堆栈内存溢出
  简体   繁体   English

为什么使用 Cloud Scheduler 和 Cloud Functions 启动 GCP 虚拟机时会出现延迟启动完整性错误?

[英]Why is there a late boot integrity error when starting a GCP VM with Cloud Scheduler and Cloud Functions?

 原文  2021-09-07 06:31:42       python/ google-cloud-platform/ google-compute-engine

问题描述

I have a preemptible VM on Google Cloud Platform that gets started at a certain time every day by a cloud function that is called through cloud scheduler.我在谷歌云平台上有一个可抢占的虚拟机,它每天在特定时间由一个通过云调度程序调用的云函数启动。 Although the VM starts and there is no visible problem, there is an error log each time stating that there is a late boot report of a failed integrity check.尽管 VM 启动并且没有明显的问题,但每次都会有一个错误日志说明存在完整性检查失败的延迟启动报告。 I understand that it is caused by an integrity validation failure.我了解这是由完整性验证失败引起的。 If I manually start the VM, there is no error log.如果我手动启动 VM,则没有错误日志。

What is causing the integrity validation failure and how could I fix it?是什么导致完整性验证失败,我该如何解决? Thank you in advance!先感谢您!

{"@type":"type.googleapis.com/cloud_integrity.IntegrityEvent", "bootCounter":"50", "lateBootReportEvent":{…}}

{
  "insertId": "2",
  "jsonPayload": {
    "@type": "type.googleapis.com/cloud_integrity.IntegrityEvent",
    "lateBootReportEvent": {
      "policyEvaluationPassed": false,
      "actualMeasurements": [XXX],
      "policyMeasurements": [XXX]
    },
    "bootCounter": "50"
  },
  "resource": {
    "type": "gce_instance",
    "labels": {
      "instance_id": "XXX",
      "project_id": "XXX",
      "zone": "XXX"
    }
  },
  "timestamp": "XXX",
  "severity": "ERROR",
  "logName": "projects/XXX/logs/compute.googleapis.com%2Fshielded_vm_integrity",
  "receiveTimestamp": "XXX"
}

1 个解决方案

解决方案1
 0  2022-05-18 17:10:00

I have a similar issue with starting a GCP VM using ansible awx from a container.我在使用容器中的 ansible awx 启动 GCP VM 时遇到了类似的问题。 I recently moved these services from a Debian non-shielded VM to a RHEL shielded.我最近将这些服务从 Debian 非屏蔽 VM 转移到了 RHEL 屏蔽。 Apparently the shielded instances are somehow not liking where the command is coming from or something to that affect.显然,被屏蔽的个体不知何故不喜欢命令来自哪里或有什么影响。

Note that I've tried starting the VM with ansible awx using both the google.cloud collection api's and using the command/shell methods which essentially would be the same as me typing the command on the commandline using the google cloud sdk,which works if I do it manually, but not with ansible.请注意,我尝试使用 google.cloud 集合 api 和使用命令/shell 方法使用 ansible awx 启动 VM,这与我使用 google cloud sdk 在命令行上键入命令基本相同,如果我是手动做的,但不是用ansible做的。

Support directed me to try this [command][1] to update the integrity policy but it still doesn't work.支持指示我尝试使用此 [command][1] 来更新完整性策略,但它仍然不起作用。 I've also tried disabling the shielded VM options.我还尝试禁用受防护的 VM 选项。

https://cloud.google.com/compute/shielded-vm/docs/integrity-monitoring#updating-baseline https://cloud.google.com/compute/shielded-vm/docs/integrity-monitoring#updating-baseline

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google GCP Cloud Functions 到 BigQuery 错误 - Google GCP Cloud Functions to BigQuery Error GCP Cloud Functions to BigQuery - parquet 支持错误 - GCP Cloud Functions to BigQuery - parquet support error GCP 云函数助手 - GCP Cloud Functions helpers 从控制台或 console.cloud.google.com/functions/edit 部署 Python GCP 云函数时出现 INVALID_ARGUMENT 错误 - INVALID_ARGUMENT error when deploying Python GCP Cloud Function from either console or console.cloud.google.com/functions/edit GCP 云函数配置文件 - GCP Cloud Functions config file Discord Bot GCP 云函数 - Discord Bot GCP Cloud Functions GCP 云函数 - 有状态保存 - GCP Cloud Functions - Stateful Saving 用于 Python 输出数据文件的 GCP Cloud Functions - GCP Cloud Functions for python output data file GCP - 使用 python 标准输出的云功能 - GCP - Cloud Functions using python stdout 如何在 GCP 中的云 function 中执行两个功能? - how to execute two functions in a cloud function in GCP?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM