Apache
/
jclouds
mirror of https://github.com/apache/jclouds.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jclouds/providers/google-compute-engine
History
gurkerl83 3d753a48d2 Clear rule for bouncycastle exclusion 
- Mock-Webserver v2.2.0 - Vendor, defined dependency bcprov-jdk15on > Previously, the dependency got excluded; otherwise, it conflicted with the existing bouncy castle version used in JClouds.
- Mock-Webserver v3.14.9 - The vendor does not define a bouncy castle dependency anymore; instead, it moved to the okhttp-tls module.

- Introduce the okhttp-tls module for tests in the core module. The following APIs (Docker, Elastic-Stack) and providers Softlayer extend their respective MockTest from BaseMockWebServerTest. The mock base test is located in the test jar of JClouds core module.
- Due to conflicting bouncy castle classes in the classpath, those which get loaded from the okhttp-tls module, and those defined in JClouds bouncy castle module, the bouncy castle dependency of okhttp-tls has to get skipped for the two APIs and providers mentioned.

Side note:
The JClouds GAE driver module also requires the new okhttp-tls dependency because of the following chain of inheritance.
Different from the situation above, the bouncy castle classes of the okhttp-tls got not excluded.
GaeHttpCommandExecutorServiceIntegrationTest -> BaseHttpCommandExecutorServiceIntegrationTest -> BaseMockWebServerTest

The reason for this is unknown to me.
 		2021-02-12 18:57:46 +09:00
..
src JCLOUDS-1551: Update version of OkHttp 3.14.9 2021-02-12 18:57:46 +09:00
README.md Image credentials and project improvements. 2015-06-12 15:03:50 +02:00
bnd.bnd Onboard bnd-configuration files, one per module 2020-10-26 19:58:41 +09:00
pom.xml Clear rule for bouncycastle exclusion 2021-02-12 18:57:46 +09:00

README.md

jclouds Google Compute Engine Provider

Authenticating into the instances:

User: If no user is specified in the template options when launching instances, the default one will be used: "jclouds" for all instances, "core" for CoreOS images, and "Administrator" for Windows images.

Credential:

GCE uses exclusively ssh keys to login into instances. In order for an instance to be sshable a public key must be installed. Public keys are installed if they are present in the project or instance's metatada.

For an instance to be ssable one of the following must happen: 1 - the project's metadata has an adequately built "sshKeys" entry and a corresponding private key is provided in GoogleComputeEngineTemplateOptions when createNodesInGroup is called. 2 - an instance of GoogleComputeEngineTemplateOptions with an adequate public and private key is provided.

NOTE: if methods 2 is chosen the global project keys will not be installed in the instance.

Please refer to Google's documentation on how to form valid project wide ssh keys metadata entries.

FAQ:

  • Q. What is the identity for GCE?

A. the identity is the developer email which can be obtained from the admin GUI. Its usually something in the form: PROJECT_ID@developer.gserviceaccount.com

  • Q. What is the credential for GCE

A. the credential is a private key, in pem format. It can be extracted from the p12 keystore that is obtained when creating a "Service Account" (in the GUI: Google apis console > Api Access > Create another client ID > "Service Account"

  • Q. How to convert a p12 keystore into a pem format jclouds Google Compute Engine can handle:

A.

  1. Convert the p12 file into pem format (it will ask for the keystore password, which is usually "notasecret"): openssl pkcs12 -in <my_keystore>.p12 -out <my_keystore>.pem -nodes

  2. Extract only the pk and remove passphrase openssl rsa -in <my_keystore>.pem -out <my_key>.pem

The last file (<my_key>.pem) should contain the pk that needs to be passed to ContextBuilder.credential() for the provider google-compute-engine.

Running the live tests:

  1. Place the following in your ~/.m2/settings.xml in a profile enabled when live:
    <test.google-compute-engine.identity>PROJECT_ID@developer.gserviceaccount.com</test.google-compute-engine.identity>
    <test.google-compute-engine.credential>-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQRRbRqVDtJLN1MO/xJoKqZuphDeBh5jIKueW3aNIiWs1XFcct+h
-- this text is literally from your <my_key>.pem
aH7xmpHSTbbXmQkuuv+z8EKijigprd/FoJpTX1f5/R+4wQ==
-----END RSA PRIVATE KEY-----</test.google-compute-engine.credential>
  </properties>

Or, if using an existing OAuth Bearer Token for authentication.

    <test.google-compute-engine.identity>PROJECT_ID@developer.gserviceaccount.com</test.google-compute-engine.identity>
    <test.google-compute-engine.credential>EXISTING_BEARER_TOKEN</test.google-compute-engine.credential>
    <test.jclouds.oauth.credential-type>bearerTokenCredentials</test.jclouds.oauth.credential-type>
  </properties>
  1. mvn clean install -Plive