gcloud alpha compute machine-images import - create a Compute Engine machine image from virtual appliance in OVA/OVF format
gcloud alpha compute machine-images import IMAGE --source-uri=SOURCE_URI [--no-address] [--async] [--byol] [--can-ip-forward] [--compute-service-account=COMPUTE_SERVICE_ACCOUNT] [--description=DESCRIPTION] [--no-guest-environment] [--guest-flush] [--guest-os-features=[GUEST_OS_FEATURE,...]] [--labels=[KEY=VALUE,...]] [--log-location=LOG_LOCATION] [--machine-type=MACHINE_TYPE] [--network=NETWORK] [--network-tier=NETWORK_TIER] [--os=OS] [--no-restart-on-failure] [--storage-location=LOCATION] [--subnet=SUBNET] [--tags=TAG,[TAG,...]] [--timeout=TIMEOUT; default="2h"] [--zone=ZONE] [--custom-cpu=CUSTOM_CPU --custom-memory=CUSTOM_MEMORY : --custom-extensions --custom-vm-type=CUSTOM_VM_TYPE] [--scopes=[SCOPE,...] | --no-scopes] [--service-account=SERVICE_ACCOUNT | --no-service-account] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute machine-images import creates Compute Engine machine image from virtual appliance in OVA/OVF format.
Importing OVF involves:
Unpacking OVF package (if in OVA format) to Cloud Storage.
Import disks from OVF to Compute Engine.
Translate the boot disk to make it bootable in Compute Engine.
Create a machine image using OVF metadata and imported disks.
Virtual instances, images, machine images, and disks in Compute engine and files stored on Cloud Storage incur charges. See https://cloud.google.com/compute/docs/images/importing-virtual-disks#resource_cleanup.
To import an OVF package from Cloud Storage into a machine image named my-machine-image, run:
$ gcloud alpha compute machine-images import my-machine-image \ --source-uri=gs://my-bucket/my-dir
- IMAGE
Name of the machineImage to import.
- --source-uri=SOURCE_URI
Cloud Storage path to one of: OVF descriptor OVA file Directory with OVF package. For more information about Cloud Storage URIs, see https://cloud.google.com/storage/docs/request-endpoints#json-api.
- --no-address
Temporary VMs are created in your project during machine image import. Set this flag so that these temporary VMs are not assigned external IP addresses.
Note: The machine image import process requires package managers to be installed on the operating system for the virtual disk. These package managers might need to make requests to package repositories that are outside Google Cloud. To allow access for these updates, you need to configure Cloud NAT and Private Google Access. For more information, see https://cloud.google.com/nat/docs/gce-example#create-nat and https://cloud.google.com/vpc/docs/private-access-options#pga.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --byol
Specifies that you want to import an image with an existing license. Importing an image with an existing license is known as bring your own license (BYOL).
--byol can be specified in any of the following ways:
+ `--byol --os=rhel-8`: imports a RHEL 8 image with an existing license. + `--os=rhel-8-byol`: imports a RHEL 8 image with an existing license. + `--byol`: detects the OS contained on the disk, and imports the image with an existing license.
For more information about BYOL, see: https://cloud.google.com/compute/docs/nodes/bringing-your-own-licenses
- --can-ip-forward
If provided, allows the VMs created from the imported machine image to send and receive packets with non-matching destination or source IP addresses.
- --compute-service-account=COMPUTE_SERVICE_ACCOUNT
A temporary virtual machine instance is created in your project during machine image import. Machine image import tooling on this temporary instance must be authenticated.
A Compute Engine service account is an identity attached to an instance. Its access tokens can be accessed through the instance metadata server and can be used to authenticate machine image import tooling on the instance.
To set this option, specify the email address corresponding to the required Compute Engine service account. If not provided, the machine image import on the temporary instance uses the project's default Compute Engine service account.
At minimum, the specified Compute Engine service account needs to have the following roles assigned:
- —
roles/compute.storageAdmin
- —
roles/storage.objectViewer
- --description=DESCRIPTION
Specifies a text description of the machine image.
- --guest-environment
The guest environment will be installed on the machine image. Enabled by default, use --no-guest-environment to disable.
- --guest-flush
Create an application-consistent machine image by informing the OS to prepare for the snapshot process.
- --guest-os-features=[GUEST_OS_FEATURE,...]
Enables one or more features for VM instances that use the image for their boot disks. See the descriptions of supported features at: https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features. GUEST_OS_FEATURE must be (currently only one value is supported): UEFI_COMPATIBLE.
- --labels=[KEY=VALUE,...]
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- --log-location=LOG_LOCATION
Directory in Cloud Storage to hold build logs. If not set, gs://<project num>.cloudbuild-logs.googleusercontent.com/ is created and used.
- --machine-type=MACHINE_TYPE
Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1.
