Hacker News new | past | comments | ask | show | jobs | submit login
Free Linux cloud shell for Gmail users (cloud.google.com)
194 points by mondainx on Jan 27, 2018 | hide | past | favorite | 86 comments

(I work for Google Cloud)

If you want to learn more about Cloud Shell, the marketing page is here: https://cloud.google.com/shell/

Cloud Shell is one of my favorite things about GCP. A lot of dev tools (Docker, Python/Go/Node/Ruby/Java/.Net, etc) are pre-installed, you can test "localhost" servers with the preview feature, there is a built in file editor (based on the open source Orion project), etc. And it's all free!

This link will directly open the shell in a full page, and I'm not sure it will work unless you have set up your GCP account before. It's really not designed to be opened this way, I recommend opening it from the GCP console and then making it full screen if your want.

Also note: Cloud Shell gives you a persistent 5GB /home Directory, but every other folder is reset after a while. If you want to add your own binaries, I'd recommend adding home to your path and installing them there.

Can I give you a tidbit of feedback?

If the instance is ephemeral, I need to manage everything in HOME and that's fine. For Python, that basically means using Virtualenv. That works fine at the moment for python 2.7, but 3.x on Debian requires the package python3-venv, which is not installed by default - and sure enough, it's missing in Cloud Shell.

It's a bit annoying having to apt-get install python3-venv every time. Any chance it could be preinstalled? It's such an essential tool for modern python development...

You can tell virtualenv to use an arbitrary python interpreter, even pypy, using `--python=/path/to/python/interpreter`.

But then I have to install the virtualenv script in every dev environment, when really the stdlib version is perfectly fine and requires no extra hacks.

It's an annoyance specific to Debian and to this day I'm not sure I understand the rationale for splitting it out of the main python3 package.

I'm building python 3.6.4 from source and stashing it in $HOME. No errors so far.

EDIT: Worked great!

    @cloudshell:~/python3/bin$ ./ipython3
    Python 3.6.4 (default, Jan 28 2018, 00:39:17)
    Type 'copyright', 'credits' or 'license' for more information
    IPython 6.2.1 -- An enhanced Interactive Python. Type '?' for help.
    In [1]: from __future__ import braces
      File "<ipython-input-1-6d5c5b2f0daf>", line 1
        from __future__ import braces
    SyntaxError: not a chance

Will Google record the input from the users and/or analyze it?

I cannot confirm your answer.

In "6. Data Deletion" Google assures that data will be delete in a reasonable fashion upon request or on expiry of the term. Google reserves the right to share the data with other entities in "11.2 Information about Subprocessors" which are listed in [0]. I assume that the data will also be deleted from the subprocessors. It is also stated that the function is explained, yet an exhaustive explanation is missing. The most informative I can find is that they "provide customer and technical support" besides some non-exclusive examples of activities.

Also, I see no part that ensures Google won't analyze the data, like for example to train neural networks. Could you point me to it?

[0] https://cloud.google.com/terms/subprocessors

It is one of a few tunnels that things like Websense can't recognize. Well known to consultants stranded on networks heavily controlled by their F500 clients.

Thanks for the summary of Cloud Shell, I was not previously aware of it.

Any idea why Apache and Gradle are installed in the root directory? Normally, these would be in `opt` or some such.

Most likely because of this [0]

> any modifications that you made to it outside your $HOME are lost.

[0] https://cloud.google.com/shell/docs/limitations#custom_insta...

Well, that applies to the user, not to whoever spun the distro to begin with. Google could have put them wherever they wanted.

Anyway, not a huge deal, just a bit odd. And evoking my OCD: ...must...keep...clean...root.

Any chance of getting Haskell on there?

I install the GHC everytime I want to use haskell on the Cloud Shell. It takes literaly like 30 seconds.

The Cloud Shell is a Debian Stretch container, so it's easy to install packages as you will. If you want them to be persistent install them on your home folder and add the route to your env vars.

Before you get excited, read about limitations:


And if you'd rather use something on a higher level of abstraction, there's also Google Apps Script (https://www.google.com/script/start/)

From one way of thinking, Apps Script is a lot like AWS Lambda; but from another way of thinking, Apps Script is more like OS automation workflows that happen to run in your cloud account rather than on your computer.

Personally, I think of Apps Script as being more like the cloud-based equivalent of VBA.

I always thought the better parallel for lamda was cloud functions, but I might be biased.

It's available for to anyone that has a Google account.

You don't have to be a "Gmail user".

You do need to register as a business if you are located in EMEA. There is no private/personal option. This is a huge showstopper for me and, in my opinion, anyone who wants to use it for educational purposes.

> You do need to register as a business if you are located in EMEA.

Is that a T&C rule or a technical block? Because I'm in EMEA, not registered as a business, and it opened for me just fine.

It's inquired when you first register for GCP. If beforehand you've selected EMEA country there will be no option to choose between personal/business.

GCP support did respond to my inquiry and they specified that it's the case in whole EMEA.

P.S I just tried and it appears they've added option to switch to "Individual". Great!

You don't have to register for GCP to use the cloud shell.

I recall there was a specific reason for this - does anyone else know why? Is Google working on the legal/tax implications of fixing it?

I believe it's individual VAT handling. They've solved it for EU citizens but for instance, about Russia, it still says [1]:

"In Russia, Google Cloud Platform services can be used only for business purposes. Warning: If the sole purpose for which you want to use Google Cloud Platform services has no potential economic benefit you should discontinue your use of the service"

It used to say the same thing about EU citizens for a while. The line about "no potential economic benefit" is pretty bizarre as far as far as I've seen...


[1] https://cloud.google.com/billing/docs/resources/vat-overview...

To me the quoted sentence is pretty well-written:

>Warning: If the sole purpose for which you want to use Google Cloud Platform services has no potential economic benefit you should discontinue your use of the service"

To me this says: "Anything and everything can become a side project at any moment or be used to help support a business and therefore (in my opinion) everything can be thought of as a business or supporting a business. If there is no potential conceivable way to view anything you might ever do on the platform as conceivably pivoting into a startup or supporting a startup or any other business need in the future, or creating any economic (business) benefit then you should discontinue it. Everyone else can just say they might be a side project / pivot or be used as a business in the future, or used to support a business or otherwise produce value, since there is no way to show otherwise."

With this lens it makes perfect sense that if the SOLE purpose has NO potential (potential!!!) economic benefit (i.e. used to at least support a business or create value) then you should discontinue it. This warning applies basically to no one.

It's really an excellent sentence, I like it a lot.

With my Google Chrome 64.0.3282.119 instance, there is no user selector it seems, which is causing authentication to fail, which then causes an infinitely repeating loop of reconnection attempts all leading to a 404 or 401 response in JSON.

+1, not having the user selector on this is a pain, more than once ive spun up some resources on a personnal account accidentally

I always try with private browsing mode when their login system gets into this state.

Wow, even has dotnet. Including C#, F# and Visual Basic.

    $ find /opt/dotnet/ -name \*.sh

This is nice. If we could ssh into it, it would be great! Is that feature coming soon?

I don't think that feature is planned. However, you can get a f1-micro VM for free:


You're allowed out to port 22 so maybe you could some tunneling.

Haven't tried it and it may be against the conditions.

How does this work? Given that its PID1 is not a "real" init process but a bash running the script `/google/scripts/onrun.sh` and its / being type `aufs`, I guess this is a Debian Docker instance?

Yep, /etc/debian_version is 9.3.

It has a docker0 network interface (among others)

> It has a docker0 network interface (among others)

That's for the dockerd which is running inside the ... VM?

The interesting thing is that the uptime and dmesg show that this system is not shared on the kernel level - if I were to guess, I'd say that Google allocates a real virtual machine with a tiny OS running Docker, starts the docker container inside this VM and then grants you webshell/ssh access to this Docker container.

But why the Docker setup when the machine is yours anyway?

You're right... and docker works:

    $ docker pull hello-world
    $ docker run hello-world

    Hello from Docker!
    This message shows that your installation appears to be working correctly. 
Not surprising since two of the outgoing ports allowed are 2375 and 2376 -- the docker non-ssl and ssl ports.

A minor note: docker run will download the image if it's not already present. No need to pull manually (unless you want to go offline or something like that).

Regarding whether it is a container or VM I'd guess the former.

But not Docker. More likely Google's own container tech which I'm pretty sure way predated Docker.

Correct me if I'm wrong - but no kind of Linux container technology could fake dmesg/uptime. Doesn't this need at least some form of virtualization like Xen, QEMU/KVM or whatever dark magic?

Eh, if you use lxcfs with LXD, LXC, or docker, you can fake uptime.

This looks cool. I wonder how does the sandboxing work since it looks like docker but some things are different.

I am curious because we made a somewhat similar tool for conducting interviews[1] but ours has collaboration too.

[1] https://codepad.remoteinterview.io/

Wow, Debian 3.9 kernel.

Has ssh, vim, tmux, and docker installed. I'm guessing this is either a container itself or a Debian vm.

I'm still finding new things that are installed and useful. I would find myself using it to QA docker compositions I write. The question is can I host from this instance?

It's a container. And what do you mean by host? You can definitely run containers in it, and an ephemeral external IP. There is a button at the top right that shows what you are running on port 8000 from the outside, handy to test whatever you are running.

Would be great for your shell to automount your Google drive. (I know Google Drive isn't a real distributed file system, but the point stands... and if GDrive doesn't work, how about Google making an actual distributed/network file system that I can own for this purpose, like AWS EFS?)

Interesting, upon 'ps aux', There's a 'sleep infinity' process running.

Docker maybe? I know that's one way to keep a docker container open.

Does this have something specific to do with Gmail? Or is it just that it’s another thing (a separate, independent feature of your Google account) that you get for free, as part of being a Gmail user?

This has nothing to do with Gmail. It is part of Google Cloud. Both Gmail and GCP use your Google Account. The title is misleading.

(I work for Google Cloud)

I run sudo npm install -g n and then sudo n8.9.4 but I got an error "sudo: n: command not found". How can I use n?

is this down at the moment? (Sat Jan 27 23:18:48 UTC 2018) the ux seems to be hanging, trying to contact https://ssh.cloud.google.com ...

"slashdotted?", or whatever the hackernews term for that is?

... of course, moments after i posted this comment, it started responding again. Growing pains, I suppose, or temporary burp.

Delay for spinning up new instances?

Interesting how they make use of tmux sessions for the cloud shell session feature.

I setup an IPSec tunnel on it a while ago just to test , pretty neat IMO

Wow, I find GCP to be much less straightforward to use than AWS.

This is pretty cool. Thanks for sharing.

can I ssh into it? does it have a public ip?

If you want a free Linux box with a Public IP and SSH, I'd recommend spinning up an f1-micro VM. It's part of the permanent free tier:


Cloud Shell is a "temporary" instance, really meant for interactive Dev/Admin work.

(I work for GCP)

Thanks for taking the time to comment. I wasn't aware there was a free tier. I really appreciate that it's an actual free tier:

"Thanks for signing up for the 12-month free trial.

We've given you $300 in free trial credit to spend. If you run out of credit, don't worry, you won't be billed until you give your permission."

[ed: and as mentioned above there are instances that don't consume any of those 300 credits]

So there is the free trial and the free tier.

The free trial is $300 for 12 months that you can spend on pretty much anything (I think there are some limits on GPUs due to abuse).

The free tier is free forever, no dollar limits or time limits. This includes the 24/7 f1-micro, 28 App Engine hours per day, Cloud Datastore, Firebase stuff, some Cloud Functions, etc.

In the free tier, is it "fair game" to run 10 instances of the f1-micro?

I would like to test the throughput, measure uptime over a few months, and check how well it handles DDOS. I would configure 10x static IPv4 and IPv6 to make sure it does not impact anyone else.

I plan to setup a nginx serving a few static pages with a Round Robin DNS on a subdomain.

Free trial, yes. Free tier, no.

Basically the free tier subtracts the cost of a f1-micro from your monthly bill if you have at least one running.

