Khóa luận tốt nghiệp Hệ thống thông tin: An automation support tool for deploying infrastructure to the cloud using Terraform and CICD

VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITYUNIVERSITY OF INFORMATION TECHNOLOGY INFORMATION SYSTEM FACULTY PHAM TRUNG KIEN - 18520957 GRADUATION THESIS AN AUTOMATION SUPPORT TOOL FOR DE

VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

UNIVERSITY OF INFORMATION TECHNOLOGY

INFORMATION SYSTEM FACULTY

PHAM TRUNG KIEN

GRADUATION THESIS

AN AUTOMATION SUPPORT TOOL FOR DEPLOYING

INFORMATION SYSTEM ENGINEERING

Ho Chi Minh City, 2022

VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

UNIVERSITY OF INFORMATION TECHNOLOGY

INFORMATION SYSTEM FACULTY

PHAM TRUNG KIEN - 18520957

GRADUATION THESIS

AN AUTOMATION SUPPORT TOOL FOR DEPLOYING INFRASTRUCTURE TO THE CLOUD

USING TERRAFORM AND CI/CD

INFORMATION SYSTEM ENGINEERING

ADVISOR

Dr PHAN XUAN THIEN

Ho Chi Minh City, 2022

INFORMATION OF THE GRADUATE THESIS COUNCIL

First of all, I would like to express our sincere thanks to the lecturers at the University

of Information Technology - Vietnam National University, Ho Chi Minh City, and the Department of Information Systems teachers for helping me have a basic knowledge

that underlies this thesis.

Our group would like to express deepest gratitude and gratitude to our instructor — Dr.

Phan Xuan Thien The teacher and your directly guided, corrected, and provided many valuable comments to help our group complete subject final report well Once again, I

sincerely thank you and wish you good health.

During one semester of implementing the project, our group applied the accumulated

background knowledge and combined it with learning and researching new knowledge from teachers, friends, and many sources or references From there, our team makes the most of what has been collected to complete the best project report However, because

of our limited professional knowledge and our lack of practical experience, the content

of the report cannot avoid shortcomings, I look forward to receiving further advice and guidance from you to perfect our knowledge so that our group can use it as a luggage

to carry out other topics in the future as well as in future study and work.

Besides, I want to give thanks to my family for taking care of, support me and always

give me a best condition Moreover, Thanks for all college student of class CTTT2018

have always been attached, helped each other.

Signature

TABLE OF CONTENTS

Contents

[Y0 0400 naa11 1

1.1 Problem Statement —— 1.2 Objective and Particular ObjeCfÏVéS 5:25 22Str2textexerxerrrxrerrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrri 4

1.3 Challenges nh 1.4 Thesis SITUCtUT€ - 22t 222x232 1221121121121211211.11211.11.1.11.1.11101.011 1e 6 CHAP 2: RELATED RESEARCH 52-52522222 221222112221 TT reo 8 2.1 Pulumi

RS he 20 3.4 Virtual Machine ¿tt tt th t2 th tt 0 re 22

CHAP 4: AUTOMATION SUPPORT TOOL FOR CLOUD - 52-5252 5+>s+>s+s++zezxeevzxer+ 27

4.1 Infrastructure as code (aC) Configuration Workflow ¿55-5 S+‡S2ésrkeretrrkrrrrrrrrrie 27 4.2 R€SOUTCG 0 52t 22 222 1211211211211211.21 11.1111.1111 1011.110111 c1 29 4.3 MOdule c2 tt 2t E1 0212211221.21 1.11110101111010 c1 30 4.3.1 maÏn.tỂ - tt tt th HH H1 11111010 30 4.3.2 varlable€S.Ể tt tt rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrce DO 4.3.3 OU{DUL.Ể 52221 2122 2 2 E2 211 11211.211.111 11 11 1 1.1 1 1 1 g1 gi 31 4.4 Terraform State hố

31 4.4.2 Storage Locally - ¿6-5 eee +22 + 2kE221712111 21.1 reo 4.4.3 Storage R€ImO(€Ì 5: S2 St 32221221211 1 reo.) 4.5 Backend tf file - c5 c2 H2 1e) 4.4.1 Overview

4.6 terraform.tfVars — 4.7 Continuous Integration (CI) and Continuous delivery (CD) ¿- ¿+ 5+5++s++s+sxsszxerxs 35 4.7.1 Azure pipeline WOTkfÏOW tt t2 2121221 21 11.1 re 36

