1

我正在尝试将 docker 容器映像推送到 Google Container Engine 注册表:

$ sudo gcloud docker push gcr.io/<my_project>/node
The push refers to a repository [gcr.io/<my_project>/node] (len: 1)
24c43271ae0b: Image already exists 
70a0868daa56: Image already exists 
1d86f57ee56d: Image already exists 
a46b473f6491: Image already exists 
a1ac8265769f: Image already exists 
290bb858e1c3: Image already exists 
d6fc4b5b4917: Image already exists 
3842411e5c4c: Image already exists 
7a01cc5f27b1: Image already exists 
dbacfa057b30: Image already exists 
latest: digest: sha256:02be2e66ad2fe022f433e228aa43f32d969433402820035ac8826880dbc325e4 size: 17236
Received unexpected HTTP status: 500 Internal Server Error

我不能让命令更详细。两者都没有:

$ sudo gcloud docker push gcr.io/<my_project>/node --verbosity info

也没有应该工作的这个命令:

$ sudo gcloud docker --log-level=info push gcr.io/sigma-cairn-99810/node
usage: gcloud docker  [EXTRA_ARGS ...] [optional flags]
ERROR: (gcloud.docker) unrecognized arguments: --log-level=info

根据文档(参见EXTRA_ARGS),--log-level=info它是一个有效的 docker 选项:

SYNOPSIS
    gcloud docker [EXTRA_ARGS ...] [--authorize-only, -a]
        [--docker-host DOCKER_HOST]
        [--server SERVER,[SERVER,...], -s SERVER,[SERVER,...]; default="gcr.io,us.gcr.io,eu.gcr.io,asia.gcr.io,b.gcr.io,bucket.gcr.io,appengine.gcr.io"]
        [GLOBAL-FLAG ...]
...    

POSITIONAL ARGUMENTS
     [EXTRA_ARGS ...]
        Arguments to pass to docker.

我正在使用 GCP 在我的container-vm机器实例上安装的默认服务帐户。我还授予它对<my_project>.

更新:

运行sudo gsutil ls -bL gs://artifacts.<my_project>.appspot.com我得到:

gs://artifacts.<my_project>.appspot.com/ :
    Storage class:          STANDARD
    Location constraint:        US
    Versioning enabled:     None
    Logging configuration:      None
    Website configuration:      None
    CORS configuration:         None
    Lifecycle configuration:    None
    ACL:                []
    Default ACL:            []

如果我在使用我的非服务帐户进行身份验证后做同样的事情,我会同时得到ACLDefault ACL

ACL:                
  [
    {
      "entity": "project-owners-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "owners"
      },
      "role": "OWNER"
    },
    {
      "entity": "project-editors-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "editors"
      },
      "role": "OWNER"
    },
    {
      "entity": "project-viewers-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "viewers"
      },
      "role": "READER"
    }
  ]
Default ACL:            
  [
    {
      "entity": "project-owners-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "owners"
      },
      "role": "OWNER"
    },
    {
      "entity": "project-editors-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "editors"
      },
      "role": "OWNER"
    },
    {
      "entity": "project-viewers-262451203973",
      "projectTeam": {
        "projectNumber": "262451203973",
        "team": "viewers"
      },
      "role": "READER"
    }
  ]
4

1 回答 1

1

能不能跑sudo gsutil ls -bL gs://artifacts.<my_project>.appspot.com一下看看能不能访问到GCS的bucket。这将验证 docker 映像的存储权限。

虽然我认为您应该通过添加到所有者来获得许可,但这将验证您是否这样做。

至于那个EXTRA_ARGS,我觉得--log-level="info"只对命令有效docker daemondocker push不承认--log-level="info"

更新

通过再次查看日志,您正在推送一个大部分现有的图像,如“图像已存在”日志条目所示。在第一个新的写入步骤中它失败了。这表明问题似乎可能是您开始使用的实例最初只有只读范围。

你能运行这个命令并分享输出吗? curl -H "Metadata-Flavor:Google" http://metadata/computeMetadata/v1/instance/service-accounts/default/scopes

我们正在寻找范围https://www.googleapis.com/auth/devstorage.read_write

可能发生的情况是该实例最初不是使用此范围创建的,并且由于无法修改实例上的范围,因此它只能保持能够读取。

如果是这种情况,解决方案可能是创建一个新实例。

我们将提交一个错误以确保在这种情况下提供更好的消息传递。

于 2016-02-03T22:24:49.400 回答