So I'm currently really new to google cloud platform and I have an issue to be solved.
I've already created a compute engine in gcloud. When it was created, it automatically assigned an external IP. I'd prefer the instances to not have any external IP.
I saw that you could put --no-address argument when creating the instances so it wouldn't be assigned an external IP, but how to release the external IP when the instance has already created?
> gcloud compute addresses list
NAME REGION ADDRESS STATUS
webserver europe-west1 130.211.70.XXX IN_USE
gcloud compute addresses delete 130....
Or use use 'network' tab in the web interface if it's a one-off need.
Related
I was trying to create a new VM instance and instead of creating a Static External IP, i wrongly created a Static Internal IP. When i do
gcloud compute addresses list
I get my internal IP listed. Then i use:
gcloud compute addresses delete [address-name]
It asks for confirmation to delete. But once I type 'Y' as a confirmation, I get the following error stating that the resource itself is not found:
ERROR: (gcloud.compute.addresses.delete) Could not fetch resource: - The resource "[MY_RESOURCE_NAME]" was not found
I am confused. I hope I am not being charged for this.
If you want to delete a static internal IP address from a GCP Instances you could use the following documentaion and do it with the Cloud Console:
Go to the VM instances page.
Select your project.
Select the VM instance from the project list.
Select the Edit tool at the top of the page.
Click the edit tool for Network Interfaces.
Change the Internal IP type from Static to Ephemeral.
Select Release to release your static IP address.
Click Done to save your changes.
Your instance continues to use the static IP address until the
instance is deleted or restarted. After that occurs, the IP address is
returned to the subnet's default pool of available internal IP
addresses.
I need to get new external IP address every time when I recreate my instance.
Current implementation may use previous ips.
How can I achieve the goal with static or ephemeral ips?
Or how can I get GCE ips pool?
I am adding bellow information with Kolban.
For the external IP Google cloud has two categories:
Static external IP addresses
Ephemeral external IP addresses
The basic difference between these two are Static one is long term assignment until hey are explicitly released from that assignment, and remain attached to a resource until they are explicitly detached. Where, Ephemeral remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is stopped, any ephemeral external IP addresses that are assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects.
As you are wishing for the new IP address for your instance, it seems Ephemeral external IP addresses is a better choice. But you can use the Static external IP addresses to create an IP pool anyway and rotate your reserved static external IP address, which has cost implications.
The external IP are configured in the accessConfigs. You can see accessConfigs if you describe your instance by below command in cloud shell.
$ gcloud compute instances describe [INSTANCE_NAME] --zone=[ZONE]
You can create a new VM and assign a static IP with the help of the Document and below command.
$ gcloud compute instances create [INSTANCE_NAME] --private-network-ip [IP_ADDRESS]
OR
You can change or assign an external IP in your existing VM following the steps of the document (GCLOUD), which are:
[Optional] Reserve a static external IP address (if you want to have the reserve external IP and this has cost implications).
Delete existing access configs.
Add the new external IP address.
When you create a Compute Engine instance and give it a public IP address you have two choices for that IP. It can either be ephemeral ... this means that the IP address is assigned (randomly) by Google and may change the next time the Compute Engine is restarted. The alternative is that it is static. These are IP addresses that Google fixes for you and are explicitly yours until you release them. There is no charge for a static IP address if it is actively being used (eg has a Compute Engine running that is using it). However if unused, you are charged 24 cents a day (1 cent an hour).
If, for some reason, you need a new IP address for a compute engine on demand, you can reserve a new static IP address and associate that with your compute engine.
See also:
Reserving a static external IP address
I'm trying to set up read/write access to a Cloud Storage bucket from a GCE instance, using a service account, but don't get the permissions. I have done the following:
Created service account, let's say 'my-sa'
Created a bucket, let's say 'my-bucket'
In IAM console for my project, assign role 'Cloud Storage admin' to service account
Created a new GCE instance via the console, assigned to service account 'my-sa'. Access scope is then automatically set to cloud-platform
Connect to instance using gcloud compute ssh as my user (project owner)
Run gsutil ls gs://my-bucket
Expected behaviour: get list of items in bucket
Observed behaviour:
gsutil takes about 5 seconds to think, then gives:
AccessDeniedException: 403 my-sa#my-project.iam.gserviceaccount.com does not have storage.objects.list access to bucket my-bucket.
Things I've tried:
gcloud auth list on the instance does show the service account, and shows it as being active
I've added more permissions to the service account (up to project owner), doesn't make a difference
I also can't use other permissions from the instance. When I give Compute Engine Admin role to the service account, I can't run gcloud compute instances list from the instance
I've removed the .gsutil dir to make sure the cache is cleared
With the default Compute Engine service account, I can list the buckets, but not write (as expected). When I add the Cloud Storage read/write access scope from the console, I can also write
I really don't have a clue on how to debug this anymore, so any help would be much apprreciated
I'm trying to build a webserver in Google Cloud Platform that hosts multiple websites (GBP, IE, FR, DK etc.)
Generally, we assign a range of IPs to the server statically, set the bindings in IIS, then loadbalance using a virtual IP.
It seems near enough impossible to assign another internal IP in GCP. Lots of guides about additional external IPs, but we don't want a public facing webserver like this.
Anybody have any idea on how to add additional internal IPs to a VM / Instance?
Also, I have tried changing the internal address I have assigned to the Instance to static in network adapter settings, next thing I know I can't access my VM for love nor money, had to delete and re-create. If I go into advanced settings to add additional static IPs, w'ere set to DHCP apparently, so can't add additional IPs.
Thanks all.
Answer that I recieved from GCE discussion group, in Google Groups:
"You can add additional internal IP addresses to a VM instance. This is possible by enabling IP forwarding for the VM, creating a static network route, adding appropriate firewall rules, and setting additional internal IP addresses to network adapter of Windows. These steps are described in this article for Linux machines (https://cloud.google.com/compute/docs/networking#set_a_static_target_ip_address). The same steps are valid for Windows VMs. You will need to keep the initial internal IP address, subnet mask, gateway address and DNS settings of the adapter and manually enter them in properties of IPv4 of the network adapter. The below is a screenshot of my configuration on a VM instance (Windows 2008 R2) that perfectly works."
Update:
Now, you can create instances with multiple network interfaces On Google Compute Engine and assign IPs. For more information, refer to this public documentation link. However, currently it has following limitations:
Alias IP ranges are not supported on any network interface on a VM
that has multiple network interfaces enabled.
You cannot modify or delete the network interfaces after the VM has
been created.
Need to submit dataflow job from an existing GCE VM in google cloud, learned that there has to be one service account with proper scope to be attached to that VM when the VM is created, what if VM already existed? how to attach a service account to an existing vm?
According to the GCE docs you cannot change the attached service account after instance creation:
After you have created an instance with a service account and specified scopes, you cannot change or expand the list of scopes.
See
https://cloud.google.com/compute/docs/authentication#using
for more details.
However if you don't want to recreate your VM you should be able to create a service account and authenticate to that using a private key, as described in the following:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
This is likely less convenient than the using a VM service account because you'll need to manage the private key and authentication yourself.