GCE Tips

Store project id locally

If you don’t want to repeat the project id each time, you can save it in the local gcloud config

gcloud config set project es-cloud

Machine Permissions

If you have created a machine without the correct permissions, you will see 403 unauthorized error messages. The only way to alter these permissions is to delete the instance (NOT THE DISK). Then create another with the correct permissions.

Creating machines with gcloud

Ensure the following flags are set:

--scopes=compute-rw
Creating with console (web)

When creating an instance using the web portal, click Show advanced options.

At the bottom of the page, under PROJECT ACCESS, choose >> Compute >> Read Write.

Creating with knife google

Set the service account scopes when creating the machine:

knife google server create www1 \
    -m n1-standard-1 \
    -I debian-8 \
    -Z us-central1-a \
    -i ~/.ssh/id_rsa \
    -x jdoe \
    --gce-service-account-scopes https://www.googleapis.com/auth/compute.full_control

Or, you may use the alias:

    --gce-service-account-scopes compute-rw