cloud engineer
Here’s how to create a firewall from service account to service account.
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001 |
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001
Instead of source-range, it’s using source-service-accounts.
How to create a swap file.
A 2GB swap file.
dd if=/dev/zero of=/swapfile bs=1k count=2048k |
dd if=/dev/zero of=/swapfile bs=1k count=2048k
Activate.
mkswap /swapfile chmod 0600 /swapfile systemctl daemon-reload swapon /swapfile |
mkswap /swapfile chmod 0600 /swapfile systemctl daemon-reload swapon /swapfile
To make swap permanent, add to /etc/fstab.
/swapfile swap swap defaults 0 0 |
/swapfile swap swap defaults 0 0
Check if swap is working.
cat /proc/swaps free -h |
cat /proc/swaps free -h
I have an AMI with docker installed. Here’s how I launch a spot instance using Terraform.
Here’s my Terraform script.
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_spot_instance_request" "docker" { ami = "ami-xxxxxxxxxxxxxxxx" spot_price = "0.0031" wait_for_fulfillment = "true" key_name = "servers" instance_type = "t3.micro" subnet_id = "subnet-xxxxxxxxxxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxxxxx"] associate_public_ip_address = "true" user_data = <<-EOF #!/bin/bash hostnamectl set-hostname docker EOF tags = { Name = "docker-0.1" } } resource "aws_ec2_tag" "tagging" { resource_id = aws_spot_instance_request.docker.spot_instance_id key = "Name" value = "docker-0.1" } |
terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_spot_instance_request" "docker" { ami = "ami-xxxxxxxxxxxxxxxx" spot_price = "0.0031" wait_for_fulfillment = "true" key_name = "servers" instance_type = "t3.micro" subnet_id = "subnet-xxxxxxxxxxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxxxxx"] associate_public_ip_address = "true" user_data = <<-EOF #!/bin/bash hostnamectl set-hostname docker EOF tags = { Name = "docker-0.1" } } resource "aws_ec2_tag" "tagging" { resource_id = aws_spot_instance_request.docker.spot_instance_id key = "Name" value = "docker-0.1" }
I use “aws_ec2_tag” resource to tag the instance properly.
In addition, I use user_data to run a script, to set the hostname.
To launch via Terraform, I run the following commands.
terraform init terraform apply |
terraform init terraform apply
When done, I could stop the instance to stop incurring charges. Or just simply destroy it via Terraform.
terraform destroy |
terraform destroy
It’s not bad deal for an instance that costs only $0.0031 per hour.
How to reinstall the latest kernel and rebuild initramfs.
Find the latest kernel.
rpm -qa kernel
kernel-3.10.0-1160.6.1.el7.x86_64
kernel-3.10.0-1160.11.1.el7.x86_64 |
rpm -qa kernel kernel-3.10.0-1160.6.1.el7.x86_64 kernel-3.10.0-1160.11.1.el7.x86_64
Remove the kernel first, then reinstall.
yum remove kernel-3.10.0-1160.6.1.el7.x86_64 yum install kernel-3.10.0-1160.6.1.el7.x86_64 |
yum remove kernel-3.10.0-1160.6.1.el7.x86_64 yum install kernel-3.10.0-1160.6.1.el7.x86_64
Here are a few utilities that monitor disk I/O performance.
iostat -d 5 pidstat -dl 20 iotop --only |
iostat -d 5 pidstat -dl 20 iotop --only
The alternative is atop, which you can set to run every 10 seconds for 3 hours. The output can be viewed later.
atop -a -w logfile.atop 10 10800 & |
atop -a -w logfile.atop 10 10800 &
Use atop to read the log file.
atop -r /path/to/logfile.atop |
atop -r /path/to/logfile.atop