Skip to content
This repository was archived by the owner on Feb 12, 2021. It is now read-only.

Commit fd222c5

Browse files
ajeddelohajeddeloh
authored
Merge pull request #1249 from ajeddeloh/nightly
os/booting...gce: Add section on OS Login
2 parents 8d582cf + 1179579 commit fd222c5

File tree

1 file changed

+29
-1
lines changed

1 file changed

+29
-1
lines changed

os/booting-on-google-compute-engine.md

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,11 @@ For more information about mounting storage, Google's [own documentation](https:
9494

9595
To add more instances to the cluster, just launch more with the same Ignition config inside of the project.
9696

97-
## SSH
97+
## SSH and users
98+
99+
Users are added to Container Linux on GCE by the user provided configuration (i.e. Ignition, cloudinit) and by either the GCE account manager or [GCE OS Login](https://cloud.google.com/compute/docs/instances/managing-instance-access). OS Login is used if it is enabled for the instance, otherwise the GCE account manager is used.
100+
101+
### Using the GCE account manager
98102

99103
You can log in your Container Linux instances using:
100104

@@ -104,6 +108,30 @@ gcloud compute ssh --zone us-central1-a core@<instance-name>
104108

105109
Users other than `core`, which are set up by the GCE account manager, may not be a member of required groups. If you have issues, try running commands such as `journalctl` with sudo.
106110

111+
### Using OS Login
112+
113+
You can log in using your Google account on instances with OS Login enabled. OS Login needs to be [enabled in the GCE console](https://cloud.google.com/compute/docs/instances/managing-instance-access#enable_oslogin) and on the instance. It is enabled by default on instances provisioned with Container Linux 1898.0.0 or later. Once enabled, you can log into your Container Linux instances using:
114+
115+
```sh
116+
gcloud compute ssh --zone us-central1-a <instance-name>
117+
```
118+
119+
This will use your GCE user to log in.
120+
121+
122+
#### Disabling OS Login on newly provisioned nodes
123+
124+
You can disable the OS Login functionality by masking the `oem-gce-enable-oslogin.service` unit:
125+
126+
```yaml container-linux-config:gce
127+
systemd:
128+
units:
129+
- name: oem-gce-enable-oslogin.service
130+
mask: true
131+
```
132+
133+
When disabling OS Login functionality on the instance, it is also recommended to disable it in the GCE console.
134+
107135
## Using CoreOS Container Linux
108136

109137
Now that you have a machine booted it is time to play around. Check out the [Container Linux Quickstart](quickstart.md) guide or dig into [more specific topics](https://coreos.com/docs).

0 commit comments

Comments
 (0)