Troubleshooting the Apigee installation

This page applies to Apigee, but not to Apigee hybrid.

View Apigee Edge documentation.

This document lists common errors and describes possible resolutions for when you install and configure Apigee.

Creating a new instance

This section describes common errors and possible resolutions after sending a request to Apigee to create a new instance:

  • 401 (UNAUTHENTICATED) indicates that your credentials may have timed out. Try renewing your authorization token, as the following example shows: 
    AUTH="Authorization: Bearer $(gcloud auth print-access-token)"
  • RANGES_EXHAUSTED indicates that the range of IP addresses that you initially requested could not be accommodated and that you must request a new range. You initially created a range request in Step 4: Configure service networking.

    To request a new range from which Apigee chooses an IP address for the private service connections:

    1. Execute the following gcloud command: 
      gcloud compute addresses create google-svcs-2
  --project=$PROJECT_ID --global --prefix-length=16
  --description="additional peering range for Google services" --network=default
  --purpose=VPC_PEERING

      This command creates a new range named google-svcs-2.

    2. Execute the following command to update your connection request: 
      gcloud services vpc-peerings update
  --service=servicenetworking.googleapis.com --network=default
  --ranges=google-svcs,google-svcs-2 --project=$PROJECT_ID

      Note: You must specify the name of your first range (in this case, google-svcs) and a name for your newly requested range (in this case, google-svcs-2). For more information, see gcloud services vpc-peerings update.

Creating an Apigee organization

The following example shows a common error that Apigee might display when you first try to create an organization:

Create organization error

This means that one or more of the required APIs is not enabled. Review the APIs listed in Step 2: Enable Apigee APIs and be sure that all APIs are enabled before you continue.

In addition, you might get one of the following HTTP errors:

  • 401 (UNAUTHENTICATED) indicates that your credentials may have timed out. Try renewing your authorization token, as the following example shows: 
    AUTH="Authorization: Bearer $(gcloud auth print-access-token)"
  • 404 (Not Found) can be the result of the following:
    • You entered the wrong endpoint/request URL. Check that you specified apigee.googleapis.com for the API call's domain.
    • Your project might not yet be provisioned. Contact Apigee Sales.
  • 409 (Conflict) usually indicates that the given organization name already exists. Organization names must be globally unique. Choose another name for the organization and re-issue the command. (You specify the name in the payload of the request if you are creating an organization on the command line. Keep in mind that you must create an organization that has the same name as your project, so this really shouldn't happen unless there's a typo.)

The following is a possible error that Apigee might return when you check the status of a new organization request:

  • 403 (Permission Denied) could indicate that the organization has not yet been created. Wait another minute and try again. If Apigee returns a 403 when you first try to create the new organization, it could mean that one or more of your APIs have not been enabled. Be sure that you enabled all the APIs as described in Step 2: Enable Apigee APIs.

Deploying samples

Load balancer not healthy

When deploying a sample proxy, Apigee might return a 502 (Bad Gateway) HTTP error. In this case, try the following:

  1. Open Cloud console.
  2. Check the health of the Load Balancer. In Cloud console, select Network services > Load balancing. The Load balancer tab shows all load balancers for the project and their statuses. A yellow triangle indicates that the load balancer backend service is not healthy.
  3. After confirming an issue with the load balancer, check the VMs in your runtime instance to ensure that they are up and healthy.
  4. Look at the log files to see if you can find an error or other type of issue that might have lead to a problem. For more information on enabling and viewing logs, see Viewing logs.
  5. Try doing a rolling restart on the instance group in Cloud console:
    1. Select Compute Engine > Instance Groups.
    2. From the list of instance groups, click the one that is not responding in the Name column.
    3. Click Rolling Restart/Replace, as the following example shows:

      Compute Engine rolling restart

    4. On the next screen, click Restart.

      This restarts the Envoy instance.

Incorrect instance IP

If at any time you delete and recreate your Apigee instance, the Apigee instance IP changes and can become out of sync with the managed instance group (MIG) template's endpoint IP. For example, the MIG template will still have the old IP from the deleted instance. The MIG template was created during the Apigee provisioning process. In this situation, try the following steps to update the MIG template with the correct Apigee IP:

  1. Open the Apigee UI.

    Go to Apigee UI

  2. Go to Admin > Instances.
  3. Note the IP Address of the instance. You will need to know this IP in a later step. For example: 10.117.200.2.

  4. In the Google Cloud console, go to the Instance templates page.

    Go to Instance templates

  5. Open the instance template. You need to open the instance template that is used by the backend that is mapped to your load balancer.
  6. Scroll down to find the ENDPOINT IP under the Custom metadata section.
  7. If the endpoint IP differs from the one you noted in the Apigee UI, you must change the Instance template IP to match the Apigee instance IP. See Changing instance IPs.