Google
Compute
Engine
SimonSu@mitac.com.tw
MiCloud 2014Q1
Prepare
● google cloud project
● google-cloud-sdk with gcutil
● ssh tool
Reference:
https://sites.google.com/a/mitac.com.t...
● GCE architecture
● GCE web UI to GCE CLI tool
○ Create, Snapshot, Create from Disk or Snapshot
● Network & FW
○ 3-tier n...
Compute Engine Architecture
Network
Firewall
Instances
IP(Static,
Dynamic)
L3 Load
Balancing
Something about GCE
● Billing: 1 Minute Increments, Minimum 10 Minutes
● Security:
○ ISO 27001:2005 Certification for GCE,...
About the Instances
● Persistent Disk
● Network block storage
● Max of 16 disks/instance
● Created independently of instan...
About utility - web ui, gcutil, restful
Compute Engine Web UI
From Web UI to CLI to RESTful
gcutil - Get HELP
➔ gcutil --help
➔ gcutil help listinstances
◆ ex: gcutil listinstances --columns=all --format=json
➔ htt...
RESTful APIs
https://developers.google.com/apis-explorer/#p/compute/v1/
Connect to GCE machine
➔ gcutil ssh [instance id]
➔ ssh [username]@[instance-ip] -i [path-to-google-ssh-key]
Windows connect GCE
● Prepare ssh private key for project metadata [Ref]
[username]:ssh-rsa [private keys value]
Network & Firewall & Instance Scripts
Sample of create N-Tier
● Security purpose
● Permission control
● Management purpose
● Tiers
○ admin: VPN,
management purp...
# service port
gcutil addfirewall --allowed_tag_sources=frontend --network=my-network --allowed=tcp:80,tcp:443 myfw-servic...
Sample of create N-Tier - VPN & Web server
gcutil --project="my-project" addinstance "my-gateway" 
--tags="admin" --zone="...
Instance option - Start Script
$ cat -> install-couchdb.sh << EOF
sudo apt-get update -y
sudo apt-get install gcc openssl ...
Share your project
● Is Owner: resource management, project permission
● Can Edit: resource management
● Can View: resourc...
● Add persistent disk
● Create image
● Bring your own kernel (brief)
Advance operations
Add a Persistent Disk...
➔ gcutil adddisk --zone=us-central1-a testdisk
➔ gcutil ssh [instance name]
➔ sudo mkdir /mnt/pd0...
Create a Image...
➔ sudo gcimagebundle -d /dev/sda -o /tmp/ 
--log_file=/tmp/abc.log
➔ gsutil cp /tmp/308...439.image.tar....
Porting recommendation
● Install LAMP
sudo yum -y install httpd php php-mysql mysql mysql-server
sudo yum install php-mysq...
Porting recommendation
● Mount persistence disk when boot
$ sudo vi /etc/fstab
UUID=a8cf...aaf98 / ext4 defaults,barrier=0...
Bring Your Own Image
● Any common Linux distro
● Must support some specific kernel settings (e.g.,
specific PCI and ISA br...
Google Compute Engine Starter Guide
Upcoming SlideShare
Loading in …5
×

Google Compute Engine Starter Guide

1,866 views

Published on

Google Compute Engine (GCE) starter guide, learning about the basic operation of GCE and the gcutil, network tier, image and disk.