Thanks for the precision! It avoids a bad surprise :-)

Do you know if a f1-micro can cost more than $4 per month if it is used extensively? By that, I just mean 100% cpu usage, 100% of the 5Gb disk quota, with just 1 IPv4 and 1 IPv6.

I like the scalability, but I want my clients to know that their bill will not "fluctuate".

Cost-wise, $40 for 10 IPv4 is in the upper tier (some OVH resellers give you 16 IPv4 on some decent dedicated server) but for what I need (low latency), the wide geographic coverage could still make it worthwhile.

Network Egress is not included in the price, so you have to keep that in mind. Ingress is free. Otherwise, feel free to use 100% 24/7.

If your cost requirements are that low and you primarily want to rely on static instances then there are better hosting options. I remember when my firm switched and we now pay thousands of dollars for the flexibility of cloud providers.

I wasn't aware there was a free tier. I really appreciate that it's an actual free tier:

Neither was I, agreed! Thank you for sharing, now I can actually test a few services to see if it makes sense migrating some of our microservices (or probably better stated: nanoservices) to gCloud that are currently running on expensive bare metal (wasn't my call, I'm just trying to get us to modernize).

Is there a way to use permanent free tier f1-micro without also triggering free trial 12 month? I don't want to use free trial right now but would want to test f1-micro.

Quick feedback: it's the first time that I have looked into GCP and compared to AWS the UX is by far sub standard. Even with $300 credits I am not tempted to make use of it.

Would you be able to expand on your thoughts here? If there are specific elements that are bothering you, click the"..." In the top right of the cloud console and "Send Feedback" with specific issues.

Ugh, as soon as I signed up I got locked out of Google Payments due to "fraud protection"... when I used the same computer I always use and the same credit card number as I've used before without any problems. I have no clue what is going on, but come on guys... nobody's going to want to trade in a government issued ID to exchange for a "free" VM.

Consider contacting Google cloud or payment support people. Also maybe check with your credit card company to see how they responded to any payment request from Google.

Payment request...? Didn't they say there is no charge unless and until you affirm that you want to pay?

No idea, but if you entered a credit card number I'm gonna guess they did a pre-auth for $1 or something like that to verify it's valid.

Python 2.7 by default?

Python 3.5 is also preinstalled.

No Lua preinstalled


This is actually a great teaching tool. Firebase (my team) uses them for in person code labs. It's a huge time saver to know that everyone already has access to a Linux machine with the developer tools and helps the class jump right into meaty bits.

Also, fetching dependencies to a machine in a data center avoids bringing down the wifi in a class.

Actually if you’re frustrated with the web ui then just drop into a cloud shell instance and do everything from there “in the command line”

And even though the UI can be a bit sluggish at times i can’t say AWS was any better last time I used it

No Ruby Pre-installed.

Works for me.

$ ruby --version ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]

Last I looked, Cloud Shell was still pretty tiny instances, with no paid option for more (wth isn’t there a super boost mode that I pay for, at least?!), and the integrated editor was meh. I suppose I could use it with the gcloud CLI and docker-machine as a sort of orchestration console to bring up more boxes, but then I have to remember to kill them or I get a huge bill. (This has happened to me on DO before.)

AWS Cloud9 lets me pay for a single big honkin ec2 that backs the IDE, has a better editor, browser ssh support—and has a built in option to suspend the “expensive” instance after 30 mins of inactivity.

I loved Cloud Shell but the inability to let me pay for a bigger backing instance or more storage is a real limitation. (One of my commonly worked on projects takes 25 mins to compile on a boost mode Cloud Shell instance, and operates on ~80GiB of data.) Cloud9 is at a real advantage here.

Whoever first integrates Atom, though (all of these seem to use Ace), I think will be the real winner.

the integrated editor was meh

Cloud Shell has Vim 8 installed, which you can use instead.

I meant the local one. Remote editing over ssh is a nonstarter.

> I loved Cloud Shell but the inability to let me pay for a bigger backing instance or more storage is a real limitation.

Except Cloud Shell has Boost Mode:


> Whoever first integrates Atom, though (all of these seem to use Ace), I think will be the real winner.

Google's is based on Orion, not Ace.

Boost mode is still not a powerful instance.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact