Internal App Engine default service account was deleted. This usually has the appspot.com email address. Unable to undelete the account since the date of deletion is more than 30 days. A new service account was created and assigned with App Engine Admin role. When trying to deploy an app, deployment fails with the following error
Creating App Engine application in project [xxxxxxx] and region [xxxxx]....failed.
ERROR: (gcloud.app.deploy) Error Response: [13] An internal error occurred while ensuring the default service account exists.
Related
I have recently switch my code to another project.
I use the Public IP method addressed in official document but to no avail.
In the log explorer, I have seen a lot of warning entries state that:
CloudSQL warning: your action is needed to update your application and avoid potential disruptions. Please see https://cloud.google.com/sql/docs/mysql/connect-app-engine-standard for additional details:
Post https://sqladmin.googleapis.com/sql/v1beta4/projects/<PROJECT_ID>/instances/asia-east1~<CLOUD_SQL_INSTANCE>:generateEphemeralCert?alt=json&prettyPrint=false: rpc error: code = PermissionDenied desc = IAM permission denied for service account gae-deploy#<PROJECT_ID>.iam.gserviceaccount.com.
Things I have confirmed and checked:
New cloud SQL and app engine are on the same project
Cloud SQL Admin API is enabled
App engine region is asia-east1 (same as the cloud SQL region)
App engine service account and GAE cloud deploy accounts have Cloud SQL Admin role
Default service account [PROJECT_ID]#appspot.gserviceaccount.com has the following roles:
Cloud SQL Admin, Editor, Service Account Token Creator, Storage Object Admin
Created service account gae-deploy#<PROJECT_ID>.iam.gserviceaccount.com has the following roles:
App Engine Service Admin, Cloud Build Service Account, Cloud SQL Admin, Cloud SQL Client, Serverless VPC Access User, Service Account User
According to the documents, Cloud SQL Client role is enough. But the logs keep telling me that the service account cannot access the cloud sql admin API.
What am I doing wrong? Or which additional IAM roles should I grant to the service accounts?
I have tried the similar steps mentioned on this github thread comment.
Steps I have done:
remove ALL roles for both default app engine service account [PROJECT_ID]#appspot.gserviceaccount.com and gae-deploy#<PROJECT_ID>.iam.gserviceaccount.com
Add the same roles back
Rebuild app engine
Now everything is usual
I have a Google App Engine application that operates perfectly when run locally using localhost:8080, but after I deploy to the cloud using gcloud app deploy, I receive the following error:
Warning: PDO::__construct(): MySQL server has gone away in /base/data/home/apps/s~fileabcd/20190320t221240.123456737151234567/gac_abcd.php on line 7
Warning: PDO::__construct(): Error while reading greeting packet. PID=-1 in /base/data/home/apps/s~fileabcd/20190320t221240.123456737151234567/gac_abcd.php on line 7
Any ideas why this is happening?
I discovered the reason why my Google App Engine (GAE) application functioned properly on localhost, but threw a MySQL server has gone away error after being deployed to [PROJECT-ID].appspot.com.
The reason is because my application was connecting to a Cloud SQL instance in a different project, and in order to do this you must grant the default appengine service account ([PROJECT-ID]#appspot.gserviceaccount.com) one of the following IAM roles:
Cloud SQL Client
Cloud SQL Editor
Cloud SQL Admin
After I added the App Engine default service account as a Cloud SQL Client Role in the project containing the Cloud SQL instance, everything worked perfectly.
From the Cloud SQL documentation.
I have deployed a flask application on a google app engine VM instance. Everything was going fine, I was editing my code locally, then deploying and debugging by looking at the logs, but after my last deployment, I am seeing the following error when I try to open the app in a browser:
Error: Server Error
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds.
Also, I am now unable to ssh into my App engine VM instance. Whenever I try to ssh, I get the following error:
port 22: Connection refused
(I was able to ssh into this VM earlier).
Now, I have a VPC network, which has the default firewall rules for allowing ssh ports. There is a section in the cloud platform dashboard where I can create firewall rules for App engine, but it is only for allowing IP addresses, and not ports (regardless, I have added my IP address in this firewall rule).
I also get the same error when I try to SSH through the web cloud platform dashboard.
Most of the related pages on StackOverflow I found about this error are
people not being able to SSH into compute engine VMs. I'm stuck and have no idea what to do to be able to SSH into my App Engine VM.
I am also not seeing any logs when I use the "gcloud app logs read" command.
Edit: Following are my App Engine firewall rules :
Following are the firewall rules for my VPC network:
Sounds like a firewall problem if you can't ssh in from the Cloud Console. Can you post your firewall rules?
I have set up 2 projects in my Google Cloud console. The following are the two projects that I have set up in my console.
1. Cloud SQL + App Engine
2. App Engine (New)
So the idea is App Engine (1) is running the same database as App Engine (2). I have already set up the IAM Permission Page and IAM Admin and Project Page.
I have given both projects as Project Editor role too, but still my (2) still can't connect to my (1) database.
Any help please?
Granting access to an application does not automatically enable a database user account to connect to the instance.
You may connect through a proxy, in which case you should follow these steps:
Enable the API
Install the proxy client on your local machine
Determine how you will authenticate the proxy
If required by your authentication method, create a service account
Determine how you will specify your instances for the proxy
Start the proxy
Update your application to connect to Cloud SQL using the proxy
You can find related details on the Connecting to Cloud SQL from External Applications.
This documents provides steps that cover configuring access for IP connections as well.
If you connect from within the app engine environment, you may have a look at Connecting from App Engine.
I have a Google Cloud SQL project : cwdataproject (Project ID). I have created a schema named cwdb in it. Its Instance ID is : cwdataproject:cwinstance
I have provided access and privilege to cwdb for root user "root"
I have another app Google App Engine : messageframework (Project ID)
Project ID: messageframework
I have provided Authorized App Engine Applications in cwdataproject for messageframework
I have provided Authorized Networks for my local IP. and I am able to connect from local My SQL client successfully.
My code to connect Google Cloud SQL from messageframework app is as below.
Code:
Class.forName("com.mysql.jdbc.GoogleDriver");
url = "jdbc:google:mysql://cwdataproject:cwinstance/cwdb?user=ajoysinha;
DriverManager.getConnection(url);
But is is giving the following error
Access denied for user 'root'#'localhost' (using password: NO)
How can we resolve this connectivity problem?
I am able to connect Cloud SQL from my local MySql client and do all the operation. but not from GAE.