我想使用 gcloud 打开与 GCP VM 实例的 ssh 会话,但由于我的 http 代理服务器,我似乎遇到了问题。
在 Ubuntu 中安装 google-cloud-sdk 后,我运行
gcloud into --run-diagnostics
失败并显示错误消息
Checking network connection...done.
ERROR: Reachability Check failed.
Cannot reach https://www.google.com (SSLHandshakeError)
Cannot reach https://accounts.google.com (SSLHandshakeError)
Cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json (SSLHandshakeError)
Network connection problems may be due to proxy or firewall settings.
我看到有些人也有类似的情况问题解决方法是将其内部 CA 放在 cacerts.txt 文件中,该文件可能位于“/usr/lib/google-cloud-sdk/lib/third_party/httplib2/python3/httplib2”中
http_proxy 设置为我的代理服务器
>echo $http_proxy
http://proxy.server.domain.com:8080
当我运行此命令时gcloud info --run-diagnostics --verbosity=debug --log-http
出现错误
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
我的 Ubuntu 18.04 在适用于 Windows 10 的 Linux 子系统中运行。
以下是完整的会话信息:
>gcloud info --run-diagnostics --verbosity=debug --log-http
DEBUG: Running [gcloud.info] with arguments: [--log-http: "true", --run-diagnostics: "True", --verbosity: "debug"]
Network diagnostic detects and fixes local network connection issues.
Checking network connection...=======================
==== request start ====
uri: https://www.google.com
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/eb1baa5e0f47440c8dc896aea08d15ff environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==
== body end ==
==== request end ====
=======================
==== request start ====
uri: https://accounts.google.com
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/cd0d8a31ff1846bfa8d5c9c38234b59c environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==
== body end ==
==== request end ====
Checking network connection...⠛=======================
==== request start ====
uri: https://cloudresourcemanager.googleapis.com/v1beta1/projects
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/64ab6960448d463cafdc317978f418cc environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==
== body end ==
==== request end ====
Checking network connection...⠶---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private
content-length: 304
content-type: application/json; charset=UTF-8
date: Thu, 18 Apr 2019 00:12:09 GMT
server: ESF
server-timing: gfet4t7; dur=620
status: 401
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
-- body end --
total round trip time (request+response): 0.733 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://www.googleapis.com/auth/cloud-platform
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/50be4ffdf73848c5a6a922809c6dd1cf environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==
== body end ==
==== request end ====
Checking network connection...⠧---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=0
content-length: 14
content-location: https://www.googleapis.com/auth/cloud-platform
content-type: text/plain
date: Thu, 18 Apr 2019 00:12:09 GMT
expires: Thu, 18 Apr 2019 00:12:09 GMT
server: GSE
status: 200
transfer-encoding: chunked
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
cloud-platform
-- body end --
total round trip time (request+response): 0.119 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/889d0c5e54df432eaa86e2f0641f2533 environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==
== body end ==
==== request end ====
Checking network connection...done.
ERROR: Reachability Check failed.
Cannot reach https://www.google.com (SSLHandshakeError)
Cannot reach https://accounts.google.com (SSLHandshakeError)
Cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json (SSLHandshakeError)
Network connection problems may be due to proxy or firewall settings.
Current effective Cloud SDK network proxy settings:
type = http
host = proxy.server.domain.com
port = 8080
username = None
password = None
What would you like to do?
[1] Change Cloud SDK network proxy properties
[2] Clear all gcloud proxy properties
[3] Exit
Please enter your numeric choice: 3
ERROR: Network diagnostic failed (0/1 checks passed).
Property diagnostic detects issues that may be caused by properties.
Checking hidden properties...done.
Hidden Property Check passed.
Property diagnostic passed (1/1 checks passed).
INFO: Explicit Display.
DEBUG: SDK update checks are disabled.
更新:运行后
gcloud config set auth/disable_ssl_validation True
我可能能够解决这个问题。但随后我收到此错误:
DEBUG: Running [gcloud.info] with arguments: [--run-diagnostics: "True", --verbosity: "debug"]
Network diagnostic detects and fixes local network connection issues.
Checking network connection...
.........done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Property diagnostic detects issues that may be caused by properties.
Checking hidden properties...
done.
ERROR: Hidden Property Check failed.
The following hidden properties have been set:
[auth/disable_ssl_validation]
Properties files
User: /home/<USER>/.config/gcloud/configurations/config_default
Installation: /usr/lib/google-cloud-sdk/properties
ERROR: Property diagnostic failed (0/1 checks passed).
INFO: Explicit Display.
DEBUG: SDK update checks are disabled.
答案1
如果使用代理,则需要设置自定义证书,因为默认配置将导致提到的问题。
解决方法已经发布在PIT 案例 35907316使用以下命令:
gcloud config 设置 custom_ca_certs_file /etc/ssl/certs/ca-certificates.crt