File: //snap/google-cloud-cli/396/help/man/man1/gcloud_compute_instances_import.1
.TH "GCLOUD_COMPUTE_INSTANCES_IMPORT" 1
.SH "NAME"
.HP
gcloud compute instances import \- create Compute Engine virtual machine instances from virtual appliance in OVA/OVF format
.SH "SYNOPSIS"
.HP
\f5gcloud compute instances import\fR \fIINSTANCE_NAME\fR \fB\-\-source\-uri\fR=\fISOURCE_URI\fR [\fB\-\-no\-address\fR] [\fB\-\-async\fR] [\fB\-\-byol\fR] [\fB\-\-can\-ip\-forward\fR] [\fB\-\-cloudbuild\-service\-account\fR=\fICLOUDBUILD_SERVICE_ACCOUNT\fR] [\fB\-\-compute\-service\-account\fR=\fICOMPUTE_SERVICE_ACCOUNT\fR] [\fB\-\-deletion\-protection\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-no\-guest\-environment\fR] [\fB\-\-guest\-os\-features\fR=[\fIGUEST_OS_FEATURE\fR,...]] [\fB\-\-hostname\fR=\fIHOSTNAME\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-log\-location\fR=\fILOG_LOCATION\fR] [\fB\-\-machine\-type\fR=\fIMACHINE_TYPE\fR] [\fB\-\-network\fR=\fINETWORK\fR] [\fB\-\-network\-tier\fR=\fINETWORK_TIER\fR] [\fB\-\-os\fR=\fIOS\fR] [\fB\-\-private\-network\-ip\fR=\fIPRIVATE_NETWORK_IP\fR] [\fB\-\-no\-restart\-on\-failure\fR] [\fB\-\-subnet\fR=\fISUBNET\fR] [\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]] [\fB\-\-timeout\fR=\fITIMEOUT\fR;\ default="2h"] [\fB\-\-zone\fR=\fIZONE\fR] [\fB\-\-custom\-cpu\fR=\fICUSTOM_CPU\fR\ \fB\-\-custom\-memory\fR=\fICUSTOM_MEMORY\fR\ :\ \fB\-\-custom\-extensions\fR\ \fB\-\-custom\-vm\-type\fR=\fICUSTOM_VM_TYPE\fR] [\fB\-\-node\fR=\fINODE\fR\ |\ \fB\-\-node\-affinity\-file\fR=\fIPATH_TO_FILE\fR\ |\ \fB\-\-node\-group\fR=\fINODE_GROUP\fR] [\fB\-\-scopes\fR=[\fISCOPE\fR,...]\ |\ \fB\-\-no\-scopes\fR] [\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR\ |\ \fB\-\-no\-service\-account\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fBgcloud compute instances import\fR creates Compute Engine virtual machine
instances from virtual appliance in OVA/OVF format.
Importing OVF involves:
.RS 2m
.IP "\(bu" 2m
Unpacking OVF package (if in OVA format) to Cloud Storage.
.IP "\(bu" 2m
Import disks from OVF to Compute Engine.
.IP "\(bu" 2m
Translate the boot disk to make it bootable in Compute Engine.
.IP "\(bu" 2m
Create a VM instance using OVF metadata and imported disks and boot it.
.RE
.sp
OVF import tool requires Cloud Build to be enabled. See
https://cloud.google.com/compute/docs/import/import\-ovf\-files#enable\-cloud\-build
Virtual machine instances, images and disks in Compute engine and files stored
on Cloud Storage incur charges. See
https://cloud.google.com/compute/docs/images/importing\-virtual\-disks#resource_cleanup.
.SH "EXAMPLES"
To import an OVF package from Cloud Storage into a VM named \f5my\-instance\fR,
run:
.RS 2m
$ gcloud compute instances import my\-instance \e
\-\-source\-uri=gs://my\-bucket/my\-dir
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
\fIINSTANCE_NAME\fR
Name of the instance to import. For details on valid instance names, refer to
the criteria documented under the field 'name' at:
https://cloud.google.com/compute/docs/reference/rest/v1/instances
.RE
.sp
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-source\-uri\fR=\fISOURCE_URI\fR
Cloud Storage path to one of: OVF descriptor OVA file Directory with OVF
package. For more information about Cloud Storage URIs, see
https://cloud.google.com/storage/docs/request\-endpoints#json\-api.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-no\-address\fR
If provided, the instances are not assigned external IP addresses. To pull
container images, you must configure private Google access if using Container
Registry or configure Cloud NAT for instances to access container images
directly. For more information, see:
.RS 2m
.IP "\(em" 2m
https://cloud.google.com/vpc/docs/configure\-private\-google\-access
.IP "\(em" 2m
https://cloud.google.com/nat/docs/using\-nat
.RE
.sp
.TP 2m
\fB\-\-async\fR
Return immediately, without waiting for the operation in progress to complete.
.TP 2m
\fB\-\-byol\fR
Specifies that you want to import an image with an existing license. Importing
an image with an existing license is known as bring your own license (BYOL).
\f5\-\-byol\fR can be specified in any of the following ways:
.RS 2m
+ `\-\-byol \-\-os=rhel\-8`: imports a RHEL 8 image with an existing license.
+ `\-\-os=rhel\-8\-byol`: imports a RHEL 8 image with an existing license.
+ `\-\-byol`: detects the OS contained on the disk, and imports
the image with an existing license.
.RE
For more information about BYOL, see:
https://cloud.google.com/compute/docs/nodes/bringing\-your\-own\-licenses
.TP 2m
\fB\-\-can\-ip\-forward\fR
If provided, allows the instances to send and receive packets with non\-matching
destination or source IP addresses.
.TP 2m
\fB\-\-cloudbuild\-service\-account\fR=\fICLOUDBUILD_SERVICE_ACCOUNT\fR
Image import and export tools use Cloud Build to import and export images to and
from your project. Cloud Build uses a specific service account to execute builds
on your behalf. The Cloud Build service account generates an access token for
other service accounts and it is also used for authentication when building the
artifacts for the image import tool.
Use this flag to to specify a user\-managed service account for image import and
export. If you don't specify this flag, Cloud Build runs using your project's
default Cloud Build service account. To set this option, specify the email
address of the desired user\-managed service account. Note: You must specify the
\f5\-\-logs\-location\fR flag when you set a user\-managed service account.
At minimum, the specified user\-managed service account needs to have the
following roles assigned:
.RS 2m
.IP "\(em" 2m
roles/compute.admin
.IP "\(em" 2m
roles/iam.serviceAccountTokenCreator
.IP "\(em" 2m
roles/iam.serviceAccountUser
.RE
.sp
.TP 2m
\fB\-\-compute\-service\-account\fR=\fICOMPUTE_SERVICE_ACCOUNT\fR
A temporary virtual machine instance is created in your project during instance
import. Instance import tooling on this temporary instance must be
authenticated.
A Compute Engine service account is an identity attached to an instance. Its
access tokens can be accessed through the instance metadata server and can be
used to authenticate instance import tooling on the instance.
To set this option, specify the email address corresponding to the required
Compute Engine service account. If not provided, the instance import on the
temporary instance uses the project's default Compute Engine service account.
At a minimum, you need to grant the following roles to the specified Cloud Build
service account:
.RS 2m
.IP "\(em" 2m
roles/compute.storageAdmin
.IP "\(em" 2m
roles/storage.objectViewer
.RE
.sp
.TP 2m
\fB\-\-deletion\-protection\fR
Enables deletion protection for the instance.
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR
Specifies a textual description of the VM instances.
.TP 2m
\fB\-\-guest\-environment\fR
The guest environment will be installed on the instance. Enabled by default, use
\fB\-\-no\-guest\-environment\fR to disable.
.TP 2m
\fB\-\-guest\-os\-features\fR=[\fIGUEST_OS_FEATURE\fR,...]
Enables one or more features for VM instances that use the image for their boot
disks. See the descriptions of supported features at:
https://cloud.google.com/compute/docs/images/create\-delete\-deprecate\-private\-images#guest\-os\-features.
\fIGUEST_OS_FEATURE\fR must be (only one value is supported):
\fBUEFI_COMPATIBLE\fR.
.TP 2m
\fB\-\-hostname\fR=\fIHOSTNAME\fR
Specify the hostname of the VM instance to be imported. The specified hostname
must be RFC1035 compliant. If hostname is not specified, the default hostname is
[INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and
[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.
.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.
.TP 2m
\fB\-\-log\-location\fR=\fILOG_LOCATION\fR
Directory in Cloud Storage to hold build logs. If not set, \f5gs://<project
num>.cloudbuild\-logs.googleusercontent.com/\fR is created and used.
.TP 2m
\fB\-\-machine\-type\fR=\fIMACHINE_TYPE\fR
Specifies the machine type used for the instances. To get a list of available
machine types, run 'gcloud compute machine\-types list'. If unspecified, the
default type is n1\-standard\-1.
.TP 2m
\fB\-\-network\fR=\fINETWORK\fR
Specifies the network that the VM instances are a part of. If \f5\-\-subnet\fR
is also specified, subnet must be a subnetwork of the network specified by this
\f5\-\-network\fR flag. If neither is specified, the default network is used.
.TP 2m
\fB\-\-network\-tier\fR=\fINETWORK_TIER\fR
Specifies the network tier that will be used to configure the instance.
\f5\fINETWORK_TIER\fR\fR must be one of: \f5PREMIUM\fR, \f5STANDARD\fR. The
default value is \f5PREMIUM\fR.
