This blueprint creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple target projects and shared VPCs.
The blueprint is designed to implement a M4CE (v5) environment on-top of complex migration landing environment where VMs have to be migrated to multiple target projects. In this blueprint targets are also service projects for a shared VPC. It also includes the IAM wiring needed to make such scenarios work.
This is the high level diagram:
This sample creates\update several distinct groups of resources:
- projects
- M4CE host project with required services deployed on a new or existing project.
- M4CE target project prerequisites deployed on existing projects.
- IAM
- Create a service account used at runtime by the M4CE connector for data replication
- Grant migration admin roles to provided user or group.
- Grant migration viewer role to provided user or group.
- Grant roles on shared VPC to migration user or group
| name | description | type | required | default |
|---|---|---|---|---|
| migration_admin | User or group who can create a new M4CE sources and perform all other migration operations, in IAM format (group:[email protected]). |
string |
✓ | |
| migration_target_projects | List of target projects for m4ce workload migrations. | list(string) |
✓ | |
| sharedvpc_host_projects | List of host projects that share a VPC with the selected target projects. | list(string) |
✓ | |
| migration_viewer | User or group authorized to retrieve information about M4CE in the Google Cloud Console, in IAM format (group:[email protected]). |
string |
null |
|
| project_create | Parameters for the creation of the new project to host the M4CE backend. | object({…}) |
null |
|
| project_name | Name of an existing project or of the new project assigned as M4CE host project. | string |
"m4ce-host-project-000" |
| name | description | sensitive |
|---|---|---|
| m4ce_gmanaged_service_account | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. |
Once this blueprint is deployed the M4CE m4ce_gmanaged_service_account has to be configured to grant the access to the shared VPC and allow the deploy of Compute Engine instances as the result of the migration.
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-sharedvpc"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin = "user:[email protected]"
migration_viewer = "user:[email protected]"
migration_target_projects = [module.test-target-project.name]
sharedvpc_host_projects = [module.test-sharedvpc-host-project.name]
depends_on = [
module.test-target-project,
module.test-sharedvpc-host-project,
]
}
module "test-target-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-target-project"
project_create = true
}
module "test-sharedvpc-host-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-sharedvpc-host-project"
project_create = true
}
# tftest modules=7 resources=29