I am deploying my hardening images in Azure compute galleries and then from that image of latest version creating virtual machine and after creating virtual machine scanning through Prisma Scan/ Qualys Scan, so I want to restrict my images version so that no one can use those till scan is done. So please suggest me how to restrict my latest version of image in image definition from users.
There is a flag called "excludeFromLatest" : https://learn.microsoft.com/en-us/rest/api/compute/gallery-image-versions/get#galleryimageversionpublishingprofile
excludeFromLatest
boolean
If set to true, Virtual Machines deployed from the latest version of the Image Definition won't use this Image Version.
Related
I have a VM instance with a boot disk which was created using cos-stable-81-12871-119-0 image.
I would like to upgrade the OS to a later LTS version.
What is the best way to achieve this?
Note: All the docker volume data is on the boot disk, I would like to preserve this.
As #John Hanley mentioned and also stated in the document:
The Container-Optimized OS team is actively working on improving our backend infrastructure that makes automatic updates possible. As part of these changes, we are rotating the keys used to sign and validate the update payloads. However, images released before the key rotation cannot be automatically updated to images released after the rotation. The affected list of images are as follows:
These images cannot be updated to the latest versions:
On Milestone 77: images prior to cos-77-12371-1000-0
On Milestone 81: images prior to cos-81-12871-1000-0
On Milestone 85: images prior to cos-85-13310-1000-0
On Milestone 86: images prior to cos-dev-86-15053-0-0
In these cases, users should manually choose newer OS versions by recreating their VM instances with the newer image. And to get data over to the new disk refer to this link.
I installed slurm-gcp from that github using terraform in cloud shell.
https://github.com/SchedMD/slurm-gcp#install-using-terraform
There are two VMs created.
controller
login
I installed several applications in /apps to confirm that they exist.
I would like to edit node's /etc/hosts and add network tag (http-server, https-server) to run the applications.
But nowhere does it say how to modify the image used by node .
Is there no way to edit the image of the slurm?
Thank you.
As of the latest version of Slurm on GCP, the images are pre-built and hosted by SchedMD, and are used directly without the requirement to make build an image at deployment time. You can continue to modify the image by creating your own image. This is done by spinning up a VM with the public image pointed to in the tfvars, making your modifications, saving the image, and pointing your tfvars to your new image.
You can continue to use the custom compute/controller install scripts found in the scripts directory.
We need to deploy labels to multiple CLoud Run services using below API method
https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services/replaceService
We are looking for options where we can apply labels using API without any new image deployment from Container Registry . We understand that there will be deployment and revision change while applying labels but we want that during deployment it should not pull new image from container registry rather it should use the image from last revision . Any configuration parameter in Cloud Run to prevent new images being pulled while applying labels using API or gcloud run services update SERVICE --update-labels KEY=VALUE
The principle of Cloud Run (and Knative, because the behavior is the same) is that the revision is immutable. Thus, if you change something in it, a new revision is created. You can't fake it!
So, the solution is to not use the latest tag of your image, but the SHA of it.
# the latest
gcr.io/PROJECT_ID/myImage
gcr.io/PROJECT_ID/myImage:latest
# A specific version
gcr.io/PROJECT_ID/myImage:SHA123465465dfsqfsdf
Of course, you have to update your YAML for this.
I am a new user of GCE. According to this documentation here:
https://docs.docker.com/install/linux/docker-ce/centos/#install-using-the-repository
To install Docker Engine - Community, you need a maintained version of CentOS 7. Archived versions aren’t supported or tested. Are all the OS versions offered by the GCP maintained or archived?
Public images are provided and maintained by Google, open-source communities, and third-party vendors.
Community-supported images are not directly supported by Compute Engine. It is up to the project community to ensure that images work with Compute Engine features and that security updates are maintained. Community-supported images are provided as-is by the project communities that build and maintain them.
So, yes if it is a public image you want to use, it is maintained. If you want to use a custom image they are not directly supported.
To check the Public images offered by Google Cloud Platform you can go in Compute Engine > Images.
GCP has a deep learning VM available to run on their cloud compute platform. The details about the image is here
So, I am using the google python client to launch my instances and the documentation for this is available here. Now, the way one specifies the disk and the boot image is through this JSON blob:
'disks': [
{
'boot': True,
'autoDelete': True,
'initializeParams': {
'sourceImage': source_disk_image,
}
}
]
Now the source_disk_image is specified by the path to some public image like:
projects/debian-cloud/global/images/family/debian-9 or some variant of this type. Now, my question is how can I specify some marketplace image to be used for my instance?
If you're not attached to using the marketplace to create the VM, there's a lot of documentation about all the available Google Deep Learning images.
They live in the deeplearning-platform-release project, so, for example, I think (but am not sure) the default image you are referring to from the Marketplace you linked is projects/deeplearning-platform-release/global/images/tf-1-14-cu100-20191004 but you can also pull them by family and just get the latest versions, for example, projects/deeplearning-platform-release/global/images/family/tf-latest-gpu.
The gcloud images command is also pretty illuminating to see the description of a given family choice or image, e.g.:
$ gcloud compute images describe-from-family tf-latest-gpu --project deeplearning-platform-release
archiveSizeBytes: '322993843200'
creationTimestamp: '2019-10-06T13:57:56.932-07:00'
description: "Google, Deep Learning Image: TensorFlow 1.14.0, m36, TensorFlow 1.14.0\
\ with CUDA 10.0 and Intel\xAE MKL-DNN, Intel\xAE MKL."
diskSizeGb: '30'
...
Which looks a lot like the Marketplace description.
That said, it looks like the Marketplace might be doing other things though (e.g. there are checkboxes about installing particular drivers separate from choosing the image).
I think that #Ernesto's tip about creating an instance off the marketplace, and then viewing that instance via the REST link at the bottom of the instance page to find exactly how it was created is also good advice. However, in this case you probably want to view the disk that was created (not the instance, since once it is created it only references the disk resource), click on the rest link, and look for the "sourceImage" portion of the REST response.
e.g. from a regular old debian-9 disk (I don't have GPU quota so I can't actually create the marketplace deployment):
I was able to find the SourceImage of a Deep Learning found in the marketplace, for this example I'm using
NVIDIA GPU Cloud Image for Deep Learning, Data Science, and HPC
"name": "nvidia-gpu-cloud-image-20190809",
"selfLink": "projects/nvidia-ngc-public/global/images/nvidia-gpu-cloud-image-20190809",
"sourceDisk": "projects/nvidia-ngc-dev/zones/us-central1-a/disks/chetan-official-base-image"
Deploy an instance from the MarketPlace
Go to the instance and inspect the details from the UI
In the Boot disk section click on the image name
nvidia-gpu-cloud-image-20190809 it will take you to the image
details page
Click on REST at the bottom of the description
Find SelfLink or SourceDisk entry