使用Cloud Deployment Manager上载SSL证书

时间:2019-03-27 11:28:17

标签: google-cloud-platform

我一直在努力,但是没有运气。以下是我每次尝试都会收到的消息

The fingerprint of the deployment is j6t0HcwFHHQifZteb2l3aA==
Waiting for update [operation-1553685800030-58511aa341085-accaf31f-b8a2d802]...failed.
ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation [operation-1553685800030-58511aa341085-accaf31f-b8a2d802]: errors:
- code: RESOURCE_ERROR
  location: /deployments/infrastructure/resources/lb-ssl-certificate
  message: '{"ResourceType":"compute.v1.sslCertificate","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"errors":[{"domain":"global","message":"The
    SSL certificate could not be parsed.","reason":"sslCertificateCouldNotParseCert"}],"message":"The
    SSL certificate could not be parsed.","statusMessage":"Bad Request","requestPath":"https://www.googleapis.com/compute/v1/projects/xxx/global/sslCertificates","httpMethod":"POST"}}'

下面是我的jinja代码段(sslcert-template.jinja) 

- name: lb-ssl-certificate
  type: compute.v1.sslCertificate
  properties:
    certificate: example.com.crt
    privateKey: example.com.key

请注意, example.com.crt example.com.key sslcert-template.jinja 位于同一位置。我正在使用docker google / cloud-sdk执行此操作。我使用具有项目负责人角色的电子邮件登录

我还尝试了带有证书和密钥的gcloud,并且效果很好

gcloud compute ssl-certificates create sample --certificate=example.com.crt --private-key=example.com.key
Created [https://www.googleapis.com/compute/v1/projects/xxx/global/sslCertificates/sample].
NAME    CREATION_TIMESTAMP
sample  2019-03-29T20:59:14.371-07:00

经过一些尝试。.我尝试在python模板中进行操作,并将实际的证书和密钥设置为值(定义为多行,并且可以正常使用

1 个答案:

答案 0 :(得分:1)

发布答案,因为这是自2020年6月以来deployment manager ssl certificates在Google中排名第一的答案,即使结果列表的下方还有答案(但不是在stackoverflow上)。

Deployment Manager希望将文件内联在yaml文件中,而不是作为本地文件的路径。

即,它应该看起来像这样:

- name: ssl-cert
  type: compute.v1.sslCertificate
  properties:
    certificate: |
      -----BEGIN CERTIFICATE-----
      MIIFazCCA1OgAwIBAgIUUVkDsK2nWJtToHzFjukeJzPyKaYwDQYJKoZIhvcNAQEL
      BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
      ...
      eDbQMIjIXvZNP6e3D3COn862l+OA/MjWjFVZnaraCpKByc1SBBaD1axQ/MY0jks=
      -----END CERTIFICATE-----
    privateKey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIgqbfXwjdaNICAggA
      MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCKSeDnJWXINBIIJUHZOCaP6RbbM
      ...
      bru0DNVNlF4pMWzX6QaInsAPJoA63kS+
      -----END RSA PRIVATE KEY-----

我不确定是否可以自动将文本文件内联到jinja模板中。

相关问题
最新问题