I run on google compute engine with container and every time I view the logs, I get many occurnces of:
Adding existing user root to google-sudoers group.
Updating keys for user root.
Error updating SSH keys for root: mkdir /root/.ssh: read-only file system.
Any Idea why and how to solve it?
Container-optimized OS (COS) images have a read-only root file system by design, the error message appears to be because a SSH key for root was added to the project’s metadata.
Once the root key is in the metadata database, the agent tries to update the keys for the user root, whose home directory is on the root file system, here is some more information about COS filesystem.
You can check the project’s metadata by running the following gcloud command:
gcloud compute project-info describe
Or by navigating to Metadata from the Console UI.
If you wish to remove the root key (it might not be the best approach as it might impact on the rest of the VMs in the project), you can follow this documentation on how to do it.
An alternative option would be to block project metadata ssh keys for the affected VMs.