Forem Creators and Builders

Cover image for Forem Google Cloud Setup on MacOS
Christina Gorton for Forem Core Team

Posted on • Updated on

Forem Google Cloud Setup on MacOS

Introduction

In this guide you will learn how to set up your Forem self-host instance on Google Cloud.
You will also set up DNS for your domain and restart Forem Traefik service to generate a TLS cert.

Prerequisites

Step 1- Installing Google Cloud Ansible Collection

In this step you will install the necessary collection for Google Cloud.

In your terminal make sure you are in the selfhost directory with:

cd selfhost
Enter fullscreen mode Exit fullscreen mode

Install the Google Cloud Ansible collection with:

ansible-galaxy collection install google.cloud
Enter fullscreen mode Exit fullscreen mode

Alternatively you can install all the cloud provider collections with:

ansible-galaxy collection install -r requirements.yml
Enter fullscreen mode Exit fullscreen mode

This is useful if you want to try other cloud providers.

Step 2- Installing requests and google-auth modules

In this step you will install the pip modules requests and google-auth. The requests module is an HTTP library that allows you to send HTTP/1.1 requests. The google-auth module is a library the simplifies using Google’s various server-to-server authentication mechanisms to access Google APIs

In your terminal type:

pip3 install requests google-auth
Enter fullscreen mode Exit fullscreen mode

Step 3- Creating a Google Cloud Service Account

In this step you set up a Google Cloud Service Account and add privileges.

Open the Service accounts page.

Click Create Project
Create a project

In the Project name field add the name forem-selfhost and click the CREATE button.
Naming and creating the project

To add privileges select the newly created project from the Select Project dropdown.
Selected newly created project

Click the IAM & Admin link in the side menu.
IAM & Admin link

Navigate to the Roles link in the side menu.

In the filter search bar type Compute Instance Admin and choose the v1 option

Check the box to add the Compute Instance Admin (v1) role to the forem-selfhost
Adding roles

Step 5- Downloading a JSON Credentials File

In this step you will generate and download a JSON Credentials file and add it to a ~/.gcp/forem.json directory.

Navigate back to the homepage of your current project.

Hover over the APIs & Services side menu llink and click the Credentials link in the dropdown menu.
Click Credentials link

On the Credentials page click the + Create Credentials link and select Service Account
select service account

Give your service a name and add a description of what the service does.
Then click Create and Continue
Add service name and click create and continue

Add at least the Owner role to the "Grant this service account access to project.
Then click Done.
Grant owner role

Under the Credentials page you should now see your newly created credentials under Service Accounts.

Click on the newly created service account.
Click the created service account

Navigate to the Keys tab and click the ADD KEY and Create new key link.
Create new key

Select the JSON key type and click CREATE. The json file will then be downloaded to your computer.
Select the JSON radio button

You can now find the name of your downloaded file and place it in ~/.gcp/forem.json.

First create a directory on your computer called ~/.gcp with the following command:

mkdir ~/.gcp
Enter fullscreen mode Exit fullscreen mode

Then move the downloaded json file to ~/.gcp with the following command:

mv ~/my_gcp_forem.json ~/.gcp/forem.json
Enter fullscreen mode Exit fullscreen mode

You can check to see if the file is in the correct place with the following commands:

cd ~/.gcp
Enter fullscreen mode Exit fullscreen mode

to navigate to the directory.

Then type ls to list what files are in the directory.

You should see your forem.json file listed in the ~/.gcp directory.

Now you are ready to run your ansible playbook.

Step 6- Provisioning the Playbook

In this step you will provision the Google Cloud provider playbook to set up your Forem.

In your terminal type:

ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
Enter fullscreen mode Exit fullscreen mode

Once you run the command, you should see an output in your terminal similar to the code below with your community's domain name and IP address.
Playbook output for newly created community

Now you can set up an A record and point it to your public IPv4 IP Address

Step 5- Setting up DNS

In this step you will see an example of creating an A record in NameCheap and pointing it to the IP address that was outputted in the previous step. If you are not using NameCheap please refer to your own domain provider for how to set up DNS.

In the Advanced DNS section add an A record for your domain and subdomain.

Set the value to the IP address that was outputted after provisioning.

Set TTL to 1minute.
Advanced DNS in namecheap.com

Step 6- Restarting Forem Traefik Service

In this step you will reset Forem Traefik Service via SSH to generate a TLS cert.

