Configure a Firewall and a Startup Script with Deployment Manager

Login into GCP console

Open cloud shell

Execute following commands to create deployment manager scripts:

mkdir deployment_manager
cd deployment_manager
gsutil cp gs://spls/gsp302/* . (this might based on lab account ur logging
in), its available in the lab page ..

Now enable API’s for

Google Cloud Deployment Manager V2 API
Google Compute Engine API
In GCP console goto “API & Services” and click on “+ENABLE API AND SERVICES”

Search as below :
Repeat the same for Compute Engine API

Now , edit deployment manager scripts to spin a instance, set firewall rules:

After the first 3 commands executed, you can find following files:

Edit qwiklabs.yaml, as follows:

Qwiklabs.jinja file – content to accommodate firewall and start-up script settings:

resources:
resources:
- name: default-allow-http
type: compute.v1.firewall
properties:
targetTags: ["http"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["80"]
- type: compute.v1.instance
name: vm-test
properties:
zone: {{ properties["zone"] }}
machineType: https://www.googleapis.com/compute/v1...{{ env["project"] }}/zones/{{
properties["z$
# For examples on how to use startup scripts on an instance, see:
# https://cloud.google.com/compute/docs...
tags:
items: ["http"]
metadata:
items:
- key: startup-script
value: "apt-get update \n apt-get install -y apache2"
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
diskName: disk-{{ env["deployment"] }}
sourceImage: https://www.googleapis.com/compute/v1...
networkInterfaces:
- network: https://www.googleapis.com/compute/v1...{{ env["project"]
}}/global/networks/default
# Access Config required to give the instance a public IP address
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT

resources:

- name: my-default-allow-http
type: compute.v1.firewall

properties:

targetTags: ["http"]

sourceRanges: ["0.0.0.0/0"]

allowed:

- IPProtocol: TCP

ports: ["80"]

- type: compute.v1.instance

name: vm-test

properties:

zone: {{ properties["zone"] }}

tags:

items: ["http"]

machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"]

}}/zones/{{ properties["zone"] }}/machineTypes/f1-micro

# For examples on how to use startup scripts on an instance, see:

# https://cloud.google.com/compute/docs/startupscript

disks:
- deviceName: boot

type: PERSISTENT

boot: true

autoDelete: true

initializeParams:

diskName: disk-{{ env["deployment"] }}

sourceImage: https://www.googleapis.com/compute/v1/projects/debian-
cloud/global/images/family/debian-9

networkInterfaces:

- network: https://www.googleapis.com/compute/v1/projects/{{ env["project"]

}}/global/networks/default

# Access Config required to give the instance a public IP address

accessConfigs:

- name: External NAT

type: ONE_TO_ONE_NAT

metadata:

items:

- key: startup-script
 value: |

#!/bin/bash

apt-get update && apt-get install -y apache2

Now, we will execute the yaml file to create instance as follows:

gcloud deployment-manager deployments create mydepl --config qwiklabs.yaml

Below screenshot gives you the output u would expect :

Following VM is created:

Now, access the apache page “http://public ip”