Closed chen23 closed 5 years ago
Hi Eric,
Thanks for reporting the issue. I created an internal tracking number 1162 for this issue.
gcloud compute ssh
only targets nic0
, therefore it is not possible to use it. The same applies to the SSH button in the VM instances list within the GCP Cloud Console.
Here is how I do it using gcloud
and openssh
from my Mac.
Make sure you have setup the Google Cloud SDK which provides you with the gcloud
cli.
> gcloud config get-value project
black-transport-233607
If you don't not either set it via gcloud config set project <gcpProject>
or specify --project <gcpProject>
with every gcloud command.
> gcloud compute instances list --filter 'name:(bigip)'
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS
bigip1-f5-a asia-east2-a n1-standard-4 10.100.9.14 198.18.142.15 RUNNING
bigip1-f5-b europe-west6-a n1-standard-2 10.0.0.3 198.18.16.191 RUNNING
bigip1-f5-c us-east1-b n1-standard-2 10.100.41.7 198.18.91.171 RUNNING
bigip1-f5-d us-east2-a n1-standard-2 10.101.40.2 198.18.87.101 RUNNING
bigip1-f5-e europe-west4-b n1-standard-4 172.16.7.2,172.16.29.2,10.99.81.13 198.18.187.243,198.18.91.14 RUNNING
# | nic0 | | nic1 | | nic2 | | nic0 | | nci1 |
# |_________| |__________|
# ^ ^
# internal management IP external management IP
This step only required when you haven't added your public key to the project For more details visit: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
> echo "$USER:$(cat ~/.ssh/id_ed25519.pub | cut -d' ' -f1,2) $USER" > ./myGCPpubKey
> gcloud compute instances add-metadata bigip1-f5-e --metadata-from-file ssh-keys=./myGCPpubKey
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
Updated [https://www.googleapis.com/compute/v1/projects/black-transport-233607/zones/europe-west4-b/instances/bigip1-f5-e].
gcloud compute instances stop bigip1-f5-e --zone europe-west4-b
gcloud compute instances start bigip1-f5-e --zone europe-west4-b
using jq
> gcloud --format json compute instances describe bigip1-f5-e | jq '.networkInterfaces[].accessConfigs[]? | select(.name == "Management NAT") | .natIP'
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
"198.18.91.14"
or awk
> gcloud --format json compute instances describe bigip1-f5-e | awk '/Management NAT/ {m=1} /.natIP/ {if (m==1) print $2}'
No zone specified. Using zone [europe-west4-b] for instance: [bigip1-f5-e].
"198.18.91.14"
> ssh -i ~/.ssh/id_ed25519 -l admin 198.18.91.14
The authenticity of host '198.18.91.14 (198.18.91.14)' can't be established.
ECDSA key fingerprint is SHA256:m+Te9Pah0PnMTeyXUtx2nW142H84+uiGJD/VE+zuhMY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '198.18.91.14' (ECDSA) to the list of known hosts.
admin@(bigip1-f5-e)(cfg-sync Standalone)(ModuleNotLicensed::Active)(/Common)(tmos)#
Release v3.0.0 cleaned up the prerequisites and configuration notes to 1) show what ssh key to use as well as 2) to utilize the second NIC for mgmt in multi-nic instances.
Do you already have an issue opened with F5 support?
No.
Description
When you deploy with multi-nic it would be helpful to provide a snippet of HOW to connect to nic1. We mention that we swap the interfaces, but no guidance on how to access it. Something simple like.
Connecting to nic1
When you use the Google Console / gcloud CLI tool it will connect to the public IP of nic0 by default To access your BIG-IP via SSH you will need to connect to nic1's public IP instead. You can either load your own public ssh key or reference the SSH key that is generated by the gcloud command (on Linux/Mac ~/.ssh and Windows /users/[username]/.ssh).
Template
multi-nic templates
Severity Level
Severity: 5