Should I change my admin_user to deploy on Google Compute Engine

Hi,

Never deploy with Trellis before and I want to give a try to Google Compute Engine.

2 Questions:

I created a VM instance with Ubuntu and I’m ready to deploy to staging env. but not sure about if I must change the admin_user of “admin” to “my_user_at_gce”?

In fact, I’m a bit lost with the SSH keys too, because I plan to use the ssh key I created for GCE on my local machine (~/.ssh/gce_key/) associated with “my_user_at_gce” but this key is different from the one I use for my remote Git Repo (BitBucket) of this project.

I read the part of ssh forwarding and I understand I can use 2 different keys. Is it the case?

Thank you

Good to see the updates made to the docs by the way!

1 Like

If GCE is like AWS, then yeah you should update admin_user. AWS uses ubuntu as its default user for example.

I believe SSH forwarding should just work despite having 2 keys. As long as you’ve set them up properly with ssh-add.

I pretty much exclusively use GCE so I’ll tell you the 2 ways I normally do it.

When your provisioning or editing an existing instance near the bottom before you hit create or save there is a drop down that reads Management, disk, networking, SSH keys. Click that and head to the SSH keys tab. I normally disable project-wide SSH keys and stick whatever SSH key I want to use for that server into the box “Enter entire key data” and at the end of my key in the comment section I enter the username of the user I’m going to be running trellis with. So that username should show up to the left of the box you enter your key into. Then in trellis I change out the admin user with the same username as I’m working trellis with and that I entered into the GCE instance. So everything matches up and only that one key works for SSH on the instance. Then I take that SSH key and add it to my Github account. Then in the same group_vars/all/users.yml file I add https://github.com/your-github-username.keys to the web group and sudo group (basically uncomment the two lines in there and add your username before .keys)
This way I’m good to deploy or anything else with that key.

Or you alternatively could add your GCE key to your github and do the same thing and rename the admin user to your GCE user. But I personally don’t like using the project level keys because if you have multiple accounts with access to that project you end up with a bunch of autocreated user accounts and keys on your instances.

Let me know if you need anymore advice on Google Cloud platform - I love it!

5 Likes

Thank you guys, I really appreciate that you take time to answer me.

@RiFi2k I was hoping you could answer me as I had read your reply to another question on server maintenance and your appreciation of GCP and GCE.

This confirms me what I thought, but when you say [quote=“RiFi2k, post:3, topic:6337”]
Then I take that SSH key and add it to my Github account
[/quote] do you mean you add it as ssh key to access to your Github account or that you add or commit it as part of the Git repo?

Thank you again

Add it as if you wanted to use that key to make commits and access your account.

The username.keys is a global github thing, you can type in any username that exists on github into that URL and see any ones public keys.

Ok I’m on Bitbucket with this project, I will check what works for me.

Thank you

Technically you could just use an empty or non related github account. It doesn’t really matter if that account has anything to do with your actual project it’s just a quick easy way to add multiple keys into trellis. So if you had a couple more people or machines that needed to be able to deploy from you could add their keys into that github account and re-run the playbook to add them to the project.

Either way feel free to msg or mention me if you need anything else related to GCP, have fun!

1 Like

Hi, I’m not sure about this:[quote=“RiFi2k, post:3, topic:6337”]
I add https://github.com/your-github-username.keys to the web group
[/quote]

Why web_group needs a ssh key? I thought the user(s) in this group will only run from inside the VM and not from outside with SSH?

Would I missed something?

Thank you

Doh! forget it, I missed something, and I need a break :beer: :grin: