I have a GCP VM set to use a service account so in the VM instance details on the console:
Service account
When I run the command for installing the monitoring agent I saw this:
Updating project ssh metadata...failed.
Updating instance ssh metadata...failed.
ERROR: (gcloud.beta.compute.ssh) Could not add SSH key to instance metadata:
- Required 'compute.instances.setMetadata' permission for 'projects/MYPROJECT/zones/us-central1-a/instances/MYVM'
I gave the service account the Compute Admin role on the instance (not the whole project) and re-ran. The results are then more confusing:
Updating project ssh metadata...failed.
Updating instance ssh metadata...failed.
ERROR: (gcloud.beta.compute.ssh) Could not add SSH key to instance metadata:
- The user does not have access to service account > '[email protected]'. User: '[email protected]'. Ask a project owner to grant you the iam.serviceAccountUser role on the service account
Do I really grant the iam.serviceAccountUser role on the service account so it can use itself? Is there another way I can run the script as me rather than the service account since I am a project admin/owner?
gcloud auth loginthen selecting you in the auth screen. By the way when you rungcloud auth listis [email protected] account the one selected ? – MBHA Phoenixgcloud auth list. Thanks for the command hints – Neil C. Obremski