Wczytuję…
Nie znaleziono wyników.

Wykorzystuj swoje umiejętności w konsoli Google Cloud

Instrukcje i wymagania dotyczące konfiguracji modułu
Chroń swoje konto i postępy. Zawsze używaj okna przeglądania prywatnego i danych logowania do modułu, kiedy go uruchamiasz.

Use Terraform to Create a Network Peering

Laboratorium 1 godz. universal_currency_alt Punkty: 5 show_chart Średnio zaawansowane
info Ten moduł może zawierać narzędzia AI, które ułatwią Ci naukę.
Te treści nie są jeszcze zoptymalizowane pod kątem urządzeń mobilnych.
Dla maksymalnej wygody odwiedź nas na komputerze, korzystając z linku przesłanego e-mailem.

Overview

In this lab, you peer two networks. This allows communication between machines in those networks using internal IP addresses. This means that databases can be deployed on a private network without external IP addresses, and those databases will only be reachable from the peered network.

Objectives

In this lab, you learn how to perform the following tasks:

  • Peer two networks.
  • Deploy a VM with no external IP.

Setup and requirements

In this task, you perform initialization steps for your lab.

For each lab, you get a new Google Cloud project and set of resources for a fixed time at no cost.

  1. Sign in to Google Skills using an incognito window.

  2. Note the lab's access time (for example, 1:15:00), and make sure you can finish within that time. There is no pause feature. You can restart if needed, but you have to start at the beginning.

  3. When ready, click Start lab.

  4. Note your lab credentials (Username and Password). You will use them to sign in to the Google Cloud Console.

  5. Click Open Google Console.

  6. Click Use another account and copy/paste credentials for this lab into the prompts. If you use other credentials, you'll receive errors or incur charges.

  7. Accept the terms and skip the recovery resource page.

Task 1. Peer two networks

  1. Open a new web browser window and navigate to the Google Cloud Console (console.cloud.google.com). Use the project selector to choose the first project with a leading name of 'qwiklabs-gcp.'

  2. On the Navigation menu (Navigation menu icon), click Cloud Overview.

  3. In the Project info section, find your Project ID and copy and paste it into a text file. You will need it later.

The Project ID highlighted in the Project Info section

  1. Click Activate Cloud Shell (Activate Cloud Shell icon) in the upper right of the Console. The Cloud Shell terminal will open in a pane at the bottom of the window. Click Continue if prompted.

  2. To clone a GitHub repository that includes a completed version of the previous lab, enter the following command:

git clone https://github.com/GoogleCloudPlatform/training-data-analyst
  1. Change to the following folder:
cd ~/training-data-analyst/courses/db-migration/terraform-create-peering/

  1. Type ls, and you see that this folder has the Terraform files to create two networks and a couple of test servers.

  2. Click Open Editor, and then click Open in a new window.

  3. Navigate to training-data-analyst/courses/db-migration/terraform-create-peering/ folder, and then open the terraform.tfvars file.

  4. Change the values in the terraform.tfvars file as noted below.

    Item Value
    project_id
    gcp_region_1
    gcp_zone_1

  5. In the Cloud Console, initialize Terraform and create the resources, by entering the following commands:

terraform init terraform plan terraform apply -auto-approve

  1. If you see the Authorize Cloud Shell dialog box, click Authorize.

  2. When the Terraform process completes, on the Navigation menu (Navigation menu icon), click Compute Engine.

You now have two machines: one in the public network and one in the private network.

  1. Copy the internal IP address of the private machine to the clipboard (it should be 10.2.2.2), and then SSH into the one with the name that begins with public-test-server-.

  2. Ping the private machine (at this point it shouldn't work):

ping 10.2.2.2 Note: To allow communication between two GCP networks via their internal IP addresses, you need to peer them. You'll do that now.

  1. On the Navigation menu (Navigation menu icon), click VPC network > VPC network peering.
    Notice that there are no peered networks at this point. You could set up the peering here in the Console, but using Terraform is more automated and reproducible.

