我正在使用Bitbucket管道在计算引擎上的preemptable计算机上运行部署脚本 . 我使用谷歌sdk和服务帐户与所有者角色,但仍然不能ssh到机器 . 这就是我的bitbucket-pipelines.yml的样子:
- echo $GCLOUD_API_KEYFILE | base64 --decode --ignore-garbage > ./gcloud-api-key.json
- gcloud auth activate-service-account --key-file gcloud-api-key.json
- gcloud config set project $GCLOUD_PROJECT
- gcloud compute --project $GCLOUD_PROJECT ssh --zone "us-east1-c" $INSTANCE_NAME --command "./deploy"
我可以看到我能够成功验证:
Activated service account credentials for: [...]
但是我仍然在ssh上失败了
gcloud compute --project "..." ssh --zone "us-east1-c" "..." --command "..."
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is: ...
...
Updating project ssh metadata...
................Updated [https://www.googleapis.com/compute/v1/projects/...].
done.
Waiting for SSH key to propagate.
Warning: Permanently added '...' (RSA) to the list of known hosts.
Permission denied (publickey).
我错过了什么吗?我的理解是,一旦我认证为具有权限的服务帐户执行ssh,gcloud ssh命令假设工作
1 回答
这是一个基本的SSH问题,
请检查此主题[1] .
[1] How to get the ssh keys for a new Google Compute Engine instance?