5.3.1 Template Virtual Private Cloud and Subnet: + ¿+2 ++s£++sezxeevzxerszeerxer 45 5.3.2 Peering

5.3.3 Virtual machine with the role firewall:

5.3.4 Virtual machine with single network interface Card: : :-s ++-+cs+s++sece-e-e-+2Ở

5.3.5 Load Balancer preparation ccccseseseseseesesesssesesrescecseseseseseeseacsesesssneeceeseesseseseneacassenseneeeess 51

5.3.6 Load Balancer: 53

5.4 Continuous Integration/ Continuous Delivery eX€Ute ¿ 5c©5¿©5+2c++>xcssesxserseexercc- -Ổ 5.4.1 Secure File 56 5.4.2 Azure pipeline DF€DATALÏO: - ¿5c 5S 2E£EEEE2E217112111 71.11 111.11 1 rrrriiÕ 5.4.3 Workflow:

5.5 Result

5.5.1 Continuous Integration/ Continuous Delivery

6.1 LmitAtÏONS 5-2252 2t 2t 2x22 2 12211211211111211.11 11.1 11.111.11.11 1011.111 63 Ñ€€T€TCGS 52t 2 2221 2212212211211211.211211.1111 11.11.111.111 64

LIST OF PICTURES

Figure 10 laC Workflow

Figure 11 Example Provider Azure

Figure 12 The result of successful initialize.

Figure 13 The result of terraform plan

Figure 14 The sample resources

Figure 15 Module structure

Figure 16 example of variable structure.

Figure 17 Resource to create bucket of GCP

Figure 18 Configuration a backend file -‹ -:-: -++

Figure 19, Example of variable for 5 VPC:

Figure 20 CI/CD workflow

Figure 21 Pipeline concepts overview

Figure 22 Option to create Service Account on GCP

Figure 23 Grant permission for service account

Figure 24 Permission need for Service Account

Figure 25 Pipeline Library

Figure 26 Secure file

Figure 27 Azure pipeline.

Figure 28 Pipeline UI

Figure 29 CI/CD Workflow

Figure 30 Result of Azure pipeline

Option to create Subnet

First option to create VM.

Configuration a storage of VM Configuration Operating System ‹

Figure 33 Load Balancer r€SuÏ(S - ¿- - + ¿5+ S£2+SE2E22kEE12E22121121121 121.11 11111 11.1 62

LIST OF TABLES

Table 1 Compare Terraform and Pulumi Source : Pulumi, Homepage,

https://www.pulumi.com/docs/intro/vs/terrafOrm/ c.scsecseseesesssseesesesseesssesseessseeseessseeseessseessesseesseeeses 10 Table 2 Terraform vs Ansible cccscscccsesssesseessessesseeseesseessesseesssssesusssecsssneesssseessasecsecassenesseesesaneeneess 14 Table 3 Create VPC a1 18 Table 4 Create Subnet on GCPP 5c ©522St2x2 2 2210211211221211211.1111111111211.11.111 1c 21

Table 5 First option to create VÌM -¿- ¿+ +2 2 L9217 1210112121 1.111 11.1110.1101 re 23 Table 6 Configuration storage Of VM - 22-52 tt ề t2 221111211211 111.1111111 erre 24 Table 7 Configuration operating system Of VM ¿5-5522 k2 2 2212212 21 1.111 .ee 25

Table 8 Option to create a bucket on GCPP - - + ¿525222222222 xererrrrrrrrrrrrrrrrrrerrrrrre 33

Table 9 Configuration a backend 0 cccsceeccesceseseeseeseseeseeseseseessseseessseseensseeseesssesseensseesessseeeseesens oA

Table 10 Variable value Of VPC c.cccsesssessessesestssesssseesesnssesssssssessssssessssesseeisseessessseesseissensseessensesessens DD

Table 11 Variable Value for subnet 5: ¿5+ 22tr ) Table 12 Values of 5 VÌMs tt tt 2t 2 t2 1212111111 40 Table 13 Values oan .1 Table 14 Creating service aCCOUML cecccecceseesesseseeseseeseeseseesessseessssseesssessesessesesssssseessseeseensseeseeesse! 43 Table 15 VPC template Option cece cece eeeseseeeesesesseseseeseseestsnesessesnsseessssaeenssesaeesssesseesseeseseese 46 Table 16 Subnet template OptÏOn 5:52 S£SE9S£2t}EEE2EE22EE23931212111 71.11.1111 ri 47 Table 17 Peering template option

