Day-1-Google Cloud Platform - Infrastructure Lab PDF

9/19/2019 KochasoftLMS
Google Cloud Platform - Infrastructure Lab

Overview
The objective of this hands-on lab is to configure a GCP network over a Shared-VPC to extend network capability across two different projects. In
conjunction with this exercise, SAP HANA Express Edition will be deployed using Google Deployment Manager and shared across both projects.
This lab demonstrates how GCP Network Shared-VPC can be set up to access an SAP HANA database between two projects without an external IP
address.
Lab Outline:
● Log in to Google Cloud Platform
● Create two projects
● Create custom VPC in project 1
● Create Shared-VPC in project 1
● Deploy SAP HANA Express Edition in project 2
● Access SAP HAE from project 1
Before You Start

User ID: participant#@kochasoft.net (your participant## will be provided by the instructor)
Password: Instructor to Provide
Use these credentials for all username and password prompts, except your Remote Desktop login.
Additional Resources:
If you need additional help beyond this document, we would suggest the following resources:
● Talk to one of the KochaSoft associates
● Google: https://edu.google.com/higher-ed-solutions/google-cloud-platform/?modal_active=none (https://edu.google.com/higher-ed-solutions/google-

cloud-platform/?modal_active=none)
● Coursera: https://www.coursera.org/ (https://www.coursera.org/courses?

query=Google%20BigQuery&page=1&configure%5BclickAnalytics%5D=true&indices%5Btest_suggestions%5D%5Bconfigure%5D%5BclickAnalytics%5D=true&indi
(search on Google Load Balancer)
● YouTube: https://www.youtube.com/results?search_query=Google+Load+Balancer (https://www.youtube.com/results?

search_query=Google+Load+Balancer)
IMPORTANT
We use <##> in almost every case in this document to represent your participant number.
Also, you will always be using your student user ID, i.e. participant<#>, unless otherwise specified in an exercise. Please also use the same password in
all cases. Both the user ID and password are case sensitive.
Log in to Google Cloud Platform (GCP)

From your computer, open your Chrome web browser in Incognito mode. Incognito mode will help avoid conflicts with any existing Google accounts on
your computer and ensure your Google Cloud Platform (GCP) login is enabled for your Kochasoft user ID.
You can reach the lab by following the link: https://console.cloud.google.com (https://console.cloud.google.com/).
1. Log into the GCP portal on https://console.cloud.google.com (https://console.cloud.google.com/) and enter your participant ID plus the @kochasoft.net
domain (e.g. participant00@kochasoft.net (https://console.cloud.google.com/))
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 1/22
2. Accept and agree to the Google Terms of Service.
Note: This screen will only show up the first time Google Cloud Platform is accessed using your userid.
Create Google Project

On the current section of the lab exercise you will create your two projects where all of your resources will be located.
3. You will need to select a project, but first you must select and organization. Click Select a project, and then click on the New Project.
4. From the project page creation, name your projects participant#-1 and participant#-2, where # is your participant ID. Choose Kochasoft Billing for the
Billing Account and then choose Participants-Infra for the Location.
5. Once your two projects are created, select the project list and click on ALL, under Participants-Infra folder you should see your two projects created
Create VPC network

In this part of the lab exercise, you will create a custom VPC network in the first project and then extend as a shared VPC to the second project.
1. Go to the Google Cloud Platform Home Menu and select Networking 🡪 VPC networks.
2. Click on Create VPC Network to create your custom network.
3. Name your custom network participant#-vpc, where # is your participant user ID.
4. In the subnet section keep the option custom and provide the new subnet name such as cust-sub, select the region east-us1 and provide the ip
address range such as 192.168.#.0/24, where # is your participant user ID. Set the Private Google access to On and Flow logs to Off and click Done
and Create
5. Once created, the new VPC is available
6. Because you have created a custom VPC, the firewall rules need to be configured manually since it doesnt come by default. Click on your created VPC
and select Firewall rules → Add firewall rules
7. You will create one rule for now which will allow you access the future RDP server for public IP. Name the rule allow-RDP and use the following
parameters
a) Logs: off
b) Networks: participant#-VPC
c) Priority: 1000
d) Direction of traffic: Ingress
e) Action to match: Allow
f) Targets: Specified target tags
g) Target tags: RDP
h) Source filter: IP ranges
i) Second source filter: None
j) Protocols and ports: TCP (3389) other protocols (ICMP)
k) IP Ranges: 0.0.0.0/0
Create Shared-VPC network

Upon creation of the new VPC, you need to allow your second project to access it in order to use this one and enable future resource in project 2 to share
the same network as project 1.
8. In order to attach project 2, its Compute Engine API needs to initialized. This can be done by going to project 2 and going into VPC networks. If it is the
first time it will appear as the below screenshot. Once this is done continue to the next step.
9. On the project 1, click on VPC network → Shared VPC
10. Select Set up Shared VPC
11. Select Save & continue
12. As part of the hosted project (project 1 in your case), select in Sharing mode the Individual subnet and select the cust-sub subnet and continue
13. On the Attach service projects, filter on your second project ID and click save
14. When the VPC is shared on the Shared subnet & permission tab you should see the subnet that is currently shared and on the Attached projects
tab the project 2 attached to it
Deploy SAP HANA Express (SAP HAE)

