This document describes the installation and usage of the
gcloud compute
command-line tool, which enables you to manage your Google Compute Engine resources.
gcloud
is a unified command line tool that includes
improvements over the legacy
gcutil
tool, including statement autocompletion,
in-place updating, extensive man-page style help, human-readable and
machine-parsable output formats, and integration with Google Cloud SDK.
If you haven't already activated Google Compute Engine, follow the
Sign Up
steps. We also recommend that you
review the
Quickstart: Using gcloud
compute
. If you need help transitioning from using
gcutil
to
gcloud compute
, see
Transitioning to gcloud compute
.
Contents
- Installing gcloud compute
- Authenticating to Google Compute Engine
- Getting help
- Setting a default zone and region
- Common gcloud compute commands for working with instances
- Next Steps
Installing gcloud compute
To use
gcloud compute
, install the Google Cloud SDK if you have not already.
System Requirements : Google Cloud SDK runs on Windows, Mac OS X and Linux, and requires Python 2.7.x. Some of the individual tools bundled with Cloud SDK have more stringent requirements: using App Engine tools for Java development requires Java 1.7+.
-
Download and install Google Cloud SDK by running the following command in your shell or Terminal:
curl https://sdk.cloud.google.com | bash
Or, you can download google-cloud-sdk.zip or google-cloud-sdk.tar.gz , unpack it, and launch the
./google-cloud-sdk/install.sh
script. -
Restart your shell or Terminal.
-
Launch the downloaded
GoogleCloudSDKInstaller.exe
installer and follow the prompts. -
When the installation finishes, open a command prompt (
cmd.exe
) or the Google Cloud SDK Shell from Desktop or Start Menu.
For more installation options, see the Cloud SDK Overview .
Authenticating to Google Compute Engine
Google Compute Engine uses
OAuth2
to
authenticate and authorize access. Before you can use
gcloud compute
, you
must first authorize the Cloud SDK on your behalf to access your project and
acquire an auth token. You won't need to repeat these steps unless you delete
your stored credentials file or remove Google Compute Engine access to your Google
account.
-
Run
gcloud auth login
to request a token. This command prints a URL and tries to open a browser window to request access to your project. If a browser window can be opened, you will see the following output:$ gcloud auth login Your browser has been opened to visit: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.co%2 Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbigquery+https %3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com% Fauth%2Fdevstorage.full_control+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuser... Created new window in existing browser session.
-
If the Cloud SDK detects that a browser can not be opened (e.g., you are working on a remote machine) you will see the output below. Or, if you are working on a local machine and your browser doesn't automatically load the URL, then retry the
gcloud auth login
command with the--no-launch-browser
flag. In either case, copy the authentication URL and paste it into a browser.$ gcloud auth login --no-launch-browser Go to the following link in your browser: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.co%2 Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbigquery+https %3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com% Fauth%2Fdevstorage.full_control+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuser... Enter verification code:
-
Grant access.
In the browser window, review the application permissions and click Accept when you are ready. If you are working on a remove machine or used the
--no-launch-browser
flag, copy and paste the returned code on the command line after Enter verification code: . Otherwise, the code will automatically be sent to the command line without any additional action on your part. -
(Optional)
Since a number of
gcloud compute
commands require the--project
flag, you can instead set the default ID of the project you want to use for Google Compute Engine by running the following command:$ gcloud config set project PROJECT
To set your default project ID to a different one, re-run the command above at any time.
Similarly, to unset your project ID, run:
$ gcloud config unset project
You can also view your settings, including your project ID:
$ gcloud config list
Getting help
The following commands show you how to access different types of help, from
general help about
gcloud compute
, to specific help about a resource group
(
instances
) or a command (
create
). Comprehensive help for all
resources and commands follows this pattern:
$ gcloud compute --help
$ gcloud compute instances --help
$ gcloud compute instances create --help
Quick help can be obtained by using the
-h
flag instead of the
--help
flag.
You can also review all of the comprehensive help at
Cloud SDK Reference
.
Setting a default zone and region
You can set default zone and region values for
gcloud compute
commands
that take zone and regions as flags, such as
instances create
,
target-pools describe
, and
target-instances delete
.
When you set default zone and region values,
gcloud compute
will use these
values if you omit a zone or region flag for a command where it is required.
gcloud compute
uses the following order of precedence for what values of
zone and region it uses:
-
Zone or region values you provide as a command line flag,
--zone
or--region
. -
Environment variables
CLOUDSDK_COMPUTE_ZONE
andCLOUDSDK_COMPUTE_REGION
-
Configuration properties set with
gcloud config
.
If a zone or region value was still not determined after the checks above,
gcloud compute
prompts you to
provide a zone or region value.
To set configuration properties
To see what properties are configured use:
$ gcloud config list
To see a list of available zones and regions you can use:
$ gcloud compute zones list
$ gcloud compute regions list
To set a zone or region property, use:
$ gcloud config set compute/zone ZONE
$ gcloud config set compute/region REGION
To remove the zone or region property, use:
$ gcloud config unset compute/zone
$ gcloud config unset compute/region
Points to keep in mind:
-
If a list command has a
--zones
or--regions
flag (for example,operations list
),gcloud compute
does not use the zone config property or environment variable, even if they exist. -
If you are working with
gcloud compute
interactively, it may be easier to work without setting a zone or region property and letgcloud compute
prompt you to choose a value when it is required.
Common gcloud compute commands for working with instances
Below are examples of common tasks when working with instances. For more details about working with instances in general, see Instances .
Creating instances
Use the
instances
create
command to
create a new instance. For example, the following command creates an instance
named "my-instance" in the "us-central1-a" zone.
$ gcloud compute instances create my-instance --zone us-central1-a
If you omit the
--zone
flag and no default zone is set,
gcloud compute
prompts you to provide the zone. For more information, see
Setting a default zone and region
.
Other required instance settings, like
machine
type
and
image
, if
not specified in the create command, are set to default values.
You can see the default values by displaying help for the
create command
:
$ gcloud compute instances create --help
Listing instances
There are a number of ways to list your instances using the
instances list
command.
You can create a human-readable, tabular output with the following command:
$ gcloud compute instances list
You can use regular expressions to narrow the list of instances returned by name. For example, the following command returns all instances whose names start with "my-".
$ gcloud compute instances list --regexp my-.*
Fore more information about working with the
--regexp
flag and using
regular expressions, see
Fetching resources
.
To return details about one instance, use the
instances describe
command. For example, the following command returns information
about "my-instance".
$ gcloud compute instances describe my-instance --zone us-central1-a
The previous command returns results in YAML format. You can use the
--format
flag to change how the results are displayed. For more examples of
getting and listing resources, including instances, see
Fetching
Resources
.
Connecting to instances
gcloud compute
makes connecting to your instances easy. The
gcloud compute ssh
and
gcloud compute copy-files
commands provide wrappers around around SSH and SCP, which takes care of
authentication and the mapping of instance name to IP address.
For example, to ssh in to "my-instance" in the "us-central1-a" zone, you can use:
$ gcloud compute ssh my-instance --zone us-central1-a
To copy the local file "file-1" to "my-instance" in the "us-central1-a" zone, you can use:
$ gcloud compute copy-files ~/file-1 my-instance:~/remote-destination --zone us-central1-a
The
copy-files
command can also be used to copy files from an instance to
your local machine. For example, to create a local copy of "file-1", which is on
the instance "my-instance" in the "us-central1-a" zone, you can use:
$ gcloud compute copy-files my-instance:~/file-1 ~/local-destination --zone us-central1-a
Both the
gcloud compute ssh
and
gcloud compute copy-files
commands, by
default, use the private key
file located at "~/.ssh/google_compute_engine". If you don't want to use this
key file, you can specify a different key file by specifying a different
location with the
--ssh-key-file
flag. For example, you might already have a
private key you want to use, or you might want to use different private keys
with different projects.
Using SSH-based programs directly
If you prefer to use
ssh
and
scp
directly,
gcloud compute
can generate
an SSH configuration file that contains host aliases for your instances with
authentication configuration. To do this, run:
$ gcloud compute config-ssh
Here's an example of one alias added to the SSH configuration file
(
~/.ssh/config
):
Host my-instance.us-central1-a.my-project HostName 107.178.220.224 IdentityFile ~/.ssh/google_compute_engine UserKnownHostsFile=/dev/null CheckHostIP=no StrictHostKeyChecking=no
You can specify an alternative, per-user SSH config file by
using the
--ssh-config-file
flag.
Every time you add or remove an instance, you should rerun the
config-ssh
command.
After updating your SSH config files with the
config-ssh
command, you can
use any SSH-based program to access your instances. For example, for the
instance named "my-instance", in the "us-central1-a" zone, in the project named
"my-project", you can use the
OpenSSH
ssh client as follows:
$ ssh my-instance.us-central1-a.my-project
To make a local copy of the file "file-1" on the instance, you can use the OpenBSD scp client as follows:
$ scp my-instance.us-central1-a.my-project:~/file-1 .
Working with metadata
You can set custom metadata for an instance or project outside of the server- defined metadata. This is useful for passing in arbitrary values to your project or instance that can be queried by your code on the instance. This section shows a few common metadata operations. For more detailed information about working with metadata, see Storing and Retrieving Metadata .
Adding and removing instance metadata
You can configure instance metadata with
gcloud compute
when you create an
instance using the
create
command, or with an existing instance using the
add-metadata
and
remove-metadata
commands. Metadata are specified as
key/value pairs separated with an equals sign ("=") using the
--metadata
flag. Or, metadata can be read from a local file using the
--metadata-from-from
flag.
For example, to add the custom metadata keys "role", "unique-id", and "build- num" to an existing instance named "my-instance" in the "us-central1-a" zone, you can use:
$ gcloud compute instances add-metadata my-instance \
--zone us-central1-a \
--metadata role=worker unique-id=1234 build-num=4.32
To remove the custom metadata keys "role" and "unique-id", you can use:
$ gcloud compute instances remove-metadata my-instance \
--zone us-central1-a \
--keys role unique-id
After adding and removing metadata from an existing instance, you can see your changes by running:
$ gcloud compute instances describe my-instance --zone us-central1-a
...
metadata:
fingerprint: eU448B6JGQw=
items:
- key: build-num
value: '4.32'
kind: compute#metadata
...
To change existing metadata or add new metadata, use
add-metadata
. Instance
metadata updates are additive. This means that you need to only specify the
metadata keys that you want to add or change. If you specify an existing key,
then the key's value will be updated with the new value.
For images that have Google Compute Engine tools installed on them, there are two metadata keys that are reserved for startup scripting functionality:
-
startup-script
: Indicates script content that is executed when the instance starts. For longer script content, you can use the--metadata-from-file
flag to pass in a path to a file that contains the script content.