问题
I created a new compute engine instance from the bitnami-jenkins image to auto-deploy my app-engine application. I used the following command to do so:
gcloud compute instances create deployer
--project myapp --image-project bitnami-launchpad
--image bitnami-jenkins-1-638-1-linux-debian-7-x86-64
--zone us-central1-a --machine-type g1-small
--metadata "bitnami-base-password=mypassword,bitnami-default-user=user,bitnami-key=jenkins,bitnami-name=Jenkins,bitnami-url=//bitnami.com/stack/jenkins,bitnami-description=Jenkins,startup-script-url=https://dl.google.com/dl/jenkins/p2dsetup/setup-script.sh"
--scopes "https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/devstorage.full_control,https://www.googleapis.com/auth/projecthosting,https://www.googleapis.com/auth/appengine.admin"
--tags "jenkins"
Once the machine was created, I created a job to deploy the code as described here:
https://cloud.google.com/tools/cloud-repositories/docs/push-to-deploy
However, my job fails with the following error:
ERROR: Error Response: [403] Request had insufficient authentication scopes.
ERROR: (gcloud.preview.app.deploy) Could not retrieve the default Google Cloud Storage bucket for [myapp]. Please try again or use the [bucket] argument.
Has anybody else encountered this? I had another jenkins machine with an older version of gcloud on it. It never threw any errors related to a cloud-storage bucket. So I have a hunch that it is related to newer versions of gcloud.
Please help. Thanks.
Edit: Here is the output of the gcloud command with --verbosity debug.
gcloud output
回答1:
When I attempt to reproduce this using the latest version of the Cloud SDK (0.9.88), I get the following error message:
ERROR: (gcloud.preview.app.deploy) Required scopes ['https://www.googleapis.com/auth/cloud-platform'] missing from ['https://www.googleapis.com/auth/appengine.admin', 'https://www.googleapis.com/auth/devstorage.full_control', 'https://www.googleapis.com/auth/projecthosting', 'https://www.googleapis.com/auth/userinfo.email']. This VM instance probably needs to be recreated with the missing scopes.
The solution is to re-create the VM, as before, but add the scope https://www.googleapis.com/auth/cloud-platform to the list provided in the --scopes flag.
I'll make sure the documentation gets fixed to reflect this. EDIT: the documenation is now fixed.
回答2:
This answer is misleading; it misidentifies the real issue. I'm leaving it here for posterity.
This looks like a hiccup in the interaction between Google Compute Engine Service accounts and Google Cloud Storage buckets.
To work around, please create a Cloud Storage bucket that the service account on the Jenkins VM can read from/write to, or change the permissions on the Cloud Storage bucket staging.<appname>.appspot.com. The easiest place to do that will be the Google Developer's Console, if you're not familiar with gsutil (the command line tool to perform this operation).
So I have a hunch that it is related to newer versions of gcloud.
Yes, it is. New versions of gcloud use a different deployment mechanism (which will be faster).
来源:https://stackoverflow.com/questions/33866201/jenkins-push-to-deploy-setup-for-app-engine-fails