IN THIS ARTICLE
Outlines how to SSH to your cloud cluster with Qumulo in GCP
REQUIREMENTS
- Qumulo cloud cluster in GCP running Qumulo Core 2.14.0 or above
- Google Cloud Console access
DETAILS
In GCP, our instances use the google-accounts-daemon service to allow automatic configuration of SSH keys via instance metadata. GCP has various ways to transfer keys, automatically generate keys, and connect to the instances via SSH.
SSH to your Cloud Cluster via the Web Browser
GCP has a feature where users can SSH to their instances in the web browser via a button on the Instances page. If the button appears greyed out, then the user account does not have sufficient privileges to use SSH via the web browser. The SSH from the browser article from Google Cloud explains how to configure SSH from the browser.
SSH to your Cloud Cluster via the gcloud CLI Tool
GCP Instances can be accessed from the command line by running the following:
gcloud compute ssh --internal-ip USER@INSTANCE-NAME
You should have an SSH session on the remote machine. If you wish to use a different SSH key than the one that GCP automatically generates, run the following:
gcloud compute ssh --internal-ip USER@INSTANCE-NAME --ssh-key-file PATH_TO_PRIVATE_SSH_KEY
SSH to your Cloud Cluster via Traditional SSH
Traditional SSH can also be used to connect to the instance, if the instance has been specified to use a known key. We allow customers to provide their SSH key when they deploy their instances in the marketplace, as described in the Qumulo in GCP: Deploy an Instance article. This will propagate the key to each instance’s metadata, and it can be used for SSH outside of the browser.
Keys can also be added manually to an instance or project after creation and will be automatically usable by the instance after 5 to 10 minutes, or after a reboot. For more details, reference the Managing SSH keys in metadata Google Cloud article.
Manage SSH Access with OS Login
OS login is a feature of GCP which allows for faster and more reliable SSH connections via the browser or gcloud CLI. Using OS Login requires instances or the project containing the instance to be configured to use OS Login as outlined in the Enabling or disabling OS Login article from Google Cloud. This can be done for an instance by running:
gcloud compute instances add-metadata <INSTANCE-NAME> --metadata=enable-oslogin="TRUE"
The user attempting to use OS login also needs IAM roles configured. The Configuring OS Login roles on user accounts Google Cloud article explains how to configure OS Login for a user.
TROUBLESHOOTING
If having trouble running gcloud or browser SSH, try configuring OS login. Occasionally this has allowed a user to have access when previously they were getting stuck.
If various issues are continuing with OS login, try giving the user attempting the operation the Project/Owner IAM role.
RESOLUTION
You should now be able to successfully SSH to your cloud cluster with Qumulo in GCP
ADDITIONAL RESOURCES
Qumulo in GCP: Deploy a Cloud Cluster
Google Cloud: SSH from the browser
Google Cloud: Managing SSH keys in metadata
Google Cloud: Enabling or disabling OS Login
Google Cloud: Configuring OS Login roles on user accounts
Like what you see? Share this article with your network!
Comments
0 comments