Forem Creators and Builders

Cover image for Forem Google Cloud Setup on MacOS
Christina Gorton for Forem Core Team

Posted on • Updated on

Forem Google Cloud Setup on MacOS

Introduction

In this guide you will learn how to set up your Forem self-host instance on Google Cloud.
You will also set up DNS for your domain and restart Forem Traefik service to generate a TLS cert.

Prerequisites

Step 1- Installing Google Cloud Ansible Collection

In this step you will install the necessary collection for Google Cloud.

In your terminal make sure you are in the selfhost directory with:

cd selfhost
Enter fullscreen mode Exit fullscreen mode

Install the Google Cloud Ansible collection with:

ansible-galaxy collection install google.cloud
Enter fullscreen mode Exit fullscreen mode

Alternatively you can install all the cloud provider collections with:

ansible-galaxy collection install -r requirements.yml
Enter fullscreen mode Exit fullscreen mode

This is useful if you want to try other cloud providers.

Step 2- Installing requests and google-auth modules

In this step you will install the pip modules requests and google-auth. The requests module is an HTTP library that allows you to send HTTP/1.1 requests. The google-auth module is a library the simplifies using Google’s various server-to-server authentication mechanisms to access Google APIs

In your terminal type:

pip3 install requests google-auth
Enter fullscreen mode Exit fullscreen mode

Step 3- Creating a Google Cloud Service Account

In this step you set up a Google Cloud Service Account and add privileges.

Open the Service accounts page.

Click Create Project
Create a project

In the Project name field add the name forem-selfhost and click the CREATE button.
Naming and creating the project

To add privileges select the newly created project from the Select Project dropdown.
Selected newly created project

Click the IAM & Admin link in the side menu.
IAM & Admin link

Navigate to the Roles link in the side menu.

In the filter search bar type Compute Instance Admin and choose the v1 option

Check the box to add the Compute Instance Admin (v1) role to the forem-selfhost
Adding roles

Step 5- Downloading a JSON Credentials File

In this step you will generate and download a JSON Credentials file and add it to a ~/.gcp/forem.json directory.

Navigate back to the homepage of your current project.

Hover over the APIs & Services side menu llink and click the Credentials link in the dropdown menu.
Click Credentials link

On the Credentials page click the + Create Credentials link and select Service Account
select service account

Give your service a name and add a description of what the service does.
Then click Create and Continue
Add service name and click create and continue

Add at least the Owner role to the "Grant this service account access to project.
Then click Done.
Grant owner role

Under the Credentials page you should now see your newly created credentials under Service Accounts.

Click on the newly created service account.
Click the created service account

Navigate to the Keys tab and click the ADD KEY and Create new key link.
Create new key

Select the JSON key type and click CREATE. The json file will then be downloaded to your computer.
Select the JSON radio button

You can now find the name of your downloaded file and place it in ~/.gcp/forem.json.

First create a directory on your computer called ~/.gcp with the following command:

mkdir ~/.gcp
Enter fullscreen mode Exit fullscreen mode

Then move the downloaded json file to ~/.gcp with the following command:

mv ~/my_gcp_forem.json ~/.gcp/forem.json
Enter fullscreen mode Exit fullscreen mode

You can check to see if the file is in the correct place with the following commands:

cd ~/.gcp
Enter fullscreen mode Exit fullscreen mode

to navigate to the directory.

Then type ls to list what files are in the directory.

You should see your forem.json file listed in the ~/.gcp directory.

Now you are ready to run your ansible playbook.

Step 6- Provisioning the Playbook

In this step you will provision the Google Cloud provider playbook to set up your Forem.

In your terminal type:

ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
Enter fullscreen mode Exit fullscreen mode

Once you run the command, you should see an output in your terminal similar to the code below with your community's domain name and IP address.
Playbook output for newly created community

Now you can set up an A record and point it to your public IPv4 IP Address

Step 5- Setting up DNS

In this step you will see an example of creating an A record in NameCheap and pointing it to the IP address that was outputted in the previous step. If you are not using NameCheap please refer to your own domain provider for how to set up DNS.

In the Advanced DNS section add an A record for your domain and subdomain.

Set the value to the IP address that was outputted after provisioning.

Set TTL to 1minute.
Advanced DNS in namecheap.com

Step 6- Restarting Forem Traefik Service

In this step you will reset Forem Traefik Service via SSH to generate a TLS cert.

In your terminal type:

ssh core@<SERVER IP ADDRESS>
Enter fullscreen mode Exit fullscreen mode

replacing with your community name.

Here is an example using a community name:
ssh core@ example

If prompted to continue, type yes into your terminal.

Once you have connected to your Forem server, type the following command:

sudo systemctl restart forem-traefik.service
Enter fullscreen mode Exit fullscreen mode

systemctl restart command in terminal

Now, you can navigate to your community domain. You should see a "Let's Start your Forem Journey" page.
You may need to wait a few minutes after running the Forem Traefik command.
Let's Start your Forem Journey page

Conclusion

Congratulations on setting up your first Forem!🎉

For next steps on how to configure your Forem please visit our Forem Admin Docs.

Discussion (20)

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited on

Thanks for all the work you have put in!

While going through all the steps I get an error at the Provision paragraph.

When entering ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
it returns:ERROR! the playbook: playbooks/providers/gcp.yml could not be found
However, when I go to file manually in finder it does seem to be there...

Have you got an idea what went wrong?

Collapse
coffeecraftcode profile image
Christina Gorton Author

This may be our fault and I would like to test that theory.
Could you run

ansible-galaxy collection install -r requirements.yml
Enter fullscreen mode Exit fullscreen mode

in your terminal and then try:

ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
Enter fullscreen mode Exit fullscreen mode

Let me know what happens after you do that!

Collapse
maartengoddijn profile image
Maarten Goddijn

Running that first step returns:
ERROR! The requirements file '/Users/jasmijnvriethoff/.gcp/requirements.yml' does not exist.

Thread Thread
coffeecraftcode profile image
Christina Gorton Author

Odd.
Do you have the file playbooks/providers/gcp.yml in your code?
Should be in the playbooks/providers folder.

I'm signing off for the day but will drop this in our internal slack channel to see if anyone else can help debug.
If not, I will circle back tomorrow and make sure we get you some help on this!

Thread Thread
jdoss profile image
Joe Doss

What is your current working directory? You need to run all commands out of the selfhost directory.

Thread Thread
maartengoddijn profile image
Maarten Goddijn • Edited on

FIXED

Thanks Joe Doss!
That was indeed the problem. I was still in the GCP directory created in the step before.

Thread Thread
maartengoddijn profile image
Maarten Goddijn

Unfortunately the next problem arose soon after. Posted it in a separate comment earlier...

Thread Thread
jdoss profile image
Joe Doss

Great! Glad we got ya sorted here. :)

maartengoddijn profile image
Maarten Goddijn

Yes it is in the code.

Also signing off, will continue tomorrow. Zzz...

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited on

Having fixed the earlier problem, running the playbook commands now returns another error that I can't seem to fix:

TASK [Create a FCOS disk] ************************************************************************************
fatal: [forem]: FAILED! => changed=false
msg: 'GCP returned error: {''error'': {''code'': 403, ''message'': "Required ''compute.disks.get'' permission for ''projects/forem-selfhost-12345/zones/us-central1-a/disks/forem-www-schoolofrajayoga-org''", ''errors'': [{''message'': "Required ''compute.disks.get'' permission for ''projects/forem-selfhost-12345/zones/us-central1-a/disks/forem-www-schoolofrajayoga-org''", ''domain'': ''global'', ''reason'': ''forbidden''}]}}'

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited on

Does anyone have a idea? @coffeecraftcode perhaps? Or @jdoss maybe?

