0

I'm carrying out the lab of the GCP platform "Configure a Firewall and a Startup Script with Deployment Manager", i changed the qwicklabs.jinja for this code:

 resources:
- name: default-allow-http
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties["zone"] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/f1-micro
    # For examples on how to use startup scripts on an instance, see:
    #   https://cloud.google.com/compute/docs/startupscript
    tags:
        items: ["http"]
    metadata:
      items:
      - key: startup-script
        value: "apt-get update \n apt-get install -y apache2"
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT

The VM and Disk are made succesfully but i can't complete the last task "Check that Deployment manager includes startup script and firewall resource" because i have problems making the firewall rule an this appear:

ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1598852175371-5a
e25c7f61bda-1c55c951-22ca1242]: errors:
- code: RESOURCE_ERROR
  location: /deployments/deployment-templates/resources/http-firewall-rule
  message: '{"ResourceType":"compute.v1.firewall","ResourceErrorCode":"400","ResourceErrorMessage":{
"code":400,"message":"Request
    contains an invalid argument.","status":"INVALID_ARGUMENT","statusMessage":"Bad
    Request","requestPath":"https://compute.googleapis.com/compute/v1/projects/qwiklabs-gcp-01-888e7
df2843f/global/firewalls","httpMethod":"POST"}}'

Could someone help me pls? I have to finish this lab!

PegaChucho
  • 101
  • 2
  • 12
  • Is your deployment shows on the list when you run `gcloud deployment-manager deployments list` ? Even without firewall rule it should be there. – Wojtek_B Aug 31 '20 at 14:40
  • yes, that's correct, the VM and the disk are correctly created, but not the firewall rule – PegaChucho Aug 31 '20 at 14:51

1 Answers1

0

Your file was giving me for some reason "invalid format" error so I created a new Deployment Manager config file; took VM template from here, added your external IP configuration and also firewall rule part (without any changes).

My yaml file looks like this (I didn't use any variables though).

resources:
- name: vm-created-by-deployment-manager
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: zones/us-central1-a/machineTypes/n1-standard-1
    tags:
        items: ["http"]
    metadata:
      items:
      - key: startup-script
        value: "apt-get update \n apt-get install -y apache2"
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
- name: default-allow-http3
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]

When I ran the file everything worked as intended:

wbogacz@cloudshell:~/fire (wojtek)$ gcloud deployment-manager deployments create test1 --config dm1.yaml
The fingerprint of the deployment is b'n63E-AtErTCKtWOvktfUsA=='
Waiting for create [operation-1599036146720-5ae5-----99-2a45880e-addbce89]...done.
Create operation operation-1599036146720-5ae-----99-2a45880e-addbce89 completed successfully.
NAME                              TYPE                 STATE      ERRORS  INTENT
default-allow-http3               compute.v1.firewall  COMPLETED  []
vm-created-by-deployment-manager  compute.v1.instance  COMPLETED  []

At the end I logged in via SSH to the VM and verified that the startup script was executed - and again success.

Wojtek_B
  • 4,245
  • 1
  • 7
  • 21
  • Thanks for your help, i'll use your code instead of mine and I going to tell you the results, however, i wish l knew what i did wrong whit my jinja file :/ – PegaChucho Sep 02 '20 at 18:45
  • By the way, sorry for this stupid question, but did you omitted the first line? I mean the line "resources:" and the line "name" whe you created the instance? – PegaChucho Sep 02 '20 at 18:49
  • I added two missing lines - thanks for spotting that. I suspect only that variables in your file may have been the culprit but I would have time to try this out.. I'd appreciate if you accepted my answer &/or upvoted if it's usefull to you :) – Wojtek_B Sep 03 '20 at 07:22
  • 2
    .Yeah, thank you. I have already completed this lab. The real problem was in the .yaml file there was a firewall rule script already, so I was creating 2 firewall rules and in one of them there was a wrong tag, so the deployment threw an error – PegaChucho Sep 04 '20 at 15:14
  • > "The real problem was in the .yaml file there was a firewall rule script already" < This is the solution. The firewall rule in the YAML had error. Remove it and it works. Thank You. – sgsi Sep 06 '20 at 03:46