env/linux-x86-vmx/create.sh - build - Git at Google

 #!/bin/sh
 # Copyright 2019 The Go Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.

 # This creates the debian-bullseye-vmx buildlet VM that's
 # like the Container-Optimized OS but using Debian Bullseye
 # instead of the Chromium OS, and with nested virtualization
 # enabled.

 set -e
 set -x

 ZONE=us-central1-f
 TARGET_IMAGE=debian-bullseye-vmx

 TMP_DISK=dev-debian-vmx-tmpdisk
 TMP_IMG=dev-debian-vmx-image
 TMP_VM=dev-debian-vmx

 # Create disk, forking Debian 9 (Stretch).
 gcloud compute disks delete $TMP_DISK --zone=$ZONE --quiet || true
 gcloud compute disks create $TMP_DISK \
        --zone=$ZONE \
        --size=40GB \
        --image-project=debian-cloud \
        --image-family debian-11

 # Create image based on that disk, with the nested virtualization
 # opt-in flag ("license").
 gcloud compute images delete $TMP_IMG --quiet || true
 gcloud compute images create \
        $TMP_IMG \
        --source-disk=$TMP_DISK \
        --source-disk-zone=$ZONE \
        --licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"

 # No longer need that temp disk:
 gcloud compute disks delete $TMP_DISK --zone=$ZONE --quiet

 # Create the VM
 gcloud compute instances delete --zone=$ZONE $TMP_VM --quiet || true
 gcloud compute instances create \
        $TMP_VM \
        --zone=$ZONE \
        --image=$TMP_IMG \
        --min-cpu-platform "Intel Haswell" \
        --network default-vpc \
        --no-service-account --no-scopes

 echo "Waiting for SSH port to be available..."
 while ! gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- echo hi; do
     sleep 1
 done

 echo "SSH is up. Copying prep-vm.sh script to VM..."

 # gcloud compute scp lacks an --internal-ip flag, even though gcloud
 # compute ssh has it. Annoying. Workaround:
 gcloud compute scp --zone=$ZONE --tunnel-through-iap prep-vm.sh $TMP_VM:

 # And prep the machine.
 gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- sudo bash ./prep-vm.sh

 echo "Done prepping machine; shutting down"

 # Shut it down so it's a stable source to snapshot from.
 gcloud compute instances stop $TMP_VM --zone=$ZONE

 # Now make the new image from our instance's disk.
 gcloud compute images delete $TARGET_IMAGE --quiet || true
 gcloud compute images create $TARGET_IMAGE --source-disk=$TMP_VM --source-disk-zone=$ZONE

 gcloud compute images delete $TMP_IMG --quiet

 echo "Done."
	#!/bin/sh
	# Copyright 2019 The Go Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style
	# license that can be found in the LICENSE file.

	# This creates the debian-bullseye-vmx buildlet VM that's
	# like the Container-Optimized OS but using Debian Bullseye
	# instead of the Chromium OS, and with nested virtualization
	# enabled.

	set -e
	set -x

	ZONE=us-central1-f
	TARGET_IMAGE=debian-bullseye-vmx

	TMP_DISK=dev-debian-vmx-tmpdisk
	TMP_IMG=dev-debian-vmx-image
	TMP_VM=dev-debian-vmx

	# Create disk, forking Debian 9 (Stretch).
	gcloud compute disks delete $TMP_DISK --zone=$ZONE --quiet \|\| true
	gcloud compute disks create $TMP_DISK \
	--zone=$ZONE \
	--size=40GB \
	--image-project=debian-cloud \
	--image-family debian-11

	# Create image based on that disk, with the nested virtualization
	# opt-in flag ("license").
	gcloud compute images delete $TMP_IMG --quiet \|\| true
	gcloud compute images create \
	$TMP_IMG \
	--source-disk=$TMP_DISK \
	--source-disk-zone=$ZONE \
	--licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"

	# No longer need that temp disk:
	gcloud compute disks delete $TMP_DISK --zone=$ZONE --quiet

	# Create the VM
	gcloud compute instances delete --zone=$ZONE $TMP_VM --quiet \|\| true
	gcloud compute instances create \
	$TMP_VM \
	--zone=$ZONE \
	--image=$TMP_IMG \
	--min-cpu-platform "Intel Haswell" \
	--network default-vpc \
	--no-service-account --no-scopes

	echo "Waiting for SSH port to be available..."
	while ! gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- echo hi; do
	sleep 1
	done

	echo "SSH is up. Copying prep-vm.sh script to VM..."

	# gcloud compute scp lacks an --internal-ip flag, even though gcloud
	# compute ssh has it. Annoying. Workaround:
	gcloud compute scp --zone=$ZONE --tunnel-through-iap prep-vm.sh $TMP_VM:

	# And prep the machine.
	gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- sudo bash ./prep-vm.sh

	echo "Done prepping machine; shutting down"

	# Shut it down so it's a stable source to snapshot from.
	gcloud compute instances stop $TMP_VM --zone=$ZONE

	# Now make the new image from our instance's disk.
	gcloud compute images delete $TARGET_IMAGE --quiet \|\| true
	gcloud compute images create $TARGET_IMAGE --source-disk=$TMP_VM --source-disk-zone=$ZONE

	gcloud compute images delete $TMP_IMG --quiet

	echo "Done."