google-api - Web 应用程序在本地和应用程序引擎上工作,但不能在云上运行
问题描述
所以我用我制作的网络应用程序遇到了这个问题:
- 它获取文件路径作为输入
- 如果文件存在于存储桶上,它会使用 python 客户端 api 创建一个计算引擎实例
- 它将文件路径传递给启动脚本中的实例
当我在本地运行它时,我创建了一个 python 虚拟环境,然后运行该应用程序。当我在 Web 浏览器上进行输入时,虚拟机是由 api 调用创建的。我以为它使用了我的个人帐户。我使用此命令“gcloud config set account”在命令行中更改为服务帐户,它再次运行良好。
当我简单地去源代码目录部署它时,应用程序也可以创建虚拟机实例。
当我使用谷歌云构建并部署到云运行时,它不会创建 vm 实例。
Web 应用程序本身没有抛出任何错误,但是当我检查计算引擎的日志时,日志中有一个错误:
`{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 3,
"message": "INVALID_PARAMETER"
},
"authenticationInfo": {
"principalEmail": "####"
},
"requestMetadata": {
"callerIp": "#####",
"callerSuppliedUserAgent": "(gzip),gzip(gfe)"
},
"serviceName": "compute.googleapis.com",
"methodName": "v1.compute.instances.insert",
"resourceName": "projects/someproject/zones/somezone/instances/nameofinstance",
"request": {
"@type": "type.googleapis.com/compute.instances.insert"
}
},
"insertId": "######",
"resource": {
"type": "gce_instance",
"labels": {
"instance_id": "#####",
"project_id": "someproject",
"zone": "somezone"
}
},
"timestamp": "2021-06-16T12:18:21.253551Z",
"severity": "ERROR",
"logName": "projects/someproject/logs/cloudaudit.googleapis.com%2Factivity",
"operation": {
"id": "operation-#####",
"producer": "compute.googleapis.com",
"last": true
},
"receiveTimestamp": "2021-06-16T12:18:21.253551Z"
}`
从理论上讲,它与在我的笔记本电脑和应用程序引擎上运行的代码完全相同。我很困惑为什么它只对云运行这样做。
应用引擎默认服务帐户被剥夺了所有角色,并被赋予了为网络应用功能量身定制的自定义角色。
云运行使用不同的服务帐户,但被赋予了完全相同的自定义角色。
这是我用来调用api的方法。
def create_instance(path):
compute = googleapiclient.discovery.build('compute', 'v1')
vmname = "piinnuclei" + date.today().strftime("%Y%m%d%H%M%S")
startup_script = "#! /bin/bash\napt update\npip3 install pg8000\nexport BUCKET_PATH=my-bucket/{}\ngsutil -m cp -r gs://$BUCKET_PATH /home/connor\ncd /home/connor\n./cloud_sql_proxy -dir=cloudsql -instances=sql-connection-name=unix:sql-connection-name &\npython3 run_analysis_upload.py\nexport ZONE=$(curl -X GET http://metadata.google.internal/computeMetadata/v1/instance/zone -H 'Metadata-Flavor: Google')\nexport NAME=$(curl -X GET http://metadata.google.internal/computeMetadata/v1/instance/name -H 'Metadata-Flavor: Google')\ngcloud --quiet compute instances delete $NAME --zone=$ZONE".format(path)
config = {
"kind": "compute#instance",
"name": vmname,
"zone": "projects/my-project/zones/northamerica-northeast1-a",
"machineType": "projects/my-project/zones/northamerica-northeast1-a/machineTypes/e2-standard-4",
"displayDevice": {
"enableDisplay": False
},
"metadata": {
"kind": "compute#metadata",
"items": [
{
"key": "startup-script",
"value": startup_script
}
]
},
"tags": {
"items": []
},
"disks": [
{
"kind": "compute#attachedDisk",
"type": "PERSISTENT",
"boot": True,
"mode": "READ_WRITE",
"autoDelete": True,
"deviceName": vmname,
"initializeParams": {
"sourceImage": "projects/my-project/global/images/my-image",
"diskType": "projects/my-project/zones/northamerica-northeast1-a/diskTypes/pd-balanced",
"diskSizeGb": "100"
},
"diskEncryptionKey": {}
}
],
"canIpForward": False,
"networkInterfaces": [
{
"kind": "compute#networkInterface",
"subnetwork": "projects/my-project/regions/northamerica-northeast1/subnetworks/default",
"accessConfigs": [
{
"kind": "compute#accessConfig",
"name": "External NAT",
"type": "ONE_TO_ONE_NAT",
"networkTier": "PREMIUM"
}
],
"aliasIpRanges": []
}
],
"description": "",
"labels": {},
"scheduling": {
"preemptible": False,
"onHostMaintenance": "MIGRATE",
"automaticRestart": True,
"nodeAffinities": []
},
"deletionProtection": False,
"reservationAffinity": {
"consumeReservationType": "ANY_RESERVATION"
},
"serviceAccounts": [
{
"email": "batch-service-accountg@my-project.iam.gserviceaccount.com",
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
],
"shieldedInstanceConfig": {
"enableSecureBoot": False,
"enableVtpm": True,
"enableIntegrityMonitoring": True
},
"confidentialInstanceConfig": {
"enableConfidentialCompute": False
}
}
return compute.instances().insert(
project="my-project",
zone="northamerica-northeast1",
body=config).execute()
解决方案
问题出在区域上。出于某种原因,当它在云上运行时,下面的代码是罪魁祸首。
return compute.instances().insert(
project="my-project",
zone="northamerica-northeast1",
body=config).execute()
“northamerica-northeast1”应该是“northamerica-northeast1-a”
编辑:
我制作了一个新的虚拟机映像并很快遇到了同样的问题,它会在本地工作并在云运行环境中崩溃。让它静置一段时间后,它又开始工作了。这使我得出结论,在云运行调用它之前也存在某种延迟。
推荐阅读
- ffi - Idris 的 c-ffi - 将结构值传递给外部函数
- python - 为什么 csv 写入器会随着 csv 大小的增长而变慢
- c# - 如何替换矩阵特定位置的值?
- python-3.x - 在数据框中查找字符串的计数(由分隔符分隔)?
- r - How to get the percentages of a variable for each subgroups?
- javascript - Save multiple results in the localstorage
- java - Java Rename Problem with normale Files. With i want to rename given name to a new filename
- sql - What databases support logarithmic prefix search?
- c# - 如何将 POST 请求正文中的有效 XML 提交到使用 XML 的 ASP.NET Core Web API?
- r - 如何在 [r] 中缺少值的数据中使用多个关系运算符为新变量赋值?