[Free VPS] GCP (Google Cloud Platform) Tips and Tricks (Free Tier, Free 16G RAM, 4 vCPU VPS)

This post is to collect some experienced learned during working around GCP. Most are relating to Linux commands and usage. 

Free Tier (VM - Compute Engine)

https://cloud.google.com/free/docs/free-cloud-features#compute

• 1 non-preemptible e2-micro VM instance per month in one of the following US regions:
  • Oregon: us-west1
  • Iowa: us-central1
  • South Carolina: us-east1
• 30 GB-months standard persistent disk
• 1 GB of outbound data transfer from North America to all region destinations (excluding China and Australia) per month

There are some tricks to get a real free VM. If you did not set hard drive type and network serviers tier correct, you will get charged:

Please check https://cloud.google.com/free/docs/gcp-free-tier#free-tier-usage-limits for more details for free tier:

• vCPU: 0.25-2 vCPU (1 shared core)
• Memory: 1GB
• Disk: standard persistent disk : 30GB
• Network traffic : Standard Network Service Tier : 200GB/mo free in every region

Disk Type change:

If you found there is a small charge for disk, here is the trick part:

You will need to chose standard persistent disk rather than Balanced persistent disk. 

Change type to standard persistent disk

For network service tier:

• https://console.cloud.google.com/net-tier/tiers/details?_ga=2.82938453.294358373.1721508929-930637729.1712023792

Or  at the project level: 

• https://console.cloud.google.com/net-tier/tiers/details?project=jon-netsec-nginx1

Or search Network Services Tiers

1. In the Google Cloud console, go to the Network Service Tiers page.

   GO TO THE NETWORK SERVICE TIERS PAGE

2. Click Change tier.

3. Select Premium or Standard, and then click Change.

Standard has 200GB/mo free.

Cloud Shell Quota

Cloud Shell has weekly usage limits, 50 hours / week. If you reach there limites you will need to wait before you can use Cloud Shell again. 

Enable Root Account and Password Access

By default, Google Compute Engine offers the browser-based Google Cloud Platform Console tool that lets you manage your Google Compute Engine resources through a graphical interface. Use the GCP Console to manage your resources if you prefer using a user-interface through the browser.

In the GCP documentation setting up ssh keys  which shows how to set up your own ssh key to access all your virtual machines in GCP. here's the summary of steps:

1. Generate your keys using ssh-keygen or PuTTYgen for Windows, if you haven't already.
2. Copy the contents of your public key. If you just generated this key, it can probably be found in a file named id_rsa.pub.
3. Log in to the Developers Console.
4. In the navigation, Compute->Compute Engine->Metadata.
5. Click the SSH Keys tab.
6. Click the Edit button.
7. In the empty input box at the bottom of the list, enter the corresponding public key, in the following format: 
   
   <protocol> <public-key> [email protected] 
   
   This makes your public key automatically available to all of your instances in that project. To add multiple keys, list each key on a new line.
8. Click Done to save your changes. 
   
   It can take several minutes before the key is inserted into the instance. Try connecting with ssh to your instance. If it is successful, your key has been propagated to the instance.

Once you connect to your GCP VM using PuTTY or gcloud compute instances ssh or even clicking on the "SSH" button on the Developers Console next to the instance, you should be able to use the sudo command. Note that you shouldn't be using the su command to become root, just run:

sudo [command]

and it should not prompt you for a password.

If you want to get a root shell to run several commands as root and you want to avoid prefixing all commands with sudo, run:

sudo su -

Sometimes, you might need to have directly root ssh access with username/password authentication. Here is how we can do it:


1. As the root user, edit the sshd_config file found in /etc/ssh/sshd_config:
vim /etc/ssh/sshd_config

2. PermitRootLogin and PasswordAuthentication

Add the following line to the file, you can add it anywhere but it’s good practice to find the block about authentication and add it there.

PermitRootLogin yes

PasswordAuthentication yes

Save and exit the file.

