4.7 KiB
M4CE(v5) - Host and Target Projects with Shared VPC
This blueprint creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple target projects and shared VPCs.
The blueprint is designed to implement a M4CE (v5) environment on-top of complex migration landing environment where VMs have to be migrated to multiple target projects. In this blueprint targets are also service projects for a shared VPC. It also includes the IAM wiring needed to make such scenarios work.
This is the high level diagram:
Managed resources and services
This sample creates\update several distinct groups of resources:
- projects
- M4CE host project with required services deployed on a new or existing project.
- M4CE target project prerequisites deployed on existing projects.
- IAM
- Create a service account used at runtime by the M4CE connector for data replication
- Grant migration admin roles to provided user accounts.
- Grant migration viewer role to provided user accounts.
- Grant roles on shared VPC to migration admins
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| migration_admin_users | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format. | list(string) |
✓ | |
| migration_target_projects | List of target projects for m4ce workload migrations. | list(string) |
✓ | |
| sharedvpc_host_projects | List of host projects that share a VPC with the selected target projects. | list(string) |
✓ | |
| migration_viewer_users | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format. | list(string) |
[] |
|
| project_create | Parameters for the creation of the new project to host the M4CE backend. | object({…}) |
null |
|
| project_name | Name of an existing project or of the new project assigned as M4CE host project. | string |
"m4ce-host-project-000" |
Outputs
| name | description | sensitive |
|---|---|---|
| m4ce_gmanaged_service_account | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. |
Manual Steps
Once this blueprint is deployed the M4CE m4ce_gmanaged_service_account has to be configured to grant the access to the shared VPC and allow the deploy of Compute Engine instances as the result of the migration.
Test
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-sharedvpc"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin_users = ["user:admin@example.com"]
migration_viewer_users = ["user:viewer@example.com"]
migration_target_projects = [module.test-target-project.name]
sharedvpc_host_projects = [module.test-sharedvpc-host-project.name]
depends_on = [
module.test-target-project,
module.test-sharedvpc-host-project,
]
}
module "test-target-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-target-project"
project_create = true
}
module "test-sharedvpc-host-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-sharedvpc-host-project"
project_create = true
}
# tftest modules=7 resources=25