Need to run a cron job on Google compute engine (gce) to execute a gcloud snapshot with service account

Question

I've been successful at creating and executing a snapshot script if I use gcloud auth to use my personal account. but if I have the cron run as root or as a selected user nothing happens during the cron.

I used this script https://gist.github.com/peihsinsu/73cb7e28780b137c2bcd and it works great and as the author notes: "Install gcloud and auth first" are required.

My problem is in using my personal account and not the service account.

When you execute gcloud auth login you get a very important message

Your credentials may be visible to others with access to this virtual machine. Are you sure you want to authenticate with your personal account?

Any thoughts or suggestions to avoid this security risk.

Answer 1

Took some time to figure it out. The script is valid. The tricky part is the user permissions. There are 2 user types - the OS user and the GCE user.

The gcloud uses the GCE user, which is most likely something like [email protected]. You need to figure out what is the OS user that can use GCE credentials. In my particular case (i've set up VM instance using Bitnami) the user was bitnami (NOT root!!!).

You need to make sure that:

• you set up the default gcloud user your GCE user (gcloud config set account [email protected])
• your script file is executable (chmod +x)
• your script file's owner is the user that has GCE credentials
• you set up cron for the particular user (in my case sudo -u bitnami crontab -e)
• you include full path to the script inside crontab