A few weeks ago I was in a project that used Nutanix Calm to deploy virtual machines (VMs) on-premises as well as in Google Cloud Platform (GCP). Since the customer had a direct network connection to GCP they wanted to remove the VM external IP address to make sure their VMs can only connect to the internet and be reachable via their LAN.
Yes you can control access to GCP networks (and their VMs) via GCP firewall rules but you need to respect a customer technical requirement, right…..
There are multiple ways to achieve this and I decided to use the option of allowing the deployed VM to run gcloud commands.
There are two blog post sections.
By default when you deploy a VM in GCP the VM is not allowed to perform cloud commands and make configuration changes. During VM deployment, or before whenever you want to make any changes, you need to change the “Cloud API access scopes”:
Configuration
There are two things you need to do in your Calm Blueprint. Just click the Blueprint and:
- Change Scopes
- Define the gcloud commands during the VM deployment. In my case I decided to use the Blueprint Service Create section to define the commands.
This is the completed Task
For the purpose of removing the GCP VM External IP address I added the below Task, the other Tasks are for different purposes.
here you can copy the code.
# Task to remove the GCP VM external IP address # # Find the GCP zone where the VM is deployed gcpzone=`gcloud compute instances list | grep @@{vm_name}@@ | awk -F " " '{print $2}'` sleep 4 # # Remvove the VMs External IP Address gcloud compute instances delete-access-config @@{vm_name}@@ --zone=$gcpzone
GCP VM Deployment & Verification
So let’s deploy a VM and make sure the VM External IP is removed. You just have to perform steps 1 and X below.
- Launch the Blueprint and create a Calm Application, just provide:
- Monitor the GCP Console to see when the VM is deployed to verify that the VM first gets an External IP address.
- Verify connection to the newly deployed VM via the VM External IP address. In my case I tested via SSH
- Verify the Calm Application launch was successful. Also check the specific task which should remove the VM External IP address and if you click the below figure you’ll see that the cloud command output looks good, easy “Updated” which is expected.
- Verify the GCP VM External IP address is removed via GCP Console
That easy:)
Note: In a future version of Nutanix Calm there will be en option during VM deployment to not request an External IP Address. This script provided can be used either during VM deployment or as a separate Day 2 Blueprint.