Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Add Google Cloud provider #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: Add Google Cloud provider #9

wants to merge 1 commit into from

Conversation

mgood
Copy link

@mgood mgood commented Sep 1, 2015

Since Google Cloud doesn't allow "." in instance names, provides an interface
to override the default naming convention for the "scale" command.

There are a few things to still decide on:

Google has a few different ways to authenticate, so still need to figure out which ones to support:

  • currently it's using the OAuth credentials managed by "gcloud auth". This is nice for users of the "gcloud" tool, but means they also have to have that installed.
  • could also do our own OAuth web flow. The code is included, but commented out. By default we can use the same OAuth client credentials that "gcloud" uses, and optionally allow the user to provide their own.
  • have the user download a "service account" JSON secrets file to use

For SSH keys, Google doesn't seem to do "named" keys like the others. You can either upload a global SSH key that is automatically added to all instances, or upload the key data when setting up an instance.

I'm also trying to decide on the default for the disk "autodelete" setting. The Google default is "false" so the disks would need deleted manually. Maybe this should be an environment setting.

@progrium
Copy link
Contributor

progrium commented Sep 1, 2015

Let's not depend on gcloud. A web flow just for Google is also obnoxious. What is the "service account" experience like? Can you put it in an env var?

DigitalOcean also doesn't have named keys. So maybe we'll have to rethink how to generalize it. Though you can refer to fingerprint or ID. So effectively named keys. Anyway, by "upload key data" do you mean using cloud-init? Or do they provide another mechanism?

DigitalOcean also has an optional "scrub disk" setting that's on by default. It's slightly different, but same sort of provider specific option. But I'm annoyed Google's default leaves things around. Perhaps we can autodelete always for now and come back to it with a better idea of per provider options.

@mgood
Copy link
Author

mgood commented Sep 1, 2015

Ok, I've updated the authentication based on our discussion to the following:

  1. Looks for GCLOUD_OAUTH_TOKEN (usually set in ~/.hostctl)
  2. Tries detecting OAuth credentials managed by "gcloud auth"
  3. Opens browser for web-based OAuth (will save to ~/.hostctl)

So, users with the gcloud tool don't have to reauthenticate, but the web-based OAuth gives a simple alternative for users that don't want to have to install it.

@progrium
Copy link
Contributor

progrium commented Sep 1, 2015

Since our provider is called "google" can we prefix env with "GOOGLE" instead of "GCLOUD"? Or is this an existing convention?

@mgood
Add Google Cloud provider
bf0d54c 
For authentication:
1) Looks for GOOGLE_OAUTH_TOKEN (usually set in ~/.hostctl)
2) Tries detecting OAuth credentials managed by "gcloud auth"
3) Opens browser for web-based OAuth (will save to ~/.hostctl)

Since Google Cloud doesn't allow "." in instance names, provides an interface
to override the default naming convention for the "scale" command.
@mgood
Copy link
Author

mgood commented Sep 1, 2015

Ok, renamed to GOOGLE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mgood @progrium