Home > Software design >  Is there a way to recover the connection to my GCP VM?
Is there a way to recover the connection to my GCP VM?

Time:05-01

  1. I have a GCP VM on which is installed a Docker with Drupal.
  2. e2-medium with SSD 10Go
  3. After increasing the disk size to 20GB, I can no longer access the VM in SSH

The manipulations that I tried

  • Return to the starting configuration
  • IAP configuration with dedicated address ranges to arrive on the VM subnet
  • Connection to the serial port of the machine

This last point works, but I don't know what to check or what to look for to restart the VM

In the console logs, i have this:

  [{
"insertId": "2","jsonPayload": {
"lateBootReportEvent": {
 "actualMeasurements": [
 {
  "hashAlgo": "SHA1",
  "pcrNum": "PCR_14",
  "value": "xxwkxkw,xw"
  }
  ],
  "policyMeasurements": [
  {
  "value": "hhhh jjjjj=",
  "hashAlgo": "SHA1",
  "pcrNum": "PCR_9"
  }
  ],
  "policyEvaluationPassed": false
},
"@type": "type.googleapis.com/cloud_integrity.IntegrityEvent",
"bootCounter": "31"
},
"resource": {
"type": "gce_instance",
"labels": {
  "instance_id": "00000000",
  "zone": "europe-000000
  "project_id": "HHHHHHHHH"
}
},
"timestamp": "2022-04-28T21:35:52.092570946Z",
"severity": "ERROR",
"logName": "/logs/compute.googleapis.com/shielded_vm_integrity",
"receiveTimestamp": "2022-04-28T21:35:54.103571412Z"
}]

Does the shielded_vm_integrity type error speak to you please?

Thank you

CodePudding user response:

Your VM is failing to boot because of a boot integrity check. You resized the disk which changed the boot configuration.

The solution is to disable the shielded VM options:

  • Go to VM instances
  • Click on the VM instance name to open the VM instance details page
  • Stop the VM, wait for the VM to stop
  • Click Edit
  • Turn off Secure Boot
  • Turn off vTPM
  • Turn off Integrity Monitoring

CLI command:

gcloud compute instances update VM_NAME \
    --no-shielded-secure-boot \
    --no-shielded-vtpm \
    --no-shielded-integrity-monitoring

Once your VM is running successfully, you can enable these features.

Determining the cause of boot integrity validation failure

What is Shielded VM

There is a free book download on TPM which contains details on the Platform Configuration Registers mentioned in your logs (PCR-9 and PCR-14):

A Practical Guide to TPM 2.0

CodePudding user response:

Thank for your response.

I have a look for your proposal and I tried to with this commande

gcloud compute instances update my-instance \
--shielded-learn-integrity-policy

After that I :

  • Turn onSecure Boot
  • Turn onvTPM
  • Turn on Integrity Monitoring

but this does not work.

I got this error

Connection via Cloud Identity-Aware Proxy Failed
Code: 1006
Please ensure you can make a proper https connection to the IAP for TCP 
hostname: https://tunnel.cloudproxy.app
You may be able to connect without using the Cloud Identity-Aware Proxy.

Do you think that I have to enable IAP configuration before have access to my VM ?

Retrying without using Cloud IAP does not work too.

Page link:https//www.codepudding.com/Softwaredesign/391376.html

Prev:What's the shortest way to bind variable $this to a callable member of an instance of stdClass?
Next:Joining 2 user action tables into a single result
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding