Distributed zdns implementation
-
Create a Service Account and Give Owner Role to the Account OR Just Give the Minimum Roles Required to Function
- Compute Admin
- Compute Instance Admin (beta)
- Compute Instance Admin (v1)
- Compute Network Admin
- Compute Network User
- Compute OS Admin Login
- Compute OS Login
- Service Account Admin
- Service Account User
- Owner
- Storage Admin
-
Download the Service Account JSON Key File to the Control Node and Add it to the Required Directory
- Keys Directory
-
Link the Service Account to all the Projects of Interest by adding Service Account's Email to Projects IAM By Giving Owner Role OR Just Give the Minimum Roles Required to Function (As above mentioned)
- This Works Accross Multiple Projects Belongs to Different GCP Accounts as well
-
Add all the Projects Details to the Relavent Config Varibale
- terraform.tfvars -> projects variable
-
Add provider blocks for each project of Interest Manually - Terraform does not support for_each in provider block
-
Set Environment Variable of the Local Machine - Control Node
export ANSIBLE_HOST_KEY_CHECKING=False export GOOGLE_APPLICATION_CREDENTIALS=/home/<path to GCP Service Account Key JSON file>
-
Create A Private / Public Key Pair for SSH Authentication
ssh-keygen -t rsa -f ~/.ssh/ssh_key -C ssh_user -
Add the File Paths to the Private / Public Key Files to the
- terraform.tfvars -> ssh_key_public
- terraform.tfvars -> ssh_key_private
-
Create a GCP Storage Bucket From the Root Project - Where you create the GCP Service Account JSON Key
-
Add or change the configurations in both Terraform (main.tf) and Ansible (ansible.cfg)
- GCP Locations - vm_nodes
- Projects Details - projects and provider.tf
- VM Settings - specs
- Seed File Name to Downloaded from GC Storage Bucket
- Output File Directories and Naming / Annotating
-
Run the System By Entering Following Commands
terraform init terraform apply
-
Destroy the Created Infrastructure
terraform destroy