hadoop集群上的gcloud计算权限不足 [英] gcloud compute on hadoop cluster has insufficient permission
问题描述
我在dev控制台上使用点击式部署机制安装了hadoop集群。我对自定义设置做了一些修改,例如机器种类,机器数量。现在当我登录到master并运行以下命令时:
sudo gcloud compute firewall-规则列表
我得到错误:权限不足
我检查了主节点的权限,我看到了这个:
权限
用户信息 - 禁用,
计算 - 禁用
Storage-完全
任务队列 - 禁用
BigQuery - 禁用
云端SQL禁用
云端数据存储 - 禁用
云端平台 - 禁用
当我启动个人虚拟机时,我可以启用其对这些方面的许可,但是当启动群集时,我无法启用。这是我看到hadoop master的权限错误的原因吗?
如何修复?
更多背景信息:我需要启用防火墙端口,以便使用ip http://:50030 /
您的GCE实例需要通过服务帐户的读取权限才能在项目中通过Cloud SDK(即gcloud compute)列出实例。通常情况下,默认情况下,只授予Google云端存储的读取权限。您可以在此处找到有关在服务帐户中使用Cloud SDK工具的更多信息: https://云。 google.com/compute/docs/authentication#tools
创建后,与实例关联的服务帐户无法修改。这些范围只能在创建时授予。
或者,您可以通过从实例中键入以下命令来验证Cloud SDK,然后按照说明进行操作:(这是使用您的凭据而不是服务帐户)
gcloud身份验证登录 - 无需启动浏览器
无这与修改防火墙规则直接相关。这里有一个全面的使用云SDK的操作防火墙规则的指南:
https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create
I installed hadoop cluster using click-to-deploy mechanism on dev console. I did some modifications to the custom setup e.g. kind of machine, number of machines. Cluster gets deployed.
But now when I log into master and run following command
sudo gcloud compute firewall-rules list
I get error: Insufficient Permission
I checked the permission of the master node and I see this:
Permissions
User info-Disabled, Compute-Disabled Storage-Full Task queue-Disabled BigQuery -Disabled Cloud SQL-Disabled Cloud Datastore-Disabled Cloud Platform-Disabled
When I launch an individual vm I can enable its permission for these aspects, however when I launch a cluster I am not able to. Is this the reason I am seeing the permission error on the hadoop master?
How can it be fixed?
more background: I need to enable the firewall port so that I can see status of job using the ip http://:50030/
Your GCE instance would need read permission via the service account to be able to list instances via the Cloud SDK (i.e. gcloud compute) within your project. Typically instances are only granted read permission to Google Cloud Storage by default. You can find more information about using Cloud SDK tools with service accounts here: https://cloud.google.com/compute/docs/authentication#tools
Once created the service account associated with an instance cannot be modified. These scopes can only be granted at creation time.
Alternatively you can authenticate to the Cloud SDK by typing the following from an instance and then following the instructions: (this is using your credentials as opposed to a service account)
gcloud auth login --no-launch-browser
None of this is directly related to modifying firewall rules. There is a comprehensive guide to manipulating firewall rules using the Cloud SDK here:
https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create
这篇关于hadoop集群上的gcloud计算权限不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
