Getting information about a VM
To get basic information about each VM you created, go to the management console
You can also get basic information and metadata from within a VM.
Getting information from outside a VM
In Compute Cloud, the Virtual machines page gives a list of VMs in the folder and brief information on each of them.
For more information about a VM, click the row with its name.
Here is a description of the available tabs:
- Overview shows general information about the VM, including the IP addresses assigned to it.
- Disks gives information about the disks attached to the VM.
- File storages provides information about the connected file storages.
- Operations lists operations on the VM and its resources, such as disks.
- Monitoring shows information about VM resource consumption. You can only get this info from the management console or from within the VM.
- Serial console provides access to the serial console if enabled when creating the VM.
- Serial port provides information that the VM outputs to the serial port. To get this information via the API or CLI, follow Getting the serial port output.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
See the description of the command for getting the serial port output:
yc compute instance get --help
-
Select a VM, e.g.,
first-instance
:yc compute instance list
Result:
+----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4******** | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+
-
Get basic information about the VM:
yc compute instance get first-instance
To get VM information with metadata, use the
--full
flag:yc compute instance get --full first-instance
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the Terraform configuration file, define the parameters of the resources you want to create:
data "yandex_compute_instance" "my_instance" { instance_id = "<VM_ID>" } output "instance_external_ip" { value = "${data.yandex_compute_instance.my_instance.network_interface.0.nat_ip_address}" }
Where:
data "yandex_compute_instance"
: Description of the data source to get VM information from:instance_id
: VM ID.
output "instance_external_ip"
: Public IP address of the VM to return in the output:value
: Returned value.
For more information about the
yandex_compute_instance
data source parameters, see the relevant provider documentation . -
Create the resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
Terraform will create all the required resources and display the output variable values in the terminal. To check the results, run this command:
terraform output instance_external_ip
Result:
instance_external_ip = "158.160.50.228"
-
To get basic information about a VM, use the get REST API method for the Instance resource or the InstanceService/Get gRPC API call.
The basic information does not include any custom metadata provided when creating or updating the VM. To get the information along with the metadata, specify view=FULL
in the parameters.
Getting information from within a VM
From inside the VM, the metadata service is accessible at the IP address 169.254.169.254
.
Currently, the Yandex Cloud metadata service returns metadata in Google Compute Engine and Amazon EC2 formats.
Google Compute Engine
The Yandex Cloud metadata service allows you to return metadata in Google Compute Engine format.
HTTP request
GET http://169.254.169.254/computeMetadata/v1/instance/
? alt=<json|text>
& recursive=<true|false>
& wait_for_change=<true|false>
& last_etag=<string>
& timeout_sec=<int>
Metadata-Flavor: Google
Where:
alt
: Response format. The default value istext
.recursive
: Iftrue
, it returns all values in the tree recursively. The default value isfalse
.wait_for_change
: Iftrue
, this response will be returned only when one of the metadata parameters is modified. The default value isfalse
.last_etag
: ETag from the previous response to a similar request. Use ifwait_for_change="true"
.timeout_sec
: Maximum request timeout. Use ifwait_for_change="true"
.
Request examples
Get the ID of a VM from within it:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/id
Get metadata in JSON format:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/?recursive=true
Get metadata in an easy-to-read format by using jq
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/?recursive=true | \
jq -r '.'
Get an identity document:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/vendor/identity/document
List of returned elements
List of elements available for this request:
attributes/
: Custom metadata provided in themetadata
field when creating or updating the VM.attributes/ssh-keys
: List of public SSH keys provided in themetadata
field through thessh-keys
value when creating the VM.description
: Text description provided when creating or updating the VM.disks/
: Disks attached to the VM.hostname
: FQDN assigned to the VM.id
: VM ID. The ID is generated automatically when creating the VM and is unique within Yandex Cloud.name
: Name provided when creating or updating the VM.networkInterfaces/
: Network interfaces connected to the VM.service-accounts
: Service accounts linked to the VM.service-accounts/default/token
: Yandex Identity and Access Management token of the linked service account.
Other elements, such as project
, are used for backward compatibility and remain empty.
Amazon EC2
The Yandex Cloud metadata service allows you to return metadata in Amazon EC2 format. This format has no support for custom metadata fields.
HTTP request
GET http://169.254.169.254/latest/meta-data/<element>
Where <element>
is the path to the element you want to get. If the element is omitted, the response returns a list of available elements.
List of returned elements
List of elements available for this request.
