Configuration

In this activity you will:

  • Install Terraform and Ansible
  • Configure the Google Cloud SDK
  • Enable the Compute Engine API
  • Configure API credentials
  • Configure SSH credentials

NOTE: All of the commands listed within this activity should be executed within the Google Cloud Shell - not on your laptop.

Install Terraform and Ansible

Download the lab repository to your home directory.

$ git clone https://github.com/PaloAltoNetworks/terraform-ansible-intro

Change into the lab directory and run the lab configuration script. This will install the Terraform binary and the Ansible package. This may take a few minutes to complete.

$ cd terraform-ansible-intro
$ ./setup

Run the commands below to ensure the Terraform and Ansible binaries are properly installed. Both commands should display the current version of each executable.

$ terraform --version
$ ansible --version

Enable the Compute Engine API

Use the following gcloud services command to enable the Compute Engine API. This API will be used by Terraform to deploy the VM-Series instance.

$ gcloud services enable compute.googleapis.com

Configure API credentials

Use the following gcloud iam command to list the default service accounts.

$ gcloud iam service-accounts list

Use the following gcloud iam command to download the credentials for the Compute Engine default service account using its associated email address (displayed in the output of the previous command).

$ gcloud iam service-accounts keys create gcp_compute_key.json --iam-account <EMAIL_ADDRESS>

Verify the JSON credentials file was successfully created.

$ cat gcp_compute_key.json

Configure SSH credentials

Create an SSH key with an empty passphrase and save it in the ~/.ssh directory.

$ ssh-keygen -t rsa -b 1024 -N '' -f ~/.ssh/lab_ssh_key

NOTE: GCP has the ability to manage all of its own SSH keys and propagate them automatically to projects and instances. However, the VM-Series is only able to make use of a single SSH key. Rather than leverage GCP's SSH key management process, we've created our own SSH key and configured the Compute Engine to use our key exclusively. When we deploy the VM-Series in the next activity we'll instruct the instance to also use the SSH key we've created.