Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Getting information about a VM

Written by
Improved by
Updated at November 21, 2024

To get basic information about each VM you created, go to the management console and open the VM page. To get detailed information with custom metadata, use the CLI or API.

You can also get basic information and metadata from inside a VM.

Getting information from outside a VM

On the Virtual machines page in the Compute Cloud service, you can find a list of VMs in the folder and brief information for each of them.

For more information about a certain VM, click the line with its name.

Tabs:

  • Overview shows general information about the VM, including the IP addresses assigned to it.
  • Disks provides information about the disks attached to the VM.
  • File storages provides information about the file storage attached.
  • Operations lists operations on the VM and resources attached to it, such as disks.
  • Monitoring shows information about resource consumption on the VM. You can only get this information from the management console or from inside the VM.
  • Serial console provides access to the serial console if enabled when creating the VM.
  • Serial port provides information that the VM outputs to the serial port. To get this information via the API or CLI, use the Getting serial port's output guide.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the command for getting serial port output:

    yc compute instance get --help

  2. Select a VM, such as first-instance:

    yc compute instance list

    Result:

    +----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

  3. Get basic information about the VM:

    yc compute instance get first-instance

    To get VM information with metadata, use the --full flag:

    yc compute instance get --full first-instance

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. In the Terraform configuration file, describe the parameters of the resources you want to create:

    data "yandex_compute_instance" "my_instance" {
  instance_id = "<VM_ID>"
}

output "instance_external_ip" {
  value = "${data.yandex_compute_instance.my_instance.network_interface.0.nat_ip_address}"
}

    Where:

    • data "yandex_compute_instance": Description of the data source to get VM information from:
      • instance_id: VM ID.
    • output "instance_external_ip": Public IP address of the VM to be presented in the output:
      • value: Returned value.

    For more information about the yandex_compute_instance data source parameters, see the provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    Terraform will create the required resources and display the output variable values in the terminal. To check the results, run:

    terraform output instance_external_ip

    Result:

    instance_external_ip = "158.160.50.228"

To get basic information about a VM, use the get REST API method for the Instance resource or the InstanceService/Get gRPC API call.

The basic information does not include the user-defined metadata provided when creating or updating the VM. To get the information along with the metadata, specify view=FULL in the parameters.

Getting information from inside a VM

From inside the VM, the metadata service is accessible at the IP address 169.254.169.254.

Currently, the Yandex Cloud metadata service returns metadata in Google Compute Engine and Amazon EC2 formats.

Google Compute Engine

The Yandex Cloud metadata service allows you to return metadata in Google Compute Engine format.

HTTP request

GET http://169.254.169.254/computeMetadata/v1/instance/
  ? alt=<json|text>
  & recursive=<true|false>
  & wait_for_change=<true|false>
  & last_etag=<string>
  & timeout_sec=<int>
Metadata-Flavor: Google

Where:

  • alt: Response format (by default, text).
  • recursive: If true, it returns all values in the tree recursively. The default address is false.
  • wait_for_change: If true, this response will be returned only when one of the metadata parameters is modified. The default address is false.
  • last_etag: The ETag value from the previous response to a similar request. Use if wait_for_change="true".
  • timeout_sec: Maximum request timeout. Use if wait_for_change="true".

Request examples

Find out the ID of a VM from inside it:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/id

Get metadata in JSON format:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/?recursive=true

Get metadata in an easy-to-read format. Use the jq utility:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/?recursive=true | \
  jq -r '.'

Getting an identity document:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/vendor/identity/document

List of returned elements

List of elements available for this request:

  • attributes/: User-defined metadata provided in the metadata field when creating or updating the VM.
  • attributes/ssh-keys: List of public SSH keys provided in the metadata field through the ssh-keys value when creating the VM.
  • description: Text description provided when creating or updating the VM.
  • disks/: Disks attached to the VM.
  • hostname: FQDN assigned to the VM.
  • id: VM ID. The ID is generated automatically when the VM is being created and is unique within Yandex Cloud.
  • name: Name provided when creating or updating the VM.
  • networkInterfaces/: Network interfaces connected to the VM.
  • service-accounts: Service accounts linked to the VM.
  • service-accounts/default/token: Yandex Identity and Access Management token of the linked service account.

Other elements, such as project, which are used for backward compatibility and remain empty.

Amazon EC2

The Yandex Cloud metadata service allows you to return metadata in Amazon EC2 format. This format has no support for user-defined metadata fields.

HTTP request

GET http://169.254.169.254/latest/meta-data/<element>

Where <element> is the path to the element you want to get. If the element is omitted, the response returns a list of available elements.

