HashiCorp Terraform is a powerful open-source infrastructure automation tool that enables you to provision and manage infrastructure as code. Google has been collaborating with HashiCorp since 2013 to enable customers who use Terraform and other HashiCorp tools to make optimal use of Google Cloud Platform (GCP) services and features. This codelab teaches you how to use Terraform to create a VM running a webserver on GCE with a public IP address.

What you'll learn

Codelab-at-a-conference setup

If you see a "request account button" at the top of the main Codelabs window, click it to obtain a temporary account. Otherwise ask one of the staff for a coupon with username/password.

These temporary accounts have existing projects that are set up with billing so that there are no costs associated for you with running this codelab.

Note that all these accounts will be disabled soon after the codelab is over.

Use these credentials to log into the machine or to open a new Google Cloud Console window https://console.cloud.google.com/. Accept the new account Terms of Service and any updates to Terms of Service.

Here's what you should see once logged in:

When presented with this console landing page, please select the only project available. Alternatively, from the console home page, click on "Select a Project" :

Start Cloud Shell

While Google Cloud can be operated remotely from your laptop, in this codelab you will be using Google Cloud Shell, a command line environment running in the Cloud.

From the GCP Console click the Cloud Shell icon on the top right toolbar:

It should only take a few moments to provision and connect to the environment. When it is finished, you should see something like this:

This virtual machine is loaded with all the development tools you'll need. It offers a persistent 5GB home directory, and runs on Google Cloud, greatly enhancing network performance and authentication. All of your work in this lab can be done with simply a browser.

Before using Terraform, you must first install it locally. This will enable you to use the terraform CLI.

You could browse to the Terraform website, but this section will teach you how to download, verify, and install Terraform securely. Even though Terraform is downloaded over a TLS connection, it may still be possible for a skilled attacker to compromise the underlying storage system or network transport. For that reason, in addition to serving the binaries over TLS, HashiCorp also signs the checksums of each release with their private key. Thus, to verify the integrity of a download, we must:

  1. Import and trust HashiCorp's GPG public key
  2. Download the Terraform binary
  3. Download the Terraform checksums
  4. Download the Terraform checksum signature
  5. Verify the signature of the checksum against HashiCorp's GPG key
  6. Verify the checksums of the binary against the file

This way, even if an attacker were able to compromise the network transport and underlying storage component, they wouldn't be able to sign the checksums with HashiCorp's GPG key. If this operation is successful, we have an extremely high degree of confidence that the software is untainted.

Since that process can be tedious, we will leverage a Docker container to do it for us. Execute the following command to install Terraform locally. We install Terraform into $HOME/bin because that will persist between restarts on Cloud Shell.

$ docker run -v $HOME/bin:/software sethvargo/hashicorp-installer terraform 0.11.10
$ sudo chown -R $(whoami):$(whoami) $HOME/bin/

Add the bin to our path:

$ export PATH=$HOME/bin:$PATH

Finally, optionally, explore the Terraform CLI help. Do not execute any non-help commands.

$ terraform -h

Enable the Google Compute Engine API. This only needs to be done once per project to make the API accessible.

$ gcloud services enable compute.googleapis.com

Add a Terraform config file that creates a compute instance with a unique name and an external IP. On startup, this compute instance will install apache and overwrite the Apache web server default web page. Because we need the instance to be accessible by any IP, we also add a firewall rule that allows HTTP traffic from anywhere to instances that have the http-server tag.

Download the Terraform configuration from GitHub:

$ curl -sSfO https://raw.githubusercontent.com/sethvargo/terraform-gcp-examples/master/public-instance-webserver/main.tf

There are a few things to note in the specification:

Terraform Configuration File

resource "google_compute_instance" "default" {
  name         = "vm-${random_id.instance_id.hex}"
  machine_type = "f1-micro"
  zone         = "us-west1-a"

  # ...
}

We can now run Terraform. First, initialize Terraform to download the latest version of the Google and Random providers.

$ terraform init

Run a plan step to validate the configuration syntax and show a preview of what will be created.

$ terraform plan

The plan output shows Terraform is going to create a google_compute_firewall_rule, a google_compute_instance, and a random_id resource.

Now execute Terraform apply to apply those changes:

$ terraform apply

You will see output like this:

Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.
  Enter a value:

Enter "yes" to the prompt. After the apply has finished, you should see an output similar to the following.

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

ip = <some value here...>

Copy and paste the value for the instance's IP into your web browser to see your server's welcome page! (Note: it can take a few minutes for the instance to boot and be provisioned).

When you no longer need the infrastructure you created, destroy it using the destroy command.

$ terraform destroy

Just like before, Terraform will prompt you for confirmation:

Plan: 0 to add, 0 to change, 3 to destroy.
Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.
  Enter a value:

Type "yes" and Terraform will destroy the infrastructure.

You learned how to run HashiCorp Terraform on Google Cloud to create a VM running a webserver.

Clean up

If you are done exploring, please consider deleting your project.

Learn More

License

This work is licensed under a Creative Commons Attribution 2.0 Generic License.