Terraform GCP Startup Script: Using Local Files

• Introduction
• Step-by-Step Guide
• Code Example
• Additional Notes
• Summary
• Conclusion
• References

When managing infrastructure as code with Terraform, you might need to run custom commands or scripts when a new virtual machine instance starts up. This is particularly useful for tasks like installing software, configuring settings, or running other automated processes. This guide will walk you through the steps of creating and running a startup script on a Google Cloud Platform (GCP) instance using Terraform.

1. Create your startup script:

   #!/bin/bash
   # Your startup commands here
   echo "Hello from startup script!" > /tmp/startup.log

   Save this script to a file, for example, startup.sh.

2. Make the script executable:

   chmod +x startup.sh

3. Reference the script in your Terraform configuration:

   resource "google_compute_instance" "default" {
     # ... other instance configurations ...
   
     metadata_startup_script = file("startup.sh")
   }

   This code snippet does the following:

   • metadata_startup_script: This parameter within the google_compute_instance resource is used to specify the startup script.
   • file("startup.sh"): This Terraform function reads the content of the startup.sh file. The content is then passed to metadata_startup_script to be executed on the instance startup.

Now, when you apply this Terraform configuration, it will read the content of your startup.sh file and execute it when the new GCP instance starts.

This code demonstrates how to use Terraform to create a Google Cloud Platform (GCP) instance that runs a startup script. The script updates the package lists, installs Nginx, and writes a message to a log file. The Terraform configuration defines the instance properties, including the startup script to be executed. After deploying the infrastructure using Terraform commands, a new GCP instance is created, and the startup script is executed, installing Nginx and leaving a log message on the instance.

This example demonstrates how to create a GCP instance with a startup script using Terraform.

1. Create the startup script (startup.sh):

#!/bin/bash
# Update package lists and install nginx
sudo apt update
sudo apt install -y nginx

# Write a message to a log file
echo "Hello from startup script! Nginx installed." > /tmp/startup.log

2. Make the script executable:

chmod +x startup.sh

3. Create the Terraform configuration file (main.tf):

terraform {
  required_providers {
    google = {
      source = "hashicorp/google"
      version = "~> 4.0"
    }
  }
}

resource "google_compute_instance" "default" {
  name                          = "terraform-instance-startup-script"
  machine_type                  = "n1-standard-1"
  zone                          = "us-central1-a"
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }
  network_interface {
    network = "default"
  }

  # Apply the startup script
  metadata_startup_script = file("startup.sh")
}

Explanation:

• main.tf:
  • Defines the required Google provider.
  • Creates a google_compute_instance resource named "default".
  • Sets the instance name, machine type, zone, and boot disk image.
  • Configures a network interface for the instance.
  • Uses metadata_startup_script = file("startup.sh") to read the content of startup.sh and pass it to the instance.

4. Deploy the infrastructure:

terraform init
terraform apply

This will create a new GCP instance and execute the startup.sh script upon startup. You can verify the script execution by checking the /tmp/startup.log file on the instance.

Note: This is a basic example. You can customize the startup script and Terraform configuration to fit your specific needs. For example, you can:

• Install additional software packages.
• Configure system settings.
• Download and run other scripts.
• Use variables and outputs to make your configuration more dynamic.

• Security: Be mindful of sensitive information within your startup scripts. Avoid hardcoding secrets and explore secure alternatives like Cloud Secret Manager.
• Error Handling: Implement error handling in your scripts to prevent silent failures during instance provisioning.
• Idempotency: Design your scripts to be idempotent. This ensures that running the script multiple times has the same effect as running it once, preventing unintended consequences.
• Cloud-Init: For more complex scenarios, consider using Cloud-Init, a more robust multi-step configuration tool supported by GCP.
• Remote Files: Instead of using local files, you can store your startup scripts in Cloud Storage or other remote locations for better management and version control.
• Debugging: Use the serial console output or logging mechanisms to debug issues with your startup script execution.
• Alternatives: Explore other options for instance initialization, such as Packer for creating custom images with pre-installed software and configurations.
• Permissions: Ensure that the service account used by Terraform has the necessary permissions to execute the startup script.
• Best Practices: Follow Terraform best practices for code organization, documentation, and testing to ensure maintainability and reliability.
• Windows Instances: For Windows instances, you can use PowerShell scripts instead of Bash scripts. The windows-startup-script-ps1 parameter is used in the Terraform configuration for this purpose.

