Introduction
In this guide you will learn how to set up your Forem self-host instance on Google Cloud.
You will also set up DNS for your domain and restart Forem Traefik service to generate a TLS cert.
Prerequisites
- Forem Requirements guide
- Quick Start in Depth guide.
- A Google Cloud Account
Step 1- Installing Google Cloud Ansible Collection
In this step you will install the necessary collection for Google Cloud.
In your terminal make sure you are in the selfhost directory with:
cd selfhost
Install the Google Cloud Ansible collection with:
ansible-galaxy collection install google.cloud
Alternatively you can install all the cloud provider collections with:
ansible-galaxy collection install -r requirements.yml
This is useful if you want to try other cloud providers.
Step 2- Installing requests and google-auth modules
In this step you will install the pip modules requests and google-auth. The requests module is an HTTP library that allows you to send HTTP/1.1 requests. The google-auth module is a library the simplifies using Googleβs various server-to-server authentication mechanisms to access Google APIs
In your terminal type:
pip3 install requests google-auth
Step 3- Creating a Google Cloud Service Account
In this step you set up a Google Cloud Service Account and add privileges.
Open the Service accounts page.
Click Create Project
In the Project name field add the name forem-selfhost and click the CREATE button.
To add privileges select the newly created project from the Select Project dropdown.
Click the IAM & Admin link in the side menu.
Navigate to the Roles link in the side menu.
In the filter search bar type Compute Instance Admin and choose the v1 option
Check the box to add the Compute Instance Admin (v1) role to the forem-selfhost
Step 5- Downloading a JSON Credentials File
In this step you will generate and download a JSON Credentials file and add it to a ~/.gcp/forem.json directory.
Navigate back to the homepage of your current project.
Hover over the APIs & Services side menu llink and click the Credentials link in the dropdown menu.
On the Credentials page click the + Create Credentials link and select Service Account
Give your service a name and add a description of what the service does.
Then click Create and Continue
Add at least the Owner role to the "Grant this service account access to project.
Then click Done.
Under the Credentials page you should now see your newly created credentials under Service Accounts.
Click on the newly created service account.
Navigate to the Keys tab and click the ADD KEY and Create new key link.
Select the JSON key type and click CREATE. The json file will then be downloaded to your computer.
You can now find the name of your downloaded file and place it in ~/.gcp/forem.json.
First create a directory on your computer called ~/.gcp with the following command:
mkdir ~/.gcp
Then move the downloaded json file to ~/.gcp with the following command:
mv ~/my_gcp_forem.json ~/.gcp/forem.json
You can check to see if the file is in the correct place with the following commands:
cd ~/.gcp
to navigate to the directory.
Then type ls to list what files are in the directory.
You should see your forem.json file listed in the ~/.gcp directory.
Now you are ready to run your ansible playbook.
Step 6- Provisioning the Playbook
In this step you will provision the Google Cloud provider playbook to set up your Forem.
In your terminal type:
ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
Once you run the command, you should see an output in your terminal similar to the code below with your community's domain name and IP address.
Now you can set up an A record and point it to your public IPv4 IP Address
Step 5- Setting up DNS
In this step you will see an example of creating an A record in NameCheap and pointing it to the IP address that was outputted in the previous step. If you are not using NameCheap please refer to your own domain provider for how to set up DNS.
In the Advanced DNS section add an A record for your domain and subdomain.
Set the value to the IP address that was outputted after provisioning.
Set TTL to 1minute.
Step 6- Restarting Forem Traefik Service
In this step you will reset Forem Traefik Service via SSH to generate a TLS cert.
In your terminal type:
ssh core@<SERVER IP ADDRESS>
replacing with your community name.
Here is an example using a community name:
If prompted to continue, type yes into your terminal.
Once you have connected to your Forem server, type the following command:
sudo systemctl restart forem-traefik.service
Now, you can navigate to your community domain. You should see a "Let's Start your Forem Journey" page.
You may need to wait a few minutes after running the Forem Traefik command.
Conclusion
Congratulations on setting up your first Forem!π
For next steps on how to configure your Forem please visit our Forem Admin Docs.
Top comments (12)
This may be our fault and I would like to test that theory.
Could you run
in your terminal and then try:
Let me know what happens after you do that!
Hello! Im trying to install Forem in a e2-micro with 30 gb disk size. I followed the entire guides and i'm stuck at provisioning the playbook, running
ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
get me this error:Is that because I didn't use the recommended size of 100 gb or there is something more i'm missing? (I installed ruby on rails and also libyaml but didn't work) .Thanks in advance :)
Hey @davidmimay
I asked our team who built the playbook and they're suspecting this error is from a missing python dependency (
requests) on the local machine you're running the provisioning from rather than a problem with the target machine. Did you run the semi-automated or Manual installation?If Manual, what happened when you followed the instruction to Install Python dependencies System-wide:
pip3 install -r requirements.txt?Additionally, GCP Setup Step 2 mentions the pip3 modules that need to be installed, which includes requests: github.com/forem/selfhost#setup-2 - did you do this successfully without errors as well?
Thanks for any additional info you can provide us with to help figure out why you're getting this error message!
Thanks for helping me out!
Yes, I run the semi-automated and also the manual installation just to be sure:
pip3 install -r requirements.txtgave me:
Requirement already satisfied:...The GCP Setup Step 2 was successfull:
ansible-galaxy collection install google.cloudand alsoansible-galaxy collection install -r requirements.ymlgave me:
Nothing to do. All requested collections are already installed. If you want to reinstall them, consider using --force.Solved: It was my fault, my issue was in inventory/forem/setup.yml i've been using
ansible_python_interpreter: /usr/bin/python3, but as the side node says# on macOS, this may need to be /usr/local/bin/python3(im on macOS Catalina 10.15.3), it works when I changed to /usr/local/bin/python3.Running again:
ansible-playbook -i inventory/forem/setup.yml playbooks/providers/gcp.yml
gave me:And just following the url and clicking enable on the API made it works.
forem.dev/remoteimages/uploads/art...
Just in case somebody get the same error.
Using the command
ansible-galaxy collection install google.cloudI just get through this error:Solved: If you're using macOS go to Macintosh HD > Applications > Python3.6 folder (or whatever version of python you're using) > double click on "Install Certificates.command" file.
Thank you for adding a solution to the error you found here!
Ok, from the error it looks like your permissions in Google Cloud may have not been set up correctly.
cloud.google.com/compute/docs/acce...
Did you:
" Create a Google Cloud Service Account called
forem-selfhostwith Compute Instance Admin (v1) privileges and download a JSON credentials file and place it in~/.gcp/forem.json"If not and you need more help you can check the "Google Cloud Service Account" and "Adding Privileges" section of this guide.
Odd.
Do you have the file playbooks/providers/gcp.yml in your code?
Should be in the playbooks/providers folder.
I'm signing off for the day but will drop this in our internal slack channel to see if anyone else can help debug.
If not, I will circle back tomorrow and make sure we get you some help on this!
What is your current working directory? You need to run all commands out of the
selfhostdirectory.Hey! Taking a look now.
Great! Glad we got ya sorted here. :)
Did you change the gcp.yml with your Google Cloud Project ID?
forem-selffhost-IDand not the default 12345.