Uly.me

cloud engineer

create

GCP Update Instance Metadata

How to update an instance metadata in GCP.

gcloud compute instances add-metadata instance-name \
--metadata key-name=value \
--project your-project-id \
--zone us-central1-a

In this example, we are adding enable-oslogin=TRUE.

gcloud compute instances add-metadata instance-name \
--metadata enable-oslogin=TRUE \
--project your-project-id \
--zone us-central1-a

Terraform GCP Firewall

How to create GCP firewall via Terraform.

Ingress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Egress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "EGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    destination_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Service account to Service account.

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    source_service_accounts = ["source-service-account-compute@developer.gserviceaccount.com"]
    target_service_accounts = ["target-service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Create A Swap File

How to create a swap file.

A 2GB swap file.

dd if=/dev/zero of=/swapfile bs=1k count=2048k

Activate.

mkswap /swapfile
chmod 0600 /swapfile
systemctl daemon-reload
swapon /swapfile

To make swap permanent, add to /etc/fstab.

/swapfile  swap   swap    defaults   0 0

Check if swap is working.

cat /proc/swaps
free -h

AWS LightSail Create Terraform

Here’s how to launch a LightSail instance using Terraform. Create a main.tf file.

terraform {
  required_providers {
    aws = {
      version = >= 3.22.0"
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_lightsail_instance" "yourinstance" {
  name              = "yourinstance"
  availability_zone = "us-east-1a"
  blueprint_id      = "amazon_linux_2"
  bundle_id         = "nano_2_0"
}

To launch, run the following Terraform commands.

terraform init
terraform apply

AWS EFS Create Terraform

Here’s how to build an EFS file system using Terraform. Create a main.tf file.

terraform {
  required_providers {
    aws = {
      version = ">= 3.22.0"
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_efs_file_system" "efs-test" {
   creation_token = "efs-test"
   performance_mode = "generalPurpose"
   throughput_mode = "bursting"
   encrypted = "true"
 tags = {
     Name = "efs-test"
   }
}
resource "aws_efs_mount_target" "efs-mt-example" {
   file_system_id  = aws_efs_file_system.efs-test.id
   subnet_id = "subnet-xxxxxxxxxxxxxxxxx"
   security_groups = ["sg-xxxxxxxxxxxxxxxxxx"]
}

To launch, run terraform.

terraform init
terraform apply

Create Instance With Alias IP

How to create an instance from a snapshot with alias IP and reserved IPs.

#!/bin/bash
gcloud beta compute instances create jump-server \
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \
--machine-type=n1-standard-1 \``
--network-tier=PREMIUM \
--maintenance-policy=MIGRATE \
--service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \
--tags=int-webserver \
--image=debian-10-buster-v20201216 \
--image-project=debian-cloud \
--boot-disk-size=20GB \
--boot-disk-type=pd-standard \
--boot-disk-device-name=jump-server-1 \
--no-shielded-secure-boot \
--shielded-vtpm \
--shielded-integrity-monitoring \
--labels=name=jump-server \
--reservation-affinity=any \
--zone=us-central1-a \
--project=airy-totality-151318

The default command uses –private-network-ip and –subnet options separately.

--private-network-ip 10.0.0.24 \
--subnet=default \

But when dealing with aliases, reserved IPs and subnets, use a single –network-interface option instead.

--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \

GCP Manually Move Instance

Here’s how to move a VM instance from one zone to another. Moving an instance will involve destroying the instance from the source zone, and then recreating a replacement instance in the destination zone. To make the move easier, we will use a machine image to recreate the instance. We will also take advantage of the compute and IP address reservations to guarantee that we use the same IP address machine type. Some large machine types are hard to come by.

Get a list of compute and IP reservations.

gcloud compute addresses list
gcloud compute reservations list

Make reservations.

gcloud compute addresses create centos-ip-reservation --addresses 10.128.15.216 --region us-central1 --subnet default
gcloud compute reservations create centos-us-central1-b --machine-type=n1-standard-1 --vm-count=1 --zone us-central1-b

Create a machine image.

gcloud compute instances stop centos
gcloud beta compute machine-images create centos-image-00 --source-instance centos

Delete original instance.

gcloud compute instances delete centos

Create an instance from image in the new zone. Use the compute and ip reservations previously made.

gcloud beta compute instances create centos \
--no-address \
--private-network-ip 10.128.15.216 \
--source-machine-image=centos-image-00 \
--subnet=https://www.googleapis.com/compute/v1/projects/airy-totality-151318/regions/us-central1/subnetworks/default \
--machine-type=n1-standard-1 \
--reservation-affinity=any \
--reservation=centos-us-central1-b \
--zone=us-central1-b

Finally, clean it up once you are done.

gcloud compute instances delete centos --zone us-central1-b
gcloud compute addresses delete centos-ip-reservation 
gcloud compute reservations delete centos-us-central1-b --zone us-central1-b
gcloud beta compute machine-images delete centos-image-00

AWS Create Backup Plan

After you created a backup vault, it’s time to create a backup plan. Here are a few examples.

aws backup create-backup-plan \
--cli-input-json file://backup-plan.json \
--profile default \
--region us-east-1

File: backup-plan.json

{
    "BackupPlan": {
        "BackupPlanName": "efs-0123",
        "Rules": [
            {
                "RuleName": "efs-0123",
                "TargetBackupVaultName": "efs-vault",
                "ScheduleExpression": "cron(0 0 ? * * *)",
                "StartWindowMinutes": 60,
                "CompletionWindowMinutes": 10080,
                "Lifecycle": {
                    "DeleteAfterDays": 7
                }
            }
        ]
    }
}

Finally, create a backup selection.

aws backup create-backup-selection \
--backup-plan-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx \
--cli-input-json file://backup-selection.json \
--profile poc \
--region us-east-1

File: backup-selection.json

{
    "BackupSelection": {
	"SelectionName": "efs-0123",
        "IamRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/service-role/AWSBackupDefaultServiceRole",
        "Resources": [],
        "ListOfTags": [
            {
                "ConditionType": "STRINGEQUALS",
                "ConditionKey": "aws-backup",
                "ConditionValue": "efs-0123"
            }
        ]
    }
}