Skip to content

Migrate GCP VMs

Jump to bottom Edit New page
Reale Roberto JA edited this page Nov 12, 2024 · 1 revision

Identify the project name, the image name and the bucket name.

Note: you can also do these steps from the GCP UI in case some of the commands fail.

Create bucket if not existing:

# This bucket already exists: staging-tahoe-us-juniper-images
gsutil mb -p appsembler-tahoe-0 -l us-central1 gs://staging-tahoe-us-juniper-images

Export the image in the bucket:

gcloud compute images export \
    --project=appsembler-tahoe-0 \
    --destination-uri=gs://staging-tahoe-us-juniper-images/staging-tahoe-us-juniper-workers-0.qcow2 \
    --image=staging-tahoe-us-juniper-workers-0 \
    --export-format=qcow2

Download the QCOW2 image:

gsutil cp gs://staging-tahoe-us-juniper-images/staging-tahoe-us-juniper-workers-0.qcow2 .

Now that the qcow2 image has been downloaded, you can edit it with guestfish tools.

Generate a password:

# Note this password somewhere, you will need it when setting the root password below
openssl passwd -1 mySecretRootAccountPasswordHere

Load the image:

sudo guestfish --rw -a staging-tahoe-us-forum-31-10-24.qcow2

Once it has loaded, run the following commands:

launch

list-filesystems

mount /dev/sda1 /

# Change the root password by replacing * in the line with `root` with the new password generated above
vi /etc/shadow

# Disable and purge Google services and packages
sh "systemctl stop google-accounts-daemon.service google-clock-skew-daemon.service google-cloud-ops-agent-fluent-bit.service google-cloud-ops-agent-opentelemetry-collector.service google-cloud-ops-agent.service google-fluentd.service google-instance-setup.service google-network-daemon.service google-shutdown-scripts.service google-startup-scripts.service"
sh "systemctl kill google-accounts-daemon.service google-clock-skew-daemon.service google-cloud-ops-agent-fluent-bit.service google-cloud-ops-agent-opentelemetry-collector.service google-cloud-ops-agent.service google-fluentd.service google-instance-setup.service google-network-daemon.service google-shutdown-scripts.service google-startup-scripts.service"
sh "systemctl disable google-accounts-daemon.service google-clock-skew-daemon.service google-cloud-ops-agent-fluent-bit.service google-cloud-ops-agent-opentelemetry-collector.service google-cloud-ops-agent.service google-fluentd.service google-instance-setup.service google-network-daemon.service google-shutdown-scripts.service google-startup-scripts.service"

sh "dpkg --purge --force-all gce-compute-image-packages google-cloud-sdk google-compute-engine google-compute-engine-oslogin"

# Comment out entries related to google in /etc/hosts
vi /etc/hosts

quit

If you want to run the image with qemu:

qemu-system-x86_64 -hda staging-tahoe-us-forum-31-10-24.qcow2 -m 2048 -boot c -nographic

Create a docker image with the base image, tag it and push it to a registry using this script:

set -e

if [ -z "$1" ]; then
  echo "Please pass the qcow2 name as first argument (without extension)."
  exit 1
fi

if [ -z "$2" ]; then
  TAG=latest
  exit 1
fi

TAG=$2
IMAGE_NAME=$1

echo "Building and pushing ${IMAGE_NAME}:${TAG}"

docker build --platform linux/amd64 -t "${IMAGE_NAME}:${TAG}" -f - . << EOF
FROM scratch
ADD --chown=107:107 ${IMAGE_NAME}.qcow2 /disk/
EOF

docker tag ${IMAGE_NAME}:latest core-harbor.us-east-1.antimony.io/appsembler-containerdisks/${IMAGE_NAME}:latest
docker push core-harbor.us-east-1.antimony.io/appsembler-containerdisks/${IMAGE_NAME}:latest

Script usage example:

sh ./build-image.sh template-centos-6-20170903-19 latest

This creates the VM and the LB:

kubectl create -f - <<EOF
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  namespace: bld-appsembler-vms
  labels:
    kubevirt.io/vm: staging-tahoe-us-forum
  name: staging-tahoe-us-forum
spec:
  running: true
  instancetype:
    kind: VirtualMachineClusterInstancetype
    name: u1.small
  preference:
    kind: VirtualMachineClusterPreference
    name: ubuntu
  template:
    metadata:
      namespace: bld-appsembler-vms
      name: staging-tahoe-us-forum
      labels:
        kubevirt.io/vm: staging-tahoe-us-forum
        app: staging-tahoe-us-forum
    spec:
      domain:
        devices:
          disks:
            - disk:
                bus: scsi
              name: staging-tahoe-us-forum-0-pvc
          interfaces:
            - bridge: {}
              name: defaultnetwork
      networks:
        - name: defaultnetwork
          pod: {}
      volumes:
        - dataVolume:
            name: staging-tahoe-us-forum
          name: staging-tahoe-us-forum-0-pvc
  dataVolumeTemplates:
    - metadata:
        namespace: bld-appsembler-vms
        name: staging-tahoe-us-forum
      spec:
        pvc:
          accessModes:
            - ReadWriteMany
          resources:
            requests:
              storage: 110Gi
          storageClassName: longhorn-migratable
          volumeMode: Block
        source:
          registry:
            url: docker://core-harbor.us-east-1.antimony.io/appsembler-containerdisks/staging-tahoe-us-juniper-forum-0:latest
            secretRef: appsembler-us-east-1
---
apiVersion: v1
kind: Service
metadata:
  namespace: bld-appsembler-vms
  name: staging-tahoe-us-forum
spec:
  selector:
    app: staging-tahoe-us-forum
  ports:
    - name: ssh-port
      protocol: TCP
      port: 22
      targetPort: 22
    - name: http-port
      protocol: TCP
      port: 80
      targetPort: 80
    - name: https-port
      protocol: TCP
      port: 443
      targetPort: 443
  type: LoadBalancer
EOF

Create the secret to get images from us-east-1 Harbor:

kubectl create secret generic appsembler-us-east-1 \
  --from-literal=accessKeyId=robot\$appsembler \
  --from-literal=secretKey=<on 1p> \
  --namespace=bld-appsembler-vms \
  --type=Opaque
Add a custom footer
Add a custom sidebar
Clone this wiki locally