はじめに
Google Cloud を使い始めているため、色々環境整備をしている。
ローカルで Google Cloud を扱うにあたって、 Cloud SDK というのがあり、これを使って CLI で操作できるので、これをインストールして触ってみる。
インストール
ドキュメントだとアーカイブファイルを取得するやり方だけど、パッケージマネージャー経由でもインストールできる。 macOS だと Homebrew でもインストールできる。
使ってみる
バージョン。
% gcloud -v Google Cloud SDK 377.0.0 bq 2.0.74 core 2022.03.10 gsutil 5.8 Updates are available for some Google Cloud CLI components. To install them, please run: $ gcloud components update
ヘルプを見てみる。
% gcloud -h
Usage: gcloud [optional flags] <group | command>
group may be access-approval | access-context-manager |
active-directory | ai | ai-platform | anthos |
api-gateway | apigee | app | artifacts | asset |
assured | auth | bigtable | billing | bms | builds |
cloud-shell | components | composer | compute |
config | container | data-catalog |
database-migration | dataflow | dataplex | dataproc |
datastore | datastream | debug | deploy |
deployment-manager | dns | domains | emulators |
endpoints | essential-contacts | eventarc | filestore |
firebase | firestore | functions | game | healthcare |
iam | iap | identity | ids | iot | kms | logging |
memcache | metastore | ml | ml-engine | monitoring |
network-connectivity | network-management |
network-security | network-services | notebooks |
org-policies | organizations | policy-intelligence |
policy-troubleshoot | privateca | projects | pubsub |
recaptcha | recommender | redis | resource-manager |
resource-settings | run | scc | scheduler | secrets |
service-directory | services | source | spanner | sql |
tasks | topic | transcoder | transfer | workflows |
workspace-add-ons
command may be cheat-sheet | docker | feedback | help | info | init |
survey | version
For detailed information on this command and its flags, run:
gcloud --help
初期設定
gcloud init を実行する。
$ gcloud init Welcome! This command will take you through the configuration of gcloud. Your current configuration has been set to: [default] You can skip diagnostics next time by using the following flag: gcloud init --skip-diagnostics Network diagnostic detects and fixes local network connection issues. Checking network connection...done. Reachability Check passed. Network diagnostic passed (1/1 checks passed). You must log in to continue. Would you like to log in (Y/n)? y You are authorizing gcloud CLI without access to a web browser. Please run the following command on a machine with a web browser and copy its output back here. Make sure the installed gcloud version is 372.0.0 or newer. gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****" Enter the output of the above command:
Web ブラウザを搭載した端末で gcloud auth login --remote-bootstrap="****" を実行せよ、というメッセージが出る。
ブラウザ経由で Google アカウントにログインし、認証する必要があるらしい。なかなかに面倒。
別ターミナルを起動して、実行する。
% gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****" DO NOT PROCEED UNLESS YOU ARE BOOTSTRAPPING GCLOUD ON A TRUSTED MACHINE WITHOUT A WEB BROWSER AND THE ABOVE COMMAND WAS THE OUTPUT OF `gcloud auth login --no-browser` FROM THE TRUSTED MACHINE. Proceed (y/N)? y
ブラウザが起動して Google アカウントへのログインが求められる
利用したい Google アカウントへログインして、SDK のからの認証を許可する。
認証すると、以下のような出力になる。この https://localhost:8085/?state=*** をコピーする。
Proceed (y/N)? y
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****
Copy the following line back to the gcloud CLI waiting to continue the login flow. WARNING: THE FOLLOWING LINE ENABLES ACCESS TO YOUR GCP RESOURCES. ONLY COPY IT TO A MACHINE YOU TRUST AND RAN `gcloud auth login --no-browser` ON EARLIER.
