I am launching GCP instances from my python code using the googleapiclient libraries. Now, I am passing the AWS credentials as metadata to the instance configuration:
Now, I am trying to access this metadata from my start up script, which is also passed as a metadata [key, value] pair. In my startup script, I access the metadata as follows:
getMetadata() {
curl -fs http://metadata/computeMetadata/v1/instance/attributes/$1 \
-H "Metadata-Flavor: Google"
}
aws_access_key_id=`getMetadata aws_access_key_id`
aws_secret_access_key=`getMetadata aws_secret_access_key`
echo 'export aws_access_key_id = aws_access_key_id' >> ~/.bashrc
echo 'export aws_secret_access_key = $aws_secret_access_key' >> ~/.bashrc
This does not seem to have any effect for some reason. The strange thing is that when I ssh into the instance, I can see that the metadata server has these key values pairs but I am not sure why they are not getting accessed in the startup script.
Additionally, I do not even see the export statements in my .bashrc file, even with the empty values. So, not sure what is happening.
For completeness, here is the full startup script:
#!/bin/bash
set -e
echo "Installing docker"
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-cache policy docker-ce
apt-get install -y docker-ce make
echo "Checking for CUDA and installing."
# Check for CUDA and try to install.
if ! dpkg-query -W cuda-10-0; then
curl -O http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/cuda-repo-ubuntu1804_10.1.243-1_amd64.deb
wget -qO - https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/7fa2af80.pub | sudo apt-key add -
dpkg -i ./cuda-repo-ubuntu1804_10.1.243-1_amd64.deb
apt-get update
apt-get install cuda -y
fi
# Enable persistence mode
nvidia-smi -pm 1
nvidia-smi --auto-boost-default=DISABLED
echo "Installing nvidia docker"
# Add the package repositories
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | apt-key add -
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | tee /etc/apt/sources.list.d/nvidia-docker.list
apt-get update
apt-get update && apt-get install -y nvidia-container-toolkit
sudo systemctl restart docker
getMetadata() {
curl -fs http://metadata/computeMetadata/v1/instance/attributes/$1 \
-H "Metadata-Flavor: Google"
}
aws_access_key_id=`getMetadata aws_access_key_id`
aws_secret_access_key=`getMetadata aws_secret_access_key`
echo 'export aws_access_key_id = aws_access_key_id' >> ~/.bashrc
echo 'export aws_secret_access_key = $aws_secret_access_key' >> ~/.bashrc
The other thing is that everything else upto that point has been run fine. The console log does not also show any error.
EDIT
So I put some echo statements and looked at the console logs and the key and password seems to be retrieved correctly but the lines:
echo 'export aws_access_key_id = $aws_access_key_id' >> ~/.bashrc
seem to not have any effect. Not sure if the file gets overwritten or something but I also tried:
echo 'export aws_access_key_id = $aws_access_key_id' >> $HOME/.bashrc
but no joy.
curloption-fwhich means fail silently. Remove that. 2) Reboot and check the console log. 3) In your startup script install Stackdriver logging. 4) Does anything appear in Stackdriver after that? The entire startup process should be logged then. – John Hanley-foption but nothing came up. Anyway, thanks for your help so far. – Luca