我正在尝试使用以下命令创建我的第一个Google Cloud Dataproc集群:
gcloud dataproc clusters create hive-cluster \
--scopes sql-admin \
--image-version 1.3 \
--initialization-actions "gs://goog-dataproc-${PROJECT}:${REGION}:hive-metastore" \
--master-machine-type n1-standard-1 \
--master-boot-disk-size 15 \
--num-workers 2 \
--worker-machine-type n1-standard-1 \
--worker-boot-disk-size 15 \
--region us-east1 \
--zone us-east1-b
但是,出现以下错误:
Dataproc could not validate the initialization action using the service-owned service accounts. Cluster creation may still succeed if the initialization action is accessible from GCE VMs.
Reason: service-1456309104734317@dataproc-accounts.iam.gserviceaccount.com does not have storage.objects.get access to goog-dataproc-initialization-actions-us-east1/cloud-sql-proxy/cloud-sql-proxy.sh.
Waiting for cluster creation operation...done.
ERROR: (gcloud.dataproc.clusters.create) Operation [projects/traits-seater-824109/regions/us-east1/operations/5b36fb82-ade2-3d5f-a6bd-cb1a206bb54e] failed: Multiple Errors:
- Error downloading script 'gs://goog-dataproc-initialization-actions-us-east1/cloud-sql-proxy/cloud-sql-proxy.sh': [email protected] does not have storage.objects.get access to goog-dataproc-initialization-actions-us-east1/cloud-sql-proxy/cloud-sql-proxy.sh.
我检查了IAM中的权限,并将存储->对象查看器角色赋予了上面错误消息中提到的服务帐户,但仍然遇到相同的错误。任何建议如何克服这个错误?
scopes。您仅限制群集访问scopes API(sql-admin)。您可能需要添加https://www.googleapis.com/auth/sqlservice.admin范围(或storage-ro):
https://www.googleapis.com/auth/devstorage.read_only
没有gcloud dataproc clusters create hive-cluster \ --scopes sql-admin,storage-ro \ [...]范围,即使存储区storage-ro是公共的,我也认为Dataproc集群将无法从GCS检索文件。
goog-dataproc-initialization-actions-us-east1