Gcp Notes: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
Line 7: Line 7:
  export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"
  export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"


echo ${GOOGLE_CREDENTIALS}
echo ${GOOGLE_CLOUD_KEYFILE_JSON}
echo ${GCLOUD_KEYFILE_JSON}


whoami ?
whoami ?
Line 15: Line 12:
  gcloud auth list
  gcloud auth list


could be in any one of these env vars:
gsutil version -l
 
The gsutil will show legacy boto files:


also consider legacy ocnfig files ( when you want to be a suer, but you want to give the app a json file in an env var )
${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto


  ${HOME}/.config/gcloud/legacy_credentials/user@domain.com
but in the same dir there is:
 
  ${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json
 
whcih you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.
 
There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )
 
echo ${GOOGLE_CREDENTIALS}
echo ${GOOGLE_CLOUD_KEYFILE_JSON}
echo ${GCLOUD_KEYFILE_JSON}


== Storage ==
== Storage ==

Revision as of 15:18, 25 February 2020

Overview

Auth

get the auth file and then:

export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"


whoami ?

gcloud auth list
gsutil version -l

The gsutil will show legacy boto files:

${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto

but in the same dir there is:

${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json

whcih you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.

There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )

echo ${GOOGLE_CREDENTIALS}
echo ${GOOGLE_CLOUD_KEYFILE_JSON}
echo ${GCLOUD_KEYFILE_JSON}

Storage

Types of storage, how to choose:

https://cloud.google.com/storage-options/

Compute

https://cloud.google.com/sdk/gcloud/reference/compute/instances/create

how do I like project and familiy for well known images for terraform builds?

gcloud compute images list  --standard-images



OS Login

So you want to just ssh into the vm like you do everything else, you don't want to use

gcloud ssh login

or the "in browser" ssh client.

great , you want "OS Login"

lots of steps:

1. for the VM set the enable-oslogin meta data value to "TRUE"

in tf like this:

  metadata  = {
    enable-oslogin = "TRUE"
  }

2. give the user the correct roles:

Computer OS Login ( for vanilla , non-root access )
Compute OS Admin login ( for root access via sudo )

via command line this I think:

gcloud projects add-iam-policy-binding project-ID --member \
 serviceAccount:"velos-manager@project-ID.iam.gserviceaccount.com" \
 --role "roles/iam.serviceAccountUser"
 --no-user-output-enabled --quiet


How Tos

single node NFS
https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f

Reading

Hashes and ETags
Best Practices
https://cloud.google.com/storage/docs/hashes-etags