Linux GCP
Chapter 93: Linux on Google Cloud Platform
Section titled “Chapter 93: Linux on Google Cloud Platform”Comprehensive Guide to Linux Administration on GCP
Section titled “Comprehensive Guide to Linux Administration on GCP”Why This Matters in DevOps/SRE
Section titled “Why This Matters in DevOps/SRE”GCP is a leading cloud platform:
- Kubernetes: GKE is the reference Kubernetes implementation
- Data/ML: Strong data and ML services
- Networking: Global network infrastructure
- Automation: Strong CLI and API tools
- Certification: GCP certifications valued
GCP expertise is essential for Kubernetes and data-heavy roles.
93.1 Google Compute Engine
Section titled “93.1 Google Compute Engine”Understanding GCE
Section titled “Understanding GCE”Google Compute Engine (GCE) provides virtual machines running in Google’s infrastructure. It’s known for high performance and custom machine types.
Compute Engine Machine Types+------------------------------------------------------------------+| || Machine Families: || || +---------------------------+----------------------------------+|| | Family | Examples | Use Case ||| | ------------|------------|----------------------------------|| | E2 | e2-medium | Cost-optimized ||| | N1 | n1-std-1 | General purpose ||| | N2 | n2-std-2 | General purpose (newer) ||| | N2D | n2d-std-2 | AMD-based ||| | C2 | c2-std-4 | Compute optimized ||| | C2D | c2d-std-4 | AMD compute optimized ||| | M1 | m1-ultramem| Memory optimized ||| | M2 | m2-ultramem| Ultra memory ||| | A2 | a2-highgpu | GPU (NVIDIA A100) ||| +---------------------------+----------------------------------+|| || Storage: || +----------------------------------------------------------+ || | Zonal PD | Persistent Disk (HDD/SSD) | || | Regional PD| Replicated across zones | || | Local SSD | Local NVMe (ephemeral) | || | Cloud Storage | Object storage | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+gcloud SDK Setup
Section titled “gcloud SDK Setup”# Install gcloud SDK# Debian/Ubuntuecho "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk-main" | \ sudo tee /etc/apt/sources.list.d/google-cloud-sdk.listsudo apt update && sudo apt install google-cloud-sdk
# RHEL/CentOSsudo tee /etc/yum.repos.d/google-cloud-sdk.repo << EOF[google-cloud-sdk]name=Google Cloud SDKbaseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64enabled=1gpgcheck=1gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpgEOFsudo yum install google-cloud-sdk
# Initializegcloud init
# Authenticategcloud auth logingcloud auth activate-service-account --key-file=key.json
# Set projectgcloud config set project my-project
# Set default region/zonegcloud config set compute/region us-central1gcloud config set compute/zone us-central1-aVM Instance Management
Section titled “VM Instance Management”# List instancesgcloud compute instances listgcloud compute instances list --filter="zone:us-central1-a"
# Create instancegcloud compute instances create my-instance \ --zone=us-central1-a \ --machine-type=e2-medium \ --image-family=ubuntu-2204-lts \ --image-project=ubuntu-os-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-ssd \ --network-interface=subnet=my-subnet,aliases=10.0.0.0/24
# Create with startup scriptgcloud compute instances create my-instance \ --zone=us-central1-a \ --machine-type=e2-medium \ --image-family=ubuntu-2204-lts \ --image-project=ubuntu-os-cloud \ --metadata-from-file startup-script=startup.sh
# Start instancegcloud compute instances start my-instance --zone=us-central1-a
# Stop instancegcloud compute instances stop my-instance --zone=us-central1-a
# Restartgcloud compute instances reset my-instance --zone=us-central1-a
# Delete instancegcloud compute instances delete my-instance --zone=us-central1-a
# Get instance detailsgcloud compute instances describe my-instance --zone=us-central1-a
# Connect to instancegcloud compute ssh my-instance --zone=us-central1-a
# Connect using external IPssh -i ~/.ssh/google_compute_engine user@external-ipInstance Groups
Section titled “Instance Groups”# Create managed instance groupgcloud compute instance-groups managed create my-group \ --zone=us-central1-a \ --template=my-template \ --size=3
# Resize instance groupgcloud compute instance-groups managed resize my-group \ --zone=us-central1-a \ --size=5
# Create instance templategcloud compute instance-templates create my-template \ --machine-type=e2-medium \ --image-family=ubuntu-2204-lts \ --image-project=ubuntu-os-cloud \ --boot-disk-size=20GB93.2 Persistent Disk Storage
Section titled “93.2 Persistent Disk Storage”Storage Types
Section titled “Storage Types” Persistent Disk Types+------------------------------------------------------------------+| || Type | Performance | Use Case || --------------|-------------------|---------------------------|| Standard HDD | 0.01 IOPS/GB | Cold storage, backups || Balanced SSD | 1.5 IOPS/GB | General purpose || Performance SSD| 3 IOPS/GB | High performance || Extreme PD | 30 IOPS/GB | I/O intensive workloads || || Local SSD: || +----------------------------------------------------------+ || | • NVMe SSD attached to host | || | • Up to 8 x 375GB per instance | || | • Ephemeral (lost on reboot) | || | • Highest performance | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+# Create diskgcloud compute disks create my-disk \ --zone=us-central1-a \ --size=50GB \ --type=pd-ssd
# Attach disk to instancegcloud compute instances attach-disk my-instance \ --zone=us-central1-a \ --disk=my-disk
# Detach diskgcloud compute instances detach-disk my-instance \ --zone=us-central1-a \ --disk=my-disk
# Create snapshotgcloud compute snapshots create my-snapshot \ --source-disk=my-disk \ --source-disk-zone=us-central1-a
# Create disk from snapshotgcloud compute disks create new-disk \ --zone=us-central1-a \ --source-snapshot=my-snapshot
# Resize diskgcloud compute disks resize my-disk \ --zone=us-central1-a \ --size=100GBMounting Disks
Section titled “Mounting Disks”# List diskslsblk
# Create filesystemsudo mkfs.ext4 -m 0 -F /dev/sdb
# Mountsudo mkdir /mnt/datasudo mount -o discard,defaults /dev/sdb /mnt/data
# Add to /etc/fstab# Get UUIDsudo blkid /dev/sdb# Add to fstab# UUID=xxx /mnt/data ext4 discard,defaults,nofail 0 293.3 Cloud Storage (gsutil)
Section titled “93.3 Cloud Storage (gsutil)”Storage Classes
Section titled “Storage Classes” Cloud Storage Classes+------------------------------------------------------------------+| || Class | Min Storage | Retrieval Cost | Use Case || -------------|---------------|---------------|----------------|| Standard | $0.020/GB | None | Hot data || Nearline | $0.010/GB | $0.01/GB | 30-day access || Coldline | $0.004/GB | $0.02/GB | 90-day access || Archive | $0.001/GB | $0.05/GB | 365-day access || || Features: || +----------------------------------------------------------+ || | • 99.999999999% durability | || | • Lifecycle management | || | • Versioning | || | • CORS configuration | || | • Object versioning | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+# List bucketsgsutil lsgsutil ls -p my-project
# Create bucketgsutil mb -p my-project -l us-central1 gs://my-bucket/
# Copy filesgsutil cp file.txt gs://my-bucket/gsutil cp -r folder/ gs://my-bucket/gsutil cp gs://source-bucket/file.txt gs://dest-bucket/
# Downloadgsutil cp gs://my-bucket/file.txt ./
# List objectsgsutil ls gs://my-bucket/
# Move/renamegsutil mv gs://my-bucket/old.txt gs://my-bucket/new.txt
# Removegsutil rm gs://my-bucket/file.txt
# Set permissionsgsutil iam ch allUsers:objectViewer gs://my-bucket
# Make publicly readablegsutil iam ch allUsers:objectViewer gs://my-bucket
# Set lifecyclegsutil lifecycle set lifecycle.json gs://my-bucketLifecycle Configuration
Section titled “Lifecycle Configuration”{ "rule": [ { "action": {"type": "SetStorageClass", "storageClass": "NEARLINE"}, "condition": {"age": 365} }, { "action": {"type": "Delete"}, "condition": {"age": 730} } ]}93.4 VPC Networking
Section titled “93.4 VPC Networking”VPC Networks
Section titled “VPC Networks”# Create VPC networkgcloud compute networks create my-vpc \ --subnet-mode=custom \ --bgp-routing-mode=regional
# Create subnetgcloud compute networks subnets create my-subnet \ --network=my-vpc \ --region=us-central1 \ --range=10.0.0.0/24
# Create firewall rulesgcloud compute firewall-rules create allow-ssh \ --network=my-vpc \ --allow=tcp:22 \ --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create allow-http \ --network=my-vpc \ --allow=tcp:80 \ --source-ranges=0.0.0.0/0
# Create static IPgcloud compute addresses create my-ip \ --region=us-central1
# List IPsgcloud compute addresses list
# Create routegcloud compute routes create my-route \ --network=my-vpc \ --destination-range=10.0.0.0/24 \ --next-hop-instance=my-instance93.5 Load Balancing
Section titled “93.5 Load Balancing”Load Balancer Types
Section titled “Load Balancer Types” GCP Load Balancers+------------------------------------------------------------------+| || Type | Traffic Type | Scope || -----------------|-----------------|---------------------------|| External HTTP(S)| Global HTTP(S) | Geographic || External TCP | Global TCP | Regional || Internal HTTP(S)| Regional HTTP | VPC network || Internal TCP/UDP| Regional TCP | VPC network || SSL Proxy | Global SSL | Non-HTTP(S) || TCP Proxy | Global TCP | Non-HTTP(S) || || Components: || +----------------------------------------------------------+ || | • Backend service (instance group) | || | • Health check | || | • Forwarding rules | || | • Target proxy | || | • URL map | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+# Create health checkgcloud compute health-checks create tcp my-health-check \ --port 80
# Create backend servicegcloud compute backend-services create my-backend \ --protocol HTTP \ --port-name http \ --health-checks my-health-check
# Add instance group to backendgcloud compute backend-services add-backend my-backend \ --instance-group my-group \ --instance-group-zone=us-central1-a \ --balancing-mode=UTILIZATION \ --max-utilization=0.8
# Create URL mapgcloud compute url-maps create my-url-map \ --default-service my-backend
# Create target HTTP proxygcloud compute target-http-proxies create my-proxy \ --url-map my-url-map
# Create forwarding rulegcloud compute forwarding-rules create my-rule \ --IP-protocol HTTP \ --ports=80 \ --target-http-proxy my-proxy \ --region=us-central193.6 IAM and Security
Section titled “93.6 IAM and Security”Identity and Access Management
Section titled “Identity and Access Management”# List service accountsgcloud iam service-accounts list
# Create service accountgcloud iam service-accounts create my-sa \ --display-name "My Service Account"
# Add IAM policy bindinggcloud projects add-iam-policy-binding my-project \ --member=serviceAccount:my-sa@my-project.iam.gserviceaccount.com \ --role=roles/compute.instanceAdmin.v1
# Grant compute instance admingcloud projects add-iam-policy-binding my-project \ --member=user:admin@example.com \ --role=roles/compute.admin
# Create service account keygcloud iam service-accounts keys create key.json \ --iam-account=my-sa@my-project.iam.gserviceaccount.com
# Get instance service account infogcloud compute instances describe my-instance \ --zone=us-central1-a \ --format="get(serviceAccounts)"OS Login
Section titled “OS Login”# Enable OS Login at project levelgcloud compute project-info add-metadata \ --metadata enable-oslogin=TRUE
# Enable OS Login at instancegcloud compute instances add-metadata my-instance \ --zone=us-central1-a \ --metadata enable-oslogin=TRUE
# SSH using OS Logingcloud compute ssh my-instance --zone=us-central1-a93.7 Cloud Monitoring
Section titled “93.7 Cloud Monitoring”Stackdriver Monitoring
Section titled “Stackdriver Monitoring”# Install monitoring agentcurl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.shsudo bash add-monitoring-agent-repo.shsudo apt-get updatesudo apt-get install stackdriver-agent
# Install logging agentcurl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.shsudo bash add-logging-agent-repo.shsudo apt-get updatesudo apt-get install stackdriver-agent
# View metricsgcloud monitoring metrics list
# Create alerting policygcloud alpha monitoring policies create \ --notification-channels=channels \ --display-name="High CPU" \ --condition-display-name="CPU usage" \ --condition-threshold-value=0.8 \ --condition-threshold-duration=300s \ --condition-filter="resource.type=\"gce_instance\" AND metric.type=\"compute.googleapis.com/instance/cpu/utilization\""
# View logsgcloud logging read "resource.type=gce_instance" --limit=10gcloud logging read "resource.type=gce_instance AND logName:syslog" --limit=1093.8 Deployment Manager
Section titled “93.8 Deployment Manager”Infrastructure as Code
Section titled “Infrastructure as Code”# Create deploymentgcloud deployment-manager deployments create my-deployment \ --config=config.yaml
# List deploymentsgcloud deployment-manager deployments list
# Update deploymentgcloud deployment-manager deployments update my-deployment \ --config=new-config.yaml
# Delete deploymentgcloud deployment-manager deployments delete my-deploymentExample Configuration (YAML)
Section titled “Example Configuration (YAML)”resources: - name: my-instance type: compute.v1.instance properties: machineType: zones/us-central1-a/machineTypes/e2-medium disks: - deviceName: boot type: PERSISTENT boot: true autoDelete: true initializeParams: sourceImage: projects/ubuntu-os-cloud/global/images/ubuntu-2204-lts networkInterfaces: - network: global/networks/default accessConfigs: - name: External NAT type: ONE_TO_NAT93.9 Interview Questions
Section titled “93.9 Interview Questions”Basic Questions
Section titled “Basic Questions”-
What is Google Compute Engine?
