我希望社区可以帮助我解决我遇到的问题。我尝试使用此doc设置动态广告资源: http://docs.ansible.com/ansible/guide_gce.html
到目前为止,我没有取得任何成功,因为看起来每一个错误导致另一个错误导致我去的兔子洞......
Error:
~/ansible/inventory$ ./gce.py --list
Traceback (most recent call last):
File "./gce.py", line 484, in <module>
GceInventory()
File "./gce.py", line 161, in __init__
self.driver = self.get_gce_driver()
File "./gce.py", line 304, in get_gce_driver
gce = get_driver(Provider.GCE)(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/libcloud/compute/drivers/gce.py", line 1058, in __init__
self.zone_list = self.ex_list_zones()
File "/usr/lib/python2.7/dist-packages/libcloud/compute/drivers/gce.py", line 1790, in ex_list_zones
response = self.connection.request(request, method='GET').object
File "/usr/lib/python2.7/dist-packages/libcloud/compute/drivers/gce.py", line 120, in request
response = super(GCEConnection, self).request(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/libcloud/common/google.py", line 718, in request
*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/libcloud/common/base.py", line 797, in request
response = responseCls(**kwargs)
File "/usr/lib/python2.7/dist-packages/libcloud/common/base.py", line 145, in __init__
self.object = self.parse_body()
File "/usr/lib/python2.7/dist-packages/libcloud/common/google.py", line 287, in parse_body
raise GoogleBaseError(message, self.status, code)
libcloud.common.google.GoogleBaseError: {'domain': 'global', 'message': 'Insufficient Permission', 'reason': 'insufficientPermissions'}
我不明白为什么没有足够的权限。我已经创建了一个服务帐户,我在实例中初始化了,我可以成功使用gcloud cli。
Example:
~/ansible/inventory$ gcloud auth list
Credentialed Accounts:
- REDA...@developer.gserviceaccount.com
- b*******@REDACTED.iam.gserviceaccount.com ACTIVE
To set the active account, run:
$ gcloud config set account `ACCOUNT`
~/ansible/inventory$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
jump us-east1-b f1-micro 10.142.0.2 REDACTED RUNNING
inst1 us-east1-b f1-micro 10.142.0.3 RUNNING
inst2 us-east1-b f1-micro 10.142.0.4 RUNNING
inst3 us-east1-b f1-micro 10.142.0.5 RUNNING
~/ansible/inventory$ cat secrets.py
GCE_PARAMS = ('', '')
GCE_KEYWORD_PARAMS = {'project': 'REDACTED', 'datacenter': 'us-east1-b'}
文档说如果从项目中的实例执行此操作,则可以将GCE_PARAMS留空。我已经尝试了两种方式,但我无法解决此权限问题。我已经成为服务帐户所有者,但它没有帮助。
~/ansible/inventory$ cat gce.ini
[gce]
libcloud_secrets = /home/REDACTED/ansible/inventory/secrets.py
# If you are not going to use a 'secrets.py' file, you can set the necessary
# authorization parameters here.
#gce_service_account_email_address = b*******@REDACTED.iam.gserviceaccount.com
#gce_service_account_pem_file_path = /home/REDACTED/S********************a.json
#gce_project_id = "REDACTED"
#gce_zone = https://www.googleapis.com/compute/v1/projects/REDACTED/zones/us-east1-b
注意:以上参数已注释掉,因为我使用的是secrets.py。我已经尝试过仅考虑这些价值并评论出&#34; libcloud_secrets&#34;但那没有用。
~/ansible/inventory$ echo $GCE_INI_PATH
/home/REDACTED/ansible/inventory/gce.ini <---tried both with only the path and also the filename and same result
Google是否有关于确保此工作的具体步骤的最终指南?动态库存不是关键任务,但是当我开始自动化实例部署时,它肯定会让生活更轻松。看起来这需要花费太多精力才能做到正确,必须有一种简单的方法来实现这一目标。在此ansible doc和gce.ini中的注释信息之间存在冲突的信息。
对于掷骰子和咯咯笑声,我使用此openssl命令将同一服务帐户的新创建的密钥转换为* .pem。然后我将此信息输入到secrets.py并尝试再次运行./gce.py --list,但仍然失败。同样的错误。叹息....
openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out pkey.pem
~/ansible/inventory$ cat secrets.py
GCE_PARAMS = ('b*******@REDACTED.iam.gserviceaccount.com', '/home/REDACTED/servkey.pem')
GCE_KEYWORD_PARAMS = {'project': 'REDACTED', 'datacenter': 'us-east1-b'}