Skip to content

Latest commit

 

History

History
97 lines (70 loc) · 3.33 KB

README.md

File metadata and controls

97 lines (70 loc) · 3.33 KB

gce-ssh

Tutorial of how to connect to GCE Linux instances.

Final environment

Getting Started

  1. Ensure the Following APIs are enabled (enable with gcloud services enable [service]):

    • compute.googleapis.com
  2. Ensure the default Google APIs service account (used by deployment manager) has permission to create roles:

    • In macOS/Linux:

      project_id=$(gcloud config list --format 'value(core.project)')
      project_number=$(gcloud projects list --filter "id:ca-labs" --format 'value(projectNumber)')
      gcloud projects add-iam-policy-binding $project_id \
        --member serviceAccount:$project_number@cloudservices.gserviceaccount.com \
        --role roles/iam.roleAdmin
    • In Windows (PowerShell):

      $project_id = gcloud config list --format 'value(core.project)'
      $project_number = gcloud projects list --filter "id:ca-labs" --format 'value(projectNumber)'
      gcloud projects add-iam-policy-binding $project_id `
        --member serviceAccount:$project_number@cloudservices.gserviceaccount.com `
        --role roles/iam.roleAdmin
  3. Deploy the deployment manager config in the infrastructure directory:

    gcloud deployment-manager deployments create lab --config infrastructure/deployment.yaml
  4. Bind the Lab role to the student user or group:

    • In macOS/Linux:

      member="[GROUP_OR_USER]"
      project_id=$(gcloud config list --format 'value(core.project)')
      role=$(gcloud iam roles list --project $project_id \
                                   --filter "name:projects/$project_id/roles/studentrole*" \
                                   --format "value(name)")
      gcloud projects add-iam-policy-binding $project_id \
      --member $member  \
      --role $role
    • In Windows (PowerShell):

      $member = "[GROUP_OR_USER]"
      $project_id = gcloud config list --format 'value(core.project)'
      $role = gcloud iam roles list --project $project_id `
                                    --filter "name:projects/$project_id/roles/studentrole*" `
                                    --format "value(name)"
      gcloud projects add-iam-policy-binding $project_id `
      --member $member  `
      --role $role

    An example of [GROUP_OR_USER] is user:[email protected].

Following Along

  1. Click SSH from the VM instances GCE tab to connect to the instance using SSH from the Browser.

  2. Paste a public key into the instance or project SSH key metadata and connect using a standard SSH client.

Tearing Down

When finished, remove the GCP resources with:

  • In macOS/Linux:

    gcloud projects remove-iam-policy-binding $project_id \
        --member $member  \
        --role $role
    gcloud deployment-manager deployments delete -q lab
  • In Windows (PowerShell):

    gcloud projects remove-iam-policy-binding $project_id `
        --member $member  `
        --role $role
    gcloud deployment-manager deployments delete -q lab