Mic*_*ett 6 permissions ansible google-cloud-platform
我正在关注使用 Ansible http://docs.ansible.com/ansible/guide_gce.html创建实例的文档
但是,当我运行它时,我得到:
Required 'compute.zones.list' permission for 'projects/quick-line-137923'
我不知道我打算在哪里为服务帐户配置这些权限,因为文档似乎建议您只能在已创建的实例上为服务帐户配置权限:“您只能在以下情况下设置范围您创建一个新实例”
当我尝试为此服务帐户(管理员)授予 IAM 权限时,它不在列表中,当我在“服务帐户”中选择服务帐户时,我被要求为域范围的权限添加成员,无处分配对此服务帐户的compute.zones.list 权限
有什么帮助吗?
我的剧本看起来像这样:
- name: "Create instance(s)"
hosts: localhost
gather_facts: no
connection: local
vars:
machine_type: n1-standard-1 # default
image: ubuntu-1404-lts
service_account_email: admin-531@quick-line-137923.iam.gserviceaccount.com
credentials_file: /Users/Mike/Downloads/project.json
project_id: quick-line-137923
tasks:
- name: "Launch instances"
gce:
instance_names: dev
machine_type: "{{ machine_type }}"
image: "{{ image }}"
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
tags: webserver
register: gce
- name: "Wait for SSH to come up"
wait_for: host={{ item.public_ip }} port=22 delay=10 timeout=60
with_items: gce.instance_data
- name: "Add host to groupname"
add_host: hostname={{ item.public_ip }} groupname=new_instances
with_items: gce.instance_data
- name: "Manage new instances"
vars_files:
- "vars/webserver.yml"
hosts: new_instances
connection: ssh
sudo: True
roles:
- geerlingguy.apache
- geerlingguy.php
- geerlingguy.drush
- geerlingguy.mysql
将计算实例管理员和服务帐户参与者角色添加到服务帐户。
您还必须激活服务帐户。gcloud可以使用该工具:https: //cloud.google.com/sdk/gcloud/reference/auth/activate-service-account。
| 归档时间: |
|
| 查看次数: |
1266 次 |
| 最近记录: |