I'm trying to access my Google Compute Engine VM at 104.197.83.224. I tried to allow HTTP and HTTPS traffic but it errors out both times. It gives the error Invalid Fingerprint.
Could use some help. Thanks!
Also, although I haven't used my VM at all, I've gotten a bunch of requests on it. And its starting to charge me even though I'm not using it. How can I prevent that?
It sounds like you've stored a previous SSH key for that IP address in your ~/.ssh/known_hosts file. Check that file for entries that have the same IP address as your current instance and remove them.
Unfortunately, SSH assumes that IP addresses and SSH keys are assigned fairly statically (rather than using signatures from some central trust authority like SSL), which is a problem when you start to have cloud services which may assign the same IP address to different VMs several times during one day (if the VMs are started and shut down quickly, for example). I think that the gcloud ssh comm
Related
its second time when after reboot instance cannot connect to them via SSH. Before reboot all is working well. Can I use serial console, but not know the user and password.
In addition to the guide provided by #Kolban. When using serial console keep in mind that:
The interactive serial console does not support IP-based access
restrictions such as IP whitelists. If you enable the interactive
serial console on an instance, clients can attempt to connect to that
instance from any IP address. Anybody can connect to that instance if
they know the correct SSH key, username, project ID, zone, and
instance name.
More information you can find in the documentation Interacting with the Serial Console.
There're more ways to troubleshoot SSH connectivity then serial console. Have a look at the Troubleshooting SSH guide and Known issues for SSH in browser. In addition, Google provides a troubleshooting script for Compute Engine to identify issues with SSH login/accessibility of your Linux based instance.
In some cases, the cause of the connectivity problem could be running out of free space of you disk system. In this case update your question and I'll provide you extra instructions.
Currently I am using the native Cloud SQL instance that is getting billed against the same project. However to cut some cost, I intend to shift the databases to my other mysql sitting at my other hosting. But I need to put a static IP on the allowed hosts in order to make it work. I added the 4 hosts that they make you add as A records to point the domain. But it didn't work. I read about Sockets API.. but didn't really get it. It's confusing. How to make it work? putting those 4 IP in makes it workable once or twice randomly when once of those provided IP is active I guess but whenever some other IP from the pool gets active, it doesn't work!
Have you looked at Serverless VPC Access with VPC Access Connector as described here?
You should be able to use the VPC Access Connector Source IP CIDR range at your MySql end as allowed IP list.
However you must ensure the connection is secure with a VPN or interconnect.
Apologies if this is a bit basic:
I have a Google Compute Instance running Windows Server 2012 R2. It has a valid admin account and password (checked via gcloud). The external IP address can be pinged, the system has been stopped and started successfully. The gcloud commands execute successfully etc etc.
If I try to RDT in I get the unsuccessful message. If I use the RDT (Chrome) option in the Google Cloud Platform admin page I get this message:
In order to use the Chrome RDP Extension, you must configure VM
instance so that it has an external IP address, username and password.
Note: You must configure the network firewall to open TCP port 3389 to
enable RDP access.
Note that ALL of the above are correct and confirmed.
I am sort of going round in circles, I've tried to use powershell on a windows system to RDT in to no avail. Again, using the built in Bash serial access I can get to the system and, for example, retrieve the admin account and password, BUT RDT FAILS.
I have tried using the powershell command Enter-PSSEssion... and I initially got a winrm error, apparently the IP address needs to be in trustedhosts. Fixed that and now I am getting a message that I need to verify that winrm is running on the destination computer, catch 22, that's why I'm using winrm, to access the destination computer.
Any ideas what I might try next?
Thanks.....
create a rdp network tag for firewall rule, which allows tcp:3389 ingress and and then apply it to the instance in question... someone (assuming you're at work) might have removed/edited these rules trough the console or gcloud command.
I'm trying to establish a basic mysql connection from a google compute engine instance in one project to a google cloud sql instance (2nd generation) in a different project.
I've done this many times before without any problem. You simply add the ip address of the google compute instance to the list of authorized networks for the google cloud sql instance. This has always worked in the past but it is not working now.
The only thing that I can think of which is different about this situation is that I've recently been experimenting with using the cloudsql-proxy to establish a connection from a different gce instance to the same google cloud sql instance. Could this be the problem? Perhaps the google cloud sql instance is getting confused by having to support both connection mechanisms?
I just need the connection to work. Is there a work-around?
There isn't a problem using both modes of connectivity simultaneously.
The only thing I can think of is that you are accidentally using an ephemeral IP addresses for your VMs instead of static, which means the VM may have a different IP address than you expect (after a restart, for example).
If that's not the case, please send a mail to cloud-sql#google.com with a little bit more information (project and database name, project/name/ip of your VM) so that we can figure out what's going on in the backend.
I have deployed a hadoop cluster on google compute engine. I then run a machine learning algorithm (Cloudera's Oryx) on the master node of the hadoop cluster. The output of this algorithm is accessed via an HTTP REST API. Thus I need to access the output either by a web browser, or via REST commands. However, I cannot resolve the address for the output of the master node which takes the form http://CLUSTER_NAME-m.c.PROJECT_NAME.internal:8091.
I have allowed http traffic and allowed access to ports 80 and 8091 on the network. But I cannot resolve the address given. Note this http address is NOT the IP address of the master node instance.
I have followed along with examples for accessing IP addresses of compute instances. However, I cannot find examples of accessing a single node of a hadoop cluster on GCE, that follows this form http://CLUSTER_NAME-m.c.PROJECT_NAME.internal:8091. Any help would be appreciated. Thank you.
The reason you're seeing this is that the "HOSTNAME.c.PROJECT.internal" name is only resolvable from within the GCE network of that same instance itself; these domain names are not globally visible. So, if you were to SSH into your master node first, and then try to curl http://CLUSTER_NAME-m.c.PROJECT_NAME.internal:8091 then you should successfully retrieve the contents, whereas trying to access from your personal browser will just fail to resolve that hostname into any IP address.
So unfortunately, the quickest way for you to retrieve those contents is indeed to use the external IP address of your GCE instance. If you've already opened port 8091 on the network, simply use gcutil getinstance CLUSTER_NAME-m and look for the entry specifying external IP address; then plug that in as your URL: http://[external ip address]:8091.
If you turned up the cluster using bdutil, a more involved but nicer way to access your cluster is by running the bdutil socksproxy command. This opens a dynamic-port-forwarding SSH tunnel to your master node as a SOCKS5 proxy, so that you can then configure your browser to use localhost:1080 as your proxy server, make sure to enable remote DNS resolution, and then visit your browser using the normal http://CLUSTER_NAME-m.c.PROJECT_NAME.internal:8091 URL.