Managed VM Deployment hangs on "Copying certificates for secure access..." - google-app-engine

I'm running the following command to deploy my Managed VMs app (on Windows 10):
gcloud preview app deploy app.yaml --project=<PROJECT> --promote
The deployment starts bug hangs on the following line:
Copying certificates for secure access. You may be prompted to create an SSH keypair.
And after some time I get the error:
ERROR: (gcloud.preview.app.deploy) Unable to copy certificates.
I've already:
Made sure that there are SSH keys in ~\.ssh\google_compute_engine
Tried to run with --quiet - same results
Renamed ssh-term.exe to ssh.exe - same results
Run the command as an administrator.
Run the command with --verbosity debug, which prints the following line multiple times: DEBUG: File [f] does not exist locally.
Any help will be much appreciated!

Found the cause! It was the project's firewall that blocked SSH by default. Fixed that and it worked.

Glad you fixed it, I had the same problem and will use your fix. I did happen accros a work around. By using the Container Build API to perform the build.
enter the command
gcloud config set app/use_cloud_build true
Before you
gcloud preview app deploy
Cite: https://github.com/isusanin/google-cloud-sdk/issues/533

Related

Deploying Haskell yesod docker container on google app engine

I am trying to upload a yesod Docker container on Google App Engine. The source code is here and the Docker image is here.
I followed the documentation in the Custom runtime quickstart, and when invoking gcloud app deploy the app builds fine after increasing the build timeout, but the container either the readiness check when trying to start or shows the following timeout message:
ERROR: (gcloud.app.deploy) Operation [apps/meeshkan-github-webhook-router/operations/xxxx-xxxx-xxxx] timed out. This operation may still be underway.
I have tried experimenting with several things, including a manual readiness check, creating an /_ah/health endpoint, and increasing the timeout of the readiness check all the way to 1799 seconds, but none of these actions seem to work.
One issue may be the size of the container (it is 3.2gb), and I could try to prune it down, but I'd only do that if someone could confirm that container size is a contributing factor to deployment problems. Other than that, I'm not sure what could be causing this failure. The docker image starts fine on our local machines.
Thanks in advance for your help and suggestions!
The issue turned out to be that, because I was building on Windows, images built using Docker Desktop on Windows gave all shell scripts executable permission automatically, whereas Docker on Linux needs shell scripts to be given the executable permission. By adding this line to my Dockerfile:
RUN chmod +x /usr/src/app/run.sh
Everything worked fine!

ssl handshake error while deploying google app engine

I am getting the following error while deploying the google app engine
ERROR: gcloud crashed (SSLHandshakeError): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
If you would like to report this issue, please run the following command:
gcloud feedback
To check gcloud for common problems, please run the following command:
gcloud info --run-diagnostics
I am using python 2.7 also tried turning off firewall settings but doesnot help. Any suggestions?
This is a common network issue seen when there is a networking proxy present on your network or antivirus and similar software that might prevent the connection.
As you mentioned the issue was solved when deactivating an antivirus software. If you still want to run the antivirus, you can configure it properly to allow the connection to GCP.
I tried this to avoid SSL certificate validation and successfully worked
gcloud config set auth/disable_ssl_validation True

Jenkins Artifactory plug-in: Error occurred while requesting version information: Connection refused

I get the error "Error occurred while requesting version information: Connection refused" when I test the connection in Jenkins configuration for Artifactory plug-in. I have tried it with Anonymous access enabled in Artifactory, with Anonymous access disabled, and tried all three options (Supported, Unsupported, Required) for Password Encryption in Artifactory. I have Default Deployer Credentials in my Jenkins Artifactory configuration, and I have tested the connection with 'Use Different Resolver Credentials' and without. I consistently get this error.
Any help/ideas would be greatly appreciated
I also ran in a similar problem yesterday.
Problem:
I was running jenkins and artifactory in two different docker containers on my local. I had exposed port 8086 for artifactory and could access it using http://localhost:8086/artifactory in my browser. But giving the same url for artifactory in jenkins produced the above reported error in question.
Solution:
For some unknown reasons, jenkins artifactory plugin couldn't resolve http://localhost:8086/artifactory even though the docker mappings was correct and it was possible to connect to artifactory web based console with the same URL.
Replacing "localhost" with docker container IP did the trick.
Name of my container in which artifactory was running was docker-plgr_artifactory_1
Admins-MacBook-Pro-2:~ prakash.tiwari$ docker exec -it docker-plgr_artifactory_1 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.18.0.2 08038bc9449b
The IP of container was 172.18.0.2. So I replaced http://localhost:8086/artifactory with http://172.18.0.2:8081/artifactory and jenkins was now able to connect to artifactory. (8081 is the port in docker container at which artifactory was running. You'd have given it at the time of running the container. Alternatively, you can find it by running docker ps and checking the value under PORTS field.)
Credit: https://www.arvinep.com/2016/04/jenkins-docker-container-problem.html
Note: I know this solution doesn't explain the cause and why it works, but I hope it at least helps some people and saves their time.
I see that you asked this question a while ago. I just had to deal with a very similar situation. I had loaded the root and intermediate certificates into the cacerts files found under the 4 version of Java on the build server. The problem was that Jenkins uses it's own cacerts file found in the Jenkins install folder. Once I loaded the certs there I was able to test the connection to artifactory and upload the build artifacts. I hope this helps

