Perform Foundational Infrastructure Tasks In Google Cloud - Cloud

• Cloud Storage
• Cloud IAM
• Cloud Monitoring
• Cloud Functions
• Google Cloud Pub/Sub

Cloud Storage

• Theory
  • Cloud Storage allows world-wide storage and retrieval of any amount of data at any time
• Create a Bucket
  • Go to Navigation menu > Cloud Storage > Browser
  • Click Create Bucket
  • Enter your bucket information and click Continue
    • Name your bucket: Enter a unique name for your bucket
  • Click Create
• Upload an object into the Bucket
  • In the Cloud Storage browser page, click the name of the bucket that you created
  • In the Objects tab, click Upload files
  • In the file dialog, go to the file that you downloaded and select it
• Share a Bucket Publicly
  • Click the Permissions tab above the list of files
  • Ensure the view is set to Principals. Click Add to view the Add principals pane
  • In the New principals box, enter allUsers
  • In the Select a role drop-down, select Cloud Storage > Storage Object Viewer
  • Click Save
  • In the Are you sure you want to make this resource public? window, click Allow public access
• Create Folders
  • In the Objects tab, click Create folder
  • Enter folder1 for Name and click Create
• Delete a folder
  • Click the arrow next to Bucket details to return to the buckets level
  • Select the bucket and Select the checkbox next to folder1
  • Click on the Delete button
  • In the window that opens, type DELETE to confirm the deletion of the folder

Cloud IAM

• Theory
  • Google Cloud's Identity and Access Management (IAM) service lets you create and manage permissions for Google Cloud resources
• The IAM console
  • Select Navigation menu > IAM & Admin > IAM. You are now in the "IAM & Admin" console
  • Click +ADD button at the top of the page > Scroll down to Basic and mouse over
    • There are four roles -=> Browser, Editor, Owner, Viewer
    • Primitive roles set project-level permissions and unless otherwise specified, they control access and management to all Google Cloud services
    • 
  • Click CANCEL to exit out of the "Add principal" panel
• Explore editor roles
  • Navigate to the IAM & Admin console, select Navigation menu > IAM & Admin > IAM
  • Search through the table to find Username and examine the roles they are granted
• Prepare a resource for access testing - Create Bucket
  • Create a Cloud Storage bucket with a unique name. From the Cloud Console, select Navigation menu > Cloud Storage > Browser
  • Click CREATE BUCKET
  • Update the required fields, leave all others at their default values
  • Click CREATE
• Prepare a resource for access testing - Upload a sample file
  • On the Bucket Details page click UPLOAD FILES
  • Click on the three dots at the end of the line containing the file and click Rename
  • Click RENAME
• Remove project access
  • Select Navigation menu > IAM & Admin > IAM. Then click the pencil icon inline and to the left of Username
  • Remove Project Viewer access for Username by clicking the trashcan icon next to the role name. Then click SAVE
• Add Storage permissions
  • In the Console, select Navigation menu > IAM & Admin > IAM
  • Click + ADD button and paste the Username2 name into the New principals field
  • In the Select a role field, select Cloud Storage > Storage Object Viewer from the drop-down menu > SAVE