In the following section of the lab exercise you will deploy SAP HANA Express product in an automated fashion way over Google Deployment Manager in
the project 1
15. On the Google Cloud Portal, Navigate to Participants-Infra folder select your project 1
16. From the Menu, select Marketplace
17. On the Marketplace page select SAP HANA, express edition (server + application)
Note : if the application doesnt show up on the first screen you can filter by entering the name (SAP) in the Search for solution bar
18. Review the terms & conditions and click Launch on Compute Engine
19. In the input section enter information as provided below
Deployment name: saphae
Zone : us-east1-b
Disk type : SSD persistent Disk
Disk size : 70GB
Network : participant#-vpc
Firewall : Allow HANA Port / XSA Port traffic
Expand more
External IP : none
Accept the GCP and SAP terms with the information Agreement sharing and click Deploy
20. During the deployment, you can review the current process of the resource
21. Upon completion of the deployment, go under VPC network, select your VPC created earlier, click on firewall and check the new rule added
22. To complete the setup of the new SAP HAE, from the right side panel click on SSH to open the prompt ssh windows
23. Once opened, run the command to proceed with the post work
 Copy
sudo su - hxeadm
Set the admin password such as GCPlab2019, specify No for proxy server and Yes for XSA configuration
24. Once the post configuration is completed, run the command as hxeadm to list the url of the XSA application and make sure they are started
 Copy
xs apps
Create RDP server from remote image

The network is now fully configured and SAP HAE installed, in the following sections of the exercise you will create a remote desktop server to
administrate your resources from project 2
25. On the project 2, open the Cloud Console Shell and copy the following command to create the server:
Note: Make sure to change the project according to your ID
 Copy
gcloud compute instances create client --zone=us-east1-b --machine-type=n1-standard-2 --subnet=projects/participant0-1/regions/us-east1/s
If the command is executed correctly the following output should appear with your participant internal IP and external ip
26. The server up and running, access find the external IP address by accessing the GCP console. Find your VM external IP address by selecting the
Compute Engine menu and selecting the External IP address for the client
27. Open an RDP connection on your local machine log into the RDP client using the external IP address with the following credentials:
Username:
 Copy
kochadmin
Password:
 Copy
<KVLGx{KQ*\{_E%
28. Once you are logged into the RDP client you will see a number of installed applications
Access SAP HAE XSA Application

Your SAP HAE deployed in a different project without a public ip for external, you now access the XSA applications from the remote desktop.
29. In the previous step as part of the post installation you ran the command xs apps as hxeadm to list all the application url available, for the purpose of
the lab exercise you will focus on two application webide and xsa-cocpkit
30. From GCP portal, on your project 1 locate the saphae VM created under Compute Engine → VM Instances and note the internal ip
31. Now from your remote desktop, edit your local host file under C:\Windows\System32\drivers\etc\hosts by adding a line such as:
<your SAP HAE internal ip> hxehost
32. Once saved, open the Chrome browser and enter the application url for the xsa-cockpit or webide
Note: You will need to accept the certificates
33. Provide the xsa_dev use name and password your defined during the post work activities
Docker Web Application
You have completed the deployment of your SAP HAE with XSA and accessed it by using remote desktop in a different project over a shared-VPC. In the
upcoming section of the lab, you will now configure a Kubernetes cluster (K8S) in your project 1 and configure a web application which will be accessible
externally from the remote desktop.
34. On your project 1 on the cloud shell to setup your K8S
35. Start to clone the repository from GitHub to download the source code of the application by running the command
 Copy
git clone https://github.com/wruter/kochasoft
36. Run the list command to make sure the kochasoft folder is there
 Copy
ls -ltr
37. Set your project ID environment variable which will be used to tag the container
 Copy
export PROJECT_ID="$(gcloud config get-value project -q)"
38. Finally, from the kochasoft folder, build the container image of the application. This command instructs Docker to build the image using the Dockerfile
in the current directory. First, you will you need to switch to the Kochasoft directory by using the command: cd kochasoft/. Next, you will need to run the
following command:
 Copy
docker build -t gcr.io/${PROJECT_ID}/hello-app:v1 .
39. Once completed, run the docker command to very the build
 Copy
docker images
40. At this point of the lab, your application is ready to be uploaded in container image to a registry so that GKE can download and run it. You will first
need to configure Docker command line-tool to authenticate and then upload the image
 Copy
gcloud auth configure-docker
41. Before to run the command to upload the image into docker, make sure to enable the container registry from your project, on the Google cloud Portal,
Tools → Container Registry, select Enable Container Registry API
 Copy
docker push gcr.io/${PROJECT_ID}/hello-app:v1
42. When the push is completed, you should be able to see the hello-app image in the container registry.
Note: If you dont see it, click the refresh button
43. To make sure that your application and container is working, you will run the container locally, run the command from cloud shell
 Copy
docker run --rm -p 8080:8080 gcr.io/${PROJECT_ID}/hello-app:v1
44. The container will run the application on port 8080, on your cloud shell tool bar. Click on Preview on port 8080
45. If the process is good, you should have the following output
Kubernetes container cluster

You now have you Docker image ready with the application functional and stored into your registry, you will now create the K8S cluster to deploy and
orchestrate the application
46. From the Google Cloud Portal on project 1, go under Compute → Kubernetes Engine → Clusters
47. Once the API is activated, click on Create cluster
48. Provide the following input fields and click create
Name : lab-cluster Location type : Zonal Zone : us-east1-b Master version : (default) Number of nodes : 2 Machine type : 2 vcpus Expand Availability,
networking, security, and additional features Network: your custom VPC (participant#-VPC)
49. Once created, the cluster should appear green
50. With your K8S cluster now up and running, you can deploy your add your Docker container to it, click on Connect from your cluster and Run in Cloud
Shell
51. Once the Cloud Shell is open with the command pre-entered, hit enter
52. Run the following command to deploy your application, listening on port 8080, name your application lab-web-app. Please update the participant0-1
with your first project ID.
 Copy
kubectl run lab-web-app --image=gcr.io/participant0-1/hello-app:v1 --port 8080
53. You will finally expose your application to others externally from the cluster ip on port 80, to do so, navigate to Kubernetes Engine → Workload and
click on your application
54. On the right side of the panel, click on expose
55. Keep all the default for the port mapping, under Target port define 8080, service type select Load Balancer and click Expose
56. The activation and the deployment of the load balancer will take a minute
57. When the service is ready, the new endpoint to access the application from outside will become available under Kubernetes engine → Services
ingres locate the endpoint of the service and click on the arrow square
58. A new web page with the application should open from public IP
Table of Contents
Mission Statement
Overview
Before You Start
Log in to Google Cloud Platform (GCP)
Create Google Project
Create VPC network
Create Shared-VPC network
Deploy SAP HANA Express (SAP HAE)
Create RDP server from remote image
Access SAP HAE XSA Application
Docker Web Application
Kubernetes container cluster

Day-1-Google Cloud Platform - Infrastructure Lab PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Day-1-Google Cloud Platform - Infrastructure Lab PDF

Uploaded by

Copyright:

Available Formats

9/19/2019 KochasoftLMS

Google Cloud Platform - Infrastructure Lab

● Log in to Google Cloud Platform

● Create two projects

● Create custom VPC in project 1

● Create Shared-VPC in project 1

● Deploy SAP HANA Express Edition in project 2

● Access SAP HAE from project 1

Before You Start

Password: Instructor to Provide

● Talk to one of the KochaSoft associates

● Google: https://edu.google.com/higher-ed-solutions/google-cloud-platform/?modal_active=none (https://edu.google.com/higher-ed-solutions/google-

● Coursera: https://www.coursera.org/ (https://www.coursera.org/courses?

● YouTube: https://www.youtube.com/results?search_query=Google+Load+Balancer (https://www.youtube.com/results?

Log in to Google Cloud Platform (GCP)

2. Accept and agree to the Google Terms of Service.

Create Google Project

Create VPC network

2. Click on Create VPC Network to create your custom network.

5. Once created, the new VPC is available

e) Action to match: Allow

f) Targets: Specified target tags

g) Target tags: RDP

h) Source filter: IP ranges

i) Second source filter: None

j) Protocols and ports: TCP (3389) other protocols (ICMP)

Create Shared-VPC network

9. On the project 1, click on VPC network → Shared VPC

10. Select Set up Shared VPC

11. Select Save & continue

Deploy SAP HANA Express (SAP HAE)

16. From the Menu, select Marketplace

19. In the input section enter information as provided below

Deployment name: saphae

Disk type : SSD persistent Disk

Disk size : 70GB

Firewall : Allow HANA Port / XSA Port traffic

Create RDP server from remote image

gcloud compute instances create client --zone=us-east1-b --machine-type=n1-standard-2 --subnet=projects/participant0-1/regions/us-east1/s

Access SAP HAE XSA Application

<your SAP HAE internal ip> hxehost

Note: You will need to accept the certificates

Docker Web Application

34. On your project 1 on the cloud shell to setup your K8S

git clone https://github.com/wruter/kochasoft

export PROJECT_ID="$(gcloud config get-value project -q)"

docker build -t gcr.io/${PROJECT_ID}/hello-app:v1 .

gcloud auth configure-docker

docker push gcr.io/${PROJECT_ID}/hello-app:v1

Note: If you dont see it, click the refresh button

docker run --rm -p 8080:8080 gcr.io/${PROJECT_ID}/hello-app:v1

Kubernetes container cluster

47. Once the API is activated, click on Create cluster

48. Provide the following input fields and click create

49. Once created, the cluster should appear green

kubectl run lab-web-app --image=gcr.io/participant0-1/hello-app:v1 --port 8080

54. On the right side of the panel, click on expose

Before You Start

Log in to Google Cloud Platform (GCP)

Create Google Project

Create VPC network

Create Shared-VPC network

Deploy SAP HANA Express (SAP HAE)