Reputation: 527
Can not create gcp instance from machine image in a different project
I have two GCP projects, projectA and projectB. In projectB, I have a machine image B-machine-image. My goal was to make a copy of the machine image in projectA. But since there is no way to copy the machine image from projectB to projectA directly, I thought I can create a instance in projectA using the machine image in projectB, then use the new instance in projectA to create a machine image locally.
I found a Google Doc for this: https://cloud.google.com/compute/docs/machine-images/create-instance-from-machine-image and followed the steps to first grant the service account in projectA admin role to the machine image B-machine-image in projectB, then run the command to make the instance like:
gcloud beta compute instances create my-new-instance --project=projectA --zone us-central1-b --source-machine-image projects/projectB/global/machineImages/B-machine-image --service-account [email protected]
and I am getting the error:
ERROR: (gcloud.beta.compute.instances.create) Could not fetch resource:
- Invalid value for field 'resource.networkInterfaces[0].network': 'projects/123456789000/global/networks/projectB-vpc'. The referenced network resource cannot be found.
In projectB, I do have a VPC called projectB-vpc.
What I do not understand is that in "projects/123456789000/global/networks/projectB-vpc", 123456789000 seems is for projectA as it is part of the email for projectA service account, while projectB-vpc is for projectB. In my command I have "projects/projectB/....", why the command replaced "projectB" with 123456789000?
Any idea where did I do wrong?
Thanks, Philip
Upvotes: 2
Views: 3212
Answers (2)
Reputation: 527
I believe if you keep the "default" network and subnet when you created the projects, GCP does that for you(I also believe most people will keep the default around),then the commands from the Google doc will work. But in my case, I deleted those defaults and created my own network and subnet, so I have to use the extra parameters --network and --subnet in the gcloud command to make it work.
Upvotes: 0
Reputation: 1955
As per the GCP documentation you can create VM using a machine image from a different project directly. Please note that, when you create a VM by using a machine image from a different project, you might not have access to the service account attached to that source project. In my reproduction steps I followed this steps:
- Created an Multi-regional Machine Image
2. gcloud beta compute machine-images add-iam-policy-binding rhel-machine-image \
--project=source-project \
--member='serviceAccount:[email protected]' \
--role='roles/compute.admin'
- Added the source project service account to destination project as iam.serviceAccountUser
4. gcloud beta compute instances create machine-image-vm --project=destination-project --zone us-central1-a --source-machine-image projects/source-project/global/machineImages/rhel-machine-image --service-account [email protected]
On the last step I used destination project Compute Engine Default Service Account.
Created [https://www.googleapis.com/compute/beta/projects/destination-project/zones/us-central1-a/instances/machine-image-vm].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
machine-image-vm us-central1-a e2-medium x0.xxx.0.18 35.2x3.18x.x59 RUNNING
Upvotes: 2
Related Questions
- How to export an image machine to another GCP account?
- instance creation failed: Required 'compute.images.useReadOnly'
- Unable to Migrate GCP Project
- Cannot create GCP VM, public images are empty
- Google Compute Engine API : can't create instance from machine image
- How to export GCP VM "Machine Image" to GCP Storage
- New VM error message on GCP with "resource.sourceMachineImage"
- How to create a gcp instance from a custom image?
- GCP: Instance creation failed
- gcloud can only create instances using private image