In order to have good security and risk mitigation practices, only a subset of our application engineers have access to managed instances. If you need to access logs for these customers, post in our #customer-support-internal Slack channel and @ mention Jason, and Mariam. One of them can help!
A quick note before reading the rest of this page: Customers with managed instances cannot pull their own logs, and in many cases, the customer we’re dealing with is not a site-admin, so they can’t access site-admin priveleges either.
Please make absolute sure regardless of the customer, that they are not working with a managed instance. If they are, and you are unaware, asking for logs may end up sounding like a silly question to them, and cause the customer to lose confidence in our ability as Application Engineers. If you are unsure after looking through salesforce and looker whether a customer does or does not have a managed instance, please reach out toJason or Mariam and they will be able to confirm for you.
If you are an application engineer being trained to work with managed instances, read ahead.
To fully access managed instances, follow these docs
After you’ve followed the docs in the ‘required access’ section and received the access to all necessary credentials, reach out to Jason or Mariam to set up a thirty minute tutorial that will take you through the most important aspects of accessing managed instances.
If all of us happen to be outside of working hours when you need a tutorial, watch this video as a supplement. That said, it would still be good to schedule some time to meet with one of us when we’re back online.
To work with managed instances, you’ll need acccess to Sourcegraph’s Google Cloud Console and access to all managed instances therein. Reach out to #it-tech-ops to request access to the “gcp-managed” group.
Next, you’ll need to install the Google Cloud Platform (GCP) SDK locally. Instructions for doing so can be found here. Pay close attention to the troubleshooting tips in this link, as you are likely to run into a few minor snags along the way.
To check and see if you’ve installed the GCP SDK correctly, enter the command
gcloud version in your terminal. It should return the current version of your SDK. If so, congratulations. You now have the ability to start up virtual machines for each managed instance, and begin debugging.
Next, read the managed instances operations page in its entirety. This provides direction for using the gcloud in the command line to debug managed instances, and is absolutely necessary reading. Bookmark the page. You will revisit it often.
In general, this is not advised. While you will have access to every instance managed by Sourcegraph, we want to limit this approach in order to maintain the privacy of our customers. However, if other approaches fail to resolve an issue, this is an option.
Should you find yourself in a situation where you need to login to a customer’s instance directly, make sure you inform the customer before you do so, and provide thorough and clear context for your reasoning behind needing to do so. Be completely transparent about your intentions so that you and the customer are on the same page.
It is important to do everything we can to solve issues with managed instances ourselves, but realistically, this won’t always be the case. As a general reminder, if you are stuck on an issue, always engage your CS teammates first. Specifically, reach out to Jason or Mariam and request help. If they can’t figure out what’s going on, work with them to engage the cloud-devops team in the way they’ve asked here.
To be clear, there is nothing wrong with engaging the cloud-devops team, as long as it is the last step in our process towards finding a solution, and that it only be taken when absolutely necessary.