osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jira] [Commented] (BROOKLYN-587) GCE credentials in catalog location not usable


    [ https://issues.apache.org/jira/browse/BROOKLYN-587?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490641#comment-16490641 ] 

Aled Sage commented on BROOKLYN-587:
------------------------------------

Deployment to GCE works for me with the following location {{.bom}} file:

{noformat}
brooklyn.catalog:
  id: 'centos7_gce_europe'
  name: 'centos7:gce:europe'
  itemType: location
  item:
    type: jclouds:google-compute-engine
    brooklyn.config:
      imageNameRegex: centos-7.*
      minRam: 2000
      region: europe-west1-b
      identity: 111111111111-compute@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      
      templateOptions:
        networks:
        - "https://www.googleapis.com/compute/v1/projects/cloudsoft-qa/global/networks/mynetwork";
      
      credential: |
        -----BEGIN PRIVATE KEY-----
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXX=
        -----END PRIVATE KEY-----
{noformat}

I wonder if it's something to do with the IAM permissions.

>From your {{jclouds.log}} or {{brooklyn.debug.log}} file, can you find the log of the specific HTTP request that is giving a 403 response? Did any of the other HTTP requests made by Brooklyn to google cloud work, or is this failing on the very first request?

> GCE credentials in catalog location not usable
> ----------------------------------------------
>
>                 Key: BROOKLYN-587
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-587
>             Project: Brooklyn
>          Issue Type: Bug
>    Affects Versions: 0.12.0
>         Environment: * Apache Brooklyn server 0.12.0
>  * Apache Brooklyn CLI 0.12.0
> Blueprint which works fine.
> Attached:
>  * correct working blueprint (tomcat.yml)
>  * not working combi of catalog item (gcp-asia-southeast1-b-0.0.5.bom) and blueprint (tomcat-ext-location.yml)
>            Reporter: Robin Huiser
>            Priority: Minor
>              Labels: google-compute-engine, jclouds
>         Attachments: gcp-asia-southeast1-b-0.0.5.bom, tomcat-ext-location.yml, tomcat.yml
>
>
> Using a catalog based jclouds:google-compute-engine location within a blueprint results into error "Error resolving template -- not authorized"
> {code:java}
> 2018-05-16T13:57:07,502 WARN  128 o.a.b.l.j.JcloudsLocation [ger-QPzhoimG-986]  Error resolving template -- not authorized (rethrowing: org.jclouds.rest.AuthorizationException: {
> "error": {
> "errors": [
> {
> "domain": "global",
> "reason": "forbidden",
> "message": "Required 'compute.projects.get' permission for 'projects/onyx-badge-196310'"
> }
> ],
> "code": 403,
> "message": "Required 'compute.projects.get' permission for 'projects/onyx-badge-196310'"
> }
> }
> ); template is: null
> {code}
> ... while using the same credentials in the blueprint works fine.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)