Collapse
coffeecraftcode profile image
Christina Gorton Author • Edited on

Ok, from the error it looks like your permissions in Google Cloud may have not been set up correctly.
cloud.google.com/compute/docs/acce...

Did you:
" Create a Google Cloud Service Account called forem-selfhost with Compute Instance Admin (v1) privileges and download a JSON credentials file and place it in ~/.gcp/forem.json"

If not and you need more help you can check the "Google Cloud Service Account" and "Adding Privileges" section of this guide.

Thread Thread
maartengoddijn profile image
Maarten Goddijn

Thanks again for your help.

Indeed did those steps you name, so am now looking into the guide. It goes deep very fast, so will look into it after a night's rest.

Collapse
coffeecraftcode profile image
Christina Gorton Author

Hey! Taking a look now.

Collapse
davidmimay profile image
david mimay

Did you change the gcp.yml with your Google Cloud Project ID? forem-selffhost-ID and not the default 12345.

Collapse
davidmimay profile image
david mimay

Hello! Im trying to install Forem in a e2-micro with 30 gb disk size. I followed the entire guides and i'm stuck at provisioning the playbook, running ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
get me this error:

TASK [Create a FCOS disk] ******************************************************
fatal: [forem]: FAILED! => changed=false 
  msg: Please install the requests library
Enter fullscreen mode Exit fullscreen mode

Is that because I didn't use the recommended size of 100 gb or there is something more i'm missing? (I installed ruby on rails and also libyaml but didn't work) .Thanks in advance :)

Collapse
ellativity profile image
Ella (she/her/elle)

Hey @davidmimay

I asked our team who built the playbook and they're suspecting this error is from a missing python dependency (requests) on the local machine you're running the provisioning from rather than a problem with the target machine. Did you run the semi-automated or Manual installation?

If Manual, what happened when you followed the instruction to Install Python dependencies System-wide: pip3 install -r requirements.txt?

Additionally, GCP Setup Step 2 mentions the pip3 modules that need to be installed, which includes requests: github.com/forem/selfhost#setup-2 - did you do this successfully without errors as well?

Thanks for any additional info you can provide us with to help figure out why you're getting this error message!

Collapse
davidmimay profile image
david mimay

Thanks for helping me out!

Yes, I run the semi-automated and also the manual installation just to be sure:
pip3 install -r requirements.txt
gave me: Requirement already satisfied:...

The GCP Setup Step 2 was successfull:
ansible-galaxy collection install google.cloud and also
ansible-galaxy collection install -r requirements.yml
gave me: Nothing to do. All requested collections are already installed. If you want to reinstall them, consider using --force.

Solved: It was my fault, my issue was in inventory/forem/setup.yml i've been using ansible_python_interpreter: /usr/bin/python3 , but as the side node says # on macOS, this may need to be /usr/local/bin/python3 (im on macOS Catalina 10.15.3), it works when I changed to /usr/local/bin/python3.

Running again: ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
gave me:

TASK [Create a FCOS disk] ******************************************************
fatal: [forem]: FAILED! => changed=false 
  msg: 'GCP returned error: {''error'': {''code'': 403, ''message'': ''Compute Engine API has not been used in project ******** before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=***** then retry. …
Enter fullscreen mode Exit fullscreen mode

And just following the url and clicking enable on the API made it works.
forem.dev/remoteimages/uploads/art...

Collapse
davidmimay profile image
david mimay

Just in case somebody get the same error.
Using the command ansible-galaxy collection install google.cloud I just get through this error:

error when getting available versions of collection google.cloud: Unknown error
when attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen
error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get
local issuer certificate (_ssl.c:1123)>
ERROR! Unknown error when attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)>
Enter fullscreen mode Exit fullscreen mode

Solved: If you're using macOS go to Macintosh HD > Applications > Python3.6 folder (or whatever version of python you're using) > double click on "Install Certificates.command" file.

Collapse
coffeecraftcode profile image
Christina Gorton Author

Thank you for adding a solution to the error you found here!