Function

 Cloud Functions: Qwik Start 



Overview
A cloud function is a piece of code that runs in response to an event, such as an HTTP request, a message from a messaging service, or a file upload. Cloud events are things that happen in your cloud environment. These might be things like changes to data in a database, files added to a storage system, or a new virtual machine instance being created.

Since cloud functions are event-driven, they only run when something happens. This makes them a good choice for tasks that need to be done quickly or that don't need to be running all the time.

For example, you can use a cloud function to:

automatically generate thumbnails for images that are uploaded to Cloud Storage.
send a notification to a user's phone when a new message is received in Cloud Pub/Sub.
process data from a Cloud Firestore database and generate a report.
You can write your code in any language that supports Node.js, and you can deploy your code to the cloud with a few clicks. Once your cloud function is deployed, it will automatically start running in response to events.

This hands-on lab shows you how to create, deploy, and test a cloud function using the Google Cloud console.

What you'll do
Create a cloud function

Deploy and test the function

View logs













No comments:
Labels: ,

Pub/Sub Lite: Qwik Start


Complementing Pub/Sub, Pub/Sub Lite is a zonal service for messaging systems with predictable traffic patterns.

If you publish 1 MiB-1 GiB of messages per second, Pub/Sub Lite is a low cost option for high-volume event ingestion.

Publishers send messages to Lite topics and subscribers receive messages from Lite subscriptions.

Lite topics and Lite subscriptions are zonal resources that must be in the same Cloud project and zone.


Create Lite topics and Lite subscriptions using the Cloud Console.

Send and receive messages using the Pub/Sub Lite client library for Python.



student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$  pip3 install --upgrade google-cloud-pubsublite

Collecting google-cloud-pubsublite
  Downloading google_cloud_pubsublite-1.8.3-py2.py3-none-any.whl (288 kB)
     |████████████████████████████████| 288 kB 9.2 MB/s 
Requirement already satisfied: google-api-core[grpc]!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,<3.0.0dev,>=1.33.2 in /usr/local/lib/python3.9/dist-packages (from google-cloud-pubsublite) (2.11.1)
Requirement already satisfied: grpcio<2.0.0dev



























student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$ vi send_messages.py



from google.cloud.pubsublite.cloudpubsub import PublisherClient
from google.cloud.pubsublite.types import (
    CloudRegion,
    CloudZone,
    MessageMetadata,
    TopicPath,
)
# TODO(developer):
project_number = 62201625285
cloud_region = "us-east4"
zone_id = "b"
topic_id = "my-lite-topic"
num_messages = 100
location = CloudZone(CloudRegion(cloud_region), zone_id)
topic_path = TopicPath(project_number, location, topic_id)
# PublisherClient() must be used in a `with` block or have __enter__() called before use.
with PublisherClient() as publisher_client:
    data = "Hello world!"
    api_future = publisher_client.publish(topic_path, data.encode("utf-8"))
    # result() blocks. To resolve API futures asynchronously, use add_done_callback().
    message_id = api_future.result()
    publish_metadata = MessageMetadata.decode(message_id)
    print(
        f"Published a message to partition {publish_metadata.partition.value} and offset {publish_metadata.cursor.offset}."
    )
student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$ 

student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$ vi receive_messages.py


from concurrent.futures._base import TimeoutError
from google.cloud.pubsublite.cloudpubsub import SubscriberClient
from google.cloud.pubsublite.types import (
    CloudRegion,
    CloudZone,
    FlowControlSettings,
    SubscriptionPath,
)
# TODO(developer):
project_number = 62201625285 
cloud_region = "us-east4"
zone_id = "b"
subscription_id = "my-lite-subscription"
timeout = 90
location = CloudZone(CloudRegion(cloud_region), zone_id)
subscription_path = SubscriptionPath(project_number, location, subscription_id)
# Configure when to pause the message stream for more incoming messages based on the
# maximum size or number of messages that a single-partition subscriber has received,
# whichever condition is met first.
per_partition_flow_control_settings = FlowControlSettings(
    # 1,000 outstanding messages. Must be >0.
    messages_outstanding=1000,
    # 10 MiB. Must be greater than the allowed size of the largest message (1 MiB).
    bytes_outstanding=10 * 1024 * 1024,
)
def callback(message):
    message_data = message.data.decode("utf-8")
    print(f"Received {message_data} of ordering key {message.ordering_key}.")
    message.ack()
# SubscriberClient() must be used in a `with` block or have __enter__() called before use.
with SubscriberClient() as subscriber_client:
    streaming_pull_future = subscriber_client.subscribe(
        subscription_path,
        callback=callback,
        per_partition_flow_control_settings=per_partition_flow_control_settings,
    )
    print(f"Listening for messages on {str(subscription_path)}...")
    try:
        streaming_pull_future.result(timeout=timeout)
    except TimeoutError or KeyboardInterrupt:
        streaming_pull_future.cancel()
        assert streaming_pull_future.done()

student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$ python3 send_messages.py

Published a message to partition 0 and offset 0.



student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$ python3 receive_messages.py

Listening for messages on projects/62201625285/locations/us-east4-b/subscriptions/my-lite-subscription...
Received Hello world! of ordering key .

student_04_ae4d70a09902@cloudshell:~ (qwiklabs-gcp-01-b8c06f76b1c9)$
No comments:
Labels: ,

Deploy an app in a container image to a GKE cluster

  •  Create a Hello World app.
  • Package the app into a container image using Cloud Build.
  • Create a cluster in Google Kubernetes Engine (GKE).
  • Deploy the container image to your cluster.


ketan_patel@cloudshell:~ (svo-mvp)$ gcloud container clusters get-credentials batterygke1 --region us-central1 --project svo-mvp




Writing the sample app (Creating Hellow World app using "Go")




ketan_patel@cloudshell:~ (svo-mvp)$ mkdir helloworld-gke
ketan_patel@cloudshell:~ (svo-mvp)$ cd helloworld-gke/


Create a new module named example.com/helloworld:



ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ go mod init example.com/helloworld
go: creating new go.mod: module example.com/helloworld
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ ls
go.mod

Create a new file named helloworld.go and paste the following code into it:



ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ pwd
/home/ketan_patel/helloworld-gke
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ vi helloworld.go

This code creates a web server that listens on the port defined by the PORT environment variable.


Your app is finished and ready to be packaged in a Docker container, and then uploaded to Artifact Registry.

