Aditya's blog
IaC with Terraform & ansible on GCP

IaC with Terraform & ansible on GCP

Aditya Jadhav's photo
Aditya Jadhav
·

3 min read

Table of contents

Introduction

A journey into Infrastructure as Code (IaC) using Terraform and Ansible on Google Cloud Platform (GCP). In this blog post, we'll delve into a real-world project involving IP address rotation, discussing key components, achievements, and challenges.

Project Overview

Our project focuses on automating the infrastructure in a cloud environment, promoting scalability, security. Here's a overview of the key elements:

1. Terraform Configuration

We kick-started the project by setting up a Terraform configuration. This laid the foundation for deploying multiple VPN servers across diverse GCP zones.

2. Ansible Configuration

Ansible, our automation superhero, came into play to streamline the WireGuard setup on these servers. Additionally, it manages the uploading of VPN configurations to a GCP bucket.

3. Python Script for Dynamic Inventory

To ensure smooth communication between Terraform outputs and Ansible, we developed a Python script. This script dynamically updates the Ansible inventory with the IP addresses of VM instances created by Terraform.

4. Bash Script for IP Rotation

Facilitating IP rotation is critical. Enter the bash script, which randomly selects a VPN configuration and applies it, ensuring a continuous and diverse range of IPs.

Challenges and Solutions

No project is without its hurdles. Let's explore some of the challenges we faced and the innovative solutions we developed:

1. WireGuard Implementation

Transitioning from OpenVPN to WireGuard presented a significant change. We're actively fine-tuning the WireGuard setup to meet our security and performance expectations.

2. Testing and Validation

Ensuring the effectiveness and reliability of the IP rotation mechanism is our current focus. This involves comprehensive testing, stability checks for connections, and thorough validation of the rotation logic.

3. Integration and Automation

Coordinating Terraform, Ansible, and the IP rotation script requires precision. We're working diligently to ensure these components seamlessly integrate for an automated and reliable system.

Terraform and ansible implementation

Our project focuses on optimizing and automating the deployment of virtual machines (VMs) and managing data storage in Google Cloud Platform (GCP). To achieve this, we leveraged the power of two key Infrastructure as Code (IAC) tools—Terraform and Ansible.

Terraform Configuration

1. Infrastructure Provisioning

Using Terraform, we defined the infrastructure as code, specifying the desired state of our GCP resources. The Terraform configuration included:

hcl

# Terraform Configuration Sample
provider "google" {
  credentials = file("path/to/service-account-key.json")
  project     = "your-gcp-project"
  region      = "us-central1"
}

# Define a Google Cloud VPC
resource "google_compute_network" "my_vpc" {
  # ... (VPC configuration)
}

# Define a subnet within the VPC
resource "google_compute_subnetwork" "my_subnet" {
  # ... (Subnet configuration)
}

# Define a firewall rule allowing ingress on port 22 (SSH)
resource "google_compute_firewall" "allow_ssh" {
  # ... (Firewall rule configuration)
}

# Define a Google Cloud Compute Engine instance (VM)
resource "google_compute_instance" "my_instance" {
  # ... (VM configuration)
}

2. Scalability and Flexibility

Terraform allowed us to scale our infrastructure effortlessly by defining reusable modules, ensuring consistency across different environments, and providing a clear representation of our infrastructure.

Ansible Playbooks

1. Configuration Management

Ansible played a pivotal role in configuring our VM instances. Ansible playbooks were crafted to automate the installation and setup of software, ensuring uniformity and reducing manual intervention. A simplified Ansible playbook snippet looks like this:

yaml

# Ansible Playbook Sample
---
- name: Configure VM Instances
  hosts: my_instance
  become: true

  tasks:
    - name: Install Required Packages
      apt:
        name: "{{ item }}"
        state: present
      with_items:
        - package1
        - package2

    - name: Configure Application
      template:
        src: templates/app_config.j2
        dest: /path/to/config/file

2. Seamless Integration

Ansible seamlessly integrated with Terraform, ensuring a cohesive workflow. A dynamic inventory script was employed to dynamically update Ansible's inventory with the IP addresses of VM instances created by Terraform.

Achievements and Next Steps

Our implementation using Terraform and Ansible has resulted in a streamlined and automated infrastructure deployment. As we move forward, we are focusing on continuous improvement, exploring advanced features, and enhancing security measures within our cloud environment.

GCP bucketTerraformansibleBashPythonGCPvirtual machineCloud