Table 18 VM (firewall) template option

Table 19 VM template option

he) Table 20 Instance group template option

Table 21 Health check template optio b9 Table 22 Frontend Load Balancer template option.

a ®

Table 23 Backend Load Balancer template option

LIST OF ACRONYMS

GCP: Google Cloud Platform

VPC: Virtual Private Cloud

VM: Virtual Machine

LB: Load Balancer

FE LB: Front End Load Balancer

BE LB: Back End Load Balancer CI: Continuous Integration

CD: Continuous Deployment

ABSTRACT laC, known as, Infrastructure as Code, help us can design our server on code Among other advantages, IaC deploy our desired server in automation, which reduces the need

for manual intervention, and mitigates the risk of configuration error, and reuse the

template with module and scalable code One of the tools allow IaC is Terraform from

Hashicorp Nowadays, terraform is extremely popular today because the development

of the cloud Another reason, terraform has a following advantages: 1 Terraform can

support for a multi-provider It means Terraform can run code on AWS or GCP and

Azure Although there is different provider, the flow or algorithm of the code is still the same The small different from the resource of each cloud To GCP, to run code

terraform we need grant permission to user (owner or editor) then we need create a

credential to check authentication of the user It is the json file and if it is leaked out,

the hacker can use it to attack our data and a big money will be lost just on few

minutes To Azure, it is more secure than GCP We still need create a key but only the

key ID not the file and we need login on our computer, more details, only our computer

can run the code Terraform on Azure, for GCP, everyone have a json file can run code.

It has another method with AWS 2 We can preview the cloud when we create or

change any attribute of each resource.

DevOp, IT culture , is a software development methodology often associated with

specific practices and tools that help implement those practices It is mainly focused on

increasing the frequency of software deliveries The combination between processes,

tools and peoples makes the culture become reality CI/CD is the important part of a

DevOps methodology, bringing developers and operations teams together to deploy

software CI/CD is a method to frequently deploy apps to customers by introducing

automation into the stages of app development Specifically, CI/CD introduces ongoing automation and continuous testing throughout the lifecycle of apps On the screen now

1s a simple example of a cycle where an update is made, it will be built, tested, and

released to customers When the customer feedback with a problem, an update will be

made, and the cycle begins.

After four months, we have a support tool to help us implement in a cloud We can

easily create multiple resource with large quantity such as: 1 VM, 2 VPC, 3 LB, which just need input the value of this resource and we do not need run Everything we

need after input value that is push it on GitHub and it will automatic test, check and

build to the cloud.

CHAP 1: OVERVIEW 1.1 Problem Statement

Nowadays, a large number of companies uses cloud computing to store data and

run their applications instead of using on-premises servers as in the past decades With

cloud computing, companies can easily and fast deploy their services and applications

to approach their users However, cloud engineering has some drawbacks when

managing infrastructures by point-and-click user interfaces For instance, if we create

100 virtual machines on cloud, it will easily cause such problem because there are a lot

of data from customer’s virtual machines Another drawback that every cloud

engineering has in common is configuring for cloud infrastructure deployment in the same way with configuring the web or application servers Not only creating but also

managing, the cloud engineer has a trouble with manage a lengthy list of cloud If the maximum of creating virtual machine is approximate 100, the resource will be

managed is bigger than many times For those reasons, terraform are created to make it comes true This is a big step up for cloud engineer It makes everything we deploy and manage on cloud in automation, and it is also a huge time saver for us.

The grown of terraform relate to another problem First of all, only the

developer who write a code can impact to the resource Although they give us a code,

we still cannot do anything like delete a resource or change configuration Because the

terraform depend on the state file to compare the different and apply the resource

depend on it Secondly, we cannot merge all code terraform together because the

different format The terraform state should be stored remotely on cloud to enable

collaboration between everyone on a project If we hold a large number of source code,

the managing will be out of control Version control of terraform is important for the

team working and managing Moreover, they want everything on a project work with the minimum error.

So, topic an automation support tool for deploying infrastructure to the cloud using Terraform and CI/CD is chosen to help cloud engineering or developers

understand the concept, benefit, and problem of terraform and CI/CD related to cloud

computing.

