Tanzu Application Service – Part 1: Create Jumpbox in GCP

Reading Time: 4 mins

In this post, I will take you through the steps to deploy a jumpbox in gcp which is used for all admin related tasks. You can do this from your local machine, but it is good practice to do everything from a jumpbox, where you can avoid downloading and uploading all the files required for TAS installation from your workstation and use Google’s network instead.

Create a Project (optional ):

By Default, You will be mapped to My First project, you can continue to use the same or create a new project. If you wish to create new project, then follow below steps, otherwise just ignore.

  • Click on drop down to list the projects

  • Click on New Project
  • Type a Name and leave Location to default and Create

  • Once completed, select the newly created project.

Verify the available quota: 

  • In google cloud console, navigate to IAM & Admin > Quotas > Filter
  • Ensure there are min 25, 30 quotas available for IP addresses and CPUs, as you will see lot of vm’s deployed during the process of installing TAS.

Create a VM Instance in GCP:

In GCP, VM Instance can be deployed in two ways:

  •      Compute Engine Management console

                    (or)

  •      Cloud Shell

Compute Engine Management console:

In Google cloud console, Navigate to Compute Engine > Virtual machines > VM instances > CREATE INSTANCE

Provide Name, Region, change Boot disk size to 100 GB, OS to ubuntu, version to “Ubuntu 20.04 LTS” – CREATE

How to take ssh to jumpbox vm from local workstation ?  Though you can connect to jumpbox from cloud shell, I have given steps to take ssh to vm instance from local workstation using public ip and ssh keys.

Note: Below steps are for Mac/linux users

#Create SSH Keys 

ssh-keygen -t rsa -f ~/.ssh/JB_instance -C captain

#captain - Is user name
#JB_instance - Is name of key file

#Print the content of public key file:
cd ~/.ssh && cat JB_instance.pub
  • Once vm instance is successfully created, click on vm name and in next page Edit

  • Scroll to bottom, SSH keys section and Add Item > Paste the public key you have generated in previous step and SAVE
#ssh command

ssh -i JB_instance captain@<public ip of vm instance>

# where captain is user name and JB_instance is key

Cloud Shell:

  • Login to your GCP account and activate cloud shell
  • Verify that your gcloud CLI is pointing to the correct GCP project by running:
gcloud config list
  • Run the following command to create a new jumpbox VM in your project.
gcloud compute instances create "jumpbox" --image-family "ubuntu-2004-lts" --image-project "captainv-tas" --boot-disk-size "100" --zone asia-south1-c
  • You must now ssh to this new jumpbox using the zone you provided earlier. Notice you are logging in as the ubuntu user
  • Use the below command to ssh into jumpbox
gcloud compute ssh ubuntu@jumpbox --zone=asia-south1-c
  • Once you are in the jumpbox, run the following command
gcloud config list
  • You will observe that the account is a default service account which is automatically created.
ubuntu@jumpbox:~$ gcloud config list
[core]
account = <acctnum>-compute@developer.gserviceaccount.com
disable_usage_reporting = True
project = captainv-tas-332015
  • To perform all operations using our Google account as we have full owner permissions on Google account, execute the following command to authorise.
gcloud auth login

Note: Follow the on-screen prompts. This time round, as we are connected to a headless Linux instance without a local browser, we will need to copy-paste the URL into a local browser in order to select the account you have registered for use with Google Cloud. Additionally, you will need to copy-paste the verification code back into your jumpbox session to complete the login sequence.
  • Re-run the following command to validate the account has been altered:
gcloud config list

# see account
ubuntu@jumpbox:~$ gcloud config list
[core]
account = <mail id>
disable_usage_reporting = True
project = captainv-tas-332015
  • In your home directory, create an empty file named .env
ubuntu@jumpbox:~$ cat >~/.env << EOF
> EOF
ubuntu@jumpbox:~$ cat ~/.env
  • Ensure that this file is sourced into the shell, execute the below commands
source ~/.env
echo "source ~/.env" >> ~/.bashrc
  • Execute the following commands to install unzip
sudo apt update
sudo apt install unzip

Note: If you are not using the vm, ensure to stop the same to avoid unnecessary billing.