Here’s the command to authenticate as a service account.
gcloud auth activate-service-account --key-file=key.json |
To log out.
gcloud auth revoke |
GCP Login Service Account
gcp
GCP Keep Disk
Keep your disks when a VM is deleted.
gcloud compute instances set-disk-auto-delete server --no-auto-delete --disk=server-disk-1 gcloud compute instances set-disk-auto-delete server --no-auto-delete --disk=server-disk-2 |
Invalid Credentials with gsutil
If you’re trying to access GCS (Google Cloud Storage) and you’re getting “Your credentials are invalid. Please run gcloud auth login”, you most likely have a previous key stored in the ~/.boto file. This happens if you previously configured gsutil with your own credentials, then switched over to Google SDK mode. To fix the invalid credentials, edit the ~/.boto file and comment out the auth key.
vim ~/.boto |
Comment out.
#gs_oauth2_refresh_token = <token redacted> |
Rerun the gsutil ls command. It should work.
GCP 400 Bad Request
After logging in, I tried to run Terraform in GCP and received this error:
oauth2: cannot fetch token: 400 Bad Request |
Here’s the fix. Login using application-default.
gcloud auth application-default login |
You can then Terraform.
terraform apply |
GCP Cloud Shell Vim Settings
I had an issue with using the backspace in Vim in GCP’s Cloud Shell. Every time I’m in the insert mode and I want to edit using backspace, it doesn’t delete the characters. It shows these characters “^?” instead. Well, it turned out to be a backspace setting that you can set within .vimrc. So, here’s my working setup.
colo desert syntax on set backspace=indent,eol,start |
- The first line uses the desert theme.
- The second line turns on syntax highlighting. It’s on by default.
- The third line fixes the backspace issue I mentioned above.
GCP Add New Route
Here’s how to add a new route in Google Cloud Platform.
gcloud compute routes create name-of-new-route \ --destination-range=200.20.0.0/15 \ --next-hop-gateway=default-internet-gateway \ --project=host-project \ --network="default" \ --priority=900 |
GCP List of SQL Instances
Here’s how to list SQL instances within your GCP project.
gcloud sql instances list --project your-project-id |
Output:
NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS database1 SQLSERVER_2017_STANDARD us-central1-a db-n1-standard-1 - 10.10.10.11 RUNNABLE database2 SQLSERVER_2017_STANDARD us-central1-c db-n1-standard-1 - 10.10.10.12 RUNNABLE |
GCP List of Projects
Here’s another way to list projects in a shared VPC.
gcloud compute shared-vpc list-associated-resources your-shared-host |
Output:
project1 PROJECT project2 PROJECT project3 PROJECT ... |
GCP Firewall Source Service Account
Here’s how to create a firewall from service account to service account.
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001 |
Instead of source-range, it’s using source-service-accounts.
Terraform GCP Instance
Here’s a Terraform script for launching an instance in Google Cloud Platform.
provider "google" { project = "project-id" region = "us-central1" zone = "us-central1-a" } resource "google_compute_instance" "wiki" { name = "wiki" machine_type = "n2-standard-1" zone = "us-central1-a" tags = ["web-server"] labels = { name = "wiki" environment = "development" } boot_disk { initialize_params { image = "centos-7-v20210122" } } network_interface { network = "default" access_config { } } service_account { email = "service-account@email.com" scopes = ["cloud-platform"] } } |
Here’s a few Terraform commands.
terraform init terraform plan terraform apply terraform destroy |