Restore from a snapshot from anywhere in the world

10. Networking TCP, UDP, ICMP only Networks are private to a

    project Public IP addresses can be static or ephemeral Private IP addresses are ephemeral and with DNS Networks support Firewall rules, VPNs, and IP Forwarding

11. Ansible specific considerations SSH as root is disabled, use sudo

    instead Google supplies custom NTP configuration See building a Compute Engine image for details

12. & custom kernel support

13. Cloud Console Cloud SDK REST APIs

14. Interfaces demo

15. Why Ansible and Compute Engine? Provision and Orchestrate all layers

    of your project Deploy complete software stacks to Compute Engine Extend your existing Ansible deployment Move loads in and out of the cloud easily

16. localhost (creates ansible) ansible (creates nodes) Development client (runs Google

    Cloud SDK) Google Compute Engine SSH

17. Prerequisites Create a Google Cloud Platform project Enable billing for

    the project Enable the APIs for Google Compute Engine Install the Cloud SDK

18. Localhost steps

19. # list the available images $ gcutil --format=names listimages #

    add a compute engine instance $ gcutil addinstance ansible \ --image=projects/centos-cloud/global/images/<image-name> \ --machine_type=f1-micro \ --service_account_scopes="https://www.googleapis.com/auth/compute" # prepare a certificate as a PEM file $ openssl pkcs12 -in gce-key.p12 -passin pass:notasecret \ -nodes -nocerts | openssl rsa -out gce-key.pem # push the key to our new instance $ gcutil push ansible gce-key.pem </path/to/home/> # connect to our instance over ssh $ gcutil ssh ansible

20. localhost (creates ansible) ansible (creates nodes) Development client (runs Google

    Cloud SDK) node1 node2 Google Compute Engine SSH

21. # install and enable the Extra Packages for Enterprise Linux

    (EPEL) $ wget \ https://anorien.csc.warwick.ac.uk/mirrors/epel/6/i386/epel-release-6-8. noarch.rpm $ sudo rpm -ivh epel-release-6-8.noarch.rpm # install dependencies $ sudo yum -y install python-pip git gcc python-devel $ sudo pip install paramiko PyYAML jinja2 httplib2 # clone and install Apache Libcloud $ git clone https://github.com/apache/libcloud $ cd libcloud; sudo python setup.py install; cd ~ # clone and download ansible $ git clone git://github.com/ansible/ansible.git

22. Environment setup

23. # .bash_profile # Get the aliases and functions if [

    -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin:$HOME/ansible/bin export PATH PYTHONPATH=$HOME/ansible/lib:$HOME export PYTHONPATH ANSIBLE_LIBRARY=$HOME/ansible/library export ANSIBLE_LIBRARY MANPATH=$HOME/ansible/docs/man: export MANPATH ANSIBLE_HOSTS=$HOME/ansible-example/home export ANSIBLE_HOSTS ANSIBLE_HOST_KEY_CHECKING=False export ANSIBLE_HOST_KEY_CHECKING eval $(ssh-agent)

24. Configuration

25. # implement the environment configuration $ source ~/.bash_profile # copy

    the template secrets file for Apache Libcloud $ cp ~/libcloud/demos/secrets.py-dist secrets.py # identify the name of your Google Cloud Platform project $ gcutil getproject --format=names # edit secrets.py GCE_PARAMS = ('[email protected]', ‘/path/to/file/gce-key.pem') .. GCE_KEYWORD_PARAMS = {'project': 'project-name-123'} # run ssh to generate the necessary keys and add the private identity to the agent $ gcutil ssh ansible date $ ssh-add ~/.ssh/google_compute_engine

26. # download some ansible examples $ git clone git://github.com/sharifsalah/ansible-examples.git #

    test ansible $ ansible -i ~/ansible-examples/hosts all -m ping # run the playbook $ ansible-playbook -i ~/ansible-examples/hosts -v ~/ansible-examples/gce.yml

27. Sample playbook

28. - name: Create new GCE instances hosts: localhost gather_facts: no

    vars: names: node1,node2 type: f1-micro image: centos-6 zone: europe-west1-b tasks: - name: Create instances local_action: module: gce instance_names: '{{ names }}' machine_type: '{{ type }}' image: '{{ image }}' zone: '{{ zone }}' register: gce

29. - name: Open port 80 to allow Apache hosts: localhost

    gather_facts: no tasks: - name: Allow HTTP local_action: module: gce_net name: default allowed: tcp:80 fwname: all-http

30. Resources

31. None

32. Google Developer Experts directory Book office hours with a GDE

    Official Google Cloud Platform Community Stack Overflow

33. These slides: http://goo.gl/LFxFCd Thank you! Any questions?