GCE x Ubuntu x Docker environment building with command

1

environment

MacOS X 10.15.5 (Catalina)
Homebrew 2.4.9
Google Cloud SDK 304.0.0

GCP Account Registration

【Explanation with image】 Register for an account with a free trial of Google Cloud Platform (GCP)

Installing the Google Cloud SDK

Installing the Google Cloud SDK ~ Initializing

Project Creation

Create a project with the Google Cloud SDK

Creating an Instance

Determine the instance name

Put it in a variable.

$ INSTANCE='anata_no_instance_name'

Verify the public VM image

When you create an instance, you refer to PROJECT and FAMILY.

$ gcloud compute images list

NAME               PROJECT      FAMILY   DEPRECATED STATUS
centos-6-v20200714 centos-cloud centos-6            READY
centos-7-v20200714 centos-cloud centos-7            READY
...
ubuntu-1804-bionic-v20200807 ubuntu-os-cloud ubuntu-1804-lts READY

Creating an Instance

This time, I used ubuntu-1804-lts

$ gcloud compute instances create $INSTANCE \\
--image-family ubuntu-1804-lts \\
--image-project ubuntu-os-cloud \\
--zone asia-northeast1-a \\
--machine-type f1-micro \\
--boot-disk-size 30GB

GCP has a free trial that gives you $300 in credits for 12 months, and AlwaysFree where you can use each service for free regardless of credits as long as it is within the prescribed range. Even during the free trial period, credits will not be consumed as long as they are within the terms of Always Free.

  • Region: US-XXXX1
  • Machine Type: F1-Micro x1
  • Persistent storage: 30GB or less

If you use a resource that is eligible for Always Free during the free trial period, that resource will not be deducted from your free trial credits.

※ There is a possibility that the regulations may change, so please check here. https://cloud.google.com/free/docs/gcp-free-tier#always-free

Checking Instance Details

Try to verify the instance that was created.

$ gcloud compute instances describe $INSTANCE

SSH connection

We will configure the settings for SSH connection to the instance.

Creating a Key Pair

$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C '[email protected]'
...
Enter passphrase (empty for no passphrase): # 秘密鍵にアクセスするためのパスフレーズを登録
Enter same passphrase again: # 確認のためもう一度
...

-t rsa (RSA method) -b 4096-bit key length method -C comment. When registering a key in GCP, the user will automatically add the one specified here.

bonus

Can also be done with gcloud commands

$ gcloud compute ssh $INSTANCE

Changing the authority of the private key

For security reasons, change the file permissions to 400. * Authority that only the owner can read

$ chmod 400 ~/.ssh/id_rsa

Copy Public Key

$ cat ~/.ssh/id_rsa.pub | pbcopy

Registering a public key

It looks like this needs to be manipulated in the GUI.

From the GCP console https://console.cloud.google.com/

If you want to register for the entire project

スクリーンショット 2020-08-12 16 11 25

スクリーンショット 2020-08-12 16 12 05

スクリーンショット 2020-08-12 16 12 23

When registering for each instance

スクリーンショット 2020-08-13 14 35 51

connection

Connect with the ssh command.

$ ssh ユーザーネーム@外部IP -i ~/.ssh/id_rsa
...
Are you sure you want to continue connecting (yes/no/[fingerprint])? # <- yesと入力
Enter passphrase for key '/Users/anata_no_home_dir/.ssh/id_rsa': # <- パスフレーズを入力(キーペア作成時に登録したもの)
...

Username

By default, the username for an SSH session is generated from the email address logged into the account, omitting the domain information. For example, if the email address is [email protected], the corresponding username is user.

External IP Web Console menu > Compute Engine > VM Instance or $ gcloud compute instances describe instance name ... natIP: xx.xxx.xxx.xx ...

It can be examined from .

bonus

Are you sure you want to ~ is heard on the first connection. (Even when the fingerprint of the connection destination changes) Answering yes adds it to the ~/.ssh/known_hosts file and prevents you from hearing it in the future.

Skipping with the -oStrictHostKeyChecking=no option. Skip the answer and register it in known_hosts but only if you can judge that it is safe because it is not good for security.

$ ssh ユーザーネーム@外部IP -i ~/.ssh/id_rsa -oStrictHostKeyChecking=no

Register in config file

Edit the ~/.ssh/config file.

/Users/anata_no_home_dir/.ssh/config
Host webserver <- 任意のホスト名
    User anata_no_user_name
    HostName 192.0.2.1
    Port 22
    IdentityFile ~/.ssh/id_rsa

bonus

By appending the StrictHostKeyChecking no to the config file, the same thing as -oStrictHostKeyChecking=no is possible.

/Users/anata_no_home_dir/.ssh/config
Host webserver
    User anata_no_user_name
    HostName 192.0.2.1
    Port 22
    IdentityFile ~/.ssh/id_rsa
    StrictHostKeyChecking no <- これ
    UserKnownHostsFile=/dev/null  <- これ

UserKnownHostsFile=/dev/null prevents the host from appending to the known_hosts file.

connection

Login confirmation with the hostname registered in the config file

$ ssh webserver

Changing the Port

The port number can be up to 0 ~ 65535, but basically it seems safe to use a number up to 49513 ~ 65535.

Change the port number in the sshd_config file

It will be an in-server operation.

Edit the /etc/ssh/sshd_config file. Uncomment out the line marked #Port ~ and change it to the port number changed with ↑

Here

/etc/ssh/sshd_config
...
#Port 22
...

↓ Do this

/etc/ssh/sshd_config
...
Port 12022
...

In the command

$ sudo sed -i -e "s/#Port 22/Port 12022/g" /etc/ssh/sshd_config

-i Reads a file and overwrites the results to that file.

-e If the -e option is not present, the first non-option argument is considered to be the processing content, so -e can usually be omitted. If you want to use an extended regular expression as an argument that indicates what to do, add -E or -r.

Restart the sshd service

$ sudo systemctl restart sshd

Change firewall rules

Several firewall rules are configured by default in your VPC network. Here we change the default port number of the SSH setting default-allow-ssh to 22 -> 12022.

$ gcloud compute firewall-rules update default-allow-ssh \\
--allow tcp:12022

Change the port number in config file

/Users/anata_no_home_dir/.ssh/config
Host webserver
    User anata_no_user_name
    HostName 192.0.2.1
    Port 12022 <- ここ
    IdentityFile ~/.ssh/id_rsa

confirmation

Try logging in

$ ssh webserver

or

$ ssh ユーザーネーム@外部IP -p 12022 -i ~/.ssh/id_rsa 

Server Configuration

It will be an in-server operation.

Time synchronization settings in Ubuntu

Settings for which time server to synchronize.

/etc/systemd/timesyncd.confEdit

Here

/etc/systemd/timesyncd.conf
...
[Time]
#NTP=
#FallbackNTP=ntp.ubuntu.com
...

This way

/etc/systemd/timesyncd.conf
...
[Time]
NTP=ntp.nict.jp
FallbackNTP=ntp1.jst.mfeed.ad.jp ntp2.jst.mfeed.ad.jp ntp3.jst.mfeed.ad.jp
...

If you do it with a command, do it like this

$ sudo sed -i -e 's/#NTP=/NTP=ntp.nict.jp/g' /etc/systemd/timesyncd.conf 

$ sudo sed -i -e 's/#FallbackNTP=ntp.ubuntu.com/FallbackNTP=ntp1.jst.mfeed.ad.jp ntp2.jst.mfeed.ad.jp ntp3.jst.mfeed.ad.jp/g' /etc/systemd/timesyncd.conf 

restart

$ sudo systemctl restart systemd-timesyncd.service

Setting the Time Zone

Checking the current time

$ date

Thu Aug 09 00:06:18 UTC 2020

Checking the Time Zone

$ timedatectl

                      Local time: Thu 2020-08-09 00:08:23 UTC
                  Universal time: Thu 2020-08-09 00:08:23 UTC
                        RTC time: Thu 2020-08-09 00:08:24
                       Time zone: Etc/UTC (UTC, +0000)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no

Setting the Time Zone

$ sudo timedatectl set-timezone Asia/Tokyo

Check for Time Zone Changes

$ timedatectl

                      Local time: Thu 2020-08-09 09:16:35 JST
                  Universal time: Thu 2020-08-09 00:16:35 UTC
                        RTC time: Thu 2020-08-09 00:16:36
                       Time zone: Asia/Tokyo (JST, +0900)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no

Installing Docker

It will be an in-server operation.

Install with shell script

$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh

-f Do not output at all on error

-s Do not display progress meters or error messages.

-S By using it together with -s, only error messages are output.

-L Enable redirection when the page has moved and there is a redirect destination.

Add a user group

$ sudo usermod -aG docker anata_no_user_name

Username is the string before the @ displayed on the command line For GCP the default is before gmail @

Change Permissions

Make sockets used by Docker readable by ordinary users

$ sudo chmod 666 /var/run/docker.sock

Execution Confirmation

$ docker -v

Installing docker-compose

Install from GitHub repository binaries

# インストール
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

-L Enable redirection when the page has moved and there is a redirect destination.

Checking uname -s

$ uname -s
Linux

Checking uname -m

$ uname -m
x86_64

Change Permissions

$ sudo chmod +x /usr/local/bin/docker-compose

+x Grant execute permission to all users

Execution Confirmation

$ docker-compose -v

bonus

  • d.
  • dc docker-compose

Set the alias so that you can run in .

$ sudo sh -c "echo \\"\
alias d='docker'\\" >> ~/.bashrc"
$ sudo sh -c "echo \\"\
alias dc='docker-compose'\\" >> ~/.bashrc"

$ source ~/.bashrc

* Sudo echo "alias d='docker'" >> error ~/.bashrc

confirmation

If you follow the following command, OK

d -v

Docker version 19.03.12, build 48a66213fe
dc -v

docker-compose version 1.26.2, build eefe0d31

End

Thank you for reading until the end.

Share:
1
Author by

■ twitter.com/rescued_cat ■ connpass: daremoku.connpass.com ■ Kaggle 銅 x 1 ■ GCP Associate Cloud Engineer ■

Updated on October 31, 2020