This guide explains how to execute a custom bash script when a new Google Cloud Platform (GCP) instance is created using Terraform.

Steps:

1. Create the Startup Script:

   • Write a bash script containing the commands you want to run on instance startup (e.g., startup.sh).
   • Example:

     #!/bin/bash
     echo "Hello from startup script!" > /tmp/startup.log

2. Make the Script Executable:

   • Use chmod +x startup.sh to grant execute permissions.

3. Integrate with Terraform:

   • In your Terraform configuration file, locate the google_compute_instance resource.
   • Add the metadata_startup_script parameter within the resource block.
   • Use the file() function to read the content of your script file (e.g., file("startup.sh")).

Example Terraform Snippet:

resource "google_compute_instance" "default" {
  # ... other instance configurations ...

  metadata_startup_script = file("startup.sh")
}

How it Works:

• When Terraform creates the GCP instance, it reads the content of the specified script file using file("startup.sh").
• This content is passed to the metadata_startup_script parameter.
• Upon instance startup, GCP executes the provided script.

This approach allows you to automate tasks like installing software, configuring settings, or running custom logic when your new GCP instance boots up.

By following these steps, you can leverage startup scripts to automate instance configuration on GCP using Terraform, making your infrastructure deployments more efficient and repeatable. Remember to prioritize security, error handling, and best practices for robust and maintainable infrastructure as code.

• Unable to export service account key in Terraform #GCP - Terraform ... | I have downloaded the GCP service account key to my local system. In Terraform, I have set the GOOGLE_APPLICATION_CREDENTIALS as a path to this file in the startup-script part of my bastion instance. Below is a snippet: variable “credentials”{ default=“C:/GCP/service-account-key.json” } . . metadata= { startup-script=<<SCRIPT export GOOGLE_APPLICATION_CREDENTIALS="{file("{var.credentials}")}" SCRIPT } . . Later I have written a #!/bin/bash script to store this credentials to another...
• google cloud platform - Unable to run metadata_startup_script in ... | Jul 1, 2021 ... ... startup script from GCS instead of having it hardcoded in the terraform. ... Terraform GCP startup script local file instead of inline · 2.
• Shell - Provisioners | Packer | HashiCorp Developer | The only required element is either "inline" or "script". Every other ... file, rather than declaring them inline in our execute_command. The default ...
• how to run a script in GCP machine using terraform - Stack Overflow | Jun 30, 2021 ... ... script file in GCP machine as soon as provision i created this terraform file ... Terraform GCP startup script local file instead of inline · 2.
• Provisioner: remote-exec | Terraform | HashiCorp Developer | To invoke a local process, see the local-exec provisioner instead. ... If you want to specify arguments, upload the script with the file provisioner and then use ...
• Terraform GCP - Arguments pass in windows-startup-script-ps1 ... | Oct 7, 2021 ... How to pass named params to powershell script using Terraform local-exec? 18 · Terraform GCP startup script local file instead of inline · 2.
• Terraform: invoking a startup script for a GCE ... | May 28, 2021 ... You can bake a startup script directly into the creation of your GCE compute ... You can also reference the contents of a local file (local to ...
• Using startup scripts on Linux VMs | Compute Engine ... | A startup script is a file that performs tasks during the startup process of a virtual machine (VM) instance.
• Terraform Provisioners - Why You Should Avoid Them | Learn what provisioners in Terraform are, how to use them, and why they should be a blast resort. Different types explained: local-exec, remote-state, and file.