You can launch an HA configuration of SFTP Gateway using a yaml configuration file. High-availability requires additional resource types like a database, load balancer, and autoscaler. The Google Deployment Manager coordinates the provisioning of these resources.
These instructions are for provisioning SFTP Gateway version
- Enable Cloud Storage Admin Api
- Enable Cloud Resource Manager Api
- Create a Peered Service Network for the default VPC by following the steps at: https://cloud.google.com/database-migration/docs/mysql/configure-connectivity-vpc-peering#configure-access
Navigating to the command line interface
In the GCP Console, you should see the Cloud Shell icon at the top of your screen, to the right of the search bar. Click this to open up the command line console.
- Create a yaml configuration file (config.yaml) with the command:
- Then use your favorite command line text editor to edit the file:
- Paste this into the config.yaml file and change the first (188.8.131.52/32) adminSourceRanges property to your own IP address. Keep the 184.108.40.206/20 IP address as this is a Google address and allows you to SSH via the Google console. You only need to configure the properties since we're referencing a script to create the resources such as the database and load balancer for example.
resources: - name: solution type: gs://sftpgateway-public-scripts/deploy/v3.3.3/solution.jinja properties: adminSourceRanges: 220.127.116.11/32, 18.104.22.168/20 isHighlyAvailable: True
The solution uses sensible defaults to configure the architecture. The adminSourceRanges property is required for accessing the admin console and expects a comma-separated list of CIDR addresses from which you'd like to access the admin UI.
Optional properties include:
- isHighlyAvailable (Default: False) If set to True, High Availability will create a managed database service, autoscaler, and load balancer. SFTP Gateway instances are spread to different zones within a region, allowing it to automatically recover if a zone fails. Since we want High Availability you want this set to True.
- adminUsername (Default: admin)
- zone (Default: us-east1-c)
- machineType (Default: e2-medium)
- Run this command to deploy the solution, replacing 'sftpgw-deployment-name' with your desired deployment name:
gcloud deployment-manager deployments create sftpgw-deployment-name --config config.yaml
- Once the deployment has succeeded, run this command to generate the deployments output such as the admin credentials and external ip address. Make sure you're replacing 'sftpgw-deployment-name' with the name you used in the previous command:
gcloud deployment-manager manifests describe --deployment sftpgw-deployment-name --format json | python -c "import sys, json; print(json.load(sys.stdin)['layout'])"
- Note the "finalValue" for outputs named
adminPasswordas you will need these to access the SFTP Gateway admin console. For example, the output of the previous step could look like:
resources: - name: solution outputs: - finalValue: sftpgw-deployment-name name: deployment value: sftpgw-deployment-name - finalValue: sftp-gateway name: project value: sftp-gateway - finalValue: 22.214.171.124 name: vmExternalIP value: $(ref.solution-vm-tmpl.ip) - finalValue: '942030955628191395' name: vmId value: $(ref.sftpgw-deployment-name-vm.id) - finalValue: 10.142.0.26 name: vmInternalIP value: $(ref.solution-vm-tmpl.internalIP) - finalValue: admin name: adminUsername value: admin - finalValue: KyT+xjn1inoo name: adminPassword value: $(ref.generated-password-admin.password) properties: adminUsername: admin bootDiskSizeGb: 20 ...
In this example you will see that the
Access the SFTP Gateway console
In your browser, navigate to the
vmExternalIp. Then use the
adminPassword values from your deployment to log into SFTP Gateway.
You now have access to add SFTP Users and do further configuration in the SFTP Gateway admin console.
Access the VM via SSH
In the Google console, go to your VM and under the details tab, go to SSH -> Open in browser window on custom port.
When prompted for the custom port, use port 2222. You should now be connected to the VM.