So I have a command like this that should create the instance template and give it the "cloud-platform" scope (which should give full access according to docs):
gcloud compute instance-templates create "webserver-template"\
--source-instance=webserver --source-instance-zone=us-east4-c\
--configure-disk=instantiate-from=custom-image,custom-image=projects/myproject-dev/global/images/webserver-image,device-name=webserver\
--network=vpc-dev --scopes=cloud-platform
However, GCP seems to ignore that scope and assigns the default ones instead. Am I missing something here? I did go to an instance template in the GCP UI and created a new one based on it, and specified the option to "Allow full access to all Cloud APIs". When I then use gcloud to describe that template, the scope is "cloud-platform" as it should be. I just can't figure out how to do it all in one gcloud command.
EDIT: I also tried "--scopes=https://www.googleapis.com/auth/cloud-platform"
The problem is the scopes command-line option. Change to
--scopes=https://www.googleapis.com/auth/cloud-platform
I figured out what was going on. As you can see in my original question, I'm specifying the flag "--source-instance". And according to the docs:
The name of the source instance that the instance template will be created from.
You can override machine type and labels. Values of other flags will be ignored and values from the source instance will be used instead.
So the scopes flag was rightfully being ignored, and my source instance had the more limited scopes assigned to it.
Related
So I have been trying to create an Ansible playbook which creates a new instance to GCP and create a test file inside that instance. I've been using this example project from Github as template. In this example project, there is ansible_hosts -file which contains this host:
[gce_instances]
myinstance[1:4]
but I don't have any idea what it is doing actually?
The fragment your provided is Ansible technology and not actually related to anything GCP specific. This is a good reference doc: Working with Inventory.
At a high level,
[gce_instances]
myinstance[1:4]
the hosts file defines the machine identities against which Ansible is to execute against. With the hosts file, you can define groups of hosts to allow you to apply ansible playbooks to subsets of hosts at a time.
In the example, a group is created that is called gce_instances. There is nothing special or magic about the name. It isn't any kind of key word/phrase special to our story.
Within a group, we specify the hostnames that we wish to work against.
The example given is a wild-card specifier and simply short-hand for:
[gce_instances]
myinstance1
myinstance2
myinstance3
myinstance4
I am trying to set a new template for an GKE instance group as proposed by this tutorial, but getting the following error:
I copied an existing template, just modified a label on it, saved it and then run:
$ gcloud compute instance-groups managed set-instance-template gke-some-nodepool1-1436e076-grp --template gke-some-nodepool1-7bdaa55f-1 --zone=us-east4-b
ERROR: (gcloud.compute.instance-groups.managed.set-instance-template) Could not fetch resource:
- Invalid resource usage: 'Secondary ranges specified in InstanceTemplate must be the same as already set on Instance Group Manager. Expected: sre-inception-cluster-range Actual: '.
It turns out that the new (cloned) template does NOT have the Alias IP Ranges field set (as does the original template).
Seems like as bug on the template copying mechanism?
If you are using VPC-Native clusters, you'll notice that there is a "Alias IP ranges" field that does not specify a specific range. When you copy the template, rather than keeping the same value, the field is change to select a corresponding subnet. You'll have to manually change this field to match the value of the original template.
This may be a limitation of how the "copy template" function works, but it's definitely unexpected. Worth filing a case with Google support using the Public Issue Tracker
I am trying to create a cloudsql instance with the following command:
gcloud beta sql instances create sql-instance-1 --tier=db-f1-micro --region=asia-south1 --network=default --storage-type=HDD --storage-size=10GB --authorized-networks=XX.XXX.XX.XX/XX
The instance sql-instance-1 is something I need not running all the time. So I create an sqldump file and when I need the database I create it. When I run this command it fails with the following error
ERROR: (gcloud.beta.sql.instances.create) Resource in project [my-project-id] is the subject of a conflict: The instance or operation is not in an appropriate state to handle the request.
From what I understand the gcloud is complaining that instance name was used before although the instance is already deleted. When I change the name to a new unused name the command works fine. The problem with this is I need to give a new name every time I re-create the instance from the dump.
My questions are:
Is this expected behavior i.e. should name of cloud-sql instance be unique and not used before within a project.
I also found that --network option is not recognized with gcloud. Seems to work only with gcloud beta as explained here. When is this expected to become GA?
This is indeed expected behaviour. From the documentation:
You cannot reuse an instance name for up to a week after you have
deleted an instance.
Regarding the --network flag and it's schedule for GA, there is no ETA for its release outside of beta. However, it's release will be listed in the Google Cloud SDK Release Notes, which you can get updates from by subscribing to the google-cloud-sdk-announce group
How do we create Launch configurations in cloudformation with specific name.? I looked at the docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-launchconfig.html, there is no property that sets the name of the launch configuration that we create in template.
Is there any way?
You should not try to name the LaunchConfiguration yourself, as cloudformation need to setup its own name to be able to update it later.
Usually, the LauchConfiguration will be named according to the stack and resource name from the template, something like: {stack-name}-{resource-name}-{AWS-generated-id}, this gived me for example: amp-g2g-preprod-api-ec2-ApiLaunchConfiguration-1PQ85HXBX7DVC.
If you need to reference anywhere else your LaunchConfiguration, use {"Ref":"..."} from within the template, or use output export/import from another template.
I wish to keep instance type / VPC etc private for users using my cloudformation script. Does anyone know of a way to hide these parameters during the stack creation wizard?
I know echo keeps the values private, but is there a way for it all to not be displayed on screen.
Ideally it would ask for Stack name and the rest of the page would be blank.
For sensitive parameter values (such as passwords), set the NoEcho property to true. That way, whenever anyone describes your stack, the parameter value is shown as asterisks (*****).
Although in your case, this cannot prevent the user of checking the instance type inside their respective tabs. Probably is a better idea to restrict the access of users to confidential information using IAM policies.
You can use cloud formation macro do such thing, Macro will help you to transform your template at runtime.
https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/CloudFormation/MacrosExamples/Public-and-Private-Subnet-per-AZ