Simulate a zone outage for a regional MIG
To test that your
regional managed instance group (MIG)
is overprovisioned enough and can survive a zone outage, you can use the
following example to simulate a zonal failure.
Before you begin
Use a script to simulate a zone outage
This script stops and starts Apache as the default scenario. If
this doesn't apply to your application, replace the commands that
stop and start Apache with your own failure and recovery scenario.
Deploy and run this script continuously in every VM in the group. You can do
this by adding the script to the
instance template or by including the script in a
custom image
and using the image in the instance template.
Simulate a zone failure by setting these two project metadata fields:
failed_zone: Sets the zone where you want to simulate the outage
(limit the failure to just one zone).failed_instance_names: Choose the VMs to take offline by name
(to limit the failure to only VM names containing this string).
You can set this metadata using the gcloud CLI. For
example, the following command
sets the zone outage to the europe-west1-b zone and affects VMs that
have names starting with base-instance-name:
gcloud compute project-info add-metadata --metadata failed_zone='europe-west1-b',failed_instance_names='base-instance-name-'
After you are done simulating the outage, recover from the failure by
removing the metadata keys:
gcloud compute project-info remove-metadata --keys failed_zone,failed_instance_names
Here are some ideas for failure scenarios you can run using this script:
- Stop your application completely to see how the MIG
responds.
- Make your VMs return as "unhealthy" on load balancing health checks.
- Modify iptables to block some of the traffic to and from the VM.
- Shutdown the VMs. By default, it will be recreated by
the regional MIG shortly after but the new incarnation will
immediately shutdown itself as soon as the script runs and as long as the
metadata values are set. This will result in a crash loop.
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-26 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis guide explains how to simulate a zonal failure to test if a regional managed instance group (MIG) is overprovisioned enough to handle outages.\u003c/p\u003e\n"],["\u003cp\u003eThe simulation involves using a script that can be deployed in each VM within the group to stop and start a service, such as Apache, to mimic failure and recovery scenarios.\u003c/p\u003e\n"],["\u003cp\u003eTo simulate a zone outage, two project metadata fields need to be set: \u003ccode\u003efailed_zone\u003c/code\u003e, specifying the zone to target, and \u003ccode\u003efailed_instance_names\u003c/code\u003e, which identifies the VMs to affect.\u003c/p\u003e\n"],["\u003cp\u003eYou can use the \u003ccode\u003egcloud\u003c/code\u003e CLI to set the metadata values for the simulated outage and then remove them to recover from the simulated failure.\u003c/p\u003e\n"],["\u003cp\u003eThe provided failure script can be used to test various failure scenarios, including stopping the application, causing VMs to return as "unhealthy," modifying iptables, and shutting down VMs.\u003c/p\u003e\n"]]],[],null,["# Simulate a zone outage for a regional MIG\n\n*** ** * ** ***\n\nTo test that your\n[regional managed instance group (MIG)](/compute/docs/instance-groups#managed_instance_groups)\nis overprovisioned enough and can survive a zone outage, you can use the\nfollowing example to simulate a zonal failure.\n\nBefore you begin\n----------------\n\n- If you want to use the command-line examples in this guide, install the [Google Cloud CLI](/compute/docs/gcloud-compute).\n- If you haven't already, set up [authentication](/compute/docs/authentication). Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:\n\n Select the tab for how you plan to use the samples on this page: \n\n ### gcloud\n\n 1.\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n After installation,\n [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command:\n\n ```bash\n gcloud init\n ```\n\n\n If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n | **Note:** If you installed the gcloud CLI previously, make sure you have the latest version by running `gcloud components update`.\n 2. [Set a default region and zone](/compute/docs/gcloud-compute#set_default_zone_and_region_in_your_local_client).\n\n ### REST\n\n\n To use the REST API samples on this page in a local development environment, you use the\n credentials you provide to the gcloud CLI.\n 1. [Install](/sdk/docs/install) the Google Cloud CLI. After installation, [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command: \n\n ```bash\n gcloud init\n ```\n 2. If you're using an external identity provider (IdP), you must first [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n\n For more information, see\n [Authenticate for using REST](/docs/authentication/rest)\n in the Google Cloud authentication documentation.\n\nUse a script to simulate a zone outage\n--------------------------------------\n\nThis script stops and starts Apache as the default scenario. If\nthis doesn't apply to your application, replace the commands that\nstop and start Apache with your own failure and recovery scenario.\n\n1. Deploy and run this script continuously in every VM in the group. You can do\n this by adding the script to the\n instance template or by including the script in a\n [custom image](/compute/docs/images/create-delete-deprecate-private-images)\n and using the image in the instance template.\n\n #!/usr/bin/env bash\n\n # Copyright 2016 Google Inc. All Rights Reserved.\n #\n # Licensed under the Apache License, Version 2.0 (the \"License\");\n # you may not use this file except in compliance with the License.\n # You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n # Unless required by applicable law or agreed to in writing, software\n # distributed under the License is distributed on an \"AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n # See the License for the specific language governing permissions and\n # limitations under the License.\n\n set -o nounset\n set -o errexit\n set -o pipefail\n\n function GetMetadata() {\n curl -s \"$1\" -H \"Metadata-Flavor: Google\"\n }\n\n PROJECT_METADATA_URL=\"http://metadata.google.internal/computeMetadata/v1/project/attributes\"\n INSTANCE_METADATA_URL=\"http://metadata.google.internal/computeMetadata/v1/instance\"\n ZONE=$(GetMetadata \"$INSTANCE_METADATA_URL/zone\" | cut -d '/' -f 4)\n INSTANCE_NAME=$(hostname)\n\n # We keep track of the state to make sure failure and recovery is triggered only once.\n STATE=\"healthy\"\n while true; do\n if [[ \"$ZONE\" = \"$(GetMetadata $PROJECT_METADATA_URL/failed_zone)\" ]] && \\\n [[ \"$INSTANCE_NAME\" = *\"$(GetMetadata $PROJECT_METADATA_URL/failed_instance_names)\"* ]]; then\n if [[ \"$STATE\" = \"healthy\" ]]; then\n STATE=\"failure\"\n # Do something to simulate failure here.\n echo \"STARTING A FAILURE\"\n /etc/init.d/apache2 stop\n fi\n else\n if [[ \"$STATE\" = \"failure\" ]] ; then\n STATE=\"healthy\"\n # Do something to recover here.\n echo \"RECOVERING FROM FAILURE\"\n /etc/init.d/apache2 start\n fi\n fi\n sleep 5\n done\n\n2. Simulate a zone failure by setting these two project metadata fields:\n\n - `failed_zone`: Sets the zone where you want to simulate the outage (limit the failure to just one zone).\n - `failed_instance_names`: Choose the VMs to take offline by name (to limit the failure to only VM names containing this string).\n\n You can set this metadata using the gcloud CLI. For\n example, the following command\n sets the zone outage to the `europe-west1-b` zone and affects VMs that\n have names starting with `base-instance-name`: \n\n ```\n gcloud compute project-info add-metadata --metadata failed_zone='europe-west1-b',failed_instance_names='base-instance-name-'\n ```\n3. After you are done simulating the outage, recover from the failure by\n removing the metadata keys:\n\n ```\n gcloud compute project-info remove-metadata --keys failed_zone,failed_instance_names\n ```\n\nHere are some ideas for failure scenarios you can run using this script:\n\n- Stop your application completely to see how the MIG responds.\n- Make your VMs return as \"unhealthy\" on load balancing health checks.\n- Modify iptables to block some of the traffic to and from the VM.\n- Shutdown the VMs. By default, it will be recreated by the regional MIG shortly after but the new incarnation will immediately shutdown itself as soon as the script runs and as long as the metadata values are set. This will result in a crash loop.\n\nWhat's next\n-----------\n\n- Learn how to build [scalable and resilient web applications](/solutions/scalable-and-resilient-apps).\n- Learn about [disaster recovery on Google Cloud Platform](/solutions/disaster-recovery-cookbook)."]]