https://localhost:8085/?state=***
元端末の Enter the output of the above command: の部分に https://localhost:8085/?state=*** を入力して実行する。
You must log in to continue. Would you like to log in (Y/n)? y You are authorizing gcloud CLI without access to a web browser. Please run the following command on a machine with a web browser and copy its output back here. Make sure the installed gcloud version is 372.0.0 or newer. gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****" Enter the output of the above command: `https://localhost:8085/?state=***`
プロジェクトの選択 or 新規作成を行う。
Enter the output of the above command: https://localhost:8085/?state=*** You are logged in as: [foobar@example.com]. Pick cloud project to use: [1] hogehoge-prj [2] Enter a project ID [3] Create a new project Please enter numeric choice or text value (must exactly match list item):
ここでは既存プロジェクトを選択した。 続いてリージョンとゾーンの設定を行うか聞かれる。
Google Cloud では、例えば us-east1-b だと us-east1 がリージョン、b の部分がゾーンとなる。
Your current project has been set to: [hogehoge-prj]. Do you want to configure a default Compute Region and Zone? (Y/n)?
Y を選択するとリージョンのリストが出てくる。
Do you want to configure a default Compute Region and Zone? (Y/n)? Y Which Google Compute Engine zone would you like to use as project default? If you do not specify a zone via a command line flag while working with Compute Engine resources, the default is assumed. [1] us-east1-b [2] us-east1-c [3] us-east1-d [4] us-east4-c [5] us-east4-b [6] us-east4-a [7] us-central1-c [8] us-central1-a [9] us-central1-f [10] us-central1-b [11] us-west1-b [12] us-west1-c [13] us-west1-a [14] europe-west4-a [15] europe-west4-b [16] europe-west4-c [17] europe-west1-b [18] europe-west1-d [19] europe-west1-c [20] europe-west3-c [21] europe-west3-a [22] europe-west3-b [23] europe-west2-c [24] europe-west2-b [25] europe-west2-a [26] asia-east1-b [27] asia-east1-a [28] asia-east1-c [29] asia-southeast1-b [30] asia-southeast1-a [31] asia-southeast1-c [32] asia-northeast1-b [33] asia-northeast1-c [34] asia-northeast1-a [35] asia-south1-c [36] asia-south1-b [37] asia-south1-a [38] australia-southeast1-b [39] australia-southeast1-c [40] australia-southeast1-a [41] southamerica-east1-b [42] southamerica-east1-c [43] southamerica-east1-a [44] asia-east2-a [45] asia-east2-b [46] asia-east2-c [47] asia-northeast2-a [48] asia-northeast2-b [49] asia-northeast2-c [50] asia-northeast3-a Did not print [39] options. Too many options [89]. Enter "list" at prompt to print choices fully. Please enter numeric choice or text value (must exactly match list item):
ここで 89 を入力すると、リージョンのみを選択できる。
Please enter numeric choice or text value (must exactly match list item): 89 Which Google Compute Engine region would you like to use as project default? If you do not specify a region via a command line flag while working with Compute Engine resources, the default is assumed. [1] asia-east1 [2] asia-east2 [3] asia-northeast1 [4] asia-northeast2 [5] asia-northeast3 [6] asia-south1 [7] asia-south2 [8] asia-southeast1 [9] asia-southeast2 [10] australia-southeast1 [11] australia-southeast2 [12] europe-central2 [13] europe-north1 [14] europe-west1 [15] europe-west2 [16] europe-west3 [17] europe-west4 [18] europe-west6 [19] northamerica-northeast1 [20] northamerica-northeast2 [21] southamerica-east1 [22] southamerica-west1 [23] us-central1 [24] us-east1 [25] us-east4 [26] us-west1 [27] us-west2 [28] us-west3 [29] us-west4 [30] Do not set default region Please enter numeric choice or text value (must exactly match list item): asia-northeast1 Your project default Compute Engine region has been set to [asia-northeast1]. You can change it by running [gcloud config set compute/region NAME]. Created a default .boto configuration file at [/home/dshimizu/.boto]. See this file and [https://cloud.google.com/storage/docs/gsutil/commands/config] for more information about configuring Google Cloud Storage. Your Google Cloud SDK is configured and ready to use! * Commands that require authentication will use foobar@example.com by default * Commands will reference project `hogehoge-prj` by default * Compute Engine commands will use region `asia-northeast1` by default Run `gcloud help config` to learn how to change individual settings This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects. Run `gcloud topic configurations` to learn more. Some things to try next: * Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command. * Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formatting * Run `gcloud cheat-sheet` to see a roster of go-to `gcloud` commands.
