A small demo on how to run Ansible playbooks against Google Cloud instances

1. Esther Lozano | @esloho

2. Set up the place: GCE
- Create project and add instances in Google Cloud Engine
- Check the first steps tutorial for VM instances
- Add ssh public key to project
- Compute engine → Metadata → SSH keys
- Test ssh connection from your local
- Create service key and download it (i.e. ansible_service_account.json)
- IAM & admin → Service account → Create key
- Place it into your ansible project
- Install gcloud in your local machine (optional)

6. Manage invitations: Ansible
- Copy from contrib/inventory files gce.ini and gce.py into your inventory
- Download from https://github.com/ansible/ansible
- Create secrets.py
- Use absolute path or relative to playbook execution for ansible_service_account.json
- Indicate absolute path of secrets.py in gce.ini
- pip install apache-libcloud
- Test the gce connection
- $ inventory/gce.py --list
- $ ansible all -u esloho -i inventory/gce.py -m ping

8. Party!
- Run your playbooks as usual
- $ ansible-playbook -i inventory monitoring.yml
- Select hosts by network tag from your gce instances
- hosts: tag_mongo
- hosts: all:!tag_http_server
- Host configuration (host_vars, --limit, hosts…) by instance name
- Possible to combine static inventory and dynamic gce.py

11. Some party favors
- Ansible documentation for GCE
http://docs.ansible.com/ansible/latest/guide_gce.html
- Managing SSH keys in GCE
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
- Service account keys and permissions
https://cloud.google.com/iam/docs/service-accounts
- Github repository of this demo https://github.com/esloho/ansible-gce-demo