3. Restart ssh server to make your configuration effective

Restart the SSH server:
systemctl restart sshdOr:
service sshd restart

4. Disable public key authentication:

vim /etc/ssh/sshd_config

PubkeyAuthentication no

YouTube Video:

Script to enable cloud VPS root account access:

• #!/bin/bash
• echo root:123456789 |sudo chpasswd root
• sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config;
• sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config;
• sudo service sshd restart

Measure Your Latency to GCP Regions

gcping - http://www.gcping.com/

DD GCP From Ubuntu Cloud VM

Note: On April 2022, for DD related topics, please check another post. The script or method might be already invalid:

• DD Windows OS to Cloud Linux VM (Oracle /GCP /Azure)

For GCP or Azure cloud environment, all steps are similar. Only different is that you will need to manual pass network parameters into the Windows VM during DD process.

# Change X.X.X.X to your Script's configuration # --ip-addr :IP Address # --ip-mask :Netmask # --ip-gate :Gateway wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask X.X.X.X --ip-gate X.X.X.X -dd 'DD Image'

Wait about 30 minutes then use RDP to connect. Make sure RDP port has been opened from your security group firewall rule.

username : administrator

password : www.nat.ee

Command Example 1 for Windows 2008 64B R2: 

wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask 255.255.255.0 --ip-gate 10.x.0.1 -dd 'https://api.moeclub.org/GoogleDrive/1DTps9WwC6RZ8szflais8YazpkCVdqdI7'

Command Example 2 for Win7 64B SP1 with IIS:

wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask 255.255.255.0 --ip-gate 10.x.0.1 -dd 'https://api.moeclub.org/GoogleDrive/1KA9PDH4T2ODbxS97T6MtTk5TwifQQoIp'

You will need to replace x.x.x.x with your own Linux VM's ip. You will need to change the gateway as well.

DD GCP  Alpine

Two notes:

1. IP Address network mask will need to be 255.255.255.0. Gateway is .1 for IP Address network

2. Change Root password to the one you know. After Alpine installed, it will use same root password.

1. wget --no-check-certificate https://donghaiair.com.cn/alpine.sh && chmod +x alpine.sh && sed -i "s|^mask|mask=255.255.255.0\n#mask|" alpine.sh && ./alpine.sh

or 

1. wget --no-check-certificate https://haoduck.com/DEMO/sh/alpine.sh && chmod +x alpine.sh && sed -i "s|^mask|mask=255.255.255.0\n#mask|" alpine.sh && ./alpine.sh

DD GCP  Windows

1  Install Required Packages

Debian/Ubuntu

apt-get install -y xz-utils openssl gawk file wget 

CentOS

yum install -y xz openssl gawk file wget

2  Download DD Script

1. wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh'
2. chmod +x InstallNET.sh

3  Using Script to Install

1. bash InstallNET.sh --ip-addr 10.168.0.7 --ip-gate 10.168.0.1 --ip-mask 255.255.255.0 -dd 'https://moeclub.org/onedrive/IMAGE/Windows/win10ltsc_x64.tar.gz'

This script is coming from moeclub. Default username administrator and password is Vicer.

Note: Only certain images will work on GCP. Please check another post. The script or method might be already invalid:

• DD Windows OS to Cloud Linux VM (Oracle /GCP /Azure)

Run Docker Containers Free VPS From GCP Cloud Shell

You can directly access your GCP cloud shell through page:https://cloud.google.com/shell, (16G RAM, 4 vCPU or 8G RAM, 2vCPU) or by enabling Cloud Shell access from top right terminal icon of your GCP console page:

Both Docker and Docker-Compose have been installed.

Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to sec-2-213000.
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
jon_netsec@cloudshell:~ (sec-2-213000)$ curl cip.cc
IP      : 34.139.137.247
地址    : 美国  美国

数据二  : 美国 | 得克萨斯州

数据三  : 美国德克萨斯休斯顿

URL     : http://www.cip.cc/34.139.137.247
jon_netsec@cloudshell:~ (sec-2-213000)$ docker version
Client: Docker Engine - Community
 Version:           20.10.8
 API version:       1.41
 Go version:        go1.16.6
 Git commit:        3967b7d
 Built:             Fri Jul 30 19:54:02 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.8
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.6
  Git commit:       75249d8
  Built:            Fri Jul 30 19:52:10 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.9
  GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
 runc:
  Version:          1.0.1
  GitCommit:        v1.0.1-0-g4144b63
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
jon_netsec@cloudshell:~ (sec-2-213000)$ docker-compose version
docker-compose version 1.24.0, build 0aa59064
docker-py version: 3.7.2
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j  20 Nov 2018
jon_netsec@cloudshell:~ (sec-2-213000)$

[Warning] Don't run this in labs.play-with-docker.com. The instance will be terminated right away. 

