All posts by g00gleg00n

Google Cloud Run

Google Cloud Run Managed WordPress Service

1 Comment

Please check out CloudNerve.com!

Subscribe to our Free Newsletter to get our latest Cybersecurity News and Updates

This WordPress installation of blog.carlscloud.com  is an example of a Google Cloud Run managed instance!

A stateless docker built container with no worry on underlying infrastructure as is automatically scalable based on demand and the number of maximum container instances you specify for the web service.

Google Cloud Run Documentation:  https://cloud.google.com/run/docs

Article reference on this WP build is here:

https://cloudnerve.com/updated-deploying-wordpress-on-cloud-run-in-2021/

and here:

https://www.carlballenger.com/2021/05/28/howto-a-google-cloud-run-container-managed-wordpress-site-with-cloud-sql/

This is an updated guide for using Cloud Run and WordPress in 2021. Credit to Peter Kracik for his original tutorial and source code.

Here is a sample site that uses Cloud Run and WordPress: https://aritao.org.

These are the performance metrics on Lighthouse for the site:

Not bad! 

WordPress is popular publishing tool for sites and blogs. As an open-source content management system, it is forever free to use.

Google Cloud Run is a platform for running services in containers without managing underlying hardware. Cloud Run can deploy a service that “hosts” a WordPress site.

These are the steps we will follow:

Create a Project On Google Cloud Platform

Enable billing.

Activate Cloud Run API, Cloud SQL API, and Cloud SQL Admin API

Use the console search to locate the APIs easily 😊

Prepare the image for Cloud Run.

 produced the original source code for the solution in this guide, and it is available here. The repository contains everything you need to build a container image for use with Google Cloud Run.

Since the repository’s last update, WordPress has upgraded to 5.7.2, and PHP released version 8. Since I wanted to use those versions, I forked the original repository and updated it. By the time this is published, a pull request should be pending. Meanwhile, the fork is here:

lawrenceaph/wp-gcloud-run

Setup to run WordPress on Google Cloud Run. Contribute to lawrenceaph/wp-gcloud-run development by creating an account…

github.com

Use Google Cloud Shell if you don’t want to install the gcloud command line tool locally.

A quick way to create the container image is to use google cloud shell. Access it by clicking on the Activate Cloud Shell button:

Clone the repository and switch to the directory it downloads to:

git clone https://github.com/lawrenceaph/wp-gcloud-run.git
cd wp-gcloud-run

Run a command to build the container and submit it to the Google Container Registry (gcr):

gcloud builds submit -t gcr.io/<project name>/<wpcloudrun>

Replace <project name> with your project name, and <wpcloudrun> with a container name of your choice. It will take a few minutes for the process to finish.

Set Up the Cloud SQL server and Database

**Choose an affordable instance.**

Create a database:

Deploy the container 🎉

Pick a cool name for your service.

Use container port 80, and reduce the maximum instances. I used five. This can be increased later if your site gets high traffic.

You will need to connect the container to your SQL instance:

Supply environment variables.

Go to the URL below to generate WordPress salts. These are strings of code that will attach to passwords to increase their complexity. You will use these as environment variables.

https://api.wordpress.org/secret-key/1.1/salt/

Here’s a sample of the output.

The full set of Environment Variables are:

For the DB_HOST value, copy the SQL instance from the Overview section:

Add a colon and forward slash to the copied text:

:/cloudsql/retail1-300715:asia-east1:sql1

As an additional security measure, GCP’s Secrets Manager API can store a database password as a secret and reference it in Cloud Run as an environment variable. This is an optional step, but a good practice. When stored, secrets look like this:

When used in Cloud Run, the secret displays its outward name but hides the sensitive data:

The actual text of the secret (the password) is not seen anywhere. It is passed directly without showing up in the interface.

Under “Configure how this service is triggered”, select “Allow all traffic” and “Allow unauthenticated invocations”.

After deployment, a URL will become available. Click it to bring up this happy sight:

Fill in the details, log-in, and navigate to the Dashboard. Visit the plugins section and look for WP-Stateless.

