Google Cloud

Creating GCE Credentials

You can Download 'gcloud' from https://cloud.google.com/sdk/

#!/bin/bash

# Select the project
$ gcloud projects list

# GCP project where resources will be created assign the PROJECT_NAME to variable called IAM_PROJECT
$ IAM_PROJECT="<project-from-list>"
# The Google Service Account Name
$ IAM_SA_NAME="vm-instance-admin"

# Step 1: Create a Service Account
$ gcloud iam service-accounts create $IAM_SA_NAME \
            --display-name "Projects VM Instance Admin"

# Step 2: Create the Service Account Key

$ IAM_ACCOUNT="${IAM_SA_NAME}@${IAM_PROJECT}.iam.gserviceaccount.com"

$ gcloud iam service-accounts keys create \
            --iam-account $IAM_ACCOUNT \ gce-key.json

# Step 3: Grant VM instance Admin role

$ gcloud projects add-iam-policy-binding $IAM_PROJECT \
    --member serviceAccount:$IAM_ACCOUNT --role roles/compute.instanceAdmin.v1

$ gcloud projects add-iam-policy-binding $IAM_PROJECT \
    --member serviceAccount:$IAM_ACCOUNT --role roles/compute.networkAdmin

$ gcloud projects add-iam-policy-binding $IAM_PROJECT \
    --member serviceAccount:$IAM_ACCOUNT --role roles/compute.securityAdmin

$ gcloud projects add-iam-policy-binding $IAM_PROJECT \
    --member serviceAccount:$IAM_ACCOUNT --role roles/iam.serviceAccountUser

Variables

Variable Name Description Default value

Variable Name	Description	Default value
service_account_email	The Google Cloud Service Accounts
project_id	The Google Cloud Project where the resources will be created
credentials_file	The Google Cloud credentials JSON file corresponding to the `service_account_email` . Refer to Creating GCE Credentials on how to create one for your project
region	The Google compute regions and zones	asia-south1
zone	The Google compute regions and zones	asia-south1-a
cloud_user	The user to SSH into the instances	centos
private_key_file	The SSH private key file will be required to SSH into the instances, if the file does not exists it will created	$PROJECT_HOME/keys/gce_idrsa
public_key_file	The SSH Public Key of the `private_key_file` that will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the GCP VM instances	$PROJECT_HOME/keys/gce_idrsa.pub
machine_type	The type of Google Compute machine types to provision	n1-standard-4
image	The Google compute OS public images	centos-7
os_source_image	The Google compute OS public images, this option allows to use any customized images if needed. Reserved for future	/projects/centos-cloud/global/images/family/centos-7
docker_disk_size	Size of the the Docker Disk in GB, the Google Persistence Disk that will be attached to act as Docker Storage	100
is_rhel	Whether the image used is RHEL, this reserved for future use	False

service_account_email

The Google Cloud Service Accounts

project_id

The Google Cloud Project where the resources will be created

credentials_file

The Google Cloud credentials JSON file corresponding to the service_account_email . Refer to Creating GCE Credentials on how to create one for your project

region

The Google compute regions and zones

asia-south1

zone

The Google compute regions and zones

asia-south1-a

cloud_user

The user to SSH into the instances

centos

private_key_file

The SSH private key file will be required to SSH into the instances, if the file does not exists it will created

$PROJECT_HOME/keys/gce_idrsa

public_key_file

The SSH Public Key of the private_key_file that will be added to ~/.ssh/authorized_keys of the cloud_user in the GCP VM instances

$PROJECT_HOME/keys/gce_idrsa.pub

machine_type

The type of Google Compute machine types to provision

n1-standard-4

image

The Google compute OS public images

centos-7

os_source_image

The Google compute OS public images, this option allows to use any customized images if needed. Reserved for future

/projects/centos-cloud/global/images/family/centos-7

docker_disk_size

Size of the the Docker Disk in GB, the Google Persistence Disk that will be attached to act as Docker Storage

100

is_rhel

Whether the image used is RHEL, this reserved for future use

False

References

Ansible GCP Guide

https://cloud.google.com/sdk/docs/quickstart-macos