Deploy a GCP server with an enrollment token
This topic explains how to deploy an Ubuntu or Debian Google Cloud Platform (GCP) server with systemd using user data and an Advanced Server Access enrollment token. You may need to modify this process to fit your specific needs
Creating a cloud server with user data means that the Advanced Server Access agent is simultaneously installed when you create a server with a cloud provider. Using user data to install software on a new cloud server can be done through any cloud provider, although user data helps dictate the specific software that you want on your servers. Installing the Advanced Server Access agent on a cloud server doesn't have to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.
- Create an Advanced Server Access enrollment token
- Create a GCP project
- Create and enroll a virtual machine using user data
- Next steps
Google Cloud Platform
|Google Cloud Platform account||A Google Cloud Platform account is needed to access the GCP console, where you create virtual machines for your team.|
Advanced Server Access
|Advanced Server Access team||The top-level object that represents an Okta org within Advanced Server Access.|
|Advanced Server Access project||The authorization-scope of your team, organizing your users, groups, and servers.|
Create an Advanced Server Access enrollment token
- From the Advanced Server Access dashboard, click Projects.
- Select the project you want to add the server to.
Go to the Enrollment tab and click Create Enrollment Token.
Note: You can use the same enrollment token every time you add a server to your team. If you have already created an enrollment token, skip this step.
- Enter a description for the token, then click Submit.
After the token has been successfully created, note the string of characters from the Token field and store them in a safe location.
Create a GCP project
- Navigate to the Google Cloud Platform console and sign in to your account.
- From the Select a project menu, click New Project.
- Create a new name for your project and use the Location field to set its parent organization or folder .
- Click Create when you've finished creating your project.
- From the dashboard of your new project, copy the Project ID number from the Project Info section and store it in a safe location.
Note: To locate the project dashboard, use the Select a project field at the top of the console.
Create and enroll a virtual machine using user data
- From the GCP Console, select Compute Engine and then VM instances.
- If prompted, select your new project from the Select a project dropdown.
- Click Create.
- Create a name for your new server and set its region and zone. These options determine where your server is located.
- Click Management, security, disks, networking, sole tenancy to expand it.
Enter the following into the User data field:#!/bin/bash echo "Add an enrollment token" sudo mkdir -p /var/lib/sftd echo "<enrollment-token>" | sudo tee /var/lib/sftd/enrollment.token export DEBIAN_FRONTEND=noninteractive echo "Add a basic sftd configuration" sudo mkdir -p /etc/sft/ sftcfg=$(cat <<EOF --- # CanonicalName: Specifies the name clients should use/see when connecting to this host. CanonicalName: "ubuntu-target" EOF ) echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml echo "Retrieve information about new packages" sudo apt-get update sudo apt-get install -y curl echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file" echo "deb http://pkg.scaleft.com/deb/ linux main" | sudo tee -a /etc/apt/sources.list echo "Trust the repository signing key" curl -C - https://dist.scaleft.com/pki/scaleft_deb_key.asc | sudo apt-key add - echo "Retrieve information about new packages" sudo apt-get update echo "Install sftd" sudo apt-get install scaleft-server-tools
Note: This script creates an sftd.yaml file for your server and uses ubuntu-target as its canonical name. Modify and generate this information as needed to fit your team and project environments.
- Replace <enrollment_token> in the user data field with the enrollment token that you created earlier.
- Click Create.
After your server is finished being created on the VM instances page, confirm that the server is listed in the Server tab of your Advanced Server Access project before you attempt to connect to it.