Ошибка gcloud: проблемы с сетевым подключением могут быть связаны с настройками прокси или брандмауэра

Я хочу открыть сеанс ssh для своих экземпляров виртуальной машины GCP с помощью gcloud, но у меня, похоже, проблемы из-за моего http-прокси-сервера.
После установки google-cloud-sdk в Ubuntu я запустил gcloud into --run-diagnostics который не удалось с сообщением об ошибке

Checking network connection...done.
ERROR: Reachability Check failed.
    Cannot reach https://www.google.com (SSLHandshakeError)
    Cannot reach https://accounts.google.com (SSLHandshakeError)
    Cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json (SSLHandshakeError)
Network connection problems may be due to proxy or firewall settings.

Я вижу, что у некоторых людей были похожие проблемы, и в качестве обходного пути для размещения своего внутреннего ЦС в файле cacerts.txt, предположительно находящемся в `` `/ usr / lib / google-cloud-sdk / lib / third_party / httplib2 / python3 / httplib2` `

http_proxy установлен на мой прокси-сервер

>echo $http_proxy
http://proxy.server.domain.com:8080

Когда я запускаю эту команду gcloud info --run-diagnostics --verbosity=debug --log-http Я получаю ошибку

"error": {
    "code": 401,
    "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }

Моя Ubuntu 18.04 работает в подсистеме Linux для Windows 10.

Вот полная информация о сессии:

>gcloud info --run-diagnostics --verbosity=debug --log-http
DEBUG: Running [gcloud.info] with arguments: [--log-http: "true", --run-diagnostics: "True", --verbosity: "debug"]
Network diagnostic detects and fixes local network connection issues.
Checking network connection...=======================
==== request start ====
uri: https://www.google.com
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/eb1baa5e0f47440c8dc896aea08d15ff environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==

== body end ==
==== request end ====
=======================
==== request start ====
uri: https://accounts.google.com
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/cd0d8a31ff1846bfa8d5c9c38234b59c environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==

== body end ==
==== request end ====
Checking network connection...⠛=======================
==== request start ====
uri: https://cloudresourcemanager.googleapis.com/v1beta1/projects
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/64ab6960448d463cafdc317978f418cc environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==

== body end ==
==== request end ====
Checking network connection...⠶---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private
content-length: 304
content-type: application/json; charset=UTF-8
date: Thu, 18 Apr 2019 00:12:09 GMT
server: ESF
server-timing: gfet4t7; dur=620
status: 401
transfer-encoding: chunked
vary: Origin, X-Origin, Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
{
  "error": {
    "code": 401,
    "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}

-- body end --
total round trip time (request+response): 0.733 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://www.googleapis.com/auth/cloud-platform
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/50be4ffdf73848c5a6a922809c6dd1cf environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==

== body end ==
==== request end ====
Checking network connection...⠧---- response start ----
-- headers start --
-content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=0
content-length: 14
content-location: https://www.googleapis.com/auth/cloud-platform
content-type: text/plain
date: Thu, 18 Apr 2019 00:12:09 GMT
expires: Thu, 18 Apr 2019 00:12:09 GMT
server: GSE
status: 200
transfer-encoding: chunked
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
-- headers end --
-- body start --
cloud-platform
-- body end --
total round trip time (request+response): 0.119 secs
---- response end ----
----------------------
=======================
==== request start ====
uri: https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json
method: GET
== headers start ==
user-agent: gcloud/242.0.0 command/gcloud.info invocation-id/889d0c5e54df432eaa86e2f0641f2533 environment/None environment-version/None interactive/True from-script/False python/2.7.15rc1 term/xterm-256color (Linux 4.4.0-17134-Microsoft)
== headers end ==
== body start ==

== body end ==
==== request end ====
Checking network connection...done.
ERROR: Reachability Check failed.
    Cannot reach https://www.google.com (SSLHandshakeError)
    Cannot reach https://accounts.google.com (SSLHandshakeError)
    Cannot reach https://dl.google.com/dl/cloudsdk/channels/rapid/components-2.json (SSLHandshakeError)
Network connection problems may be due to proxy or firewall settings.

Current effective Cloud SDK network proxy settings:
    type = http
    host = proxy.server.domain.com
    port = 8080
    username = None
    password = None

What would you like to do?
 [1] Change Cloud SDK network proxy properties
 [2] Clear all gcloud proxy properties
 [3] Exit
Please enter your numeric choice:  3

ERROR: Network diagnostic failed (0/1 checks passed).

Property diagnostic detects issues that may be caused by properties.
Checking hidden properties...done.
Hidden Property Check passed.
Property diagnostic passed (1/1 checks passed).

INFO: Explicit Display.
DEBUG: SDK update checks are disabled.

Обновление: после запуска gcloud config set auth/disable_ssl_validation True Возможно, я смогу обойти эту проблему. Но тогда я получаю эту ошибку:

DEBUG: Running [gcloud.info] with arguments: [--run-diagnostics: "True", --verbosity: "debug"]
Network diagnostic detects and fixes local network connection issues.
Checking network connection...
.........done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).

Property diagnostic detects issues that may be caused by properties.
Checking hidden properties...
done.
ERROR: Hidden Property Check failed.
The following hidden properties have been set:
    [auth/disable_ssl_validation]
Properties files
    User: /home/<USER>/.config/gcloud/configurations/config_default
    Installation: /usr/lib/google-cloud-sdk/properties

ERROR: Property diagnostic failed (0/1 checks passed).

INFO: Explicit Display.
DEBUG: SDK update checks are disabled.
Источник

1 ответ

При использовании прокси-сервера необходимо установить собственный сертификат, поскольку конфигурация по умолчанию приведет к упомянутой проблеме.

Обходной путь уже был опубликован в случае PIT 35907316 с помощью следующей команды:

Конфигурация gcloud устанавливает custom_ca_certs_file/etc/ssl/certs/ca-certificates.crt

Источник
Другие вопросы по тегам