Installing the connector
Installation is provided as a bash script. The script supports multi-region installation of the connector (the script should be run separately for each region). The number of regions isn’t limited. The script also creates the backend configuration.
The installation script does the following during execution:
-
Checks the GCP credentials (for Terraform), GCP project, and
GOOGLE_APPLICATION_CREDENTIALS
environment variable (for the Google Cloud CLI) -
Configures a Cloud Storage bucket as a global resource for the Terraform backend configuration and another bucket as a regional resource for the
acme_accounts.yaml
file and source code files. -
Configures the workspace.
-
Executes Terraform commands.
The script performs the following actions on GCP for certificate management:
-
Installs the configuration file(s) and source code files in the Cloud Storage bucket.
-
Installs the Cloud Function module.
-
Installs the Cloud Scheduler module for logging and auto-renewal.
-
Enables the IAM service account for accessing the Cloud Function trigger.
A Cloud Storage bucket is created for the backend configuration of Terraform.
When |
Install the connector
Execute the install.sh
file in your shell to run the installation script.
You can install the script for a default or specific region, including multiple regions.
Run ./install.sh
(if you haven’t provided the execute permission to the script, run bash install.sh
).
The script installs the connector to your default GCP region.
The script does the following:
-
Creates a Cloud Storage bucket for the Terraform backend configuration in the default region and initializes state files in this bucket.
-
Creates a Cloud Storage bucket for the
acme_accounts.yaml
file and source code files in the default region. -
Creates the Terraform workspace with the same name as the GCP region.
-
Executes
terraform plan && terraform apply
.
Run ./install.sh <region_name>
.
For example, to install the connector to the us-east1
region, run ./install.sh us-east1
.
For multi-region installation, repeat this step for each region.
The script does the following:
-
Creates a Cloud Storage bucket for the Terraform backend configuration in the specified region and initializes state files in this bucket.
-
Creates a Cloud Storage bucket for the
acme_accounts.yaml
file and source code files in the specified region. -
Creates the Terraform workspace with the same name as the GCP region.
-
Executes
terraform plan && terraform apply
.
GCP resources created
The script creates GCP resources with a specific naming convention to allow for multi-region installation.
The script appends the region name to all resource names.
For example, if you install the connector in the us-central1
region, then the GCP resources are given the following names:
-
Cloud Function:
SectigoGCPCM-us-central1
-
Cloud Storage bucket:
sectigo-gcp-cm-us-central1-$date
(the name of the Cloud Storage bucket must be unique, therefore a timestamp is appended)A bucket for the Terraform backend configuration is created in Cloud Storage via
install.sh
in the default region. You can rungcloud config get-value functions/region
to find out the default region. The backend bucket won’t be changed (created) again for the same region. -
HTTP trigger:
us-central1-local-project-340815.cloudfunctions.net/SectigoGCP-us-central1
After installing the connector, the names of all important resources (the Cloud Function name, the URL of the Cloud Storage bucket, the trigger URL for an HTTP function, and more) are printed to the console. Make sure to enter the Cloud Function name correctly when you invoke the function for your region.
|
The logs are stored in the install-<region>.log
(created by the connector) and terraform-install.txt
(created by Terraform) files.
The <region>
part of the log filename indicates the region where the resources were installed.