crosbygw
commented
5 years ago When using deployment-manager, the service account tied to your deployment-manager service is being used to create all resources noted in template. Verify your deployment manager service account has the correct rights to create images into the project you are adding resources. https://cloud.google.com/deployment-manager/docs/access-control The error noted indicates to me the service account does not have permission to build compute resources.
In addition, for the HA to work, you need to provide a service account in your configuration file that has the minimum roles:
- Storage Object Creator
- Compute image admin
Alternatively you can leave the service account property blank in your configuration file and your projects default compute service account will be used. It also must have at a minimum the roles noted above. Unless it has been altered, the default compute service account should have editor role which grants access to all compute resources.
I will add a task to have documentation updated to reflect these requirements.
bbenjbb
Hello, With "HA Cluster (Active/Standby): Production Stack with PAYG Licensing" deployment All prequisite ok when I want to deply I have this error message without any more verbose logs :
bbr-f5ha-payg1 has resource warnings bigip1-bbr-f5ha-payg1: {"ResourceType":"compute.v1.instance","ResourceErrorCode":"INTERNAL_ERROR","ResourceErrorMessage":"Code: '-4207409696167612610'"}
storage bucket and firewall was created but not instances.
in attachment YAML file and screenshot of my network configuration. f5-deployment-template.txt
Route to internet from management and external network are present and firewall rules too.
Please help !