Last active
January 1, 2021 19:01
-
-
Save mikesparr/391808645e76347dcaa85fdb83d1cf8d to your computer and use it in GitHub Desktop.
Example sharing snapshots across projects in different regions for disk analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################### | |
# SETUP (OPTIONAL) | |
# | |
# Note: this code is not meant to just run; | |
# copy and paste snippets as you go. | |
##################################################### | |
export PROJECT_ID=$(gcloud config get-value project) | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user | |
export FOLDER_ID="CHANGEME" | |
export BILLING_ID="CHANGEME" | |
export BASTION_PROJECT="mike-test-bastion-eu" | |
export DEVSECOPS_PROJECT="mike-test-devsecops-us" | |
# confirm they are installing in right project | |
while true; do | |
read -p "Create bastion on project ${BASTION_PROJECT} as user ${PROJECT_USER}? " -n 1 -r yn | |
echo | |
case $yn in | |
[Yy]* ) break;; | |
[Nn]* ) exit;; | |
* ) echo "Please answer yes or no.";; | |
esac | |
done | |
# create projects | |
gcloud projects create $BASTION_PROJECT --folder $FOLDER_ID | |
gcloud projects create $DEVSECOPS_PROJECT --folder $FOLDER_ID | |
# link billing | |
gcloud beta billing projects link --billing-account=$BILLING_ID $BASTION_PROJECT | |
gcloud beta billing projects link --billing-account=$BILLING_ID $DEVSECOPS_PROJECT | |
##################################################### | |
# BASTION PROJECT | |
##################################################### | |
export BASTION_TEMPLATE_NAME="bastion-template" | |
export BASTION_DISK_NAME="bastion-disk" | |
export BASTION_SNAPSHOT_NAME="bastion-snapshot" | |
export BASTION_GROUP_NAME="bastion" | |
export BASTION_REGION="europe-west3" | |
export BASTION_ZONE="europe-west3-a" | |
export BASTION_NETWORK="default" | |
gcloud config set project $BASTION_PROJECT | |
export PROJECT_ID=$(gcloud config get-value project) | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user | |
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)") | |
# enable apis | |
gcloud services enable compute.googleapis.com | |
# create bastion jump host instance template (with external IP) | |
gcloud beta compute --project=$PROJECT_ID instance-templates create $BASTION_TEMPLATE_NAME \ | |
--machine-type=e2-micro \ | |
--subnet=projects/${PROJECT_ID}/regions/${BASTION_REGION}/subnetworks/${BASTION_NETWORK} \ | |
--network-tier=STANDARD \ | |
--maintenance-policy=MIGRATE \ | |
--service-account=${PROJECT_NUMBER}-compute@developer.gserviceaccount.com \ | |
--scopes=https://www.googleapis.com/auth/cloud-platform \ | |
--region=$BASTION_REGION \ | |
--tags=bastion \ | |
--image=ubuntu-2004-focal-v20201028 \ | |
--image-project=ubuntu-os-cloud \ | |
--boot-disk-size=10GB \ | |
--boot-disk-type=pd-standard \ | |
--boot-disk-device-name=$BASTION_DISK_NAME \ | |
--shielded-secure-boot \ | |
--shielded-vtpm \ | |
--shielded-integrity-monitoring \ | |
--labels=role=bastion \ | |
--reservation-affinity=any | |
# create bastion jump host managed instance group (1) | |
gcloud compute --project=$PROJECT_ID instance-groups managed create $BASTION_GROUP_NAME \ | |
--base-instance-name=$BASTION_GROUP_NAME \ | |
--template=$BASTION_TEMPLATE_NAME \ | |
--size=1 \ | |
--zone=$BASTION_ZONE | |
# fetch bastion name (disk shares same name) | |
export BASTION_NAME=$(gcloud compute instance-groups managed list-instances $BASTION_GROUP_NAME --zone $BASTION_ZONE --format="value(instance)") | |
# create a snapshot of bastion persistent-disk | |
gcloud compute disks snapshot $BASTION_NAME \ | |
--project $PROJECT_ID \ | |
--zone $BASTION_ZONE \ | |
--snapshot-names $BASTION_SNAPSHOT_NAME | |
# confirm snapshot | |
gcloud compute snapshots list | |
export SNAPSHOT_DISK_SRC=$(gcloud compute snapshots list --format="value(sourceDisk)") | |
##################################################### | |
# DEV SEC OPS PROJECT | |
##################################################### | |
export DEVSECOPS_REGION="us-central1" | |
export DEVSECOPS_ZONE="us-central1-a" | |
export ANALYSIS_DISK="analysis" | |
gcloud config set project $DEVSECOPS_PROJECT | |
export PROJECT_ID=$(gcloud config get-value project) | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user | |
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)") | |
# enable apis | |
gcloud services enable compute.googleapis.com | |
# create new disk based on snapshot of bastion | |
gcloud compute disks create $ANALYSIS_DISK \ | |
--project $DEVSECOPS_PROJECT \ | |
--zone $DEVSECOPS_ZONE \ | |
--source-snapshot projects/${BASTION_PROJECT}/global/snapshots/${BASTION_SNAPSHOT_NAME} | |
# ATTACH THIS DISK TO YOUR ANALYSIS MACHINE (ASSUMES YOU HAVE INSTANCE IN PROJECT) | |
gcloud compute instances attach-disk $ANALYSIS_MACHINE_NAME \ | |
--project $DEVSECOPS_PROJECT \ | |
--disk $ANALYSIS_DISK |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment