1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

お題は不問!Qiita Engineer Festa 2024で記事投稿!
Qiita Engineer Festa20242024年7月17日まで開催中!

gcloudのインストールとサービスアカウントキーでの認証まで

Posted at

centos7で、gcloudのインストールからサービスアカウントキーを使用しての認証を行い、gcloudやgsutilコマンドを使えるようにするところまでの手順

前提

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# python3 -V
Python 3.8.13

gcloudのインストールにはpython3.8以降が必要になります
3.6だと以下のようなエラーが出ます

/root/google-cloud-sdk/install.sh
Welcome to the Google Cloud CLI!
WARNING: You appear to be running this script as root. This may cause 
the installation to be inaccessible to users other than the root user.
WARNING:  Python 3.6.x is no longer officially supported by the Google Cloud CLI
and may not function correctly. Please use Python version 3.8 and up.

If you have a compatible Python interpreter installed, you can use it by setting
the CLOUDSDK_PYTHON environment variable to point to it.

サービスアカウントキーの作成方法はこちら参照
https://cloud.google.com/iam/docs/creating-managing-service-account-keys?hl=ja#creating
作成できると以下のような形式の鍵ファイル()がダウンロードできるので、これを後の認証で使います。

{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "KEY_ID",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "CLIENT_ID",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}
  • key file : {PROJECT_ID}-*.json
  • mail : {ACCOUNT_NAME}@{PROJECT_ID}.iam.gserviceaccount.com

インストール

# curl https://sdk.cloud.google.com | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   443  100   443    0     0    236      0  0:00:01  0:00:01 --:--:--   236
Downloading Google Cloud SDK install script: https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash
######################################################################## 100.0%
Running install script from: /tmp/tmp.f0wbCVGAZg/install_google_cloud_sdk.bash
which curl
curl -# -f https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz
######################################################################## 100.0%

Installation directory (this will create a google-cloud-sdk subdirectory) (/root): 
mkdir -p /root
tar -C /root -zxvf /tmp/tmp.ogt7Y7LMef/google-cloud-sdk.tar.gz
google-cloud-sdk/.install/.download/
google-cloud-sdk/.install/core.manifest
google-cloud-sdk/.install/core.snapshot.json

略...

Performing post processing steps...done.                                                                                                   

Update done!


Modify profile to update your $PATH and enable shell command completion?

Do you want to continue (Y/n)?  y

The Google Cloud SDK installer will now prompt you to update an rc file to bring the Google Cloud CLIs into your environment.

Enter a path to an rc file to update, or leave blank to use [/root/.bashrc]:  
Backing up [/root/.bashrc] to [/root/.bashrc.backup].
[/root/.bashrc] has been updated.

==> Start a new shell for the changes to take effect.


For more information on how to get started, please visit:
  https://cloud.google.com/sdk/docs/quickstarts

# source ~/.bashrc
# gcloud -v
Google Cloud SDK 483.0.0
bq 2.1.6
bundled-python3-unix 3.11.8
core 2024.06.28
gcloud-crc32c 1.0.0
gsutil 5.30

インストールすると~/.bashrcファイルに以下のような設定が追記されます

# The next line updates PATH for the Google Cloud SDK.
if [ -f '/root/google-cloud-sdk/path.bash.inc' ]; then . '/root/google-cloud-sdk/path.bash.inc'; fi

# The next line enables shell command completion for gcloud.
if [ -f '/root/google-cloud-sdk/completion.bash.inc' ]; then . '/root/google-cloud-sdk/completion.bash.inc'; fi

これをインストール後にsource ~/.bashrcで読み込んで反映させています。

サービスアカウントでの認証

任意のディレクトリに作成したキーファイルを配置している前提(/path/to/key/{PROJECT_ID}-*.json

# gcloud auth login --cred-file=/path/to/key/{PROJECT_ID}-*.json --project={PROJECT_ID}
Authenticated with service account credentials for: [{ACCOUNT_NAME}@{PROJECT_ID}.iam.gserviceaccount.com].
Your current project is [{PROJECT_ID}].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
# gcloud config list
[core]
account = {ACCOUNT_NAME}@{PROJECT_ID}.iam.gserviceaccount.com
disable_usage_reporting = False
project = {PROJECT_ID}

Your active configuration is: [default]

これでgcloud compute instances listgsutil lsなどが使えるようになっているはずです.

ref : https://cloud.google.com/sdk/docs/authorizing?hl=ja#key

1
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?