Getting information about a VM
To get basic information about each VM you created, go to the management console
You can also get basic information and metadata from inside a VM.
Getting information from outside a VM
On the Virtual machines page in the Compute Cloud service, you can find a list of VMs in the folder and brief information for each of them.
For more information about a certain VM, click the line with its name.
Tabs:
- Overview shows general information about the VM, including the IP addresses assigned to it.
- Disks provides information about the disks attached to the VM.
- File storages provides information about the file storage attached.
- Operations lists operations on the VM and resources attached to it, such as disks.
- Monitoring shows information about resource consumption on the VM. You can only get this information from the management console or from inside the VM.
- Serial console provides access to the serial console if enabled when creating the VM.
- Serial port provides information that the VM outputs to the serial port. To get this information via the API or CLI, follow the Getting serial port's output guide.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the command to get serial port output:
yc compute instance get --help
-
Select a VM, such as
first-instance
:yc compute instance list
Result:
+----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4******** | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+
-
Get basic information about the VM:
yc compute instance get first-instance
To get VM information with metadata, use the
--full
flag:yc compute instance get --full first-instance
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the Terraform configuration file, describe the parameters of the resources you want to create:
data "yandex_compute_instance" "my_instance" { instance_id = "<instance_ID>" } output "instance_external_ip" { value = "${data.yandex_compute_instance.my_instance.network_interface.0.nat_ip_address}" }
Where:
data "yandex_compute_instance"
: Description of the data source to get VM information from:instance_id
: VM ID.
output "instance_external_ip"
: Public IP address of the VM to output:value
: Returned value.
For more information about the
yandex_compute_instance
data source parameters, see the provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
Terraform will create the required resources and display the output variable values in the terminal. To check the results, run:
terraform output instance_external_ip
Result:
instance_external_ip = "158.160.50.228"
-
Getting information from inside a VM
From inside the VM, the metadata service is accessible at the IP address 169.254.169.254
.
Currently, the Yandex Cloud metadata service returns metadata in Google Compute Engine and Amazon EC2 formats.
Google Compute Engine
The Yandex Cloud metadata service allows you to return metadata in Google Compute Engine format.
HTTP request
GET http://169.254.169.254/computeMetadata/v1/instance/
? alt=<json|text>
& recursive=<true|false>
& wait_for_change=<true|false>
& last_etag=<string>
& timeout_sec=<int>
Metadata-Flavor: Google
Where:
alt
: Response format (by default,text
).recursive
: Iftrue
, it returns all values in the tree recursively. The default value isfalse
.wait_for_change
: Iftrue
, this response is only returned when one of the metadata parameters is modified. The default value isfalse
.last_etag
: ETag value from the previous response to a similar request. Use it whenwait_for_change="true"
.timeout_sec
: Maximum request timeout. Use it whenwait_for_change="true"
.
Request examples
Find out the ID of a VM from inside it:
curl -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/id
Get metadata in JSON format:
curl -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/?recursive=true
Get metadata in an easy-to-read format. Use the jq
curl -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/?recursive=true | jq -r '.'
Getting an identity document:
curl -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/vendor/identity/document
List of returned elements
List of elements available for this request:
attributes/
: User-defined metadata provided in themetadata
field when creating or updating the VM.attributes/ssh-keys
: List of public SSH keys provided in themetadata
field through thessh-keys
value when creating the VM.description
: Text description provided when creating or updating the VM.disks/
: Disks attached to the VM.hostname
: FQDN assigned to the VM.id
: VM ID. The ID is generated automatically when the VM is being created and is unique within Yandex Cloud.name
: Name that was provided when creating or updating the VM.networkInterfaces/
: Network interfaces connected to the VM.service-accounts
: Service accounts linked to the VM.service-accounts/default/token
: Yandex Identity and Access Management token of the linked service account.
Other elements, such as project
, which are used for backward compatibility and remain empty.
Amazon EC2
The Yandex Cloud metadata service allows you to return metadata in Amazon EC2 format.
This format has no support for user-defined metadata fields.
HTTP request
GET http://169.254.169.254/latest/meta-data/<element>
Where <element>
is the path to the element you want to get. If the element is omitted, the response returns a list of available elements.
List of returned elements
List of elements that are available for this request.
Note
The angle brackets contain parameters to replace with values. For example, instead of <MAC_address>
, you should specify the MAC address of the network interface.
hostname
: VM's hostname.instance-id
: VM ID.local-ipv4
: Internal IPv4 address.local-hostname
: VM's hostname.mac
: MAC address of the VM's network interface.network/interfaces/macs/<MAC_address>/ipv6s
: Internal IPv6 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/local-hostname
: Hostname associated with the network interface.network/interfaces/macs/<MAC_address>/local-ipv4s
: Internal IPv4 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/mac
: MAC address of the VM network interface.public-ipv4
: Public IPv4 address.
Request examples
Getting an internal IP address from inside a VM:
curl http://169.254.169.254/latest/meta-data/local-ipv4
Getting an identity document:
curl http://169.254.169.254/latest/vendor/instance-identity/document
Setting up metadata service parameters for a VM instance
You can set up metadata service parameters when creating or updating VMs.
You can use the following settings:
-
aws-v1-http-endpoint
: Provides access to metadata using AWS format (IMDSv1). Acceptable values:enabled
,disabled
. -
aws-v1-http-token
: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Acceptable values:enabled
,disabled
.Note
The IMDSv1 format has certain drawbacks in terms of security, which is why the
aws-v1-http-token
parameter isdisabled
by default. The most severe drawback of IMDSv1 is its high risk of certain attacks, e.g., SSRF . You can read more about it in the AWS official blog . To change the default behavior of this parameter, contact support .The safest method to obtain the token in Yandex Cloud is to use Google Compute Engine format, which uses an extra header for protection against SSRF.
-
gce-http-endpoint
: Provides access to metadata using Google Compute Engine format. Acceptable values:enabled
,disabled
. -
gce-http-token
: Provides access to Identity and Access Management credentials using Google Compute Engine format. Acceptable values:enabled
,disabled
.
To set up metadata service parameters for a VM instance:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command for updating VM parameters:
yc compute instance update --help
-
Get a list of VMs in the default folder:
yc compute instance list
-
Select the
ID
orNAME
of the relevant VM instance. -
Set the metadata service settings using the
--metadata-options
parameter:yc compute instance update <VM_ID> \ --metadata-options gce-http-endpoint=enabled
If you don't have Terraform, install it and configure the Yandex Cloud provider.
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
-
Open the Terraform configuration file and change the
metadata_options
parameter in the VM description:... resource "yandex_compute_instance" "test-vm" { ... metadata_options { aws_v1_http_endpoint = 2 aws_v1_http_token = 2 gce_http_endpoint = 0 gce_http_token = 0 } ... } ...
Where:
yandex_compute_instance
: Description of the VM:metadata_options
: Metadata parameters:aws_v1_http_endpoint
: Provides access to metadata using AWS format (IMDSv1). Possible values:0
and1
:Enabled
;2
:Disabled
.aws_v1_http_token
: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values:0
and1
:Enabled
;2
:Disabled
.gce_http_endpoint
: Provides access to metadata using Google Compute Engine format. Possible values:0
and1
:Enabled
;2
:Disabled
.gce_http_token
: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values:0
and1
:Enabled
;2
:Disabled
.
For more information about the
yandex_compute_instance
resource parameters in Terraform, see the provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder with the settings you defined. You can check the new resources and their configuration using the management console
or this CLI command:yc compute instance get <VM_name>
-
Use the update REST API method for the Instance resource or the InstanceService/Update gRPC API call.
Removing SSH keys from metadata
- In the management console
, select the folder the VM belongs to. - Select Compute Cloud.
- Click the VM name.
- Click
Edit VM in the top-right corner of the page. - Open the Metadata menu and remove the keys by clicking
.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command to remove metadata:
yc compute instance remove-metadata --help
-
Remove the keys:
yc compute instance remove-metadata <VM_ID> --keys <SSH_key_name>
To remove SSH keys from the VM metadata, use the updateMetadata REST API method for the Instance resource or the InstanceService/UpdateMetadata gRPC API call.
In your request, provide the delete
parameter with the SSH key.
Sample REST API request
curl -X POST -H "Authorization: Bearer <IAM_token>" \
-d '{"delete":["<SSH_key_name>"]}' https://compute.api.cloud.yandex.net/compute/v1/instances/<VM_ID>/updateMetadata