Ansible AWX - Importing Google Cloud Compute instances
In a previous post I wrote about working with AWS EC2 instances in AWX. This post will cover how to work with Google Cloud Compute instances.
Overview
- Create/ use an existing user within the Google Cloud platform with access to create/modify Compute Engine instances
- Configure AWX to setup auto discovery of Compute instances in a Google Cloud project
Setup Google cloud service account
I chose to create a Service account as this type of account is used for an application (AWX) to make authorized API calls.
Within your Google cloud project navigate to -
IAM & Admin > Service Accounts
The roles I assigned.
Role | Description |
---|---|
compute.viewer | Read-only access to get and list Compute Engine resources, without being able to read the data stored on them. |
serviceAccountUser | Run operations as the service account. |
Private key
Once the service account has been created, make sure to create a private key in the recommended json format - save this file securely.
The private key file will be in the following format.
{
"type": "service_account",
"project_id": "project id",
"private_key_id": "private key id",
"private_key": "private key data",
"client_email": "client email",
"client_id": "client id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "client cert url"
}
Configure AWX
Create Google Compute Engine credential - used for auto discovery
This credential will link to the service account you created in the earlier step.
- Enter an appropriate name, description.
- Credential type = Google Compute Engine
- Select the service account .json file you saved earlier - this will auto populate the project field inc. the private key field.
Click save to store the credential.
Create an inventory
Create a new inventory to store all the discovered Compute instances.
Source
Next, add a new source to the inventory by clicking on Sources.
- Source = Google Compute Engine
- Credential = This is the credential you created from the earlier step
- Regions = Select the region your compute instances reside in
Under the update options, I chose Overwrite since this will mean every time the inventory is synced with the current state of Google cloud compute instances. If any instances were removed from Google cloud the same will be applied in AWX.
Sync inventory
Once the source has been saved. Click on the sync icon to start the process to import the Compute instances -
As the sync is in progress a new Job would have started, which would give more analysis on any issues.
If successful, you should now see Compute instances imported inside the inventory under Hosts.
For any issues with the sync process, the job console output should be consulted to troubleshoot any errors which may have occurred. Issues differ on a case by case basis so it’s always good to analyse the console output.
Setup schedule
A schedule is required for auto discovery of Compute instances.
You can create one by clicking on Sources in the inventory.
Then select Schedules. Here you can select the frequency to run the sync process.
That way AWX will have a near identical view of the Google compute instances which currently reside in your Google cloud project.