Rocky Linux from CIQ on Google Cloud Platform¶

This guide covers deploying Rocky Linux from CIQ (RLC) on Google Cloud Platform (GCP).

GCP Marketplace¶

RLC is available through the Google Cloud Marketplace, providing easy deployment and billing integration.

Finding RLC in GCP Marketplace¶

Navigate to Google Cloud Marketplace
Search for "Rocky Linux from CIQ"
Select the appropriate RLC offering
Review pricing and terms
Click "Launch"

Launching from Marketplace¶

# Create RLC instance from gcloud CLI
gcloud compute instances create rlc-instance \
  --image-family=rlc-family \
  --image-project=ciq-public \
  --machine-type=n1-standard-4 \
  --zone=us-central1-a \
  --boot-disk-size=50GB \
  --boot-disk-type=pd-ssd \
  --tags=rlc-server \
  --metadata=enable-oslogin=true

Machine Types¶

Recommended Machine Types¶

Development/Testing: - e2-micro - 1 vCPU, 1GB RAM - e2-small - 1 vCPU, 2GB RAM - e2-medium - 1 vCPU, 4GB RAM

Production: - n1-standard-4 - 4 vCPU, 15GB RAM - n1-standard-8 - 8 vCPU, 30GB RAM - n1-standard-16 - 16 vCPU, 60GB RAM

High Performance: - c2-standard-8 - 8 vCPU, 32GB RAM (compute optimized) - n1-highmem-8 - 8 vCPU, 52GB RAM (memory optimized)

Storage Configuration¶

Persistent Disk Types¶

# Create high-performance persistent disk
gcloud compute disks create rlc-data-disk \
  --size=500GB \
  --type=pd-ssd \
  --zone=us-central1-a \
  --enable-kms-encryption

# Attach disk to instance
gcloud compute instances attach-disk rlc-instance \
  --disk=rlc-data-disk \
  --zone=us-central1-a

Recommended Storage Layout¶

Boot Disk: 50GB SSD persistent disk (encrypted)
Data Disk: 500GB+ SSD persistent disk (encrypted)
Backup Storage: Cloud Storage for backups

Networking¶

Firewall Rules¶

# Create firewall rules for RLC
gcloud compute firewall-rules create rlc-ssh \
  --allow tcp:22 \
  --source-ranges 0.0.0.0/0 \
  --target-tags rlc-server \
  --description "Allow SSH to RLC instances"

gcloud compute firewall-rules create rlc-http \
  --allow tcp:80 \
  --source-ranges 0.0.0.0/0 \
  --target-tags rlc-server \
  --description "Allow HTTP to RLC instances"

gcloud compute firewall-rules create rlc-https \
  --allow tcp:443 \
  --source-ranges 0.0.0.0/0 \
  --target-tags rlc-server \
  --description "Allow HTTPS to RLC instances"

VPC Configuration¶

# Create custom VPC
gcloud compute networks create rlc-vpc \
  --subnet-mode=custom \
  --description="RLC custom VPC"

# Create subnets
gcloud compute networks subnets create rlc-subnet-public \
  --network=rlc-vpc \
  --range=10.0.1.0/24 \
  --region=us-central1

gcloud compute networks subnets create rlc-subnet-private \
  --network=rlc-vpc \
  --range=10.0.2.0/24 \
  --region=us-central1

Auto Scaling¶

Instance Template¶

# Create instance template
gcloud compute instance-templates create rlc-template \
  --image-family=rlc-family \
  --image-project=ciq-public \
  --machine-type=n1-standard-2 \
  --network-interface=network=rlc-vpc,subnet=rlc-subnet-public \
  --tags=rlc-server \
  --boot-disk-size=50GB \
  --boot-disk-type=pd-ssd \
  --metadata=enable-oslogin=true

Managed Instance Group¶

# Create managed instance group
gcloud compute instance-groups managed create rlc-mig \
  --template=rlc-template \
  --size=3 \
  --zone=us-central1-a

# Set up autoscaling
gcloud compute instance-groups managed set-autoscaling rlc-mig \
  --max-num-replicas=10 \
  --min-num-replicas=2 \
  --target-cpu-utilization=0.7 \
  --zone=us-central1-a

Load Balancing¶

HTTP(S) Load Balancer¶

# Create health check
gcloud compute health-checks create http rlc-health-check \
  --port=80 \
  --request-path=/health

# Create backend service
gcloud compute backend-services create rlc-backend \
  --protocol=HTTP \
  --health-checks=rlc-health-check \
  --global

# Add instance group to backend
gcloud compute backend-services add-backend rlc-backend \
  --instance-group=rlc-mig \
  --instance-group-zone=us-central1-a \
  --global

# Create URL map
gcloud compute url-maps create rlc-urlmap \
  --default-service=rlc-backend

# Create target proxy
gcloud compute target-http-proxies create rlc-proxy \
  --url-map=rlc-urlmap

# Create forwarding rule
gcloud compute forwarding-rules create rlc-forwarding-rule \
  --global \
  --target-http-proxy=rlc-proxy \
  --ports=80

Monitoring¶

Cloud Monitoring Integration¶

# Install monitoring agent
curl -sSO https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh
sudo bash add-monitoring-agent-repo.sh
sudo dnf install stackdriver-agent

# Start monitoring agent
sudo systemctl enable stackdriver-agent
sudo systemctl start stackdriver-agent

Custom Metrics¶

# Send custom metric using gcloud
gcloud logging write rlc-log '{"metric": "custom_metric", "value": 123}' \
  --severity=INFO

Backup and Recovery¶

Cloud Storage Backup¶

# Create storage bucket
gsutil mb gs://rlc-backup-bucket

# Sync data to Cloud Storage
gsutil -m rsync -r -d /data gs://rlc-backup-bucket/data/

# Set lifecycle policy for cost optimization
cat > lifecycle.json << 'EOF'
{
  "lifecycle": {
    "rule": [
      {
        "action": {"type": "SetStorageClass", "storageClass": "NEARLINE"},
        "condition": {"age": 30}
      },
      {
        "action": {"type": "SetStorageClass", "storageClass": "COLDLINE"},
        "condition": {"age": 90}
      },
      {
        "action": {"type": "Delete"},
        "condition": {"age": 365}
      }
    ]
  }
}
EOF

gsutil lifecycle set lifecycle.json gs://rlc-backup-bucket

Persistent Disk Snapshots¶

# Create snapshot
gcloud compute disks snapshot rlc-data-disk \
  --snapshot-names=rlc-snapshot-$(date +%Y%m%d) \
  --zone=us-central1-a

# Create snapshot schedule
gcloud compute resource-policies create snapshot-schedule rlc-daily-backup \
  --region=us-central1 \
  --max-retention-days=7 \
  --on-source-disk-delete=keep-auto-snapshots \
  --daily-schedule \
  --start-time=02:00 \
  --storage-location=us

Cost Optimization¶

Committed Use Discounts¶

Purchase Committed Use Discounts for predictable workloads
Use Sustained Use Discounts for long-running instances
Consider Preemptible VMs for fault-tolerant workloads

Storage Optimization¶

Use regional persistent disks for better price/performance
Implement Cloud Storage lifecycle policies
Regular cleanup of unused disks and snapshots

Security¶

IAM Configuration¶

# Create service account for RLC instances
gcloud iam service-accounts create rlc-service-account \
  --description="Service account for RLC instances" \
  --display-name="RLC Service Account"

# Grant necessary permissions
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:rlc-service-account@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/compute.instanceAdmin"

Secret Manager Integration¶

# Create secret
echo -n "SecurePassword123" | gcloud secrets create database-password \
  --data-file=-

# Access secret from instance
gcloud secrets versions access latest --secret="database-password"

Container Deployment¶

Google Kubernetes Engine (GKE)¶

# Create GKE cluster
gcloud container clusters create rlc-cluster \
  --num-nodes=3 \
  --machine-type=n1-standard-4 \
  --zone=us-central1-a \
  --enable-autorepair \
  --enable-autoupgrade

# Deploy RLC application
kubectl create deployment rlc-app --image=gcr.io/PROJECT_ID/rlc:latest
kubectl expose deployment rlc-app --type=LoadBalancer --port=80

Troubleshooting¶

Common Issues¶

Instance Creation Failures:

# Check quota limits
gcloud compute project-info describe \
  --format="table(quotas.metric,quotas.limit,quotas.usage)"

# View operation logs
gcloud logging read "resource.type=compute.googleapis.com" \
  --limit=50 \
  --format="table(timestamp,severity,textPayload)"

Connectivity Issues:

# Check firewall rules
gcloud compute firewall-rules list --filter="name~rlc"

# Test connectivity
gcloud compute instances list \
  --filter="tags.items=rlc-server" \
  --format="table(name,zone,machineType,status,externalIP)"

Performance Issues:

# Check monitoring metrics
gcloud monitoring metrics list \
  --filter="metric.type:compute.googleapis.com/instance/cpu/utilization"

# View instance details
gcloud compute instances describe rlc-instance \
  --zone=us-central1-a

Best Practices¶

Security¶

Use service accounts with minimal required permissions
Enable OS Login for SSH key management
Use private Google Access for instances without external IPs
Implement VPC Service Controls for sensitive data

Performance¶

Use SSD persistent disks for better performance
Enable live migration for maintenance events
Use regional persistent disks for high availability
Implement health checks for load balancers

Cost Management¶

Use labels for cost allocation and resource management
Implement automated start/stop for development environments
Regular review of unused resources
Use Cloud Billing reports for cost analysis

High Availability¶

Deploy across multiple zones
Use regional persistent disks
Implement proper health monitoring
Configure automated backup policies

Automation¶

Use deployment manager or Terraform for infrastructure as code
Implement CI/CD pipelines with Cloud Build
Use Cloud Functions for event-driven automation
Configure monitoring and alerting policies

For additional GCP-specific configurations and troubleshooting, see the main RLC documentation