.TP 2m
\fB\-\-os\fR=\fIOS\fR
Specifies the OS of the image being imported. \fIOS\fR must be one of:
\fBcentos\-7\fR, \fBcentos\-stream\-8\fR, \fBcentos\-stream\-9\fR,
\fBdebian\-10\fR, \fBdebian\-11\fR, \fBdebian\-8\fR, \fBdebian\-9\fR,
\fBopensuse\-15\fR, \fBrhel\-6\fR, \fBrhel\-6\-byol\fR, \fBrhel\-7\fR,
\fBrhel\-7\-byol\fR, \fBrhel\-8\fR, \fBrhel\-8\-byol\fR, \fBrhel\-9\fR,
\fBrhel\-9\-byol\fR, \fBrocky\-8\fR, \fBrocky\-9\fR, \fBsles\-12\fR,
\fBsles\-12\-byol\fR, \fBsles\-15\fR, \fBsles\-15\-byol\fR, \fBsles\-sap\-12\fR,
\fBsles\-sap\-12\-byol\fR, \fBsles\-sap\-15\fR, \fBsles\-sap\-15\-byol\fR,
\fBubuntu\-1404\fR, \fBubuntu\-1604\fR, \fBubuntu\-1804\fR, \fBubuntu\-2004\fR,
\fBubuntu\-2204\fR, \fBwindows\-10\-x64\-byol\fR, \fBwindows\-10\-x86\-byol\fR,
\fBwindows\-11\-x64\-byol\fR, \fBwindows\-2008r2\fR,
\fBwindows\-2008r2\-byol\fR, \fBwindows\-2012\fR, \fBwindows\-2012\-byol\fR,
\fBwindows\-2012r2\fR, \fBwindows\-2012r2\-byol\fR, \fBwindows\-2016\fR,
\fBwindows\-2016\-byol\fR, \fBwindows\-2019\fR, \fBwindows\-2019\-byol\fR,
\fBwindows\-2022\fR, \fBwindows\-2022\-byol\fR, \fBwindows\-7\-x64\-byol\fR,
\fBwindows\-7\-x86\-byol\fR, \fBwindows\-8\-x64\-byol\fR,
\fBwindows\-8\-x86\-byol\fR.
.TP 2m
\fB\-\-private\-network\-ip\fR=\fIPRIVATE_NETWORK_IP\fR
Specifies the RFC1918 IP to assign to the instance. The IP should be in the
subnet or legacy network IP range.
.TP 2m
\fB\-\-restart\-on\-failure\fR
The instances will be restarted if they are terminated by Compute Engine. This
does not affect terminations performed by the user. Enabled by default, use
\fB\-\-no\-restart\-on\-failure\fR to disable.
.TP 2m
\fB\-\-subnet\fR=\fISUBNET\fR
Specifies the subnet that the VM instances are a part of. If \f5\-\-network\fR
is also specified, subnet must be a subnetwork of the network specified by the
\f5\-\-network\fR flag.
.TP 2m
\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]
Specifies a list of tags to apply to the instance. These tags allow network
firewall rules and routes to be applied to specified VM instances. See \fBgcloud
compute firewall\-rules create\fR(1) for more details.
To read more about configuring network tags, read this guide:
https://cloud.google.com/vpc/docs/add\-remove\-network\-tags
To list instances with their respective status and tags, run:
.RS 2m
$ gcloud compute instances list \e
\-\-format='table(name,status,tags.list())'
.RE
To list instances tagged with a specific tag, \f5tag1\fR, run:
.RS 2m
$ gcloud compute instances list \-\-filter='tags:tag1'
.RE
.TP 2m
\fB\-\-timeout\fR=\fITIMEOUT\fR; default="2h"
Maximum time an import can last before it fails as "TIMEOUT". For example, if
you specify \f52h\fR, the process fails after 2 hours. See $ gcloud topic
datetimes for information about duration formats.
This timeout option has a maximum value of 24 hours.
.TP 2m
\fB\-\-zone\fR=\fIZONE\fR
Zone of the instance to import. If not specified and the
\f5\fIcompute/zone\fR\fR property isn't set, you might be prompted to select a
zone (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/zone\fR\fR property:
.RS 2m
$ gcloud config set compute/zone ZONE
.RE
A list of zones can be fetched by running:
.RS 2m
$ gcloud compute zones list
.RE
To unset the property, run:
.RS 2m
$ gcloud config unset compute/zone
.RE
Alternatively, the zone can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_ZONE\fR\fR.
.TP 2m
Custom machine type extensions.
.RS 2m
.TP 2m
\fB\-\-custom\-cpu\fR=\fICUSTOM_CPU\fR
A whole number value specifying the number of cores that are needed in the
custom machine type.
