Troubleshooting the Apigee installation

This section lists common errors and describes possible resolutions for when you install and configure Apigee.

The most common issue you might experience is the following HTTP error:

  • 401 (UNAUTHENTICATED) indicates that your credentials may have timed out. Try renewing your authorization token, as the following example shows:
    AUTH="Authorization: Bearer $(gcloud auth print-access-token)"

Creating a new instance

This section describes common errors and possible resolutions after sending a request to Apigee to create a new instance:

  • 401 (UNAUTHENTICATED) indicates that your credentials may have timed out. Try renewing your authorization token, as the following example shows:
    AUTH="Authorization: Bearer $(gcloud auth print-access-token)"
  • RANGES_EXHAUSTED indicates that the range of IP addresses that you initially requested could not be accommodated and that you must request a new range. You initially created a range request in Step 4: Configure service networking.

    To request a new range from which Apigee chooses an IP address for the private service connections:

    1. Execute the following gcloud command:
      gcloud compute addresses create google-svcs-2
        --project=$PROJECT_ID --global --prefix-length=16
        --description="additional peering range for Google services" --network=default
        --purpose=VPC_PEERING

      This command creates a new range request.

      Note that you must specify the name of your first range (in this case, "google-svcs") as well as a name for your newly requested range (in this case, "google-svcs-2").

    2. Execute the following command to update your connection request:
      gcloud services vpc-peerings update
        --service=servicenetworking.googleapis.com --network=default
        --ranges=google-svcs,google-svcs-2 --project=$PROJECT_ID

      Note that the vpc-peerings update command also now specifies both the old and new IP address ranges.

      For more information, see gcloud services vpc-peerings update.

Creating an Apigee organization

The following example shows a common error that Apigee might display when you first try to create an organization:

Create organization error

This means that one or more of the required APIs is not enabled. Review the APIs listed in Step 2: Enable Apigee APIs and be sure that all APIs are enabled before you continue.

In addition, you might get one of the following HTTP errors:

  • 401 (UNAUTHENTICATED) indicates that your credentials may have timed out. Try renewing your authorization token, as the following example shows:
    AUTH="Authorization: Bearer $(gcloud auth print-access-token)"
  • 404 (Not Found) can be the result of the following:
    • You entered the wrong endpoint/request URL. Check that you specified apigee.googleapis.com for the API call's domain.
    • Your project might not yet be provisioned. Contact Apigee Sales.
  • 409 (Conflict) usually indicates that the given organization name already exists. Organization names must be globally unique. Choose another name for the organization and re-issue the command. (You specify the name in the payload of the request if you are creating an organization on the command line. Keep in mind that you must create an organization that has the same name as your project, so this really shouldn't happen unless there's a typo.)

The following is a possible error that Apigee might return when you check the status of a new organization request:

  • 403 (Permission Denied) could indicate that the organization has not yet been created. Wait another minute and try again. If Apigee returns a 403 when you first try to create the new organization, it could mean that one or more of your APIs have not been enabled. Be sure that you enabled all the APIs as described in Step 2: Enable Apigee APIs.

Deploying samples

When deploying a sample proxy, Apigee might return a 502 (Bad Gateway) HTTP error. In this case, try the following:

  1. Open Cloud Console.
  2. Check the health of the Load Balancer. In Cloud Console, select Network services > Load balancing. The Load balancer tab shows all load balancers for the project and their statuses. A yellow triangle indicates that the load balancer backend service is not healthy.
  3. After confirming an issue with the load balancer, check the VMs in your runtime instance to ensure that they are up and healthy.
  4. Look at the log files to see if you can find an error or other type of issue that might have lead to a problem.
  5. Try doing a rolling restart on the instance group in Cloud Console:
    1. Select Compute Engine > Instance Groups.
    2. From the list of instance groups, click the one that is not responding in the Name column.
    3. Click Rolling Restart/Replace, as the following example shows:

      Compute Engine rolling restart

    4. On the next screen, click Restart.

      This restarts the Envoy instance.