1.2 Objective and Particular objectives

The thesis will focus on cloud computing, reviewing some resource on Google

Cloud Platform Analyst every option of each resource and describe the value input for example architecture Research the method and element to create a template for

creating resource on cloud using Terraform In addition, showing synthetic about

CI/CD, creating a flow of CI/CD for improving the project From that, we will execute the tools with the example value for each resource that I have created Depend on the result, showing the advantage and disadvantage of this topic and giving the

development.

1.3 Challenges

The first challenge that everyone use cloud must face, it is budget that we have

to pay Cloud is convenience but the money we need to pay this convenience is not

cheap For the virtual machine with the minimum size and the operating system is

Linux, taking approximate 30$ for month And even that price is more double with the

window operating system The minimum size just helps us take some test such as: test

connection, test ping or test port, We cannot do anything else The best solution to decrease that stop the VM when you do not use it For my demo, I have to create 5

virtual machine include 3 Windows and 2 Linux It takes me about 80$ for first week.

And about load balancing is 70$ per month for the minimum configuration For the

college student, this price is so big Not the same with the VM, we cannot turn of the load balancing So, I often delete it when I create it One more thing maybe will take

from you a big money about security issue To run terraform code we need create key

to cloud provider can check authentication And when we work with the CI/CD we

need upload the code to open source and maybe we upload the key to The hacker can

use this key to access to our cloud and create multiple resource My partner faces with

this trouble Unfortunately, He have granted permission Compute Admin (permission allows you can create a virtual machine on GCP) for his key And when he public his key, the hacker creates 6000 VMs on 6 minutes Even though they fix right away,

Company must pay 6000$ with the alert from GCP It is so dangerous.

Secondly, it about the module of terraform code Each module is a block file so

each cannot communicate with another file If you create a single resource like 1 VPC,

it is no problem But with the resource need another resource such as VM need a VPC and Subnet, it is a trouble to link 2 resource that create on different module Not at all,

my demo is a system with a lot of connection between each resource I cannot create

each resource and copy the ID and put in on, it is not clear with the objective of the

thesis, I need create a template that I can run 100 VMs on time With this although I use the code to run automation, I still run 100 codes It takes me a big of time to solve

this problem I have to read a lot of book and code in GitHub And i find out the

solution, it is use output.tf file to share the ID of resource I have created with another

resource.

The next problem is about the loop on the terraform, terraform is a programing

language which do not focus on algorithm so much like another language With the

loop it has count and for_each but the limitation of it is we can use only | loop for

time That means each resource code we can only use count or for_each and the total number is 1 And after the researching time, the way which I propose, use lookup.

About the CI/CD, the challenge is about the key I told on a first challenge.

Recommend of GCP or expect about Devops do not put the key on GitHub This is the hardest problem, because almost people push it to GitHub so when you write the flow

to code it has a key on there to check authentication One more thing, I use a new

CI/CD tool and I have a strange combine between Terraform for GCP and Azure

Devops for CI/CD, so it is difficult to take a documentation Finally, I use the secure

group on an Azure Devops to store a key and in a pipeline code I create variable for key, and I link the secure group with this variable.

Last but not least, CI/CD have a standard format with the credentials Normally,

the credential to check authentication we can use the directory path, but CI/CD does

not allow it and variable And the error shows not clearly, it just talks about the bug at

backend file So, it takes me a big of mount times to solve this problem The format of

CI/CD for credential:

credentials =file("${ var.credentail_key_GCP}")

1.4 Thesis Structure

The thesis is organized into five chapters, the main content of each chapter is as

follows:

Chapter 1: Overview: An overview of the content of the thesis topic, including:

problem statement, objective and particular objectives, challenges in the process and

finally the thesis structure.

Chapter 2: Related Research: In this chapter, the thesis will present about the

state of Pulumi and compare Pulumi with Terraform In addition, demanding about

Ansible and comparing with Terraform.

Chapter 3: Google Cloud Platform (GCP): This chapter goes into detail about the Google Cloud Platform We will go detail about some resource that we will demo such as VPC, subnet, VM, Besides, researching and analyzing the way to create

each resource.

Chapter 4: Automation Support Tool for Cloud: In this chapter, we will discuss about the Terraform and CI/CD Moreover, describing the structure of Terraform and CI/CD With the Terraform, we will research about the workflow, resource, module, For CI/CD, it is pipeline workflow and pipeline concepts.

