I'm trying to get the introduction to spring cloud app working with an instance of Cloud Foundry that I'm running on my machine. I tried to push the app and I get this message:
Could not find service postgres-service to bind to hello-spring-cloud
So I started tracking down the postgres service. When I run cf marketplace, I get
service plans description
mongodb default MongoDB NoSQL database
postgresql default PostgreSQL database
rabbitmq default RabbitMQ message queue
redis default Redis key-value store
I try to create a service instance of the postgresql service and I get:
cf create-service postgresql default postgresql-service
Creating service instance postgresql-service in org xyz / space development as admin...
FAILED
Server error, status code: 500, error code: 10001, message: Service broker error: Not authorized
I have tried running cf create-service-auth-token postgresql core 123 but that didn't seem to help with the "Not Authorized" message.
I'm pretty new to Cloud Foundry so I'm a little lost. How do I get my the sample app to bind to the postgresql service?
update
Here are the permissions for the space:
Getting users in org xyz / space development as admin
SPACE MANAGER
admin
SPACE DEVELOPER
admin
** update 2: cf service-access **
$ cf service-access
Getting service access as admin...
Then shows nothing on the terminal. So I tried to enable service access...
$ cf enable-service-access postgresql
Enabling access to all plans of service postgresql for all orgs as admin...
All plans of the service are already accessible for all orgs
OK
But I still can't create the service.
Not sure if there was a resolution to that, but it looks like an issue with deployment of the service broker for PostgreSQL (auth creds for service broker).
It can be checked/updated via
cf service-brokers
cf update-service-broker ...
or via redeployment of the service (via tile in PCF/bosh or whatever way you use)
Related
We are getting this error on-and-off since 01/22 on Composer UI, the airflow dags seems to be running fine, the web UI however having the problem. Google cloud status page indicates there is no issue, changing browser or connection through other wifi / mobile hotspot doesn't help either. Not sure what's going on.
An internal server error occurred while authorizing your request. Error code 1
location: us-central1-c
version: composer-1.7.3-airflow-1.10.2
Cloud Composer is a managed workflow automation tool, so I don't think that you can address this issue directly.
For more context on what is happening, Cloud Composer architecture states that the Airflow Web Server is inside of a Tenant project, which is a isolated environment used for deploying managed services, this is for unified Cloud Identity and Access Management (IAM) access control and an additional layer of data security. Given that the error states that something is failing when authorizing, this issue may be related to the Cloud IAM service.
I recommend you to open a new case from the GCP console in the Support section, and ask for further assistance in this issue.
I receive an error message while attempting to deploy anything from the marketplace into a specific GCP project.
You must have a valid default service account in order to create a
deployment, but this account could not be detected. Contact support
for help restoring the account.
Things I've Tried:
Every VM from the marketplace shows the same error message
I can deploy regular VM instance
I can see there is an enabled service account for the project with the name "Compute Engine default service account".
I am able to deploy VM's from the marketplace into other projects under the same organization
I've contacted GCP Billing support and they cannot find anything wrong from a billing perspective
Researching online shows that others that have had this issue have just rebuilt the project. It appears that service account is created by default when the project is spun up.
I'm hoping there is another way around it as this project is a host for a shared VPC deployment. There are already other projects with deployed VM's that are utilizing the host projects networks.
Thank you!
Looks like you deleted a default service account.
As mentioned in one comment some can be recreated by disable/enable the corresponding API
Below are the default service accounts I have in my project, hope it helps you to find the root cause. (these service accounts let me deploy a wordpress solution depending on what you are trying to deploy you might need more service accounts)
PROJECT-NUMBER-compute#developer.gserviceaccount.com Compute Engine
default service account
PROJECT-NUMBER#cloudservices.gserviceaccount.com Google APIs Service
Agent
PROJECT-ID#appspot.gserviceaccount.com App Engine default service
account
service-ORG-ID3#gcp-sa-cloudasset.iam.gserviceaccount.com Cloud Asset
Service Agent
service-PROJECT-NUMBER#cloud-ml.google.com.iam.gserviceaccount.com Google
Cloud ML Engine Service Agent
service-PROJECT-NUMBER#compute-system.iam.gserviceaccount.com Compute
Engine Service Agent
service-PROJECT-NUMBER#container-engine-robot.iam.gserviceaccount.com Kubernetes
Engine Service Agent
service-PROJECT-NUMBER#containerregistry.iam.gserviceaccount.com Google
Container Registry Service Agent
service-PROJECT-NUMBER#dataflow-service-producer-prod.iam.gserviceaccount.com Cloud
Dataflow Service Account
service-PROJECT-NUMBER#service-networking.iam.gserviceaccount.com Service
Networking Service Agent
The service account was intact and had the same permissions as other service accounts for working projects.
We purchased and opened a case with GCP technical support. After a little more than a week of them troubleshooting the issues, they determined there was no way to correct the problem. Their root cause was that something happened during the initial project deployment that caused some backend configuration issues. For what its worth, the project was deployed using Terraform, but its uncertain if that was a factor.
After recreating the host project, we were able to deploy from the marketplace again successfully.
If you run into this problem, save yourself the hassle and time and just recreate the project.
I'm attempting to connect to a Google Cloud SQL instance via a MySQL client which requires me to connect via the Google Cloud proxy. I have followed all instructions on the Google Cloud Docs, yet after running the command to start the proxy (using correct INSTANCE_CONNECTION_NAME and PATH_TO_KEY_FILE), I receive the following error.
Command :
./cloud_sql_proxy -dir=/cloudsql -instances=INSTANCE_CONNECTION_NAME \ - credential_file=PATH_TO_KEY_FILE &
Error :
couldn't connect to "INSTANCE_CONNECTION_NAME": ensure that the account has access to "INSTANCE_CONNECTION_NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE_CONNECTION_NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 563584335869 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured
I have confirmed that the Google Cloud SQL API is enabled on the console for the project, but the weird thing is my project name is not 563584335869, and I have already set the correct project name via the GC CLI to no avail. So when visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869, I see:
The API "sqladmin.googleapis.com" doesn't exist or you don't have permission to access it
I also created a service account under the role Cloud SQL Client, and downloaded the private key which PATH_TO_KEY_FILE points to.
Can you confirm that you have enabled the "Cloud SQL API" (sqladmin.googleapis.com) and not "Cloud SQL" API? (sql-component.googleapis.com)?
Can you also give some more information as to your environment? Are you running this from your local machine or are you working in Cloud Shell?
I have an application which is already deployed to Pivotal Could Foundry/Pivotal Web Services. I need to connect the DB service which is running my local machine.
I can use the MySQL service (ClearDb) in my Application. But I need to use the local DB service due to some heavy load of the DB. Can I use "cf cups" ?
Thanks,
Mr.M
Yes, issue your cups command from the CLI:
cf cups sensordb -p “jdbUrl,user,password"
You will be prompted for the three parameters. Enter them in this format:
jdbcUrl: mysql://mymachine.domain.com:3306/demodb?reconnect=true
user: user
password: password
I'm trying to connect a GCE instance to a Cloud SQL instance (2nd gen) with Cloud SQL Proxy. When i ssh to the GCE instance and
sudo ./cloud_sql_proxy -dir=/cloudsql
I get
2016/07/13 18:59:28 Using gcloud's active project: xxxx-0000
2016/07/13 18:59:29 Error listing instances in xxxx-0000:
googleapi: Error 403: Access Not Configured.
Cloud SQL Administration API has not been used in project 000000000000
before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/sqladmin/overview?project=000000000000
then retry.
If you enabled this API recently, wait a few minutes for the action to
propagate to our systems and retry., accessNotConfigured
2016/07/13 18:59:29 no Cloud SQL Instances found in these projects: [xxxx-0000]
I have followed the documentations at
https://cloud.google.com/sql/docs/compute-engine-access#gce-connect-proxy and
https://cloud.google.com/sql/docs/sql-proxy
Both instances are within the same project and Cloud SQL API is enabled on the GCE instance (plus the default ones.) By my understanding, the default GCE service account should be able to authenticate the proxy.
Using cloud_sql_proxy with -instances seems to work but errors with accessNotConfigured too while trying to connect.
As per the error message, you need make sure that the "Cloud SQL Admin" API is enabled by visiting the provided link.
There's also a GUI way to connect your Compute Engine instance if you're using a 2nd gen GCloud SQL instance. You first get the external IP of your compute engine and include it in the Authorizations tab of your GCloud SQL dashboard. Here's a quick video
Enabling Cloud SQL Admin API will solve your problem: