我正在使用Ansible创建实例的文档 http://docs.ansible.com/ansible/guide_gce.html
然而,当我跑步时,我得到:
Required 'compute.zones.list' permission for 'projects/quick-line-137923'
我不知道我在哪里为服务帐户配置这些权限,因为文档似乎建议您只能在已创建的实例上配置服务帐户的权限: “您只能在创建新实例时设置范围”
当我尝试为此服务帐户(admin)授予IAM权限时,它不在列表中,当我在“服务帐户”中选择服务帐户时,我被要求为域范围权限添加成员,无处为compute.zones.list
分配此服务帐户的权限任何帮助?
我的剧本看起来像是
- name: Create instance(s)
hosts: localhost
gather_facts: no
connection: local
vars:
machine_type: n1-standard-1 # default
image: ubuntu-1404-lts
service_account_email: admin-531@quick-line-137923.iam.gserviceaccount.com
credentials_file: /Users/Mike/Downloads/project.json
project_id: quick-line-137923
tasks:
- name: Launch instances
gce:
instance_names: dev
machine_type: "{{ machine_type }}"
image: "{{ image }}"
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
tags: webserver
register: gce
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=10 timeout=60
with_items: gce.instance_data
- name: Add host to groupname
add_host: hostname={{ item.public_ip }} groupname=new_instances
with_items: gce.instance_data
- name: Manage new instances
vars_files:
- "vars/webserver.yml"
hosts: new_instances
connection: ssh
sudo: True
roles:
- geerlingguy.apache
- geerlingguy.php
- geerlingguy.drush
- geerlingguy.mysql
答案 0 :(得分:3)
将计算实例管理员和服务帐户角色添加到服务帐户。
您还必须激活服务帐户。可以使用gcloud工具:https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account。