我构建了 docker 镜像,标记了它并使用以下命令推送它
docker build -t myimage:version1 .
docker tag myimage:version1 gcr.io/my_test_project/myimage:version1
docker push gcr.io/my_test_project/myimage:version1
我一直在遵循以下步骤: https://cloudyr.github.io/googleComputeEngineR/articles/massive-parallel.html
我的my_test。R 文件如下所示:
rm(list=ls())
project <- "my_test_project"
zone <- "us-central1-a"
account_key <-"~/my-secret-key.json"
Sys.setenv(GCE_AUTH_FILE = account_key,
GCE_DEFAULT_PROJECT_ID = project,
GCE_DEFAULT_ZONE = zone)
library("googleComputeEngineR")
library("future")
library("future.apply")
library("parallel")
gce_global_project(project)
gce_global_zone(zone)
my_docker <- gce_tag_container(container_name="myimage:version1")
vm_base_name <- "vm-base-00"
cluster_size = 3
vm_names <- paste0(vm_base_name, seq(1,cluster_size))
vms <- gce_vm_cluster(vm_prefix=vm_base_name,
cluster_size=cluster_size,
docker_image = my_docker,
ssh_args = list(username="test_user",
key.pub="/home/test_user/.ssh/google_compute_engine.pub",
key.private="/home/test_user/.ssh/google_compute_engine"),
predefined_type = "n1-highmem-2")
plan(strategy="cluster", workers = as.cluster(vms, docker_image=my_docker))
gce_vm_stop(vms)
gce_vm_delete(vms)
我收到以下错误:
Unable to find image 'gcr.io/my_test_project/myimage:version1' locally
/usr/bin/docker: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication.
See '/usr/bin/docker run --help'.
我确实调试了代码: 该行plan(strategy="cluster", workers = as.cluster(vms, docker_image=my_docker))触发错误。
笔记:
- 我可以在本地运行 docker 映像而不会出现任何问题
docker images命令包含我正在尝试处理的图像列表。- 我的容器可见性在 https://console.cloud.google.com/gcr/settings 上是私有的,我打算保持这种状态。(我可以在公开代码时运行代码 - 我仍然收到"无法在本地找到图像警告",但它从 gcloud 中提取图像(
附加说明:命令gsutil iam get gs://artifacts.my_test_project.appspot.com/给出以下内容
{
"bindings": [
{
"members": [
"user:test_user@example.com"
],
"role": "roles/storage.legacyBucketOwner"
},
{
"members": [
"user:test_user@example.com"
],
"role": "roles/storage.legacyBucketReader"
},
{
"members": [
"user:test_user@example.com"
],
"role": "roles/storage.legacyObjectReader"
},
{
"members": [
"user:test_user@example.com"
],
"role": "roles/storage.objectViewer"
}
],
"etag": "CBQ="
}
用于对来自 GCE 实例的 API 调用进行身份验证的服务帐号似乎没有访问容器注册表的适当权限。我会说这是由您设置为环境变量的my-secret-key.json表示的服务帐户。
你可能希望向该服务帐户添加适当的权限,特别是roles/storage.objectViewer角色(有关更多详细信息,请参阅此处的文档(,以便它可以拉取映像。
问题是创建的虚拟机集群实例中没有 .docker/config.json 文件。因此,虚拟机无法拉取 docker 映像,从而导致错误。 解决此问题的一种方法是通过 SSH 连接到 VM 并运行docker-credential-gcr configure-docker命令。这将成功生成.docker/config.json文件夹/文件,允许 VM 拉取映像。