Comments (8)
helen-fornazier
commented on July 22, 2024
If I add the scopes (with the code below) in the daisy workflow it works.
"Scopes": [
"https://www.googleapis.com/auth/devstorage.read_only"
]
But when creating the instance in gcloud using --no-scopes it works fine, confusing.
from compute-image-tools.
adjackura
commented on July 22, 2024
I have a feeling this may be a bug in gcloud, would have to do some digging, you can check the instance after its created to see if --no-scopes actually works. That workflow looks like its working correctly, what you have there will create an instance with no scopes, maybe try the UI as well?
To work with no scopes the GCS file needs to be set to public read, so set allUsers as reader.
from compute-image-tools.
helen-fornazier
commented on July 22, 2024
@adjackura when using gcloud with --no-scopes, no scopes are listed with gcloud compute instances describe koike-u18-2 (and I confirmed they are listed when the --no-scopes is omitted)
I also tested with the UI (no service account and no scopes), and the script runs fine.
The GCS file is public, the interesting thing is that we just get this error with Ubuntu.
from compute-image-tools.
adjackura
commented on July 22, 2024
Can you give me the startup-script metadata value for the daisy instance and the gcloud instance, I think this is a bug with the guest environment that has since been fixed.
from compute-image-tools.
helen-fornazier
commented on July 22, 2024
@adjackura you can use the same as the example above:
startup-script-url=gs://main-nucleus-128012-daisy-bkt/daisy-startup-script-linux-20181212-19:58:21-n5hrn/sources/startup_file_public.ps1
This file is public for now, you should be able to access it.
from compute-image-tools.
adjackura
commented on July 22, 2024
I meant is there a difference when you start the instance? Does gcloud compute instances describe show any differences with metadata.
from compute-image-tools.
helen-fornazier
commented on July 22, 2024
I don't think is the difference in the metadata, but one interesting thing is that daisy adds a service account even if no scopes are provided, which doesn't happen with gcloud, even if I provide --service-account=email but with --no-scopes, it doesn't add the service account (the same happens in the UI).
If I comment out this line (populateScopes) it works on Daisy: https://github.com/GoogleCloudPlatform/compute-image-tools/blob/master/daisy/instance.go#L111
I am still digging into the code, but I see that i.Scopes here is not nil, but i.ServiceAccounts is nil so it gets the default SA in the if statement.
Full instance description: Daisy: https://paste.ee/p/kltg4, gcloud: https://paste.ee/p/y1voA
from compute-image-tools.
helen-fornazier
commented on July 22, 2024
Adding an empty ServiceAccounts in the workflow fixes the bug [1]. But I was wondering if the best solution wouldn't be to check if i.Scopes is an empty list in this line [2].
I mean:
- if i.ServiceAccounts == nil {
+ if len(*i.Scopes) > 0 && i.ServiceAccounts == nil {
@adjackura what do you think?
[1] https://github.com/GoogleCloudPlatform/compute-image-tools/compare/master...collabora-gce:fix-metadata-script-test?expand=1
[2] https://github.com/GoogleCloudPlatform/compute-image-tools/blob/master/daisy/instance.go#L230
from compute-image-tools.
Related Issues (20)
- Incorrect hostname for VMs with multiple network interfaces
- panic: runtime error: invalid memory address or nil pointer dereference on Ubuntu 20.04
- Issue with bootstrap_install.ps1 HOT 2
- `import_precheck` fails on CentOS 7 HOT 2
- importing process interrupted when `/etc/netplan` contains subdirectory (Ubuntu 18+) HOT 1
- getting error while importing my ubuntu 2004vmdk into compute instance HOT 1
- Execution fails when shielded VMs org policy is enforced HOT 3
- GCE_Export Release Version access_denied HOT 1
- daisy release version has access denied HOT 1
- Should this be more than 1 GB?
- gcloud compute images import does not allow centos-8 in option --os HOT 1
- Compute engine create with container + SSD
- Could not fetch resource
- Semidev1
- Shared VPC issue during build
- Deployments of UBUNTU with "snapd" (google tool use this snapd?) HOT 3
- windows-startup-script-url: Message: Either the Name or Index parameter is required HOT 2
- Workflow update required for windows-10-20h2-ent-x86
- Fix the setting for 'x86_build' and maybe 'uefi_build' on the 'windows-build-bios.wf.json'
- Create custom Windows BYOL images failed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from compute-image-tools.