Differences

This shows you the differences between two versions of the page.

--- lesson_terraform_cgp_01 [2025/07/26 17:09] – - Imported by DokuWiki Advanced Plugin wikiadm
+++ lesson_terraform_cgp_01 [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Lição Terraform GCP 01 ======
-FIXME **Fluxo: ** file.tf -> terraform init -> terraform plan -> terraform apply -> terraform destroy
-FIXME **Para identar:** terraform fmt
-===== Iniciando o provider =====
-<code bash>
-$ mkdir lession01
-$ cd lession01
-</code>
-<file tf provider.tf>
-terraform {
-  required_providers {
-    google = {
-      source = "hashicorp/google"
-      version = "4.51.0"
-    }
-  }
-}
-provider "google" {
-  # Configuration options
-}
-</file>
-<code bash>
-$ terraform init
-Initializing the backend...
-Initializing provider plugins...
-- Finding hashicorp/google versions matching "4.51.0"...
-- Installing hashicorp/google v4.51.0...
-- Installed hashicorp/google v4.51.0 (signed by HashiCorp)
-Terraform has created a lock file .terraform.lock.hcl to record the provider
-selections it made above. Include this file in your version control repository
-so that Terraform can guarantee to make the same selections by default when
-you run "terraform init" in the future.
-Terraform has been successfully initialized!
-You may now begin working with Terraform. Try running "terraform plan" to see
-any changes that are required for your infrastructure. All Terraform commands
-should now work.
-If you ever set or change modules or backend configuration for Terraform,
-rerun this command to reinitialize your working directory. If you forget, other
-commands will detect it and remind you to do so if necessary.
-</code>
-===== Iniciando o projeto =====
-Requisito: ativar o **Compute Engine API** e criar uma **Service accounts**
-  * Navigation menu -> Compute Engine -> VM instances
-  * Navigation menu -> IAM & Admin -> Service accounts
-FIXME Baixar a chave depois de criar Service account
-<file tf provider.tf>
-$ cat provider.tf
-terraform {
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = "4.51.0"
-    }
-  }
-}
-provider "google" {
-  credentials = "/home/gean/gcp/svc-account/singular-carver-376919-f09b67c64df6.json"
-  project     = "singular-carver-376919"
-  region      = "us-central1"
-}
-</file>
-<code bash>
-$ terraform fmt
-$ terraform validate
-Success! The configuration is valid.
-</code>
-===== VPC =====
-<file tf network.tf>
-resource "google_compute_network" "vpc_network" {
-  name                    = "vpc-network"
-  auto_create_subnetworks = false
-}
-</file>
-<code bash>
-$ terraform plan
-Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-  + create
-Terraform will perform the following actions:
-  # google_compute_network.vpc_network will be created
-  + resource "google_compute_network" "vpc_network" {
-      + auto_create_subnetworks         = false
-      + delete_default_routes_on_create = false
-      + gateway_ipv4                    = (known after apply)
-      + id                              = (known after apply)
-      + internal_ipv6_range             = (known after apply)
-      + mtu                             = (known after apply)
-      + name                            = "vpc-network"
-      + project                         = (known after apply)
-      + routing_mode                    = (known after apply)
-      + self_link                       = (known after apply)
-    }
-Plan: 1 to add, 0 to change, 0 to destroy.
-───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
-Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply"
-now.
-</code>
-<code bash>
-$ terraform apply
-Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-  + create
-Terraform will perform the following actions:
-  # google_compute_network.vpc_network will be created
-  + resource "google_compute_network" "vpc_network" {
-      + auto_create_subnetworks         = false
-      + delete_default_routes_on_create = false
-      + gateway_ipv4                    = (known after apply)
-      + id                              = (known after apply)
-      + internal_ipv6_range             = (known after apply)
-      + mtu                             = (known after apply)
-      + name                            = "vpc-network"
-      + project                         = (known after apply)
-      + routing_mode                    = (known after apply)
-      + self_link                       = (known after apply)
-    }
-Plan: 1 to add, 0 to change, 0 to destroy.
