[Challenge] Configure a Firewall and a Startup Script with Deployment Manager

deploy.md

gcloud deployment-manager deployments create my-deployment --config qwiklabs.yaml

install-web.sh

#!/bin/bash
apt-get update
apt-get install -y apache2

qwiklabs.jinja

resources:
- name: my-default-allow-http
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties["zone"] }}
    tags:
      items: ["http"]
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/f1-micro
    # For examples on how to use startup scripts on an instance, see:
    #   https://cloud.google.com/compute/docs/startupscript
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
    metadata:
      items:
      - key: startup-script-url
        value: gs://qwiklabs-gcp-111/install-web.sh

startup-file.md

export PROJECT_ID=qwiklabs-gcp-111 # change to your id

create bucket

gsutil mb gs://$PROJECT_ID

copy install-web.sh to bucket

gsutil cp install-web.sh gs://$PROJECT_ID

list bucket

gsutil ls gs://$PROJECT_ID

Sample output: gs://qwiklabs-gcp-111/install-web.sh

Update metadata value at key named startup-script-url