2014-07-15 171 views
1

我在GCE上運行debian,並且我配置了gsutil和gsutil config -eGSUtil服務帳戶失敗

當我嘗試做gsutil -D ls我得到以下錯誤:

gsutil version 4.3 checksum f6a4b1f8400e2d1d145c9ec5e9ea8d90 (OK) boto version 2.29.1 python version 2.7.3 (default, Mar 13 2014, 11:03:55) [GCC 4.7.2] config path: /etc/boto.cfg gsutil path: /usr/local/share/google/gsutil/gsutil compiled crcmod: False installed via package manager: False editable install: False Command being run: /usr/local/bin/gsutil -D ls config_file_list: ['/etc/boto.cfg', '/var/lib/postgresql/.boto'] config: [('debug', '0'), ('working_dir', '/mnt/pyami'), ('https_validate_certificates', 'True'), ('debug', '0'), ('working_dir', '/mnt/pyami'), ('default_project_id', 'e-vard'), ('default_api_version', '2'), ('content_language', 'en')] Calling method storage.buckets.list with StorageBucketsListRequest: <StorageBucketsListRequest maxResults: 100 project: 'e-vard' projection: ProjectionValueValuesEnum(full, 0)> Making http GET to https://www.googleapis.com/storage/v1/b?projection=full&prettyPrint=True&fields=nextPageToken%2Citems%2Fid&maxResults=100&project=e-vard&alt=json Headers: {'accept': 'application/json', 'accept-encoding': 'gzip, deflate', 'content-length': '0', 'user-agent': 'apitools gsutil/4.3 (linux2)'} Body: (none) Attempting refresh to obtain initial access_token {'iss': '[email protected]', 'scope': 'https://www.googleapis.com/auth/devstorage.full_control', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1405436827L, 'iat': 1405433227L} Refreshing access_token connect: (accounts.google.com, 443) send: 'POST /o/oauth2/token HTTP/1.1\r\nHost: accounts.google.com\r\nContent-Length: 726\r\ncontent-type: application/x-www-form-urlencoded\r\naccept-encoding: gzip, deflate\r\nuser-agent: Python-httplib2/0.7.7 (gzip)\r\n\r\ngrant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=ASSERTIONREMOVED' reply: 'HTTP/1.1 400 Bad Request\r\n' header: Content-Type: application/json header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate header: Pragma: no-cache header: Expires: Fri, 01 Jan 1990 00:00:00 GMT header: Date: Tue, 15 Jul 2014 14:07:07 GMT header: Content-Encoding: gzip header: X-Content-Type-Options: nosniff header: X-Frame-Options: SAMEORIGIN header: X-XSS-Protection: 1; mode=block header: Server: GSE header: Alternate-Protocol: 443:quic header: Transfer-Encoding: chunked Failed to retrieve access token: { "error" : "invalid_grant" } DEBUG: Exception stack trace: Traceback (most recent call last): File "/usr/local/share/google/gsutil/gslib/__main__.py", line 419, in _RunNamedCommandAndHandleExceptions debug_level, parallel_operations) File "/usr/local/share/google/gsutil/gslib/command_runner.py", line 194, in RunNamedCommand return_code = command_inst.RunCommand() File "/usr/local/share/google/gsutil/gslib/commands/ls.py", line 378, in RunCommand bucket_fields=bucket_fields): File "/usr/local/share/google/gsutil/gslib/wildcard_iterator.py", line 425, in IterBuckets for blr in self._ExpandBucketWildcards(bucket_fields=bucket_fields): File "/usr/local/share/google/gsutil/gslib/wildcard_iterator.py", line 339, in _ExpandBucketWildcards provider=self.wildcard_url.scheme): File "/usr/local/share/google/gsutil/gslib/gcs_json_api.py", line 380, in ListBuckets global_params=global_params) File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/storage_v1_client.py", line 351, in List config, request, global_params=global_params) File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/base_api.py", line 587, in _RunMethod http, http_request, retries=self.__client.num_retries) File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/http_wrapper.py", line 152, in MakeRequest redirections=redirections, connection_type=connection_type) File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/util.py", line 132, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 475, in new_request self._refresh(request_orig) File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 663, in _refresh self._do_refresh_request(http_request) File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 710, in _do_refresh_request raise AccessTokenRefreshError(error_msg) AccessTokenRefreshError: invalid_grant

我做了什麼錯?

+0

你是否將這與gcloud auth登錄一起使用? –

+0

我的意圖是隻使用服務帳戶。但我可能以某種方式錯誤地配置了它。我將在沒有外部IP的情況下使用gce實例。 – 0tto

回答

1

由於gsutil使HTTP呼叫與Google雲端存儲進行交互,因此它無法在沒有外部IP的GCE實例上運行。

+0

您是否知道是否有計劃在未來實現這一目標?這似乎是一個有用的功能。 – 0tto

+0

我無法對未來的計劃發表評論,但我同意它會有用。 –

+0

我目前在GCE實例上使用gsutil與Google雲端存儲進行交互。查看我在此鏈接中的回覆以查看我配置的內容:http://stackoverflow.com/questions/28518706/gsutil-accessdeniedexception-401-login-required/36029802#36029802 – rmg

0

要在GCE內部虛擬機中使用服務帳戶,您應該檢查UI中的啓用計算引擎服務帳戶,併爲存儲提供您選擇的範圍。這將在您的實例中公開GCE服務憑據。但是,您無法使用通過HTTP運行的工具來運行它,因爲您沒有外部IP進行通信。

這意味着如果您想將Google Cloud Storage與GCE VM結合使用,則需要外部IP。

+0

謝謝你看這個特拉維斯。我試圖刪除〜/ .boto和〜/ .gsutil並再次嘗試。然後我得到[this](http://paste2.org/wZFUEXsb)。 – 0tto

+0

您還需要在您的GCE VM上啓用Compute Engine服務帳戶。 –

+0

I [did](http://imgur.com/O2xRTbh) – 0tto

相關問題