-Do you want to perform these actions?
-  Terraform will perform the actions described above.
-  Only 'yes' will be accepted to approve.
-  Enter a value: yes
-google_compute_network.vpc_network: Creating...
-google_compute_network.vpc_network: Still creating... [10s elapsed]
-google_compute_network.vpc_network: Creation complete after 16s [id=projects/singular-carver-376919/global/networks/vpc-network]
-Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
-</code>
-===== Firewall =====
-<file tf firewall.tf>
-$ cat firewall.tf
-resource "google_compute_firewall" "allow-icmp-ssh" {
-  name    = "allow-icmp-ssh"
-  network = "vpc-network"
-  allow {
-    protocol = "icmp"
-  }
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-  source_ranges = ["0.0.0.0/0"]
-}
-</file>
-<code bash>
-$ terraform apply -auto-approve
-google_compute_network.vpc_network: Refreshing state... [id=projects/singular-carver-376919/global/networks/vpc-network]
-Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-  + create
-Terraform will perform the following actions:
-  # google_compute_firewall.allow-icmp-ssh will be created
-  + resource "google_compute_firewall" "allow-icmp-ssh" {
-      + creation_timestamp = (known after apply)
-      + destination_ranges = (known after apply)
-      + direction          = (known after apply)
-      + enable_logging     = (known after apply)
-      + id                 = (known after apply)
-      + name               = "allow-icmp-ssh"
-      + network            = "vpc-network"
-      + priority           = 1000
-      + project            = (known after apply)
-      + self_link          = (known after apply)
-      + source_ranges      = [
-          + "0.0.0.0/0",
-        ]
-      + allow {
-          + ports    = [
-              + "22",
-            ]
-          + protocol = "tcp"
-        }
-      + allow {
-          + ports    = []
-          + protocol = "icmp"
-        }
-    }
-Plan: 1 to add, 0 to change, 0 to destroy.
-google_compute_firewall.allow-icmp-ssh: Creating...
-google_compute_firewall.allow-icmp-ssh: Still creating... [10s elapsed]
-google_compute_firewall.allow-icmp-ssh: Creation complete after 14s [id=projects/singular-carver-376919/global/firewalls/allow-icmp-ssh]
-Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
-</code>
-===== Subnet =====
-<file tf subnet.tf>
-resource "google_compute_subnetwork" "subnetwork-internal-ipv4" {
-  name             = "internal-subnetwork"
-  ip_cidr_range    = "10.0.0.0/22"
-  region           = "us-central1"
-  network          = "vpc-network"
-}
-</file>
-===== Instance =====
-<file tf instance.tf>
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
-  network_interface {
-    network = "vpc-network"
-    subnetwork = "internal-subnetwork"
-  }
-}
-</file>
-===== Disk =====
-<file tf disk.tf>
-resource "google_compute_disk" "default" {
-  name = "test-disk"
-  type = "pd-ssd"
-  zone = "us-central1-a"
-  size = 30
-}
-</file>
-<file tf instance.tf>
-resource "google_compute_instance" "default" {
-  name         = "test"
-  machine_type = "e2-medium"
-  zone         = "us-central1-a"
-  boot_disk {
-    initialize_params {
-      image = "debian-cloud/debian-11"
-    }
-  }
-  network_interface {
-    network    = "vpc-network"
-    subnetwork = "internal-subnetwork"
-  }
-  attached_disk {
-    source = "test-disk"
-  }
-  allow_stopping_for_update = true
-}
-</file>
-===== Referências =====
-  - [[https://registry.terraform.io/providers/hashicorp/google/latest|google]]
-  - [[https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started|Getting Started with the Google Provider]]
-  - [[https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network|google_compute_network]]
-  - [[https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall|google_compute_firewall]]
-  - [[https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork|google_compute_subnetwork]]
-  - [[https://mihaibojin.medium.com/deploy-and-configure-google-compute-engine-vms-with-terraform-f6b708b226c1|Deploy and configure Google Compute Engine VMs with Terraform]]