For some machine types, shared\-core values can also be used. For example, for
E2 machine types, you can specify \f5micro\fR, \f5small\fR, or \f5medium\fR.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-custom\-memory\fR=\fICUSTOM_MEMORY\fR
A whole number value indicating how much memory is desired in the custom machine
type. A size unit should be provided (eg. 3072MB or 9GB) \- if no units are
specified, GB is assumed.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-custom\-extensions\fR
Use the extended custom machine type.
.TP 2m
\fB\-\-custom\-vm\-type\fR=\fICUSTOM_VM_TYPE\fR
Specifies a custom machine type. The default is \f5n1\fR. For more information
about custom machine types, see:
https://cloud.google.com/compute/docs/general\-purpose\-machines#custom_machine_types
.RE
.sp
.TP 2m
Sole Tenancy.
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-node\fR=\fINODE\fR
The name of the node to schedule this instance on.
.TP 2m
\fB\-\-node\-affinity\-file\fR=\fIPATH_TO_FILE\fR
The JSON/YAML file containing the configuration of desired nodes onto which this
instance could be scheduled. These rules filter the nodes according to their
node affinity labels. A node's affinity labels come from the node template of
the group the node is in.
The file should contain a list of a JSON/YAML objects. For an example, see
https://cloud.google.com/compute/docs/nodes/provisioning\-sole\-tenant\-vms#configure_node_affinity_labels.
The following list describes the fields:
.RS 2m
.TP 2m
\fBkey\fR
Corresponds to the node affinity label keys of the Node resource.
.TP 2m
\fBoperator\fR
Specifies the node selection type. Must be one of: \f5IN\fR: Requires Compute
Engine to seek for matched nodes. \f5NOT_IN\fR: Requires Compute Engine to avoid
certain nodes.
.TP 2m
\fBvalues\fR
Optional. A list of values which correspond to the node affinity label values of
the Node resource.
Use a full or relative path to a local file containing the value of
node_affinity_file.
.RE
.sp
.TP 2m
\fB\-\-node\-group\fR=\fINODE_GROUP\fR
The name of the node group to schedule this instance on.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-scopes\fR=[\fISCOPE\fR,...]
If not provided, the instance will be assigned the default scopes, described
below. However, if neither \f5\-\-scopes\fR nor \f5\-\-no\-scopes\fR are
specified and the project has no default service account, then the VM instance
is imported with no scopes. Note that the level of access that a service account
has is determined by a combination of access scopes and IAM roles so you must
configure both access scopes and IAM roles for the service account to work
properly.
SCOPE can be either the full URI of the scope or an alias. \fBDefault\fR scopes
are assigned to all instances. Available aliases are:
.TS
tab( );
lB lB
l l.
Alias URI
bigquery https://www.googleapis.com/auth/bigquery
cloud-platform https://www.googleapis.com/auth/cloud-platform
cloud-source-repos https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro https://www.googleapis.com/auth/source.read_only
compute-ro https://www.googleapis.com/auth/compute.readonly
compute-rw https://www.googleapis.com/auth/compute
datastore https://www.googleapis.com/auth/datastore
default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring.write
https://www.googleapis.com/auth/pubsub
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
gke-default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
logging-write https://www.googleapis.com/auth/logging.write
monitoring https://www.googleapis.com/auth/monitoring
monitoring-read https://www.googleapis.com/auth/monitoring.read
monitoring-write https://www.googleapis.com/auth/monitoring.write
pubsub https://www.googleapis.com/auth/pubsub
service-control https://www.googleapis.com/auth/servicecontrol
service-management https://www.googleapis.com/auth/service.management.readonly
sql (deprecated) https://www.googleapis.com/auth/sqlservice
sql-admin https://www.googleapis.com/auth/sqlservice.admin
storage-full https://www.googleapis.com/auth/devstorage.full_control
storage-ro https://www.googleapis.com/auth/devstorage.read_only
storage-rw https://www.googleapis.com/auth/devstorage.read_write
taskqueue https://www.googleapis.com/auth/taskqueue
trace https://www.googleapis.com/auth/trace.append
userinfo-email https://www.googleapis.com/auth/userinfo.email
.TE
DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope
and \f5sql\fR alias do not provide SQL instance management capabilities and have
been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or
\f5sql\-admin\fR to manage your Google SQL Service instances.
.TP 2m
\fB\-\-no\-scopes\fR
Import instance without scopes
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR
A service account is an identity attached to the instance. Its access tokens can
be accessed through the instance metadata server and are used to authenticate
applications on the instance. The account can be set using an email address
corresponding to the required service account.
If not provided, the instance will use the project's default service account.
.TP 2m
\fB\-\-no\-service\-account\fR
Import instance without service account
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
These variants are also available:
.RS 2m
$ gcloud alpha compute instances import
.RE
.RS 2m
$ gcloud beta compute instances import
.RE