2

I have two GCP projects, projectA and projectB. In projectB, I have a machine image B-machine-image. My goal was to make a copy of the machine image in projectA. But since there is no way to copy the machine image from projectB to projectA directly, I thought I can create a instance in projectA using the machine image in projectB, then use the new instance in projectA to create a machine image locally.

I found a Google Doc for this: https://cloud.google.com/compute/docs/machine-images/create-instance-from-machine-image and followed the steps to first grant the service account in projectA admin role to the machine image B-machine-image in projectB, then run the command to make the instance like:

gcloud beta compute instances create my-new-instance --project=projectA --zone us-central1-b --source-machine-image projects/projectB/global/machineImages/B-machine-image --service-account [email protected]

and I am getting the error:

ERROR: (gcloud.beta.compute.instances.create) Could not fetch resource:

  • Invalid value for field 'resource.networkInterfaces[0].network': 'projects/123456789000/global/networks/projectB-vpc'. The referenced network resource cannot be found.

In projectB, I do have a VPC called projectB-vpc.

What I do not understand is that in "projects/123456789000/global/networks/projectB-vpc", 123456789000 seems is for projectA as it is part of the email for projectA service account, while projectB-vpc is for projectB. In my command I have "projects/projectB/....", why the command replaced "projectB" with 123456789000?

Any idea where did I do wrong?

Thanks, Philip

Improve this question
2
  • 1
    Machine images are not the same as regular compute engine images. Machine images are preconfigured for a specific VM environment. I recommend that you create a regular compute engine instance image. For this problem, try adding the command line option --network=default and --subnet=default or replace with your actual network names. Commented Jan 23, 2021 at 2:38
  • Note: You might have to repeat this process and specify overrides for each configuration value stored in the machine image. Commented Jan 23, 2021 at 2:39

2 Answers 2

Reset to default
2

As per the GCP documentation you can create VM using a machine image from a different project directly. Please note that, when you create a VM by using a machine image from a different project, you might not have access to the service account attached to that source project. In my reproduction steps I followed this steps:

  1. Created an Multi-regional Machine Image
2. gcloud beta compute machine-images add-iam-policy-binding rhel-machine-image \
    --project=source-project \
    --member='serviceAccount:[email protected]' \
    --role='roles/compute.admin'
  1. Added the source project service account to destination project as iam.serviceAccountUser
4. gcloud beta compute instances create machine-image-vm     --project=destination-project --zone us-central1-a --source-machine-image projects/source-project/global/machineImages/rhel-machine-image --service-account [email protected]

On the last step I used destination project Compute Engine Default Service Account.

Created [https://www.googleapis.com/compute/beta/projects/destination-project/zones/us-central1-a/instances/machine-image-vm].
NAME              ZONE           MACHINE_TYPE  PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP     STATUS
machine-image-vm  us-central1-a  e2-medium                  x0.xxx.0.18  35.2x3.18x.x59  RUNNING
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks guys for the suggestions. I found out the issue I had was like John said above, that I need to specifically give the --network and --subnet in the command, as the machine image has the network and subnet info from the original project which are named different from the ones in the destination project.
I followed the documents to implement that and it works. It doesn't get me any error related to network. If the issue has been fixed then let it go.
Thanks. I believe in your case, you kept the "default" network and subnet when you created the projects, GCP does that for you. I also believe most people will keep the default around, and that's the reason the command from the google doc worked. But in my case, I deleted those defaluts and created my own network and subnet, so I have to use the extra parameters --network and --subnet in the gcloud command to make it work.
I think you are right as I made the machine image on the project have default network and where I imported also have default network.
0

I believe if you keep the "default" network and subnet when you created the projects, GCP does that for you(I also believe most people will keep the default around),then the commands from the Google doc will work. But in my case, I deleted those defaults and created my own network and subnet, so I have to use the extra parameters --network and --subnet in the gcloud command to make it work.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.