It's easy to get started using Google Compute Engine. This quickstart provides step-by-step instructions on how to get started using Google Compute Engine. By the end of this quickstart, you should know how to:
- Start a virtual machine
To start, you will create a virtual machine instance with a machine type, an image, and a root persistent disk.
- Configure a firewall to allow traffic to and from the Internet
In step 2 of this exercise, you will create a firewall rule to allow external traffic to and from the Internet.
- Install an Apache server to serve web pages
Next, you will ssh into your virtual machine and install Apache.
- Lastly and optionally, we'll discuss how to delete your resources once you're done with them.
You can also watch the video on this page to walk you through the steps of this tutorial. The video covers the same concepts and shows you how to perform each step of this quickstart.
- Start an instance
- Add a firewall
- Log in to an instance
- Serve web pages
- Delete your instance and persistent disk
- Next steps
Before you can run this exercise, you must set up your environment as described here:
- Sign up for Google Compute Engine, if you haven't already.
- Download and Install the
gcutilcommand line tool.
- If you didn't set your project ID
in the installation procedure, you can still
set a default
gcutilproject ID by running:
$ gcutil getproject --project=<project-id> --cache_flag_values
You were prompted to create a project ID when you enabled the service in the Google Developers Console. If your project belongs to a specific domain, your project ID would be in the form
Optional: For this tutorial, we are also using the
--cache_flag_valuesflag, which tells gcutil to store all the flags in this command in a file at
~/.gcutil.flags. All subsequent gcutil commands can omit these flags, such as the
--projectflag, because gcutil reuses the initial flag value. If you do not include the
--cache_flag_valuesflag, you need to provide all required flags for every gcutil action. The rest of this quickstart guide omits the
--projectflag because we have set the
Similarly, you can also use the
--cache_flag_valuesto store flags such as
--machine_type, which might simplify instance creation if you plan to create many instances in the same zone or with the same machine types. You can always override the cached flag values by providing a new flag value on the command line:
gcutil addinstance --zone=<new-zoen> ...
First, you will need to create a new virtual machine instance. Your instances run on the Compute Engine infrastructure and you can ssh in to and configure them, install and run software, create a network, create a server farm, and much more.
When you create an instance, Google Compute Engine will automatically create a root persistent disk for you, using the image that you specified. The root persistent disk stores the root filesystem and OS image that your instance needs to boot.
Here are the steps to creating your first instance:
- Create and Start Your Instance
To create an instance, you need to execute the
gcutil addinstance my-first-instance --machine_type=n1-standard-2 \ --image=debian-7 --zone=us-central1-a --wait_until_running --auto_delete_boot_disk
my-first-instanceis a name that you choose for your instance. Your instance name must adhere to the restrictions described on the Instance resource page. For this example, use
--machine_type=n1-standard-2sets your desired machine types. A machine type determines the memory, number of virtual cores, and persistent disk limits that your instance will have.
--image=debian-7sets the image and operating system to use. If you provide
debian-7, gcutil automatically resolves the image to the latest debian-7 image. Image versions are marked by dates so the newest version of the image will be the one with the most recent date. An image contains the operating system and root file system that is necessary for starting an instance. Currently, Google Compute Engine offers Debian and CentOS images. This image will be applied to a root persistent disk which is automatically created if you do not specify a disk on instance creation. The newly-created persistent boot disk is named after your instance, in the format
--zone=us-central1-adetermines where your instance should live. In this example, the instance will be created in the us-central1-a zone.
--wait_until_runningflag tells gcutil to block until the instance is running. By default, after you run the
addinstancecommand, gcutil will exit the
addinstancecommand even if your instance has not yet started running. You must then check the status of your instance and wait for the status to change to
RUNNINGbefore you can use your new instance. To avoid this extra step, you can use the
‑‑wait_until_runningflag, which will force the
addinstancecommand to wait until the instance is running before it exits, indicating that the instance is ready to use.
--auto_delete_boot_disktells Compute Engine that the associated root persistent disk should be deleted if the instance is deleted. This helps you remove unused resources and saves you an extra API call to delete the root disk separately. If you omit this flag, the default for this property is
View a list of important flags and parameters for more information or run
gcutil --helpfor the full list of available flags.
- Select a passphrase for ssh keys
If this is your first time using gcutil to add an instance, you will be asked to create a passphrase to protect your ssh keys.
- (Optional) Check Instance Status
gcutil addinstance, Google Compute Engine will launch your instance. Before you can use your instance, however, you must wait for your instance to report its status as
RUNNING. If you didn't use the
--wait_until_runningflag with the
addinstancecommand, you can check on the status of the instance by querying Google Compute Engine. To check the status of your instance, execute the following command:
$ gcutil getinstance my-first-instance
- Make note of your instance's external IP
By default, your instance is assigned a new ephemeral external IP. Make note of this IP when you perform a
$ gcutil getinstance my-first-instance +------------------------+---------------------+ | name | my-first-instance | | ... | ... | | description | | | ip | 10.207.85.170 | | access-configuration | External NAT | | type | ONE_TO_ONE_NAT | | external-ip | 126.96.36.199 | +------------------------+---------------------+
You need this IP later to browse to your new web server.
Add a firewall
By default, Google Compute Engine blocks all connections to and from an instance to the Internet. To install Apache and serve web pages, you need to create a firewall rule that permits incoming HTTP traffic on port 80.
