Uly.me

cloud engineer

vm

GCP Role Policy Binding

How to display the policy binding.

gcloud compute instances get-iam-policy SERVER --project=PROJECT_ID --zone=ZONE

Result

# There is no binding policy
etag: ACAB
 
# There is a binding policy
bindings:
- members:
  - serviceAccount:SERVICEACCOUNT
  role: organizations/xxxxxxxxxxxx/roles/ROLE
etag: xxxxxxxxxxx=
version: 1

Add a role binding policy

gcloud compute instances add-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

Remove a role binding policy

gcloud compute instances remove-iam-policy-binding SERVER \
--project=PROJECT_ID \
--zone=ZONE \
--member=serviceAccount:SERVICEACCOUNT \
--role="organizations/xxxxxxxxxxxx/roles/ROLE"

GCP Move VM to another VPC

Here’s how to move a VM to another VPC.

Stop VM.

gcloud compute instances stop $INSTANCE_NAME \
--zone $ZONE_NAME \
--project $PROJECT_ID

Move VM to another VPC.

gcloud compute instances network-interfaces update $INSTANCE_NAME \
--zone $ZONE_NAME \
--network-interface=nic0 \
--network $YOUR_NETWORK \
--subnetwork $YOUR_SUBNETWORK \
--project $PROJECT_ID

Start VM.

gcloud compute instances start $INSTANCE_NAME \
--zone $ZONE_NAME \
--project $PROJECT_ID

GCP Terraform Second Drive

How to add a second drive on GCP Compute Engine using Terraform.

provider "google" {
  project = "your-project-id"
  zone    = "us-central1-c"
}
 
resource "google_compute_disk" "data-drive" {
  name = "data-drive"
  type = "pd-standard"
  zone = "us-central1-c"
  size = "20"
}
 
resource "google_compute_attached_disk" "attach-data-drive" {
  count    = 1
  disk     = google_compute_disk.data-drive.id
  instance = google_compute_instance.test.id
}
 
resource "google_compute_instance" "test" {
  name         = "test"
  machine_type = "e2-micro"
 
  boot_disk {
    initialize_params {
      image = "rocky-linux-cloud/rocky-linux-8"
    }
  }
 
  scheduling {
    preemptible       = true
    automatic_restart = false
  }
  network_interface {
    network = "default"
    access_config {
    }
  }
}

GCP Spot VM

Spot VMs are preemtible, they can be reclaimed by the Cloud provider.

However you can get deep discounts using them.

Launch a spot instance in GCP using Terraform.

provider "google" {
  project = "airy-totality-151318"
  zone    = "us-central1-c"
}
 
resource "google_compute_instance" "test" {
  name         = "test"
  machine_type = "e2-micro"
 
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }
 
  scheduling {
    preemptible       = true
    automatic_restart = false
  }
 
  network_interface {
    network = "default"
    access_config {
    }
  }
}

GCP Rename VM

There’s a new beta command to rename a GCP VM.

You must stop instance first.

gcloud compute instances stop server-name \
--zone us-central1-c \
--project your-project-id

Rename the instance.

gcloud beta compute instances set-name old-server-name \
--new-name=new-server-name \
--zone us-central1-c \
--project your-project-id

Start the instance.

gcloud compute instances start server-name \
--zone us-central1-c \
--project your-project-id

Login.

gcloud compute ssh server-name \
--zone us-central1-c \
--project your-project-id \
--internal-ip &

GCP Keep Disk

Keep your disks when a VM is deleted.

gcloud compute instances set-disk-auto-delete server --no-auto-delete --disk=server-disk-1
gcloud compute instances set-disk-auto-delete server --no-auto-delete --disk=server-disk-2

To delete.

gcloud compute instances set-disk-auto-delete server --auto-delete --disk=server-disk-1
gcloud compute instances set-disk-auto-delete server --auto-delete --disk=server-disk-2

AWS CloudShell

AWS just added a new feature called CloudShell. It will give users who are logged in to the AWS console access to a VM where users can run AWS CLI commands. Permissions to AWS resources is based on the user’s permissions which are managed via IAM. CloudShell is similar to the cloud shells that Azure and GCP already offer. Here’s a snapshot of AWS CloudShell.

GCP Web Server

Here’s a quick script to stand up a web server based on Centos image.

gcloud compute instances create [VM-NAME] \
    --zone=[ZONE] \
    --image-family=debian-9 \
    --image-project=debian-cloud \
    --tags=allow-ssh,allow-health-check \
    --subnet=lb-subnet \
    --metadata=startup-script='#! /bin/bash
apt-get update
apt-get install apache2 -y
a2ensite default-ssl
a2enmod ssl
vm_hostname="$(curl -H "Metadata-Flavor:Google" \
http://169.254.169.254/computeMetadata/v1/instance/name)"
echo "Page served from: $vm_hostname" | \
tee /var/www/html/index.html
systemctl restart apache2'