Before You Start

Be sure you are familiar with the information in this chapter before starting to use the NVIDIA GPU Cloud Image on the Google Cloud Platform (GCP).

Prerequisites

These instructions assume the following:

  • You have a Google Cloud account - https://console.cloud.google.com/ .

  • You have installed the gcloud SDK if you plan to use the CLI. See setup instructions below.
  • You have SSH keys; see setup instructions below.
  • Windows Users: The CLI code snippets are for bash on Linux or Mac OS X. If you are using Windows and want to use the snippets as-is, you can use the Windows Subsystem for Linux and use the bash shell (you will be in Ubuntu Linux).

Additionally, if you plan to access locked NGC containers, you will need to perform the following steps from the NGC website (see NGC Getting Started Guide)
  • Signed up for an NGC account at https://ngc.nvidia.com/signup.
  • Created an NGC API key for access to locked containers within the NGC container registry.
  • Browsed the NGC website and identified an available NGC container and tag to run on the VMI.

About Shared Projects

Shared projects allow multiple users to access any virtual machine instance created within the project. This means other users within the project could establish an SSH connection to your instance. To keep your VM instance and SSH key private, create a private project and then create and launch your VM instances from within your private project.

Setting Up SSH Keys

The Google Compute Engine generates and manages an SSH key automatically for logging into your instance (see the Google Cloud documentation Connecting to Instances.). However, to facilitate logging into the NGC container registry upon the initial connection to the VM instance, you need to

  1. Generate your own SSH keys (see Creating a new SSH key for instructions), and then
  2. Add them to the metadata for your project (see Adding or Removing Project-Wide Public SSH Keys for instructions).
If you do not prepare your SSH keys before launching and connecting to your VM instance, you will not be able to access the NGC container registry initially. In that case you will need to
  1. Add yourself to the docker group after connecting to the instance.
    sudo usermod -aG docker $USER
  2. Restart the session.

Setting Firewall Rules

NVIDIA recommends setting firewall rules to allow external access to ports 443 (HTTPS), 8888 (DIGITS), and any other ports that may be needed. This should be done before launching an instance to avoid having to stop the instance when setting any firewall rules later.

Note:

You can specify that HTTPS traffic be allowed using the VM Instance Details page, but changing that setting also requires that the instance be stopped.

  1. Log in to https://console.cloud.google.com
  2. Verify you are in the correct Project.
  3. Click the Products and Services menu icon, then scroll down to the Networking section and click VPC Network->Firewall Rules.

  4. Click Create Firewall Rule.
  5. Enter the following information to specify the firewall rule you want to create.
    • Name: NVIDIA recommends the following naming format

      For HTTPS: “default-allow-https”

      For DIGITS: “default-allow-digits”

      You can also create rules for other DIGITS versions, such as DIGITS4

    • Direction of traffic: "Ingress"
    • Action on match: "Allow"
    • Targets: "All instances in the network"
    • Source filter: "IP ranges"
    • Source IP ranges: "0.0.0.0/0"
    • Protocols and ports: "Specified protocols and ports", then enter

      For HTTPS: “tcp:443”

      For DIGITS: “tcp:8888”

      You can enter ports for other DIGITS versions as well

  6. Click Create.

    Your new firewall rules should appear on the Firewall Rules page.