Over the past few days I have converted the OpenShift 3.11 infrastructure on Amazon AWS to run on Google Cloud Platform. I have kept the similar VPC network layout and instances to run OpenShift.
Before you start you need to create a project on Google Cloud Platform, then continue to create the service account and generate the private key and download the credential as JSON file.
Create the new project:
Create the service account:
Give the service account compute admin and storage object creator permissions:
Then create a storage bucket for the Terraform backend state and assign the correct bucket permission to the terraform service account:
Bucket permissions:
To start, clone my openshift-terraform github repository and checkout the google-dev branch:
git clone https://github.com/berndonline/openshift-terraform.git cd ./openshift-terraform/ && git checkout google-dev
Add your previously downloaded credentials json file:
cat << EOF > ./credentials.json
{
"type": "service_account",
"project_id": "<--your-project-->",
"private_key_id": "<--your-key-id-->",
"private_key": "-----BEGIN PRIVATE KEY-----
...
}
EOF
There are a few things you need to modify in the main.tf and variables.tf before you can start:
...
terraform {
backend "gcs" {
bucket = "<--your-bucket-name-->"
prefix = "openshift-311"
credentials = "credentials.json"
}
}
...
...
variable "gcp_region" {
description = "Google Compute Platform region to launch servers."
default = "europe-west3"
}
variable "gcp_project" {
description = "Google Compute Platform project name."
default = "<--your-project-name-->"
}
variable "gcp_zone" {
type = "string"
default = "europe-west3-a"
description = "The zone to provision into"
}
...
Add the needed environment variables to apply changes to CloudFlare DNS:
export TF_VAR_email='<-YOUR-CLOUDFLARE-EMAIL-ADDRESS->' export TF_VAR_token='<-YOUR-CLOUDFLARE-TOKEN->' export TF_VAR_domain='<-YOUR-CLOUDFLARE-DOMAIN->' export TF_VAR_htpasswd='<-YOUR-OPENSHIFT-DEMO-USER-HTPASSWD->'
Let’s start creating the infrastructure and verify afterwards the created resources on GCP.
terraform init && terraform apply -auto-approve
VPC and public and private subnets in region europe-west3:
Created instances:
Created load balancers for master and infra nodes:
Copy the ssh key and ansible-hosts file to the bastion host from where you need to run the Ansible OpenShift playbooks.
scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ./helper_scripts/id_rsa -r ./helper_scripts/id_rsa centos@$(terraform output bastion):/home/centos/.ssh/ scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ./helper_scripts/id_rsa -r ./inventory/ansible-hosts centos@$(terraform output bastion):/home/centos/ansible-hosts
I recommend waiting a few minutes as the cloud-init script prepares the bastion host. Afterwards continue with the pre and install playbooks. You can connect to the bastion host and run the playbooks directly.
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ./helper_scripts/id_rsa -l centos $(terraform output bastion) -A "cd /openshift-ansible/ && ansible-playbook ./playbooks/openshift-pre.yml -i ~/ansible-hosts" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ./helper_scripts/id_rsa -l centos $(terraform output bastion) -A "cd /openshift-ansible/ && ansible-playbook ./playbooks/openshift-install.yml -i ~/ansible-hosts"
After the installation is completed, continue to create your project and applications:
When you are finished with the testing, run terraform destroy.
terraform destroy -force
Please share your feedback and leave a comment.