Chapter 5: Experiments and Evaluations: This chapter will present about the

job we need to create a support automatic tool and evaluate the result.

Chapter 6: Conclusion: Finally, chapter 6 will summarize the results, the

knowledge of Terraform and CICD Provide ideas and development directions for the

thesis topic.

CHAP 2: RELATED RESEARCH 2.1 Survey of laC in 2022

@ Currently use @ Pian to use

Figure 1: Survey Top 5 laC tools Source:

https://insights.daffodilsw.com/blog/top-7-infrastructure-as-code-iac-tools-to-automate-deployments The cloud has brought a new paradigm for computing in which loosely linked services are coming together to form a full-fledged application Cloud computing and

its service divisions have been helping administrators, automate infrastructure capacity needs, ensure high availability and low latency, configure compliant servers player, etc.

One such cloud service is Infrastructure as Code (IaC).

Top 7 IaC tools that is synthetic by Statista:

Terraform by HarshiCorp

Ansible by Red Hat

Chef Infrastructure Management

Puppet SaltStack by VMware

AWS CloudFormation

Google Cloud Deployment Manager 2.1 Pulumi

2.1.1 Overview about Pulumi

Pulumi is an open-source Infrastructure as code for configuration cloud

infrastructure in programming languages such as C#, GO, TypeScript, Python and

JavaScript More languages also mean that it has a lot of tools and framework for

building, creating, and managing our infrastructure Pulumi uses a desired state file

such as terraform for managing infrastructure The provider of Pulumi consists of

AWS, Azure, GCP and one thing is not cloud computing that is Kubernetes.

2.1.2 State

E

Last Deployed State

Write new state

TT Create, Update, Delete Providers

CLI and Engi

q AWS _J

——

Kubernetes

Figure 2 State Architecture of Pulumi

Pulumi manages infrastructure by using a state file Pulumi executes a language host to store a desired state for a stack’s infrastructure The CLI and Engine will

compare this desired state with the current state and find out what resource we need to

build, upload or destroy After configuration, the engine will update the state of your

infrastructure The language host is responsible for Pulumi language program and

Python, TypeScript, HashiCorp

Language JavaScript, Go, C#, F#, | Configuration Language

Java, YAML (HCL)

Code completion, strong

typing, error squiggles,

IDE Support ypnẽ ames Limited

Richly typed Includes

Core API typed.

Cloud native support

in-cluster operator support for GitOps

OSS license Apache License 2.0

Mozilla Public License 2.0

Infrastructure Reuse and

Modularity

Flexible Reuse

functions, classes, packages, and Pulumi

Testing and Validation

Unit, integration testing

and property Supports

popular test frameworks.

Integration testing only

Models of Execution Run CLI commands Run CLI commands

Embed within Yes, via Automation

Application Code API Ne

CI/CD tools Yes Yes Policy as code Yes Yes

Secret Management

Yes Secrets are

encrypted in transit and

in the state file.

No we use key to check

authentication Audit Capabilities BY es, Limited

Adopt Existing

Yes Generates code as

part of the import

2.2.1 Overview about Ansible

Ansible is an automation system It automates deployment, management and

configuration other IT processes A important utility of Ansible is powerful and

12

simplified Ansible take a task through instruction by a simple script form which also keep version control Ansible is a part of Devops culture Feature of Ansible:

e Easy to install

e High scalability Using Red hat for easy readability and extensibility

Figure 3 Ansible Architecture

Ansible connect using SSH or other authorized methods It installs Python module and executes or removed once their job Ansible Management node control the entire execution of the playbook About the Inventory, It provides the host list need to

run Ansible Management Node makes SSH connection to execute module After

creating, module is removed.

2.2.3 Terraform vs Ansible

13

Table 2 Terraform vs Ansible

Feature Terraform Ansible

Type Orchestration tool Configuration management

tool Syntax HCL YAML

Language Declarative Procedural

Default approach | Mutable infrastructure Immutable infrastructure

Lifecycle Yes No

management

Capabilities Provisioning and Provisioning and

configuring configuring Agentless Yes Yes

Masterless Yes Yes

Given the features of both technologies, Terraform and Ansible appear to be extremely similar tools at a high level.

« They are both capable of setting up the new cloud infrastructure and

equipping it with the necessary application components.