Published in: Technology

Google Compute Engine Starter Guide

  1. 1. Google Compute Engine SimonSu@mitac.com.tw MiCloud 2014Q1
  2. 2. Prepare ● google cloud project ● google-cloud-sdk with gcutil ● ssh tool Reference: https://sites.google.com/a/mitac.com.tw/google-cloud-platform/google-compute-engine/gce---sdk-install-and-auth
  3. 3. ● GCE architecture ● GCE web UI to GCE CLI tool ○ Create, Snapshot, Create from Disk or Snapshot ● Network & FW ○ 3-tier network implements ● Instance option - start script ○ Using start script build a auto scale service Today’s Objective
  4. 4. Compute Engine Architecture Network Firewall Instances IP(Static, Dynamic) L3 Load Balancing
  5. 5. Something about GCE ● Billing: 1 Minute Increments, Minimum 10 Minutes ● Security: ○ ISO 27001:2005 Certification for GCE, GAE, and GCS ● Location: ○ Region ○ Zone
  6. 6. About the Instances ● Persistent Disk ● Network block storage ● Max of 16 disks/instance ● Created independently of instance ● 1 Virtual CPU is a Hyperthread on Processor ● Current processor is 2.6 GHz Intel Sandy Bridge Xeon ● No GPU or SSD Options
  7. 7. About utility - web ui, gcutil, restful
  8. 8. Compute Engine Web UI
  9. 9. From Web UI to CLI to RESTful
  10. 10. gcutil - Get HELP ➔ gcutil --help ➔ gcutil help listinstances ◆ ex: gcutil listinstances --columns=all --format=json ➔ https://developers.google.com/compute/docs/gcutil/tips
  11. 11. RESTful APIs https://developers.google.com/apis-explorer/#p/compute/v1/
  12. 12. Connect to GCE machine ➔ gcutil ssh [instance id] ➔ ssh [username]@[instance-ip] -i [path-to-google-ssh-key]
  13. 13. Windows connect GCE ● Prepare ssh private key for project metadata [Ref] [username]:ssh-rsa [private keys value]
  14. 14. Network & Firewall & Instance Scripts
  15. 15. Sample of create N-Tier ● Security purpose ● Permission control ● Management purpose ● Tiers ○ admin: VPN, management purpose ○ frontend: web server, for public connect ○ db: storing data, sensitive areahttp://gappsnews.blogspot.tw/search?q=n-tier
  16. 16. # service port gcutil addfirewall --allowed_tag_sources=frontend --network=my-network --allowed=tcp:80,tcp:443 myfw-service-port # ap to db gcutil addfirewall --allowed_tag_sources=frontend --target_tags=db --network=my-network --allowed=tcp:5984 myfw- couchdb-port # admin zone gcutil addfirewall --allowed_ip_sources=0.0.0.0/8 --network=my-network --allowed=tcp:22 myfw-admin-ssh gcutil addfirewall --allowed_tag_sources=admin --target_tags=frontend,db --network=my-network --allowed=tcp:22 myfw-manage-zone Sample of create N-Tier - Network ACLs
  17. 17. Sample of create N-Tier - VPN & Web server gcutil --project="my-project" addinstance "my-gateway" --tags="admin" --zone="us-central1-b" --machine_type="g1-small" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/.../global/images/..." --persistent_boot_disk="true" gcutil --project="my-project" addinstance "my-web-01" --tags="frontend" --zone="us-central1-b" --machine_type="n1-standard-1" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/.../global/images/..." --persistent_boot_disk="true"
  18. 18. Instance option - Start Script $ cat -> install-couchdb.sh << EOF sudo apt-get update -y sudo apt-get install gcc openssl couchdb -y EOF $ gcutil --service_version="v1" --project="my-project" addinstance "my-couchdb-01" --tags="db" --zone="us-central1-b" --machine_type="n1-highmem-2" --network="my-network" --external_ip_address="ephemeral" --can_ip_forward="true" --image="https://www.googleapis.com/compute/v1/projects/centos-cloud/global/images/centos-6-v20131120" --persistent_boot_disk="true" --metadata_from_file=startup-script:install-couchdb.sh
  19. 19. Share your project ● Is Owner: resource management, project permission ● Can Edit: resource management ● Can View: resource view
  20. 20. ● Add persistent disk ● Create image ● Bring your own kernel (brief) Advance operations
  21. 21. Add a Persistent Disk... ➔ gcutil adddisk --zone=us-central1-a testdisk ➔ gcutil ssh [instance name] ➔ sudo mkdir /mnt/pd0 ➔ sudo /usr/share/google/safe_format_and_mount -m "mkfs.ext4 -F" /dev/disk/by-id/[disk-id] /mnt/pd0
  22. 22. Create a Image... ➔ sudo gcimagebundle -d /dev/sda -o /tmp/ --log_file=/tmp/abc.log ➔ gsutil cp /tmp/308...439.image.tar.gz gs://arecord-customise-images ➔ gcutil addimage test-image gs://arecord-customise-images/308...439.image.tar.gz
  23. 23. Porting recommendation ● Install LAMP sudo yum -y install httpd php php-mysql mysql mysql-server sudo yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php- xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt ● FW configure (GCE default enabled the iptables) sudo vi /etc/sysconfig/iptables ⇒ Add your port… like 80, 443... ● SELinux setting (GCE default enable the SELinux) sudo vi /etc/sysconfig/selinux ⇒ SELINUX=disabled ● Setup boot level services sudo chkconfig --level 23456 mysqld on sudo chkconfig --level 23456 httpd on
  24. 24. Porting recommendation ● Mount persistence disk when boot $ sudo vi /etc/fstab UUID=a8cf...aaf98 / ext4 defaults,barrier=0 1 1 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/sdb /mnt/pd0 ext4 defaults 1 1
  25. 25. Bring Your Own Image ● Any common Linux distro ● Must support some specific kernel settings (e.g., specific PCI and ISA bridge, vCPU settings, SCSI settings) ● Must have Python 2.6 or higher & sshd ● Must contain some Google packages (startup script support, google-daemon, gcimagebundle) ● Should have other settings configured (e.g. DHCP, SSH, firewall)

×