Creating a role for storage cluster management

Create a role for storage cluster management used for setting up VSP One SDS Block.

CAUTION:

For Google Cloud disk encryption, additional roles are required to create and use a CMEK. For details, see Data encryption.

Use a Google account that has administrative privilege for login.
Log in to the VM (for example, Cloud Shell) that allows for running gcloud CLI and Terraform.
Place the template files (IAMConfiguration) to be used for creating a role for storage cluster management in any empty directory of the VM, and then unzip it.
The command to copy a file existing in a bucket to a VM is as follows:
```
gsutil cp gs://[bucket-name]/[file-path] .
```
Note:
Run the terraform command in the directory in which a cloud configuration file package is located in the succeeding steps. This directory in which a cloud configuration file package is located is called the Terraform working directory.

The Terraform working directory contains the terraform template files (IAMConfiguration), packages, and control information for storage cluster management roles.

If you are creating multiple storage cluster management roles, create an empty working directory for each storage cluster management role.

Among the extracted template files, edit two files, backend.auto.tfvars and terraform.tfvars.

Edit the following parameters for each file.

backend.auto.tfvars

Item name	Setting
bucket	Bucket name of Cloud Storage in which a terraform state file is to be stored. Setting requirements are as follows: Do not add a slash ("/") at the end.
prefix	Folder name of Cloud Storage in which a terraform state file is to be stored. Specify the folder created beforehand. When creating multiple storage cluster management roles, specify an empty folder for each storage cluster management role. Setting requirements are as follows: Do not add a slash ("/") at the end. No file exists in the specified folder.

Item name

Setting

bucket

Bucket name of Cloud Storage in which a terraform state file is to be stored.

Setting requirements are as follows:

Do not add a slash ("/") at the end.

prefix

Folder name of Cloud Storage in which a terraform state file is to be stored. Specify the folder created beforehand.

When creating multiple storage cluster management roles, specify an empty folder for each storage cluster management role.

Setting requirements are as follows:

Do not add a slash ("/") at the end.
No file exists in the specified folder.

terraform.tfvars

Item name	Setting
project	ID of the project in which a role for storage cluster management is to be created. Be careful not to specify a project name.
role_id	ID of a role for storage cluster management. Setting requirements are as follows: Characters must be alphanumerics and symbols (".", "_"). The string length must be from 3 to 64 characters (alphanumeric).
title	Title of a role for storage cluster management. Setting requirements are as follows: The string length must be from 1 to 100 characters.
description	Description of a role for storage cluster management. Setting requirements are as follows: The string length must be from 0 to 256 characters.

For conditions other than those indicated in this table, see Terraform and Google Cloud documentation.

Run the following command in the directory in which the template files exists.
```
terraform init -backend-config="backend.auto.tfvars"
```
Verify that Terraform has been successfully initialized! is displayed.

Also, verify that a file whose name is default.tfstate has been created in the Cloud Storage bucket that you specified for backend.auto.tfvars.
Confirm the changes accompanying creation of a role for storage cluster management based on the information of the terraform.tfvars file.
Run the following command to confirm the changes.
```
terraform plan
```
If Plan: x to add, y to change, z to destroy. is displayed and no error is output after running the command, there is no problem. The number of resources to be added is shown in x, the number of resources to be changed is shown in y, and the number of resources to be deleted is shown in z.

If entry is prompted or an error is output in the middle of processing, review the template files.
Note:
In some cases of running the command, the beginning of the displayed output might not be visible because a large number of output lines cannot fit in a single screen. To view all the output contents, try output to a text file, for example.
If there is no problem as a result of confirmation by using the terraform plan command, run the following command to create a role for storage cluster management.
1. Run the following command.
```
terraform apply
```
2. When Enter a value: is displayed after running the command, enter yes.
  If Apply complete! is output after running the command, creation of a storage cluster management role has been completed.
  Note:
  - If Cloud Shell is disconnected or the window is inadvertently closed while the role for storage cluster management is being created, you can confirm the latest result by using the terraform output command.
  - If the terraform apply command results in failure, creation of the role for storage cluster management might have resulted in unnecessary resources. Verify that there is no problem with the template files and other items, and then run the terraform apply command again.

In the IAM & Admin window of Google Cloud, click Roles to open the Roles window, and then confirm the created role for storage cluster management.

The following resource is created based on the specified information.

Resource	Name
Role for storage cluster management	projects/<`project`>/roles/<`role_id`>

This completes creation of a role for storage cluster management.