简体繁体 English

Google Cloud Platform - 使用多个服务帐户

[英]Google Cloud Platform - Use Multiple Service Account

原文 2020-03-31 11:09:24 3 1 google-cloud-platform/ service-accounts/ bq

I am trying to use bq cli to export data using big Query to GCS.我正在尝试使用 bq cli 将使用 big Query 的数据导出到 GCS。 Currently there are two projects and each project is having its own service account.目前有两个项目，每个项目都有自己的服务帐户。 I have authenticated the services account using gcloud auth active-service-account by passing the key json file.我已经通过传递密钥 json 文件使用 gcloud auth active-service-account 对服务帐户进行了身份验证。 While running my jobs i am explicitly setting the project and account using the below commands在运行我的工作时，我使用以下命令明确设置项目和帐户

Within JOB1 JOB1内

gcloud config set account account1 gcloud 配置设置帐户 account1

gcloud config set project project1 gcloud 配置集项目 project1

bq extract --destination_format NEWLINE_DELIMITED_JSON table1 gs://path1 bq 提取 --destination_format NEWLINE_DELIMITED_JSON table1 gs://path1

Within JOB2 JOB2内

gcloud config set account account2 gcloud 配置设置帐户 account2

gcloud config set project project2 gcloud 配置集项目 project2

bq extract --destination_format NEWLINE_DELIMITED_JSON table2 gs://path2 bq 提取 --destination_format NEWLINE_DELIMITED_JSON table2 gs://path2

When both job1 and job2 are running in parallel JOB1 is failing with the error account2 not having access to project1 and similarly in some instances JOB2 is failing with the error account1 is not having access to project2.当job1 和job2 并行运行时，JOB1 失败，错误account2 无法访问project1，同样在某些情况下，JOB2 失败，错误account1 无法访问project2。 We have identified that its happening because when we set the account its changing the default account within the server(and not within the session) and therefore the other job which is running in parallel failing.我们已经确定它正在发生，因为当我们设置帐户时，它会更改服务器内（而不是会话内）的默认帐户，因此并行运行的其他作业失败。 Can you please help on how we can execute bq commands using multiple service accounts in parallel within the same server您能否帮助我们如何在同一服务器内并行使用多个服务帐户执行 bq 命令

1 个解决方案

Let me explain the process before going deeper into the solution.在深入研究解决方案之前，让我解释一下这个过程。 When you perform an operation on BigQuery, most of time it's asynchronous operation.当您在 BigQuery 上执行操作时，大部分时间是异步操作。 The cli let you think it's synchronous but not. cli 让您认为它是同步的，但不是。

The cli perform this cli 执行此操作

Launch the job and get the jobId启动作业并获取 jobId
Loop pull the jobId status regularly定期循环拉取jobId状态
Print the job result at the end (state Done, Error)最后打印作业结果（状态完成，错误）

If you change your credentials, the Loop pull can't be done by the CLI because it's no longer authorize to check this JobId on the project.如果您更改凭据，CLI 将无法执行 Loop pull，因为它不再授权检查项目上的此 JobId。

Now, you have 2 solutions:现在，您有 2 个解决方案：

The job result is important for you in the cli, you can't change the credential.在 cli 中，作业结果对您很重要，您无法更改凭据。 The extract must be sequential提取必须是连续的
The job result is not import, you prefer the parallelism, you can use the --nosynchronous_mode param when you perform your extract作业结果不是导入，您更喜欢并行性，您可以在执行提取时使用--nosynchronous_mode参数

Note: I'm quite sure that if you use multiple users and SUDO commande, you can achieve what you want in sync mode.注意：我很确定如果您使用多个用户和 SUDO 命令，您可以在同步模式下实现您想要的。 However, I'm not linux expert and I can't help on this.但是，我不是 linux 专家，对此我无能为力。