Gcp Notes

From Federal Burro of Information
Revision as of 15:40, 22 June 2020 by David (talk | contribs)
Jump to navigationJump to search

Overview

Auth

get the auth file and then:

export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"


whoami ?

gcloud auth list
gsutil version -l

The gsutil will show legacy boto files:

${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto

but in the same dir there is:

${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json

which you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.

There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )

echo ${GOOGLE_CREDENTIALS}
echo ${GOOGLE_CLOUD_KEYFILE_JSON}
echo ${GCLOUD_KEYFILE_JSON}

Projecs

I logical place to put your stuff.

Use this "bag" to put a billing unit.

In as much as you want to use label for billing, some charges can't be labels. Project partition that cost.

list your projects:

gcloud projects list

Not all project have billing accounts.

Storage

Types of storage, how to choose:

https://cloud.google.com/storage-options/

Compute

https://cloud.google.com/sdk/gcloud/reference/compute/instances/create

how do I like project and familiy for well known images for terraform builds?

gcloud compute images list  --standard-images

list non-running instances

gcloud compute instances list

_always_ show _only_ running.

But what about the failed, initializing, terminated instances? Try this:

gcloud compute instances list --filter="status:*"


OS Login

So you want to just ssh into the vm like you do everything else, you don't want to use

gcloud ssh login

or the "in browser" ssh client.

great , you want "OS Login"

lots of steps:

1. for the VM set the enable-oslogin meta data value to "TRUE"

in tf like this:

  metadata  = {
    enable-oslogin = "TRUE"
  }

2. give the user the correct roles:

Computer OS Login ( for vanilla , non-root access )
Compute OS Admin login ( for root access via sudo )

via command line this I think:

gcloud projects add-iam-policy-binding project-ID --member \
 serviceAccount:"velos-manager@project-ID.iam.gserviceaccount.com" \
 --role "roles/iam.serviceAccountUser"
 --no-user-output-enabled --quiet


How Tos

single node NFS
https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f

Reading

Hashes and ETags
Best Practices
https://cloud.google.com/storage/docs/hashes-etags