与詹金斯一起使用gcloud [英] use gcloud with Jenkins
问题描述
我一直在尝试编写一个脚本,该脚本会定期轮询Google Cloud Storage.当我正常运行它时,它可以很好地工作,但是如果我将它作为Jenkins的构建步骤包括在内,它将给出一个403 Forbidden
错误.这是因为Jenkins用户没有完成gcloud auth login
流程,需要复制验证码.如何使用Jenkins做到这一点?
I've been trying to write a script that polls Google Cloud Storage periodically. This works fine when I run it normally, but if I include it as a build step in Jenkins, it gives a 403 Forbidden
error. This is because there's no gcloud auth login
process completed for the Jenkins user, which requires a verification code to be copied..how do I do that using Jenkins ?
我尝试了以下步骤: https://cloud.google.com/storage/docs/authentication#service_accounts 并下载了如下所示的JSON密钥:
I tried the steps at: https://cloud.google.com/storage/docs/authentication#service_accounts and downloaded a JSON key that looks like:
{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","client_email":"....@project.googleusercontent.com","client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/....@project.googleusercontent.com","client_id":"....project.googleusercontent.com","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"}}
这真是奇怪,因为所有链接都指向bad request, invalid request
之类的东西.我一定做错了.我运行的命令是:
which is darn strange because all of the links point to stuff like bad request, invalid request
..I must be doing something wrong. The command I ran was:
gcloud auth activate-service-account ...@project.googleusercontent.com --key-file /var/lib/jenkins/....project.googleusercontent.com.json
推荐答案
您最好的选择是使用服务帐户"对GCS服务进行gcloud/gsutil身份验证.主要步骤是按照此处的说明使用生成JSON格式的私钥:
Your best bet is probably to use a "service account" to authenticate gcloud/gsutil with the GCS service. The major steps are to use generate a JSON-formated private key following the instructions here:
https://cloud.google.com/storage/docs/authentication#service_accounts
将该密钥复制到Jenkins用户可以读取的地方,然后以Jenkins用户的身份运行
Copy that key to a place where the Jenkins user can read it, and as the Jenkins user run
gcloud auth activate-service-account ...
(请参阅 https://cloud.google.com/storage/docs/authentication# service_accounts ).请注意,对JSON密钥文件的支持是非常新的,您将需要最新的gcloud版本.
(See https://cloud.google.com/storage/docs/authentication#service_accounts). Note that support for JSON key files is pretty new and you'll need an up-to-date gcloud release.
从那里,您的Jenkins进程应该能够照常访问GCS.
From there your Jenkins process should be able to access GCS as usual.
密钥文件应具有以下格式:
The key file should have the following format:
{
"private_key_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"private_key": "-----BEGIN PRIVATE KEY-----\n ... \n-----END PRIVATE KEY-----\n",
"client_email": "...@developer.gserviceaccount.com",
"client_id": "..."
"type": "service_account"
}
这篇关于与詹金斯一起使用gcloud的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!