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ cat helloworld.go 

package main

import (
        "fmt"
        "log"
        "net/http"
        "os"
)

func main() {
        http.HandleFunc("/", handler)

        port := os.Getenv("PORT")
        if port == "" {
                port = "8080"
        }


        log.Printf("Listening on localhost:%s", port)
        log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", port), nil))
}

func handler(w http.ResponseWriter, r *http.Request) {
        log.Print("Hello world received a request.")
        target := os.Getenv("TARGET")
        if target == "" {
                target = "World"
        }
        fmt.Fprintf(w, "Hello %s!\n", target)
}
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ vi Dockerfile



Containerizing an app with Cloud Build

To containerize the sample app, create a new file named Dockerfile in the same directory as the source files, and copy the following content:


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ cat Dockerfile 


# This is based on Debian and sets the GOPATH to /go.
# https://hub.docker.com/_/golang

FROM golang:1.19.2 as builder
WORKDIR /app

# Initialize a new Go module.
RUN go mod init quickstart-go

# Copy local code to the container image.
COPY *.go ./

# Build the command inside the container.
RUN CGO_ENABLED=0 GOOS=linux go build -o /quickstart-go

# Use a Docker multi-stage build to create a lean production image.
# https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
FROM gcr.io/distroless/base-debian11

# Change the working directory.
WORKDIR /

# Copy the binary to the production image from the builder stage.
COPY --from=builder /quickstart-go /quickstart-go

# Run the web service on container startup.
USER nonroot:nonroot
ENTRYPOINT ["/quickstart-go"]


Get your Google Cloud project ID:


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ gcloud config get-value project
Your active configuration is: [cloudshell-28830]
svo-mvp


Store your container in Artifact Registry and deploy it to your cluster from the registry. 


Run the following command to create a repository named hello-repo in the same location as your cluster:

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ gcloud artifacts repositories create hello-repo \
    --project=svo-mvp \                                                                                                                                          
    --repository-format=docker \
    --location=us-central1 \
    --description="Docker repository"

Create request issued for: [hello-repo]
Waiting for operation [projects/svo-mvp/locations/us-central1/operations/4fb48d80-4e34-4b7f-a0cc-2f716d9727c5] to complete...done.                              
Created repository [hello-repo].


Build your container image using Cloud Build, which is similar to running docker build and docker push, but the build happens on Google Cloud:


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ gcloud builds submit \
  --tag us-central1-docker.pkg.dev/svo-mvp/hello-repo/helloworld-gke .

Creating temporary tarball archive of 3 file(s) totalling 2.1 KiB before compression.
Uploading tarball of [.] to [gs://svo-mvp_cloudbuild/source/1690835076.632607-cf8690a62ffa48eba3f560f17aa9ae4f.tgz]
Created [https://cloudbuild.googleapis.com/v1/projects/svo-mvp/locations/global/builds/4cd4f29d-f1f0-49cb-a01a-55d9026684dd].
Logs are available at [ https://console.cloud.google.com/cloud-build/builds/4cd4f29d-f1f0-49cb-a01a-55d9026684dd?project=180636258465 ].
---------------------------------------------------------------------------------- REMOTE BUILD OUTPUT -----------------------------------------------------------------------------------
starting build "4cd4f29d-f1f0-49cb-a01a-55d9026684dd"

FETCHSOURCE
Fetching storage object: gs://svo-mvp_cloudbuild/source/1690835076.632607-cf8690a62ffa48eba3f560f17aa9ae4f.tgz#1690835078050696
Copying gs://svo-mvp_cloudbuild/source/1690835076.632607-cf8690a62ffa48eba3f560f17aa9ae4f.tgz#1690835078050696...
/ [1 files][  1.4 KiB/  1.4 KiB]                                                
Operation completed over 1 objects/1.4 KiB.
BUILD
Already have image (with digest): gcr.io/cloud-builders/docker
Sending build context to Docker daemon  5.632kB
Step 1/10 : FROM golang:1.19.2 as builder
1.19.2: Pulling from library/golang
17c9e6141fdb: Already exists
de4a4c6caea8: Already exists
d0a75b47d936: Pull complete
Digest: sha256:992d5fea982526ce265a0631a391e3c94694f4d15190fd170f35d91b2e6cb0ba
Status: Downloaded newer image for golang:1.19.2
 dce494d5814b
Step 2/10 : WORKDIR /app
 Running in ddd37497cbac
Removing intermediate container ddd37497cbac
 b2b056d797bc
Step 3/10 : RUN go mod init quickstart-go
 Running in d42bc942428d
go: creating new go.mod: module quickstart-go
Removing intermediate container d42bc942428d
 42c8c7f54f0a
Step 4/10 : COPY *.go ./
 b0e902994cc7
Step 5/10 : RUN CGO_ENABLED=0 GOOS=linux go build -o /quickstart-go
 Running in b27996dde697
Removing intermediate container b27996dde697
 68da3043b929
Step 6/10 : FROM gcr.io/distroless/base-debian11
latest: Pulling from distroless/base-debian11
Digest: sha256:73deaaf6a207c1a33850257ba74e0f196bc418636cada9943a03d7abea980d6d
Status: Downloaded newer image for gcr.io/distroless/base-debian11:latest
 e03afa0858f2
Step 7/10 : WORKDIR /
 Running in 612720379db3
Removing intermediate container 612720379db3
 a99eee629fff
Step 8/10 : COPY --from=builder /quickstart-go /quickstart-go
 2f87096a1000
Step 9/10 : USER nonroot:nonroot
 Running in 4bf7c47d9c85
Removing intermediate container 4bf7c47d9c85
 2e857568ccd7
Step 10/10 : ENTRYPOINT ["/quickstart-go"]
 Running in 8348fa8162e4
Removing intermediate container 8348fa8162e4
 ca94705aac0a
Successfully built ca94705aac0a
Successfully tagged us-central1-docker.pkg.dev/svo-mvp/hello-repo/helloworld-gke:latest
PUSH
Pushing us-central1-docker.pkg.dev/svo-mvp/hello-repo/helloworld-gke
The push refers to repository [us-central1-docker.pkg.dev/svo-mvp/hello-repo/helloworld-gke]
fdf7dbec2fc2: Preparing
6a1069d9378c: Preparing
1c47a89b8f41: Preparing

7bea6b893187: Pushed
latest: digest: sha256:87d504325a5b176d88e99e562f1e394d309659a04894df33ff88090682d58074 size: 3033
DONE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ID: 4cd4f29d-f1f0-49cb-a01a-55d9026684dd
CREATE_TIME: 2023-07-31T20:24:38+00:00
DURATION: 52S
SOURCE: gs://svo-mvp_cloudbuild/source/1690835076.632607-cf8690a62ffa48eba3f560f17aa9ae4f.tgz
IMAGES: us-central1-docker.pkg.dev/svo-mvp/hello-repo/helloworld-gke (+1 more)
STATUS: SUCCESS
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ 




ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ gcloud container clusters create-auto helloworld-gke \
  --location us-central1