Every project comes with two default firewalls:
- A firewall that allows SSH access to any instance.
- A firewall that allows all communication between instances in the same network.
You must manually create a firewall rule that allows HTTP requests to your
instance. For this example, create a new firewall using the following
$ gcutil addfirewall http2 --description="Incoming http allowed." --allowed="tcp:http" INFO: Waiting for asynchronous operation to complete. Current status: RUNNING. Sleeping for 5s. +---------------------+------------------------------------------------+ | property | value | +---------------------+------------------------------------------------+ | name | operation-1340145141786-4c2dadb1ed2a0-578a4b5e | | creation time | | | status | DONE | | progress | 100 | | statusMessage | | | target | httpstuff | | target id | 12918719030692922187 | | client operation id | | | insertTime | YYYY-MM-DDT22:32:21.786 | | startTime | YYYY-MM-DDT22:32:21.964 | | endTime | YYYY-MM-DDT22:32:22.976 | | operationType | insert | | error code | | | error message | | +---------------------+------------------------------------------------+
By performing this command, you have:
- Created a new firewall named
http2that allows tcp:http traffic
- Assigned the firewall to the
defaultnetwork in the project. Since you didn't specify a network for the firewall rule, it was automatically applied to the
- Allowed all sources inside and outside the network (including over the Internet)
to make requests to the server. We didn't specify a permitted source for the
firewall, so all sources are allowed to make requests to instances assigned to
source 0.0.0.0/0is the default setting, meaning all sources are allowed).
- Applied this firewall rule to all instances on the network. Because we did not specify a target for your firewall, the firewall applies this rule to all instances in the network.
To review information about your firewall at any time, perform a
$ gcutil getfirewall http2 +---------------+-------------------------+ | property | value | +---------------+-------------------------+ | name | http2 | | description | Incoming http allowed. | | creation time | YYYY-MM-DDT22:32:22.347 | | network | default | | source IPs | 0.0.0.0/0 | | source tags | | | target tags | | | allowed | tcp: 80 | +---------------+-------------------------+
Whenever you create a firewall, you can restrict the sources and targets
to specific callers and instances using appropriate
To see a complete list of supported flags, run
gcutil help addfirewall. See
Networking and Firewalls for more
information about how networking works in Google Compute Engine.
gcutil tool has a built-in ssh command that enables you to
ssh into an instance using the instance name.
To log in to your instance, execute the following command:
$ gcutil ssh my-first-instance
The SSH keys you created previously will be used to authenticate your SSH session. You should now be at the command prompt in your instance's home directory.
Once you have logged in, you can do anything you could do on any other standard Linux machine, including installing applications. You have root permissions on your instance and full control over everything.
If you need to log out of your instance, you can execute the following command:
It is easy to configure your instance to serve HTTP requests from outside its network. Once your instance is running, install Apache on your instance, as follows.
- Install Apache HTTP Server
You have full administrator privileges on any instance that you start in Google Compute Engine. Instances have access to package repositories by default.
Within your instance, run the following commands:
me@my-first-instance$ sudo apt-get update me@my-first-instance$ sudo apt-get install apache2 ...output omitted...
- Make sure the operating system firewall is disabled.
# Save your iptable settings user@my-first-instance:~$ sudo service iptables save # Stop the iptables service user@my-first-instance:~$ sudo service iptables stop # Disable iptables on startup. user@my-first-instance:~$ sudo chkconfig iptables off
- Install Apache using the following commands:
me@my-first-instance:~$ sudo yum install httpd ... Installed size: 3.6 M Is this ok [y/N]: y me@my-first-instance:~$ sudo service httpd start Starting httpd: [ OK ]
- Make sure the operating system firewall is disabled.
- Create a New Home Page
The Apache web server comes with a default web page that we can overwrite to prove that we really control our server. ssh into your instance and execute the following command to overwrite the existing Apache home page:
me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/index.html
me@my-first-instance$ echo '<!doctype html><html><body><h1>Hello World!</h1></body></html>' | sudo tee /var/www/html/index.html
You can also use the
gcutil pushcommand from your local terminal to copy files from your local machine to your instance. However,
pushdoes not allow you to save in a directory that requires root permissions, which is necessary in this scenario because the default location above for web server files requires root permissions. You can change the default location to somewhere that doesn't require root access, or open the existing file for edit as root. See the Apache HTTP Server Docs for more information.
- Browse to Your Home Page
Browse to the external IP address listed previously when you called
gcutil getinstance. The full URL of your page is
When you are finished using your instance, you can delete it and the associated root persistent disk. Deleting an instance stops the virtual machine and removes it from the project.
To delete your instance and root persistent disk, execute the following command:
$ gcutil deleteinstance my-first-instance [--delete_boot_pd]
When you create a persistent disk, it counts towards your persistent disk
quota and also incurs monthly persistent disk charges. To make sure you're not
charged for persistent disks that you aren't using, make sure to delete your
persistent disks when you no longer need them. This can done either by specifying
--auto_delete_boot_disk flag, like you did earlier, or by providing
--delete_boot_pd flag. If you don't provide either flags, gcutil
prompts you to decide if you want to delete the root persistent disk.
If you wanted to keep your root persistent disk and skip the prompt, you
can also provide the
--nodelete_boot_pd flag instead.
Congratulations! You've just run your first Google Compute Engine instance. Learn more about Google Compute Engine on the following pages: