cloud engineer
Here’s how to list Bare Metal Servers in Google Cloud Platform via gcloud.
gcloud bms instances list --region REGION --project PROJECT |
gcloud bms instances list --region REGION --project PROJECT
Result
NAME ID PROJECT REGION MACHINE_TYPE CLIENT_IPS PRIVATE_IPS STATE server-001 at-xxxxxxx-svr001 project-01 us-central1 o2-ultramem-896-metal 10.0.0.1 192.168.253.1,192.168.252.1 RUNNING server-002 at-xxxxxxx-svr002 project-02 us-central1 o2-ultramem-896-metal 10.0.0.2 192.168.253.2,192.168.252.2 RUNNING |
NAME ID PROJECT REGION MACHINE_TYPE CLIENT_IPS PRIVATE_IPS STATE server-001 at-xxxxxxx-svr001 project-01 us-central1 o2-ultramem-896-metal 10.0.0.1 192.168.253.1,192.168.252.1 RUNNING server-002 at-xxxxxxx-svr002 project-02 us-central1 o2-ultramem-896-metal 10.0.0.2 192.168.253.2,192.168.252.2 RUNNING
Obviously you can see the same from GCP’s Console.
How to give someone access to enable/disable CloudWatch notifications.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions" ], "Effect": "Allow", "Resource": "*" } ] } |
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions" ], "Effect": "Allow", "Resource": "*" } ] }
How to display the policy binding.
gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE |
gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE
Result
# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1 |
# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1
Add a role binding policy
gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE" |
gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"
Remove a role binding policy
gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE" |
gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"
Why would you choose Bare Metal Servers?
Advantages
– BMS are dedicated to a single organization
– Single tenant or dedicated host
– No sharing of hardware, storage, connection, bandwidth (noisy neighbor)
– There is no hypervisor layer
– No virtualization overhead
– OS is loaded straight to the server
– Results in higher performance
– Quality of hardware
– Compliance and security due to single tenant
– Flexible contract, billing options
Disadvantages
– Procurement could take weeks depending on hardware type
– And that goes for replacement hardware as well.
Here’s how to extend an ext4 boot volume.
gcloud compute disks resize DISK_NAME --size DISK_SIZE --zone ZONE --project PROJECTID |
gcloud compute disks resize DISK_NAME --size DISK_SIZE --zone ZONE --project PROJECTID
Resize the file system. Example / is on sda3.
growpart /dev/sda 3 resize2fs /dev/sda3 |
growpart /dev/sda 3 resize2fs /dev/sda3
How to look for an access key in AWS. Find the account.
$ aws sts get-access-key-info --access-key-id AKIA8XXXXXXXXXXXXXXX { "Account": "XXXXXXXXXXXX" } |
$ aws sts get-access-key-info --access-key-id AKIA8XXXXXXXXXXXXXXX { "Account": "XXXXXXXXXXXX" }
How to create service account in GCP via Terraform.
provider "google" { project = "your_project_id" } resource "google_service_account" "service_account" { account_id = "your-service-account-name" display_name = "test service account built by terraform" } |
provider "google" { project = "your_project_id" } resource "google_service_account" "service_account" { account_id = "your-service-account-name" display_name = "test service account built by terraform" }
Connect to your CloudShell environment from your terminal.
$ gcloud cloud-shell ssh Welcome to Cloud Shell! Type "help" to get started. first.last@cloudshell $ first.last@cloudshell $ |
$ gcloud cloud-shell ssh Welcome to Cloud Shell! Type "help" to get started. first.last@cloudshell $ first.last@cloudshell $
Once logged in, you can set your project.
first.last@cloudshell $ gcloud config set project $PROJECT_ID |
first.last@cloudshell $ gcloud config set project $PROJECT_ID