I have error when I run google cloud command, this is the error message which I get
$ gcloud compute instances list
NAME ZONE MACHINE_TYPE INTERNAL_IP EXTERNAL_IP STATUS
ERROR: (gcloud.compute.instances.list) Some requests did not succeed:
- Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.
I have two machine running and I already updated to new version.
I don't know if you are encountering this problem, but if you specify the project name instead of the project ID when you do "gcloud config set project " then you will currently get the "Access Not Configured" error. I've pointed it out on the #gcloud IRC so hopefully it gets fixed. There may be other issues like this so it is best to ensure your parameters are sane.
If your project hasn't been marked for abuse and/or deletion, you have to enable 'Google Compute Engine' API in the Developers Console to solve the problem.
Configure your project using following command
gcloud config set project <project-id>
This is the exact API we need to enable in order to get rid of this error
Compute Engine API
Related
Keep getting this error:
Error, failed to create instance group-database-instance: googleapi: Error 403: Request had insufficient authentication scopes.
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
I have added a service account with editor permissions to use all gcp resources and added directed terraform to a credentials file generated.
Would this be an error in the code or something else?
Based on the error message you have provided and the task you would like to accomplish, it would seem that you might need to add a scope when creating your instance.
To use the Google Kubernetes Engine API for a GCE virtual machines, you will need to add the Cloud Platform Scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
Additionally, if you are using the gcloud command-line, you can follow along with something like:
gcloud compute instances create NAME --scopes=https://www.googleapis.com/auth/cloud-platform
If you are using the Cloud Console UI, when you are creating a VM instance, look for the "Identity and API access" section, and select "Allow full access to all Cloud APIs".
From my workstation I can fire templated Dataflow jobs with the gcloud dataflow jobs command. The required authorization to insert a new job come from my workstation where I'm logged in.
On the Compute Engine instance I rely on it's service account. The one with (number)-compute#. Within the AIM section I enabled Dataflow/Dataflow Admin, Dataflow/Dataflow Developer and Dataflow/Dataflow Worker for this service account to be safe.
I even added Cloud Dataflow Service Agent when I came across that one.
Then I try to start a Dataflow from the command line but I get an error about insufficient authentication scopes: ERROR: (gcloud.dataflow.jobs.run) PERMISSION_DENIED: Request had insufficient authentication scopes.
If I do a gcloud config auth and login with my personal account, of course, it works.
Somehow I'm missing the proper permissions to set to the applied service account.
Is there a guideline I missed? Can somebody please point me into the right direction?
The error message indicates that the instance does not setup access scope properly. To launches a job from a GCE VM, the VM must have compute.read-only, compute, or cloud-platform scope for the project.
The way to verify it is using the command "gcloud compute instances describe --zone=[zone][instance]" and look for "scopes".
This document and this existing question may provide useful guidelines for you.
Our team is trying to troubleshoot an issue we have been encountering with service accounts. The service account we are using is able to create a disk and IP address, however an error is thrown when an instance request is created. All resources can be listed (ie. networks, snapshots, etc.). I have attached a small console snippet below.
The service account is successfully authenticated with JSON key given to me. I have tried altering permissions of the service account and created a new key.
Any assistance is greatly appreciated.
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/zones/asia-east1-c/disks/dev-josh-ui-test-08].
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/regions/asia-east1/addresses/dev-josh-ui-test-08-ip].
ERROR: (gcloud.compute.instances.create) Some requests did not succeed:
- The resource '<ID>-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
I was able to get the exact error provided:
The resource '-compute#developer.gserviceaccount.com' of type 'serviceAccount' was not found.
by deleting my default compute service account and attempting to create an instance through the Cloud Shell, so I assume this is the issue.
If the default compute service account was somehow deleted, if has been less than 30 days, you can restore it using: gcloud beta iam service-accounts undelete [ACCOUNT_ID]
https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting
After this, you will have to go into https://console.cloud.google.com/apis/dashboard and disable and re-enable the compute engine API. This will take a few moments, but after the GCE API is re-enabled you should be able to create VMs through the Cloud Shell again and I was able to reproduce this.
On https://console.cloud.google.com/apis/dashboard disable the "google compute engine API" and after enable it again.
The enabling also creates some additional setup that is needed to use the API. Those resources could have been deleted by accident beforehand.
You might need to have some patience and wait a minute or two between disabling and enabling.
After I’ve deleted some values (do not remember which) in my project configuration (in the Developer Console) I cannot deploy an app to a Compute Engine instance. I’ve deployed the same code using the same configuration dozens of times successfully but after deleting some values in the Developer Console or doing some other adjustments that I considered minor, the deployment, using Maven plugin v2.0.9.95.v20160203, fails with
[INFO] Beginning deployment...
[INFO] WARNING: If this is your first deployment, please try again.
[INFO] ERROR: (gcloud.preview.app.deploy) Server responded with code [400]:
[INFO] Bad Request Unexpected HTTP status 400.
[INFO] Failed Project Preparation (app_id='s~some-id'). Error retrieving the App Engine service account.
[ERROR] Error: gcloud app command with exit code : 1
I run
mvn clean validate gcloud:deploy
Unlike in some other of my projects I do not have both of the accounts
App Engine default service account - some-id#appspot.gserviceaccount.com
Compute Engine default service account - some-id-compute#developer.gserviceaccount.com
…in my Permissions section but only the 2. account.
Maybe you deleted your App Engine service account. To create it again, you can go to the Permissions section of your project and add a new member with the email YOUR-PROJECT-ID#appspot.gserviceaccount.com (replace with your real project id) and "Can Edit" permissions.
Maybe you're not authenticated to your project anymore? Have you tried to reauthenticate using gcloud auth login?
If you're authenticated but happen somehow to delete default Google AppEngine service account (app_id#appspot.gserviceaccount.com), you won't be able to recreate them yourself. You will need to file a support ticket with Google and ask them to recreate the default service account for you.
Finally, you can create new project and deploy your application there but of course this comes at a price/time.
I am having a bit of an issue with the VM Instances on google cloud. I installed and set up apache and a website with it but now I am trying to configure a custom domain and when I try to add it in SSH I get the following error:
ERROR: (gcloud.dns.managed-zone.create) ResponseError: status=403, code=Forbidden, reason(s)=insufficientPermissions
message=Insufficient Permission
I have also tried the directions at the following https://cloud.google.com/appengine/docs/domain and am getting a 404 not found error on my domain. Any help would be greatly appreciated.
You say you are having an issue with a VM instance and are trying to set up a custom domain. Those two are in very different realms. VM instances are under Compute Engine (except for Managed VMs, which live under App Engine, but that is beside the point). Custom Domains are features just of App Engine.
What do you mean that you are trying to "add it in SSH"? Did you mean DNS? If so, see my answer below.
What command are you running to get ERROR: (gcloud.dns.managed-zone.create) ResponseError: status=403, code=Forbidden, reason(s)=insufficientPermissions message=Insufficient Permission?
The docs apply to App Engine, not Compute Engine. That you are getting a 404 error is no surprise if you don't also have a corresponding app running in App Engine.
If you are trying to create a DNS hostname for a web site hosted on a VM instance on Compute Engine, I recommend that you either (a) use a static IP address and a static A record pointing to it, or (b) use an ephemeral IP address and set up a dynamic DNS A records pointing to it. (I use freedns.afraid.org for my DDNS.)