Please note that the contents of this offline web site may be out of date. To access the most recent documentation visit the online version .
Note that links that point to online resources are green in color and will open in a new window.
We would love it if you could give us feedback about this material by filling this form (You have to be online to fill it)



Accessing VMs

Google-managed VMs and User-managed VMs

When you deploy your app to a Managed VM hosting environment, root access to the underlying VMs is disabled by default. The VMs are Google-managed , or locked . This ensures that the fleet of compute is homogenous and manageable. Root access can be enabled per-VM by members of the project. When root access is enabled, a VM is User-managed , or unlocked .

When a VM is unlocked, these Google-managed services are disabled:

  • Instance health checking and healing
  • Automatic rollout of OS updates and security patches

An unlocked VM will still be part of the load balancer pool, and will receive external requests.

You can lock and unlock a VM from the Cloud Console.

You can use the SDK's debug command to unlock all the VMs for a particular module and version.

Whenever you switch VM management, a "VM instance locked/unlocked" event appears in the admin console and the event will be logged in the VM's /var/log/syslog.log file.

Changing management with the Cloud Console

Use the Cloud Console to switch management of a single instance of a module:

  • Go to the Cloud Console, select your project
  • Go to the App Engine section and select the Instances page
  • Select a module and one of its instances
  • Choose User-managed or Google-managed from the pulldown menu

When you switch to User-managed, a new tab will open in your browser, running a terminal shell that is ssh-ed into the VM.

When you switch to Google-managed, the VM will be stopped and a new instance of your app will be started, running on a clean, new VM.

Changing management with the debug command

The debug command can only be used to unlock VMs. To switch back to Google-managed VMs you must use the Cloud Console or redeploy the module using the update command. This command unlocks all the VMs that are running a particular version of a module.

The debug command has three optional flags:

-A <application-name> The application name
-M <module-name> The module name
-V <version-name> The version name


Note that the --oauth2 flag cannot be used with the debug command and managed VMs.

Python

To unlock all instances of the default module, specify the project's root directory:

<python_sdk_path>/appcfg.py -s preview.appengine.google.com debug <project-directory>

Alternatively, you could use the -A and -V flags to unlock all instances of a specific version of the default module:

<python_sdk_path>/appcfg.py -s preview.appengine.google.com  -A <app> -V <version> debug

To unlock instances of any module/version, use the -A, -M, and -V flags to name it explicitly:

<python_sdk_path>/appcfg.py -s preview.appengine.google.com  -A <app> -M <module-name> -V <version> debug

Go

To unlock all instances of the default module, specify the project's root directory:
<go_sdk_path>/appcfg.py -s preview.appengine.google.com debug <project-directory>

Alternatively, you could use the -A and -V flags to unlock all instances of a specific version of the default module:

<go_sdk_path>/appcfg.py -s preview.appengine.google.com  -A <app> -V <version> debug

To unlock instances of any module/version, use the -A, -M, and -V flags to name it explicitly:

<go_sdk_path>/appcfg.py -s preview.appengine.google.com  -A <app> -M <module-name> -V <version> debug

Java

To unlock all instances of a Java module, specify the war directory that defines the module:
<java_sdk_path>/appcfg.sh -s preview.appengine.google.com debug <war-dir>

You can also use the -A, -M, and -V flags along with the war directory. In this case, each flag value overrides the corresponding parameter in the file:

<java_sdk_path>/appcfg.sh -s preview.appengine.google.com  -A <app> -V <version> debug <war-dir>

Working with User-managed VMs

Once a VM is unlocked, you can connect to it via SSH . You can also use the gcloud compute ssh tool or another third party SSH client.

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.