Note
The angle brackets contain parameters to replace with values. For example, instead of <MAC_address>
, you should specify the MAC address of the network interface.
hostname
: Host name assigned to the VM.instance-id
: VM ID.local-ipv4
: Internal IPv4 address.local-hostname
: Host name assigned to the VM.mac
: MAC address of the VM network interface.network/interfaces/macs/<MAC_address>/ipv6s
: Internal IPv6 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/local-hostname
: Host name associated with the network interface.network/interfaces/macs/<MAC_address>/local-ipv4s
: Internal IPv4 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/mac
: MAC address of the VM network interface.public-ipv4
: Public IPv4 address.
Request examples
Get an internal IP address from within a VM:
curl http://169.254.169.254/latest/meta-data/local-ipv4
Get an identity document:
curl http://169.254.169.254/latest/vendor/instance-identity/document
Configuring VM metadata service parameters
You can configure metadata service parameters when creating or updating VMs.
Available options:
-
aws-v1-http-endpoint
: Provides access to metadata using AWS format (IMDSv1). It can be eitherenabled
ordisabled
. If set todisabled
, the metadata request will fail with error400
(BadRequest
). The default value isenabled
. -
aws-v1-http-token
: Enables using AWSv1 (IMDSv1) metadata to get the service account token for the VM. It can be eitherenabled
ordisabled
. If set todisabled
, the token request will fail with error400
(BadRequest
). The default value isdisabled
.Note
The IMDSv1 format comes with a number of security vulnerabilities; therefore,
aws-v1-http-token
is set todisabled
by default. The most severe flaw of IMDSv1 is its high risk of attacks, such as SSRF . You can read more about it in the AWS official blog . To change the default behavior of this parameter, contact support .The most secure way to get a token in Yandex Cloud is to use the Google Compute Engine format, which provides an extra header to protect against SSRF.
-
gce-http-endpoint
: Provides access to metadata using the Google Compute Engine format. It can be eitherenabled
ordisabled
. If set todisabled
, the metadata request will fail with error400
(BadRequest
). The default value isenabled
. -
aws-v1-http-token
: Enables using Google Compute Engine metadata to get the service account token for the VM. It can be eitherenabled
ordisabled
. If set todisabled
, the token request will fail with error400
(BadRequest
). The default value isenabled
.
You can get the values of the metadata service parameters together with the VM information using the CLI and API.
To configure metadata service parameters for a VM:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for updating VM parameters:
yc compute instance update --help
-
Get a list of VMs in the default folder:
yc compute instance list
-
Select
ID
orNAME
of the VM you need. -
Define the metadata service settings using the
--metadata-options
parameter:yc compute instance update <VM_ID> \ --metadata-options gce-http-endpoint=enabled
If you don't have Terraform, install it and configure the Yandex Cloud provider.
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
-
Open the Terraform configuration file and change the
metadata_options
parameter in the VM description:... resource "yandex_compute_instance" "test-vm" { ... metadata_options { aws_v1_http_endpoint = 2 aws_v1_http_token = 2 gce_http_endpoint = 0 gce_http_token = 0 } ... } ...
Where:
yandex_compute_instance
: VM description.metadata_options
: Metadata parameters:aws_v1_http_endpoint
: Provides access to metadata using AWS format (IMDSv1). Possible values:0
,1
forenabled
and2
fordisabled
.aws_v1_http_token
: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values:0
,1
forenabled
and2
fordisabled
.gce_http_endpoint
: Provides access to metadata using Google Compute Engine format. Possible values:0
,1
forenabled
and2
fordisabled
.gce_http_token
: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values:0
,1
forenabled
and2
fordisabled
.
For more information about the
yandex_compute_instance
resource parameters in Terraform, see the relevant provider documentation . -
Create the resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder with the settings you defined. You can check the new resources and their settings using the management console
or this CLI command:yc compute instance get <VM_name>
-
Use the update REST API method for the Instance resource or the InstanceService/Update gRPC API call.
Removing SSH keys from metadata
- In the management console
, select the folder the VM belongs to. - Select Compute Cloud.
- Click the VM name.
- In the top-right corner of the page, click
Edit VM. - Open the Metadata menu and remove the keys by clicking
.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for removing metadata:
yc compute instance remove-metadata --help
-
Remove the keys:
yc compute instance remove-metadata <VM_ID> --keys <SSH_key_name>
To remove SSH keys from the VM metadata, use the updateMetadata REST API method for the Instance resource or the InstanceService/UpdateMetadata gRPC API call.
In your request, provide the delete
parameter with the SSH key.
REST API request example
curl \
--request POST \
--header "Authorization: Bearer <IAM_token>" \
--data '{"delete":["<SSH_key_name>"]}' \
https://compute.api.cloud.yandex.net/compute/v1/instances/<VM_ID>/updateMetadata