Create a virtual machine with gcloud
Getting Started with Cloud Shell and gcloud
Cloud Shell provides you with command-line access to computing resources hosted on Google Cloud. Cloud Shell is a Debian-based virtual machine with a persistent 5-GB home directory, which makes it easy for you to manage your Google Cloud projects and resources. The
gcloud command-line tool and other utilities you need are pre-installed in Cloud Shell, which allows you to get up and running quickly.
In this hands-on lab, you learn how to connect to computing resources hosted on Google Cloud via Cloud Shell with the
You are encouraged to type the commands themselves, which reinforces the core concepts. Many labs will include a code block that contains the required commands. You can easily copy and paste the commands from the code block into the appropriate places during the lab.
What you'll do
- Practice using
- Connect to compute services hosted on Google Cloud.
Familiarity with standard Linux text editors such as
Before you click the Start Lab button
Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.
This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
What you need
To complete this lab, you need:
- Access to a standard internet browser (Chrome browser recommended).
- Time to complete the lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab.
Note: If you are using a Chrome OS device, open an Incognito window to run this lab.
How to start your lab and sign in to the Google Cloud Console
Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is a panel populated with the temporary credentials that you must use for this lab.
Copy the username, and then click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.
Tip: Open the tabs in separate windows, side-by-side.
In the Sign in page, paste the username that you copied from the left panel. Then copy and paste the password.
Important: You must use the credentials from the left panel. Do not use your Google Cloud Training credentials. If you have your own Google Cloud account, do not use it for this lab (avoids incurring charges).
Click through the subsequent pages:
- Accept the terms and conditions.
- Do not add recovery options or two-factor authentication (because this is a temporary account).
- Do not sign up for free trials.
After a few moments, the Cloud Console opens in this tab.
Activate Cloud Shell
Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.
In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.
It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:
gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.
You can list the active account name with this command:
You can list the project ID with this command:
After Cloud Shell is activated, you can use the command line to invoke the Cloud SDK
gcloud tool or other tools available on the virtual machine instance. Later in the lab, you will use your
$HOME directory, which is used in persistent disk storage to store files across projects and between Cloud Shell sessions. Your
$HOME directory is private to you and cannot be accessed by other users.
Task 1: Configure your environment
In this section, you'll learn about aspects of the development environment that you can adjust.
Understanding regions and zones
Certain Google Compute Engine resources live in regions or zones. A region is a specific geographical location where you can run your resources. Each region has one or more zones. For example, the
us-central1 region denotes a region in the Central United States that has zones
us-central1-f. The following image shows zones in their respective regions:
Resources that live in a zone are referred to as zonal resources. Virtual machine instances and persistent disks live in a zone. If you want to attach a persistent disk to a virtual machine instance, both resources must be in the same zone. Similarly, if you want to assign a static IP address to an instance, the instance must be in the same region as the static IP address.
- Set the region to
- To view the project region setting, run the following command:
- Set the zone to
- To view the project zone setting, run the following command:
Finding project information
Copy your project ID to your clipboard or text editor. The project ID is listed in 2 places:
In the Google Cloud Console, on the Dashboard, under Project info. (Click Navigation menu (), and then click Home > Dashboard.)
On the Qwiklabs tab near your username and password.
- In Cloud Shell, run the following
gcloudcommand, to view the project id for your project:
In Cloud Shell, run the following
gcloudcommand to view details about the project:
Find the zone and region metadata values in the output.
You'll use the zone (
google-compute-default-zone) from the output later in this lab.
google-compute-default-zone keys and values are missing from the output, no default zone or region is set.
The output includes other useful information regarding your project. Take sometime to explore this in more detail.
Setting environment variables
Environment variables define your environment and help save time when you write scripts that contain APIs or executables.
Create an environment variable to store your Project ID, replacing
<your_project_ID>with the value for name from the
gcloud compute project-info describecommand you ran earlier:
Create an environment variable to store your Zone, replacing
<your_zone>with the value for zone from the
gcloud compute project-info describecommand you ran earlier:
To verify that your variables were set properly, run the following commands:
If the variables were set correctly, the echo commands will output your Project ID and Zone.
Creating a virtual machine with the gcloud tool
gcloud tool to create a new virtual machine (VM) instance.