There are quite a few docker images available on Internet. Here is the one I found very usful:

1. dorowu/ubuntu-desktop-lxde-vnc from DockerHub
• Github page: https://github.com/fcwu/docker-ubuntu-vnc-desktop
• docker run -p 8080:80 dorowu/ubuntu-desktop-lxde-vnc

If port 8080 is occupied, we can use port 6080 as show below:

docker run -p 6080:80 -v /dev/shm:/dev/shm dorowu/ubuntu-desktop-lxde-vnc

Since we are using port 6080, we will need to change Preview port from default 8080 to 6080.

Or the easiest way is to use following docker run command then you will not need to change port and you can directly preview it in another web page:

docker run -p 8080:80 dorowu/ubuntu-desktop-lxde-vnc

Lets check the cpu and memory of this Google Console Shell VM:

root@79869323e3bb:~# free
              total        used        free      shared  buff/cache   available
Mem:       16393552     1807564    11491980      121544     3094008    14154252
Swap:             0           0           0
root@79869323e3bb:~# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 79
model name : Intel(R) Xeon(R) CPU @ 2.20GHz
stepping : 0
microcode : 0x1
cpu MHz : 2200.156
cache size : 56320 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
bogomips : 4400.31
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 79
model name : Intel(R) Xeon(R) CPU @ 2.20GHz
stepping : 0
microcode : 0x1
cpu MHz : 2200.156
cache size : 56320 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 2
apicid : 2
initial apicid : 2
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
bogomips : 4400.31
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:
processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 79
model name : Intel(R) Xeon(R) CPU @ 2.20GHz
stepping : 0
microcode : 0x1
cpu MHz : 2200.156
cache size : 56320 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 2
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
bogomips : 4400.31
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:
processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 79
model name : Intel(R) Xeon(R) CPU @ 2.20GHz
stepping : 0
microcode : 0x1
cpu MHz : 2200.156
cache size : 56320 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 2
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
bogomips : 4400.31
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:
root@79869323e3bb:~# cat /proc/meminfo
MemTotal:       16393552 kB
MemFree:        11619288 kB
MemAvailable:   14293272 kB
Buffers:          136724 kB
Cached:          2728068 kB
SwapCached:            0 kB
Active:           634300 kB
Inactive:        3715948 kB
Active(anon):       1804 kB
Inactive(anon):  1581748 kB
Active(file):     632496 kB
Inactive(file):  2134200 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:             0 kB
SwapFree:              0 kB
Dirty:              1932 kB
Writeback:             0 kB
AnonPages:       1485560 kB
Mapped:           796400 kB
Shmem:            126016 kB
KReclaimable:     245328 kB
Slab:             299336 kB
SReclaimable:     245328 kB
SUnreclaim:        54008 kB
KernelStack:       13168 kB
PageTables:        25456 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     8196776 kB
Committed_AS:    7919788 kB
VmallocTotal:   34359738367 kB
VmallocUsed:       16972 kB
VmallocChunk:          0 kB
Percpu:             2528 kB
HardwareCorrupted:     0 kB
AnonHugePages:         0 kB
ShmemHugePages:        0 kB
ShmemPmdMapped:        0 kB
FileHugePages:         0 kB
FilePmdMapped:         0 kB
CmaTotal:              0 kB
CmaFree:               0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
Hugetlb:               0 kB
DirectMap4k:      226112 kB
DirectMap2M:     9207808 kB
DirectMap1G:     9437184 kB
root@79869323e3bb:~# 

We also can install NextCloud using Docker Compose file from : https://hub.docker.com/_/nextcloud
Create a new docker-compose.yml file and copy contents from https://hub.docker.com/_/nextcloud. Make sure enter a new password for your MYSQL root account and MYSQL DB. 

jon_netsec@cloudshell:~ (sec-2-213000)$nano docker-compose.yml

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=Password1234!
      - MYSQL_PASSWORD=Password1234!
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=Password1234!
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db

Run "docker-compose up" command to bring this NextCloud dockers up. 

Videos

YouTube Video:

References

• DD Windows OS to Cloud Linux VM (Oracle/GCP/Azure)