Google Cloud

In this lab you will:

• Configure access to the gcp project that was provisioned for you
• Learn to use the gcloud cli
• Create a jumpbox VM in GCP's Compute Engine
• Created DNS hosted zone
• Create a service account and key

Access your GCP Project

1. Visit https://cloud.google.com

   If you do not already have an account, click on the Get Started button. Otherwise, sign in.

2. A GCP project has been provisioned for you specifically for this training. Communicate your account username (typically an email address) to your instructor. Your instructor will send you an invitation to join that project. You must accept the invitation.

3. Access the GCP Console (click the Console button in the banner, or navigate directly to https://console.cloud.google.com/).

4. Click on the GCP project dropdown widget at the top of the page. A project selection panel will display. Click the tab with the caption ALL and select the project you were provisioned.

5. Click on the button at the top right of the page labeled (when hovering) Activate Cloud Shell (it looks like a command prompt). This action launches a terminal provisioned by Google Cloud.

6. Verify that your gcloud CLI is pointing to your assigned GCP project by running:

   gcloud config list
   

A tour of the GCP Dashboard

Challenge

If you have prior experience with GCP and are familiar with its dashboard, volunteer to give the rest of the class a quick tour.

Here is a suggestion of some of the areas of the dashboard to demo:

• The Compute Engine: VMs, Disks, Images
• The Network Services: Load balancing, DNS
• VPC Network: networks, subnets, firewall rules, external IP addresses
• Storage (gcs, buckets)
• Identify and Access Management (IAM)

Learn to use the gcloud CLI

Explore the gcloud CLI.

Here is an independent blog post titled Introduction to G-Cloud command line tool that could be of help.

Feel free to consult other tutorials, google's documentation, and to conduct small exploratory experiments from the cloud shell.

Create the jumpbox

Run the following command to create a new jumpbox VM in your project.

gcloud compute instances create "jumpbox" \
  --image-family "ubuntu-1804-lts" \
  --image-project "ubuntu-os-cloud" \
  --boot-disk-size "200" \
  --zone us-central1-a

After some time, the gcloud CLI will output some information about the jumpbox that it created.

For simplicity, regardless of your geographical region, you will use us-central1-a. Read for more information about Google Cloud regions and zones.

The jumpbox needs a relatively large hard drive (200GB) so that in later labs you can use the space for storing backup data.

SSH into the jumpbox

You must now ssh to this new jumpbox using the zone you selected earlier. Notice you are logging in as the ubuntu user. There's nothing particularly special about this account. The account and its home directory are automatically generated upon first use and will serve as a shared resource for you and your pair.

The command to connect to your jumpbox will look something like the following snippet. Run this in your current terminal session:

gcloud compute ssh ubuntu@jumpbox

Once the command completes and you are connected to the jumpbox, continue with the following installation steps.

Initialize the jumpbox for GCP

On the jumpbox, you are logged in to Google Cloud using a default service account which does not have the level of privilege we require.

You can verify this by running the following command and noting an error message relating to authorization:

gcloud compute instances list.

To remedy this, authenticate with google cloud using this command:

gcloud auth login

1. Copy the specified URL into your browser
2. Authorize access
3. Paste the verification code provided back into your jumpbox session

The gcloud compute instances list command will now produce a list of all the VMs in your project (just the jumpbox).

Create a DNS Hosted Zone

1. Navigate to the Cloud DNS section, under Network Services

2. Ask your instructor for your environment name. Environment names must be lower-cased, and contain only characters, digits, and hyphens.

3. Create a DNS Zone entry as follows:

   1. Click the button captioned Create Zone
   2. Enter ${replace-me-with-your-environment-name}-zone for the zone name
   3. Enter ${replace-me-with-your-environment-name}.pal4pe.com for the DNS name
   4. Click "Create"

Challenge

Can you figure out the gcloud command to list the hosted zones in your GCP project?

Create a service account and key

In GCP, service accounts are accounts used by a process, not a human.

• Read about service accounts here.

• Complete Step 1: Obtain a GCP Service Account Key File, I want to create a new service account. Do not proceed to step 2.

You invoked three commands:

1. create the account
2. produce a key file named terraform.key.json
3. give the account permissions

Keep a copy of your key file on your jumpbox in your ~/workspace directory.

The service account key will be used in an upcoming lab to automate the creation of resources in GCP using terraform.

In a browser, visit your GCP dashboard, and navigate to the IAM & Admin section. Explore this section. Locate your service account.