To create your VM, run the following command:
gcloud computeallows you to manage your Compute Engine resources in a format that's simpler than the Compute Engine API.
instances createcreates a new instance.
gcelab2is the name of the VM.
--machine-typeflag specifies the machine type as n1-standard-2.
--zoneflag specifies where the VM is created.
If you omit the
gcloudtool can infer your desired zone based on your default properties. Other required instance settings, such as
image, are set to default values if not specified in the
Test completed task
Click Check my progress to verify your performed task. If you have successfully created a virtual machine with the
gcloud tool, an assessment score is displayed.
To open help for the
createcommand, run the following command:
Explore gcloud commands
gcloud tool offers simple usage guidelines that are available by adding the
-h flag (for help) onto the end of any
Run the following command:
You can access more verbose help by appending the
--help flag onto a command or running the
gcloud help command.
Run the following command:
Run the following command:
The results of the
gcloud config --help and
gcloud help config commands are equivalent. Both return long, detailed help.
gcloud Global Flags
govern the behavior of commands on a per-invocation level. Flags override any values set in SDK properties.
View the list of configurations in your environment:
To see all properties and their settings:
List your components:
This command displays the gcloud components that are ready for you to use in this lab.
Task 2: Filtering command line output
The gcloud cli is a powerful tool for working at the command line. Sometime you may want specific information to be displayed.
- List the compute instance available in the project
Having multiple resource deployed in a project is very common. Fortunately gcloud has some clever formatting that can help identify specific resources.
- List the gcelab2 virtual machine
In the above command we have asked gcloud to only show the information matching the criteria i.e. a virtual instance name matching the criteria.
- List the Firewall rules in the project
- List the Firewall rules for the default network
- List the Firewall rules for the default network where the allow rule matches an ICMP rule
Task 3: Connecting to your VM instance
gcloud compute makes connecting to your instances easy.
gcloud compute ssh command provides a wrapper around SSH, which takes care of authentication and the mapping of instance names to IP addresses.
To connect to your VM with SSH, run the following command:
To continue, type Y.
- To leave the passphrase empty, press ENTER twice.
You have connected to the virtual machine created earlier in the lab. Did you notice how the command prompt changed?
The prompt now says something similar to sa_107021519685252337470@gcelab2.
- The reference before the @ indicates the account being used.
- After the @ sign indicates the host machine being accessed.
nginxweb server on to virtual machine
- You don't need to do anything here, so to disconnect from SSH and exit the remote shell, run the following command:
You should be back at your project's command prompt.
Task 4: Updating the Firewall
When using compute resources such as virtual machines, its important to understand the associated firewall rules.
List the firewall rules for the project
From the above we can see we have two networks available.
default network is where our virtual machine
gcelab2 is located.
- Try to access the nginx service running on the
Communication with the virtual machine will fail as it does not have an appropriate firewall rule. Our nginx web server is expecting to communication on tcp:80. To get communication working we need to:
- Add a tag to the gcelab2 virtual machine
- Add a firewall rule for http traffic
- Add a tag to the virtual machine
- Update the firewall rule to allow
- List the firewall rules for the project
Verify communication is possible for http to the virtual machine
You will see the default
Task 5: Viewing the system logs
Viewing logs is essential to understanding the working of your project. Use gcloud to access the different logs available on Google Cloud.
View the available logs on the system:
View the logs that relate to compute resources
- Read the logs related to the resource type of
Read the logs for a specific virtual machine
Test your understanding
The following multiple-choice question should reinforce your understanding of this lab's concepts.
You learned how to launch Cloud Shell and run some sample
Finish your Quest
This self-paced lab is part of the Qwiklabs Google Cloud Essentials and Using the Cloud SDK Command Line Quests. A Quest is a series of related labs that form a learning path. Completing this Quest earns you the badge above to recognize your achievement. You can make your badge (or badges) public and link to them in your online resume or social media account. Enroll in a Quest and get immediate completion credit for taking this lab. See other available Qwiklabs Quests.
Take your next lab
Continue your Quest with Provision Services with Google Cloud Marketplace, or check out these suggestions:
Next steps/learn more
Google Cloud Training & Certification
...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.
Manual Last Updated March 20, 2022
Lab Last Tested March 20, 2022
Copyright 2022 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.