In your terminal type:

ssh core@<SERVER IP ADDRESS>
Enter fullscreen mode Exit fullscreen mode

replacing with your community name.

Here is an example using a community name:
ssh core@ example

If prompted to continue, type yes into your terminal.

Once you have connected to your Forem server, type the following command:

sudo systemctl restart forem-traefik.service
Enter fullscreen mode Exit fullscreen mode

systemctl restart command in terminal

Now, you can navigate to your community domain. You should see a "Let's Start your Forem Journey" page.
You may need to wait a few minutes after running the Forem Traefik command.
Let's Start your Forem Journey page

Conclusion

Congratulations on setting up your first Forem!πŸŽ‰

For next steps on how to configure your Forem please visit our Forem Admin Docs.

Discussion (14)

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited

Thanks for all the work you have put in!

While going through all the steps I get an error at the Provision paragraph.

When entering ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
it returns:ERROR! the playbook: playbooks/providers/gcp.yml could not be found
However, when I go to file manually in finder it does seem to be there...

Have you got an idea what went wrong?

Collapse
coffeecraftcode profile image
Christina Gorton Author

This may be our fault and I would like to test that theory.
Could you run

ansible-galaxy collection install -r requirements.yml
Enter fullscreen mode Exit fullscreen mode

in your terminal and then try:

ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
Enter fullscreen mode Exit fullscreen mode

Let me know what happens after you do that!

Collapse
maartengoddijn profile image
Maarten Goddijn

Running that first step returns:
ERROR! The requirements file '/Users/jasmijnvriethoff/.gcp/requirements.yml' does not exist.

Thread Thread
coffeecraftcode profile image
Christina Gorton Author

Odd.
Do you have the file playbooks/providers/gcp.yml in your code?
Should be in the playbooks/providers folder.

I'm signing off for the day but will drop this in our internal slack channel to see if anyone else can help debug.
If not, I will circle back tomorrow and make sure we get you some help on this!

Thread Thread
jdoss profile image
Joe Doss

What is your current working directory? You need to run all commands out of the selfhost directory.

Thread Thread
maartengoddijn profile image
Maarten Goddijn • Edited

FIXED

Thanks Joe Doss!
That was indeed the problem. I was still in the GCP directory created in the step before.

Thread Thread
maartengoddijn profile image
Maarten Goddijn

Unfortunately the next problem arose soon after. Posted it in a separate comment earlier...

Thread Thread
jdoss profile image
Joe Doss

Great! Glad we got ya sorted here. :)

maartengoddijn profile image
Maarten Goddijn

Yes it is in the code.

Also signing off, will continue tomorrow. Zzz...

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited

Having fixed the earlier problem, running the playbook commands now returns another error that I can't seem to fix:

TASK [Create a FCOS disk] ************************************************************************************
fatal: [forem]: FAILED! => changed=false
msg: 'GCP returned error: {''error'': {''code'': 403, ''message'': "Required ''compute.disks.get'' permission for ''projects/forem-selfhost-12345/zones/us-central1-a/disks/forem-www-schoolofrajayoga-org''", ''errors'': [{''message'': "Required ''compute.disks.get'' permission for ''projects/forem-selfhost-12345/zones/us-central1-a/disks/forem-www-schoolofrajayoga-org''", ''domain'': ''global'', ''reason'': ''forbidden''}]}}'

Collapse
maartengoddijn profile image
Maarten Goddijn • Edited

Does anyone have a idea? @coffeecraftcode perhaps? Or @jdoss maybe?

Collapse
coffeecraftcode profile image
Christina Gorton Author • Edited

Ok, from the error it looks like your permissions in Google Cloud may have not been set up correctly.
cloud.google.com/compute/docs/acce...

Did you:
" Create a Google Cloud Service Account called forem-selfhost with Compute Instance Admin (v1) privileges and download a JSON credentials file and place it in ~/.gcp/forem.json"

If not and you need more help you can check the "Google Cloud Service Account" and "Adding Privileges" section of this guide.

Thread Thread
maartengoddijn profile image
Maarten Goddijn

Thanks again for your help.

Indeed did those steps you name, so am now looking into the guide. It goes deep very fast, so will look into it after a night's rest.

Collapse
coffeecraftcode profile image
Christina Gorton Author

Hey! Taking a look now.