Connect WordPress to a storage service.

Activate the WP-Stateless plugin:

Follow the instructions of the plugin to fully enable it. You may opt for automatic setup (requires Google authorization), or manual setup. For those who opt for manual setup, the plugin has very clear instructions. Once connected, choose a mode (“CDN” works well for me) and upload your media the usual way.

Enjoy your new, scalable blogging / site building solution! 🎉🎉🎉

Congratulations! You now have a WordPress site running as a service on Google Cloud Run. If traffic increases, Cloud Run can scale to the maximum instances specified. If traffic hits zero, Cloud Run can downscale to zero as well. Very cool.

Cost-wise, the largest expense will be the Cloud SQL database, which at lowest specs generates a 7–8 USD monthly bill. It’s not cheap, but you can use this SQL server with additional Cloud Run deployments or sites.

Next Steps 💪

You may wish to connect a domain, or practice updating themes, plugins, or even the WordPress installation itself. (The container image is read-only, so updating requires new container builds).

Update plugins and themes by placing the latest versions in the app folder and triggering a new gcloud build. A revised deployment on Cloud Run with the updated image completes the upgrade. The same process works for upgrading WordPress (but keep a copy of wp-config.php as it is tedious to re-type everything).

You may also wish to upgrade your site into a Progressive Web App. If you’re interested in a guide for doing that on Cloud Run, let me know in the comments. Cheers!

Google Cloud Platform

VM Manager simplifies compliance with OS configuration management Preview

Leave a comment

Author:  Sergey Maximov – Product Manager

OS configuration management is an important way that administrators of large fleets of virtual machines (VMs) can automate and centralize the deployment, configuration, maintenance and reporting of software configurations of those VM instances. You can install security and monitoring agents to make sure all VM are secured and protected, bootstrap management tools or ensure OS compliance across your fleet.

In January, we introduced VM Manager, a suite of infrastructure management tools to simplify and automate the maintenance of large fleets of Compute Engine VMs, including OS patchOS inventory, and OS configuration management. The first version of OS configuration management helps install and maintain agents and operating system (OS) software configurations at scale, and is currently used in production by hundreds of customers. Today, we are excited to introduce OS configuration management (Preview) with enhanced features and capabilities.

What’s new?

OS configuration management introduces a new UI (in addition to the API and gcloud command-line), providing an at-a-glance compliance view for your VM fleet and the ability to drill down and find the root cause for non-compliant VMs in seconds. The new UI provides a guided wizard-based experience to create and apply policy assignments to managing VM fleets at scale.

In the new version we have also improved reliability with independent zonal services—a user-controlled safe rollout process for deploying policies. If new policies are not working as expected, you can stop the process without impacting all VMs.

Finally, OS configuration management introduces multiple new functional capabilities: dry-run (compliance only) reporting mode; the ability to define, validate and enforce compliance for custom resources periodically; as well as options to exclude or include certain VMs, for example Google Kubernetes Engine (GKE) nodes, based on labels. For more information see OS configuration management overview.

OS configuration management.jpg

VM Manager uses the OS Config agent to manage VMs. Today, the OS Config agent is pre-installed for all Compute Engine public OS images (Windows, Debian, CentOS, RHEL, Ubuntu, SLES, and Container-Optimized OS) and can be activated with one click across all your VM instances. Once VM Manager is enabled, it automatically activates agents for newly created VMs, making sure the whole fleet is under control.

For OS configuration management (Beta) users

All existing guest policies will continue to work without any changes. We’ll continue to support OS configuration management (beta release) at the same level as before.

comparison document is available to help you to understand the differences between OS configuration management Preview and Beta to guide you on which version to use.

Get started today

General Availability of OS configuration management is planned for later this year. To learn more about all the new features of OS configuration management, see the OS configuration management documentation.

To learn more about VM Manager, visit the documentation, or watch our Google Cloud Next ‘20: OnAir session, Managing Large Compute Engine VM Fleets.

RELATED ARTICLE