重新创建GCP instance并安装

夭折的GCP instance

  • 因为不知道什么原因,我在google cloud上的第一个instance(20240215,春节期间申请)被停机了,无法重启,官方给出的说明如下:
  • 分析:是在设置vpn network的firewall rule时,按照eve安装文档要求,新增了定制的egress流量(outband),其中tcp协议是全部端口(0-65535),来源ip是所有范围(ipv4,0.0.0.0/0),所以造成instance运行没两天,就被强制停机。
  • 没办法,我一方面发邮件给google cloud的support发了邮件,同时也思考解决方案。邮件很快有回复
    这并没有什么卵用,我除了礼貌感谢外,没有其他办法。
  • 还好这是云啊,直接删除instance,重新安装部署(可怜短短几天,85加币就没有了)

重新创建GCP的instance

  • 按照eve要求,重新创建具有vmx功能的虚拟机,也就是nested套娃虚拟机;
  • 这次特地选择了vm是spot vm,是所有vm中的丐中丐,价格据说off 60%,代价是随时会被停机,下面是介绍
This page describes Spot VMs: virtual machine (VM) instances that are excess Compute Engine capacity. Spot VMs have significant discounts, but Compute Engine might preemptively stop or delete (preempt) Spot VMs to reclaim the capacity at any time. Spot VMs are the latest version of preemptible VMs.

The provisioning model of a VM affects its discounts and availability; Compute Engine VMs can use either the standard provisioning model (standard VMs) (default) or the spot provisioning model (Spot VMs). In contrast to standard VMs, Spot VMs are available at much lower prices but have lower availability because they are subject to preemption. Use Spot VMs to reduce costs for fault-tolerant workloads.

To learn more about Compute Engine VMs in general, read the Virtual machine instances documentation. To learn how to create Spot VMs, read Create and use Spot VMs.

What are Spot VMs?

Spot VMs are available at much lower prices—60-91% discounts for most machine types and GPUs as well as smaller discounts for local SSDs and A3 VMs—compared to the on-demand price for standard VMs. However, Compute Engine might preempt Spot VMs at any time, such as when it needs the resources for other tasks. At this uncertain preemption time, Compute Engine either stops (default) or deletes your Spot VMs depending on your specified termination action for each Spot VM. Spot VMs are excess Compute Engine capacity, so their availability varies based on Compute Engine usage. Spot VMs do not have a minimum or maximum runtime unless you specifically limit the runtime.

If your workloads are fault-tolerant and can withstand possible VM preemption, Spot VMs can reduce your Compute Engine costs significantly. For example, batch processing jobs can run on Spot VMs. If some of those VMs stop during processing, the job slows but does not completely stop. Spot VMs complete your batch processing tasks without placing additional load on your existing VMs and without requiring you to pay full price for additional standard VMs.

  • 我们可以看到,在spot模式下,google vm可以便宜到0.01美元每小时
    *

  • 下面是我的选择

  • 还可以更加丧心病狂,因为spot停机后是不收费的(硬盘和静态ip需要收费),那么我们再来一个定期停机,一切就完美了。
    当完成定期计划来启停机器时,会出现如下告警

Compute Engine System service account service-111462968063@compute-system.iam.gserviceaccount.com needs to have [compute.instances.start] permissions applied in order to perform this operation.

参考下面的方案就能解决
Solution:

  • Login to the Google Cloud Console
  • To to IAM & Admin
  • Select IAM in the left panel
  • Click the box Include Google-provided role grants on the right side of the window. This enables showing Google-managed service accounts.
  • Locate the service account. Press CTRL-F5 to open a search box. Enter the text compute-system.
  • Click the pencil icon to edit the service account.
  • Click ADD ANOTHER ROLE
  • In the role filter enter Compute. Select Compute Instance Admin (v1).
  • Click SAVE

Wait a few minutes before trying to use the new permissions.

  • 完成后上传交换机的os文件(见下面章节)
  • 安装eve,并启动
  • eve界面启动后,添加node,启动switch都正常,但是telnet无法工作(ssh正常)
    • firewall rule添加ingress,tcp 23,无效
    • firewall rule添加egress,tcp 23,无效
    • firewall rule添加ingress,tcp 0-65535,ip 0.0.0.0/0,telnet成功!

上传交换机和路由器的系统文件

  1. Cisco的iol/ios镜像文件

    1. 把iol文件,后缀是bin,上传到目录:/opt/unetlab/addons/iol/bin/
    2. 使用如下命令来修改权限(切记)
    /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
    
    1. 运行授权文件No need to fix the permission of the license file as we will run this file using the python program. Run command
    python3     CiscoIOUKeygen3f.py
    
    1. 使用如下命令来测试iou/ios文件是否安装成功
    cd /opt/unetlab/addons/iol/bin
    touch NETMAP
    LD_LIBRARY_PATH=/opt/unetlab/addons/iol/lib /opt/unetlab/addons/iol/bin/<iosname.bin> 1
    
    ***************************************************************
    IOS On Unix - Cisco Systems confidential, internal use only
    Under no circumstances is this software to be provided to any
    non Cisco staff or customers.  To do so is likely to result
    in disciplinary action. Please refer to the IOU Usage policy at
    wwwin-iou.cisco.com for more information.
    ***************************************************************
    
                  Restricted Rights Legend
    
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
    
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    
  2. Cisco的其他镜像文件
    1.

  3. 华为的镜像文件
    1.

  4. 华三的镜像文件
    1.

Leave a Reply

Your email address will not be published. Required fields are marked *