Creating cluster helloworld-gke in us-central1... Cluster is being health-checked (master is healthy)...done.                            
Created [https://container.googleapis.com/v1/projects/svo-mvp/zones/us-central1/clusters/helloworld-gke].
To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/helloworld-gke?project=svo-mvp
kubeconfig entry generated for helloworld-gke.
NAME: helloworld-gke
LOCATION: us-central1
MASTER_VERSION: 1.27.2-gke.1200
MASTER_IP: 34.29.128.165
MACHINE_TYPE: e2-medium
NODE_VERSION: 1.27.2-gke.1200
NUM_NODES: 3
STATUS: RUNNING
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl config get-clusters

NAME

gke_svo-mvp_us-central1_helloworld-gke

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl config current-context                                                         

gke_svo-mvp_us-central1_helloworld-gke

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl get nodes

NAME                                            STATUS   ROLES    AGE   VERSION
gk3-helloworld-gke-default-pool-982b3293-5f23   Ready    <none>   24m   v1.27.2-gke.1200
gk3-helloworld-gke-default-pool-ccaa9cb9-06h2   Ready    <none>   25m   v1.27.2-gke.1200
gk3-helloworld-gke-default-pool-ccaa9cb9-wd6z   Ready    <none>   16m   v1.27.2-gke.1200
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ 


Deploying to GKE

To deploy your app to the GKE cluster you created, you need two Kubernetes objects.


A Deployment to define your app.
A Service to define how to access your app.


Deploy an app

The app has a frontend server that handles the web requests. You define the cluster resources needed to run the frontend in a new file called deployment.yaml. These resources are described as a Deployment. You use Deployments to create and update a ReplicaSet and its associated Pods.

Create the deployment.yaml file in the same directory as your other files and copy the following content.


apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-gke
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello
  template:
    metadata:
      labels:
        app: hello
    spec:
      containers:
      - name: hello-app
        # Replace $LOCATION with your Artifact Registry location (e.g., us-west1).
        # Replace $GCLOUD_PROJECT with your project ID.
        image: $LOCATION-docker.pkg.dev/$GCLOUD_PROJECT/hello-repo/helloworld-gke:latest
        # This app listens on port 8080 for web traffic by default.
        ports:
        - containerPort: 8080
        env:
          - name: PORT
            value: "8080"
        resources:
          requests:
            memory: "1Gi"
            cpu: "500m"
            ephemeral-storage: "1Gi"
          limits:
            memory: "1Gi"
            cpu: "500m"
            ephemeral-storage: "1Gi"
---



Deploy the resource to the cluster:


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl apply -f deployment.yaml

deployment.apps/helloworld-gke created

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl get pods

NAME                              READY   STATUS    RESTARTS   AGE
helloworld-gke-565965576f-pjpnt   1/1     Running   0          85s

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl get deployment

NAME             READY   UP-TO-DATE   AVAILABLE   AGE
helloworld-gke   1/1     1            1           91s


Deploy a Service

Services provide a single point of access to a set of Pods. While it's possible to access a single Pod, Pods are ephemeral and can only be accessed reliably by using a service address. In your Hello World app, the "hello" Service defines a load balancer to access the hello-app Pods from a single IP address. This service is defined in the service.yaml file.

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$cat service.yaml 

# The hello service provides a load-balancing proxy over the hello-app
# pods. By specifying the type as a 'LoadBalancer', Kubernetes Engine will
# create an external HTTP load balancer.
apiVersion: v1
kind: Service
metadata:
  name: hello
spec:
  type: LoadBalancer
  selector:
    app: hello
  ports:
  - port: 80
    targetPort: 8080


The Pods are defined separately from the service that uses the Pods. Kubernetes uses labels to select the pods that a service addresses. With labels, you can have a service that addresses Pods from different replica sets and have multiple services that point to an individual Pod.

Create the Hello World Service:

ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl apply -f service.yaml                                                       

service/hello created

Get the external IP address of the service:


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ kubectl get svc

NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello        LoadBalancer   34.118.231.115   <pending>     80:32643/TCP   10s
kubernetes   ClusterIP      34.118.224.1     <none>        443/TCP        35m


ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$ curl http://34.135.50.168/

Hello World!
ketan_patel@cloudshell:~/helloworld-gke (svo-mvp)$







No comments:
Labels: , , ,

Hosting a Web App on Google Cloud Using Compute Engine

There are many ways to deploy web sites within Google Cloud with each solution offering different features, capabilities, and levels of control. Compute Engine offers a deep level of control over the infrastructure used to run a web site, but also requires a little more operational management compared to solutions like Google Kubernetes Engines (GKE), App Engine, or others. 

With Compute Engine, you have fine-grained control of aspects of the infrastructure, including the virtual machines, load balancers, and more. 

In this lab you will deploy a sample application, the "Fancy Store" ecommerce website, to show how a website can be deployed and scaled easily with Compute Engine.

  • Create Compute Engine instances
  • Create instance templates from source instances
  • Create managed instance groups
  • Create and test managed instance group health checks
  • Create HTTP(S) Load Balancers
  • Create load balancer health checks
  • Use a Content Delivery Network (CDN) for Caching

At the end of the lab, you will have instances inside managed instance groups to provide autohealing, load balancing, autoscaling, and rolling updates for your website
No comments:
Labels: , , ,

Configuring IAM Permissions with gcloud

What is IAM?
Google Cloud offers Cloud Identity and Access Management (IAM), which lets you manage access control by defining who (identity) has what access (role) for which resource.

In IAM, permission to access a resource isn't granted directly to the end user. Instead, permissions are grouped into roles, and roles are granted to authenticated principals. (In the past, IAM often referred to principals as members. Some APIs still use this term.)

Identities
In Cloud IAM, you grant access to principals. Principals can be of the following types:

Google Account
Service account
Google group
Google Workspace account
Cloud Identity domain
All authenticated users
All users
Learn more about these identity types from the Concepts related to identity Guide.

In this lab, you use Google accounts, service accounts, and Cloud Identity domain groups.

Roles
A role is a collection of permissions. You cannot assign a permission to the user directly; instead you grant them a role. When you grant a role to a user, you grant them all the permissions that the role contains.




Overview
This lab looks at three common areas to understand with regards to IAM and gcloud:

the configuration of the gcloud environment
the use of multiple gcloud configurations
the use of services accounts
In this lab you use the gcloud CLI tool to set up and configure command features of Cloud Identity and Access Management (IAM).

What you'll learn
In this lab, you do the following:

Review IAM and using the gcloud client

Create and switch between multiple IAM configurations

Identify and assign correct IAM permissions

Create and use a service account

Starting environment
You start with two user accounts and two projects;

user1 is the "owner" of both projects
user2 is the "viewer" of only the first project.
There is a Linux virtual machine (vm) running in the first project.










You can run:

  $ gcloud config set account `ACCOUNT`

to switch accounts if necessary.

Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?

Do you want to continue (Y/n)?  Y

Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=dY4JfRm3mhdf7HDgbEoWpIwfsS1AFS&prompt=consent&access_type=offline&code_challenge=woUOXswqaJT5TmpGs11XKtcCEcVCbPM9eSvTplVjM_o&code_challenge_method=S256

Enter authorization code: 4/0AZEOvhVrKbPSDmowePe1BKnU8Li-prGyiQBtkzzzWJMAd8b5Kf3wQboQbjAhqhdZaKpDIw

You are now logged in as [student-04-6234289191d9@qwiklabs.net].
Your current project is [qwiklabs-gcp-01-2f669a123a64].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set compute/regions us-west1
ERROR: (gcloud.config.set) Section [compute] has no property [regions].
[student-04-6234289191d9@centos-clean ~]$ gcloud config set compute/region us-west1
Updated property [compute/region].
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set compute/zone us-west1-a
Updated property [compute/zone].
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config list zone
ERROR: (gcloud.config.list) Section [core] has no property [zone].
[student-04-6234289191d9@centos-clean ~]$ gcloud config list project
[core]
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config list region
ERROR: (gcloud.config.list) Section [core] has no property [region].
[student-04-6234289191d9@centos-clean ~]$ gcloud config list account
[core]
account = student-04-6234289191d9@qwiklabs.net

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-1 --zone us-west1-a --machine-type=e2-standard-2
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-01-2f669a123a64/zones/us-west1-a/instances/lab-1].
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP   STATUS
lab-1  us-west1-a  e2-standard-2               10.138.0.3   35.197.89.11  RUNNING
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud compute zones list
NAME                       REGION                   STATUS  NEXT_MAINTENANCE  TURNDOWN_DATE
us-east1-b                 us-east1                 UP
us-west3-b                 us-west3                 UP
us-west3-c                 us-west3                 UP
us-west4-a                 us-west4                 UP
us-west4-b                 us-west4                 UP
us-west4-c                 us-west4                 UP
[student-04-6234289191d9@centos-clean ~]$ gcloud config list zones
ERROR: (gcloud.config.list) Section [core] has no property [zones].
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set compute/zone us-west1-b
Updated property [compute/zone].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-b
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ cat ~/.config/gcloud/configurations/config_default 
[core]
account = student-04-6234289191d9@qwiklabs.net

[compute]
region = us-west1
zone = us-west1-b

[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud init --no-launch-browser
Welcome! This command will take you through the configuration of gcloud.

Settings from your current configuration [default] are:
compute:
  region: us-west1
  zone: us-west1-b
core:
  account: student-04-6234289191d9@qwiklabs.net
  disable_usage_reporting: 'True'
  project: qwiklabs-gcp-01-2f669a123a64

Pick configuration to use:
 [1] Re-initialize this configuration [default] with new settings 
 [2] Create a new configuration
Please enter your numeric choice:  2

Enter configuration name. Names start with a lower case letter and contain only lower case letters a-z, digits 
0-9, and hyphens '-':  user2
Your current configuration has been set to: [user2]

You can skip diagnostics next time by using the following flag:
  gcloud init --skip-diagnostics

Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.                                                                           
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).

Choose the account you would like to use to perform operations for this configuration:
 [1] 96240167141-compute@developer.gserviceaccount.com
 [2] student-04-6234289191d9@qwiklabs.net
 [3] Log in with a new account
Please enter your numeric choice:  3


You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.

You can run:

  $ gcloud config set account `ACCOUNT`

to switch accounts if necessary.

Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?

Do you want to continue (Y/n)?  Y

Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=gtlxDq0NvdMAFrnIXDgtAh8C0TopqO&prompt=consent&access_type=offline&code_challenge=ZBemYpx4BlVynDQT7cQLB9cHljUVdPwbVHS4DJ9LPeA&code_challenge_method=S256

Enter authorization code: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=gtlxDq0NvdMAFrnIXDgtAh8C0TopqO&prompt=consent&access_type=offline&code_challenge=ZBemYpx4BlVynDQT7cQLB9cHljU                                           
ERROR: gcloud crashed (InvalidGrantError): (invalid_grant) Malformed auth code.

If you would like to report this issue, please run the following command:
  gcloud feedback

To check gcloud for common problems, please run the following command:
  gcloud info --run-diagnostics
[student-04-6234289191d9@centos-clean ~]$ gcloud init --no-launch-browser
Welcome! This command will take you through the configuration of gcloud.

Settings from your current configuration [user2] are:
core:
  account: 96240167141-compute@developer.gserviceaccount.com
  disable_usage_reporting: 'True'
  project: qwiklabs-gcp-01-2f669a123a64

Pick configuration to use:
 [1] Re-initialize this configuration [user2] with new settings 
 [2] Create a new configuration
 [3] Switch to and re-initialize existing configuration: [default]
Please enter your numeric choice:  3

Your current configuration has been set to: [default]

You can skip diagnostics next time by using the following flag:
  gcloud init --skip-diagnostics

Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.                                                                           
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).

Choose the account you would like to use to perform operations for this configuration:
 [1] 96240167141-compute@developer.gserviceaccount.com
 [2] student-04-6234289191d9@qwiklabs.net
 [3] Log in with a new account
Please enter your numeric choice:  ^C

Command killed by keyboard interrupt


[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud init --no-launch-browser
Welcome! This command will take you through the configuration of gcloud.

Settings from your current configuration [default] are:
compute:
  region: us-west1
  zone: us-west1-b
core:
  account: student-04-6234289191d9@qwiklabs.net
  disable_usage_reporting: 'True'
  project: qwiklabs-gcp-01-2f669a123a64

Pick configuration to use:
 [1] Re-initialize this configuration [default] with new settings 
 [2] Create a new configuration
 [3] Switch to and re-initialize existing configuration: [user2]
Please enter your numeric choice:  2

Enter configuration name. Names start with a lower case letter and contain only lower case letters a-z, digits 
0-9, and hyphens '-':  user2
ERROR: (gcloud.init) Cannot create configuration [user2], it already exists.
[student-04-6234289191d9@centos-clean ~]$ gcloud init --no-launch-browser
Welcome! This command will take you through the configuration of gcloud.

Settings from your current configuration [default] are:
compute:
  region: us-west1
  zone: us-west1-b
core:
  account: student-04-6234289191d9@qwiklabs.net
  disable_usage_reporting: 'True'
  project: qwiklabs-gcp-01-2f669a123a64

Pick configuration to use:
 [1] Re-initialize this configuration [default] with new settings 
 [2] Create a new configuration
 [3] Switch to and re-initialize existing configuration: [user2]
Please enter your numeric choice:  3

Your current configuration has been set to: [user2]

You can skip diagnostics next time by using the following flag:
  gcloud init --skip-diagnostics

Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.                                                                           
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).

