Operating system details


This page provides general operating system (OS) details and feature support for the OS images that are available on Compute Engine.

Some OS images are customized specifically to run on Compute Engine and have notable differences from the standard images that come directly from the operating system vendors. These differences are also covered for each OS.

For information about how support and maintenance is provided for these OS images on Compute Engine, based on support package, license type, and image lifecycle stage, see Support and maintenance policy for OS images.

CentOS

CentOS Linux is a free operating system that is derived from Red Hat Enterprise Linux (RHEL). Google Cloud builds and supports the CentOS images available for Compute Engine. There is no license fee for using CentOS with Compute Engine.

CentOS Stream is a distribution that is continuously delivered and tracks just ahead of RHEL development. CentOS Stream is positioned as a midstream development platform between Fedora Linux and RHEL.

Automatic updates

By default, this operating system is configured to install security updates by using the RHEL yum-cron or dnf-automatic tool. The updates have the following behaviors:

  • The yum-cron or dnf-automatic does not upgrade VMs between major versions of the operating system.
  • The upgrade tool is configured to only apply updates marked by the vendor as security updates.
  • Some updates require reboots to take effect. These reboots do not happen automatically.
Image configuration

The CentOS and CentOS Stream images that are provided by Compute Engine, have the following differences in configuration from standard CentOS images:

Account configuration

  • There are no local users configured with passwords.

Bootloader configuration

  • To force faster boot times, the boot timeout in the grub configuration is set to 0.
  • The I/O scheduler is set to noop.

Network configuration

  • IPv6 is enabled.
  • The DHCP client is set to retry every 10 seconds instead of every 5 minutes. The client is also set to persistent mode instead of oneshot.
  • The SSH server configuration is set up as follows:
    • Password authentication is disabled.
    • To prevent SSH disconnections, ServerAliveInterval and ClientAliveInterval are set to 7 minutes.
    • Root login is disabled.
  • /etc/udev/rules.d/75-persistent-net-generator.rules is disabled.
  • To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
  • By default, all traffic is allowed through the guest firewall because the VPC firewall rules overrides the guest firewall rules. The guest firewall rules remains enabled and can be configured through normal CentOS methods.
  • VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see the maximum transmission unit overview.

Package system and repository configuration

  • Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Google Cloud CLI.
  • Repositories are set to use the CentOS default mirror network.
    • For CentOS Stream 8, the PowerTools repository is enabled.
    • For CentOS 7, EPEL is enabled.
  • Automatic updates are configured as follows:
    • For CentOS 7, automatic updates are enabled by using yum-cron.
    • For CentOS Stream, automatic updates are enabled by using dnf automatic.
    • For all versions, the update_cmd property is set to security.However, by default CentOS does not offer security tagged repositories.
    • IPv6 endpoints are disabled in the yum or dnf config files for all versions.

Storage configuration

  • By default, images are 20 GB. This is the recommended minimum size.
  • The partition table is GPT, and there is an EFI partition to support booting on UEFI.
  • The floppy module is disabled because there is no floppy disk controller on Compute Engine .

Time configuration

  • The NTP server is set to use the Compute Engine metadata server.

General information

OS version Image project Image family Machine series Lifecycle stage EOL and image deprecation date
CentOS Stream 9 centos-cloud centos-stream-9 All except T2A GA TBD
CentOS Stream 8 centos-cloud centos-stream-8 All except T2A GA May 2024
CentOS 8 N/A N/A N/A EOL Dec 2021
CentOS 7 centos-cloud centos-7 All except T2A GA June 30, 2024
CentOS 6 N/A N/A N/A EOL November 30, 2020

Interfaces

OS version SCSI NVMe Google Virtual NIC (gVNIC) Multiple network interfaces
CentOS Stream 9
CentOS Stream 8
CentOS 8
CentOS 7
CentOS 6

Security features

OS version Shielded VM support Confidential VM support
CentOS Stream 9
CentOS Stream 8
CentOS 8
CentOS 7
CentOS 6

User space features

OS version Guest environment installed gcloud CLI installed OS Login supported Suspend and resume supported
CentOS Stream 9
CentOS Stream 8
CentOS 8
CentOS 7
CentOS 6

Networking features

OS version Tier_1 networking# 200 Gbps network bandwidth# Jumbo frames/MTU
CentOS Stream 9
CentOS Stream 8
CentOS 8 EOL EOL EOL
CentOS 7 *
CentOS 6 EOL EOL EOL

* You can update the gVNIC driver to the latest version to enable network egress bandwidths of 200 Gbps. For more information, see the Requirements and limitations section of "Configure per VM Tier_1 networking performance".

Fully supported with VirtIO, but requires an updated driver to use with gVNIC. For more information, see Jumbo frames.

# Only available with certain machine series.

GPU support

N1+GPU denotes support for NVIDIA T4, V100, P100, P4, or K80 GPU running on a general-purpose N1 machine family.

OS version N1+GPU A2 (A100) G2 (L4)
CentOS Stream 9
CentOS Stream 8
CentOS 8 EOL EOL EOL
CentOS 7
CentOS 6 EOL EOL EOL

VM Manager

OS version OS Config agent installed OS inventory supported OS policies supported Patch supported
CentOS Stream 9
CentOS Stream 8
CentOS 8
CentOS 7
CentOS 6

Import

For operating system support information on migrating VMs using Migrate to Virtual Machines, see supported operating systems.

OS version Import disk Import virtual appliance Import machine image
CentOS Stream 9
CentOS Stream 8
CentOS 8
CentOS 7
CentOS 6

License

OS version License type License
CentOS Stream 9 Free https://www.googleapis.com/compute/v1/projects/centos-cloud/global/licenses/centos-stream-9
CentOS Stream 8 Free https://www.googleapis.com/compute/v1/projects/centos-cloud/global/licenses/centos-stream
CentOS 8 EOL EOL
CentOS 7 Free https://www.googleapis.com/compute/v1/projects/centos-cloud/global/licenses/centos-7
CentOS 6 EOL EOL

Container-Optimized OS (COS)

Container-Optimized OS from Google is an operating system image for your Compute Engine instances that is optimized for running Docker containers. Google Cloud builds and supports the Container-Optimized OS images available for Compute Engine. There is no license fee for using Container-Optimized OS with Compute Engine.

For more information about Container-Optimized OS, see the Container-Optimized OS overview or release notes.

Automatic updates

By default, this operating system is configured to install security updates by using Automatic updates. The updates have the following behaviors:

  • These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
  • Some updates require reboots to take effect. These reboots do not happen automatically.
Image configuration

Network configuration

  • VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see the maximum transmission unit overview.

General information

OS version Image project x86 image family Arm image family Machine series Lifecycle stage EOL and image deprecation date
COS 109 LTS cos-cloud cos-109-lts cos-arm64-109-lts All except G2 GA September 2025
COS 105 LTS cos-cloud cos-105-lts cos-arm64-105-lts All except G2 GA March 2025
COS 101 LTS cos-cloud cos-101-lts cos-arm64-101-lts All except G2 GA September 2024
COS 97 LTS cos-cloud cos-97-lts N/A All except T2A, G2 GA March 2024
COS 93 LTS N/A N/A N/A N/A EOL October 2023

Interfaces

OS version SCSI NVMe Google Virtual NIC (gVNIC) Multiple network interfaces
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

Security features

OS version Shielded VM support Confidential VM support
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

User space features

OS version Guest environment installed gcloud CLI installed OS Login supported Suspend and resume supported
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

Networking features

OS version Tier_1 networking# 200 Gbps network bandwidth# Jumbo frames/MTU
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

* You can update the gVNIC driver to the latest version to enable network egress bandwidths of 200 Gbps. For more information, see the Requirements and limitations section of "Configure per VM Tier_1 networking performance".

Fully supported with VirtIO, but requires an updated driver to use with gVNIC. For more information, see Jumbo frames.

# Only available with certain machine series.

GPU support

N1+GPU denotes support for NVIDIA T4, V100, P100, P4, or K80 GPU running on a general-purpose N1 machine family.

For G2 VMs, the current default driver for Container-Optimized OS, don't support L4 GPUs running on G2 machine types. You might be able to install a supported version, see G2 limitations.

OS version N1+GPU A2 (A100) G2 (L4)
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

VM Manager

OS version OS Config agent installed OS inventory supported OS policies supported Patch supported
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

Import

For operating system support information on migrating VMs using Migrate to Virtual Machines, see supported operating systems.

OS version Import disk Import virtual appliance Import machine image
COS 109 LTS
COS 105 LTS
COS 101 LTS
COS 97 LTS
COS 93 LTS

License

OS version License type License
COS 109 LTS Free https://www.googleapis.com/compute/v1/projects/cos-cloud/global/licenses/cos
COS 105 LTS Free https://www.googleapis.com/compute/v1/projects/cos-cloud/global/licenses/cos
COS 101 LTS Free https://www.googleapis.com/compute/v1/projects/cos-cloud/global/licenses/cos
COS 97 LTS Free https://www.googleapis.com/compute/v1/projects/cos-cloud/global/licenses/cos
COS 93 LTS Free https://www.googleapis.com/compute/v1/projects/cos-cloud/global/licenses/cos

Debian

Debian is a free operating system offered by the Debian community. Google Cloud builds and supports the Debian images available for Compute Engine. There is no license fee for using Debian with Compute Engine.

Automatic updates

By default, this operating system is configured to install security updates by using the Debian UnattendedUpgrades tool. The updates have the following behaviors:

  • The UnattendedUpgrades tool does not upgrade VMs between major versions of the operating system.
  • The UnattendedUpgrades tool is configured to only automatically apply updates obtained from the Debian security repository.
  • Some updates require reboots to take effect. These reboots do not happen automatically.
Image configuration

The Debian image build configuration is available in an open source GitHub repository.

  • Debian build tools come from the Debian Cloud team image project.

Debian images are always built with the latest Debian packages which reflect the most recent Debian point release.

The Debian images that are provided by Compute Engine, have the following differences in configuration from standard Debian images:

Account configuration

  • There are no local users configured with passwords.

Bootloader configuration

  • To force faster boot times, the boot timeout in the grub configuration is set to 0.
  • The I/O scheduler is set to noop.
  • To allow SCSI block multi-queue usage, scsi_mod.use_blk_mq is enabled.

Network configuration

  • IPv6 is enabled.
  • The SSH server configuration is set up as follows:
    • Password authentication is disabled.
    • Root login is disabled.
  • To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
  • VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see the maximum transmission unit overview.

Package system and repository configuration

  • Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Google Cloud CLI. The guest environment packages and the Google Cloud CLI packages are installed and enabled by default.
  • The APT sources are set to use the Debian CDN.
  • The Unattended-upgrades package is installed and configured to download and install Debian security updates daily. This can be configured or disabled by changing the values in /etc/apt/apt.conf.d/50unattended-upgrades and /etc/apt/apt.conf.d/02periodic.
  • The cloud-initramfs-growroot package is removed and replaced with the Google supported gce-disk-expand package.
  • Debian 10+ includes the following:
    • The linux-image-cloud-amd64 kernel instead of the generic Debian kernel.
    • The haveged package to provide entropy.

Storage configuration

  • Images are 10 GB by default.
  • The partition table is GPT, and there is an EFI partition to support booting on UEFI. There is also an MBR boot block to support BIOS.
  • The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Time configuration

  • The NTP server is set to use the Compute Engine metadata server.

General information

OS version Image project x86 image family Arm image family Machine series Lifecycle stage EOL and image deprecation date
Debian 12 debian-cloud debian-12 debian-12-arm64 All GA TBD
Debian 11 debian-cloud debian-11 debian-11-arm64 All GA June 2026
Debian 10 debian-cloud debian-10 N/A All except T2A, M3, C3, C3D, H3 LTS* June 2024
Debian 9 N/A N/A N/A N/A EOL June 2022

*Debian LTS: Debian is supporting this release with Debian LTS. Critical security updates are provided via the Debian LTS project for the duration of the LTS lifecycle.

Interfaces

OS version SCSI NVMe Google Virtual NIC (gVNIC) Multiple network interfaces
Debian 12
Debian 11
Debian 10
Debian 9 *

*This OS image supports NVMe but does not include all optimizations for NVMe.

Security features

OS version Shielded VM support Confidential VM support
Debian 12
Debian 11
Debian 10
Debian 9

User space features

OS version Guest environment installed gcloud CLI installed OS Login supported Suspend and resume supported
Debian 12
Debian 11
Debian 10
Debian 9

Networking features

OS version Tier_1 networking# 200 Gbps network bandwidth# Jumbo frames/MTU
Debian 12 *
Debian 11 *
Debian 10
Debian 9 EOL EOL EOL

* You can update the gVNIC driver to the latest version to enable network egress bandwidths of 200 Gbps. For more information, see the Requirements and limitations section of "Configure per VM Tier_1 networking performance".

Fully supported with VirtIO, but requires an updated driver to use with gVNIC. For more information, see Jumbo frames.

# Only available with certain machine series.

GPU support

N1+GPU denotes support for NVIDIA T4, V100, P100, P4, or K80 GPU running on a general-purpose N1 machine family.

OS version N1+GPU A2 (A100) G2 (L4)
Debian 12
Debian 11
Debian 10
Debian 9 EOL EOL EOL

VM Manager

OS version OS Config agent installed OS inventory supported OS policies supported Patch supported
Debian 12
Debian 11
Debian 10
Debian 9

Import

For operating system support information on migrating VMs using Migrate to Virtual Machines, see supported operating systems.

OS version Import disk Import virtual appliance Import machine image
Debian 12
Debian 11
Debian 10
Debian 9

License

OS version License type License
Debian 12 Free https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-12-bookworm
Debian 11 Free https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-11-bullseye
Debian 10 Free https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-10-buster
Debian 9 EOL https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch

Fedora CoreOS

Fedora CoreOS is a distribution that provides features that are needed to run modern infrastructure stacks. Fedora CoreOS uses Linux containers to manage your services at a higher level of abstraction. Google Cloud provides Fedora CoreOS images built and supported by Fedora. There is no license fee for using Fedora CoreOS with Compute Engine.

Automatic updates

By default, this operating system is configured to install security updates by using the FedoraCoreOS automatic update tool. The updates have the following behaviors:

  • These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
  • Some updates require reboots to take effect. These reboots do not happen automatically.
Image configuration

Network configuration

  • VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see the maximum transmission unit overview.

General information

OS version Image project Image family Arm image family Machine series Lifecycle stage EOL and image deprecation date
Fedora CoreOS Stable fedora-coreos-cloud fedora-coreos-stable fedora-coreos-stable-arm64 All GA Rolling
Fedora CoreOS Testing fedora-coreos-cloud fedora-coreos-testing fedora-coreos-testing-arm64 All GA Rolling
Fedora CoreOS Next fedora-coreos-cloud fedora-coreos-next fedora-coreos-next-arm64 All GA Rolling

Interfaces

OS version SCSI NVMe Google Virtual NIC (gVNIC) Multiple network interfaces
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

Security features

OS version Shielded VM support Confidential VM support
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

User space features

OS version Guest environment installed gcloud CLI installed OS Login supported Suspend and resume supported
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

Networking features

OS version Tier_1 networking 200 Gbps network bandwidth Jumbo frames/MTU
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

GPU support

N1+GPU denotes support for NVIDIA T4, V100, P100, P4, or K80 GPU running on a general-purpose N1 machine family.

OS version N1+GPU A2 (A100) G2 (L4)
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

VM Manager

OS version OS Config agent installed OS inventory supported OS policies supported Patch supported
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

Import

For operating system support information on migrating VMs using Migrate to Virtual Machines, see supported operating systems.

OS version Import disk Import virtual appliance Import machine image
Fedora CoreOS Stable
Fedora CoreOS Testing
Fedora CoreOS Next

License

OS version License type License
Fedora CoreOS Stable Free https://www.googleapis.com/compute/v1/projects/fedora-coreos-cloud/global/licenses/fedora-coreos-stable
Fedora CoreOS Testing Free https://www.googleapis.com/compute/v1/projects/fedora-coreos-cloud/global/licenses/fedora-coreos-testing
Fedora CoreOS Next Free https://www.googleapis.com/compute/v1/projects/fedora-coreos-cloud/global/licenses/fedora-coreos-next

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux (RHEL) is an open-source Linux operating system that provides both server and desktop operating systems. Google Cloud builds and supports the RHEL OS images available for Compute Engine.

RHEL images are premium resources that incur additional fees to use. If you want to use an existing RHEL subscription, you can use the Red Hat Cloud Access feature.

The Red Hat Knowledgebase provides you with access to articles, solutions, product documentation, and community discussions. The Red Hat Knowledgebase is available as a single-sign-on (SSO) option through the Google Cloud console. See Access Red Hat Knowledgebase.

To view a list of frequently asked questions when running RHEL on Compute Engine, see Red Hat Enterprise Linux FAQ.

Automatic updates

By default, this operating system is configured to install security updates by using the RHEL yum-cron (RHEL 7) or dnf automatic (RHEL 8+) tool. The updates have the following behaviors:

  • These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
  • Starting with RHEL 7, the operating system is also configured to only apply updates marked by the vendor as security updates.
  • Some updates require reboots to take effect. These reboots do not happen automatically.
Image configuration

The RHEL image build configuration is available in an open source GitHub repository.

RHEL images are always built with the latest RHEL packages, which reflect the most recent point release. Currently, you cannot pin a VM to a point release.

RHEL for SAP images are tagged to the specific point release they are built for as supported by Red Hat.

The RHEL images that are provided by Compute Engine, have the following differences in configuration from standard RHEL images:

Account configuration

  • There are no local users configured with passwords.

Bootloader configuration

  • To force faster boot times, the boot timeout in the grub configuration is set to 0.
  • The I/O scheduler is set to noop.

Network configuration

  • IPv6 is enabled.
  • The DHCP client is set to retry every 10 seconds instead of every 5 minutes. The client is also set to persistent mode instead of oneshot.
  • The SSH server configuration is set up as follows:
    • Password authentication is disabled.
    • To prevent SSH disconnections, ServerAliveInterval and ClientAliveInterval are set to 7 minutes.
    • Root login is disabled.
  • /etc/udev/rules.d/75-persistent-net-generator.rules is disabled.
  • To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
  • By default, all traffic is allowed through the guest firewall because the VPC firewall rules overrides the guest firewall rules. The guest firewall rules remains enabled and can be configured through normal RHEL methods.
  • VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see the maximum transmission unit overview.

Package and repository configuration

  • Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Google Cloud CLI.
  • For RHEL 7, EPEL is enabled.
  • RHEL for SAP yum vars are set to peg the client to the supported RHEL for SAP point release.
  • RHEL content comes from the Compute Engine Red Hat Update Infrastructure (RHUI) serve