2013-11-22 18:19:16 +00:00
|
|
|
==========================================
|
|
|
|
Getting Started With Google Compute Engine
|
|
|
|
==========================================
|
|
|
|
|
2013-11-23 02:04:00 +00:00
|
|
|
Google Compute Engine (GCE) is Google-infrastructure as a service that lets you
|
2013-11-22 18:19:16 +00:00
|
|
|
run your large-scale computing workloads on virtual machines. This document
|
|
|
|
covers how to use Salt Cloud to provision and manage your virtual machines
|
|
|
|
hosted within Google's infrastructure.
|
|
|
|
|
|
|
|
You can find out more about GCE and other Google Cloud Platform services
|
|
|
|
at https://cloud.google.com.
|
|
|
|
|
|
|
|
|
|
|
|
Dependencies
|
|
|
|
============
|
2015-09-17 21:07:49 +00:00
|
|
|
* LibCloud >= 0.14.1
|
2013-11-23 02:04:00 +00:00
|
|
|
* A Google Cloud Platform account with Compute Engine enabled
|
2013-11-22 18:19:16 +00:00
|
|
|
* A registered Service Account for authorization
|
|
|
|
* Oh, and obviously you'll need `salt <https://github.com/saltstack/salt>`_
|
|
|
|
|
|
|
|
|
2015-09-17 21:07:49 +00:00
|
|
|
.. _gce_setup:
|
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
Google Compute Engine Setup
|
|
|
|
===========================
|
|
|
|
#. Sign up for Google Cloud Platform
|
2014-02-26 22:45:43 +00:00
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
Go to https://cloud.google.com and use your Google account to sign up for
|
|
|
|
Google Cloud Platform and complete the guided instructions.
|
|
|
|
|
|
|
|
#. Create a Project
|
2014-02-26 22:45:43 +00:00
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
Next, go to the console at https://cloud.google.com/console and create a
|
|
|
|
new Project. Make sure to select your new Project if you are not
|
|
|
|
automatically directed to the Project.
|
|
|
|
|
|
|
|
Projects are a way of grouping together related users, services, and
|
|
|
|
billing. You may opt to create multiple Projects and the remaining
|
|
|
|
instructions will need to be completed for each Project if you wish to
|
|
|
|
use GCE and Salt Cloud to manage your virtual machines.
|
|
|
|
|
|
|
|
#. Enable the Google Compute Engine service
|
2014-02-26 22:45:43 +00:00
|
|
|
|
|
|
|
In your Project, either just click *Compute Engine* to the left, or go to
|
|
|
|
the *APIs & auth* section and *APIs* link and enable the Google Compute
|
|
|
|
Engine service.
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
#. Create a Service Account
|
2014-02-26 22:45:43 +00:00
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
To set up authorization, navigate to *APIs & auth* section and then the
|
2014-02-26 22:45:43 +00:00
|
|
|
*Credentials* link and click the *CREATE NEW CLIENT ID* button. Select
|
|
|
|
*Service Account* and click the *Create Client ID* button. This will
|
2015-09-17 21:07:49 +00:00
|
|
|
automatically download a ``.json`` file, which may or may not be used
|
|
|
|
in later steps, depending on your version of ``libcloud``.
|
2015-06-29 20:08:15 +00:00
|
|
|
|
2015-09-17 21:07:49 +00:00
|
|
|
Look for a new *Service Account* section in the page and record the generated
|
|
|
|
email address for the matching key/fingerprint. The email address will be used
|
|
|
|
in the ``service_account_email_address`` of the ``/etc/salt/cloud.providers``
|
|
|
|
or the ``/etc/salt/cloud.providers.d/*.conf`` file.
|
2014-02-26 22:45:43 +00:00
|
|
|
|
|
|
|
#. Key Format
|
|
|
|
|
2015-12-29 09:26:04 +00:00
|
|
|
.. note:: If you are using ``libcloud >= 0.17.0`` it is recommended that you use the ``JSON
|
|
|
|
format`` file you downloaded above and skip to the `Provider Configuration`_ section
|
|
|
|
below, using the JSON file **in place of 'NEW.pem'** in the documentation.
|
|
|
|
|
|
|
|
If you are using an older version of libcloud or are unsure of the version you
|
|
|
|
have, please follow the instructions below to generate and format a new P12 key.
|
|
|
|
|
2014-08-24 18:15:04 +00:00
|
|
|
In the new *Service Account* section, click *Generate new P12 key*, which
|
|
|
|
will automatically download a ``.p12`` private key file. The ``.p12``
|
|
|
|
private key needs to be converted to a format compatible with libcloud.
|
|
|
|
This new Google-generated private key was encrypted using *notasecret* as
|
|
|
|
a passphrase. Use the following command and record the location of the
|
|
|
|
converted private key and record the location for use in the
|
|
|
|
``service_account_private_key`` of the ``/etc/salt/cloud`` file:
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2014-07-14 17:37:13 +00:00
|
|
|
.. code-block:: bash
|
|
|
|
|
2014-08-24 18:15:04 +00:00
|
|
|
openssl pkcs12 -in ORIG.p12 -passin pass:notasecret \
|
2014-07-14 17:37:13 +00:00
|
|
|
-nodes -nocerts | openssl rsa -out NEW.pem
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-06-29 20:08:15 +00:00
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
Provider Configuration
|
|
|
|
======================
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
Set up the provider cloud config at ``/etc/salt/cloud.providers`` or
|
|
|
|
``/etc/salt/cloud.providers.d/*.conf``:
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
gce-config:
|
|
|
|
# Set up the Project name and Service Account authorization
|
|
|
|
project: "your-project-id"
|
|
|
|
service_account_email_address: "123-a5gt@developer.gserviceaccount.com"
|
|
|
|
service_account_private_key: "/path/to/your/NEW.pem"
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
# Set up the location of the salt master
|
|
|
|
minion:
|
|
|
|
master: saltmaster.example.com
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
# Set up grains information, which will be common for all nodes
|
|
|
|
# using this provider
|
|
|
|
grains:
|
|
|
|
node_type: broker
|
|
|
|
release: 1.0.1
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-17 16:54:33 +00:00
|
|
|
driver: gce
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2014-06-26 17:31:52 +00:00
|
|
|
.. note::
|
|
|
|
|
2014-08-24 18:15:04 +00:00
|
|
|
The value provided for ``project`` must not contain underscores or spaces and
|
|
|
|
is labeled as "Project ID" on the Google Developers Console.
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-08-10 15:20:26 +00:00
|
|
|
.. note::
|
|
|
|
.. versionchanged:: 2015.8.0
|
|
|
|
|
|
|
|
The ``provider`` parameter in cloud provider definitions was renamed to ``driver``. This
|
|
|
|
change was made to avoid confusion with the ``provider`` parameter that is used in cloud profile
|
|
|
|
definitions. Cloud provider definitions now use ``driver`` to refer to the Salt cloud module that
|
|
|
|
provides the underlying functionality to connect to a cloud host, while cloud profiles continue
|
|
|
|
to use ``provider`` to refer to provider configurations that you define.
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
Profile Configuration
|
|
|
|
=====================
|
|
|
|
Set up an initial profile at ``/etc/salt/cloud.profiles`` or
|
|
|
|
``/etc/salt/cloud.profiles.d/*.conf``:
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
my-gce-profile:
|
2013-11-22 18:19:16 +00:00
|
|
|
image: centos-6
|
|
|
|
size: n1-standard-1
|
|
|
|
location: europe-west1-b
|
|
|
|
network: default
|
|
|
|
tags: '["one", "two", "three"]'
|
|
|
|
metadata: '{"one": "1", "2": "two"}'
|
|
|
|
use_persistent_disk: True
|
|
|
|
delete_boot_pd: False
|
|
|
|
deploy: True
|
|
|
|
make_master: False
|
|
|
|
provider: gce-config
|
|
|
|
|
|
|
|
The profile can be realized now with a salt command:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
salt-cloud -p my-gce-profile gce-instance
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
This will create an salt minion instance named ``gce-instance`` in GCE. If
|
|
|
|
the command was executed on the salt-master, its Salt key will automatically
|
|
|
|
be signed on the master.
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
Once the instance has been created with a salt-minion installed, connectivity to
|
2013-11-22 18:19:16 +00:00
|
|
|
it can be verified with Salt:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
salt gce-instance test.ping
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
GCE Specific Settings
|
|
|
|
=====================
|
|
|
|
Consult the sample profile below for more information about GCE specific
|
2015-09-23 19:06:25 +00:00
|
|
|
settings. Some of them are mandatory and are properly labeled below but
|
2013-11-22 18:19:16 +00:00
|
|
|
typically also include a hard-coded default.
|
|
|
|
|
2015-09-23 19:06:25 +00:00
|
|
|
Initial Profile
|
|
|
|
---------------
|
|
|
|
Set up an initial profile at ``/etc/salt/cloud.profiles`` or
|
|
|
|
``/etc/salt/cloud.profiles.d/gce.conf``:
|
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
my-gce-profile:
|
2013-11-22 18:19:16 +00:00
|
|
|
image: centos-6
|
|
|
|
size: n1-standard-1
|
|
|
|
location: europe-west1-b
|
|
|
|
network: default
|
|
|
|
tags: '["one", "two", "three"]'
|
|
|
|
metadata: '{"one": "1", "2": "two"}'
|
|
|
|
use_persistent_disk: True
|
|
|
|
delete_boot_pd: False
|
2014-12-02 20:38:00 +00:00
|
|
|
ssh_interface: public_ips
|
|
|
|
external_ip: "ephemeral"
|
2013-11-22 18:19:16 +00:00
|
|
|
|
2015-09-23 19:06:25 +00:00
|
|
|
image
|
|
|
|
-----
|
|
|
|
|
|
|
|
Image is used to define what Operating System image should be used
|
|
|
|
to for the instance. Examples are Debian 7 (wheezy) and CentOS 6. Required.
|
|
|
|
|
|
|
|
size
|
|
|
|
----
|
|
|
|
|
|
|
|
A 'size', in GCE terms, refers to the instance's 'machine type'. See
|
|
|
|
the on-line documentation for a complete list of GCE machine types. Required.
|
|
|
|
|
|
|
|
location
|
|
|
|
--------
|
|
|
|
|
|
|
|
A 'location', in GCE terms, refers to the instance's 'zone'. GCE
|
|
|
|
has the notion of both Regions (e.g. us-central1, europe-west1, etc)
|
|
|
|
and Zones (e.g. us-central1-a, us-central1-b, etc). Required.
|
|
|
|
|
|
|
|
network
|
|
|
|
-------
|
|
|
|
|
|
|
|
Use this setting to define the network resource for the instance.
|
|
|
|
All GCE projects contain a network named 'default' but it's possible
|
|
|
|
to use this setting to create instances belonging to a different
|
|
|
|
network resource.
|
|
|
|
|
|
|
|
tags
|
|
|
|
----
|
|
|
|
|
|
|
|
GCE supports instance/network tags and this setting allows you to
|
|
|
|
set custom tags. It should be a list of strings and must be
|
|
|
|
parse-able by the python ast.literal_eval() function to convert it
|
|
|
|
to a python list.
|
|
|
|
|
|
|
|
metadata
|
|
|
|
--------
|
|
|
|
|
|
|
|
GCE supports instance metadata and this setting allows you to
|
|
|
|
set custom metadata. It should be a hash of key/value strings and
|
|
|
|
parse-able by the python ast.literal_eval() function to convert it
|
|
|
|
to a python dictionary.
|
|
|
|
|
|
|
|
use_persistent_disk
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Use this setting to ensure that when new instances are created,
|
|
|
|
they will use a persistent disk to preserve data between instance
|
|
|
|
terminations and re-creations.
|
|
|
|
|
|
|
|
delete_boot_pd
|
|
|
|
--------------
|
|
|
|
|
|
|
|
In the event that you wish the boot persistent disk to be permanently
|
|
|
|
deleted when you destroy an instance, set delete_boot_pd to True.
|
|
|
|
|
|
|
|
ssh_interface
|
|
|
|
-------------
|
|
|
|
|
2015-10-01 22:37:17 +00:00
|
|
|
.. versionadded:: 2015.5.0
|
|
|
|
|
2015-09-23 19:06:25 +00:00
|
|
|
Specify whether to use public or private IP for deploy script.
|
|
|
|
|
|
|
|
Valid options are:
|
2015-10-01 22:37:17 +00:00
|
|
|
|
|
|
|
- private_ips: The salt-master is also hosted with GCE
|
|
|
|
- public_ips: The salt-master is hosted outside of GCE
|
2015-09-23 19:06:25 +00:00
|
|
|
|
|
|
|
external_ip
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Per instance setting: Used a named fixed IP address to this host.
|
|
|
|
|
|
|
|
Valid options are:
|
2015-10-01 22:37:17 +00:00
|
|
|
|
|
|
|
- ephemeral: The host will use a GCE ephemeral IP
|
|
|
|
- None: No external IP will be configured on this host.
|
2015-09-23 19:06:25 +00:00
|
|
|
|
|
|
|
Optionally, pass the name of a GCE address to use a fixed IP address.
|
|
|
|
If the address does not already exist, it will be created.
|
|
|
|
|
|
|
|
ex_disk_type
|
|
|
|
------------
|
|
|
|
|
|
|
|
GCE supports two different disk types, ``pd-standard`` and ``pd-ssd``.
|
|
|
|
The default disk type setting is ``pd-standard``. To specify using an SSD
|
|
|
|
disk, set ``pd-ssd`` as the value.
|
|
|
|
|
2015-09-23 19:08:18 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
|
|
|
|
2015-09-23 20:27:55 +00:00
|
|
|
ip_forwarding
|
|
|
|
-------------
|
|
|
|
|
|
|
|
GCE instances can be enabled to use IP Forwarding. When set to ``True``,
|
|
|
|
this options allows the instance to send/receive non-matching src/dst
|
|
|
|
packets. Default is ``False``.
|
|
|
|
|
|
|
|
.. versionadded:: 2015.8.1
|
2015-09-23 19:06:25 +00:00
|
|
|
|
2015-12-16 20:14:20 +00:00
|
|
|
Profile with scopes
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Scopes can be specified by setting the optional ``ex_service_accounts``
|
|
|
|
key in your cloud profile. The following example enables the bigquery scope.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
my-gce-profile:
|
|
|
|
image: centos-6
|
|
|
|
ssh_username: salt
|
|
|
|
size: f1-micro
|
|
|
|
location: us-central1-a
|
|
|
|
network: default
|
|
|
|
tags: '["one", "two", "three"]'
|
|
|
|
metadata: '{"one": "1", "2": "two",
|
|
|
|
"sshKeys": ""}'
|
|
|
|
use_persistent_disk: True
|
|
|
|
delete_boot_pd: False
|
|
|
|
deploy: False
|
|
|
|
make_master: False
|
|
|
|
provider: gce-config
|
|
|
|
ex_service_accounts:
|
|
|
|
- scopes:
|
|
|
|
- bigquery
|
|
|
|
|
|
|
|
|
|
|
|
Email can also be specified as an (optional) parameter.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
my-gce-profile:
|
|
|
|
...snip
|
|
|
|
ex_service_accounts:
|
|
|
|
- scopes:
|
|
|
|
- bigquery
|
|
|
|
email: default
|
|
|
|
|
|
|
|
There can be multiple entries for scopes since ``ex-service_accounts`` accepts
|
|
|
|
a list of dictionaries. For more information refer to the libcloud documentation
|
|
|
|
on `specifying service account scopes`__.
|
|
|
|
|
2015-09-23 19:06:25 +00:00
|
|
|
SSH Remote Access
|
|
|
|
=================
|
|
|
|
|
2013-11-22 18:19:16 +00:00
|
|
|
GCE instances do not allow remote access to the root user by default.
|
2014-12-11 15:51:43 +00:00
|
|
|
Instead, another user must be used to run the deploy script using sudo.
|
2015-09-16 18:51:47 +00:00
|
|
|
Append something like this to ``/etc/salt/cloud.profiles`` or
|
|
|
|
``/etc/salt/cloud.profiles.d/*.conf``:
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
my-gce-profile:
|
2014-04-29 20:08:25 +00:00
|
|
|
...
|
2014-12-11 15:51:43 +00:00
|
|
|
|
2014-04-29 20:08:25 +00:00
|
|
|
# SSH to GCE instances as gceuser
|
|
|
|
ssh_username: gceuser
|
|
|
|
|
|
|
|
# Use the local private SSH key file located here
|
|
|
|
ssh_keyfile: /etc/cloud/google_compute_engine
|
|
|
|
|
|
|
|
If you have not already used this SSH key to login to instances in this
|
|
|
|
GCE project you will also need to add the public key to your projects
|
|
|
|
metadata at https://cloud.google.com/console. You could also add it via
|
|
|
|
the metadata setting too:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-09-16 18:51:47 +00:00
|
|
|
my-gce-profile:
|
2014-04-29 20:08:25 +00:00
|
|
|
...
|
|
|
|
|
|
|
|
metadata: '{"one": "1", "2": "two",
|
|
|
|
"sshKeys": "gceuser:ssh-rsa <Your SSH Public Key> gceuser@host"}'
|
2013-11-22 18:19:16 +00:00
|
|
|
|
|
|
|
|
2013-11-25 14:31:16 +00:00
|
|
|
Single instance details
|
|
|
|
=======================
|
|
|
|
This action is a thin wrapper around ``--full-query``, which displays details on a
|
2013-11-22 18:19:16 +00:00
|
|
|
single instance only. In an environment with several machines, this will save a
|
|
|
|
user from having to sort through all instance data, just to examine a single
|
|
|
|
instance.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -a show_instance myinstance
|
|
|
|
|
|
|
|
|
2013-11-25 14:31:16 +00:00
|
|
|
Destroy, persistent disks, and metadata
|
2013-11-22 18:19:16 +00:00
|
|
|
=======================================
|
|
|
|
As noted in the provider configuration, it's possible to force the boot
|
|
|
|
persistent disk to be deleted when you destroy the instance. The way that
|
|
|
|
this has been implemented is to use the instance metadata to record the
|
|
|
|
cloud profile used when creating the instance. When ``destroy`` is called,
|
|
|
|
if the instance contains a ``salt-cloud-profile`` key, it's value is used
|
|
|
|
to reference the matching profile to determine if ``delete_boot_pd`` is
|
|
|
|
set to ``True``.
|
|
|
|
|
|
|
|
Be aware that any GCE instances created with salt cloud will contain this
|
|
|
|
custom ``salt-cloud-profile`` metadata entry.
|
|
|
|
|
|
|
|
|
2013-11-25 14:31:16 +00:00
|
|
|
List various resources
|
|
|
|
======================
|
2013-11-22 18:19:16 +00:00
|
|
|
It's also possible to list several GCE resources similar to what can be done
|
|
|
|
with other providers. The following commands can be used to list GCE zones
|
|
|
|
(locations), machine types (sizes), and images.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud --list-locations gce
|
|
|
|
salt-cloud --list-sizes gce
|
|
|
|
salt-cloud --list-images gce
|
2014-02-26 22:45:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
Persistent Disk
|
|
|
|
===============
|
|
|
|
The Compute Engine provider provides functions via salt-cloud to manage your
|
|
|
|
Persistent Disks. You can create and destroy disks as well as attach and
|
|
|
|
detach them from running instances.
|
|
|
|
|
|
|
|
Create
|
|
|
|
------
|
|
|
|
When creating a disk, you can create an empty disk and specify its size (in
|
|
|
|
GB), or specify either an 'image' or 'snapshot'.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_disk gce disk_name=pd location=us-central1-b size=200
|
|
|
|
|
|
|
|
Delete
|
|
|
|
------
|
|
|
|
Deleting a disk only requires the name of the disk to delete
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f delete_disk gce disk_name=old-backup
|
|
|
|
|
|
|
|
Attach
|
|
|
|
------
|
|
|
|
Attaching a disk to an existing instance is really an 'action' and requires
|
|
|
|
both an instance name and disk name. It's possible to use this ation to
|
|
|
|
create bootable persistent disks if necessary. Compute Engine also supports
|
|
|
|
attaching a persistent disk in READ_ONLY mode to multiple instances at the
|
|
|
|
same time (but then cannot be attached in READ_WRITE to any instance).
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -a attach_disk myinstance disk_name=pd mode=READ_WRITE boot=yes
|
|
|
|
|
|
|
|
Detach
|
|
|
|
------
|
|
|
|
Detaching a disk is also an action against an instance and only requires
|
|
|
|
the name of the disk. Note that this does *not* safely sync and umount the
|
|
|
|
disk from the instance. To ensure no data loss, you must first make sure the
|
|
|
|
disk is unmounted from the instance.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -a detach_disk myinstance disk_name=pd
|
|
|
|
|
|
|
|
Show disk
|
|
|
|
---------
|
|
|
|
It's also possible to look up the details for an existing disk with either
|
|
|
|
a function or an action.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -a show_disk myinstance disk_name=pd
|
|
|
|
salt-cloud -f show_disk gce disk_name=pd
|
|
|
|
|
|
|
|
Create snapshot
|
|
|
|
---------------
|
|
|
|
You can take a snapshot of an existing disk's content. The snapshot can then
|
2014-04-30 20:55:30 +00:00
|
|
|
in turn be used to create other persistent disks. Note that to prevent data
|
2014-02-26 22:45:43 +00:00
|
|
|
corruption, it is strongly suggested that you unmount the disk prior to
|
|
|
|
taking a snapshot. You must name the snapshot and provide the name of the
|
|
|
|
disk.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_snapshot gce name=backup-20140226 disk_name=pd
|
|
|
|
|
|
|
|
Delete snapshot
|
|
|
|
---------------
|
|
|
|
You can delete a snapshot when it's no longer needed by specifying the name
|
|
|
|
of the snapshot.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f delete_snapshot gce name=backup-20140226
|
|
|
|
|
|
|
|
Show snapshot
|
|
|
|
-------------
|
|
|
|
Use this function to look up information about the snapshot.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f show_snapshot gce name=backup-20140226
|
|
|
|
|
|
|
|
Networking
|
|
|
|
==========
|
|
|
|
Compute Engine supports multiple private networks per project. Instances
|
|
|
|
within a private network can easily communicate with each other by an
|
|
|
|
internal DNS service that resolves instance names. Instances within a private
|
|
|
|
network can also communicate with either directly without needing special
|
|
|
|
routing or firewall rules even if they span different regions/zones.
|
|
|
|
|
|
|
|
Networks also support custom firewall rules. By default, traffic between
|
|
|
|
instances on the same private network is open to all ports and protocols.
|
|
|
|
Inbound SSH traffic (port 22) is also allowed but all other inbound traffic
|
|
|
|
is blocked.
|
|
|
|
|
|
|
|
Create network
|
|
|
|
--------------
|
|
|
|
New networks require a name and CIDR range. New instances can be created
|
|
|
|
and added to this network by setting the network name during create. It is
|
|
|
|
not possible to add/remove existing instances to a network.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_network gce name=mynet cidr=10.10.10.0/24
|
|
|
|
|
|
|
|
Destroy network
|
|
|
|
---------------
|
|
|
|
Destroy a network by specifying the name. Make sure that there are no
|
|
|
|
instances associated with the network prior to deleting it or you'll have
|
|
|
|
a bad day.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f delete_network gce name=mynet
|
|
|
|
|
|
|
|
Show network
|
|
|
|
------------
|
|
|
|
Specify the network name to view information about the network.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f show_network gce name=mynet
|
|
|
|
|
2014-12-02 20:38:00 +00:00
|
|
|
Create address
|
2015-09-16 18:51:47 +00:00
|
|
|
--------------
|
2014-12-11 15:51:43 +00:00
|
|
|
Create a new named static IP address in a region.
|
2014-12-02 20:38:00 +00:00
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_address gce name=my-fixed-ip region=us-central1
|
|
|
|
|
|
|
|
Delete address
|
2015-09-16 18:51:47 +00:00
|
|
|
--------------
|
2014-12-02 20:38:00 +00:00
|
|
|
Delete an existing named fixed IP address.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f delete_address gce name=my-fixed-ip region=us-central1
|
|
|
|
|
|
|
|
Show address
|
2015-09-16 18:51:47 +00:00
|
|
|
------------
|
2014-12-02 20:38:00 +00:00
|
|
|
View details on a named address.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f show_address gce name=my-fixed-ip region=us-central1
|
|
|
|
|
2014-02-26 22:45:43 +00:00
|
|
|
Create firewall
|
|
|
|
---------------
|
|
|
|
You'll need to create custom firewall rules if you want to allow other traffic
|
|
|
|
than what is described above. For instance, if you run a web service on
|
|
|
|
your instances, you'll need to explicitly allow HTTP and/or SSL traffic.
|
|
|
|
The firewall rule must have a name and it will use the 'default' network
|
|
|
|
unless otherwise specified with a 'network' attribute. Firewalls also support
|
|
|
|
instance tags for source/destination
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_fwrule gce name=web allow=tcp:80,tcp:443,icmp
|
|
|
|
|
|
|
|
Delete firewall
|
|
|
|
---------------
|
|
|
|
Deleting a firewall rule will prevent any previously allowed traffic for the
|
|
|
|
named firewall rule.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f delete_fwrule gce name=web
|
|
|
|
|
|
|
|
Show firewall
|
|
|
|
-------------
|
|
|
|
Use this function to review an existing firewall rule's information.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f show_fwrule gce name=web
|
|
|
|
|
|
|
|
Load Balancer
|
|
|
|
=============
|
|
|
|
Compute Engine possess a load-balancer feature for splitting traffic across
|
|
|
|
multiple instances. Please reference the
|
|
|
|
`documentation <https://developers.google.com/compute/docs/load-balancing/>`_
|
|
|
|
for a more complete discription.
|
|
|
|
|
|
|
|
The load-balancer functionality is slightly different than that described
|
|
|
|
in Google's documentation. The concept of *TargetPool* and *ForwardingRule*
|
|
|
|
are consolidated in salt-cloud/libcloud. HTTP Health Checks are optional.
|
|
|
|
|
|
|
|
HTTP Health Check
|
|
|
|
-----------------
|
|
|
|
HTTP Health Checks can be used as a means to toggle load-balancing across
|
|
|
|
instance members, or to detect if an HTTP site is functioning. A common
|
|
|
|
use-case is to set up a health check URL and if you want to toggle traffic
|
|
|
|
on/off to an instance, you can temporarily have it return a non-200 response.
|
|
|
|
A non-200 response to the load-balancer's health check will keep the LB from
|
|
|
|
sending any new traffic to the "down" instance. Once the instance's
|
|
|
|
health check URL beings returning 200-responses, the LB will again start to
|
|
|
|
send traffic to it. Review Compute Engine's documentation for allowable
|
|
|
|
parameters. You can use the following salt-cloud functions to manage your
|
|
|
|
HTTP health checks.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_hc gce name=myhc path=/ port=80
|
|
|
|
salt-cloud -f delete_hc gce name=myhc
|
|
|
|
salt-cloud -f show_hc gce name=myhc
|
|
|
|
|
|
|
|
|
|
|
|
Load-balancer
|
|
|
|
-------------
|
|
|
|
When creating a new load-balancer, it requires a name, region, port range,
|
|
|
|
and list of members. There are other optional parameters for protocol,
|
2014-04-30 20:55:30 +00:00
|
|
|
and list of health checks. Deleting or showing details about the LB only
|
2014-02-26 22:45:43 +00:00
|
|
|
requires the name.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_lb gce name=lb region=... ports=80 members=w1,w2,w3
|
|
|
|
salt-cloud -f delete_lb gce name=lb
|
|
|
|
salt-cloud -f show_lb gce name=lb
|
|
|
|
|
2014-12-02 20:38:00 +00:00
|
|
|
You can also create a load balancer using a named fixed IP addressby specifying the name of the address.
|
|
|
|
If the address does not exist yet it will be created.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f create_lb gce name=my-lb region=us-central1 ports=234 members=s1,s2,s3 address=my-lb-ip
|
2014-02-26 22:45:43 +00:00
|
|
|
|
|
|
|
Attach and Detach LB
|
|
|
|
--------------------
|
|
|
|
It is possible to attach or detach an instance from an existing load-balancer.
|
|
|
|
Both the instance and load-balancer must exist before using these functions.
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-cloud -f attach_lb gce name=lb member=w4
|
|
|
|
salt-cloud -f detach_lb gce name=lb member=oops
|
2015-12-16 20:14:20 +00:00
|
|
|
|
|
|
|
__ http://libcloud.readthedocs.org/en/latest/compute/drivers/gce.html#specifying-service-account-scopes
|