Cloud Monitoring

• Basic
  • Cloud Monitoring provides visibility into the performance, uptime, and overall health of cloud-powered applications
• Create a Compute Engine instance
  • In the Cloud Console dashboard, go to Navigation menu > Compute Engine > VM instances, then click Create instance
• Add Apache2 HTTP Server to your instance
  • In the Console, click SSH to open a terminal to your instance > Connect
  • Run the following commands
    • sudo apt-get update
    • sudo apt-get install apache2 php7.0
    • sudo service apache2 restart
  • Return to the Cloud Console, on the VM instances page. Click the External IP for lamp-1-vm instance to see the Apache2 default page for this instance
• Create a Monitoring Metrics Scope
  • It is tied to your Google Cloud Project
  • In the Cloud Console, click Navigation menu > Monitoring
• Install the Ops agents
  • It collects logs and metrics on Compute Engine instances, sending your logs to Cloud Logging and your metrics to Cloud Monitoring
  • curl -sSO https://dl.google.com/cloudagents/add-cloud-ops-agent-repo.sh
  • sudo apt-get update
  • sudo systemctl status cloud-ops-agent"*" -=> Verify that the agent is working as expected
• Create an uptime check
  • It verify that a resource is always accessible
  • In the Cloud Console, in the left menu, click Uptime checks, and then click +Create Uptime Check
  • Set the required fields
  • Click on Next to leave the other details to default and click Test to verify that your uptime check can connect to the resource
  • When you see a green check mark everything can connect. Click Create
• Create an alerting policy
  • In the left menu, click Alerting, and then click +Create Policy
  • Click on Select a metric dropdown. Disable the Show only active resources & metrics
  • Type Network traffic in filter by resource and metric name and click on VM instance > interface. Select Network traffic (agent.googleapis.com/interface/traffic) and click Apply > Next
  • Set the Threshold position to Above threshold, Threshold value to 500 and Advanced Options > Retest window to 1 min. Click Next
  • Click on drop down arrow next to Notification Channels, then click on Manage Notification Channels
  • Scroll down the page and click on ADD NEW for Email
  • In Create Email Channel dialog box, enter your personal email address in the Email Address field and a Display name > Save
  • Go back to the previous Create alerting policy tab
  • Click on Notification Channels again, then click on the Refresh icon to get the display name you mentioned in the previous step
  • Click on Notification Channels again if necessary, select your Display name and click OK
  • Add a message in documentation, which will be included in the emailed alert
  • Mention the Alert name as Inbound Traffic Alert > Next
  • Review the alert and click Create Policy
• Create a dashboard and chart
  • You can display the metrics collected by Cloud Monitoring in your own charts and dashboards
  • In the left menu select Dashboards, and then +Create Dashboard
  • Name the dashboard
  • Add the first chart
    • Click Line option in Chart library
    • Name the chart title
    • Click on Resource & Metric dropdown. Disable the Show only active resources & metrics
    • Type CPU load (1m) in filter by resource and metric name and click on VM instance > Cpu. Select CPU load (1m) and click Apply. Leave all other fields at the default value. Refresh the tab to view the graph
  • Add the second chart
    • Click + Add Chart and select Line option in Chart library
    • Name this chart and follow previous steps
• View your logs
  • Select Navigation menu > Logging > Logs Explorer
  • Select the logs you want to see > Resource
  • Select VM Instance > instanceName in the Resource drop-down menu
  • Apply > Stream logs
  • Start and stop the VM instance
    • Open the Compute Engine window in a new browser window. Select Navigation menu > Compute Engine, right-click VM instances > Open link in new window
    • In the Compute Engine window, select the instance, click the three vertical dots at the top of the screen and then click Stop, and then confirm to stop the instance
    • In the VM instance details window, click the three vertical dots at the top of the screen and then click Start/resume, and then confirm
• Check the uptime check results and triggered alerts
  • This view provides a list of all active uptime checks, and the status of each in different locations
  • In the Cloud Logging window, select Navigation menu > Monitoring > Uptime checks
  • Click the name of the uptime check, Lamp Uptime Check
• Check if alerts have been triggered
  • In the left menu, click Alerting
  • You see incidents and events listed in the Alerting window
  • Check your email account. You should see Cloud Monitoring Alerts

Cloud Functions

• Theory
  • Cloud Functions is a serverless execution environment for building and connecting cloud services
  • Your Cloud Function is triggered when an event being watched is fired
  • Cloud Functions are written in Javascript and execute in a Node.js environment on Google Cloud
  • Cloud Functions provides a connective layer of logic that lets you write code to connect and extend cloud services
  • Cloud events are things that happen in your cloud environment, You create a response to an event with a trigger
  • 
• Create a function
  • In the console, click the Navigation menu > Cloud Functions
  • Click Create function > Enter the values
  • At the bottom, click Deploy to deploy the function
• Test the function
  • In the Cloud Functions Overview page, display the menu for your function, and click Test function
  • In the Triggering event field, enter the required texts between {} and click Test the function
  • In the Logs field, a status code of 200 indicates success
• View logs
  • Go to the Cloud Functions Overview page > View Logs

Google Cloud Pub/Sub

• Theory
  • Google Cloud Pub/Sub is a messaging service for exchanging event data among applications and services
  • A producer of data publishes messages to a Cloud Pub/Sub topic. A consumer creates a subscription to that topic
  • To use a Pub/Sub, you create a topic to hold data and a subscription to access data published to the topic
• Setting up Pub/Sub
  • Click Navigation menu > Pub/Sub > Topics > Create topic
    • The topic must have a unique name
• Add a subscription
  • Click Topics in the left panel to return to the Topics page. For the topic you just made click the three dot icon > Create subscription
  • Fill the required details
• Publish a message to the topic
  • At the bottom of the Topics details page, click MESSAGES tab and then click PUBLISH MESSAGE
  • Enter the message and click PUBLISH
  • To view the message you'll use the subscription to pull the message from the topic
    • gcloud pubsub subscriptions pull --auto-ack subName