Google Compute Engine Starter Guide
•
5 j'aime•2,419 vues
Google Compute Engine (GCE) starter guide, learning about the basic operation of GCE and the gcutil, network tier, image and disk.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Google Compute Engine Starter Guide
Similaire à Google Compute Engine Starter Guide (20)
Plus de Simon Su
Plus de Simon Su (20)
Dernier
Dernier (20)
Google Compute Engine Starter Guide
- 2. Prepare ● google cloud project ● google-cloud-sdk with gcutil ● ssh tool Reference: https://sites.google.com/a/mitac.com.tw/google-cloud-platform/google-compute-engine/gce---sdk-install-and-auth
- 3. ● GCE architecture ● GCE web UI to GCE CLI tool ○ Create, Snapshot, Create from Disk or Snapshot ● Network & FW ○ 3-tier network implements ● Instance option - start script ○ Using start script build a auto scale service Today’s Objective
- 5. Something about GCE ● Billing: 1 Minute Increments, Minimum 10 Minutes ● Security: ○ ISO 27001:2005 Certification for GCE, GAE, and GCS ● Location: ○ Region ○ Zone
- 6. About the Instances ● Persistent Disk ● Network block storage ● Max of 16 disks/instance ● Created independently of instance ● 1 Virtual CPU is a Hyperthread on Processor ● Current processor is 2.6 GHz Intel Sandy Bridge Xeon ● No GPU or SSD Options
- 7. About utility - web ui, gcutil, restful
- 8. Compute Engine Web UI
- 9. From Web UI to CLI to RESTful
- 10. gcutil - Get HELP ➔ gcutil --help ➔ gcutil help listinstances ◆ ex: gcutil listinstances --columns=all --format=json ➔ https://developers.google.com/compute/docs/gcutil/tips
- 12. Connect to GCE machine ➔ gcutil ssh [instance id] ➔ ssh [username]@[instance-ip] -i [path-to-google-ssh-key]
- 13. Windows connect GCE ● Prepare ssh private key for project metadata [Ref] [username]:ssh-rsa [private keys value]
- 14. Network & Firewall & Instance Scripts
- 15. Sample of create N-Tier ● Security purpose ● Permission control ● Management purpose ● Tiers ○ admin: VPN, management purpose ○ frontend: web server, for public connect ○ db: storing data, sensitive areahttp://gappsnews.blogspot.tw/search?q=n-tier
- 16. # service port gcutil addfirewall --allowed_tag_sources=frontend --network=my-network --allowed=tcp:80,tcp:443 myfw-service-port # ap to db gcutil addfirewall --allowed_tag_sources=frontend --target_tags=db --network=my-network --allowed=tcp:5984 myfw- couchdb-port # admin zone gcutil addfirewall --allowed_ip_sources=0.0.0.0/8 --network=my-network --allowed=tcp:22 myfw-admin-ssh gcutil addfirewall --allowed_tag_sources=admin --target_tags=frontend,db --network=my-network --allowed=tcp:22 myfw-manage-zone Sample of create N-Tier - Network ACLs
- 17. Sample of create N-Tier - VPN & Web server gcutil --project="my-project" addinstance "my-gateway" --tags="admin" --zone="us-central1-b" --machine_type="g1-small" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/.../global/images/..." --persistent_boot_disk="true" gcutil --project="my-project" addinstance "my-web-01" --tags="frontend" --zone="us-central1-b" --machine_type="n1-standard-1" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/.../global/images/..." --persistent_boot_disk="true"
- 18. Instance option - Start Script $ cat -> install-couchdb.sh << EOF sudo apt-get update -y sudo apt-get install gcc openssl couchdb -y EOF $ gcutil --service_version="v1" --project="my-project" addinstance "my-couchdb-01" --tags="db" --zone="us-central1-b" --machine_type="n1-highmem-2" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/centos-cloud/global/images/centos-6-v20131120" --persistent_boot_disk="true" --metadata_from_file=startup-script:install-couchdb.sh
- 19. Share your project ● Is Owner: resource management, project permission ● Can Edit: resource management ● Can View: resource view
- 20. ● Add persistent disk ● Create image ● Bring your own kernel (brief) Advance operations
- 21. Add a Persistent Disk... ➔ gcutil adddisk --zone=us-central1-a testdisk ➔ gcutil ssh [instance name] ➔ sudo mkdir /mnt/pd0 ➔ sudo /usr/share/google/safe_format_and_mount -m "mkfs.ext4 -F" /dev/disk/by-id/[disk-id] /mnt/pd0
- 22. Create a Image... ➔ sudo gcimagebundle -d /dev/sda -o /tmp/ --log_file=/tmp/abc.log ➔ gsutil cp /tmp/308...439.image.tar.gz gs://arecord-customise-images ➔ gcutil addimage test-image gs://arecord-customise-images/308...439.image.tar.gz
- 23. Porting recommendation ● Install LAMP sudo yum -y install httpd php php-mysql mysql mysql-server sudo yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php- xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt ● FW configure (GCE default enabled the iptables) sudo vi /etc/sysconfig/iptables ⇒ Add your port… like 80, 443... ● SELinux setting (GCE default enable the SELinux) sudo vi /etc/sysconfig/selinux ⇒ SELINUX=disabled ● Setup boot level services sudo chkconfig --level 23456 mysqld on sudo chkconfig --level 23456 httpd on
- 24. Porting recommendation ● Mount persistence disk when boot $ sudo vi /etc/fstab UUID=a8cf...aaf98 / ext4 defaults,barrier=0 1 1 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/sdb /mnt/pd0 ext4 defaults 1 1
- 25. Bring Your Own Image ● Any common Linux distro ● Must support some specific kernel settings (e.g., specific PCI and ISA bridge, vCPU settings, SCSI settings) ● Must have Python 2.6 or higher & sshd ● Must contain some Google packages (startup script support, google-daemon, gcimagebundle) ● Should have other settings configured (e.g. DHCP, SSH, firewall)