Compute

VM

• can have a startup and shutdown script
  • shutdown script won't run in case of instances().reset (hard reset)
• can have a local SSD as scratch-pad storage
  • local disks cannot be snapshoted
• VM Metadata from within VM: curl -H "Metadata-Flavor: Google" http://169.254.169.254/computeMetadata/v1/
• Moving a VM:
  • to another zone: use gcloud compute instances move, update references to VM
  • to another region: snapshot all persistent disks, create new disks from snapshots, create new VM and attach new disks, delete old VM, disks, snapshots
• Q: How do you clone a VM in another region? A: Snapshot root disk B: Create an image C: Use for the new VM
  • Snapshots are only available in the same region, therefore additional step of image creation is required
• a vCPU is equal to 1 hardware hyper-thread
• gcloud compute instances create privatenet-bastion --zone=us-central1-c --subnet=privatesubnet --can-ip-forward
• storage options:
  • persistent: Zonal/Regional Standard/SSD disks. Max # of PD 128 = 64TB
    • PD in RO mode can be shared by multiple VMs
    • can be resized even while in use
  • local SSD: transient, fixed capacity of 375GB, max 8
    • use mdadm RAID0 to increase performance and capacity
    • Any other RAID schemes aren't really useful since the disks are transient storage
• Pricing: per second, min 1 min. Discounts:
  • sustained-use discount: discount if used over 25% in a billing month
  • committed-use discount: 1 or 3 years contract
  • preemptible-use: 80% discount, max 24 hours, no charge if < 10 min, 30-second termination warning
• shielded VMs: secure boot, vTPM (virtual Trusted Platform Module), Integrity monitoring
• snapshots are incremental, use Cloud Storage (not visible)
• create an image from a boot disk: gcloud compute images create mywebserver --source-disk=webserver --source-disk-zone=us-central1-a --storage-location=us
• A public ssh key can be added project-wide to let a user access all VM instances
• A suspended instance will lose its local SSD data
• A stopped instance will lose state, except persistent disks

Instance Group

• A managed instance group is a set of instances treated as a group for high availability and scale out
  • configuring requires specifying: Location, Load balancing, instance template, auto-scaling, health-check
• can be zonal or (BP) regional resource
• allows autoscale, autoheal, multizone (regional) and autoupdate
• Autoscaler needs autoscaling policy and target utilization
  • Autoscaling policies: Average CPU Utilization, HTTP load balancing capacity, Cloud Monitoring Metrics
  • In case of HTTP Load Balancing, instance group must be assigned to a backend service at some point
  • target utilization for the policy, eg 80%
• cool down period is time load balancer allows an instance to be completely set up before deciding if it is unhealthy
• drain period period of low activity after which, an instance is prepared for draining (no new connections)
• health check (similar to uptime check monitor) has
  • check interval: how long to wait between consecutive checks, next health-check starts from the point the previous one completes
  • timeout interval: how long to wait for response
  • healthy and unhealthy thresholds: how many consecutive healthy/unhealthy checks require before acting
• Q: if check interval=5 sec, timeout=5 sec and unhealthy threshold=2, what's the time in minutes to unhealthy A: 15 (= 2 unhealthy timeouts + 1 wait)
• Unmanaged group just load balances between nodes that are managed manually

gcloud

• create instance template:

  gcloud compute instance-templates create nat-X
      --machine-type n1-standard-2 --can-ip-forward \
      --tags natgw --metadata-from-file=startup-script=startup.sh \
      --region us-east1
  

• create an instance group consisting of 1 instance, which if fails, is restarted automatically

  gcloud compute instance-groups managed create nat-X --size=1 --template=nat-X
  

• create health-check using http protocol at /health URL checking every 30 seconds, requiring consecutive 2 successes/3 failures to mark instance as healthy/unhealthy respectively

  gcloud compute health-checks create http nat-health-check
      --request-path /health
      --check-interval 30 --healthy-threshold 2 --unhealthy-threshold 3
  

• autoheal

  gcloud beta compute instance-groups managed set-autohealing nat-X \
      --health-check nat-health-check \
      --initial-delay 120 \
      --zone us-east1-b
  

IoT

• Support two protocols MQTT and HTTP
• can receive and send data to devices (eg receive telemetry information and send updated config)
• send data to pubsub

gcloud

• steps for creating an IoT pipeline
  1. create registry first

     gcloud beta iot registries create iotlab-registry \
         --project=$PROJECT_ID \
         --region=$MY_REGION \
         --event-notification-config=topic=projects/$PROJECT_ID/topics/iotlab
     

  2. create cryptography pair

     openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem \
         -nodes -out rsa_cert.pem -subj "/CN=unused"
     wget https://pki.google.com/roots.pem  # download root certificate
     

  3. add device to registry

     gcloud beta iot devices create temp-sensor-buenos-aires \
         --project=$PROJECT_ID \
         --region=$MY_REGION \
         --registry=iotlab-registry \
         --public-key path=rsa_cert.pem,type=rs256