堆栈内存溢出
  简体   繁体   English

如何将谷歌云虚拟机链接到实例计划?

[英]How to link a google cloud vm to an instance schedule?

 原文  2021-10-06 18:12:49       google-cloud-platform/ google-compute-engine/ service-accounts/ google-iam/ google-cloud-iam

问题描述

I want to run my google cloud server everyday on specific times.我想每天在特定时间运行我的谷歌云服务器。 I set up an instance schedule for that but when i try to link my vm to the schedule it gives me the following error:我为此设置了一个实例计划,但是当我尝试将我的虚拟机链接到计划时,它会给我以下错误:

Compute Engine System service account service-390738840624@compute-system.iam.gserviceaccount.com needs to have [compute.instances.start] permissions applied in order to perform this operation.

Does anyone know how to solve this?有谁知道如何解决这个问题?

3 个解决方案

解决方案1
 1 已采纳  2021-10-06 23:00:53

The service account service-390738840624@compute-system.iam.gserviceaccount.com does not have a role with the permission compute.instances.start .服务帐户service-390738840624@compute-system.iam.gserviceaccount.com没有具有compute.instances.start权限的角色。

The following IAM roles have the required permission:以下 IAM 角色具有所需的权限:

  • roles/compute.instanceAdmin角色/compute.instanceAdmin
  • roles/compute.instanceAdmin.v1角色/compute.instanceAdmin.v1

The following command will add the first role to the service account:以下命令将第一个角色添加到服务帐户:

Replace $PROJECT_ID with your Project ID (not the project name).将 $PROJECT_ID 替换为您的项目 ID(而不是项目名称)。

gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:service-390738840624@compute-system.iam.gserviceaccount.com \
--role roles/compute.instanceAdmin

Your account for which you are running the command, must have the privilege to grant/modify IAM roles on a service account.您为其运行命令的帐户必须有权授予/修改服务帐户上的 IAM 角色。 If you do not have the correct permissions, you will need to ask the Project Owner or Editor to perform this for you.如果您没有正确的权限,则需要请项目所有者或编辑为您执行此操作。

解决方案2
 1  2022-05-25 07:37:02

The CLI answer works but in case you dont use terminal here are the steps directly on the platform: CLI 答案有效,但如果您不使用终端,这里是直接在平台上执行的步骤:

  1. go to IAM go 至 IAM
  2. on the right side of the screen select "Include Google-provided role grants"在屏幕右侧 select “包括 Google 提供的角色授权”
  3. Find Principal that contain text "compute-system.iam.gserviceaccount.com"查找包含文本“compute-system.iam.gserviceaccount.com”的主体
  4. edit (with little pen on the right)编辑(右边有小笔)
  5. from the popup shown select "+Add another role", select role "Compute Instance Admin" (can show beta or v1 in the brackets)从显示的弹出窗口 select“+添加另一个角色”,select 角色“计算实例管理员”(可以在括号中显示 beta 或 v1)

this fixed my issue这解决了我的问题

解决方案3
 0  2021-10-07 16:41:10

In order to complete the task, GCP is asking you to give the service account “service-390738840624@compute-system.iam.gserviceaccount.com” access to use “compute.instances.start” but the service account doesn't have the right permissions to execute the task.为了完成任务,GCP 要求您授予服务帐户“service-390738840624@compute-system.iam.gserviceaccount.com”访问权限以使用“compute.instances.start” ,但服务帐户没有执行任务的正确权限。

When you set up an instance to run as a service account, you determine the level of access the service account has by the IAM roles that you grant to the service account.当您设置一个实例作为服务账户运行时,您可以通过您授予服务账户的 IAM 角色来确定服务账户的访问级别。 If the service account has no IAM roles, then no API methods can be run by the service account on that instance.如果服务账户没有 IAM 角色,则服务账户无法在该实例上运行任何 API 方法。

To grant, change, and revoke access to a single service account, please refer to this guide .要授予、更改和撤销对单个服务帐户的访问权限,请参阅本指南

Be aware that to manage access to a service account, you need a role that includes the following permissions:请注意,要管理对服务帐户的访问,您需要一个包含以下权限的角色:

  • *iam.serviceAccounts.get *iam.serviceAccounts.get
  • iam.serviceAccounts.list iam.serviceAccounts.list
  • iam.serviceAccounts.getIamPolicy iam.serviceAccounts.getIamPolicy
  • iam.serviceAccounts.setIamPolicy* iam.serviceAccounts.setIamPolicy*

If you want to know which are the permission included in your account, please refer to this guide .如果您想知道您的帐户中包含哪些权限,请参阅本指南

If you don't have the appropriate access to grant permissions, please refer to your system administrator.如果您没有适当的权限来授予权限,请咨询您的系统管理员。

To know more about compute engine roles and permissions, please follow this link .要了解有关计算引擎角色和权限的更多信息,请点击此链接

If you wish to know more about services accounts, please follow this link .如果您想了解有关服务帐户的更多信息,请 点击此链接

To know more about the process of scheduling compute instances with Google Scheduler, please follow this link .要了解有关使用 Google Scheduler 安排计算实例的过程的更多信息,请点击此链接

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将 React 应用程序部署到 Google Cloud Vm 实例? - How to deploy React app to Google Cloud Vm Instance? 如何查看 Google Cloud 上 VM 实例的磁盘使用情况? - How to see disk usage of a VM instance on Google Cloud? 在谷歌云虚拟机实例上打开一个端口 - Open a port on google cloud VM instance 如何更改为双栈子网并更新 VM 实例栈类型 - Google 云 - IPv6 支持 - How to change to dualstack subnet and update a VM Instance stacktype - Google cloud - IPv6 support 无法 SSH 进入我在 Google Cloud 上的 Compute Engine 虚拟机实例 - Unable to SSH into my Compute Engine VM instance on Google Cloud 如何安排在谷歌云上运行的 docker - How to schedule a docker run on google cloud 基于 docker 镜像创建一个 google cloud vm 实例 - creating a google cloud vm instance based on a docker image 为什么我的 Google Cloud TPU VM 实例无法识别 TPU? - Why is the TPU not recognized on my Google Cloud TPU VM instance? 克隆谷歌云虚拟机 - Clone a google cloud VM 如何将数据从 Google Cloud VM 迁移到 Google Kube.netes Engine? - How to migrate data from Google Cloud VM to Google Kubernetes Engine?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM