GCE x Ubuntu x Docker environment building with command
environment
MacOS X 10.15.5 (Catalina)
Homebrew 2.4.9
Google Cloud SDK 304.0.0
GCP Account Registration
【Explanation with image】 Register for an account with a free trial of Google Cloud Platform (GCP)
Installing the Google Cloud SDK
Installing the Google Cloud SDK ~ Initializing
Project Creation
Create a project with the Google Cloud SDK
Creating an Instance
Determine the instance name
Put it in a variable.
$ INSTANCE='anata_no_instance_name'
Verify the public VM image
When you create an instance, you refer to PROJECT and FAMILY.
$ gcloud compute images list
NAME PROJECT FAMILY DEPRECATED STATUS
centos-6-v20200714 centos-cloud centos-6 READY
centos-7-v20200714 centos-cloud centos-7 READY
...
ubuntu-1804-bionic-v20200807 ubuntu-os-cloud ubuntu-1804-lts READY
Creating an Instance
This time, I used ubuntu-1804-lts
$ gcloud compute instances create $INSTANCE \\
--image-family ubuntu-1804-lts \\
--image-project ubuntu-os-cloud \\
--zone asia-northeast1-a \\
--machine-type f1-micro \\
--boot-disk-size 30GB
GCP has a free trial that gives you $300 in credits for 12 months, and AlwaysFree where you can use each service for free regardless of credits as long as it is within the prescribed range. Even during the free trial period, credits will not be consumed as long as they are within the terms of Always Free.
- Region: US-XXXX1
- Machine Type: F1-Micro x1
- Persistent storage: 30GB or less
If you use a resource that is eligible for Always Free during the free trial period, that resource will not be deducted from your free trial credits.
※ There is a possibility that the regulations may change, so please check here. https://cloud.google.com/free/docs/gcp-free-tier#always-free
Checking Instance Details
Try to verify the instance that was created.
$ gcloud compute instances describe $INSTANCE
SSH connection
We will configure the settings for SSH connection to the instance.
Creating a Key Pair
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C '[email protected]'
...
Enter passphrase (empty for no passphrase): # 秘密鍵にアクセスするためのパスフレーズを登録
Enter same passphrase again: # 確認のためもう一度
...
-t rsa (RSA method) -b 4096-bit key length method -C comment. When registering a key in GCP, the user will automatically add the one specified here.
bonus
Can also be done with gcloud commands
$ gcloud compute ssh $INSTANCE
Changing the authority of the private key
For security reasons, change the file permissions to 400. * Authority that only the owner can read
$ chmod 400 ~/.ssh/id_rsa
Copy Public Key
$ cat ~/.ssh/id_rsa.pub | pbcopy
Registering a public key
It looks like this needs to be manipulated in the GUI.
From the GCP console https://console.cloud.google.com/
If you want to register for the entire project
When registering for each instance
connection
Connect with the ssh command.
$ ssh ユーザーネーム@外部IP -i ~/.ssh/id_rsa
...
Are you sure you want to continue connecting (yes/no/[fingerprint])? # <- yesと入力
Enter passphrase for key '/Users/anata_no_home_dir/.ssh/id_rsa': # <- パスフレーズを入力(キーペア作成時に登録したもの)
...
Username
By default, the username for an SSH session is generated from the email address logged into the account, omitting the domain information. For example, if the email address is [email protected], the corresponding username is user.
External IP Web Console menu > Compute Engine > VM Instance or $ gcloud compute instances describe instance name ... natIP: xx.xxx.xxx.xx ...
It can be examined from .
bonus
Are you sure you want to ~ is heard on the first connection. (Even when the fingerprint of the connection destination changes)
Answering yes adds it to the ~/.ssh/known_hosts file and prevents you from hearing it in the future.
Skipping with the -oStrictHostKeyChecking=no option. Skip the answer and register it in known_hosts but only if you can judge that it is safe because it is not good for security.
$ ssh ユーザーネーム@外部IP -i ~/.ssh/id_rsa -oStrictHostKeyChecking=no
Register in config file
Edit the ~/.ssh/config file.
Host webserver <- 任意のホスト名
User anata_no_user_name
HostName 192.0.2.1
Port 22
IdentityFile ~/.ssh/id_rsa
bonus
By appending the StrictHostKeyChecking no to the config file, the same thing as -oStrictHostKeyChecking=no is possible.
Host webserver
User anata_no_user_name
HostName 192.0.2.1
Port 22
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no <- これ
UserKnownHostsFile=/dev/null <- これ
UserKnownHostsFile=/dev/null prevents the host from appending to the known_hosts file.
connection
Login confirmation with the hostname registered in the config file
$ ssh webserver
Changing the Port
The port number can be up to 0 ~ 65535, but basically it seems safe to use a number up to 49513 ~ 65535.
Change the port number in the sshd_config file
It will be an in-server operation.
Edit the /etc/ssh/sshd_config file.
Uncomment out the line marked #Port ~ and change it to the port number changed with ↑
Here
...
#Port 22
...
↓ Do this
...
Port 12022
...
In the command
$ sudo sed -i -e "s/#Port 22/Port 12022/g" /etc/ssh/sshd_config
-i Reads a file and overwrites the results to that file.
-e If the -e option is not present, the first non-option argument is considered to be the processing content, so -e can usually be omitted. If you want to use an extended regular expression as an argument that indicates what to do, add -E or -r.
Restart the sshd service
$ sudo systemctl restart sshd
Change firewall rules
Several firewall rules are configured by default in your VPC network.
Here we change the default port number of the SSH setting default-allow-ssh to 22 -> 12022.
$ gcloud compute firewall-rules update default-allow-ssh \\
--allow tcp:12022
Change the port number in config file
Host webserver
User anata_no_user_name
HostName 192.0.2.1
Port 12022 <- ここ
IdentityFile ~/.ssh/id_rsa
confirmation
Try logging in
$ ssh webserver
or
$ ssh ユーザーネーム@外部IP -p 12022 -i ~/.ssh/id_rsa
Server Configuration
It will be an in-server operation.
Time synchronization settings in Ubuntu
Settings for which time server to synchronize.
/etc/systemd/timesyncd.confEdit
Here
...
[Time]
#NTP=
#FallbackNTP=ntp.ubuntu.com
...
↓
This way
...
[Time]
NTP=ntp.nict.jp
FallbackNTP=ntp1.jst.mfeed.ad.jp ntp2.jst.mfeed.ad.jp ntp3.jst.mfeed.ad.jp
...
If you do it with a command, do it like this
$ sudo sed -i -e 's/#NTP=/NTP=ntp.nict.jp/g' /etc/systemd/timesyncd.conf
$ sudo sed -i -e 's/#FallbackNTP=ntp.ubuntu.com/FallbackNTP=ntp1.jst.mfeed.ad.jp ntp2.jst.mfeed.ad.jp ntp3.jst.mfeed.ad.jp/g' /etc/systemd/timesyncd.conf
restart
$ sudo systemctl restart systemd-timesyncd.service
Setting the Time Zone
Checking the current time
$ date
Thu Aug 09 00:06:18 UTC 2020
Checking the Time Zone
$ timedatectl
Local time: Thu 2020-08-09 00:08:23 UTC
Universal time: Thu 2020-08-09 00:08:23 UTC
RTC time: Thu 2020-08-09 00:08:24
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
Setting the Time Zone
$ sudo timedatectl set-timezone Asia/Tokyo
Check for Time Zone Changes
$ timedatectl
Local time: Thu 2020-08-09 09:16:35 JST
Universal time: Thu 2020-08-09 00:16:35 UTC
RTC time: Thu 2020-08-09 00:16:36
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
Installing Docker
It will be an in-server operation.
Install with shell script
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
-f Do not output at all on error
-s Do not display progress meters or error messages.
-S
By using it together with -s, only error messages are output.
-L Enable redirection when the page has moved and there is a redirect destination.
Add a user group
$ sudo usermod -aG docker anata_no_user_name
Username is the string before the @ displayed on the command line For GCP the default is before gmail @
Change Permissions
Make sockets used by Docker readable by ordinary users
$ sudo chmod 666 /var/run/docker.sock
Execution Confirmation
$ docker -v
Installing docker-compose
Install from GitHub repository binaries
# インストール
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-L Enable redirection when the page has moved and there is a redirect destination.
Checking uname -s
$ uname -s
Linux
Checking uname -m
$ uname -m
x86_64
Change Permissions
$ sudo chmod +x /usr/local/bin/docker-compose
+x Grant execute permission to all users
Execution Confirmation
$ docker-compose -v
bonus
- d.
- dc docker-compose
Set the alias so that you can run in .
$ sudo sh -c "echo \\"\
alias d='docker'\\" >> ~/.bashrc"
$ sudo sh -c "echo \\"\
alias dc='docker-compose'\\" >> ~/.bashrc"
$ source ~/.bashrc
* Sudo echo "alias d='docker'" >> error ~/.bashrc
confirmation
If you follow the following command, OK
d -v
Docker version 19.03.12, build 48a66213fe
dc -v
docker-compose version 1.26.2, build eefe0d31
End
Thank you for reading until the end.