List of returned elements

List of elements that are available for this request.

Note

The angle brackets contain parameters to replace with values. For example, instead of <MAC_address>, you should specify the MAC address of the network interface.

  • hostname: VM hostname.
  • instance-id: VM ID.
  • local-ipv4: Internal IPv4 address.
  • local-hostname: VM hostname.
  • mac: MAC address of the VM network interface.
  • network/interfaces/macs/<MAC_address>/ipv6s: Internal IPv6 addresses associated with the network interface.
  • network/interfaces/macs/<MAC_address>/local-hostname: Hostname associated with the network interface.
  • network/interfaces/macs/<MAC_address>/local-ipv4s: Internal IPv4 addresses associated with the network interface.
  • network/interfaces/macs/<MAC_address>/mac: MAC address of the VM network interface.
  • public-ipv4: Public IPv4 address.

Request examples

Getting an internal IP address from inside a VM:

curl http://169.254.169.254/latest/meta-data/local-ipv4

Getting an identity document:

curl http://169.254.169.254/latest/vendor/instance-identity/document

Setting up metadata service parameters for a VM instance

You can set up metadata service parameters when creating or updating VMs.

You can use the following settings:

  • aws-v1-http-endpoint: Provides access to metadata using AWS format (IMDSv1). Possible values: enabled, disabled.

  • aws-v1-http-token: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values: enabled, disabled.

    Note

    The IMDSv1 format has certain drawbacks in terms of security, which is why the aws-v1-http-token parameter is disabled by default. The most severe drawback of IMDSv1 is its high risk of certain attacks, e.g., SSRF. You can read more about it in the AWS official blog. To change the default behavior of this parameter, contact support.

    The safest method to obtain the token in Yandex Cloud is to use Google Compute Engine format, which uses an extra header for protection against SSRF.

  • gce-http-endpoint: Provides access to metadata using Google Compute Engine format. Possible values: enabled, disabled.

  • gce-http-token: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values: enabled, disabled.

To set up metadata service parameters for a VM instance:

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View a description of the CLI command for updating VM parameters:

    yc compute instance update --help

  2. Get a list of VMs in the default folder:

    yc compute instance list

  3. Select the ID or NAME of the VM you need.

  4. Set the metadata service settings using the --metadata-options parameter:

    yc compute instance update <VM_ID> \
  --metadata-options gce-http-endpoint=enabled

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

  1. Open the Terraform configuration file and change the metadata_options parameter in the VM description:

    ...
resource "yandex_compute_instance" "test-vm" {
  ...
  metadata_options {
    aws_v1_http_endpoint = 2
    aws_v1_http_token    = 2
    gce_http_endpoint    = 0
    gce_http_token       = 0
  }
  ...
}
...

    Where:

    • yandex_compute_instance: VM description.
      • metadata_options: Metadata parameters:
        • aws_v1_http_endpoint: Provides access to metadata using AWS format (IMDSv1). Possible values: 0, 1 for enabled and 2 for disabled.
        • aws_v1_http_token: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values: 0, 1 for enabled and 2 for disabled.
        • gce_http_endpoint: Provides access to metadata using Google Compute Engine format. Possible values: 0, 1 for enabled and 2 for disabled.
        • gce_http_token: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values: 0, 1 for enabled and 2 for disabled.

    For more information about the yandex_compute_instance resource parameters in Terraform, see the provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    All the resources you need will then be created in the specified folder with the settings you defined. You can check the new resources and their settings using the management console or this CLI command:

    yc compute instance get <VM_name>

Use the update REST API method for the Instance resource or the InstanceService/Update gRPC API call.

Removing SSH keys from metadata

  1. In the management console, select the folder the VM belongs to.
  2. Select Compute Cloud.
  3. Click the VM name.
  4. In the top-right corner of the page, click Edit VM.
  5. Open the Metadata menu and remove the keys by clicking .

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View a description of the CLI command to remove metadata:

    yc compute instance remove-metadata --help

  2. Remove the keys:

    yc compute instance remove-metadata <VM_ID> --keys <SSH_key_name>

To remove SSH keys from the VM metadata, use the updateMetadata REST API method for the Instance resource or the InstanceService/UpdateMetadata gRPC API call.

In your request, provide the delete parameter with the SSH key.

REST API request example

curl \
  --request POST \
  --header "Authorization: Bearer <IAM_token>" \
  --data '{"delete":["<SSH_key_name>"]}' \
  https://compute.api.cloud.yandex.net/compute/v1/instances/<VM_ID>/updateMetadata
Previous
Getting information about a public image
Next
Getting serial port's output