¢ On the freshly formed virtual machine, remote commands can be carried

out by both Terraform and Ansible This indicates that neither tool

requires an agent Agent deployment on the computers is not necessary for operational reasons.

« Terraform builds infrastructure utilizing the APIs of cloud providers, and

SSH is used for simple configuration operations

14

CHAP 3: GOOGLE CLOUD PLATFORM (GCP)

3.1 Overview

Google Cloud Platform for short (GCP) is a cloud computing platform provided

by Google, which includes a range of hosted services for computing, hosting, and

application development running on Google's hardware Google Google Cloud

services can be accessed by software developers, administrators, or IT professionals over the internet or through a network connection The product of GCP include:

Figure 4 Sample Architecture on GCP

This is the sample architecture that business often uses In Figure 3, we have 5

VPC, 5 Subnet, 5 VM, 3 LB and 2 Peering For the next part we will discover each

resource on GCP and manually create.

3.2 Virtual Private Cloud

VPC is a resource of product VPC Network on GCP VPC is fully decoupled

from a dedicated Cloud Infrastructure, based on a multi-tenant system architecture The way to create a VPC:

16

| Name * L2?)

Lowercase letters, numbers, hyphens allowed

Description |

VPC network ULA internal IPv6 range @

Enabling this feature will assign a /48 from Google defined ULA prefix fd20 /20.

O Enabled

@ Disabled

Subnets

Subnets let you create your own private cloud topology within Google Cloud Click

Automatic to create a subnet in each region, or click Custom to manually define the

subnets Learn more

Subnet creation mode @

Firewall rules @

Select any of the firewall rules below that you would like to apply to this VPC network Once the

VPC network is created, you can manage all firewall rules on the Firewall rules page.

IPV4 FIREWALL RULES

H Mam Type Targets Filters Protocols /ports Action

O allow-custom @ Ingress Applyto all IPranges: all Allow

H allowicmp @ Ingress Applyto all IPranges: icmp Allow

Global routing lets you dynamically learn routes to and from all regions with a Single VPN or

Interconnect and Cloud Router

EQUIVALENT COMMAND LINE v

Figure 6 Another option to create VPC

Table 3 Create VPC

Priority

65,534 EDIT 65,534

65/534

65,534

65,535

65,535

Option Meaning Input value

Name The name of the resource VPC and only

Lowercase, numbers, hyphens allowed

Vpc-test

18

Description | Describe the meaning, role, use case or anything | VPC in Asian

Subnet Custom creation mode supports IPv4, or IPv4 and | Custom

creation IPv6 (dual-stack) Automatic creation mode

mode supports IPv4 (single-stack) only.

Firewall Select the rule will apply to the VPC For - Allow rdp

rules example, your VPC apply secure shell RDP (port | - Allow ssh

22) so all the VM OS window in this VPC can - Allow ICMP remote from another computer by using public IP

Dynamic It allows all subnetworks regardless of region to Regional

routing be advertised to your on-premise router and

mode region when using cloud route With global

routing you just need a single VPN with cloud

router to dynamically learn routes to and from all Google Cloud regions on a network

DNS server | Identifies a DNS policy for the project Must be No server policy

policy unique in the project

MTU 1460

19

3.3 Subnet

The subnet is a 32 bits number To create a subnet, we will set the host bit as a 0

and the network bit as a 1 From there, we create a binary number sequence of 0 and |

to divide the IP address into 2 parts, respectively with network address and host

address Using subnetting will help you:

e Helping users to work from home but still use the local network.

e Organizations can bypass the constraints of the LAN, exceeding the specified

maximum number of hosts.

This is the way to create a subnet on GCP:

CREATE SECONDARY IPV4 RANGE

Private Google Access @

Table 4 Create Subnet on GCP

Option Meaning Example Input

value Name The name of the resource Subnet and only subnet-test

Lowercase, numbers, hyphens allowed Description | Describe the meaning, role, use case or anything | Subnet in Asian

else of this Subnet

VPC The VPC network that subnet belongs kien-test

network (Example VPC in

table 1)

Region The region of the subnet (depend on the position | asia-southeastl

of server)

Purpose - Regional Managed Proxy None

- Private service connects

- None

TP stack Choose IP type for the subnet: IPv4

type - IPv4(single-stack)

- IPv4 and IPv6 (dual-stack)

IPv4 range | The address range for this subnet, in CIDR 10.0.0.0/9

notation Use a standard private VPC network address range

Private Set whether Virtual machine in this subnet can Off

Google access Google services without assigning external

Access IP addresses:

- On

- Off

21

Flow logs Turn on VPC flow logs doesn't affect Off

performance of resource on VPC, but some

systems generate a large number of logs, whichcan increase costs in Cloud Logging:

physical server Each VPS is a separate system, has its own CPU, has separate RAM

and hard drive storage, users have full control over rooting and updating and restartingthe system anytime they want We use VM to:

e Test software, operating system

e Enhance server security

e Virus Check

e Change the size easily

Create VM on GCP:

22

us-central1 (lowa) vy @ | | us-central1-a vy @

Region Is permanent Zone is permanent

Figure 8 First option to create VM

Table 5 First option to create VM

Option Meaning Input

Name | The name of the VM Condition that starts vm-test

with a lowercase letter and only hyphens,number

Labels Using label to distinguish for each PRD

environment, team, service,Region | The region is the location of the resource | asia-southeast1

Zone A zone is an isolated location within a asia-southeast1-a

region.

23

Machine configuration

Machine family

GENERAL-PURPOSE COMPUTE-OPTIMIZED MEMORY-OPTIMIZED GPU

Machine types for common workloads, optimized for cost and flexibility

1-2 vCPU (1 shared core)

Vv CPU PLATFORM AND GPU

Display device

Enable to use screen capturing and recording tools.

(J Enable display device

Memory

4GB

Figure 9 Configuration a storage of VM

Table 6 Configuration storage of VM

Option Meaning Input

Series Machine types for optimized for cost, NI

common workloads, and flexibility

Machine The storage of the VM N1-standard-1 (1 vCPU,

type 3.75 GB memory)

24

Display Using to capture and record the VM No

device

Boot disk

Wiidt YOU TC IOUKITIY 101? EXDIOIC MUNUIEUS OF VIVI SOIUUIOTIS IIT IViGI KC(2IdC€

PUBLIC IMAGES CUSTOM IMAGES SNAPSHOTS ARCHIVE SNAPSHOTS EXISTING DISKS

Operating system

Debian v

Version *

Debian GNU/Linux 11 (bullseye) v

x86/64, amd64 built on 20221206, supports Shielded VM features

Boot disk type *

Balanced persistent disk v

COMPARE DISK TYPES

Size (GB) * ¥ Ẵ 10

‘Vv SHOW ADVANCED CONFIGURATION

SELECT CANCEL

Figure 10 Configuration Operating System

Table 7 Configuration operating system of VM

Name Meaning Input

Operating system Choosing the operating Window Server

system for the VM

25

Version The version of the Window Server 2022

operating system that you | Datacenter Corehave chosen

Boot Disk Type This is a block storage Balanced Persistent Disks

volume of VMSize The size of the boot disk 10

that you have selected

For the networking it will choose automatically for you if your region and zonethe same with region and zone of VPC Configuration network stays on Advanced

Configuration part I will show more at terraform code

Compute Engine instances can run the public images for Linux and WindowsServer that Google provides as well as private custom images that you

can create or import from your existing systems You can also deploy Docker

containers, which are automatically launched on instances running the

Container-Optimized OS public image

You can choose the machine properties of your instances, such as the number ofvirtual CPUs and the amount of memory, by using a set of predefined machine types or

by creating your own custom machine types

Each instance belongs to a Google Cloud console project, and a project can haveone or more instances When you create an instance in a project, you specify the zone,operating system, and machine type of that instance When you delete an instance, it isremoved from the project

26

CHAP 4: AUTOMATION SUPPORT TOOL FOR CLOUD4.1 Infrastructure as code (IaC) Configuration Workflow

IAC WORKFLOW

TERRAFORM WORKFLOW

Figure 11 laC Workflow

The first IaC workflow is Scope In scope, the writer will define the final result of

code Scope includes the resource, the architecture of cloud

- Author: write Terraform code It is widespread practice to store your work As you

make progress on authoring your configuration, repeatedly running plan can help flushout syntax errors and ensure that your config is coming together

Initialize: using command “terraform init” Use to install the package that need for

deploy Normally, it installs the version of terraform and version of provider The

terraform will download version depend on the author provide In Figure 11, it is

azurerm

Figure 12 Example Provider Azure

27