cloud engineer
Here’s how to change a VM’s service account in GCP
#!/bin/bash read -p "project : " project read -p "instance : " instance read -p "srvAcct email : " serviceaccount # stop instance gcloud compute instances stop $instance --project $project # change service account gcloud compute instances set-service-account $instance --service-account $serviceaccount --scopes cloud-platform --project $project # start instance gcloud compute instances start $instance --project $project |
#!/bin/bash read -p "project : " project read -p "instance : " instance read -p "srvAcct email : " serviceaccount # stop instance gcloud compute instances stop $instance --project $project # change service account gcloud compute instances set-service-account $instance --service-account $serviceaccount --scopes cloud-platform --project $project # start instance gcloud compute instances start $instance --project $project
How to display the policy binding.
gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE |
gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE
Result
# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1 |
# There is no binding policy etag: ACAB # There is a binding policy bindings: - members: - serviceAccount:SERVICEACCOUNT role: organizations/xxxxxxxxxxxx/roles/ROLE etag: xxxxxxxxxxx= version: 1
Add a role binding policy
gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE" |
gcloud compute instances add-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"
Remove a role binding policy
gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE" |
gcloud compute instances remove-iam-policy-binding SERVER \ --project=PROJECT_ID \ --zone=ZONE \ --member=serviceAccount:SERVICEACCOUNT \ --role="organizations/xxxxxxxxxxxx/roles/ROLE"
Here’s how to move a VM to another VPC.
Stop VM.
gcloud compute instances stop $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID |
gcloud compute instances stop $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID
Move VM to another VPC.
gcloud compute instances network-interfaces update $INSTANCE_NAME \ --zone $ZONE_NAME \ --network-interface=nic0 \ --network $YOUR_NETWORK \ --subnetwork $YOUR_SUBNETWORK \ --project $PROJECT_ID |
gcloud compute instances network-interfaces update $INSTANCE_NAME \ --zone $ZONE_NAME \ --network-interface=nic0 \ --network $YOUR_NETWORK \ --subnetwork $YOUR_SUBNETWORK \ --project $PROJECT_ID
Start VM.
gcloud compute instances start $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID |
gcloud compute instances start $INSTANCE_NAME \ --zone $ZONE_NAME \ --project $PROJECT_ID
How to add a second drive on GCP Compute Engine using Terraform.
provider "google" { project = "your-project-id" zone = "us-central1-c" } resource "google_compute_disk" "data-drive" { name = "data-drive" type = "pd-standard" zone = "us-central1-c" size = "20" } resource "google_compute_attached_disk" "attach-data-drive" { count = 1 disk = google_compute_disk.data-drive.id instance = google_compute_instance.test.id } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "rocky-linux-cloud/rocky-linux-8" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } } |
provider "google" { project = "your-project-id" zone = "us-central1-c" } resource "google_compute_disk" "data-drive" { name = "data-drive" type = "pd-standard" zone = "us-central1-c" size = "20" } resource "google_compute_attached_disk" "attach-data-drive" { count = 1 disk = google_compute_disk.data-drive.id instance = google_compute_instance.test.id } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "rocky-linux-cloud/rocky-linux-8" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } }
Spot VMs are preemtible, they can be reclaimed by the Cloud provider.
However you can get deep discounts using them.
Launch a spot instance in GCP using Terraform.
provider "google" { project = "airy-totality-151318" zone = "us-central1-c" } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "debian-cloud/debian-9" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } } |
provider "google" { project = "airy-totality-151318" zone = "us-central1-c" } resource "google_compute_instance" "test" { name = "test" machine_type = "e2-micro" boot_disk { initialize_params { image = "debian-cloud/debian-9" } } scheduling { preemptible = true automatic_restart = false } network_interface { network = "default" access_config { } } }