  2. Back in Cloud Shell, make sure you are in the ~/training-data-analyst/courses/db-migration/terraform-create-peering/ folder, and create a file called vpc-peering.tf:

cd ~/training-data-analyst/courses/db-migration/terraform-create-peering/ touch vpc-peering.tf
  1. Click Open Editor, find the file you just created, and add the following code to it:
resource "google_compute_network_peering" "public-private" { name = "peering1" network = google_compute_network.public-vpc.self_link peer_network = google_compute_network.private-vpc.self_link } resource "google_compute_network_peering" "private-public" { name = "peering2" network = google_compute_network.private-vpc.self_link peer_network = google_compute_network.public-vpc.self_link } Note: A peering request has to be made from both networks. That is why there are two network peerings: one from the public network to the private network, and one in the opposite direction.
  1. To create the peering, switch back to the Cloud Shell terminal and enter the following command:
terraform apply -auto-approve

  1. After the command completes, return to the Console. Navigate away from the VPC network peering page and then back to it, to refresh the view. The peering is created and active.

  2. Switch back to the SSH window of the public test server, and your ping command has started working. Press CTRL+C to stop the command, and then type exit to close the SSH session.

Click Check my progress to verify the objective. Peer two networks

Task 2. Deploy a VM with no external IP

Once the networks are peered, machines in the private network do not need a public IP address.

  1. In Cloud Shell, switch to the Code Editor, and then open the file private-test-server-linux.tf.

  2. In the network_interface section, comment out the line that reads access_config { } (line 19).

Note: Comments in Terraform use the "#" character. This will cause the VM to be created without an external IP address.

Because there is no longer going to be an external IP address, you can't output its value.

  1. Find the code that outputs the VM's external IP address, and change it to the string NONE. It should be line 29. See the example below:
output "private-test-server-linux-external-ip" { value = "NONE" }
  1. Return to the Cloud Shell terminal and apply your change:
terraform apply -auto-approve

Click Check my progress to verify the objective. Deploy a VM with no external IP

  1. When the Terraform command completes, in the Console, go to the Compute Engine service. The private VM now has no external IP address. SSH into the public VM and make sure you can still ping the private server via its internal IP address.

  2. Return to the the Cloud Shell terminal and delete everything:

terraform destroy -auto-approve

Congratulations! You have peered two networks. This allows communication between machines in those networks using internal IP addresses. This means that databases can be deployed on a private network without external IP addresses, and those databases will only be reachable from the peered network.

End your lab

When you have completed your lab, click End Lab. Google Skills removes the resources you’ve used and cleans the account for you.

You will be given an opportunity to rate the lab experience. Select the applicable number of stars, type a comment, and then click Submit.

The number of stars indicates the following:

  • 1 star = Very dissatisfied
  • 2 stars = Dissatisfied
  • 3 stars = Neutral
  • 4 stars = Satisfied
  • 5 stars = Very satisfied

You can close the dialog box if you don't want to provide feedback.

For feedback, suggestions, or corrections, please use the Support tab.

Copyright 2026 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.

Zanim zaczniesz

  1. Moduły tworzą projekt Google Cloud i zasoby na określony czas.
  2. Moduły mają ograniczenie czasowe i nie mają funkcji wstrzymywania. Jeśli zakończysz moduł, musisz go zacząć od początku.
  3. Aby rozpocząć, w lewym górnym rogu ekranu kliknij Rozpocznij moduł.

Użyj przeglądania prywatnego

  1. Skopiuj podaną nazwę użytkownika i hasło do modułu.
  2. Kliknij Otwórz konsolę w trybie prywatnym.

Zaloguj się w konsoli

  1. Zaloguj się z użyciem danych logowania do modułu. Użycie innych danych logowania może spowodować błędy lub naliczanie opłat.
  2. Zaakceptuj warunki i pomiń stronę zasobów przywracania.
  3. Nie klikaj Zakończ moduł, chyba że właśnie został przez Ciebie zakończony lub chcesz go uruchomić ponownie, ponieważ spowoduje to usunięcie wyników i projektu.

Ta treść jest obecnie niedostępna

Kiedy dostępność się zmieni, wyślemy Ci e-maila z powiadomieniem

Świetnie

Kiedy dostępność się zmieni, skontaktujemy się z Tobą e-mailem

Jeden moduł, a potem drugi

Potwierdź, aby zakończyć wszystkie istniejące moduły i rozpocząć ten

Aby uruchomić moduł, użyj przeglądania prywatnego

Najlepszym sposobem na uruchomienie tego laboratorium jest użycie okna incognito lub przeglądania prywatnego. Dzięki temu unikniesz konfliktu między swoim kontem osobistym a kontem do nauki, co mogłoby spowodować naliczanie dodatkowych opłat na koncie osobistym.