Can't connect to localhost:8080 when trying to run Google App Engine program

I'm trying to run the Google App Engine Python 2.7 Hello World program and view it in a browser via Google App Engine Launcher. I followed the install and program instructions to the letter. I copied and pasted the code in the instructions to the helloworld.py file and app.yam1 and verified that they are correct and in the directory listed as the application directory. I hit run on the launcher and it runs with no errors, although I get no sign that is has completed (orange clock symbol next to app name). I get the following from the logs:
Running dev_appserver with the following flags: --skip_sdk_update_check=yes --port=8080 --admin_port=8000 Python command: /opt/local/bin/python2.7
When I try to open in the browser via the GAE Launcher, the 'browse' icon is grayed out and the browser won't open. I tried opening localhost:8080 in Firefox and Chrome as the tutorial suggests, but I get unable to connect errors from both.
How can I view Hello World in a browser? Is there some configuration I need to make on my machine?
I had the same problem. This seemed to fix it:
cd to google_appengine, run
python dev_appserver.py --port=8080 --host=127.0.0.1 /path/to/application
at this point there is a prompt to allow updates on running, I said Yes.
At this point the app was running as it should, also when I quit this and went in using the launcher again, that worked too.
I have to manually start python and make it point to my app folder, for instance in a command line window on Windows I am using python. I installed python in C:\Python27 and my sample app is in c:\GoogleApps\guestbook
C:\Python27>dev_appserver.py c:\GoogleApps\guestbook
and then I can start my app in the Google App Engine Launcher and hit localhost 8080
How about specifying --host argument? You can find it at the bottom of following doc.
https://developers.google.com/appengine/docs/python/tools/devserver
This might be a little late. But still someone might find it useful.
When ever you go and try changing the port number from 8080 to something else, it will not get updated. So the best option is:
Go to your user directory: eg: C:\Username
There will be a Google folder. Go inside
Open the file google_appengine_projects.ini
Change your port number from 8080 to whatever you like 8081
Save it and close the file.
Launch the GAE Launcher again and you will find the changes reflected and the app runs without issues.
7: Access the application using: http://localhost:NewPort/
This can be used to change ports both run port and admin port for your individual projects running locally.
Hope this helps!
The 8080 portion of your url is a port number. Firefox disables visiting url's of other ports by default. You have to enable them by doing the following: http://blog.christoffer.me/post/2012-02-20-how-to-remove-firefoxs-this-address-is-restricted/
Paraphrasing that website:
Open firefox and visit about:conf
In the Filter box, type in network.security.ports.banned.override
If you can't find such a preference, right click to open up the pop-up menu and pick New and then String
As preference name type network.security.ports.banned.override and 8080 as the value.
Done!
It's likely if this continues to not work that your browser is behaving properly (8080 is a fairly standard port). That means that its a problem with the server and we'd have to do some more debugging.

running web2py with GoogleAppEngineLauncher

Trying to run my web2py app from the development server using GoogleAppEngineLauncher
Not sure if the on-line tutorials are out of date or I'm just missing something, but when I follow the link to download the GoogleAppEngine pythonSDK for OSX I get a dmg for the GoogleAppEngineLauncher.
I download and use that, which installs the proper executables, however after I setup my app.yaml file and run "dev_appserver.py myApp" I get this error:
fancy_urllib.InvalidCertificateException: Host appengine.google.com returned an invalid certificate (_ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed):
I don't get the error if I try and launch the app from the launcher itself, however I can't launch the app because it says the directory already exists and I don't have write permissions. I even tried chmod 777 on the myApp directory.
Should I not be using the GoogleAppLauncher?
additionally I tried using the linux SDX and received the same "certificate" error. The error message directs me to a link mentioning that I need the "ssl" module, but that is included in python 2.7.2 which I am using.
The link also mentions: "appcfg uses SSL when connecting to the Admin Console by default, unless the --insecure flag is passed." But I cannot find that flag in the help menu.
Found this answer which solves the problem.
Basically:
rm google_appengine/lib/cacerts/cacerts.txt
From the SDK

Resources