Use this document to verify that VM Manager is set up properly. For information about setting up VM Manager, see Set up VM Manager.
To verify the setup, you can either use the troubleshoot command or perform manual checks on the virtual machine (VM) instance.
Before you begin
- For Windows VMs, use PowerShell 3.0 or later.
-
If you haven't already, set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine as follows.
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
-
Use the troubleshoot command
Use the
os-config troubleshoot
command
to verify the setup. If any of the checks fail, you are
provided with feedback on how to fix the issue.
gcloud compute os-config troubleshoot VM_NAME \ --zone=ZONE
Replace the following:
VM_NAME
: the name of the VM instance that you want to troubleshootZONE
: the zone where the instance is located
Examples
- Example 1: shows the output for the
os-config troubleshoot
command when the VM instance has issues with the setup Example 2: shows the output for the
os-config troubleshoot
command when the VM instance is properly set up
Example 1
To troubleshoot a VM instance called my-instance-1
in zone asia-east2-b
,
run the following:
gcloud compute os-config troubleshoot my-instance-1 \ --zone=asia-east2-b
The output resembles the following:
OS Config troubleshooter tool is checking if there are issues with the VM Manager setup for this VM instance. > Is the OS Config API enabled? Yes > Is the OS Config agent enabled? Yes > Is the OS Config agent up to date? No The version of OS Config agent running on this VM instance is not the latest version. See https://cloud.google.com/compute/docs/manage-os/upgrade-vm-manager#update-agent on how to update the agent.
Example 2
To troubleshoot a VM instance called my-instance-2
in zone us-west1-b
,
run the following:
gcloud compute os-config troubleshoot my-instance-2 \ --zone=us-west1-b
The output resembles the following:
OS Config troubleshooter tool is checking if there are issues with the VM Manager setup for this VM instance. > Is the OS Config API enabled? Yes > Is the OS Config agent enabled? Yes > Is the OS Config agent up to date? Yes > Is a service account present on the instance? Yes > Is the OS Config Service account present for this instance? Yes > Does this instance have a public IP or Private Google Access? Yes This instance has a public IP.
Manual verification
To manually verify that VM Manager is properly set up, complete the following checks:
- OS Config API enabled
- OS Config metadata is enabled
- OS Config agent installed and running
- Service account enabled
- VM can communicate with the OS Config API
If VM Manager is properly setup but you still have issues, see Troubleshooting VM Manager.
Check if OS Config API is enabled
In your Google Cloud project, check if the API is enabled.
Console
In the Google Cloud console, go to the OS Config API page.
gcloud
gcloud services list --enabled
If the API is enabled, the output resembles the following:
osconfig.googleapis.com OS Config API
If the API is not enabled, enable the OS Config API.
Check if metadata is enabled
Linux
For project metadata, on the VM, complete the following steps:
Query the project attributes endpoint:
curl "http://metadata.google.internal/computeMetadata/v1/project/attributes/" \ -H "Metadata-Flavor: Google"
If the agent metadata value is set, the output resembles the following:
enable-osconfig
If the
enable-osconfig
value displays, query the endpoint:curl "http://metadata.google.internal/computeMetadata/v1/project/attributes/enable-osconfig" \ -H "Metadata-Flavor: Google"
If enabled, the endpoint returns
TRUE
.
If the metadata is not enabled, enable the OS Config metadata.
Windows
For project metadata, on a VM, open a PowerShell terminal as an administrator and run the following command:
Query the project attributes endpoint:
$value = (Invoke-RestMethod ` -Headers @{'Metadata-Flavor' = 'Google'} ` -Uri "http://metadata.google.internal/computeMetadata/v1/project/attributes/") $value
If the agent metadata value is set, the output resembles the following:
enable-osconfig
If the
enable-osconfig
value displays, query the endpoint:$value = (Invoke-RestMethod ` -Headers @{'Metadata-Flavor' = 'Google'} ` -Uri "http://metadata.google.internal/computeMetadata/v1/project/attributes/enable-osconfig") $value
If enabled, the endpoint returns
TRUE
.
If the metadata is not enabled, enable the OS Config metadata.
Check if the OS Config agent is installed and running
Linux
To check whether your Linux VM has the agent installed, run the following command:
sudo systemctl status google-osconfig-agent
If the agent is installed and running, the output resembles the following:
google-osconfig-agent.service - Google OSConfig Agent Loaded: loaded (/lib/systemd/system/google-osconfig-agent.service; enabled; vendor preset: Active: active (running) since Wed 2020-01-15 00:14:22 UTC; 6min ago Main PID: 369 (google_osconfig) Tasks: 8 (limit: 4374) Memory: 102.7M CGroup: /system.slice/google-osconfig-agent.service └─369 /usr/bin/google_osconfig_agent
If the agent is not installed, install the OS Config agent.
Windows
To check whether your Windows VM has the agent installed, run the following command:
PowerShell Get-Service google_osconfig_agent
If the agent is installed and running, the output resembles the following:
Status Name DisplayName ------ ---- ----------- Running google_osconfig... Google OSConfig Agent
If the agent is not installed, install the OS Config agent.
Check if the service account is enabled
For information about service account requirements, see Setup overview.
Linux
On the VM, run the following:
curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/" \ -H "Metadata-Flavor: Google"
The output should at least include the default service account.
default/
Windows
On the VM, open a PowerShell terminal as an administrator and run the following command:
$value = (Invoke-RestMethod ` -Headers @{'Metadata-Flavor' = 'Google'} ` -Uri "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/") $value
The output should at least include the default service account.
default/
Check if the VM can communicate with the OS Config API
To check if the VM can communicate with the OS Config API, run the following command on your Linux or Windows VM:
ping osconfig.googleapis.com
To stop pinging the OS Config API, press Control + C.
If your VM is running within a private VPC network and does not have public internet access, check that you have enabled Private Google Access.
After you enable Private Google Access, check that the VM can communicate with the OS Config API.
Linux
On the VM, run the following:
curl --ssl 'https://osconfig.googleapis.com/$discovery/rest' | head
If the VM can communicate with the OS Config API, the command output is similar to the following:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0{
"discoveryVersion": "v1",
"baseUrl": "https://osconfig.googleapis.com/",
"ownerName": "Google",
"version": "v1beta",
"schemas": {
"GooSettings": {
"description": "Googet patching is performed by running `googet update`.",
"properties": {},
"id": "GooSettings",
100 9569 0 9569 0 0 198k 0 --:--:-- --:--:-- --:--:-- 198k
Windows
On the VM, open a PowerShell terminal as an administrator and run the following:
Invoke-RestMethod -Headers @{'Metadata-Flavor' = 'Google'} -Uri 'https://osconfig.googleapis.com/$discovery/rest'
What's next?
- View operating system details.
- Create an OS policy assignment.
- Create patch jobs.
- Troubleshooting VM Manager.