Pre-Installed Daemons on Google Compute Engine
I found out that Google Compute Engine instances will come with the Google Guest Environment pre-installed which runs daemons in the background. This is unlike AWS EC2 instances which don't install any daemons (but come with aws-cli pre-installed). We can see the following output when listing the running processes on a new Debian GCE intance:
$ ps ax | grep google
418 ? Ssl 2:52 /usr/bin/google_osconfig_agent
526 ? Ss 2:17 /usr/bin/python3 /usr/bin/google_network_daemon
528 ? Ss 3:32 /usr/bin/python3 /usr/bin/google_accounts_daemon
529 ? Ss 1:14 /usr/bin/python3 /usr/bin/google_clock_skew_daemon
We can check all installed google packages:
$ apt list --installed | grep google
gce-disk-expand
google-cloud-packages-archive-keyring
google-cloud-sdk
google-compute-engine-oslogin
google-compute-engine
google-osconfig-agent
python-google-compute-engine
python3-google-compute-engine
and systemd services:
$ systemctl list-unit-files | grep google
google-accounts-daemon.service enabled
google-clock-skew-daemon.service enabled
google-instance-setup.service enabled
google-network-daemon.service enabled
google-osconfig-agent.service enabled
google-shutdown-scripts.service enabled
google-startup-scripts.service enabled
These packages and services are part of the Google Linux Guest Environment and OS Login Guest Environment.
The GCP docs have some information on the Guest Environment but it lacks details on the specifics of each daemon/script. A better source is the GitHub repo where we can find a good explanation for each daemon and script:
- google-network-daemon: handles network setup for multiple network interfaces on boot and integrates network load balancing with forwarding rule changes into the guest
- google-accounts-daemon: daemon to setup and manage user accounts, and to enable SSH key based authentication
- google-clock-skew-daemon: daemon to keep the system clock in sync after VM start and stop events
- google-instance-setup: scripts to execute VM configuration scripts during boot
- google-startup-scripts/google-shutdown-scripts: run user-provided scripts at VM startup and shutdown
The remaining daemon is the agent for the OS Login Guest Environment. It manages access control when using the OS Login feature by linking linux user accounts to Google accounts (which can then be managed with Cloud IAM). This feature is disabled by default and I'm not sure why the package is installed and the daemon is running.
Uninstall
If all that's needed is a simple VM instance without Google Cloud integration, all daemons and scripts can be uninstalled by removing the packages:
$ apt-get remove python-google-compute-engine python3-google-compute-engine \
google-osconfig-agent google-compute-engine-oslogin
I think it's good to at least remove the google-osconfig-agent
package and get rid of the google_osconfig_agent
daemon running in the background. The package can be re-installed before enabling OS Login.
Each daemon can also be disabled separately:
$ systemctl disable google-accounts-daemon.service