i trying download image google container registry in coreos machine running in other server (not gce).
i configured new service account:
core@xxxx ~ $ docker run -t -i -v $(pwd)/keys:/tmp/keys --name gcloud-config ernestoalejo/google-cloud-sdk-with-docker gcloud auth activate-service-account xxxxxxx@developer.gserviceaccount.com --key-file /tmp/keys/key.p12 --project xxxx activated service account credentials for: [xxxxxxx@developer.gserviceaccount.com] the account active, when try download container image returns forbidden http status.
core@xxxx ~ $ /usr/bin/docker run --volumes-from gcloud-config --rm -v /var/run/docker.sock:/var/run/docker.sock ernestoalejo/google-cloud-sdk-with-docker sh -c "gcloud preview docker pull gcr.io/xxxxx/influxdb" pulling repository gcr.io/xxxxx/influxdb time="2015-05-08t06:38:55z" level="fatal" msg="http code: 403" error: (gcloud.preview.docker) docker command did not run successfully. tried run: 'docker pull gcr.io/xxxxx/influxdb' exit code: 1 there 1 account in server , correctly configured:
core@xxxx ~ $ /usr/bin/docker run --volumes-from gcloud-config --rm -v /var/run/docker.sock:/var/run/docker.sock ernestoalejo/google-cloud-sdk-with-docker sh -c "gcloud auth list" set active account, run: $ gcloud config set account ``account'' credentialed accounts: - xxxxxxxxxxxxx@developer.gserviceaccount.com (active) how can authorize external machine download images registry?
note: image ernestoalejo/google-cloud-sdk-with-docker same google/cloud-sdk this issue fixed.
update: have tried solution of this answer, makes no difference.
project_id=xxxxxx robot=xxxxxx@developer.gserviceaccount.com gsutil acl ch -u $robot:r gs://artifacts.$project_id.appspot.com gsutil -m acl ch -r -u $robot:r gs://artifacts.$project_id.appspot.com gsutil defacl ch -u $robot:r gs://artifacts.$project_id.appspot.com
it seems new frankfurt region of digital ocean can't access google container registry @ all. returns 403 forbidden. used server in london started working.
Comments
Post a Comment