設定確認
gcloud config list で設定を出力できる。
% gcloud config list [compute] region = asia-northeast1 [core] account = foorbar@example.com disable_usage_reporting = True project = hogehoge-prj Your active configuration is: [default]
gcloud projects list で、認証しているアカウントで、自分が参加しているプロジェクトを出力できる。
% gcloud projects list PROJECT_ID NAME PROJECT_NUMBER hogehoge-prj dhogehoge-prj 5**********3 test-prj test-prj 5**********6
プロジェクト切り替え
gcloud config set project {Project ID} で、プロジェクトを切り替えられる。このとき、指定するのはプロジェクト名ではなく、プロジェクトIDである。
% gcloud config set project test-prj Updated property [core/project].
% gcloud config list [compute] region = asia-northeast1 [core] account = foorbar@example.com disable_usage_reporting = True project = test-prj Your active configuration is: [default]
gcloud config set account アカウント名 でアカウントを切り替える。
% gcloud config set account test@example.com Updated property [core/account].
変更後の出力。
% gcloud config list [compute] region = asia-northeast1 [core] account = test@example.com disable_usage_reporting = True project = test-prj Your active configuration is: [default]
再認証
この状態だと一部オペレーションをしようとすると、以下のようになる。
$ gcloud config set compute/zone us-central1-a ERROR: (gcloud.config.set) Your current active account [test@example.com] does not have any valid credentials Please run: $ gcloud auth login to obtain new credentials. For service account, please activate it first: $ gcloud auth activate-service-account ACCOUNT
こうなると再認証が必要となるので、 gcloud init 時と同様に gcloud auth を実行する。
% gcloud auth login You are authorizing gcloud CLI without access to a web browser. Please run the following command on a machine with a web browser and copy its output back here. Make sure the installed gcloud version is 372.0.0 or newer. gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=********" Enter the output of the above command:
また別途 gcloud auth login --remote-bootstrap= を実行しろ、と言われるので、別ターミナルで実行する。
% gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=********" DO NOT PROCEED UNLESS YOU ARE BOOTSTRAPPING GCLOUD ON A TRUSTED MACHINE WITHOUT A WEB BROWSER AND THE ABOVE COMMAND WAS THE OUTPUT OF `gcloud auth login --no-browser` FROM THE TRUSTED MACHINE. Proceed (y/N)? y
Proceed (y/N)? で y を選択するとまたブラウザ経由で認証画面が出るので許可するとまた以下の出力を得られる。
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=********
Copy the following line back to the gcloud CLI waiting to continue the login flow. WARNING: The following line enables access to your Google Cloud resources. Only copy it to the trusted machine that you ran the `gcloud auth login --no-browser` command on earlier.
https://localhost:8085/?state=****
これを先程の Enter the output of the above command: に貼り付ければまた認証できる。
Enter the output of the above command: https://localhost:8085/?state=******** You are now logged in as [test@example.com]. Your current project is [test-prj]. You can change this setting by running: $ gcloud config set project PROJECT_ID
ゾーンの設定
% gcloud config set compute/zone us-central1-a Updated property [compute/zone].
% gcloud config list [compute] region = asia-northeast1 zone = us-central1-a [core] account = test@example.com disable_usage_reporting = True project = test-prj Your active configuration is: [default]
設定を削除する場合は gcloud config unset を使う、
$ gcloud config unset compute/zone Unset property [compute/zone].
この場合 zone の指定が消える。
% gcloud config list [compute] region = asia-northeast1 [core] account = test@example.com disable_usage_reporting = True project = test-prj Your active configuration is: [default]
リージョンの設定
gcloud config set compute/region でリージョンの設定を変える
% gcloud config set compute/region us-central1 Updated property [compute/region].
