Installing the connector

About installation

The connector is installed using a Bash script. The script supports multi-region deployments: run it once per region where you want to install the connector. There is no limit on the number of supported regions. The script also provisions the required backend configuration.

What the installation script does

During execution, the script:

  • Creates a Cloud Storage bucket for the Terraform backend configuration (global) if desired (see Storing Terraform state).

  • Creates a regional Cloud Storage bucket for the scm.yaml file and source code.

  • Configures the Terraform workspace.

  • Executes the necessary Terraform commands.

Resources deployed on GCP for certificate management

The script also provisions the following GCP resources:

  • Uploads configuration and source code files to the regional Cloud Storage bucket.

  • Deploys the Cloud Run function.

  • Creates Service account creation for Cloud Scheduler.

  • Deploys the Cloud Scheduler module for certificate auto-renewal.

  • Enables various account to trigger Cloud Run function.

Storing Terraform state

To specify a backend in Terraform for saving the state file, you define it in sectigo_gcpcm_iac/main.tf using the backend block inside the terraform block. This tells Terraform where to store the .tfstate file, which tracks your infrastructure.

The default configuration will use local storage. You can uncomment out the GCS backend block provided by default to store the state within GCP. By leaving the bucket set to default_bucket the installer will automatically create a new bucket with the name sectigogcpcm-tf-backend-$suffix where $suffix is a random 5 character string appended to all GCP resource names.

Install the connector

Execute the install.sh file in your shell to run the installation script. You can install the script for a default or specific region(s).

  • Default region

  • Specific region

Run ./install.sh (if you haven’t provided the execute permission to the script, run bash install.sh). The script installs the connector to your default GCP region.

The script does the following:

  1. Creates a Cloud Storage bucket for the Terraform backend configuration in the default region and initializes state files in this bucket (see Storing Terraform state).

  2. Creates a Cloud Storage bucket for the scm.yaml file and source code files in the default region.

  3. Creates the Terraform workspace with the same name as the GCP region.

  4. Executes terraform plan && terraform apply.

Run ./install.sh <region_name>. For example, to install the connector to the us-east1 region, run ./install.sh us-east1. For multi-region installation, repeat this step for each region.

The script does the following:

  1. Creates a Cloud Storage bucket for the Terraform backend configuration in the specified region and initializes state files in this bucket (see Storing Terraform state).

  2. Creates a Cloud Storage bucket for the scm.yaml file and source code files in the specified region.

  3. Creates the Terraform workspace with the same name as the GCP region.

  4. Executes terraform plan && terraform apply.

GCP resource naming

The script creates GCP resources with a specific naming convention to allow for multi-region installation. The script appends the region name and five random letters to all resource names. For example, if you install the connector in the us-central1 region, then the GCP resources are given the following names:

  • Cloud function: sectigogcpcm-us-central1-wmlqr

  • Cloud storage bucket: gs://sectigogcpcm-us-central1-wmlqr

  • Cloud scheduler: sectigogcpcm-us-central1-wmlqr

  • Service account: gcf-sa-wmlqr

GCP resources

After installing the connector, the names of all important resources (the cloud function name, the URL of the cloud storage bucket, the trigger URL for an HTTP function, and more) are printed to the console. Make sure to enter the cloud function name correctly when you invoke the function for your region.

The logs are stored in the install-<region>.log (created by the connector) and terraform-install.txt (created by Terraform) files. The <region> part of the log filename indicates the region where the resources were installed.