I’m having trouble logging in using Google SDK Compute SSH on a Mac Terminal.
Here’s the fix.
gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1 |
There was an issue with a redirect to another shell.
cloud engineer
I’m having trouble logging in using Google SDK Compute SSH on a Mac Terminal.
Here’s the fix.
gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1 |
gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1
There was an issue with a redirect to another shell.
Occasionally I was getting this random error when running Terraform.
╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" { |
╷ │ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: RequestError: send request failed │ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer │ │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on main.tf line 10, in provider "aws": │ 10: provider "aws" {
Here’s the fix. Place this in your ~/.bash_profile.
export AWS_SDK_LOAD_CONFIG=1 |
export AWS_SDK_LOAD_CONFIG=1
This forces Terraform to use both config and credentials file.
You can run a gcloud commands in a Docker container.
docker run -ti --name gcloud-config google/cloud-sdk gcloud auth login |
docker run -ti --name gcloud-config google/cloud-sdk gcloud auth login
Create an alias.
alias gcloud='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gcloud' |
alias gcloud='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gcloud'
Run the command.
gcloud --version Google Cloud SDK 348.0.0 alpha 2021.07.09 app-engine-go 1.9.71 app-engine-java 1.9.90 app-engine-python 1.9.93 app-engine-python-extras 1.9.93 beta 2021.07.09 bigtable bq 2.0.70 cbt 0.10.0 cloud-datastore-emulator 2.1.0 cloud-firestore-emulator 1.13.0 cloud-spanner-emulator 1.2.0 core 2021.07.09 datalab 20190610 gsutil 4.65 kpt 0.39.3 local-extract 1.2.0 pubsub-emulator 0.4.1 |
gcloud --version Google Cloud SDK 348.0.0 alpha 2021.07.09 app-engine-go 1.9.71 app-engine-java 1.9.90 app-engine-python 1.9.93 app-engine-python-extras 1.9.93 beta 2021.07.09 bigtable bq 2.0.70 cbt 0.10.0 cloud-datastore-emulator 2.1.0 cloud-firestore-emulator 1.13.0 cloud-spanner-emulator 1.2.0 core 2021.07.09 datalab 20190610 gsutil 4.65 kpt 0.39.3 local-extract 1.2.0 pubsub-emulator 0.4.1
Create one for gsutil.
alias gsutil='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gsutil' |
alias gsutil='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gsutil'
How to create an instance from a snapshot with alias IP and reserved IPs.
#!/bin/bash gcloud beta compute instances create jump-server \ --network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ --machine-type=n1-standard-1 \`` --network-tier=PREMIUM \ --maintenance-policy=MIGRATE \ --service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \ --tags=int-webserver \ --image=debian-10-buster-v20201216 \ --image-project=debian-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-standard \ --boot-disk-device-name=jump-server-1 \ --no-shielded-secure-boot \ --shielded-vtpm \ --shielded-integrity-monitoring \ --labels=name=jump-server \ --reservation-affinity=any \ --zone=us-central1-a \ --project=airy-totality-151318 |
#!/bin/bash gcloud beta compute instances create jump-server \ --network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ --machine-type=n1-standard-1 \`` --network-tier=PREMIUM \ --maintenance-policy=MIGRATE \ --service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \ --tags=int-webserver \ --image=debian-10-buster-v20201216 \ --image-project=debian-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-standard \ --boot-disk-device-name=jump-server-1 \ --no-shielded-secure-boot \ --shielded-vtpm \ --shielded-integrity-monitoring \ --labels=name=jump-server \ --reservation-affinity=any \ --zone=us-central1-a \ --project=airy-totality-151318
The default command uses –private-network-ip and –subnet options separately.
--private-network-ip 10.0.0.24 \ --subnet=default \ |
--private-network-ip 10.0.0.24 \ --subnet=default \
But when dealing with aliases, reserved IPs and subnets, use a single –network-interface option instead.
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ |
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \
Here’s how to add a GCP firewall rule with the AH (authentication header) and ESP (Encapsulating Security Payload) protocols.
gcloud compute firewall-rules update "firewall-name" \ --description="firewall description" \ --priority "1000" \ --target-service-accounts="service-account@gserviceaccount.com" \ --destination-ranges="10.0.0.0/8" \ --rules 50,51,tcp:80,udp:1000 |
gcloud compute firewall-rules update "firewall-name" \ --description="firewall description" \ --priority "1000" \ --target-service-accounts="service-account@gserviceaccount.com" \ --destination-ranges="10.0.0.0/8" \ --rules 50,51,tcp:80,udp:1000
There is no need to add protocols for AH and ESP. Just the port numbers.