Google agents installed on Ubuntu

There are four different “guest agents” installed on Ubuntu images in GCP, each developed by Google and packaged for Ubuntu by Canonical:

google-guest-agent

This package is installed on Ubuntu images to facilitate the different platform features available in GCP. It’s written in Go and can be described as having two main components:

  1. The google-metadata-script-runner binary, which enables users to run bespoke scripts on VM startup and VM shutdown

  2. The daemon, which handles the following on the VM:

  • SSH and account management

  • OS Login (if used)

  • Clock skew

  • Networking and NICs

  • Instance optimizations

  • Telemetry

  • Mutual TLS Metadata Service (mTLS MDS)

gce-compute-image-packages

This package (written in BASH) is a collection of different configuration scripts that are dropped into the .d directories of the following:

  • apt

  • dhcp

  • modprobe

  • NetworkManager/dispatcher

  • rsyslog

  • sysctl

  • systemd

google-compute-engine-oslogin

Written in a mixture of C and C++, this package is responsible for providing GCP’s OS Login to Ubuntu VMs. At a high level it can be described as providing the following:

  • Authorized Keys Command: provides SSH keys (from an OS Login profile) to sshd for authentication

  • NSS Modules: support for making OS Login user/group information available to the VM using NSS (Name Service Switch)

  • PAM Modules: provides authorization (and authentication if 2FA is enabled) to allow the VM to grant ssh access/sudo privileges based on the user’s allotted IAM permissions

google-osconfig-agent

This package is written in Go and is installed to facilitate GCP’s OS Config (also known as “VM manager”). At a high level, OS Config supports the following: