My SSH session into my VM Cloud is suddenly lagging - google-cloud-platform

Everyday I log into my SSH session of a Google Cloud VM I maintain (Debian).
Since a week ago, I noticed my performance was lagging as I typed into the VM or when doing something else. I mostly login into this VM to check log files of scheduled scripts I have, and even when I use "cat script.log", what used to take less than 2 seconds now takes at least 5 or 7 seconds, loading the log text.
Pinging different websites bring me an reasonable 10 - 15 ms. I'm pretty sure it's not about my local connection either, everything else I do works fine in my local computer.
A warning started to appear now into my session, saying
"Please consider adding the IAP-secured Tunnel User IAM role to start using Cloud IAP for TCP forwarding for better performance. Learn more Dismiss"
I've already configured the IAP secured tunnel to my account, which is the owner account of GCP project.
Another coworker of mine is being able to access the VM without any performance issues whatsoever.

Your issue is in my opinion with the ISP. For some reason the SSH sessions are lagging.
That's why even other computers using your home ISP lag SSH sessions too. If that was firewall rule interfering you wouldn't be able to connect at all.
You may try to reset all the network hardware in your home and if that doesn't help
run tracert command in windows shell and then contact your ISP and pass your findings. It's possible it's something on their end (and if not maybe their's ISP etc).

To solve the problem you need to add "IAP-secured Tunnel User" at the project level in IAM for that user.IAP-secured Tunnel User + See instructions here in a blog I wrote about this. That should solve your problem.

Related

What keeps accessing Google Cloud metadata on my instance

I have a Google Cloud compute instance running with Ubuntu 18. We had wireshark running tracking another problem and we noticed that every minute something is accessing the meta data server. Three requests every minute:
GET /computeMetadata/v1/instance/virtual-clock/drift-token?alt=json&last_etag=XXXXXXXXXXXXXXXX&recursive=False&timeout_sec=60&wait_for_change=True
GET /computeMetadata/v1/instance/network-interfaces/?alt=json&last_etag=XXXXXXXXXXXXXXXX&recursive=True&timeout_sec=60&wait_for_change=True
GET /computeMetadata/v1/?alt=json&last_etag=XXXXXXXXXXXXXXXX&recursive=True&timeout_sec=77&wait_for_change=True
In call cases, the wireshark says the source is the IP of my instance, and the destination is the 169.254.169.254 which is the Google metadata server.
I don't have any code we have written that is accessing the server. The first one makes me think that this is some Google specific software that is accessing the meta data? But I haven't been able to prove that. What is worrisome is that the response for the third one contains ssh keys. Also, every minute seem excessive.
I see another post talking about scripts in /usr/share/google, but I don't have that directory. I do see that google-fluent is installed. I also see a installed snap for google-cloud-sdk. Could one of those be it? I don't recall installing them, AFAIK, I am not using it, so if that is it, what is the harm in uninstalling it?
You do not have a problem to worry about. The metadata server is private to your instance. The Google VM guest environment software and Stackdriver (fluentd) are making requests to the metadata server to get credentials, detect changes (new SSH keys), set the clock, etc.
The IP address 169.254.169.254 is an IPv4 Link Local Address. Only your VM has a route to that network.
Compute Engine Guest Environment
Do not attempt to uninstall the Guest Environment. You can remove Stackdriver, but I do not recommend that. Stackdriver provides logging and monitoring features that are very useful.

Why GCP's "Waiting for SSH key to propagate" takes so long?

I have encountered this kind of infamous "Waiting for SSH key to propagate." phrase in at least two cases:
Connecting to a virtual box via browser
Creating new DataLab instance
The question I have is - what happens and what makes it take so long? Is there any way around it, especially for DataLab?
Even if there is no solution, I would like to understand why it is so time consuming.
GCP offers multiple way to login into your system through ssh. These are :
Through UI button which opens a browser based connection (pretty common)
Through command line utility gcloud
Pre-configured ssh-keys by users through ssh-client in our local terminal using a private key.
Generally, the third step is the fastest way but people often use first and second because of the ease of the utility provided by Google.
Now, the first and second steps are also fast but sometime it takes more time because during first and second steps google does following things:
1. Create a secured ssh-key for you
2. Create a secure session for browser interaction
3. Waiting for the ssh keys to propagate from the system to the browser connection
4. Giving User the secured shell to work with
Sometime it happens fast but sometime, it takes time because of network routing and connectivity. Hope this explain as I derived this inference by reading the documentation and working on GCP for long time.!!

Failed to sign into Microsoft account from Windows 10

I have problem signing into Microsoft account from my local account on my machine. This used to be my work laptop I have bought it after I left company. I could sign in on my domain user without any problems. Since I left domain I lost this account.
I am trying to "Sign in with Microsoft account instead" option in Accounts->Your info. After I enter my Microsoft account credentials and insert my local user password I get message "Oops something went wrong. Whatever happen it was probably our fault". Good one Microsoft.
Also similarly when I try to add account to Calendar app I end up with same problem, but here I got more information: "You will need the internet for this. It doesn't look like you're connected to the internet. Check your connection and try again. 0x800704cf". This led me to check Network troubleshooter and this error came up:
Your computer appears to be correctly configured, but the device or
resource (www.microsoft.com) is not responding
Contact your network administrator or Internet service provider (ISP)
Completed Windows can't communicate with the device or resource
(www.microsoft.com). The computer or service you are trying to reach
might be temporarily unavailable.
I have tried many ways how to fix this. (Flush DNS, reboot router etc..), but I am pretty sure that my problem is not with my internet connection. It works perfectly fine, also note that I was able to check this with 2 internet providers with same result. Also another thing is, that this works perfectly fine with other devices in our household.
For me it looks like system don't see microsoft.com. Only thing I am able to work with is One drive.
I am pretty sure I would be able to fix this by resetting Windows 10, but I don't want to loose my installed programs (and licenses).
Any advice will be appreciated. I really ran out of options.
After doing many many thing, only thing that helped was resetting PC. It always does help.

GCS appears to be blocking my IP

I have been testing out a ubuntu instance on GCS for the last couple weeks and a possible home for one of our web servers. Last week suddenly everything stopped working. I was not able to SSH to shell, and I couldn't even visit the site anymore through my browser. I logged into the dashboard and nothing seemed wrong. I had several other colleges try to go to the site and it loaded without any issues. I could not find any settings in the dashboard that would suggest some kind of block like this, so i assumed I must have triggered some kind of anti spam system. I decided to give a few days before trying to mess with it any further. after 6 days of not messing with it at all I still can not visit the site, or login via SSH.
Then to verify they are blocking my IP address and that it wasn't just something wrong with my machine. I switched my IP and then everything started behaving as expected once again. I can get to the site in my browser and can once again SSH into the VM. After switching back to my previous static IP everything went back to not letting me view the webpage, or ssh into the server.
My problem is that this isn't a permanent solution for me. I have many servers that only allow login from my previous IP address so I'd rather fix the issue with this VM rather then change all those system to allow from a new IP address. Any help on finding the solution would be greatly appreciated.
Please let me know if I can provide any additional info to help find the problem.
followup info:
The way our network is set up the IP we get from DHCP is the real world IP our device is seen with (I think we own a block or something)
this is the first time i've done anything with a GCS VM
Edit: added additional information

How to set up Micro CloudFoundry on Windows

tldr; This question was to get help setting up Micro Cloud Foundry on Windows XP behind a corporate firewall as an innovation-demonstration project for a Fortune 500 IT departent. Basically, the project stalled, despite this stackoverflow page - the magic wasn't strong enough. I am accepting #DanHigman answer below, but if anyone sees this and can provide a simple straight-forward answer, by all means...
Can anyone provide a clear step-by-step on setting up MCF on a Windows (XP in my case) machine behind a corporate firewall, for demostrating the feasibility of PaaS in the corporate IT world?
My VM is installed and running and I can use the menu ok. I have vmc working. I have a test Node.js server app, that works on local, ready to push. But I can't get past that stage.
The firewall gave me trouble so I lowered my goal to just work offline. I followed the instructions noted below as best I could, but often the instructions are mac oriented - I would like them for a Windows command line (especially SSH tunneling):
http://blog.cloudfoundry.com/2011/09/08/working-offline-with-micro-cloud-foundry/
http://support.cloudfoundry.com/entries/20332921-micro-cloud-foundry-trouble-shooting-help
This blogger may have half-way covered my problem doing the SSH tunnel settings, but all it gives is "use Putty" - more detail would help:
http://support.cloudfoundry.com/entries/20419943-using-micro-cloud-locally
Also, whenever the vmc obviously gets an error or other message, it only outputs the following in the command line:
vmc target http://api.vcap.me
<<<
[200, "<html><body>SNP/2.0/102/Unknown Command 'info'</body></html>\r\n\r\n", {}
]
>>>
Thanks for any help. BTW - I know I could do this on my mac, the big obstacle is the windows and firewall environment.
Update:
#Dan and #ebottard: Thanks to your help, I'm almost there. ping is working now, hosts file seems right, but the vmc target api.vcap.me still does not find the VM at that 192.168.253.128 IP - even tho ping does. In the first link above, Martin wrote the following, but assuming we are doing it on a mac:
After the update is complete, you will need to make some changes on your local system. What you will need to do is to set up an SSH tunnel to access your Micro Cloud Foundry VM (note that you will need to supply the IP address in the command below with the actual IP of your VM, which is displayed in the console).
sudo ssh -L 80:192.168.168.149:80 vcap#192.168.168.149
Password:
vcap#192.168.168.149's password:Â
The first password being prompted is the sudo password for your machine, as it is needed to open port 80 which requires root privileges. The second password is the vcap user password which you entered during the initial configuration of your Micro Cloud Foundry.
I need to have these instructions translated into Windows, and all I have to go on is that I might use puTTy (which I have downloaded) to do it. Any more ideas?
Looks like you're running an application on your Windows machine called "Snarl" (a poor Windows-based clone of the OS 10 app Growl :-p). It looks like it's interfering with communication to the MCF intstance, close it and have another try.