Skip to content

Compute

VM

  • can have a startup and shutdown script
  • shutdown script won't run in case of instances().reset (hard reset)
  • can have a local SSD as scratch-pad storage
  • local disks cannot be snapshoted
  • VM Metadata from within VM: curl -H "Metadata-Flavor: Google" http://169.254.169.254/computeMetadata/v1/
  • Moving a VM:
  • to another zone: use gcloud compute instances move, update references to VM
  • to another region: snapshot all persistent disks, create new disks from snapshots, create new VM and attach new disks, delete old VM, disks, snapshots
  • Q: How do you clone a VM in another region? A: Snapshot root disk B: Create an image C: Use for the new VM
  • Snapshots are only available in the same region, therefore additional step of image creation is required
  • a vCPU is equal to 1 hardware hyper-thread
  • gcloud compute instances create privatenet-bastion --zone=us-central1-c --subnet=privatesubnet --can-ip-forward
  • storage options:
  • persistent: Zonal/Regional Standard/SSD disks. Max # of PD 128 = 64TB
    • PD in RO mode can be shared by multiple VMs
    • can be resized even while in use
  • local SSD: transient, fixed capacity of 375GB, max 8
    • use mdadm RAID0 to increase performance and capacity
    • Any other RAID schemes aren't really useful since the disks are transient storage
  • Pricing: per second, min 1 min. Discounts:
  • sustained-use discount: discount if used over 25% in a billing month
  • committed-use discount: 1 or 3 years contract
  • preemptible-use: 80% discount, max 24 hours, no charge if < 10 min, 30-second termination warning
  • shielded VMs: secure boot, vTPM (virtual Trusted Platform Module), Integrity monitoring
  • snapshots are incremental, use Cloud Storage (not visible)
  • create an image from a boot disk: gcloud compute images create mywebserver --source-disk=webserver --source-disk-zone=us-central1-a --storage-location=us
  • A public ssh key can be added project-wide to let a user access all VM instances
  • A suspended instance will lose its local SSD data
  • A stopped instance will lose state, except persistent disks

Instance Group

  • A managed instance group is a set of instances treated as a group for high availability and scale out
  • configuring requires specifying: Location, Load balancing, instance template, auto-scaling, health-check
  • can be zonal or (BP) regional resource
  • allows autoscale, autoheal, multizone (regional) and autoupdate
  • Autoscaler needs autoscaling policy and target utilization
  • Autoscaling policies: Average CPU Utilization, HTTP load balancing capacity, Cloud Monitoring Metrics
  • In case of HTTP Load Balancing, instance group must be assigned to a backend service at some point
  • target utilization for the policy, eg 80%
  • cool down period is time load balancer allows an instance to be completely set up before deciding if it is unhealthy
  • drain period period of low activity after which, an instance is prepared for draining (no new connections)
  • health check (similar to uptime check monitor) has
  • check interval: how long to wait between consecutive checks, next health-check starts from the point the previous one completes
  • timeout interval: how long to wait for response
  • healthy and unhealthy thresholds: how many consecutive healthy/unhealthy checks require before acting
  • Q: if check interval=5 sec, timeout=5 sec and unhealthy threshold=2, what's the time in minutes to unhealthy A: 15 (= 2 unhealthy timeouts + 1 wait)
  • Unmanaged group just load balances between nodes that are managed manually

gcloud

  • create instance template:
gcloud compute instance-templates create nat-X
  --machine-type n1-standard-2 --can-ip-forward \
  --tags natgw --metadata-from-file=startup-script=startup.sh \
  --region us-east1
  • create an instance group consisting of 1 instance, which if fails, is restarted automatically
gcloud compute instance-groups managed create nat-X --size=1 --template=nat-X
  • create health-check using http protocol at /health URL checking every 30 seconds, requiring consecutive 2 successes/3 failures to mark instance as healthy/unhealthy respectively
gcloud compute health-checks create http nat-health-check
  --request-path /health
  --check-interval 30 --healthy-threshold 2 --unhealthy-threshold 3
  • autoheal
gcloud beta compute instance-groups managed set-autohealing nat-X \
  --health-check nat-health-check \
  --initial-delay 120 \
  --zone us-east1-b

IoT

  • Support two protocols MQTT and HTTP
  • can receive and send data to devices (eg receive telemetry information and send updated config)
  • send data to pubsub

gcloud

  • steps for creating an IoT pipeline

  • create registry first

    gcloud beta iot registries create iotlab-registry \
  --project=$PROJECT_ID \
  --region=$MY_REGION \
  --event-notification-config=topic=projects/$PROJECT_ID/topics/iotlab

  • create cryptography pair

    openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem \
  -nodes -out rsa_cert.pem -subj "/CN=unused"
wget https://pki.google.com/roots.pem  # download root certificate

  • add device to registry

    gcloud beta iot devices create temp-sensor-buenos-aires \
  --project=$PROJECT_ID \
  --region=$MY_REGION \
  --registry=iotlab-registry \
  --public-key path=rsa_cert.pem,type=rs256