After I’ve deleted some values (do not remember which) in my project configuration (in the Developer Console) I cannot deploy an app to a Compute Engine instance. I’ve deployed the same code using the same configuration dozens of times successfully but after deleting some values in the Developer Console or doing some other adjustments that I considered minor, the deployment, using Maven plugin v2.0.9.95.v20160203, fails with
[INFO] Beginning deployment...
[INFO] WARNING: If this is your first deployment, please try again.
[INFO] ERROR: (gcloud.preview.app.deploy) Server responded with code [400]:
[INFO] Bad Request Unexpected HTTP status 400.
[INFO] Failed Project Preparation (app_id='s~some-id'). Error retrieving the App Engine service account.
[ERROR] Error: gcloud app command with exit code : 1
I run
mvn clean validate gcloud:deploy
Unlike in some other of my projects I do not have both of the accounts
App Engine default service account - some-id#appspot.gserviceaccount.com
Compute Engine default service account - some-id-compute#developer.gserviceaccount.com
…in my Permissions section but only the 2. account.
Maybe you deleted your App Engine service account. To create it again, you can go to the Permissions section of your project and add a new member with the email YOUR-PROJECT-ID#appspot.gserviceaccount.com (replace with your real project id) and "Can Edit" permissions.
Maybe you're not authenticated to your project anymore? Have you tried to reauthenticate using gcloud auth login?
If you're authenticated but happen somehow to delete default Google AppEngine service account (app_id#appspot.gserviceaccount.com), you won't be able to recreate them yourself. You will need to file a support ticket with Google and ask them to recreate the default service account for you.
Finally, you can create new project and deploy your application there but of course this comes at a price/time.
Related
I have a GitHub runner installed on an on-premise Windows Server 2016 that pickups up a Github action workflow. I installed the Runner as NETWORK SERVICE and have tried running it as other users out of desperation (Administrator, Local Service, Local System). Regardless of what user I have tried thus far, I get the following error:
ERROR ( message: The W3SVC service is not available - try starting the service first. )
I have verified that the service is running, and I am able to run the same command I have in my Github YAML file successfully from PowerShell on the on-premise machine. I have included the line from my YAML file below.
- name: Stop IIS Site and Pool
run: 'c:\windows\system32\inetsrv\appcmd.exe stop site "ORXApi1"'
Keep getting this error:
Error, failed to create instance group-database-instance: googleapi: Error 403: Request had insufficient authentication scopes.
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
I have added a service account with editor permissions to use all gcp resources and added directed terraform to a credentials file generated.
Would this be an error in the code or something else?
Based on the error message you have provided and the task you would like to accomplish, it would seem that you might need to add a scope when creating your instance.
To use the Google Kubernetes Engine API for a GCE virtual machines, you will need to add the Cloud Platform Scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
Additionally, if you are using the gcloud command-line, you can follow along with something like:
gcloud compute instances create NAME --scopes=https://www.googleapis.com/auth/cloud-platform
If you are using the Cloud Console UI, when you are creating a VM instance, look for the "Identity and API access" section, and select "Allow full access to all Cloud APIs".
From my workstation I can fire templated Dataflow jobs with the gcloud dataflow jobs command. The required authorization to insert a new job come from my workstation where I'm logged in.
On the Compute Engine instance I rely on it's service account. The one with (number)-compute#. Within the AIM section I enabled Dataflow/Dataflow Admin, Dataflow/Dataflow Developer and Dataflow/Dataflow Worker for this service account to be safe.
I even added Cloud Dataflow Service Agent when I came across that one.
Then I try to start a Dataflow from the command line but I get an error about insufficient authentication scopes: ERROR: (gcloud.dataflow.jobs.run) PERMISSION_DENIED: Request had insufficient authentication scopes.
If I do a gcloud config auth and login with my personal account, of course, it works.
Somehow I'm missing the proper permissions to set to the applied service account.
Is there a guideline I missed? Can somebody please point me into the right direction?
The error message indicates that the instance does not setup access scope properly. To launches a job from a GCE VM, the VM must have compute.read-only, compute, or cloud-platform scope for the project.
The way to verify it is using the command "gcloud compute instances describe --zone=[zone][instance]" and look for "scopes".
This document and this existing question may provide useful guidelines for you.
Our team is trying to troubleshoot an issue we have been encountering with service accounts. The service account we are using is able to create a disk and IP address, however an error is thrown when an instance request is created. All resources can be listed (ie. networks, snapshots, etc.). I have attached a small console snippet below.
The service account is successfully authenticated with JSON key given to me. I have tried altering permissions of the service account and created a new key.
Any assistance is greatly appreciated.
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/zones/asia-east1-c/disks/dev-josh-ui-test-08].
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/regions/asia-east1/addresses/dev-josh-ui-test-08-ip].
ERROR: (gcloud.compute.instances.create) Some requests did not succeed:
- The resource '<ID>-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
I was able to get the exact error provided:
The resource '-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
by deleting my default compute service account and attempting to create an instance through the Cloud Shell, so I assume this is the issue.
If the default compute service account was somehow deleted, if has been less than 30 days, you can restore it using: gcloud beta iam service-accounts undelete [ACCOUNT_ID]
https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting
After this, you will have to go into https://console.cloud.google.com/apis/dashboard and disable and re-enable the compute engine API. This will take a few moments, but after the GCE API is re-enabled you should be able to create VMs through the Cloud Shell again and I was able to reproduce this.
On https://console.cloud.google.com/apis/dashboard disable the "google compute engine API" and after enable it again.
The enabling also creates some additional setup that is needed to use the API. Those resources could have been deleted by accident beforehand.
You might need to have some patience and wait a minute or two between disabling and enabling.
I have error when I run google cloud command, this is the error message which I get
$ gcloud compute instances list
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS
ERROR: (gcloud.compute.instances.list) Some requests did not succeed:
- Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.
I have two machine running and I already updated to new version.
I don't know if you are encountering this problem, but if you specify the project name instead of the project ID when you do "gcloud config set project " then you will currently get the "Access Not Configured" error. I've pointed it out on the #gcloud IRC so hopefully it gets fixed. There may be other issues like this so it is best to ensure your parameters are sane.
If your project hasn't been marked for abuse and/or deletion, you have to enable 'Google Compute Engine' API in the Developers Console to solve the problem.
Configure your project using following command
gcloud config set project <project-id>
This is the exact API we need to enable in order to get rid of this error
Compute Engine API