- Go to Google Cloud console and search for "Service Accounts"
- Click "Create Service Account"
- Enter:
- Name: legion
- ID: legion (accept the default value)
- Description: administer gitlab runner
- Click "Create and Continue"
- Enter:
- Role: Editor
- Click "Continue"
- Click "Done" (skip the "Grant users access ..." dialogue)
- Under "Actions" click the vertical dots, then "Manage Keys"
- Click "Add Key", then "Create new key"
- Enter:
- Key type: JSON
- Click "Create"
- Store the downloaded key securely on the local machine
cp default.secrets.sh secrets.shand updatesecrets.shcp default.inventory.gcp.yml inventory.gcp.ymland updateinventory.gcp.yml
Note: This creates a Conda installation and installs Ansible. (This happens to be the most reliable way to get a version-pinned Ansible, which is necessary to make sure everything is reproducible.)
./install.sh
source env.sh
source secrets.sh
ansible-playbook playbook.yml
This is mainly useful as a time saving measure if you want to e.g. deploy repeatedly without reprovisioning.
ansible-playbook playbook.yml --tags provision
ansible-playbook playbook.yml --tags deploy
- Figure out a way of automatically retrieving SSH host keys. One option inspired by 1 would be to use the gcloud CLI to SSH to the node and exfiltrate the keys.