Mais conteúdo relacionado Semelhante a Google Compute Engine Starter Guide (20) Google Compute Engine Starter Guide2. Prepare
● google cloud project
● google-cloud-sdk with gcutil
● ssh tool
Reference:
https://sites.google.com/a/mitac.com.tw/google-cloud-platform/google-compute-engine/gce---sdk-install-and-auth
3. ● GCE architecture
● GCE web UI to GCE CLI tool
○ Create, Snapshot, Create from Disk or Snapshot
● Network & FW
○ 3-tier network implements
● Instance option - start script
○ Using start script build a auto scale service
Today’s Objective
5. Something about GCE
● Billing: 1 Minute Increments, Minimum 10 Minutes
● Security:
○ ISO 27001:2005 Certification for GCE, GAE, and GCS
● Location:
○ Region
○ Zone
6. About the Instances
● Persistent Disk
● Network block storage
● Max of 16 disks/instance
● Created independently of instance
● 1 Virtual CPU is a Hyperthread on Processor
● Current processor is 2.6 GHz Intel Sandy Bridge Xeon
● No GPU or SSD Options
10. gcutil - Get HELP
➔ gcutil --help
➔ gcutil help listinstances
◆ ex: gcutil listinstances --columns=all --format=json
➔ https://developers.google.com/compute/docs/gcutil/tips
12. Connect to GCE machine
➔ gcutil ssh [instance id]
➔ ssh [username]@[instance-ip] -i [path-to-google-ssh-key]
13. Windows connect GCE
● Prepare ssh private key for project metadata [Ref]
[username]:ssh-rsa [private keys value]
15. Sample of create N-Tier
● Security purpose
● Permission control
● Management purpose
● Tiers
○ admin: VPN,
management purpose
○ frontend: web server,
for public connect
○ db: storing data,
sensitive areahttp://gappsnews.blogspot.tw/search?q=n-tier
16. # service port
gcutil addfirewall --allowed_tag_sources=frontend --network=my-network --allowed=tcp:80,tcp:443 myfw-service-port
# ap to db
gcutil addfirewall --allowed_tag_sources=frontend --target_tags=db --network=my-network --allowed=tcp:5984 myfw-
couchdb-port
# admin zone
gcutil addfirewall --allowed_ip_sources=0.0.0.0/8 --network=my-network --allowed=tcp:22 myfw-admin-ssh
gcutil addfirewall --allowed_tag_sources=admin --target_tags=frontend,db --network=my-network --allowed=tcp:22
myfw-manage-zone
Sample of create N-Tier - Network ACLs
17. Sample of create N-Tier - VPN & Web server
gcutil --project="my-project" addinstance "my-gateway"
--tags="admin" --zone="us-central1-b" --machine_type="g1-small"
--network="my-network" --external_ip_address="ephemeral"
--can_ip_forward="true"
--image="https://www.googleapis.com/compute/v1/projects/.../global/images/..."
--persistent_boot_disk="true"
gcutil --project="my-project" addinstance "my-web-01"
--tags="frontend" --zone="us-central1-b" --machine_type="n1-standard-1"
--network="my-network" --external_ip_address="ephemeral"
--can_ip_forward="true"
--image="https://www.googleapis.com/compute/v1/projects/.../global/images/..."
--persistent_boot_disk="true"
18. Instance option - Start Script
$ cat -> install-couchdb.sh << EOF
sudo apt-get update -y
sudo apt-get install gcc openssl couchdb -y
EOF
$ gcutil --service_version="v1"
--project="my-project" addinstance "my-couchdb-01"
--tags="db" --zone="us-central1-b" --machine_type="n1-highmem-2"
--network="my-network" --external_ip_address="ephemeral"
--can_ip_forward="true"
--image="https://www.googleapis.com/compute/v1/projects/centos-cloud/global/images/centos-6-v20131120"
--persistent_boot_disk="true"
--metadata_from_file=startup-script:install-couchdb.sh
19. Share your project
● Is Owner: resource management, project permission
● Can Edit: resource management
● Can View: resource view
20. ● Add persistent disk
● Create image
● Bring your own kernel (brief)
Advance operations
21. Add a Persistent Disk...
➔ gcutil adddisk --zone=us-central1-a testdisk
➔ gcutil ssh [instance name]
➔ sudo mkdir /mnt/pd0
➔ sudo /usr/share/google/safe_format_and_mount
-m "mkfs.ext4 -F" /dev/disk/by-id/[disk-id] /mnt/pd0
22. Create a Image...
➔ sudo gcimagebundle -d /dev/sda -o /tmp/
--log_file=/tmp/abc.log
➔ gsutil cp /tmp/308...439.image.tar.gz
gs://arecord-customise-images
➔ gcutil addimage test-image
gs://arecord-customise-images/308...439.image.tar.gz
23. Porting recommendation
● Install LAMP
sudo yum -y install httpd php php-mysql mysql mysql-server
sudo yum install php-mysql php-gd libjpeg* php-imap php-ldap php-odbc php-pear php-xml php-
xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt
● FW configure (GCE default enabled the iptables)
sudo vi /etc/sysconfig/iptables
⇒ Add your port… like 80, 443...
● SELinux setting (GCE default enable the SELinux)
sudo vi /etc/sysconfig/selinux
⇒ SELINUX=disabled
● Setup boot level services
sudo chkconfig --level 23456 mysqld on
sudo chkconfig --level 23456 httpd on
24. Porting recommendation
● Mount persistence disk when boot
$ sudo vi /etc/fstab
UUID=a8cf...aaf98 / ext4 defaults,barrier=0 1 1
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sdb /mnt/pd0 ext4 defaults 1 1
25. Bring Your Own Image
● Any common Linux distro
● Must support some specific kernel settings (e.g.,
specific PCI and ISA bridge, vCPU settings, SCSI
settings)
● Must have Python 2.6 or higher & sshd
● Must contain some Google packages (startup script
support, google-daemon, gcimagebundle)
● Should have other settings configured (e.g. DHCP,
SSH, firewall)