I follow the documentation on creating an instance using Ansible
http://docs.ansible.com/ansible/guide_gce.html
However, when I run this, I get:
Required 'compute.zones.list' permission for 'projects/quick-line-137923'
I don’t know where I should configure these permissions for the service account, since in the documentation, apparently, you can only configure permissions for the service account for the instance that has already been created: "You can set the scope only when creating a new instance"
When I try to provide IAM permissions for this service account (admin), it is not listed, and when I select the service account in the “service accounts”, I am asked to add a member for permissions for the entire domain, nowhere to assign permissions for this service account. for compute.zones.list
Any help?
My play looks like this:
- name: "Create instance(s)"
hosts: localhost
gather_facts: no
connection: local
vars:
machine_type: n1-standard-1 # default
image: ubuntu-1404-lts
service_account_email: admin-531@quick-line-137923.iam.gserviceaccount.com
credentials_file: /Users/Mike/Downloads/project.json
project_id: quick-line-137923
tasks:
- name: "Launch instances"
gce:
instance_names: dev
machine_type: "{{ machine_type }}"
image: "{{ image }}"
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
tags: webserver
register: gce
- name: "Wait for SSH to come up"
wait_for: host={{ item.public_ip }} port=22 delay=10 timeout=60
with_items: gce.instance_data
- name: "Add host to groupname"
add_host: hostname={{ item.public_ip }} groupname=new_instances
with_items: gce.instance_data
- name: "Manage new instances"
vars_files:
- "vars/webserver.yml"
hosts: new_instances
connection: ssh
sudo: True
roles:
- geerlingguy.apache
- geerlingguy.php
- geerlingguy.drush
- geerlingguy.mysql
source
share