- IaaS virtual machines in Google Cloud
-
How do you connect to a GCE instance?
- gcloud compute ssh or standard SSH
-
What is gsutil?
- CLI tool for Cloud Storage
-
What are the machine type families?
- E2 (cost-optimized), N1/N2 (general), C2 (compute), M1/M2 (memory)
-
What is Persistent Disk?
- Network storage that persists independently
Intermediate Questions
Section titled “Intermediate Questions”-
What’s the difference between preemptible and regular instances?
- Preemptible can be terminated, much cheaper
-
What is Cloud CDN?
- Content delivery network integrated with Load Balancing
-
How do you secure GCE instances?
- Firewall rules, IAM, OS Login, shielded VMs
-
What are instance groups?
- Groups of instances for load balancing and scaling
-
What is the local SSD?
- Ephemeral high-performance NVMe storage
Advanced Questions
Section titled “Advanced Questions”-
What is Live Migration?
- Migrating VM without downtime
-
How do you set up autoscaling?
- Managed instance groups with autoscaling policy
-
What is VPC Service Controls?
- Security perimeters around GCP resources
-
How do you monitor GCE?
- Cloud Monitoring, Cloud Logging, agents
-
What is Deployment Manager?
- Infrastructure as code in GCP
Common Mistakes & Anti-Patterns
Section titled “Common Mistakes & Anti-Patterns”1. Not Using Service Accounts Properly
Section titled “1. Not Using Service Accounts Properly”WRONG:
# Using user credentials on instances# Downloaded JSON key filesCORRECT:
# Use service accounts on instancesgcloud compute instances set-service-account my-instance \ --zone=us-central1-a \ --service-account=my-sa@my-project.iam.gserviceaccount.com
# Access metadata servercurl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email"Why: Service accounts are the GCP way to handle authentication.
2. Ignoring Firewall Rules
Section titled “2. Ignoring Firewall Rules”WRONG:
# Default-allow all# Not configuring firewall properlyCORRECT:
# Create firewall rulegcloud compute firewall-rules create allow-ssh \ --allow=tcp:22 \ --source-ranges=10.0.0.0/8 \ --target-tags=web-server
# Use network tagsgcloud compute instances add-tags my-instance --tags=web-serverWhy: Firewall rules control network access.
3. Not Using Preemptible VMs
Section titled “3. Not Using Preemptible VMs”WRONG:
# Paying full price for batch jobs# Stateless workloads full priceCORRECT:
# Use preemptible VMs for fault-tolerant workloadsgcloud compute instances create my-preemptible \ --preemptible \ --machine-type=n1-standard-1
# Handle preemption in startup script# Check for shutdown signalWhy: Preemptible VMs are 80% cheaper.
4. Not Using Labels
Section titled “4. Not Using Labels”WRONG:
# No resource labeling# Can't track costs# Can't manage resourcesCORRECT:
# Add labelsgcloud compute instances add-labels my-instance \ --labels=env=prod,team=web
# Use labels for billing# Filter resourcesgcloud compute instances list --filter="labels.env=prod"Why: Labels enable organization and cost tracking.
5. Not Using Startup Scripts
Section titled “5. Not Using Startup Scripts”WRONG:
# Manual configuration after instance creation# Not reproducibleCORRECT:
# Use startup scriptgcloud compute instances create my-instance \ --metadata-from-file startup-script=startup.sh
# Or use startup-script (inline)--metadata=startup-script="#!/bin/bash\necho 'Hello'"Why: Startup scripts enable automated, reproducible setup.
Summary
Section titled “Summary” Quick Reference+------------------------------------------------------------------+| || gcloud Commands: || +----------------------------------------------------------+ || | gcloud compute instances list | List VMs | || | gcloud compute instances create | Create VM | || | gcloud compute instances ssh | SSH connect | || | gcloud compute disks create | Create disk | || | gcloud compute snapshots create | Create snapshot | || +----------------------------------------------------------+ || || gsutil Commands: || +----------------------------------------------------------+ || | gsutil ls | List buckets | || | gsutil cp file gs://bucket/ | Upload | || | gsutil cp gs://bucket/file . | Download | || | gsutil mb gs://bucket | Create bucket | || +----------------------------------------------------------+ || || Networking: || +----------------------------------------------------------+ || | gcloud compute networks create | Create VPC | || | gcloud compute firewall-rules | Create firewall | || | gcloud compute addresses create | Create static IP | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+