sdk

Google SDK SSH Mac Terminal

February 14, 2022

I’m having trouble logging in using Google SDK Compute SSH on a Mac Terminal.

Here’s the fix.

gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1

There was an issue with a redirect to another shell.

AWS SDK Load Config

February 14, 2022

Occasionally I was getting this random error when running Terraform.

╷
│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│ 
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│ 
│ Error: RequestError: send request failed
│ caused by: Post "https://sts.amazonaws.com/": read tcp xx.xx.xx.xx:59422->xx.xx.xx.xx:443: read: connection reset by peer
│ 
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 10, in provider "aws":
│   10: provider "aws" {

Here’s the fix. Place this in your ~/.bash_profile.

export AWS_SDK_LOAD_CONFIG=1

This forces Terraform to use both config and credentials file.

GCloud in a Docker Container

July 17, 2021

You can run a gcloud commands in a Docker container.

docker run -ti --name gcloud-config google/cloud-sdk gcloud auth login

Create an alias.

alias gcloud='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gcloud'

Run the command.

gcloud --version
Google Cloud SDK 348.0.0
alpha 2021.07.09
app-engine-go 1.9.71
app-engine-java 1.9.90
app-engine-python 1.9.93
app-engine-python-extras 1.9.93
beta 2021.07.09
bigtable 
bq 2.0.70
cbt 0.10.0
cloud-datastore-emulator 2.1.0
cloud-firestore-emulator 1.13.0
cloud-spanner-emulator 1.2.0
core 2021.07.09
datalab 20190610
gsutil 4.65
kpt 0.39.3
local-extract 1.2.0
pubsub-emulator 0.4.1

Create one for gsutil.

alias gsutil='docker run --rm -ti --volumes-from gcloud-config google/cloud-sdk:latest gsutil'

Create Instance With Alias IP

January 14, 2021

How to create an instance from a snapshot with alias IP and reserved IPs.

#!/bin/bash
gcloud beta compute instances create jump-server \
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \
--machine-type=n1-standard-1 \``
--network-tier=PREMIUM \
--maintenance-policy=MIGRATE \
--service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \
--tags=int-webserver \
--image=debian-10-buster-v20201216 \
--image-project=debian-cloud \
--boot-disk-size=20GB \
--boot-disk-type=pd-standard \
--boot-disk-device-name=jump-server-1 \
--no-shielded-secure-boot \
--shielded-vtpm \
--shielded-integrity-monitoring \
--labels=name=jump-server \
--reservation-affinity=any \
--zone=us-central1-a \
--project=airy-totality-151318

The default command uses –private-network-ip and –subnet options separately.

--private-network-ip 10.0.0.24 \
--subnet=default \

But when dealing with aliases, reserved IPs and subnets, use a single –network-interface option instead.

--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \

GCP SDK Firewall Rule AH and ESP

February 26, 2020

Here’s how to add a GCP firewall rule with the AH (authentication header) and ESP (Encapsulating Security Payload) protocols.

gcloud compute firewall-rules update "firewall-name" \
    --description="firewall description" \
    --priority "1000" \
    --target-service-accounts="service-account@gserviceaccount.com" \
    --destination-ranges="10.0.0.0/8" \
    --rules 50,51,tcp:80,udp:1000

There is no need to add protocols for AH and ESP. Just the port numbers.