ssh-compute
ssh-compute copied to clipboard
google-github-actions
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4033: 'not authorized']
TL;DR
Unable to log in a designated VM instance in GCP through the Action Runner.
Expected behavior
No response
Observed behavior
Command : gcloud compute ssh hsu_douglas@stage-test-cd --project=xxxxxxxx --zone asia-east1-b --ssh-key-file /home/douglas/.ssh/stage_test_cd --quiet --tunnel-through-iap --command='echo Hello world'
works fine on a local Linux PC with the same private key as secrets.GCP_SSH_PRIVATE_KEY in Actions setting .
Action YAML
name: Test for Auto Deploy via SSH
on:
workflow_dispatch:
inputs:
Manual:
description: 'Manually Trigger'
default: 'Hello World'
required: true
env:
PROJECT_ID: ${{ secrets.PROJECT_ID }}
SERVICE_NAME: xxxxxxxxxxxx
jobs:
SSH-Compute:
name: Checkout, Login via SSH, and Deploy
runs-on: ubuntu-latest
steps:
- uses: 'actions/checkout@v3'
- id: auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.SA_KEY }}
- name: SSH to Google Cloud Platform compute instances
uses: google-github-actions/[email protected]
with:
project_id: 'xxxxxxxxx'
instance_name: 'stage-test-cd'
zone: 'asia-east1-b'
user: 'hsu_douglas'
ssh_private_key: '${{ secrets.GCP_SSH_PRIVATE_KEY }}'
command: 'echo Hello world'
Log output
Run google-github-actions/[email protected]
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/158acaea-34bf-4661-88f7-02892b1cd53c -f /home/runner/work/_temp/4fd56546-15b7-4d42-a023-568f55ae071d
Running: gcloud compute ssh hsu_douglas@stage-test-cd --zone asia-east1-b --ssh-key-file /tmp/2e063883321c415fd5a9a28e/google_compute_engine --quiet --tunnel-through-iap --project *** --command echo Hello world
Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Error: google-github-actions/ssh-compute failed with: failed to execute gcloud command `gcloud compute ssh hsu_douglas@stage-test-cd --zone asia-east1-b --ssh-key-file /tmp/2e063883321c415fd5a9a28e/google_compute_engine --quiet --tunnel-through-iap --project *** --command echo Hello world`: WARNING:
To increase the performance of the tunnel, consider installing NumPy. For instructions,
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4033: 'not authorized'].
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
Recommendation: To check for possible causes of SSH connectivity issues and get
recommendations, rerun the ssh command with the --troubleshoot option.
gcloud compute ssh stage-test-cd --project=*** --zone=asia-east1-b --ssh-key-file=/tmp/2e063883321c415fd5a9a28e/google_compute_engine --troubleshoot
Or, to investigate an IAP tunneling issue:
gcloud compute ssh stage-test-cd --project=*** --zone=asia-east1-b --ssh-key-file=/tmp/2e063883321c415fd5a9a28e/google_compute_engine --troubleshoot --tunnel-through-iap
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Additional information
No response
Check if service account that You use have these permittions: Compute Instance Admin (beta) Compute Storage Admin IAP-secured Tunnel User Service Account User
Also this servise account should be added to VM that You are trying to access. This can be done in VM mashine configuration.
Also check if You properly set ssh for VM mashine.