Choose the account you would like to use to perform operations for this configuration:
 [1] 96240167141-compute@developer.gserviceaccount.com
 [2] student-04-6234289191d9@qwiklabs.net
 [3] Log in with a new account
Please enter your numeric choice:  3


You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.

You can run:

  $ gcloud config set account `ACCOUNT`

to switch accounts if necessary.

Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?

Do you want to continue (Y/n)?  Y

Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=xT3TGNy8SDdU8gVsRpd2FdQYBo6yDO&prompt=consent&access_type=offline&code_challenge=d9bwXXCn_9ZKUZMjGvU5dNP05DhAHT_isrp0yKQC5ig&code_challenge_method=S256

Enter authorization code: 4/0AZEOvhUTiOMUx2CoEb5QEZUhhjprxzx3fsiucf9MiGw8ocazBSAL6BqzDczXjdb5mVdbAA
You are logged in as: [student-01-2053c649e0fc@qwiklabs.net].

Pick cloud project to use: 
 [1] qwiklabs-gcp-01-2f669a123a64
 [2] qwiklabs-resources
 [3] Enter a project ID
 [4] Create a new project
Please enter numeric choice or text value (must exactly match list item):  1

Your current project has been set to: [qwiklabs-gcp-01-2f669a123a64].

Your project default Compute Engine zone has been set to [us-west1-a].
You can change it by running [gcloud config set compute/zone NAME].

Your project default Compute Engine region has been set to [us-west1].
You can change it by running [gcloud config set compute/region NAME].

Created a default .boto configuration file at [/home/student-04-6234289191d9/.boto]. See this file and
[https://cloud.google.com/storage/docs/gsutil/commands/config] for more
information about configuring Google Cloud Storage.
Your Google Cloud SDK is configured and ready to use!

* Commands that require authentication will use student-01-2053c649e0fc@qwiklabs.net by default
* Commands will reference project `qwiklabs-gcp-01-2f669a123a64` by default
* Compute Engine commands will use region `us-west1` by default
* Compute Engine commands will use zone `us-west1-a` by default

Run `gcloud help config` to learn how to change individual settings

This gcloud configuration is called [user2]. You can create additional configurations if you work with multiple accounts and/or projects.
Run `gcloud topic configurations` to learn more.

Some things to try next:

* Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
* Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formatting
* Run `gcloud cheat-sheet` to see a roster of go-to `gcloud` commands.
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instance list
ERROR: (gcloud.compute) Invalid choice: 'instance'.
Maybe you meant:
  gcloud compute instance-groups list-instances
  gcloud compute instances list
  gcloud compute instance-groups list
  gcloud compute instance-groups managed instance-configs list
  gcloud compute instance-templates list
  gcloud compute target-instances list
  gcloud compute instances os-inventory list-instances
  gcloud compute instance-groups managed list-instances
  gcloud compute instance-groups unmanaged list-instances
  gcloud compute instances add-access-config

To search the help text of gcloud commands, run:
  gcloud help -- SEARCH_TERMS
[student-04-6234289191d9@centos-clean ~]$ gcloud confi glist
ERROR: (gcloud) Invalid choice: 'confi'.
Maybe you meant:
  gcloud config

To search the help text of gcloud commands, run:
  gcloud help -- SEARCH_TERMS
[student-04-6234289191d9@centos-clean ~]$ gcloud configlist
ERROR: (gcloud) Invalid choice: 'configlist'.
Maybe you meant:
  gcloud config get
  gcloud config list
  gcloud config set
  gcloud config unset

To search the help text of gcloud commands, run:
  gcloud help -- SEARCH_TERMS
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances list
NAME          ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP    STATUS
centos-clean  us-west1-a  e2-medium                   10.138.0.2   34.127.54.190  RUNNING
lab-1         us-west1-a  e2-standard-2               10.138.0.3   35.197.89.11   RUNNING
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-2 --machine-type=e2-standard-2
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
 - Required 'compute.instances.create' permission for 'projects/qwiklabs-gcp-01-2f669a123a64/zones/us-west1-a/instances/lab-2'

[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate default
[student-04-6234289191d9@centos-clean ~]$


[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles list | grep "name:"
name: roles/accessapproval.approver
name: roles/accessapproval.configEditor
name: roles/actions.Admin
name: roles/actions.Viewer
name: roles/advisorynotifications.viewer
- compute.zoneOperations.get
- compute.zoneOperations.list
- compute.zones.get
- compute.zones.list
- resourcemanager.projects.get
- resourcemanager.projects.list
- serviceusage.quotas.get
- serviceusage.services.get
- serviceusage.services.list
name: roles/compute.instanceAdmin
stage: GA
title: Compute Instance Admin (beta)
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 



[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations 
ERROR: (gcloud.config.configurations) Command name argument expected.

Available commands for gcloud config configurations:

      activate                Activates an existing named configuration.
      create                  Creates a new named configuration.
      delete                  Deletes a named configuration.
      describe                Describes a named configuration by listing its
                              properties.
      list                    Lists existing named configurations.
      rename                  Renames a named configuration.

For detailed information on this command and its flags, run:
  gcloud config configurations --help
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations  list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  False      student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    True       student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-01-2f669a123a64  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ qwiklabs-gcp-02-7ffb63561000
-bash: qwiklabs-gcp-02-7ffb63561000: command not found
[student-04-6234289191d9@centos-clean ~]$ qwiklabs-gcp-01-2f669a123a64
-bash: qwiklabs-gcp-01-2f669a123a64: command not found
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate user1
ERROR: (gcloud.config.configurations.activate) Cannot activate configuration [user1], it does not exist.
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations  list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  False      student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    True       student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-01-2f669a123a64  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-2 --machine-type=e2-standard-2
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
 - Required 'compute.instances.create' permission for 'projects/qwiklabs-gcp-01-2f669a123a64/zones/us-west1-a/instances/lab-2'

[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ id
uid=733073824(student-04-6234289191d9) gid=1000(google-sudoers) groups=1000(google-sudoers),39(video) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[student-04-6234289191d9@centos-clean ~]$ cat ~/.config/gcloud/configurations/config_default 
[core]
account = student-04-6234289191d9@qwiklabs.net

[compute]
region = us-west1
zone = us-west1-b

[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ echo "export PROJECTID2=qwiklabs-gcp-02-7ffb63561000" >> ~/.bashrc
[student-04-6234289191d9@centos-clean ~]$ cat ~/.bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions
export PROJECTID2=qwiklabs-gcp-02-7ffb63561000
[student-04-6234289191d9@centos-clean ~]$ . ~/.bashrc
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set project $PROJECTID2
WARNING: You do not appear to have access to project [qwiklabs-gcp-02-7ffb63561000] or it does not exist.
Are you sure you wish to set property [core/project] to qwiklabs-gcp-02-7ffb63561000?

Do you want to continue (Y/n)?  N

[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    False      student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-01-2f669a123a64  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ sudo yum -y install epel-release
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                                                |  28 kB  00:00:00     
 * base: mirror.web-ster.com

[student-04-6234289191d9@centos-clean ~]$ sudo yum -y install jq
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.web-ster.com

Complete!


[student-04-6234289191d9@centos-clean ~]$ echo "export USERID2=student-01-2053c649e0fc@qwiklabs.net" >> ~/.bashrc
[student-04-6234289191d9@centos-clean ~]$ cat ~/.bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions
export PROJECTID2=qwiklabs-gcp-02-7ffb63561000
export USERID2=student-01-2053c649e0fc@qwiklabs.net
[student-04-6234289191d9@centos-clean ~]$ . ~/.bashrc
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
Updated IAM policy for project [qwiklabs-gcp-02-7ffb63561000].
bindings:
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/bigquery.admin
- members:
  - serviceAccount:295933315945@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-295933315945@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:service-295933315945@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-295933315945@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:295933315945-compute@developer.gserviceaccount.com
  - serviceAccount:295933315945@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/iam.serviceAccountAdmin
- members:
  - serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/owner
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/resourcemanager.projectIamAdmin
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/viewer
etag: BwYByx85k8c=
version: 1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    False      student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-01-2f669a123a64  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  False      student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    True       student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-01-2f669a123a64  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set project $PROJECTID2
Updated property [core/project].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = student-01-2053c649e0fc@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-02-7ffb63561000

Your active configuration is: [user2]
[student-04-6234289191d9@centos-clean ~]$ echo $PROJECTID2
qwiklabs-gcp-02-7ffb63561000
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances list
Listed 0 items.
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-2 --machine-type=e2-standard-2
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
 - Required 'compute.instances.create' permission for 'projects/qwiklabs-gcp-02-7ffb63561000/zones/us-west1-a/instances/lab-2'

[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  False      student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    True       student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-02-7ffb63561000  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    False      student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-02-7ffb63561000  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 

[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
Created role [devops].
etag: BwYByy6i1rA=
includedPermissions:
- compute.disks.create
- compute.instances.create
- compute.instances.delete
- compute.instances.setMetadata
- compute.instances.setServiceAccount
- compute.instances.start
- compute.instances.stop
- compute.instances.update
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
name: projects/qwiklabs-gcp-02-7ffb63561000/roles/devops
stage: ALPHA
title: devops
[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles list | grep devops
[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles list | more
---
description: Ability to view or act on access approval requests and view configuration
etag: AA==
name: roles/accessapproval.approver
stage: GA
title: Access Approval Approver
---
description: Ability to update the Access Approval configuration
etag: AA==
name: roles/accessapproval.configEditor
stage: GA
title: Access Approval Config Editor
---
description: Ability to invalidate existing approved approval requests
etag: AA==
name: roles/accessapproval.invalidator
stage: GA
title: Access Approval Invalidator
---
description: Ability to view access approval requests and configuration
etag: AA==
name: roles/accessapproval.viewer
stage: GA
title: Access Approval Viewer
---
description: Create, edit, and change Cloud access bindings.
etag: AA==
name: roles/accesscontextmanager.gcpAccessAdmin
stage: GA
title: Cloud Access Binding Admin
---
description: Read access to Cloud access bindings.
etag: AA==
name: roles/accesscontextmanager.gcpAccessReader
stage: GA
title: Cloud Access Binding Reader
---
description: Full access to policies, access levels, access zones and authorized orgs
[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles list | grep "name:" | grep devops

[student-04-6234289191d9@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
Updated IAM policy for project [qwiklabs-gcp-02-7ffb63561000].
bindings:
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/bigquery.admin
- members:
  - serviceAccount:295933315945@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-295933315945@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:service-295933315945@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-295933315945@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:295933315945-compute@developer.gserviceaccount.com
  - serviceAccount:295933315945@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/iam.serviceAccountAdmin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: roles/iam.serviceAccountUser
- members:
  - serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/owner
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/resourcemanager.projectIamAdmin
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/viewer
etag: BwYByzuIIdY=
version: 1
[student-04-6234289191d9@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
Updated IAM policy for project [qwiklabs-gcp-02-7ffb63561000].
bindings:
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: projects/qwiklabs-gcp-02-7ffb63561000/roles/devops
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/bigquery.admin
- members:
  - serviceAccount:295933315945@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-295933315945@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:service-295933315945@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-295933315945@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:295933315945-compute@developer.gserviceaccount.com
  - serviceAccount:295933315945@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/iam.serviceAccountAdmin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: roles/iam.serviceAccountUser
- members:
  - serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/owner
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/resourcemanager.projectIamAdmin
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/viewer
etag: BwYByz02VDM=
version: 1
[student-04-6234289191d9@centos-clean ~]$ history
    1  gcloud --version
    2  gcloud auth login
    3  gcloud config list
    4  gcloud config set compute/regions us-west1
    5  gcloud config set compute/region us-west1
    6  gcloud config list
    7  gcloud config set compute/zone us-west1-a
    8  gcloud config list
    9  gcloud config list zone
   10  gcloud config list project
   11  gcloud config list region
   12  gcloud config list account
   13  gcloud compute instances create lab-1 --zone us-west1-a --machine-type=e2-standard-2
   14  gcloud config list
   15  gcloud compute zones list
   16  gcloud config list zones
   17  gcloud config list
   18  gcloud config set compute/zone us-west1-b
   19  gcloud config list
   20  cat ~/.config/gcloud/configurations/config_default 
   21  gcloud init --no-launch-browser
   22  gcloud compute instance list
   23  gcloud confi glist
   24  gcloud configlist
   25  gcloud config list
   26  gcloud compute instances list
   27  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   28  gcloud config configuration activate default
   29  gcloud config configurations activate default
   30  history
   31  gcloud iam roles list
   32  gcloud iam roles list | grep "name:"
   33  gcloud iam roles describe roles/compute.instanceAdmin
   34  gcloud config configurations activate user2
   35  gcloud config configurations 
   36  gcloud config configurations  list
   37  gcloud config list
   38  qwiklabs-gcp-02-7ffb63561000
   39  qwiklabs-gcp-01-2f669a123a64
   40  gcloud config configurations activate user1
   41  gcloud config configurations activate user2
   42  gcloud config list
   43  gcloud config configurations  list
   44  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   45  id
   46  cat ~/.config/gcloud/configurations/config_default 
   47  echo "export PROJECTID2=qwiklabs-gcp-02-7ffb63561000" >> ~/.bashrc
   48  cat ~/.bashrc
   49  . ~/.bashrc
   50  gcloud config list
   51  gcloud config set project $PROJECTID2
   52  gcloud config configurations activate default
   53  gcloud config configurations list
   54  sudo yum -y install epel-release
   55  sudo yum -y install jq
   56  echo "export USERID2=student-01-2053c649e0fc@qwiklabs.net" >> ~/.bashrc
   57  cat ~/.bashrc
   58  . ~/.bashrc
   59  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
   60  gcloud config configurations list
   61  gcloud config configurations activate user2
   62  gcloud config configurations list
   63  gcloud config list
   64  gcloud config set project $PROJECTID2
   65  gcloud config list
   66  echo $PROJECTID2
   67  gcloud compute instances list
   68  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   69  gcloud config configurations list
   70  gcloud config configurations activate default
   71  gcloud config configurations list
   72  gcloud iam roles create devops --project $PROJECTID2 --permissions 
   73  gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
   74  gcloud iam roles list | grep devops
   75  gcloud iam roles list | more
   76  gcloud iam roles list | grep "name:" | grep devops
   77  gcloud iam roles 
   78  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
   79  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
   80  history
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    False      student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-02-7ffb63561000  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ gcloud iam roles list | grep devops
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-2 --machine-type=e2-standard-2
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-02-7ffb63561000/zones/us-west1-a/instances/lab-2].
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP    STATUS
lab-2  us-west1-a  e2-standard-2               10.138.0.2   34.105.80.208  RUNNING
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances list
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP    STATUS
lab-2  us-west1-a  e2-standard-2               10.138.0.2   34.105.80.208  RUNNING
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 















[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  False      student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    True       student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-02-7ffb63561000  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-04-6234289191d9@centos-clean ~]$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                               PROJECT                       COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       student-04-6234289191d9@qwiklabs.net                                us-west1-b            us-west1
user2    False      student-01-2053c649e0fc@qwiklabs.net  qwiklabs-gcp-02-7ffb63561000  us-west1-a            us-west1
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances list
NAME          ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP    STATUS
centos-clean  us-west1-a  e2-medium                   10.138.0.2   34.127.54.190  RUNNING
lab-1         us-west1-a  e2-standard-2               10.138.0.3   35.197.89.11   RUNNING
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-b
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-01-2f669a123a64

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ gcloud config set project $PROJECTID2
Updated property [core/project].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud config list
[compute]
region = us-west1
zone = us-west1-b
[core]
account = student-04-6234289191d9@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-02-7ffb63561000

Your active configuration is: [default]
[student-04-6234289191d9@centos-clean ~]$ 


Task 5. Using a service account

You have seen how to authenticate and use gcloud to access Google Cloud services with roles. Now you'll look at a typical approach.

You have an application that uses the Application Programming Interfaces (APIs) to read and write to Cloud Storage buckets. You don't want to have to authenticate every time you launch a new server, that would be both painful and not in the spirit of using the cloud! So, you use service accounts.

A service account is a special Google account that belongs to your application or a virtual machine (VM) instead of to an individual end user. Your application uses the service account to call the Google API of a service so that the users aren't directly involved.

Learn more about service accounts from the Service accounts Guide.

Now you create a service account, use that service account with a compute instance, then test that the service account allows the access you need.

Create a service account

[student-04-6234289191d9@centos-clean ~]$ gcloud iam service-accounts create devops --display-name devops

Created service account [devops].
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud iam service-accounts list
DISPLAY NAME                            EMAIL                                                                              DISABLED
devops                                  devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com                        False
Qwiklabs User Service Account           qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com  False
Compute Engine default service account  295933315945-compute@developer.gserviceaccount.com                                 False
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud iam service-accounts list --filter "displayName=devops"
DISPLAY NAME  EMAIL                                                        DISABLED
devops        devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com  False
[student-04-6234289191d9@centos-clean ~]$ SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
[student-04-6234289191d9@centos-clean ~]$ echo $SA
devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
Updated IAM policy for project [qwiklabs-gcp-02-7ffb63561000].
bindings:
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: projects/qwiklabs-gcp-02-7ffb63561000/roles/devops
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/bigquery.admin
- members:
  - serviceAccount:295933315945@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-295933315945@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:service-295933315945@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-295933315945@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:295933315945-compute@developer.gserviceaccount.com
  - serviceAccount:295933315945@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/iam.serviceAccountAdmin
- members:
  - serviceAccount:devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: roles/iam.serviceAccountUser
- members:
  - serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/owner
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/resourcemanager.projectIamAdmin
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/viewer
etag: BwYBy2F-0Xc=
version: 1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
Updated IAM policy for project [qwiklabs-gcp-02-7ffb63561000].
bindings:
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: projects/qwiklabs-gcp-02-7ffb63561000/roles/devops
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/bigquery.admin
- members:
  - serviceAccount:295933315945@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-295933315945@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/compute.instanceAdmin
- members:
  - serviceAccount:service-295933315945@compute-system.iam.gserviceaccount.com
  role: roles/compute.serviceAgent
- members:
  - serviceAccount:service-295933315945@container-engine-robot.iam.gserviceaccount.com
  role: roles/container.serviceAgent
- members:
  - serviceAccount:295933315945-compute@developer.gserviceaccount.com
  - serviceAccount:295933315945@cloudservices.gserviceaccount.com
  role: roles/editor
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/iam.serviceAccountAdmin
- members:
  - serviceAccount:devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-01-2053c649e0fc@qwiklabs.net
  role: roles/iam.serviceAccountUser
- members:
  - serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/owner
- members:
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/resourcemanager.projectIamAdmin
- members:
  - serviceAccount:qwiklabs-gcp-02-7ffb63561000@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
  role: roles/storage.admin
- members:
  - user:student-01-2053c649e0fc@qwiklabs.net
  - user:student-04-6234289191d9@qwiklabs.net
  role: roles/viewer
etag: BwYBy2TgJb0=
version: 1
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute instances create lab-3 --machine-type=e2-standard-2 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-02-7ffb63561000/zones/us-west1-b/instances/lab-3].
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP   STATUS
lab-3  us-west1-b  e2-standard-2               10.138.0.3   34.82.235.65  RUNNING
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ 
[student-04-6234289191d9@centos-clean ~]$ gcloud compute ssh lab-3
WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
This tool needs to create the directory [/home/student-04-6234289191d9/.ssh] before being able to generate SSH keys.

Do you want to continue (Y/n)?  Y

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student-04-6234289191d9/.ssh/google_compute_engine.
Your public key has been saved in /home/student-04-6234289191d9/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:4M9ZndBiNoqNNQf0a7A3+MFCH/E/2iFw5oWZLY9UMmY student-04-6234289191d9@centos-clean
The key's randomart image is:
+---[RSA 2048]----+
|       .o . E .  |
|         o * O   |
|      . = @ @ o  |
|     . B % & B   |
|      + S X * =  |
|       o B o + o |
|        + . . .  |
|                 |
|                 |
+----[SHA256]-----+
Warning: Permanently added 'compute.4968332160125261736' (ECDSA) to the list of known hosts.
Linux lab-3 5.10.0-23-cloud-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Creating directory '/home/student-04-6234289191d9'.
student-04-6234289191d9@lab-3:~$ 
student-04-6234289191d9@lab-3:~$ 
student-04-6234289191d9@lab-3:~$ gcloud config list
[core]
account = devops@qwiklabs-gcp-02-7ffb63561000.iam.gserviceaccount.com
disable_usage_reporting = True
project = qwiklabs-gcp-02-7ffb63561000

Your active configuration is: [default]
student-04-6234289191d9@lab-3:~$ gcloud compute instances create lab-4 --machine-type=e2-standard-2
Did you mean zone [us-west1-b] for instance: [lab-4] (Y/n)?  Y

Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-02-7ffb63561000/zones/us-west1-b/instances/lab-4].
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP      STATUS
lab-4  us-west1-b  e2-standard-2               10.138.0.4   104.199.125.101  RUNNING
student-04-6234289191d9@lab-3:~$ gcloud compute instances list
NAME   ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP      STATUS
lab-2  us-west1-a  e2-standard-2               10.138.0.2   34.105.80.208    RUNNING
lab-3  us-west1-b  e2-standard-2               10.138.0.3   34.82.235.65     RUNNING
lab-4  us-west1-b  e2-standard-2               10.138.0.4   104.199.125.101  RUNNING
student-04-6234289191d9@lab-3:~$ 






student-04-6234289191d9@lab-3:~$ history
    1  gcloud config list
    2  gcloud compute instances create lab-4 --machine-type=e2-standard-2
    3  gcloud compute instances list
    4  history
student-04-6234289191d9@lab-3:~$ 


student-04-6234289191d9@lab-3:~$ 
student-04-6234289191d9@lab-3:~$ exit
logout
Connection to 34.82.235.65 closed.
[student-04-6234289191d9@centos-clean ~]$ history
    1  gcloud --version
    2  gcloud auth login
    3  gcloud config list
    4  gcloud config set compute/regions us-west1
    5  gcloud config set compute/region us-west1
    6  gcloud config list
    7  gcloud config set compute/zone us-west1-a
    8  gcloud config list
    9  gcloud config list zone
   10  gcloud config list project
   11  gcloud config list region
   12  gcloud config list account
   13  gcloud compute instances create lab-1 --zone us-west1-a --machine-type=e2-standard-2
   14  gcloud config list
   15  gcloud compute zones list
   16  gcloud config list zones
   17  gcloud config list
   18  gcloud config set compute/zone us-west1-b
   19  gcloud config list
   20  cat ~/.config/gcloud/configurations/config_default 
   21  gcloud init --no-launch-browser
   22  gcloud compute instance list
   23  gcloud confi glist
   24  gcloud configlist
   25  gcloud config list
   26  gcloud compute instances list
   27  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   28  gcloud config configuration activate default
   29  gcloud config configurations activate default
   30  history
   31  gcloud iam roles list
   32  gcloud iam roles list | grep "name:"
   33  gcloud iam roles describe roles/compute.instanceAdmin
   34  gcloud config configurations activate user2
   35  gcloud config configurations 
   36  gcloud config configurations  list
   37  gcloud config list
   38  qwiklabs-gcp-02-7ffb63561000
   39  qwiklabs-gcp-01-2f669a123a64
   40  gcloud config configurations activate user1
   41  gcloud config configurations activate user2
   42  gcloud config list
   43  gcloud config configurations  list
   44  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   45  id
   46  cat ~/.config/gcloud/configurations/config_default 
   47  echo "export PROJECTID2=qwiklabs-gcp-02-7ffb63561000" >> ~/.bashrc
   48  cat ~/.bashrc
   49  . ~/.bashrc
   50  gcloud config list
   51  gcloud config set project $PROJECTID2
   52  gcloud config configurations activate default
   53  gcloud config configurations list
   54  sudo yum -y install epel-release
   55  sudo yum -y install jq
   56  echo "export USERID2=student-01-2053c649e0fc@qwiklabs.net" >> ~/.bashrc
   57  cat ~/.bashrc
   58  . ~/.bashrc
   59  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
   60  gcloud config configurations list
   61  gcloud config configurations activate user2
   62  gcloud config configurations list
   63  gcloud config list
   64  gcloud config set project $PROJECTID2
   65  gcloud config list
   66  echo $PROJECTID2
   67  gcloud compute instances list
   68  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   69  gcloud config configurations list
   70  gcloud config configurations activate default
   71  gcloud config configurations list
   72  gcloud iam roles create devops --project $PROJECTID2 --permissions 
   73  gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
   74  gcloud iam roles list | grep devops
   75  gcloud iam roles list | more
   76  gcloud iam roles list | grep "name:" | grep devops
   77  gcloud iam roles 
   78  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
   79  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
   80  history
   81  gcloud config configurations list
   82  gcloud iam roles list | grep devops
   83  gcloud config configurations activate user2
   84  gcloud compute instances create lab-2 --machine-type=e2-standard-2
   85  gcloud compute instances list
   86  gcloud config configurations list
   87  gcloud config configurations activate default
   88  gcloud config configurations list
   89  gcloud compute instances list
   90  gcloud config list
   91  gcloud config set project $PROJECTID2
   92  gcloud config list
   93  gcloud iam service-accounts create devops --display-name devops
   94  gcloud iam service-accounts list
   95  gcloud iam service-accounts list --filter "displayName=devops"
   96  SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
   97  echo $SA
   98  gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
   99  gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
  100  gcloud compute instances create lab-3 --machine-type=e2-standard-2 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
  101  gcloud compute ssh lab-3
  102  history
[student-04-6234289191d9@centos-clean ~]$ 
No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)

AppEngine - Python

tudent_04_347b5286260a@cloudshell:~/python-docs-samples/appengine/standard_python3/hello_world (qwiklabs-gcp-00-88834e0beca1)$ sudo apt upda...

  • CC
  • Configuring IAM Permissions with gcloud
    What is IAM? Google Cloud offers Cloud Identity and Access Management (IAM), which lets you manage access control by defining who (identity)...
  • Kafka on Kubernetes
      Deploying Kafka on Kubernetes(GKE) using Strimzi Operator: Kafka: Apache Kafka is an event streaming platform.  Kafka combines three key c...