変わった。
% gcloud config list [compute] region = asia-northeast1 [core] account = test@example.com disable_usage_reporting = True project = test-prj Your active configuration is: [default]
configurations の新規作成
今までのはconfigurationsの新規作成と、作成したconfigurationsの更新だった。 これは default 設定として保存されている。
% gcloud config configurations list NAME IS_ACTIVE ACCOUNT PROJECT COMPUTE_DEFAULT_ZONE COMPUTE_DEFAULT_REGION default True test@example.com test-prj asia-northeast1
別なconfigurationsを作成してみる。
gcloud config configurations create "config-name" で作成する。
$ gcloud config configurations create dev-conf Created [dev-conf]. Activated [dev-conf].
自動的に作成した configuration がActive になって切り替わる。
$ gcloud config configurations list NAME IS_ACTIVE ACCOUNT PROJECT COMPUTE_DEFAULT_ZONE COMPUTE_DEFAULT_REGION default False test@example.com test-prj asia-northeast1 dev-conf True
新しい configuration にプロジェクト、 アカウント、ゾーン、リージョンを設定する。
% gcloud config set project hogehoge-prj Updated property [core/project]. % gcloud config set account foorbar@example.com Updated property [core/account]. % gcloud config set compute/zone asia-northeast1-a Updated property [compute/zone]. % gcloud config set compute/region asia-northeast1 Updated property [compute/region].
確認してみる。
% gcloud config list [compute] region = asia-northeast1 zone = asia-northeast1-a [core] account = foorbar@example.com disable_usage_reporting = True project = hogehoge-prj Your active configuration is: [dev-conf]
configuration はこうなる。
% gcloud config configurations list NAME IS_ACTIVE ACCOUNT PROJECT COMPUTE_DEFAULT_ZONE COMPUTE_DEFAULT_REGION default False test@example.com test-prj asia-northeast1 dev-conf True foorbar@example.com hogehoge-prj asia-northeast1-a asia-northeast1
configuration の切り替え
gcloud config configurations activate "config-name" で切り替える。
% gcloud config configurations activate default Activated [default].
切り替わった。
% gcloud config configurations list NAME IS_ACTIVE ACCOUNT PROJECT COMPUTE_DEFAULT_ZONE COMPUTE_DEFAULT_REGION default True test@example.com test-prj asia-northeast1 dev-conf False foorbar@example.com hogehoge-prj asia-northeast1-a asia-northeast1
その他
gcloud config configurations rename や gcloud config configurations delete で configuration の名称を変えたり、削除したりできる。
設定ファイル
ちなみに設定ファイルは $HOME/.config/gcloud/ にできている。
% ls -lth .config/gcloud/ total 12K -rw-r--r-- 1 dshimizu sysadmin 0 Feb 17 08:28 config_sentinel -rw------- 1 dshimizu sysadmin 12K Feb 17 08:28 access_tokens.db -rw------- 1 dshimizu sysadmin 5 Feb 17 08:22 gce -rw-r--r-- 1 dshimizu sysadmin 7 Feb 17 08:22 active_config drwxr-xr-x 2 dshimizu sysadmin 4 Feb 17 08:22 configurations -rw------- 1 dshimizu sysadmin 12K Feb 17 06:37 credentials.db drwxr-xr-x 4 dshimizu sysadmin 4 Feb 17 06:37 legacy_credentials drwxr-xr-x 4 dshimizu sysadmin 4 Feb 17 04:27 logs
作成した configuration は以下にある。
% ls -lth .config/gcloud/configurations total 9.0K -rw-r--r-- 1 dshimizu sysadmin 124 Feb 17 08:28 config_dev-conf -rw-r--r-- 1 dshimizu sysadmin 98 Feb 17 07:24 config_default
まとめ
gcloud コマンドを使って config の設定をしてみた。 慣れると良いが、少し使わないでいるとすぐ忘れる。
