p:: gcloud

https://console.cloud.google.com/compute/instancesAdd
Images
- ubuntu-2004-focal-v20210927
- ubuntu-2010-groovy-v20210611

PROJECT_ID=adithya321
INSTANCE_NAME=instance-1
MACHINE_TYPE=e2-medium
IMAGE=ubuntu-2004-focal-v20210927
DISK_SIZE=10GB

docker run --rm --volumes-from \
    gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
    gcloud beta compute \
    --project=$PROJECT_ID \
    instances create $INSTANCE_NAME \
    --zone=us-central1-a \
    --machine-type=$MACHINE_TYPE \
    --subnet=default \
    --network-tier=PREMIUM \
    --metadata=startup-script=\#\!/bin/bash$'\n'$'\n'\{$'\n'echo\ \"adithya321\ ALL=\(ALL\)\ NOPASSWD:ALL\"\ \>\>\ /etc/sudoers$'\n'adduser\ --disabled-password\ --gecos\ \"adithya321\"\ adithya321$'\n'echo\ \"adithya321:password\"\ \|\ chpasswd$'\n'usermod\ -aG\ sudo\ adithya321$'\n'\}$'\n'$'\n'\{$'\n'sed\ -i\ -e\ \'s/PasswordAuthentication\ no/PasswordAuthentication\ yes/g\'\ /etc/ssh/sshd_config$'\n'sed\ -i\ -e\ \'s/UsePAM\ yes/UsePAM\ no/g\'\ /etc/ssh/sshd_config$'\n'sudo\ systemctl\ restart\ ssh$'\n'\} \
    --maintenance-policy=MIGRATE \
    --no-service-account --no-scopes \
    --image=$IMAGE \
    --image-project=ubuntu-os-cloud \
    --boot-disk-size=$DISK_SIZE \
    --boot-disk-type=pd-ssd \
    --boot-disk-device-name=$INSTANCE_NAME \
    --no-shielded-secure-boot \
    --shielded-vtpm \
    --shielded-integrity-monitoring \
    --reservation-affinity=any

Created [https://www.googleapis.com/compute/beta/projects/adithya321/zones/us-central1-a/instances/instance-1].
NAME        ZONE           MACHINE_TYPE  PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP   STATUS
instance-1  us-central1-a  e2-medium                  10.128.0.3   34.67.125.75  RUNNING

Startup script used above

#!/bin/bash
{
echo "adithya321 ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
adduser --disabled-password --gecos "adithya321" adithya321
echo "adithya321:password" | chpasswd
usermod -aG sudo adithya321
}
 
{
sed -i -e 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i -e 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
sudo systemctl restart ssh
}

Firewall

p:: gcloud

Setup Firewall Rules

PROJECT_ID=adithya321
gcloud compute \
    --project=$PROJECT_ID \
    firewall-rules delete default-allow-ssh

{
gcloud -q compute \
    --project=$PROJECT_ID \
    firewall-rules delete allow-all-ip
 
gcloud -q compute \
    --project=$PROJECT_ID \
    firewall-rules delete allow-all-e
 
PUBLIC_IP=`curl -s ipv4.icanhazip.com`
gcloud -q compute \
    --project=$PROJECT_ID \
    firewall-rules create allow-all-ip \
    --direction=INGRESS \
    --priority=1000 \
    --network=default \
    --action=ALLOW \
    --rules=all \
    --source-ranges=$PUBLIC_IP
 
 
gcloud -q compute \
    --project=$PROJECT_ID \
    firewall-rules create allow-all-e \
    --direction=EGRESS \
    --priority=1000 \
    --network=default \
    --action=ALLOW \
    --rules=all \
    --destination-ranges=$PUBLIC_IP
}

docker

PROJECT_ID=adithya321
docker run --rm --volumes-from \
    gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
    gcloud compute \
    --project=$PROJECT_ID \
    firewall-rules delete default-allow-ssh

The following firewalls will be deleted:
 - [default-allow-ssh]
 
Do you want to continue (Y/n)?  Y
 
Deleted [https://www.googleapis.com/compute/v1/projects/adithya321/global/firewalls/default-allow-ssh].

PROJECT_ID=adithya321
{
    docker run --rm --volumes-from \
        gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
        gcloud -q compute \
        --project=$PROJECT_ID \
        firewall-rules delete allow-all-ip
    docker run --rm --volumes-from \
        gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
        gcloud -q compute \
        --project=$PROJECT_ID \
        firewall-rules delete allow-all-e
 
    PUBLIC_IP=`curl -s ipv4.icanhazip.com`
    docker run --rm --volumes-from \
        gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
        gcloud compute \
        --project=$PROJECT_ID \
        firewall-rules create allow-all-ip \
        --direction=INGRESS \
        --priority=1000 \
        --network=default \
        --action=ALLOW \
        --rules=all \
        --source-ranges=$PUBLIC_IP
 
    docker run --rm --volumes-from \
        gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk \
        gcloud compute \
        --project=$PROJECT_ID \
        firewall-rules create allow-all-e \
        --direction=EGRESS \
        --priority=1000 \
        --network=default \
        --action=ALLOW \
        --rules=all \
        --destination-ranges=$PUBLIC_IP
}

The following firewalls will be deleted:
 - [allow-all-ip]
 
Do you want to continue (Y/n)?
Deleted [https://www.googleapis.com/compute/v1/projects/adithya321/global/firewalls/allow-all-ip].
The following firewalls will be deleted:
 - [allow-all-e]
 
Do you want to continue (Y/n)?
Deleted [https://www.googleapis.com/compute/v1/projects/adithya321/global/firewalls/allow-all-e].
Creating firewall...
..Created [https://www.googleapis.com/compute/v1/projects/adithya321/global/firewalls/allow-all-ip].
NAME          NETWORK  DIRECTION  PRIORITY  ALLOW  DENY  DISABLED
allow-all-ip  default  INGRESS    1000      all          False
done.
Creating firewall...
..Created [https://www.googleapis.com/compute/v1/projects/adithya321/global/firewalls/allow-all-e].
NAME         NETWORK  DIRECTION  PRIORITY  ALLOW  DENY  DISABLED
allow-all-e  default  EGRESS     1000      all          False
done.

Link to original

ssh [email protected]

🪴 Adithya Jayasankar

Explorer

Create an instance

Firewall

Setup Firewall Rules

docker

Graph View

Backlinks