GCE Autoscale Instance Groups Error - google-compute-engine

I am trying to setup an autoscaler with the "Compute Engine default service account" and receiving an error when it tries to create VMs.
Instance 'instance-group-1-7wsz' creation failed: Required 'compute.disks.create' permission for 'projects/[redacted]' (when acting as '[redacted]#cloudservices.gserviceaccount.com')
Instance 'instance-group-1-hw12' creation failed: Required 'compute.instances.setTags' permission for 'projects/[redacted]/zones/us-east1-b/instances/instance-group-1-hw12' (when acting as '[redacted]#cloudservices.gserviceaccount.com')
GCE Error:

Fixed it by just creating a new project. I didn't even think of that.

I think it's a bug in GCE in that the IAM account it's trying to use is not configured. To work around this:
On your Google Developer Console.
Go to "IAM & Admin -> IAM".
Click "Add".
Add as member the-ID-shown-in-the-error-message#cloudservices.gserviceaccount.com and select the Roles "Project->Editor".
Click "Add".

Related

Request had insufficient authentication scopes on terraform when creating gcp mysql

Keep getting this error:
Error, failed to create instance group-database-instance: googleapi: Error 403: Request had insufficient authentication scopes.
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
I have added a service account with editor permissions to use all gcp resources and added directed terraform to a credentials file generated.
Would this be an error in the code or something else?
Based on the error message you have provided and the task you would like to accomplish, it would seem that you might need to add a scope when creating your instance.
To use the Google Kubernetes Engine API for a GCE virtual machines, you will need to add the Cloud Platform Scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
Additionally, if you are using the gcloud command-line, you can follow along with something like:
gcloud compute instances create NAME --scopes=https://www.googleapis.com/auth/cloud-platform
If you are using the Cloud Console UI, when you are creating a VM instance, look for the "Identity and API access" section, and select "Allow full access to all Cloud APIs".

gcloud compute vpn-tunnels describe [NAME] doesn't all details of a vpn-tunnel

Once you have a vpn tunnel up and running there does not appear to be a method to view all the details of the tunnel from either the Google Cloud Console or the gcloud command line. Specifically the route policies that were configured when the tunnel was initially setup are missing from the describe.
Is there a method to see this information?
This a known behavior. The Developers Console doesn't set the remoteTrafficSelector when creating the tunnels through it.
The Developers Console creates the necessary routes and shows the "Remote ranges" based on them.
The workaround is to create the VPN tunnels using the Compute API or Cloud SDK with the following command:
gcloud compute vpn-tunnels create NAME --region=REGION --peer-address=PEER_ADDRESS --shared-secret=SHARED_SECRET --target-vpn-gateway=TARGET_VPN_GATEWAY --local-traffic-selector=CIDR --remote-traffic-selector=CIDR
You can click on the star icon in the Public Issue Tracker to get updates when there is any progress on it.
Note: This doesn't have any impact on the VPN tunnel functionality.

Google Cloud Service Account Not Found

Our team is trying to troubleshoot an issue we have been encountering with service accounts. The service account we are using is able to create a disk and IP address, however an error is thrown when an instance request is created. All resources can be listed (ie. networks, snapshots, etc.). I have attached a small console snippet below.
The service account is successfully authenticated with JSON key given to me. I have tried altering permissions of the service account and created a new key.
Any assistance is greatly appreciated.
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/zones/asia-east1-c/disks/dev-josh-ui-test-08].
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/regions/asia-east1/addresses/dev-josh-ui-test-08-ip].
ERROR: (gcloud.compute.instances.create) Some requests did not succeed:
- The resource '<ID>-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
I was able to get the exact error provided:
The resource '-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
by deleting my default compute service account and attempting to create an instance through the Cloud Shell, so I assume this is the issue.
If the default compute service account was somehow deleted, if has been less than 30 days, you can restore it using: gcloud beta iam service-accounts undelete [ACCOUNT_ID]
https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting
After this, you will have to go into https://console.cloud.google.com/apis/dashboard and disable and re-enable the compute engine API. This will take a few moments, but after the GCE API is re-enabled you should be able to create VMs through the Cloud Shell again and I was able to reproduce this.
On https://console.cloud.google.com/apis/dashboard disable the "google compute engine API" and after enable it again.
The enabling also creates some additional setup that is needed to use the API. Those resources could have been deleted by accident beforehand.
You might need to have some patience and wait a minute or two between disabling and enabling.

Error when execute gcloud

I have error when I run google cloud command, this is the error message which I get
$ gcloud compute instances list
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS
ERROR: (gcloud.compute.instances.list) Some requests did not succeed:
- Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.
I have two machine running and I already updated to new version.
I don't know if you are encountering this problem, but if you specify the project name instead of the project ID when you do "gcloud config set project " then you will currently get the "Access Not Configured" error. I've pointed it out on the #gcloud IRC so hopefully it gets fixed. There may be other issues like this so it is best to ensure your parameters are sane.
If your project hasn't been marked for abuse and/or deletion, you have to enable 'Google Compute Engine' API in the Developers Console to solve the problem.
Configure your project using following command
gcloud config set project <project-id>
This is the exact API we need to enable in order to get rid of this error
Compute Engine API

Google cloud VM Instance DNS error

I am having a bit of an issue with the VM Instances on google cloud. I installed and set up apache and a website with it but now I am trying to configure a custom domain and when I try to add it in SSH I get the following error:
ERROR: (gcloud.dns.managed-zone.create) ResponseError: status=403, code=Forbidden, reason(s)=insufficientPermissions
message=Insufficient Permission
I have also tried the directions at the following https://cloud.google.com/appengine/docs/domain and am getting a 404 not found error on my domain. Any help would be greatly appreciated.
You say you are having an issue with a VM instance and are trying to set up a custom domain. Those two are in very different realms. VM instances are under Compute Engine (except for Managed VMs, which live under App Engine, but that is beside the point). Custom Domains are features just of App Engine.
What do you mean that you are trying to "add it in SSH"? Did you mean DNS? If so, see my answer below.
What command are you running to get ERROR: (gcloud.dns.managed-zone.create) ResponseError: status=403, code=Forbidden, reason(s)=insufficientPermissions message=Insufficient Permission?
The docs apply to App Engine, not Compute Engine. That you are getting a 404 error is no surprise if you don't also have a corresponding app running in App Engine.
If you are trying to create a DNS hostname for a web site hosted on a VM instance on Compute Engine, I recommend that you either (a) use a static IP address and a static A record pointing to it, or (b) use an ephemeral IP address and set up a dynamic DNS A records pointing to it. (I use freedns.afraid.org for my DDNS.)