- --network=NETWORK
Specifies the network for the VMs that are created from the imported machine image. If --subnet is also specified, then the subnet must be a subnetwork of network specified by --network. If neither is specified, the default network is used.
- --network-tier=NETWORK_TIER
Specifies the network tier that will be used to configure the machine image. NETWORK_TIER must be one of: PREMIUM, STANDARD. The default value is PREMIUM.
- --os=OS
Specifies the OS of the machine image being imported. OS must be one of: centos-7, debian-10, debian-11, debian-8, debian-9, opensuse-15, rhel-6, rhel-6-byol, rhel-7, rhel-7-byol, rhel-8, rhel-8-byol, rhel-9, rhel-9-byol, rocky-8, sles-12, sles-12-byol, sles-15, sles-15-byol, sles-sap-12, sles-sap-12-byol, sles-sap-15, sles-sap-15-byol, ubuntu-1404, ubuntu-1604, ubuntu-1804, ubuntu-2004, ubuntu-2204, windows-10-x64-byol, windows-10-x86-byol, windows-11-x64-byol, windows-2008r2, windows-2008r2-byol, windows-2012, windows-2012-byol, windows-2012r2, windows-2012r2-byol, windows-2016, windows-2016-byol, windows-2019, windows-2019-byol, windows-2022, windows-2022-byol, windows-7-x64-byol, windows-7-x86-byol, windows-8-x64-byol, windows-8-x86-byol.
- --restart-on-failure
The VMs created from the imported machine image are restarted if they are terminated by Compute Engine. This does not affect terminations performed by the user. Enabled by default, use --no-restart-on-failure to disable.
- --storage-location=LOCATION
Google Cloud Storage location, either regional or multi-regional, where machine image's content is to be stored. If absent, a nearby regional or multi-regional location is chosen automatically.
- --subnet=SUBNET
Specifies the subnet for the VMs created from the imported machine image. If --network is also specified, the subnet must be a subnetwork of the network specified by --network.
- --tags=TAG,[TAG,...]
Specifies a list of tags to apply to the VMs created from the imported machine image. These tags allow network firewall rules and routes to be applied to specified VMs. See gcloud compute firewall-rules create(1) for more details.
To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags
To list VMs with their respective status and tags, run:
$ gcloud compute instances list \ --format='table(name,status,tags.list())'
To list VMs tagged with a specific tag, tag1, run:
$ gcloud compute instances list --filter='tags:tag1'
- --timeout=TIMEOUT; default="2h"
Maximum time an import can last before it fails as "TIMEOUT". For example, if you specify 2h, the process fails after 2 hours. See $ gcloud topic datetimes for information about duration formats.
This timeout option has a maximum value of 24 hours.
- --zone=ZONE
Zone of the machine image to import. The zone in which to perform the import of the machine image. If not specified and the compute/zone property isn't set, you might be prompted to select a zone (interactive mode only).
To avoid prompting when this flag is omitted, you can set the compute/zone property:
$ gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
$ gcloud compute zones list
To unset the property, run:
$ gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.
- Custom machine type extensions.
- --custom-cpu=CUSTOM_CPU
A whole number value specifying the number of cores that are needed in the custom machine type.
For some machine types, shared-core values can also be used. For example, for E2 machine types, you can specify micro, small, or medium.
This flag argument must be specified if any of the other arguments in this group are specified.
- --custom-memory=CUSTOM_MEMORY
A whole number value indicating how much memory is desired in the custom machine type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are specified, GB is assumed.
This flag argument must be specified if any of the other arguments in this group are specified.
- --custom-extensions
Use the extended custom machine type.
- --custom-vm-type=CUSTOM_VM_TYPE
Specifies a custom machine type. The default is n1. For more information about custom machine types, see: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types
- At most one of these can be specified:
- --scopes=[SCOPE,...]
If not provided, the machine image will be assigned the default scopes, described below. However, if neither --scopes nor --no-scopes are specified and the project has no default service account, then the machine image is imported with no scopes. Note that the level of access that a service account has is determined by a combination of access scopes and IAM roles so you must configure both access scopes and IAM roles for the service account to work properly.
SCOPE can be either the full URI of the scope or an alias. Default scopes are assigned to all instances. Available aliases are:
DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope and sql alias do not provide SQL instance management capabilities and have been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or sql-admin to manage your Google SQL Service instances.
- --no-scopes
Import machine image without scopes
- At most one of these can be specified:
- --service-account=SERVICE_ACCOUNT
A service account is an identity attached to the machine image. Its access tokens can be accessed through the instance metadata server and are used to authenticate applications on the instance. The account can be set using an email address corresponding to the required service account.
If not provided, the machine image will use the project's default service account.
- --no-service-account
Import machine image without service account
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute machine-images import
$ gcloud beta compute machine-images import