This document provides an overview of the guest environment, which contains scripts, daemons, and binaries that instances need to run on Compute Engine.
The guest environment communicates with the metadata server, which is a per-instance HTTP server that runs alongside every Compute Engine instance. The metadata server provides the instance with essential configuration and operational data. For more information about the types of metadata that's stored on the metadata server, see VM metadata .
The guest environment is automatically installed on Compute Engine instances that are created by using most of the Google-provided public operating system (OS) images. Each OS image requires specific guest environment packages. These packages are built either by Google or the operating system distributor. For a full list of OS images that include the guest environment, see Operating system details .
Guest environment components
The following section describes the packages and services that enable an instance to communicate with Compute Engine.
The guest agent
The central component of the guest environment is the guest agent, which handles tasks like account management, OS Login integration, and network interface management. The guest agent is available for both Linux and Windows operating systems, with the following package names:
- Linux:
google-guest-agent - Windows:
google-compute-engine-windows
For detailed information about the guest agent, including its features, architecture, and how to manage the agent, see Guest agent .
Linux components
The base components of a Linux guest environment are deb
or rpm
packages. Compute Engine creates these packages with the appropriate configurations for the
supported distribution. To see the list of installed packages on your Linux
instance, connect to the instance, and run the command provided for your OS
version in the Installed packages by operating system version
table.
The Linux guest environment includes the following key packages.
google-guest-agent
This package is the guest agent for the Linux environment.
The Linux guest agent contains the scripts that run on the guest OS to support Compute Engine features. For detailed information about the guest agent, including its features, architecture, and how to manage the agent, see Guest agent .
- Reads data from and writes data to the VM metadata
- Sends logs to the serial port and optionally Cloud Logging
google-compute-engine
Contains the scripts and files required for system initialization and configuration.
This package contains the following:
- System init scripts for
systemd - System configurations, such as
udevrules,sysctlrules,rsyslogconfigs, anddhcpconfigs, that are used for hostname setting - Bash scripts that run during instance boot
- A
gce-resolved.conffile, introduced in October 2024, that ensures that domain lookups for.localCloud DNS domains route to the metadata server. Without this file, domain lookups route throughsystemd-resolved, which frequently fails.If your environment doesn't use
.localdomains, you can remove thegce-resolved.conffile if it conflicts with your existing configurations.
-
google-guest-agent -
google-compute-engine-oslogin
google-compute-engine-oslogin
This package contains the following:
- Authorized Keys Command : a command that uses the public SSH keys to authenticate users at login.
- Name Service Switch (NSS) Modules : a service that provides the OS Login user and group information to the system.
- Pluggable Authentication Modules (PAM)
:
a module that provides authorization (and authentication if two-factor support is
enabled) support. This module lets the system use Google Cloud
IAM permissions to control whether the system can log into
an instance or perform operations as root (with
sudo). -
google_oslogin_nss_cache: a utility for updating the local user and group cache. -
selinux: a package that contains SELinux policy definition files and a compiled policy package for configuring SELinux to support OS Login.
- Reads data from and writes data to the VM metadata
- Send logs to the serial port and optionally Cloud Logging
gce-disk-expand
google-osconfig-agent
Reads data from and writes data to the VM metadata
By default, the OS Config agent doesn't collect or send any information until you enable the OS Config agent . After you enable the agent, the agent communicates with the OS Config API service. To review the operations completed by the agent, see VM Manager audit logging .
Windows components
All Google-provided Windows OS images are preconfigured with the GooGet
tool and Google Cloud repositories. GooGet
installs
and maintains the guest environment for Windows instances. If you need
to install GooGet
and set up repositories, see Packaging
and package distribution
in the compute-image-windows
GitHub repository. To see
the list of installed packages on your Windows instance, connect to the instance and run googet installed
.
The Windows guest environment includes the following key packages:
google-compute-engine-windows
This package is the guest agent for the Windows environment.
The Windows guest agent contains the scripts that run on the guest OS to support Compute Engine features. For detailed information about the guest agent, including its features, architecture, and how to manage the agent, see Guest agent .
- Reads data from and writes data to the VM metadata
- Sends logs to the Windows Application Event Log, serial port, and Cloud Logging
google-compute-engine-sysprep
instance_setup.ps1
script that runs on first
boot to configure the new instance.- Reads data from and writes data to the VM metadata
- Sends logs to the Windows Application Event Log and serial port
google-compute-engine-metadata-scripts
- Reads data from and writes data to the VM metadata
- Reads data from Cloud Storage locations when the
sysprep-specialize-script-urlandwindows-startup-script-urlare used - Sends logs to the Windows Application Event Log, serial port, and Cloud Logging
google-compute-engine-powershell
google-compute-engine-auto-updater
Contains scripts that update the Compute Engine packages daily.
This package isn't installed by default. This approach lets you maintain the stability of your environment by controlling the update process. If your environment can tolerate updates without disruption, you can install this package to ensure your guest environment packages are updated automatically.
To install this package, use the following command: googet -noconfirm install google-compute-engine-auto-updater
- Reads data from VM metadata
- Calls the
GooGetagent to send logs to the Windows Application Event Log and console
google-compute-engine-diagnostics
GooGet
packages.cloud.google.com
google-compute-engine-vss
google-osconfig-agent
Reads data from and writes data to the VM metadata
By default the OS Config agent doesn't collect or send any information until you enable the OS Config agent . After you enable the agent, the agent communicates with the OS Config API service. To review the operations the agent completes, see VM Manager audit logging .
Contains several drivers to ensure proper functionality and performance
of instances. The GooGet
package manager manages these drivers and publishes them to Google Cloud repositories.
The following Compute Engine drivers are maintained for Windows OS images:
| Driver type | Driver package name |
|---|---|
| Ethernet adapter | google-compute-engine-driver-netkvm
|
| SCSI disk | google-compute-engine-driver-vioscsi
|
| Display adapter | google-compute-engine-driver-gga
|
| Crash handler | google-compute-engine-driver-pvpanic
|
| Virtio memory balloon driver | google-compute-engine-driver-balloon
|
| Google virtual NIC | google-compute-engine-driver-gvnic
|
To install or upgrade a specific driver, run the following command:
googet install DRIVER_PACKAGE_NAME
What's next
- Learn how to Install the guest environment .
- Learn about the guest agent .
