问题描述

外面，我发现不同的码头服务器图像内外的行为。成功。

  C：\Users\Ben\AppData\Local\Google\Cloud SDK> gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file C：/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370 
激活的服务帐户凭证：[773889352370-compute@developer.gserviceaccount.com] 
  

运行docker容器，传递。 json键到tmp目录。

  C：\Users\Ben\AppData\Local\Google\Cloud SDK> docker运行-it -v C：/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json：/tmp/MeerkatReader-d77c0d6aa04f.json --rm -p127.0.0.1:8080:8080--entrypoint = / bin / bash gcr.io/cloud-datalab/datalab:local-20161227 
  

从码头中，确认文件是否存在

  root @ 4a4a9314f15c：/ tmp＃ls 
 MeerkatReader-d77c0d6aa04f.json npm-24 -b 7a1bcf npm-45-fd13ef7c npm-7-22ec336e 
  

运行与以前相同的命令。

  root @ 4a4a9314f15c：/ tmp＃gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccoun 
 t.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370 
错误：（gcloud.auth.activate-service-account）无法激活给定的服务帐户。请确保提供的密钥文件有效。 
  

可能会导致此错误？更广泛地说，传递凭据的是。我已经尝试过，它也失败了。我正在使用cloudml API和云视觉，我想在每次运行开始时避免手动gcloud init。

编辑：显示gcloud信息

  root @ 7ff49b26484f：/ ＃gcloud info --run-diagnostics 
网络诊断检测并修复本地网络连接问题。 
检查网络连接...完成。 
可达性检查已通过。 
网络诊断（1/1检查）通过。 
  

确认相同的行为

  root @ 7ff49b26484f：/ tmp＃gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370 
 ERROR：（gcloud.auth.activate-service-account）无法激活给定的服务帐户。请确保提供的密钥文件有效。 
  

您尝试将凭证放在图片中开始吗这是一个类似的结果？

另一方面，你是否试过使用 - key-file /tmp/MeerkatReader-d77c0d6aa04f.json ？因为你似乎把json文件放在 / tmp 中。

您还可以考虑检查容器内部的网络配置，以及从外部检查码头服务器。

I'm finding different behavior from within and outside of a docker image for authenticating a google service account.

Outside. Succeeds.

C:\Users\Ben\AppData\Local\Google\Cloud SDK>gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
Activated service account credentials for: [773889352370-compute@developer.gserviceaccount.com]

Run docker container, pass the .json key to tmp directory.

C:\Users\Ben\AppData\Local\Google\Cloud SDK>docker run -it -v C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json:/tmp/MeerkatReader-d77c0d6aa04f.json  --rm -p "127.0.0.1:8080:8080" --entrypoint=/bin/bash  gcr.io/cloud-datalab/datalab:local-20161227

From within docker, confirm the file is there

root@4a4a9314f15c:/tmp# ls
MeerkatReader-d77c0d6aa04f.json  npm-24-b7aa1bcf  npm-45-fd13ef7c  npm-7-22ec336e

Run the same command as before. Fails.

root@4a4a9314f15c:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccoun
t.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.

What might cause this error? More broadly, what is the suggested strategy for passing credentials. I've tried this and it fails as well. I'm using the cloudml API and cloud vision, and i'd like to avoid manual gcloud init at the beginning of every run.

EDIT: To show gcloud info

root@7ff49b26484f:/# gcloud info --run-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic (1/1 checks) passed.

confirmed same behavior

root@7ff49b26484f:/tmp# gcloud auth activate-service-account 773889352370-compute@developer.gserviceaccount.com --key-file MeerkatReader-d77c0d6aa04f.json --project api-project-773889352370
ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.

Have you attempted to put the credential in the image from the beginning? Is that a similar outcome?

On the other hand, have you tried using --key-file /tmp/MeerkatReader-d77c0d6aa04f.json? Since it appears you're putting the json file in /tmp.

You might also consider checking the network configuration inside the container and with docker from the outside.

这篇关于验证Docker图片上的Google Cloud服务帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！