Versions Compared

Old Version 9

changes.mady.by.user B.J. Orvis

Saved on

compared with

New Version 10

changes.mady.by.user B.J. Orvis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Run the appliance directly with Docker using SSH_PRIVATE_KEY_DATA

Code Block
breakoutModewide
languagebash
PRIVATE_KEY_FILE="/path/to/private_key"
PROXY_PORT=10123

# Replace newline characters with a \n character sequence:
PRIVATE_KEY_DATA=`cat ${PRIVATE_KEY_FILE}| while read line ; do echo -n "${line}\\n" ; done`

docker run -it \
    -e "PROXY_PORT=${PROXY_PORT}" \
    -e "SSH_PRIVATE_KEY_DATA=${PRIVATE_KEY_DATA}" \
    gcr.io/datatheorem-public-images/private-network-proxy-client-v1:latest

Run the appliance directly with Docker using SSH_PRIVATE_KEY_FILE

Code Block
breakoutModewide
languagebash
PRIVATE_KEY_FILE="/path/to/private_key"
PROXY_PORT=10123

# bind-mount the private key into the container. The private key file must be
# readable by the low-rights user within the container -- the appliance within the
# container does not run as root. Eg, you may have to chmod the private key file,
# or grant access to the container-user's group/gid from on the host system.
docker run -it \
    -e "PROXY_PORT=${PROXY_PORT}" \
    -e "SSH_PRIVATE_KEY_FILE=/private_key" \
    --mount "type=bind,src=${PRIVATE_KEY_FILE},dst=/private_key,readonly=true" \
    gcr.io/datatheorem-public-images/private-network-proxy-client-v1:latest

...

Create a somefilename.env file that contains the ENV configuration for the appliance. Note that the newlines in the private key have been replaced with \n to include it on a single line, due to a limitation of this ENV file format (the deployed container will handle \n and \r character sequences within a key file or data by automatically by replacing the former with a newline and by removing the latter):

Code Block
breakoutModewide
PROXY_PORT=10123
SSH_PRIVATE_KEY_DATA=-----BEGIN OPENSSH PRIVATE_KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----

Then create the VM using GCP’s gcloud command line tool:

Code Block
breakoutModewide
languagebash
gcloud --project=${PROJECT} compute instances create-with-container \
    my-vm-name \
    --container-image gcr.io/datatheorem-public-images/private-network-proxy-client-v1:latest \
    --container-env-file=client1_vm.env \
    ...  # Any additional flags for creating the VM, such as network tags, zone, etc.

...