honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Included notes about compute engine permissions 

Closes #25.
Closes #26.
This commit is contained in:
Simon (Big Chief) Morley 2014-06-20 00:27:29 +01:00 committed by David Pilato
parent b45a05f2fb
commit 0db6959f71
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
README.md
View File

@ -47,7 +47,7 @@ multicast environments). Here is a simple sample configuration:
How to start (short story) How to start (short story)
-------------------------- --------------------------
* Create Google Compute Engine instance * Create Google Compute Engine instance (with compute rw permissions)
* Install Elasticsearch * Install Elasticsearch
* Install Google Compute Engine Cloud plugin * Install Google Compute Engine Cloud plugin
* Modify `elasticsearch.yml` file * Modify `elasticsearch.yml` file
@ -113,6 +113,17 @@ gcloud compute ssh myesnode1 --zone europe-west1-a
ssh -i ~/.ssh/google_compute_engine 192.158.29.199 ssh -i ~/.ssh/google_compute_engine 192.158.29.199
``` ```
*Note Regarding Service Account Permissions*
It's important when creating an instance that the correct permissions are set. At a minimum, you must ensure you have:
```
service_account_scope=compute-rw
```
Failing to set this will result in unauthorized messages when starting Elasticsearch.
See [Machine Permissions](#machine-permissions).
Once connected, install Elasticsearch: Once connected, install Elasticsearch:
```sh ```sh
@ -313,6 +324,8 @@ gcutil setinstancemetadata myesnode1 \
Tips Tips
---- ----
### Store project id locally
If you don't want to repeat the project id each time, you can save it in `~/.gcutil.flags` file using: If you don't want to repeat the project id each time, you can save it in `~/.gcutil.flags` file using:
```sh ```sh
@ -325,6 +338,45 @@ gcutil getproject --project=es-cloud --cache_flag_values
--project=es-cloud --project=es-cloud
``` ```
### Machine Permissions
**Creating machines with gcutil**
Ensure the following flags are set:
````
--service_account_scope=compute-rw
```
**Creating with console (web)**
When creating an instance using the web portal, click **Show advanced options**.
At the bottom of the page, under `PROJECT ACCESS`, choose `>> Compute >> Read Write`.
**Creating with knife google**
Set the service account scopes when creating the machine:
```
$ knife google server create www1 \
-m n1-standard-1 \
-I debian-7-wheezy-v20131120 \
-Z us-central1-a \
-i ~/.ssh/id_rsa \
-x jdoe \
--gce-service-account-scopes https://www.googleapis.com/auth/compute.full_control
```
Or, you may use the alias:
```
--gce-service-account-scopes compute-rw
```
If you have created a machine without the correct permissions, you will see `403 unauthorized` error messages. The only
way to alter these permissions is to delete the instance (NOT THE DISK). Then create another with the correct permissions.
License License
------- -------