Gcp Notes: Difference between revisions
No edit summary |
(→Auth) |
||
Line 7: | Line 7: | ||
export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json" | export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json" | ||
whoami ? | whoami ? | ||
Line 15: | Line 12: | ||
gcloud auth list | gcloud auth list | ||
gsutil version -l | |||
The gsutil will show legacy boto files: | |||
${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto | |||
${HOME}/.config/gcloud/legacy_credentials/ | but in the same dir there is: | ||
${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json | |||
whcih you can put in the GOOGLE_APPLICATION_CREDENTIALS env var. | |||
There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform ) | |||
echo ${GOOGLE_CREDENTIALS} | |||
echo ${GOOGLE_CLOUD_KEYFILE_JSON} | |||
echo ${GCLOUD_KEYFILE_JSON} | |||
== Storage == | == Storage == |
Revision as of 15:18, 25 February 2020
Overview
Auth
get the auth file and then:
export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"
whoami ?
gcloud auth list
gsutil version -l
The gsutil will show legacy boto files:
${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto
but in the same dir there is:
${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json
whcih you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.
There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )
echo ${GOOGLE_CREDENTIALS} echo ${GOOGLE_CLOUD_KEYFILE_JSON} echo ${GCLOUD_KEYFILE_JSON}
Storage
Types of storage, how to choose:
https://cloud.google.com/storage-options/
Compute
https://cloud.google.com/sdk/gcloud/reference/compute/instances/create
how do I like project and familiy for well known images for terraform builds?
gcloud compute images list --standard-images
OS Login
So you want to just ssh into the vm like you do everything else, you don't want to use
gcloud ssh login
or the "in browser" ssh client.
great , you want "OS Login"
lots of steps:
1. for the VM set the enable-oslogin meta data value to "TRUE"
in tf like this:
metadata = { enable-oslogin = "TRUE" }
2. give the user the correct roles:
Computer OS Login ( for vanilla , non-root access ) Compute OS Admin login ( for root access via sudo )
via command line this I think:
gcloud projects add-iam-policy-binding project-ID --member \ serviceAccount:"velos-manager@project-ID.iam.gserviceaccount.com" \ --role "roles/iam.serviceAccountUser" --no-user-output-enabled --quiet
How Tos
- single node NFS
- https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f
Reading
- Hashes and ETags
- Best Practices
- https://cloud.google.com/storage/docs/hashes-etags